Facebook’s WhatsApp mobile app has had a rough time lately with regard to software vulnerabilities. In November 2019, the social media company quietly issued a security patch for a buffer overflow vulnerability contained in their messaging application.
However, the vulnerability disclosed in November 2019 is not the only recent vulnerability discovered and patched in the secure messaging application. Earlier in 2019, another buffer overflow vulnerability was discovered and patched by the company. Both of these vulnerabilities are rated as “severe” due to the fact that an attacker exploiting them can run malicious code on the target device.
To make things worse, the vulnerabilities in WhatsApp can be exploited by an unauthenticated attacker. These vulnerabilities were discovered in functions that process data sent by another WhatsApp user to the target. By taking a simple action – initiating a WhatsApp call or sending an MP4 video to the target – an attacker can trigger the vulnerability, giving them control over the device. These vulnerabilities can then be exploited to place spyware on the victim’s device and to view the user’s messaging history within the app.
A Brief History of WhatsApp Security
The recent WhatsApp vulnerability is not the first buffer overflow contained within the mobile app. In May 2019, a different buffer overflow vulnerability was discovered in how WhatsApp processed the data contained within an incoming call.
This vulnerability was created because WhatsApp uses a special binary format for sending data between devices and then unpacks this data at the recipient device. If an attacker sent a specially formatted packet, which lied about the length of a certain field, the recipient’s WhatsApp would unpack the data into a place on the stack that did not have sufficient space for it. As a result, the attacker would have the ability to write to memory that should have been outside of their control. This vulnerability was concerning since it allowed remote code execution on a target device without any user interaction required. The malicious packet was sent as part of initiating a call, so, even if the user rejected the call, the damage was already done.
This past WhatsApp vulnerability has been the source of significant controversy. While Facebook was in the process of patching the vulnerability, they observed someone trying to exploit it on the device of a UK-based human rights lawyer. Additional investigation pointed to the use of the vulnerability to spy upon individuals who would be of interest to certain governments.
The Israeli-based NSO Group is well known for developing and selling exploits to governments for use in surveillance activities that fall outside the scope of law enforcement activities. This, and the fact that the observed attack used infrastructure previously linked to the NSO Group, has led Facebook to believe that the company was beyond the exploitation of the WhatsApp vulnerability. As a result, Facebook has begun a lawsuit against the NSO Group for exploitation of a vulnerability in one of their products.
The Newest WhatsApp Vulnerability
The buffer overflow vulnerability disclosed in May was not the last such vulnerability in the WhatsApp platform. In November 2019, Facebook patched another vulnerability in WhatsApp that was similar in scope, severity, and potential impact.
This vulnerability dealt with how WhatsApp handled MP4 video files. Along with a video file comes a stream of metadata containing details about the file. When parsing this metadata, WhatsApp is vulnerable to a stack-based buffer overflow attack. This would allow the attacker to perform a Denial of Service attack (crashing the app) or to run attacker-controlled code on the app that could give access to previous conversations that the user has performed on the app. Exploitation of the vulnerability only requires an attacker to know the phone number of the victim and to send them a malicious MP4 video via WhatsApp.
Luckily, while the new vulnerability had the potential to be at least as damaging as the previous buffer overflow flaw, it appears that this one was not being actively exploited by attackers prior to being patched by Facebook. However, this demonstrates the importance of keeping such applications up-to-date (so that Facebook-provided security patches are applied) and to consider the risks associated with using these applications for personal communications.
Protecting Against Buffer Overflow Vulnerabilities
Buffer overflow vulnerabilities are nothing new. They are extremely simple vulnerabilities – only involving a failure to properly manage memory and user input – yet they can be extremely difficult to detect. A wide range of buffer overflow vulnerabilities exist, and sometimes apparently “safe” code can be vulnerable since another vulnerability can be exploited to bypass existing protections against buffer overflows.
The two major WhatsApp vulnerabilities disclosed and patched in 2019 demonstrate the potential impact of a buffer overflow vulnerability in a critical application. Both of these vulnerabilities could be exploited without user interaction, and enabled an attacker to run malicious code within the victim application. In one case, the vulnerability was exploited multiple times to spy upon parties of interest to various governments, leading to a lawsuit by Facebook against the suspected perpetrator.
