Daily Archives: October 11, 2018

Slow your roll: VMware urges admins to apply workarounds to DoS-inducing 3D render vuln

Posted on by

The vuln (CVE-2018-6977) allows an attacker with normal local user privileges to trigger an infinite loop in a 3D-rendering shader. According to VMware, a “specially crafted 3D shader may loop for an infinite amount of time and lock up a VM’s virtual graphics device”.

If that happens, VMware warned, the hypervisor may rely on the host box’s graphics driver to ensure other users of the physical machine are not impacted by the infinite graphical loop.

“However, many graphics drivers may themselves get into to a denial-of-service condition caused by such infinite shaders, and as a result other VMs or processes running on the host might also be affected,” said VMware in a statement.

Source: Slow your roll: VMware urges admins to apply workarounds to DoS-inducing 3D render vuln • The Register

MindBody-owned FitMetrix exposed millions of user records — thanks to servers without passwords – AWS strikes again

Posted on by

FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody, has exposed millions of user records because it left several of its servers without a password.

The company builds fitness tracking software for gyms and group classes — like CrossFit and SoulCycle — that displays heart rate and other fitness metric information for interactive workouts. FitMetrix was acquired by gym and wellness scheduling service Mindbody earlier this year for $15.3 million, according to a government filing.

Last week, a security researcher found three FitMetrix unprotected servers leaking customer data.

It isn’t known how long the servers had been exposed, but the servers were indexed by Shodan, a search engine for open ports and databases, in September.

The servers included two of the same ElasticSearch instances and a storage server — all hosted on Amazon Web Service — yet none were protected by a password, allowing anyone who knew where to look to access the data on millions of users.

Bob Diachenko, Hacken.io’s director of cyber risk research, found the databases containing 113.5 million records — though it’s not known how many users were directly affected. Each record contained a user’s name, gender, email address, phone numbers, profile photos, their primary workout location, emergency contacts and more. Many of the records were not fully complete.

Source: MindBody-owned FitMetrix exposed millions of user records — thanks to servers without passwords | TechCrunch

The US Democracy is turning away so many people at polling stations, they need a What to Do If You’re Turned Away at the Polls guide

Posted on by

Several states have instituted stricter voter ID laws since the 2016 presidential election; more, still, are purging voter rolls in the lead up to the election, and the recent Supreme Court decision to uphold Ohio’s aggressive purging law means you can expect many more people to be removed. So, even if you’re registered to vote (and you should really double check) you might find yourself turned away at the polls come November 6.

Source: What to Do If You’re Turned Away at the Polls

One man, one vote? Not so much. Two parties and no voters.