All posts by admin

Science

When the Chinese mythology Shan Hai Jing 《山海經》meets aliens.

Preface: In ancient China, there was not only ancient times. Before ancient times, there was a ancient era that we could difficult to explore. With regard to the myth book of China, because of the many legends and myths left. It let me tirelessly exploring.

Background of the Shan Hai Jing:

Shan Hai Jing《山海經》, Chinese pre-Qin (先秦 221 BC) ancient books. A book with an unbelievable ancient historical details. So the Chinese people general opinion categorized that it is a myth book. The are different kinds of strange monsters with total seventy five recorded in “Shan Hai Jing” .

The pictures in Shan Hai Jing are strange. If you read the book, you will found that all the animals looks different compaing with our modern world. For instance a chicken have three legs and double heads. Even though a character looks like a human being but without head. As far as I remember a TV program interview with a professor (Asia country). When the journalist mentions the Shan Hai Jing. Professor reply with simple. It is not true.

Creation of mankind

With different of civilizations in our earth. However, the definition of human creation have similar of ideas. It is create by god? Do you have doubt? Whether it is create by bio-technology (DNA genes)?

In modified form, Darwin’s scientific discovery is the unifying theory of the life sciences, explaining the diversity of life. The mankind evolution discovered by darwin, it coincidence proof the relationship of Shan Hai Jing between mankind.

Reproductive cloning is expensive and highly inefficient. More than 90% of cloning attempts fail to produce viable offspring. So our evolution of civilization is a long run. Even though another planet advanced technology do not have exception. Till long long ago, the reproductive cloning was started. But who can do, I believed that it is a advance technology from other planet. So we find special animals in myth books especially Shan Hai Jing《山海經》, this is the way I speculate that the intention of ancient Chinese people written down their live experiences.

Shan Hai Jing 《山海經》 has pictures, the text described according to the content of the picture. However, ancient pictures have been lost. The earliest pictures of Shan Hai Jing came from the Ming Dynasty. And it is a draft version not the original. Perhaps people concerns about the integrity of data (genuine)! For more details, please refer following link: https://en.wikipedia.org/wiki/Classic_of_Mountains_and_Seas

But when we compare Shan Hai Jing 《山海經》 pictures with the civilization of Babylon. Their ancient history also described monster type human and how god create man kind. The monster similar Shan Hai Jing 《山海經》 pictures ideas. The monster looks like mixed with bird, fish and wild animal (see below).

Remark: In biology, cloning is the process of producing similar populations of genetically identical individuals that occurs in nature when organisms such as bacteria, insects or plants reproduce asexually. Following the definition of Darwin evolution theory (see below):

With reference of Babylon ancient history by archeologist. Babylon was the largest city in the world c. 1770 – c. 1670 BC, and again c. 612 – c. 320 BC). The historical record of Shan Hai Jing was founded in Chinese pre-Qin (先秦 221 BC) discovered by archeologist. So I predict that the picture of record by Shan Hai Jing recorded the seen of the witness before 221 BC. From technical point of view, it match with Babylon ancient civilization. Ancient traveler from China to Babylon can go through Silk Road.

Regarding to the findings by archeologist, they believe that Shan Hai Jing 《山海經》written by Bashu巴蜀 people. Meanwhile, they share the experience through oral communications. The cultural relics shown that Bashu巴蜀 has advanced civilization. For instance Sanxingdui Ruins (三星堆遗址). Although the ancient Shu (古蜀) civilization and the two river civilizations (Euphrates River幼發拉底河, Tigris River底格里斯河) are far apart in absolute age and geographical location, there are many cultural connections and similarities between the two. Perhaps the civilization of ancient Shu State (古蜀國) has relationship with Mesopotamia.

Summary: We are living in modern world, perhaps nobody going to find out the secret of old ancient book. However it is hard to believe that clone a human or create a mankind do not requires bio-chemical technology. Above description mention that reproductive cloning is expensive and highly inefficient. More than 90% of cloning attempts fail to produce viable offspring. So our evolution of civilization is a long run. Even though another planet advanced technology do not have exception. So the advanced intelligent creature may try and error. Our mainstream of thinking that a human only have one head. Birds has one pair of wings. But before creation of everything, human do not have such thinking. So it requires to conduct Test. And therefore the strange animals and ugly monster was born in this period of time. Dinosaur has large scale of body and not suitable living in the earth. So you can say the nature do not allow they live on earth. But why some ancient civilization disappeared? For instance Chichen Itza (Maya) and Mohenjo Daro Ancient City. After this dicussion, do you interest to read Shan Hai Jing 《山海經》?

Reference A: The Yangtze(長江) River Delta, the two lakes, and the Sichuan-Yunnan region (川滇地區),which originated in the Yangtze River, are the general term for these regional civilizations. They were formed in 2000 BC, respectively, by Lingjiatan Culture 凌家灘文化- – Liangzhu Culture 良渚文化, Daxi Culture大溪文化 – Qujialing Culture屈家嶺文化 – Shijiahe Culture石家河文化, Baodun Culture 寶墩文化 – Sanxingdui Culture. After the decline of early civilization, the culture of the late Yangtze River developed Wucheng culture吳城文化, Bashu巴蜀, Jingchu荊楚, Xuguo徐國 and Wuyue吳越.

