LINE Engineering

  • Buffer overflow in PJSIP, a VoIP open source library
    Kim Youngsung 2018.02.27

    He's a security engineer at LINE. He enjoys looking for bugs and is highly interested in secure coding.

    Hi all, I am Youngsung Kim (Facebook, Twitter) of the Application Security team at LINE and am in charge of evaluating security of LINE services. On this post, I'd like to share a vulnerability (CVE-2017-16872, AST-2017-009) of PJSIP, a VoIP open source library. PJSIP is a multimedia communication library based on the following standard protocols; SIP, SDP, RTP, STUN, TURN, and ICE. The Asterisk framework, widely used on IP-PBX and VoPI gateway has an SIP stack implemented based on PJSIP.

    The cause of the vulnerability was due to incautiousness about sign extension for Integers in the process of converting signed int to unsigned long when handling client's SIP requests on 64-bit environment. There was no window to report the security issue to the PJSIP development teams, so I made my report to the Asterisk's security page. Afterwards, I've consulted with George Joseph, an engineer at Asterisk, and the patch (PJSIP patch, Asterisk patch) has been applied on the pjproject v2.7.1. I'd like to express my gratitude to George for processing the patch.

    VoIP Security Vulnerability OpenSource CVE PJSIP PJPROJECT ASTERISK

    Read More

  • Functional programing language and LINE GAME Cloud
    Bu Sung Kim, Jae Ho Lee 2018.02.26

    Bu Sung: Develops the LINE GAME Promotion platform. He is interested in programming languages and started learning Kotlin just recently. Jae Ho: Is a Game Tech PM at LINE. His recent interest is JavaScript.

    We are junior engineers, Bu Sung Kim and Jae Ho Lee at LINE, working on the LINE GAME Platform. We have a great interest in functional programming languages. It all started with learning that the LINE GAME Cloud is developed in Clojure, one of functional programming languages. On this post, we would like to take you through some of the characteristics of functional programming languages in association with the use cases of the LINE GAME Cloud.

    LINE GAME Cloud & Functional Programming

    LINE GAME Cloud is a game server platform, obviously cloud-based, to serve the LINE Games service worldwide, safe and sound. The cloud project was launched to globalize the LINE Games service and to automate distribution process. LINE GAME Cloud is currently in action serving the users all over the world, automatically issues servers, and supports L4/L7 routing, DNS and auto scaling. You can check the details of this project through the following links:

    Functional Programming LINE Game Cloud Clojure Server

    Read More

  • Using Docker to build a testing infrastructure for web UI and mobile
    Chloe Chao 2018.02.19

    She used to be a QA automation engineer at LINE.

    Suppose you are to setup test automation. Building and maintaining a whole test infrastructure all by your team can be painful. Although some cloud services like Sauce Labs do cover DevOps, you may have hesitated to use them due to security issues or budget concerns in your company. Docker is a good tool for you to setup and maintain servers for test automation, especially if you are just starting to build an automation test infrastructure with open source solutions.

    Of the open source solutions, Selenium is an open source framework for automating UI tests. It allows you to simulate user flow by executing scripts on different browsers. Selenium-Grid consists of hub servers and node servers to let you execute tests in parallel to speed up testing. When a hub receives requests from clients, the requests are rerouted to an appropriate node server, based on the capability parameters.

    Testing Automation Testing QA Docker Selenium Appium Container

    Read More

  • LINE Security Bug Bounty Program Report 2017
    Lee Myeongjae 2018.02.14

    He is a security engineer at LINE.

    Hello again, this is Myoungje Yi (MJ) from LINE's security team. I'd like to share our annual report on running the LINE Security Bug Bounty Program in 2017.

    Program scope expansion & donation option

    The 'LINE Security Bug Bounty Program' aims to provide LINE users the most secure service by fixing potential vulnerabilities in advance, by getting reports from external security researchers. As we have already mentioned in our previous post, we have expanded the program scope in 2017, which resulted in an increased number of reports submitted. In November 2017, we have added an option allowing reporters to donate their reward.

    Bug Bounty Security

    Read More

  • LINE iOS/Android Hackathon 2017
    Hyeonji Jo 2018.01.31

    She's a LINE iOS developer.

    Nice to meet you all. I am Hyeonji Jo, an IOS developer at LINE. On this post, I'd like to take you to the LINE Hackathon 2017, held in December 13th to 15th, 2017. LINE has been holding regular workshops for LINE's iOS and Android engineers, consisting of a number of sessions and a short, day-long hackathon. A lot of feedback to the previous workshops demanded more time for the hackathon; participants had brilliant ideas but the time allocated had been a bit too short to develop them. So, this time, no other sessions were setup but the hackathon. I reckon no matter how long you are given, you will have to fight off that regretful or depressing emotion that remains afterwards. However, given twice the time this time, the completeness of outcome was much more satisfying, and the teams came up with more various and fun ideas. I am already missing the event so much.

    Day 1

    The attendants were iOS and Android engineers as well as QA engineers from LINE offices in Korea, Japan and Taiwan. Teams had been setup before the event, and we had about 30 teams. Since the nationalities were all different, the main language used in the event was English.

    LINE Hackathon hackathon

    Read More