Operating system · Linux, NetBSD, FreeBSD, OpenBSD, macOS, Windows · Type · DNS server · License · Mozilla Public License (ISC license before 9.11). Website, www.isc.org/downloads/bind. BIND is the most widely used Domain Name System (DNS).
ISC Releases Security Advisory for BIND Published Wednesday, June 13, 2018 – A remote attacker could exploit this vulnerability to obtain sensitive information.
Offical announcement – https://kb.isc.org/article/AA-01616/0/CVE-2018-5738
Many CPU architectures support lazy saving of floating point state (registers) by allowing floating point capability to be disabled, resulting in an exception when a floating point operation is performed. Virtually all floating point math is done in SSE (and thus XMM registers) in 64 bit mode. Attacker is able via a local process instead of web browser. A newly scheduled task can use the exploit described herein to infer the Floating Point register state of another task, which can be used to leak sensitive information.
Official announcement – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
Preface
When a child is born, his destiny is learning. He requires continuous learning the knowledge. His objective looks simple because his goal is survival.
What is the objective of AI (Artificial Intelligence)?
The aim of the development of AI it is to mimic in machines the “intelligent” behavior of humans.
The major element of AI (Artifical Intelligence). It is learning. The computer similar a baby, the world empower the knowledge to him. As a result, his learning path including human behaviour, human thinking logic, languages, decision making logic. But how does artificial intelligence do the correct decision not jeopardize the world? This is the ethics.
Does science world ignore the key element before A successful build?
The super computer contains super processing power with high calulation speed. It is without difficulties to do the data analytic. But emulate a human logic thinking require huge volume of data set includes human behaviour data set, differect catagories of data, the historical of crime activities, business decisions logic,…etc.
Hey! Is there any contradition found on this place. For instance, a ethic will be bound to human logical thinking? For instance, you visit library to read the book. This is equilvant learning mode. But in the libray, the book could not contain personal data, personal behaviour acivities provides. So this is the classical learning mode.
You pick up sister or brother letter in the mail box. The ethics will guide you are not allow to open the letter, right? But why does the artificial intelligence have this privileges to read the personal data? The AI read the personal data without consent!
Intelligence is not bestowed by whom, but are the condition of each person is born with and enjoys. However the whole way is for human survival in the earth. If machine contains artifical intelligence. From techincal point of view, it looks like human build a new competitor for himself? The major point is that AI will be wind their way to survivail in the world once their technology is mature.
I am not speaking the conspiracy. It is reality since they are in the machine learning phase. Their evolutions are shown as below:
1st Generation
Data science: Data science is an interdisciplinary field that uses scientific methods, processes, algorithms and systems to extract knowledge and insights from data in various forms, both structured and unstructured,similar to data mining.
2nd Generation
Machine learning: Machine learning is a subset of artificial intelligence in the field of computer science that often uses statistical techniques to give computers the ability to “learn”.
Final stage
Artifical intelligence: Artifical intelligence is intelligence demonstrated by machines, in contrast to the natural intelligence (NI) displayed by humans and other animals.
Source of data of machine learning nowadays
Datasets of population, economic and development across the world: https://data.worldbank.org/
Data operate in educational institutions and education demographics from the US and around the world: https://nces.ed.gov/
The collection of social, economic and population data in UK: https://www.ukdataservice.ac.uk/
The national crime statistics, with free data available at national, state and county level: https://ucr.fbi.gov/
Information gathered by NASA’s space exploration missions: https://exoplanetarchive.ipac.caltech.edu/
Conclusion
Human pollute the world because of living standard growth and modern industries.
Artificial intelligence in final phase will be …..
A song is on the way!
Don’t kill the world, don’t let it down. Do not destroy basic ground…..
–End–
VMware release security update to avoid remote code execution. The attacker could exploit this vulnerability to take control of an affected system before do the security update. Details shown as below (url):
https://www.vmware.com/security/advisories/VMSA-2018-0015.html
The marketing strategy of Cisco covered full scope of Cyber security and computer world. Since provides a wide angle of functional product features are hard to avoid vulnerabilities occurs. And therefore the security update are in frequent on the way. No harm! This is the IT world.
