Tuesday, March 2, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Rust programming language: Crates package API tokens revoked over serious security flaw

July 15, 2020
in Internet Security
Rust programming language: Crates package API tokens revoked over serious security flaw
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

The project behind popular programming language Rust has revoked all API keys from its crates.io package web app. 

The key revocation addresses a serious vulnerability affecting Rust’s package system due to two factors. First, Rust developers learned that the PostgreSQL random function it used to generate API keys or tokens for crates.io was not a “cryptographically secure” random-number generator. 

You might also like

Singapore eyes more cameras, technology to boost law enforcement

Free cybersecurity tool aims to help smaller businesses stay safer online

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

“In theory, an attacker could observe enough random values to determine the internal state of the random-number generator, and use this information to determine previously created API keys up to the last database server reboot,” it states. 

SEE: Hiring Kit: Python developer (TechRepublic Premium)

API keys are used by computers to authenticate a user or machine and control what access rights they have. 

Secondly, the Rust project discovered that the API keys for the packages were being stored in plain text. If attackers breached the database, they would have API access for all current tokens. 

The Rust project has now rolled out a cryptographically secure random-number generator and implemented a hashing function for storing tokens in the database. 

“Exploiting either issue would be incredibly impractical in practice, and we’ve found no evidence of this being exploited in the wild. However, out of an abundance of caution, we’ve opted to revoke all existing API keys,” it says in the advisory. 

Developers who have published crates packages can generate a new API key at the crates.io website. 

SEE: Programming languages: Developers reveal what they love and loathe, and what pays best

The crates.io site indicates that there are over 43,000 crates that have been downloaded collectively over three billion times. Crates are a key part of the Rust programming language. Deno, the possible successor to Node.js, was written in Rust and is considered a collection of crates rather than a monolithic program.  

The Rust project appears to have acted swiftly on the vulnerability report it received on July 11. The issue was fixed and tokens revoked along with a disclosure notice on July 14.  

More on Rust and programming languages

  • Programming languages: Now Rust project looks for a way into the Linux kernel  
  • Programming languages: Rust enters top 20 popularity rankings for the first time  
  • Microsoft: Here’s why we love programming language Rust and kicked off Project Verona  
  • Programming languages: Developers reveal what they love and loathe, and what pays best  
  • Programming language Rust: 5 years on from v1.0, here’s the good and the bad news
  • Microsoft: Here’s how we’re killing a class of memory security bugs in Windows 10  
  • Programming language Rust’s adoption problem: Developers reveal why more aren’t using it  
  • Google programming language scorecard: How C, C++, Dart, Rust, Go rate for Fuchsia
  • Developers love Rust programming language: Here’s why
  • Microsoft: We’re creating a new Rust-like programming language for secure coding
  • Programming languages: Kotlin rises fastest but JavaScript lures millions more developers
  • Microsoft opens up Rust-inspired Project Verona programming language on GitHub
  • Brave defies Google’s moves to cripple ad-blocking with new 69x faster Rust engine
  • How to install Rust on Linux TechRepublic 
  • Credit: Zdnet

    Previous Post

    AI/Machine Learning Market Size By Product Analysis, Application, End-Users, Regional Outlook, Competitive Strategies And Forecast Up To 2026

    Next Post

    MindfuL™ technology to provide transparency and build user trust in machine learning systems

    Related Posts

    Singapore eyes more cameras, technology to boost law enforcement
    Internet Security

    Singapore eyes more cameras, technology to boost law enforcement

    March 2, 2021
    Free cybersecurity tool aims to help smaller businesses stay safer online
    Internet Security

    Free cybersecurity tool aims to help smaller businesses stay safer online

    March 2, 2021
    Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit
    Internet Security

    Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

    March 1, 2021
    These four new hacking groups are targeting critical infrastructure, warns security company
    Internet Security

    These four new hacking groups are targeting critical infrastructure, warns security company

    February 28, 2021
    Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
    Internet Security

    Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

    February 28, 2021
    Next Post
    MindfuL™ technology to provide transparency and build user trust in machine learning systems

    MindfuL™ technology to provide transparency and build user trust in machine learning systems

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    Recommended

    Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

    Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

    January 6, 2019
    Microsoft, Google Use Artificial Intelligence to Fight Hackers

    Microsoft, Google Use Artificial Intelligence to Fight Hackers

    January 6, 2019

    Categories

    • Artificial Intelligence
    • Big Data
    • Blockchain
    • Crypto News
    • Data Science
    • Digital Marketing
    • Internet Privacy
    • Internet Security
    • Learn to Code
    • Machine Learning
    • Marketing Technology
    • Neural Networks
    • Technology Companies

    Don't miss it

    Singapore eyes more cameras, technology to boost law enforcement
    Internet Security

    Singapore eyes more cameras, technology to boost law enforcement

    March 2, 2021
    Why do companies fail to stop breaches despite soaring IT security investment?
    Internet Privacy

    Why do companies fail to stop breaches despite soaring IT security investment?

    March 2, 2021
    Tweaking Algorithmic Filtering to Combat Fake News
    Data Science

    Tweaking Algorithmic Filtering to Combat Fake News

    March 2, 2021
    Machine Learning Cuts Through the Noise of Quantum Computing
    Machine Learning

    Machine Learning Cuts Through the Noise of Quantum Computing

    March 2, 2021
    Google’s Tensorflow Certification & What I’ve Learned Since
    Neural Networks

    Google’s Tensorflow Certification & What I’ve Learned Since

    March 2, 2021
    Apple’s data-collection ‘nutrition labels’ for apps will begin appearing next week
    Digital Marketing

    Pinterest powers up creators during stressful times: Monday’s daily brief

    March 2, 2021
    NikolaNews

    NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

    What’s New Here?

    • Singapore eyes more cameras, technology to boost law enforcement March 2, 2021
    • Why do companies fail to stop breaches despite soaring IT security investment? March 2, 2021
    • Tweaking Algorithmic Filtering to Combat Fake News March 2, 2021
    • Machine Learning Cuts Through the Noise of Quantum Computing March 2, 2021

    Subscribe to get more!

    © 2019 NikolaNews.com - Global Tech Updates

    No Result
    View All Result
    • AI Development
      • Artificial Intelligence
      • Machine Learning
      • Neural Networks
      • Learn to Code
    • Data
      • Blockchain
      • Big Data
      • Data Science
    • IT Security
      • Internet Privacy
      • Internet Security
    • Marketing
      • Digital Marketing
      • Marketing Technology
    • Technology Companies
    • Crypto News

    © 2019 NikolaNews.com - Global Tech Updates