New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Rust, that got packed into Windows 11 recently, used to hack both Windows and Linux servers
Security researchers at Palo Alto Networks have discovered a new peer-to-peer (P2P) worm, dubbed P2PInfect, that is built on Rust, and the malware affects both Windows and as well as Linux-based Redis (Remote Dictionary Server) servers. The worm is exploiting the Lua Sandbox Escape vulnerability which has been tracked under CVE-2022-0543 since 2022. This could lead to remote code execution (RCE).
Thanked by 1davide
Comments
So it is a malware written in Rust, what a terrible news title. One can write such a malware in C C++ Go Rust Python etc, the language does not matter.
Rust is not a software tho…
I sometimes wonder if these journos suffer from some form of mental retardation, or if they have to bring a certain amount of views no matter what. Because this is extremely irresponsible journalism, and should probably be illegal (if it's not).
language is important in malware development
You know you're reading quality journalism when they expand Redis to Remote Dictionary Server
That's what IBM and Amazon and everyone else call it?
https://aws.amazon.com/redis/
https://www.ibm.com/topics/redis
Rust (programming language)
Rust is a multi-paradigm, general-purpose programming language that emphasizes performance, type safety, and concurrency. It enforces memory safety—ensuring that all references point to valid memory—without requiring the use of a garbage collector or reference counting present in other memory-safe languages. Wikipedia
https://en.wikipedia.org/wiki/Rust_programming_language
Starting to think you are an AI once again...
An image is worth a thousand words.
what the hell is that title
AI @Tony40 strikes again, what else
i deadass thought this meant a kernel bug
then i was like, nt and linux?
oh, worm.
Redis: The Database
Redis, short for Remote Dictionary Server, is an open-source, in-memory, data-structure store that can be utilized as a database, cache, and message broker. Created by Salvatore Sanfilippo and first released in 2009, Redis has since become a critical piece of the tech stack for companies around the world.
There are several reasons why Redis has gained such widespread adoption:
Speed: Redis holds its database entirely in memory and supports very fast read and write operations. This makes it ideal for situations where high-speed operations are critical, such as caching.
Flexibility: Redis is not just a simple key-value store; it supports several different types of data structures, including strings, lists, sets, sorted sets, hashes, bitmaps, hyperloglogs, and geospatial indexes. This flexibility allows developers to use Redis for a wide variety of use cases.
Durability and Persistence: Although Redis is an in-memory database, it provides mechanisms for persisting data to disk. You can configure Redis to write snapshots of the database to disk at specified intervals, or append each command to a log.
Replication: Redis supports master-slave replication. This allows you to have multiple replicas of your database, improving read performance and providing a degree of fault tolerance.
Atomic Operations: Redis operations are atomic, which ensures that if two clients concurrently access Redis, they will receive consistent and isolated results.
As mentioned earlier, Redis supports several different types of data structures:
Strings: This is the simplest type of data that Redis can store. Strings in Redis are binary safe and can be up to 512 MB in size.
Lists: Redis lists are collections of string elements that are sorted according to the order of insertion. They are implemented via Linked Lists, which means that even if you have millions of elements, the time taken to add a new element in the list's head or tail is constant.
Sets: A set in Redis is an unordered collection of unique strings. Basic operations like adding, removing, and testing for existence of members are constant time operations.
Hashes: Hashes in Redis are maps between string fields and string values. They are the perfect data type to represent objects.
Sorted Sets: Similar to sets but every string element is associated with a floating number value, called a score. The elements are always taken sorted by their score, so unlike sets, sorted sets are, well, sorted.
Each data structure in Redis is manipulated using specific commands. For example, for string data types, you have commands like SET, GET, and INCR. For list data types, you have commands like RPUSH, LPUSH, LPOP, and RPOP.
One of the most common use cases for Redis is as a cache. By storing computed data in a cache, applications can significantly reduce their need to perform expensive computations or database queries on subsequent requests. Given its in-memory nature and speed, Redis is a perfect fit for this use case.
Another use case for Redis is as a message broker. Applications can publish messages to channels, and other applications can subscribe to those channels to receive the messages. This publish-subscribe model is a powerful tool for decoupling different parts of an application.
While Redis is primarily an in-memory database, it offers two modes for persisting data to disk: RDB (Redis Database file) and AOF (Append Only File).
RDB performs point-in-time snapshots of your dataset at specified intervals. It's excellent for backups and disaster recovery, and allows faster restarts with large datasets.
AOF logs every write operation received by the server, and can provide stronger durability. On restart, Redis can re-play the AOF log to rebuild the state.
You can also configure Redis to use both methods concurrently for a balance of speed and durability.
To scale reads and provide redundancy, Redis uses a simple replication model. You can set up any Redis server to be a replica of another. The replica will automatically stay synchronized with the master – whenever the master processes a write, it sends the corresponding command to its replicas.
To manage Redis instances, two primary tools are available: Redis Sentinel and Redis Cluster.
Redis Sentinel provides high availability for Redis. It monitors Redis instances, detecting failures and handling automatic failover.
Redis Cluster, on the other hand, provides a way to run a Redis installation where data is automatically partitioned across multiple nodes. This allows for high performance, and the ability to scale by simply adding more nodes to the cluster.
In conclusion, Redis is a versatile and powerful tool. Its combination of speed, flexibility, and robustness make it suitable for a wide range of use cases. Whether used as a high-speed cache, a message broker, or a durable database, Redis is a valuable component in any modern tech stack.
So useless yet somehow comparably more useful
Giving Rust a bad name. Should every worm/trojan/virus ever written have also the programming language it was written in associated with it?