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Session Initiation Protocol Denial of Service Vulnerability
Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd
Cisco AnyConnect Secure Mobility Client Certificate Bypass Vulnerability
The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue.
https://docs.appdynamics.com/display/PRO44/Release+Notes#ReleaseNotes-4.4.3.10598%28HF4%29Updates
Cisco FireSIGHT System VPN Policy Bypass Vulnerability
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xss
Cisco Integrated Management Controller Supervisor and Cisco UCS Director DOM Stored Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucsdimcs
Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa
Cisco Meeting Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id
Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso
Invalid Curve Attack – 2017
* https://nodesecurity.io/advisories/324
https://github.com/cisco/node-jose
Cisco Prime Collaboration Provisioning Unauthorized Password Recovery Vulnerability
Cisco Prime Collaboration Provisioning Cleartext Passwords Written to World-Readable File Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cpcp-id
Cisco Prime Collaboration Provisioning SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-sql
Cisco Prime Collaboration Provisioning Access Control Deficiency in Batch Function Privilege Escalation Vulnerability
Cisco Prime Collaboration Provisioning Unauthenticated Remote Method Invocation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-rmi
Cisco Prime Collaboration Provisioning Access Control Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access
Cisco Prime Collaboration Provisioning Unauthorized Password Reset Vulnerability
Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucm-xss
Cisco Unified Communications Manager Cross-Frame Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs
Cisco Unified Computing System Role-Based Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucs-access
Cisco Unified IP Phone Software Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos
Cisco Unity Connection Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cuc-xss
Cisco Web Security Appliance Layer 4 Traffic Monitor Security Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa
Cisco WebEx Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-webex-xss
Cisco WebEx Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-webex-xss1
Cisco Wide Area Application Services Software Disk Check Tool Privilege Escalation Vulnerability
Cisco Wide Area Application Services Software Static SNMP Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-snmp
* Multiple Cisco Products Disk Utilization Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos
Preface
China won 1st of the TOP500 list of the world’s top supercomputers on June 2016. Can we say PCR is the mainstream? Or still keep crossbar switch deployment?
Who’s ready to break a record today?
IBM announced on June 2018. SUMMIT’s do mathematical calculations at the rate of 200 quadrillion per second, or 200 petaflops.
The Sunway TaihuLight has a processing speed of 93 petaflops.
What are the key components of the Chinese supercomputer architecture?
Do you remember the Parallel Capacity Resource (PCR) clusters? The mature technology found in 2002. The success of the PCR clusters was followed by the purchase of the Multiprogrammatic Capability Resource (MCR) cluster in July, 2002 from Linux NetworX (see below diagram). The PCR cluster debuted as the Top 500 Supercomputers list in November, 2002.
The Sunway TaihuLight uses a total of 40,960 Chinese-designed SW26010manycore 64-bit RISC processors based on the Sunway architecture.Each processor chip contains 256 processing cores, and an additional four auxiliary cores for system management (also RISC cores, just more fully featured) for a total of 10,649,600 CPU cores across the entire system.
Parallel Capacity Resource (PCR) cluster architecture create the mystery power!
The differences between China supercomputer and traditional mainframe supercomputer.
I speculated that China supercomputer architecture established by Parallel Capacity Resources Cluster concept for system development. Some technical details as finger print to proof of concept. Detail is shown as below:
1. Sunway TaihuLight, with 10,649,600 computing cores comprising 40,960 nodes.
2. System OS not mentioned on technical report, however I believed that the OS kernel development on top of System V (Unix/Linux).
IBM SUMMIT
Programming lanugage:
X10 is an open-source programming language being developed at IBM Research in collaboration with academic partners. The programming language designed specifically for parallel computing using the partitioned global address space (PGAS) model. A computation is divided among a set of places, each of which holds some data and hosts one or more activities that operate on those data. It has a constrained type system for object-oriented programming, a form of dependent types.
http://x10.sourceforge.net/documentation/languagespec/x10-latest.pdf
System Architecture:
Processor Security – When a partition is booted, the hypervisor initializes all of the hardware registers available to the partition to a known state. Later, when the partition is no longer running on a hardware thread, the hypervisor copies the current register contents to a save area associated with this specific logical processor. This copying of the registers is done for both dedicated and shared processor partitions. These virtualized registers are maintained in hypervisor memory (physical real memory) so that the memory cannot be altered.
Memory – The HPT (Hardware Page Table) is a mapping from the partitions address space to physical real addresses. Each partition that is created has its own HPT. Whenever a partition is running on a hardware thread, the hardware always uses the information from that partition’s HPT to translate the addressing. The HPT is part of the firmware memory usage on the server and since it is maintained only in real memory, only the PowerVM hypervisor can make changes to the HPT.