Reference B: In biology, cloning is the process of producing similar populations of genetically identical individuals that occurs in nature when organisms such as bacteria, insects or plants reproduce asexually.

Potential Risk of CVE

CVE-2019-0188 Apache Camel XML External Entity Injection Vulnerability – May 2019

Preface: The computing market trending on open source development and thus its growth rapidly. Believe it or not, see how many Apache server running now.

Apache Camel background: You can use MQ (message queues) to enable applications to communicate at different times and in many diverse computing environments. This is the famous vendor proprietary toys in past decade. Until opensource born in the world especially Apache Camel. It pay the role to doing similar functions, perhaps the capability of function still under development. But it is on the way and it is free.

Vulnerability details: A vulnerability in the camel-xmljson component of Apache Camel could allow an unauthenticated, remote attacker to conduct an XML external entity injection (XXE) attack on a targeted system. It was because the affected software uses an outdated vulnerable JSON-lib library.

Remedy: Vendor released software updates at the following link – https://camel.apache.org/download.html

Potential Risk of CVE

Previous vulnerabilities, today’s emergency alert – 1st June 2019

Preface: If the victim of cybersecurity is a defensive device? What you can do?

Background: Leading players in the Global It Asset Management (Itam) Software Market Research Report are: HP, Cherwell Software, Oracle & Dell KACE .

Vulnerability details: The Dell Kace K1000 Appliance contains multiple vulnerabilities, including a blind SQL injection vulnerability and a stored cross site scripting vulnerability.

Comment: As usual, vendor did not provide the vulnerability details. For SQL injection vulnerability. Seems has similarity of the previous vulnerability, see below:

Failure to properly filter the “macAddress” parameter values of the getUploadPath and getKBot SOAP methods can result in the injection of arbitrary SQL code to manipulate SQL queries.

Remedy: Apply patch (SEC2018_20180410) NOTE: KACE SMA versions 9.0.270 and later include these security fixes.

Potential Risk of CVE

CVE-2019-5018 Sqlite3 Window Function Functionality Use-After-Free Vulnerability

Preface: Use-After-Free vulnerability similar animal ruminating.

Background: SQLite3 is a compact free database you can use easily create and use a database. It has become very popular with smart phone developers. SQLite runs many different computer systems such as Apple OS X, Linux, and Windows. Even though Airbus, they are the SQLite3 user.

Vulnerability details: A vulnerability in SQLite3 could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to a use-after-free condition in the window function functionality of the affected software. A possibility may be occurred. It let the attacker to execute arbitrary code and completely compromise the system.

Remedy: At the time this alert was first published, SQLite had not released a software update.

Potential Risk of CVE

CVE-2019-10132 – libvirt virtlockd-admin.socket & virtlogd-admin.socket systemd Privilege Escalation Vulnerability (May 2019)

Preface: Business computing architecture now go to virtualization world, perhaps it is hard to imagine in five year ago!

Technical background: The libvirt library is used to interface with different virtualization technologies. It is accessible from C, Python, Perl, Java and more. Meanwhilethe libvirt project supports KVM, QEMU, Xen, Virtuozzo, VMWare ESX, LXC & BHyve. Libvirt’s built-in API is widely used in the virtual machine monitor orchestration layer in cloud solution development.

Vulnerability details: A vulnerability in libvirt could allow an authenticated, remote attacker to escalate privileges on a targeted system. The vulnerability exists because the virtlockd-admin.socket and virtlogd-admin.socket unit files do not set the SocketMode configuration parameter in the affected software.

Workaround: Disable the virtlockd-admin.socket and virtlogd-admin.socket units in systemd. Alternative customize them to add SocketMode=0600 locally.

Remedy: libvirt has released software updates at the following link – https://github.com/libvirt/libvirt/releases

Potential Risk of CVE

CVE-2019-0911 Microsoft Edge and Internet Explorer Scripting Engine Memory Corruption Vulnerability – May 2019

Synopsis: As time goes by, cyber criminals formulated phishing scam through email and website visit. It seems to be a main trend. In order to avoid the attack occurs, home users installing antivirus program including malware detector, virus protection and predictive control. If web browser contains vulnerability? What we can do?

Vulnerability details:
A remote code execution vulnerability exists in the way that the script engine handles memory objects in Microsoft browsers. The vulnerability could corrupt memory and an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged in with administrative user rights, an attacker who successfully exploited the vulnerability could control the affected system.

Remedy: Microsoft has released detailed information at the following link: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0911

Potential Risk of CVE

CVE 2019-11634 Citrix Workspace App before 1904 for windows has incorrect access control – 22nd May 2019

Preface: VDI (Virtual Desktop Infrastructure), one of the way make your IT operations secure.

Product overview: Citrix Workspace Suite is a collection of Citrix products that deliver secure access to desktops, data, applications and services to subscribers on any device, and on any network.

