Month: April 2017

Windows Uniscribe Fuzzing

Among the total of 119 vulnerabilities with CVEs fixed by Microsoft in the March Patch Tuesday a few weeks ago, there were 29 bugs reported by us in the font-handling code of the Uniscribe library. Admittedly the subject of font-related security has already been extensively discussed on this blog both in the context of manual analysis and fuzzing. However, what makes this effort a bit different from the previous ones is the fact that Uniscribe is a little-known user-mode component, which had not been widely recognized as a viable attack vector before, as opposed to the kernel-mode font implementations included in the win32k.sys and ATMFD.DLL drivers. In this post, we outline a brief history and description of Uniscribe, explain how we approached at-scale fuzzing of the library, and highlight some of the more interesting discoveries we have made so far. All the raw reports of the bugs we’re referring to (as they were submitted to Microsoft), together with the corresponding proof-of-concept samples, can be found in the official Project Zero bug tracker. Enjoy!

Bail Reform Tipping Point?

Lawsuits have been largely successful in court, thanks in part to actions taken by President Barack Obama’s Department of Justice, which issued an amicus brief on the issue last year. In that brief, it argued that “a bail scheme that imposes financial conditions, without individualized consideration of ability to pay and whether such conditions are necessary to assure appearance at trial, violates the Fourteenth Amendment” and its equal protection clause and is thus unconstitutional. Although new US Attorney General Jeff Sessions has expressed skepticism about past efforts on jail and criminal justice reform, the shift to a new administration is unlikely to affect the changes that are taking place around bail reform, experts say.

Circular runway

Aviation expert Henk Hesselink thinks that airports should have circular runways instead of straight ones. Among other things, large circular runways could reduce the need for crosswind landings, use airport land more efficiently, and increase the number of planes simultaneously landing and taking off.

Identity collisions

Identity collisions are the new Identity theft

For 18 years, I thought she was stealing my identity. Until I found her. A woman apparently using my name meant a nightmare of unpaid traffic fines and a criminal record. But when I tracked her down, a different story emerged

It’s amazing that our society is so primitive as to rely on name + birthdate as some sort of unique key when it clearly isn’t.

Procter & Gamble church

Named the fastest-growing church in America in 2015, Crossroads has been described by the Cincinnati Business Courier as both an entrepreneurial church and a church for entrepreneurs. Indeed, it was originally a startup—or more accurately an unofficial spinoff from Procter & Gamble Co., the $65B conglomerate based downtown, a few freeway exits south of the main church. In 1990, Brian Wells, a brand manager for Clearasil, started a singles Bible study with a P&G power couple, Vivienne Lee Bechtold, then a brand manager in beauty care, and Jim Bechtold, a marketing executive. The group, which met at the Bechtolds’ home, quickly grew to more than 100 people. Eventually the singles started marrying and having children, and Jim Bechtold asked Wells 1 morning, while the 2 carpooled to work, whether it made sense to start a church.

Medical Tourism SEZ

The Chinese government have set up a special economic zone for medical tourism. Hainan Boao Lecheng international medical tourism pilot zone, the first of its kind in the country, was approved by the State Council in 2013. It enjoys 9 preferential policies, including special permission for medical talent, technology, devices and drugs, and an allowance for entrance of foreign capital and international communications. The pilot zone also has permission to carry out leading-edge medical technology research, such as stem cell clinical research.

Macy 23 Years Sale

Welcome to Macy’s! My name is Trevor, and if you need any assistance at all don’t hesitate to ask. Right now we have a special 1-day sale, so many of our items are 50% to 80% off—and that’s before using a coupon! These 1-day sales are rare, so you should really take advantage of the special opportunity. This 1 has only been going on for the past 23 years.

Robot delivery

Amazon, which currently charges a $99 annual fee for 2-day deliveries under its “Prime” service, will eventually offer 2-tier pricing for delivery services. One will be a “Gold Prime” membership costing $199 to $249 a year that covers next-day deliveries, the other a platinum membership for $399 a year that includes same-day deliveries.

2019-08-20: Starship Technologies

The company has made over 100K commercial deliveries. The total funding has reached $85M. Parcels, groceries and food are directly delivered from stores, at the time that the customer requests via a mobile app. Once ordered the robots’ entire journey and location can be monitored on a smartphone. Starship delivery bots use machine learning to detect objects and do not use expensive LIDAR. Starship robots mostly drive on sidewalks and cross streets when they need to. This poses a different set of challenges compared to self-driving cars. Traffic on car roads is more structured and predictable.

2021-01-27: 1m now:

Starship reports that while its operation has not been flawless and its robots are always learning, any potential issues with the robot have not resulted in any injuries due to the low speed on the sidewalk. In addition to sidewalks, the robots are also doing 50K street crossings per day.

This might seem mundane, but both sidewalks and bike lanes are a huge opportunity. Even Amazon realized this, and is using both for last km delivery.