Language Selection

English French German Italian Portuguese Spanish

Security: WhatsApp, Flatpak and DNS

Filed under
Security
  • Hackers Can Take Control Of Your WhatsApp Just With A Video Call: Update Now

    Natalie Silvanovich, a Google Project Zero security researcher, has uncovered a critical security flaw in WhatsApp. The flaw could allow a notorious actor to make a video call and take complete control of your messaging application.

  • Just Answering A Video Call Could Compromise Your WhatsApp Account
  • New Website Claims Flatpak is a “Security Nightmare”

    A newly launched website is warning users about Flatpak, branding the tech a “security nightmare”.

    The ‘Flatkills.org’ web page takes aim at a number of security claims routinely associated with the fledgling Flatpak app packaging and distribution format.

  • DNS Security Still an Issue

    DNS security is a decades-old issue that shows no signs of being fully resolved. Here's a quick overview of some of the problems with proposed solutions and the best way to move forward.

    ...After many years of availability, DNSSEC has yet to attain significant adoption, even though any security expert you might ask recognizes its value. As with any public key infrastructure, DNSSEC is complicated. You must follow a lot of rules carefully, although some network services providers are trying to make things easier.

    But DNSSEC does not encrypt the communications between the DNS client and server. Using the information in your DNS requests, an attacker between you and your DNS server could determine which sites you are attempting to communicate with just by reading packets on the network.

    So despite best efforts of various Internet groups, DNS remains insecure. Too many roadblocks exist that prevent the Internet-wide adoption of a DNS security solution. But it is time to revisit the concerns.

More in Tux Machines

Variscite unveils two i.MX8 QuadMax modules

Variscite announced Linux-powered “VAR-SOM-MX8” and “SPEAR-MX8” modules with an up to an i.MX8 QuadMax SoC plus up to 8GB LPDDR4 and 64GB eMMC. It also previewed a VAR-SOM-6UL COM. At Embedded World next week in Nuremberg, Germany, Variscite will showcase its Linux and Android driven i.MX8-family computer-on-modules, including new VAR-SOM-MX8 and SPEAR-MX8 modules that feature NXP’s highest-end i.MX8 SoC up to a QuadMax model (see farther below). We have already covered most of the other showcased products, including the 14nm fabricated, quad -A53 i.MX8M Mini based DART-MX8M-Mini. When we covered the DART-MX8M-Mini in September, Variscite didn’t have an image or product page, but both are now available here Read more

Android Leftovers

Programming: Developer Happiness, Rblpapi 0.3.8 and Python

  • Developer happiness: What you need to know
    A person needs the right tools for the job. There's nothing as frustrating as getting halfway through a car repair, for instance, only to discover you don't have the specialized tool you need to complete the job. The same concept applies to developers: you need the tools to do what you are best at, without disrupting your workflow with compliance and security needs, so you can produce code faster. Over half—51%, to be specific—of developers spend only one to four hours each day programming, according to ActiveState's recent Developer Survey 2018: Open Source Runtime Pains. In other words, the majority of developers spend less than half of their time coding. According to the survey, 50% of developers say security is one of their biggest concerns, but 67% of developers choose not to add a new language when coding because of the difficulties related to corporate policies.
  • Rblpapi 0.3.8: Keeping CRAN happy
    A minimal maintenance release of Rblpapi, now at version 0.3.9, arrived on CRAN earlier today. Rblpapi provides a direct interface between R and the Bloomberg Terminal via the C++ API provided by Bloomberg (but note that a valid Bloomberg license and installation is required). This is the ninth release since the package first appeared on CRAN in 2016. It accomodates a request by CRAN / R Core to cope with staged installs which will be a new feature of R 3.6.0. No other changes were made (besides updating a now-stale URL at Bloomberg in a few spots and other miniscule maintenance). However, a few other changes have been piling up at the GitHub repo so feel free to try that version too.
  • Episode #200: Escaping Excel Hell with Python and Pandas
  • Testing native ES modules using Mocha and esm.

Games: Steam, Devil Engine, City Game Studio and More