Vulnerability details: Citrix Workspace App before 1904 for Windows has Incorrect Access Control.

Beginning August 2018, Citrix Receiver will be replaced by Citrix Workspace app. A vulnerability has been identified in Citrix Workspace app and Receiver for Windows that could result in local drive access preferences not being enforced allowing an attacker read/write access to the clients local drives which could enable code execution on the client device.

Remedy: Official announcement via following link – https://support.citrix.com/article/CTX251986

Potential Risk of CVE

CVE-2019-11328 Singularity 3.1.0 to 3.2.0-rc2 defect causes privilege escalation on the host – May 2019

Preface: We might have had a debate about the definition of a powerful-enough computer to be called a supercomputer or HPC system.

Technical background:

When Docker creates a container, it creates a new instance of the above six namespaces, and then puts all the processes in the container into these namespaces, so that processes in the Docker container can only see isolated system resources.

A process is visible to other processes in its PID namespace, and to the processes in each direct ancestor PID namespace going back to the root PID namespace.

Vulnerability details: A malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing//. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.

Remedy: Official announcement via following link – https://github.com/sylabs/singularity/releases/tag/v3.2.0

Cell Phone (iPhone, Android, windows mobile)

Reflection – Crafted emoji cause WeChat application (for Android) service crash.

Preface: When mobile computing born, cyber attack (botnet attack) and data leakage rapidly growth. Do you think this is the destiny.

Observation: A proof of concept shown that a technical limitation occurs on TenCent WeChat 7.0.4 (android version). When a stranger send a craft emoji to WeChat user. The WeChat application will be crashed once open the emoji file. The security expert found the following reason:

vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service

Refer to attached diagram, the 1st phase of attack should get the IMEI. Perhaps the specify attack has per-requisite. So it let the people feeling that it is only an idea and therefore may not pay attention in high pioritty. But it is an alert signal to WeChat users. Why? Wechat’s plug-ins are encapsulated in jar files and so files in the / assets / preload directory (see attached diagram). Security expert found technical limitation on vcodec2_hls_filter in libvoipCodec_v7a.so. From technical point of view , attacker can be develop attack technique ride on this issue. Stay tuned.

End.

Healthcare industry

Rampant cyber attacks – Is the healthcare industry suitable for using open source software?

1 Comment

Preface: In our world that is more and more vulnerable to hackers or data breaches.

Strategy Challenge: According to data privacy, security matters when choosing new software system today. Can we choose open source software deploy in medical or healthcare areas? If it is possible to use, which is Better for Open Source software?

Healthcare Cybersecurity Trends – 2019 – The National Association of County and City Health Officials say that healthcare breaches can cost up to $400 a patient. Apart of different country laws and regulations governance. A major reform in the European data protection framework establish GDPR. The GDPR introduces an obligation on data controllers to report breaches of patients’ health records to the data protection authority within 72 hours from becoming aware of the incident. A personal data breach is defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. The maximum administrative fine contemplated by the GDPR is of 20 million (Euro). Or 4% of a company’s annual revenue. As the above regulations and penalties are mandatory. Whereby , for the data governance prospective. The related industry define a road map. The concept of idea shown as below:

Can I use open source software for healthcare operations?

Quote: Absolutely. All Open Source software can be used for commercial purpose; the Open Source Definition guarantees this. You can even sell Open Source software. However, note that commercial is not the same as proprietary. said opensoure.org

How about the vulnerability management? As a matter of fact, it is rare for healthcare industry make use of open source software directly. In some circumstances, 3rd party vendor will do a customization on their solution thus integrate the business function to open source software. Below example can provide the details.

OpenEMR is the most popular open source electronic health records and medical practice management solution. OpenEMR is an ONC Certified HIT 2014 Edition Complete EHR product. Although it is the open source software, but it is a computer products and it is hard to avoid vulnerability occurs. The vulnerabilities occurs in two different function (see below). Hacker can be exploit these vulnerabilities by SQL injection. Since this is a SQL injection and therefore it might involves data privacy. Follow up the response from vendor side. Found that the corrective action take place and do the remediation. Perhaps the rating of the response time not easy to judge because of Common Vulnerabilities and Exposures reporting criteria and procedure. However these limitation not limit to open source software vendor. Even though the vulnerability management do not have major difference. OpenEMR issue the remedy posted on Aug 2018.

OpenEMR has released software updates at the following link: OpenEMR 5.0.1 Patch 7

The moment of truth: A decade before , If you interview with enterprise firm CTO, are they willing to use open source software. We will receive a standard answer. It is not possible! But may be we are not aware. The open source software living with us for long time actually. PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.

Summary: As a matter of fact, the cyber attack not merely based on a single element or component. In order to avoid the attack, even though you are not using open source software. You should have to enhance the detective and preventive control. Therefore if you would like to deploy the healthcare application system with opensource software. You have to fulfill below requirements.

Software and Patch Management
Log Management
Network Segmentation
Block Suspicious Activity
Credential Management
Establish a Baseline for Host and Network Activity
Organization-Wide IT Guidance and Policies

End of document.