Language Selection

English French German Italian Portuguese Spanish

Proprietary Software Insecurity

Filed under
Microsoft
Mac
  • Why recent hacks show Apple’s security strength, not its weakness [Ed: Spinning bug doors as a strength? Apple has its share of liars coming to the rescue of proprietary software (not the first such bug). Moving from Microsoft to Apple "for security" is like swapping vodka for rum to cure one's liver.]

    It might be tempting to follow that line of thinking in light of two recent stories of vulnerabilities affecting the Mac and the Apple Watch. In the first instance, the Zoom video-calling app could be abused to let someone spy on you through your webcam. In the second, a flaw in Apple’s Walkie Talkie app could let a hacker eavesdrop on your iPhone conversations. They’re both troubling security issues.

  • Eavesdropping Concerns Cause Apple Watch’s Walkie-Talkie App to Be Disabled

    Just like any other Internet of things device, it’s important to remember that smartwatches are still devices. And many cool features can also be used for unethical purposes. There is always another side of the coin.

    This is what Apple Watch users found this week when Apple disabled the Walkie-Talkie app when it was discovered that it allowed users to listen in on each other’s iPhone calls without the other person’s knowledge.

  • 250M Accounts Affected By ‘TrickBot’ Trojan’s New Cookie Stealing Ability

    Popular malware TrickBot is back and this time it has learned some new capabilities like stealing cookies. So far, it has infected around 250 million Gmail accounts.

    As per the research firm Deep Instinct, among the affected accounts, some belonging to the governments of the US, the UK, and Canada have also fallen victim to TrickBot.

  • TrickBooster – TrickBot’s Email-Based Infection Module - Deep Instinct

    Seeing a signed malware binary delivered to a customer environment prompted us to investigate further. We analyzed the malware sample and found swaths of PowerShell code in its memory. Analysis of this PowerShell code immediately led us to the conclusion that we are dealing with a mail-bot.

  • A better zip bomb

    This article shows how to construct a non-recursive zip bomb that achieves a high compression ratio by overlapping files inside the zip container. "Non-recursive" means that it does not rely on a decompressor's recursively unpacking zip files nested within zip files: it expands fully after a single round of decompression. The output size increases quadratically in the input size, reaching a compression ratio of over 28 million (10 MB → 281 TB) at the limits of the zip format. Even greater expansion is possible using 64-bit extensions. The construction uses only the most common compression algorithm, DEFLATE, and is compatible with most zip parsers.

More in Tux Machines

The great filter of open source projects

So, with the recent layoffs at Mozilla — among other things — a bit of discussion on the sustainability of open source projects has been reignited. There was a wide range of takes: from “FOSS is dead” (no) to “we need to re-decentralize the internet” (yes). I could not quite help putting forth opinions on the matter myself and did so on a short twitter thread. Fundamentally though, the opinions expressed on this matter seem to almost talk past each other — and I think the reasons for this might be found in history of open source(1). [...] Another — later — project, that I am assuming to have been quite resilient and which I am assuming will continue to be quite resilient is gentoo linux: By requiring users to compile all software themselves, this distribution makes their users either give up on their installs or gets them at least halfway to be packagers (and for a distribution, packagers are contributors) themselves. Also, by not having to deal with binaries, gentoo reduces its infrastructure needs to a minimum. And even while there are some signs of downsizing at gentoo, I am hopeful that the flexibility mentioned above makes gentoo more sustainable and self-reliant than others for quite some time to come. [...] All of the above projects, commoditized their complements and this allowed users, who were not contributors to still benefit from the work of those who were as these contributors were interested in protecting the complement. Read more

Best Torrent Clients for Linux

This article will cover various free and open source Torrent clients available for Linux. The torrents clients featured below have nearly identical feature sets. These features include support for magnet links, bandwidth control tools, tracker editing, encryption support, scheduled downloading, directory watching, webseed downloads, peer management, port forwarding and proxy management. Unique features of individual torrents clients are stated in their respective headings below. Read more

Audiocasts/Shows: Adding And Removing Swap Files Is Easy In Linux, Linux Action News, Open Source Security Poscast

  • Adding And Removing Swap Files Is Easy In Linux
  • Linux Action News 155

    We try out the new GNOME "Orbis" release and chat about Microsoft's new Linux kernel patches that make it clear Windows 10 is on the path to a hybrid Windows/Linux system. Plus, the major re-architecture work underway for Chrome OS with significant ramifications for Desktop Linux.

  •        
  • Open Source Security Poscast Episode 216 – Security didn’t find life on Venus

    Josh and Kurt talk about how we talk about what we do in the context of life on Venus. We didn’t really discover life on Venus, we discovered a gas that could be created by life on Venus. The world didn’t hear that though. We have a similar communication problem in security. How often are your words misunderstood?

Matthias Clasen: GtkColumnView

One thing that I left unfinished in my recent series on list views and models in GTK 4 is a detailed look at GtkColumnView. This will easily be the most complicated part of the series. We are entering into the heartland of GtkTreeView—anything aiming to replace most its features will be a complicated beast. Read more Also: Oculus Rift CV1 progress