Linux NetworX and next generation
The specific cyber security did not mentioned since it priority to focusing the processing power. Should you have interest of the parallel capacity resource (PCR) computer architecture. Please refer below URL for referemce.
https://computing.llnl.gov/tutorials/linux_clusters/#Background
Reference:
The New York Times – Move Over, China: U.S. Is Again Home to World’s Speediest Supercomputer
2016 Supercomputer magazine
Found VMware Horizon Client (Linux) contains design weakness causes privilege escalation vulnerability. I speculate that the vulnerability only happened on Horizon client for Linux. And therefore it can’t bring the IT guy attention. But do not ignore this vulnerability. As we know, ESXi 6.5 could allow an autenticated VNC session to cause a heap overflow via specific set of VNC packes resulting in heap corruption. But hacker would exploit this deisgn bug. Meanwhile the environment must fulfill the requirement. VNC must be enabled. Apart from that ESXi must configured to allow VNC traffic through the build in firewall. As a matter of fact, IT operations would like to increase their fexibility. And sometimes enable this function in data center. If this is the way or you require to use VNC for remote access. Then you must stay alert.
If this is not a require function, it is recommend to disable it.
For the vulnerability details found on 29th May 2018. Techncial detials is shown as below:
VMSA-2018-0014: VMware Horizon Client update addresses a privilege escalation vulnerability – https://www.vmware.com/security/advisories/VMSA-2018-0014.html
Content Security Policy (CSP) provides a standard HTTP header that allows website owners to declare approved sources of content that browsers should be allowed to load on that page.
Browser based XXS protection mechanism. Least privilege approach that whitelists content you trust. Nothing else will execute. Assumes that inline scripts are bad.
But………….
High CVE-2018-6148: Incorrect handling of CSP header
https://chromereleases.googleblog.com/search/label/Stable%20updates
LMS (Learning Management System) become popular because it wasn’t limit learning area and time zone. Learner or student can start the tution when computer connect to internet. Such learning atomosphere are popular in the world. LMS not restricted to high school and university educations. It also covered internal training in business environment. Moodle is a free and open-source learning management system written in PHP and distributed under the GNU General Public License. Education authority can download the software onto your own web server. Moodle does not generate SCORM content. Moodle presents the content in SCORM packages to learners, and saves data from learner interactions with the SCORM package.
SCORM content can be delivered to learners via any SCORM-compliant Learning Management System (LMS) using the same version of SCORM.
The market share shown that Moodle open source growth in significant recently. However there are vulnerabilites occurs in Moodle. Now please download version 3.5 because it fixed the design bug. Bug details shown as below :
Portfolio script allows instantiation of class chosen by user – https://moodle.org/mod/forum/discuss.php?d=371204
User can shift a block from Dashboard to any page – https://moodle.org/mod/forum/discuss.php?d=371202
Users can download any file via portfolio assignment caller class – https://moodle.org/mod/forum/discuss.php?d=371200
Portfolio forum caller class allows a user to download any file – https://moodle.org/mod/forum/discuss.php?d=371201
Calculated question type allows remote code execution by Question authors – https://moodle.org/mod/forum/discuss.php?d=371199
CVE-2018-0321 – Cisco Prime Collaboration Provisioning Unauthenticated Remote Method Invocation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-rmi
CVE-2018-0315 – Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa
CVE-2018-0353 – Cisco Web Security Appliance Layer 4 Traffic Monitor Security Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa
CVE-2018-0320 – Cisco Prime Collaboration Provisioning SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-sql
CVE-2018-0318 – Cisco Prime Collaboration Provisioning Unauthorized Password Reset Vulnerability
CVE-2018-0319 – Cisco Prime Collaboration Provisioning Unauthorized Password Recovery Vulnerability
CVE-2018-0317 – Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass
CVE-2018-0322 – Cisco Prime Collaboration Provisioning Access Control Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access
CVE-2018-0274 – Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso
CVE-2018-0316 – Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Session Initiation Protocol Denial of Service Vulnerability
CVE-2017-6779 – Multiple Cisco Products Disk Utilization Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos
CVE-2018-0263 – Cisco Meeting Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id
CVE-2018-0296 – Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd