Daily Archives: January 25, 2024

C++ en Linux, el tema se reaviva después de 6 años

Posted on by
Linux C++

Se ha vuelto a proponer él usó de C++ en Linux

Tal parece que la introduccion de Rust como segundo lenguaje de programación en el Kernel de Linux ha representado uno de los cambios más importantes que ha tenido Linux y no hablando en el ámbito de características y funcionalidades, sino que ha marcado un punto de partida muy importante en el cómo Linus torvalds y el equipo de desarrollo han dado un paso significativo hacia la modernización de Linux para bien.

Esto se puede notar, ya que hace poco, en las listas de correo del kernel de Linux se ha reavivado una discusión que fue iniciada hace seis años, presentando en broma un 1 de abril del 2018.

Y es que nuevamente se ha vuelto a poner sobre la mesa el asunto sobre «la viabilidad de adoptar el código C++ moderno en el kernel de Linux», yendo más allá del tradicional uso del lenguaje C con fragmentos de ensamblador y la promoción del lenguaje Rust.

La propuesta inicial fue lanzada en el 2018, por un ingeniero de Red Hat a modo de broma por la ya conocida celebración de april’s fool, en la cual muchos aprovechan para crear bromas a la comunidad y en ese momento fue asi, ya que supuestamente había lanzado un conjunto de 45 parches que incluían el uso de plantillas, herencia de clases y sobrecarga de funciones de C++.

En mi opinión, C++ 14 es la versión “mínima” que tiene un soporte de metaprogramación razonable y tiene la mayoría sin los tipos de versiones anteriores (C++ 11 tenía la mayoría, pero C++ 14 completa algunas piezas clave faltantes). Sin embargo, en mi opinión, C++20 es realmente el mayor cambio de juego; Aunque las versiones anteriores podían ejecutar muchos hacks de SFINAE, también daban mensajes de error absolutamente inútiles.

Hacemos mucha metaprogramación en el kernel de Linux, implementada mediante trucos de macros a menudo realmente horribles. Estos también son prácticamente imposibles de depurar. Tomemos el ejemplo de los hacks de tipo uaccess.h, algunos de los cuales diseñé y escribí. En C++, diferentes conversiones y declaraciones de casos se pueden dividir en instancias de plantilla separadas y, con un poco de ingenio, también se pueden aplicar estrictamente cosas como los punteros de espacio de usuario versus los punteros de espacio de usuario del kernel, así como los punteros de espacio de usuario ya marcados, versus aquellos que no lo son, sin mencionar el fácil manejo del caso de tipos de espacio de usuario de 32 bits en un kernel de 64 bits y la aplicación de la conversión endian.

Ahora, casi después de 6 años de ello, Hans Peter Anvin, un desarrollador clave del kernel de Intel y creador de proyectos como syslinux, klibc y LANANA, ha retomado la iniciativa de continuar la discusión. Según Anvin, desde 1999, los lenguajes C y C++ han experimentado avances significativos en su desarrollo, y el lenguaje C++ ha demostrado ser más adecuado que C para el desarrollo del kernel de sistemas operativos.

Anvin menciona que las funciones que antes requerían extensiones específicas de GCC, ahora pueden implementarse fácilmente en C++ estándar, y en muchos casos, el uso de C++ mejorará la infraestructura sin necesidad de cambiar completamente el código.

Además de ello, se propone utilizar al menos la especificación C++ 14, que incluye herramientas de metaprogramación, y se alienta el uso de la especificación C++ 20, que introduce soporte para conceptos que pueden reducir la incidencia de errores.

Se argumenta que C++ es más preferible que Rust, ya que este último difiere significativamente en sintaxis del lenguaje C, es poco común para los desarrolladores actuales del kernel y no permite la reescritura gradual del código. En el caso del lenguaje C++, es posible traducir partes del código del lenguaje C gradualmente, similar a cómo se puede compilar el código C como C++.

Si bien, el kernel de Linux es principalmente código C con varias partes escritas en ensamblador y un trabajo creciente en torno al soporte de Rust en el kernel de Linux, todavía no está claro si hay suficiente peso para que esto sea una realidad, sobre la posibilidad de ver el código C del kernel de Linux convertido a C++ en el futuro.

Finalmente si estás interesado en poder conocer más al respecto, puedes consultar los detalles en el siguiente enlace.

from Linux Adictos https://ift.tt/mRjTuXs
via IFTTT

Using Google Search to Find Software Can Be Risky

Posted on by

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair.

Google says keeping users safe is a top priority, and that the company has a team of thousands working around the clock to create and enforce their abuse policies. And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago.

But cybercrooks are constantly figuring out ingenious ways to fly beneath Google’s anti-abuse radar, and new examples of bad ads leading to malware are still too common.

For example, a Google search earlier this week for the free graphic design program FreeCAD produced the following result, which shows that a “Sponsored” ad at the top of the search results is advertising the software available from freecad-us[.]org. Although this website claims to be the official FreeCAD website, that honor belongs to the result directly below — the legitimate freecad.org.