Protecting against buffer overflow vulnerabilities requires the ability to identify and block potential exploits before they reach a vulnerable application. Deploying a strong web application firewall (WAF) to protect an organization’s web presence and runtime application self-protection (RASP) for critical or potentially vulnerable assets is an important first step toward protecting an organization and its software assets against exploitation.
The technological advances in physical and occupational physiotherapy that you should know about
Technology has reached all areas of human life to help us carry out various tasks and to make everyone’s lives easier in different ways. These advances are also in medicine and in the different therapeutic treatments that are used to improve various ailments. Learn what the most advanced methods are and how you can use them.
Health is the most precious thing for every person; extreme care must be taken to ensure the correct functioning of the body. There are many ways and procedures aimed at treating various conditions and helping to stay healthy, which have been significantly enhanced thanks to advances in technology.
The area of physiotherapy is one of those that has taken the best advantage of technological advances, and it has raised the quality and effectiveness of its therapies and procedures to levels never before experienced. Thanks to them, physical and occupational physiotherapy has improved substantially and is increasingly valued for the treatment of various health cases.
Physiotherapy programs for physical rehabilitation
Currently, there are various physical therapy software programs that help patients recover and improve their physical functionality quite efficiently. There is advanced software, with a wide range of physical exercises based on virtual reality, which are designed to promote the progressive and effective recovery of those who find themselves in the need to use them.
Digital physical rehabilitation software includes analytical and functional exercises, which can be used in the rehabilitation of neurological patients, in the recovery of musculoskeletal injuries, in the prevention of falls, in programs against premature ageing and even with children that suffer these types of ailments.
Advantages of using software in physiotherapy
Physiotherapy computer programs are health products, specially designed by professionals, specifically for clinical use. They offer many advantages, among which the following stand out:
- Enjoy the therapy sessions: the gamification that can be achieved with new technologies applied to physiotherapy turns the sessions into truly fun moments, which increases the patient’s motivation and their active participation in performing the corresponding exercises.
- Rehabilitation quantification: all kinematic parameters, such as joint ranges, measurement of the base of support, centre of gravity, number, and characteristics of steps, among others, can be consulted in detail at any time during the therapy. Additionally, they can generate detailed clinical reports on each patient, which can be printed or exported in PDF format.
- Remote sessions: technological advances have reached such high levels that they now open the possibility of applying remote sessions to the patient, thanks to the corresponding home exercise program software for physical therapy designed for this purpose. In this way, treatment can be reinforced with home sessions, which are also monitored and allow remote management, even from the centre itself. This has greatly benefited patients that have mobility problems.
Physical therapy home exercise programs are digital tools that help therapists and patients develop personalised exercise plans from the comfort of their homes. They provide a wide variety of benefits and features that improve rehabilitation and accelerate recovery.
Physiotherapists can decide with which patients and how to develop the digital physical rehabilitation exercises available to them, which can be personalised and adapted according to the needs of each patient.
Occupational therapy software programs
The occupational therapy software programs offer a multitude of resources and tools for therapists and patients, including simulations of everyday tasks, virtual activities to improve fine motor skills, time management strategies, and hand-eye coordination exercises, among others.
One of the main resources used is related to immersive virtual rehabilitation, which allows training various functions of the hand and different movements of the upper extremities that workers perform in their corresponding tasks. To do this, virtual reality and specialised programs are used that simulate environments similar to those they face on a daily basis in their jobs.
These occupational therapy software programs also include patient progress monitoring and assessment tools. They are digital solutions that improve the efficiency of occupational therapy by providing interactive virtual environments and resources tailored to the individual needs of each patient.
Personalization of rehabilitation programs
An important advantage offered by technological advances in this area is the possibility of having personalized rehabilitation programs, which therapists can use to adapt treatments to each patient’s purposes and abilities.
The personalization of rehabilitation programs substantially improves the effectiveness of treatments by addressing the unique needs of each patient. Additionally, this rehabilitation software provides useful resources to monitor and adjust as patients progress in their recovery.
This capacity for adaptation and personalization favours a firmer rehabilitation and speeds up the return to normal functionality of the treated people.
It is a feature that offers various benefits, such as the possibility of applying more individualised approaches, which guarantees that the exercises are safe, effective, and appropriate to promote recovery, and the optimization of results, as they are exercises designed specifically to meet each patient’s needs. .
