Language Selection

English French German Italian Portuguese Spanish

Proprietary Software Insecurity

Filed under
Microsoft
Mac
  • Why recent hacks show Apple’s security strength, not its weakness [Ed: Spinning bug doors as a strength? Apple has its share of liars coming to the rescue of proprietary software (not the first such bug). Moving from Microsoft to Apple "for security" is like swapping vodka for rum to cure one's liver.]

    It might be tempting to follow that line of thinking in light of two recent stories of vulnerabilities affecting the Mac and the Apple Watch. In the first instance, the Zoom video-calling app could be abused to let someone spy on you through your webcam. In the second, a flaw in Apple’s Walkie Talkie app could let a hacker eavesdrop on your iPhone conversations. They’re both troubling security issues.

  • Eavesdropping Concerns Cause Apple Watch’s Walkie-Talkie App to Be Disabled

    Just like any other Internet of things device, it’s important to remember that smartwatches are still devices. And many cool features can also be used for unethical purposes. There is always another side of the coin.

    This is what Apple Watch users found this week when Apple disabled the Walkie-Talkie app when it was discovered that it allowed users to listen in on each other’s iPhone calls without the other person’s knowledge.

  • 250M Accounts Affected By ‘TrickBot’ Trojan’s New Cookie Stealing Ability

    Popular malware TrickBot is back and this time it has learned some new capabilities like stealing cookies. So far, it has infected around 250 million Gmail accounts.

    As per the research firm Deep Instinct, among the affected accounts, some belonging to the governments of the US, the UK, and Canada have also fallen victim to TrickBot.

  • TrickBooster – TrickBot’s Email-Based Infection Module - Deep Instinct

    Seeing a signed malware binary delivered to a customer environment prompted us to investigate further. We analyzed the malware sample and found swaths of PowerShell code in its memory. Analysis of this PowerShell code immediately led us to the conclusion that we are dealing with a mail-bot.

  • A better zip bomb

    This article shows how to construct a non-recursive zip bomb that achieves a high compression ratio by overlapping files inside the zip container. "Non-recursive" means that it does not rely on a decompressor's recursively unpacking zip files nested within zip files: it expands fully after a single round of decompression. The output size increases quadratically in the input size, reaching a compression ratio of over 28 million (10 MB → 281 TB) at the limits of the zip format. Even greater expansion is possible using 64-bit extensions. The construction uses only the most common compression algorithm, DEFLATE, and is compatible with most zip parsers.

More in Tux Machines

Canonical Is At Around 437 Employees, Pulled In $99M While Still Operating At A Loss

Canonical's financial numbers for the period through the end of 2018 are now available, which is a shortened nine month period after changing around their fiscal year to coincide with the end of the calendar year rather than 31 March. Read more

today's howtos

Programming: C++, Python, LLVM and More

  • Theory: average bus factor = 1

    Two articles recently made me realize that all my free software projects basically have a bus factor of one. I am the sole maintainer of every piece of software I have ever written that I still maintain. There are projects that I have been the maintainer of which have other maintainers now (most notably AlternC, Aegir and Linkchecker), but I am not the original author of any of those projects. Now that I have a full time job, I feel the pain. Projects like Gameclock, Monkeysign, Stressant, and (to a lesser extent) Wallabako all need urgent work: the first three need to be ported to Python 3, the first two to GTK 3, and the latter will probably die because I am getting a new e-reader. (For the record, more recent projects like undertime and feed2exec are doing okay, mostly because they were written in Python 3 from the start, and the latter has extensive unit tests. But they do suffer from the occasional bitrot (the latter in particular) and need constant upkeep.) Now that I barely have time to keep up with just the upkeep, I can't help but think all of my projects will just die if I stop working on them. I have the same feeling about the packages I maintain in Debian.

  • What Can AI Teach Us about Bias and Fairness?

    As researchers, journalists, and many others have discovered, machine learning algorithms can deliver biased results. One notorious example is ProPublica’s discovery of bias in a software called COMPAS used by the U.S. court systems to predict an offender’s likelihood of re-offending. ProPublica’s investigators discovered the software’s algorithm was telling the court system that first-time Black offenders had a higher likelihood of being repeat offenders than white offenders who had committed multiple crimes. They also found only 20% of the individuals predicted to commit a violent crime did so. Discoveries like these are why ethical AI is top-of-mind in Silicon Valley and for companies around the world focused on AI solutions.

  • KDAB at C++ Russia, Saint Petersburg

    C++ Russia is the premier C++ conference in East Europe which alternates between Moscow and Saint Petersburg. The conference lasts for two days starting October 31st. It will be held in the Park Inn by Radisson Pulkovskaya Hotel in the heart of Saint Petersburg.

  • How to Add Time Delays to Your Code

    Have you ever needed to make your Python program wait for something? Most of the time, you’d want your code to execute as quickly as possible. But there are times when letting your code sleep for a while is actually in your best interest. For example, you might use a Python sleep() call to simulate a delay in your program. Perhaps you need to wait for a file to upload or download, or for a graphic to load or be drawn to the screen. You might even need to pause between calls to a web API, or between queries to a database. Adding Python sleep() calls to your program can help in each of these cases, and many more!

  • Python 3.7.4 : Test the DHCP handshakes.
  • LLVM Clang RISC-V Now Supports LTO

    With the recent release of LLVM 9.0 the RISC-V back-end was promoted from an experimental CPU back-end to being made "official" for this royalty-free CPU ISA. Work though isn't over on the LLVM RISC-V support with new features continuing to land, like link-time optimizations (LTO) most recently being enabled within the Clang 10 code. Within the latest Clang code this week, LTO (link-time optimizations) are now enabled for Clang targeting RISC-V. LTO, of course, is important for performance with being able to exploit more performance optimizations by the compiler at link-time.

  • PyCon 2019: Open Spaces

    And, yeah, I realize it was nearly six months ago. But there have been some things that have been lingering in my thoughts that I need to share.

  • Sharing Your Labor of Love: PyPI Quick and Dirty

    This is another huge update after its initial release in 2013 and catches up with the latest developments (a lot happened!) since the last big update in 2017. Additionally, I have removed the parts on keyring because I stopped using it myself: it’s sort of nice to double-check before uploading anything. If you want to automate the retrieval of your PyPI credentials, check out glyph’s blog post Careful With That PyPI.

Mozilla: web-ext, Facebook-like business model and Rust at Microsoft GitHub

  • Developing cross-browser extensions with web-ext 3.2.0

    The web-ext tool was created at Mozilla to help you build browser extensions faster and more easily. Although our first launch focused on support for desktop Firefox, followed by Firefox for Android, our vision was always to support cross-platform development once we shipped Firefox support.

  • Get recommended reading from Pocket every time you open a new tab in Firefox

    Thousands of articles are published each day, all fighting for our attention. But how many are actually worth reading? The tiniest fraction, and they’re tough to find. That’s where Pocket comes in.

  • This Week in Rust 308

    Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us a pull request. Want to get involved? We love contributions.