How do we know freecad-us[.]org is malicious? A review at DomainTools.com show this domain is the newest (registered Jan. 19, 2024) of more than 200 domains at the Internet address 93.190.143[.]252 that are confusingly similar to popular software titles, including dashlane-project[.]com, filezillasoft[.]com, keepermanager[.]com, and libreofficeproject[.]com.

Some of the domains at this Netherlands host appear to be little more than software review websites that steal content from established information sources in the IT world, including Gartner, PCWorld, Slashdot and TechRadar.

Other domains at 93.190.143[.]252 do serve actual software downloads, but none of them are likely to be malicious if one visits the sites through direct navigation. If one visits openai-project[.]org and downloads a copy of the popular Windows desktop management application Rainmeter, for example, the file that is downloaded has the same exact file signature as the real Rainmeter installer available from rainmeter.com.

But this is only a ruse, says Tom Hegel, principal threat researcher at the security firm Sentinel One. Hegel has been tracking these malicious domains for more than a year, and he said the seemingly benign software download sites will periodically turn evil, swapping out legitimate copies of popular software titles with backdoored versions that will allow cybercriminals to remotely commander the systems.

“They’re using automation to pull in fake content, and they’re rotating in and out of hosting malware,” Hegel said, noting that the malicious downloads may only be offered to visitors who come from specific geographic locations, like the United States. “In the malicious ad campaigns we’ve seen tied to this group, they would wait until the domains gain legitimacy on the search engines, and then flip the page for a day or so and then flip back.”

In February 2023, Hegel co-authored a report on this same network, which Sentinel One has dubbed MalVirt (a play on “malvertising”). They concluded that the surge in malicious ads spoofing various software products was directly responsible for a surge in malware infections from infostealer trojans like IcedID, Redline Stealer, Formbook and AuroraStealer.

Hegel noted that the spike in malicious software-themed ads came not long after Microsoft started blocking by default Office macros in documents downloaded from the Internet. He said the volume of the current malicious ad campaigns from this group appears to be relatively low compared to a year ago.

“It appears to be same campaign continuing,” Hegel said. “Last January, every Google search for ‘Autocad’ led to something bad. Now, it’s like they’re paying Google to get one out of every dozen of searches. My guess it’s still continuing because of the up-and-down [of the] domains hosting malware and then looking legitimate.”

Several of the websites at this Netherlands host (93.190.143[.]252) are currently blocked by Google’s Safebrowsing technology, and labeled with a conspicuous red warning saying the website will try to foist malware on visitors who ignore the warning and continue.

But it remains a mystery why Google has not similarly blocked more the 240+ other domains at this same host, or else removed them from its search index entirely. Especially considering there is nothing else but these domains hosted at that Netherlands IP address, and because they have all remained at that address for the past year.

In response to questions from KrebsOnSecurity, Google said maintaining a safe ads ecosystem and keeping malware off of its platforms is a priority across Google.

“Bad actors often employ sophisticated measures to conceal their identities and evade our policies and enforcement, sometimes showing Google one thing and users something else,” Google said in a written statement. “We’ve reviewed the ads in question, removed those that violated our policies, and suspended the associated accounts. We’ll continue to monitor and apply our protections.”

Google says it removed 5.2 billion ads in 2022, and restricted more than 4.3 billion ads and suspended over 6.7 million advertiser accounts. The company’s latest ad safety report says Google in 2022 blocked or removed 1.36 billion advertisements for violating its abuse policies.

Some of the domains referenced in this story were included in Sentinel One’s February 2023 report, but dozens more have been added since, such as those spoofing the official download sites for Corel Draw, Github Desktop, Roboform and Teamviewer.

This October 2023 report on the FreeCAD user forum came from a user who reported downloading a copy of the software from freecadsoft[.]com after seeing the site promoted at the top of a Google search result for “freecad.” Almost a month later, another FreeCAD user reported getting stung by the same scam.

“This got me,” FreeCAD forum user “Matterform” wrote on Nov. 19, 2023. “Please leave a report with Google so it can flag it. They paid Google for sponsored posts.”

Sentinel One’s report didn’t delve into the “who” behind this ongoing MalVirt campaign, and there are precious few clues that point to attribution. All of the domains in question were registered through webnic.cc, and several of them display a placeholder page saying the site is ready for content. Viewing the HTML source of these placeholder pages shows many of the hidden comments in the code are in Cyrillic.

Trying to track the crooks using Google’s Ad Transparency tools didn’t lead far. The ad transparency record for the malicious ad featuring freecad-us[.]org (in the screenshot above) shows that the advertising account used to pay for the ad has only run one previous ad through Google search: It advertised a wedding photography website in New Zealand.

The apparent owner of that photography website did not respond to requests for comment, but it’s also likely his Google advertising account was hacked and used to run these malicious ads.

from Krebs on Security https://ift.tt/sKAfD6g
via IFTTT