They also generate greater motivation and adherence, by considering the interests, preferences, and goals of each individual treated, and help prevent additional injuries, since the exercises are adapted to the individual capabilities and limitations of each person.
In conclusion, physical and occupational therapy software has transformed the way rehabilitation is performed on people today. They are digital tools with a wide variety of features that improve the efficiency and personalization of treatments, tailoring the perfect exercise routine for each patient’s needs.
They cover various areas, from home exercise programs to creating personalized exercise plans, facilitating faster and more effective recovery for patients. But, these advances do not stop and aim to continue towards levels that cannot even be imagined, so we can count on an even more promising future in this important area of health.
Do not think about it anymore, if you are suffering from any ailment that could benefit from remote therapy, or know of someone that does, check this software today and see how your life can easily improve thanks to the help of the experts behind them. Your health will thank you.
What are spamtraps and how to get them off your mailing list for good?
There is a silent enemy that many companies face and that focuses directly on the contact list. It is spamtraps. These are emails that are meant to catch spammers, but negatively influence mass mailings. Today we are going to find out why, and we are going to assess some actions that are easy to do to get them out of the way.
Mailing lists are generally formed by people who are interested in using a product or service of a company and who subscribe voluntarily. However, it can happen that an email appears normal-looking, but it is a spammer detector. When an email is sent to these addresses, they block it, causing a negative impact on the reputation of the brand that sent it.
Spamtraps are traps for emails, in short. They do not belong to any real person, and their only function is to block the sender of the email and mark him or her as a spammer. In this way, the brand is affected, even if the content sent has nothing to do with spam. These exist on all existing email platforms, such as Gmail or Yahoo.
Characteristics of spam traps
Although there is no simple way to find out which of the emails on your list are spamtraps, you can assess some characteristics that lead to the most frequent spamtraps. Here we can see elements such as:
- No direct relation to a person: people generally put their names when creating their emails. Although this does not happen in 100% of cases, it could be an important factor to consider if you see some emails made up of meaningless letters and numbers, for example.
- Emails with generic names: Generic names are not a good sign, even though many companies use them as a means of communication. To separate those that are real from those that are not, it is possible to check the domain of which the emails are part. For example, there may be emails in a list that start with the word sales@XXXXXX. What completes the part of the X’s will tell us what the chances are that it is a spamtrap. In any case, be aware that it is very unlikely that a company will subscribe to a newsletter using this type of email.
- Abandoned emails: Technology has come a long way in recent times, and this has led to the use of new ways of communicating. Nowadays, it is very unlikely that there are people who subscribe to a list with a Hotmail email address. It is therefore essential to check, if you have one, that it is not an abandoned email that can be used with ISPs because they are no longer in use.
- Misspelled emails: This is a very common situation that occurs, especially when double confirmation is not used. In this case, it is possible that a person enters the mailing list with a misspelled entry and then the result is an email that ends, for example, in @gml.com. You have to be very careful with these. The recommendation is to always run the confirmation to ensure that it is a real and operational address.
Actions to take to verify spamtraps on the mailing list
Now that we have an idea of what we can look for in the list and target what looks the most suspicious, we can define a series of actions to take in order to detect whether the list is clean or whether there are any harmful elements present.
The first thing to do is to review your entire contact list. This can be a tedious task when you have a large number of subscribers, but it is worth the effort. If in this first step you got several suspicious emails, you should flag them to check their behaviour in the following points.
Then, it will be time to evaluate the results of the email marketing campaigns sent previously. In these campaigns, you will get a history of very interesting data that will tell you how many people generally open the emails, those who do not, etc. The important thing here is to assess whether the values shown in the history are more or less constant or have suffered a significant decrease in recent days. If this is the case, it could be due to spamtraps.
It is common for these problems to become apparent when a number of new users join the list. It is possible that among them there is an email that works as a spam trap. The simplest solution to recognize if this is the problem is to perform a segmentation and send an email to the members of this new list and verify the results.
Finally, you will need to check if the domain you are using is on the block list. This is an essential step to know if you really have a problem or not. Doing this on a regular basis is key to avoiding problems.
