OS News reports that the latest version of ReactOS has been released: 0.4.6 is a major step towards real hardware support. Several dual boot issues have been fixed and now partitions are managed in a safer way avoiding corruption of the partition list structures. ReactOS Loader can now load custom kernels and HALs. Printing Subsystem is still greenish in 0.4.6, however Colin Finck has implemented a huge number of new APIs and fixed some of the bugs reported and detected by the ReactOS automated tests. Regarding drivers, Pierre Schweitzer has added an NFS driver and started implementing RDBSS and RXCE, needed to enable SMB support in the future, Sylvain Petreolle has imported a Digital TV tuning device driver and the UDFS driver has been re-enabled in 0.4.6 after fixing several deadlocks and issues which was making it previously unusable. Critical bugs and leakages in CDFS, SCSI and HDAUDBUS have been also fixed. General notes, tests, and changelog for the release can be found at their respective links. A less technical community changelog for ReactOS 0.4.6 is also available. ISO images are ready at the ReactOS Download page.

Read more of this story at Slashdot.

On Saturday, Chinese mobile maker Huawei unveiled its first artificial intelligence smartphone chipset, which it hopes will lure customers away from Apple's upcoming range of new iPhones and towards the Asian company's "most powerful handset yet," the Mate 10, which is set to debut next month. Mac Rumors reports: Huawei touted the Kirin 970 AI mobile chipset's built-in "neural processing unit" at the IFA consumer electronics trade show in Berlin, claiming that the technology is "20 times faster" than a traditional processor. The world's third largest smartphone maker claimed that mobile devices powered by the Kirin 970 will be able to "truly know and understand their users," by supporting real-time image recognition, voice interaction, and intelligent photography with ease. According to Nikkei, the Kirin 970 integrates 5.5 billion transistors in a single square centimeter about the size of a thumbnail, which includes an octa-core central processing unit, a 12-core graphics processing unit, a dual-image signal processor, a high-speed 1.2Gbps Cat.18 modem, and AI mobile computing architecture. The Kirin 970 is said to be based on the same 10-nanometer technology as Apple's existing A10X Fusion processor and the A11 processor that will power its new iPhone range, set to debut this month. The Mate 10 is said to be a bezel-less all-screen handset with a 6-inch, 2:1 display and a 2,160 x 1,080 resolution. Like Apple's so-called "iPhone 8," the Mate 10 is also expected to feature some form of facial recognition and improved cameras.

Read more of this story at Slashdot.

Diplomats are expelled from Moscow and Russian offices are shut down in the United States.

Class for working with MySQL DB

Base class for working with databases

Class for working with ClickHouse DB

automate the Chrome browser

Foreign minister deployed to hold 'intensive communications' as anger grows in world's most populous Muslim nation.

Military advance brings army and allied fighters about 10km from the city, says the Syrian Observatory for Human Rights.

US president asked Congress for nearly $8bn for recovery efforts after storm, but governor says Texas needs a lot more.

An anonymous reader shares a report from Mashable, written by Kerry Flynn: "I mean if Mashable wants to pay for it, I can get you a blue check over night," reads a recent Twitter direct message. This is a guy who knows a guy, a middleman in the black market for Instagram verification, where anyone from a seasoned publicist to a 22-year-old digital marketer will offer to verify an account -- for a price. The fee is anywhere from a bottle of wine to $15,000, according to a dozen sources who have sold verification, bought verification for someone else, or directly know someone who has done one or the other. "These guys pay all their bills from one to two blue checks a month," another message from the middleman added later. The product for sale isn't a good or a service. It's a little blue check designated for public figures, celebrities, and brands on Instagram. It grants users a prime spot in search as well as access to special features. More importantly, it's a status symbol. But it's clear from people who spoke on the condition of anonymity, many of whom have their own blue checkmarks, that a black market for Instagram verification is alive and well. "Instagram has helped create this underground market," the report adds. "While anyone can apply for verification on Facebook and on Twitter, Instagram has made itself exclusive and therefore rather elitist. Influencers who have press clippings and work with big brands on sponsorship deals often can't manage to get that elusive blue checkmark, according to several verified and unverified influencers and people who have sold verification."

Read more of this story at Slashdot.

Steely Dan was a favorite of mine in a wonderful and uplifting period of my life, when I was a grad student in Madison in the mid-late 70s. I was finally an adult, in love, lots of friends and accomplishments everywhere. Firing on all cylinders. One of the most prime periods of my life. I guess I'm going to listen to a lot of Steely Dan in the next few weeks. Kind of the way we listened to a lot of Prince last year. Donald Fagen wrote about his friendship with Walter Becker. We all were friends with him through their creativity.

I received a resume (a PDF) via email. It was not malicious, it was a real resume, and it's a good opportunity to show how to determine if a PDF contains nothing malicious.

First, I analyzed the PDF with pdfid.py:

The PDF has not a lot of objects (7) neither streams (2). And there's no other warning from pdfid.py. That doesn't mean the pdf is not malicious, it could still contain an exploit for a (un)known vulnerability.

In such a case, I like to use option -e from pdfid to get more info:

This info helps to determine if there is something hiding in this PDF outside the normal objects.

There's just one end-of-file marker (%%EOF), and there are no more bytes following that marker, so nothing was appended to this PDF.

And there are very few bytes outside streams (1133), so it's unlikely something was hidden there.

Lately, we've seen several PDFs campaings with just a URL in the document pointing to malware.

Let's check this with pdf-parser.py:

Nothing!

So this PDF has a lot of indications that it is not malicious.

If needed, we can go deeper in our analysis. In such a case, I like to use pdf-parser.py to pull some statistics on the objects inside the PDF:

This is a very simple PDF, with only 7 objects:

• 1 catalog object (object 1)
• 1 pages object (object 2)
• 1 page object (object 4)
• 1 XObject object (object 3)
• and 3 objects without a type (objects 5, 6 and 7)

PDF with objects like these are usually just a document with an image like a JPEG (object XObject) inside it.

When I look at the different objects, there is noting that stands out:

Object 7, with the metadata, gives me a clue as to the origin of this PDF:

So there is not malicious to find. The only remaining place where something could be hiding, is in the streams of objects 3 and 6.

The stream of object 6 is deflated (/FlateDecode), and can thus be decompressed with option -f:

You will probably not recognize the code in the decompressed stream, but this isa description of a page (defining it's size and displaying an image). So nothing malicious here.

What remains, is the image in object 3. There could be an exploit hiding in there, and in part 2, we will see if we can find one.

 

Didier Stevens
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.