Rider to Receive 2018.2 Version

The new release includes Docker support for the debugger, built-in spelling checker and many other new stuff
24 August 2018   757

The JetBrains team has updated its cross-platform environment for .NET development Rider to version 2018.2. The new release includes Docker support for the debugger, built-in spelling checker, code coverage by unit tests and the ability to work with the MacBook Touch Bar.

What's new in Rider 2018.2

  • The debugger now supports Docker, improved display of the call stack, and breakpoints for each thread in the case of multi-threaded code.
  • Two new launch configurations have been implemented: Publish to IIS and Publish to custom server - to deploy the Web application created in ASP.NET Core on a local or remote server.
  • Improved code autocompletion with the help of a statistic-based algorithm. In addition, Rider pays attention to how often the user uses its hints, and, depending on the feedback, makes corrections.
  • In the IDE settings, the ability to create templates has been added, as well as editing and managing them through Editor | Live Templates and Editor | File Templates.
  • Redesigned the solution browser: a new toolbar with icons for displaying all files, synchronizing the browser and the editor, and several new navigation buttons.
  • Updated macOS-version: added support for MacBook Touch Bar, new icons and a dark theme for window titles.
  • Integration with Unity: support for .asmdef and csc.rsp files, Unity Reload Assembles disable in Play mode, fixing this == null invalid warning, and improved support for remote debugging.
  • Together with the integration with dotCover, the environment received code coverage with unit-tests and support for continuous testing (only for the Windows version).
  • ReSpeller support added. 
  • There are new opportunities for front-end development: support for TypeScript versions 2.9 and 3.0, improved integration with React, Angular and Vue.js.
  • The Reference option is added to the content of the context menu of C # Interactive, and support for F # and NuGet is also updated.
  • A full list of changes is available on the What's New page in the blog dedicated to the IDE Rider.

In August 2018, a new version of the whole family of tools for. NET-development - ReSharper Ultimate 2018.2. It includes an update to ReSharper, which has been supported by C # 7.3, built-in spell checker and several new navigation features.

Ledger to Discover HSM Vulnerability

HSM is an external device designed to store public and private keys used to generate digital signatures and to encrypt data, used by banks, exchanges, etc
10 June 2019   1258

A group of researchers from Ledger identified several vulnerabilities in the Hardware Security Module (HSM) devices, which can be used to extract keys or perform a remote attack to replace the firmware of an HSM device. The problem report is currently available only in French, the English-language report is scheduled to be published in August during the Blackhat USA 2019 conference. HSM is a specialized external device designed to store public and private keys used to generate digital signatures and to encrypt data.

HSM allows you to significantly increase protection, as it completely isolates keys from the system and applications, only by providing an API to perform basic cryptographic primitives implemented on the device side. Typically, HSM is used in areas where you need to provide the highest protection, for example, in banks, cryptocurrency exchanges, certification centers for checking and generating certificates and digital signatures.

The proposed attack methods allow an unauthenticated user to gain complete control over the contents of the HSM, including extracting all the cryptographic keys and administrative credentials stored on the device. The problems are caused by a buffer overflow in the internal PKCS # 11 command handler and an error in the implementation of the cryptographic protection of the firmware, which bypasses the firmware check using the PKCS # 1v1.5 digital signature and initiates loading the own firmware in the HSM.

The name of the manufacturer, the HSM devices of which have vulnerabilities, has not yet been disclosed, but it is argued that the problem devices are used by some large banks and cloud service providers. At the same time it is reported that information about the problems was previously sent to the manufacturer and it has already eliminated vulnerabilities in the fresh firmware update. Independent researchers suggest that the problem may be in the devices of the company Gemalto, which in May released an update to Sentinel LDK with the elimination of vulnerabilities, access to information about which is still closed.