Segmentation as a working strategy
Working with email marketing software that allows the segmentation of the mailing list is a benefit that will remove problems later and, of course, spamtrap detection is one of them. Thanks to segmentation, it will be possible to create groups of users to whom certain campaigns are sent and evaluate the response they have.
Mailrelay is the best option in this regard because it offers the possibility to segment and also to validate the statistics. With the statistics you can measure the percentage of clicks that were made and that can give us an important guide, since this is an action that can only be performed by real people.
Nowadays, there are already robots capable of opening emails that arrive at your server, so the open rate is no longer a valuable statistic in this regard.
After you are clear about which contact segments are performing well, you can continue to work with them as normal and separate those that are not performing well to validate them later. It is better to keep fewer subscribers than to risk having your domain blocked and losing your entire list.
9 Ways to Keep Technology from Slowing Down Your Business
There’s no doubt that technology has made our lives easier. We can now do things we never thought possible, like communicating with people all over the world in an instant or order items from the comfort of our own homes. However, with great power comes great responsibility- and for business owners, this means making sure that technology doesn’t slow you down. Here are nine ways to keep your business running at full speed.
Make a Plan
Technology can be unpredictable, so it’s important to have a plan in place in case of any malfunctions. This includes having backups of your data and creating disaster recovery plans in case of emergencies.
Keep your software up-to-date, as well as your operating system and hardware. Outdated software can cause compatibility issues and make your devices run slower.
Use the Right Tools
Using the right tools for the job is essential when it comes to technology. If you’re using an outdated program or device, chances are there’s a better, faster option out there that will suit your needs. Even shortcuts are important tools, like automatic cache cleaner for Mac users in your company.
Creating standards for how employees use technology can help keep things running smoothly. This means establishing guidelines on passwords, data storage, backups, and any other procedures related to technology usage at work.
If you don’t have the resources internally then, it’s crucial to get help from someone who knows what they’re doing. This can be a tech-savvy friend or coworker, an IT professional if your budget allows for it, or even just reading articles online about how best to use specific devices/software programs.
Invest in New Equipment
Upgrading equipment regularly will help keep things running smoothly and make sure that there aren’t any compatibility issues with new software releases. It also ensures employees always know what tools are available when needed without having them search through piles of old files looking for something specific like an outdated version of Microsoft Word or Excel that won’t work with the latest operating system they’re trying to install on their computer.
Create a Backup Plan
Having multiple backups of your data makes it easy to recover files after an emergency situation like a power outage, hard drive crash, or (heaven forbid) a hacking, so you can get back up and running as soon as possible without losing any valuable information.
It’s vital for employees who use technology regularly at work, such as those in IT departments, customer service positions, etcetera – to have training sessions on how best to utilize whatever type of device/software program they’ll be using daily. This will help them avoid making mistakes which could lead to major problems down the line if left unchecked by management personnel. Allowing users time off from duties during these training sessions will also ensure they’re not distracted while learning new skills that may be required on some projects within their company.
Keep Your Data Secure
Keeping your data secure is essential to any business, and this means more than just backing it up regularly or installing antivirus software. For example, it’s important for companies who deal with sensitive information about clients/customers, etcetera – take steps such as encrypting emails containing personal details before sending them out across networks which can sometimes have vulnerabilities (e.g., open Wi-Fi). You should also train employees on how best to utilize whatever type of device/software program they’ll be using daily so there will never again be confusion over what needs doing when dealing with confidential files work.
A-Champs Reaction Training Lights: Your Path to Soccer Excellence
Discovering Valencia and the Valencian Community: an unforgettable holiday experience
What Is Your Website Content Missing? Three Things To Add ASAP
Know The Differences between Static and Dynamic QR Codes
The technological advances in physical and occupational physiotherapy that you should know about
Health4 months ago
The technological advances in physical and occupational physiotherapy that you should know about
Business11 months ago
Do’s and Don’t’s of Firing People
Business12 months ago
Best Strategies to Create an Comfortable Atmosphere in Your Restaurant
Business8 months ago
Here Are The Pros Your Business Desperately Needs
Business7 months ago
How to Supercharge Your Construction Company’s Customer Service
Business6 months ago
Tighten Up Your Customer Service In These Ways
Business5 months ago
Here’s How to Boost Employee Satisfaction Today
Business7 months ago
Improving Fleet Efficiency