Language Selection

English French German Italian Portuguese Spanish

Proprietary Software Insecurity

Filed under
Microsoft
Mac
  • Why recent hacks show Apple’s security strength, not its weakness [Ed: Spinning bug doors as a strength? Apple has its share of liars coming to the rescue of proprietary software (not the first such bug). Moving from Microsoft to Apple "for security" is like swapping vodka for rum to cure one's liver.]

    It might be tempting to follow that line of thinking in light of two recent stories of vulnerabilities affecting the Mac and the Apple Watch. In the first instance, the Zoom video-calling app could be abused to let someone spy on you through your webcam. In the second, a flaw in Apple’s Walkie Talkie app could let a hacker eavesdrop on your iPhone conversations. They’re both troubling security issues.

  • Eavesdropping Concerns Cause Apple Watch’s Walkie-Talkie App to Be Disabled

    Just like any other Internet of things device, it’s important to remember that smartwatches are still devices. And many cool features can also be used for unethical purposes. There is always another side of the coin.

    This is what Apple Watch users found this week when Apple disabled the Walkie-Talkie app when it was discovered that it allowed users to listen in on each other’s iPhone calls without the other person’s knowledge.

  • 250M Accounts Affected By ‘TrickBot’ Trojan’s New Cookie Stealing Ability

    Popular malware TrickBot is back and this time it has learned some new capabilities like stealing cookies. So far, it has infected around 250 million Gmail accounts.

    As per the research firm Deep Instinct, among the affected accounts, some belonging to the governments of the US, the UK, and Canada have also fallen victim to TrickBot.

  • TrickBooster – TrickBot’s Email-Based Infection Module - Deep Instinct

    Seeing a signed malware binary delivered to a customer environment prompted us to investigate further. We analyzed the malware sample and found swaths of PowerShell code in its memory. Analysis of this PowerShell code immediately led us to the conclusion that we are dealing with a mail-bot.

  • A better zip bomb

    This article shows how to construct a non-recursive zip bomb that achieves a high compression ratio by overlapping files inside the zip container. "Non-recursive" means that it does not rely on a decompressor's recursively unpacking zip files nested within zip files: it expands fully after a single round of decompression. The output size increases quadratically in the input size, reaching a compression ratio of over 28 million (10 MB → 281 TB) at the limits of the zip format. Even greater expansion is possible using 64-bit extensions. The construction uses only the most common compression algorithm, DEFLATE, and is compatible with most zip parsers.

More in Tux Machines

GNU Parallel Released and 10 Years of GNU Health

  • GNU Parallel 20191022 ('Driving IT') released [stable]

    GNU Parallel 20191022 ('Driving IT') [stable] has been released. It is available for download at: http://ftpmirror.gnu.org/parallel/ No new functionality was introduced so this is a good candidate for a stable release. GNU Parallel is 10 years old next year on 2020-04-22. You are here by invited to a reception on Friday 2020-04-17.

  • GNU Health: 10 years of Freedom and Equity in Healthcare

    I am back from my trip to India, where I spent a week with the team of All India Institute of Medical Sciences – AIIMS –, the largest public hospital in Asia and a leading research institution. They have taken the decision to adopt GNU Health, the Free Hospital and Health Information System. One key aspect in Free Software is ownership. From the moment they adopted GNU Health, it now also belongs to AIIMS. They have full control over it. They can download and upgrade the system; access the source code; customize it to fit their needs; and contribute back to the community. This is the definition of Free Software. The definition of Free Software is universal. GNU Health is equally valid for very large institutions, national public health networks and small, rural or primary care centers. The essence is the same.

Programming Leftovers

  • NumFOCUS and Tidelift partner to support essential community-led open source data science and scientific computing projects

    NumFOCUS and Tidelift today announced a partnership to support open source libraries critical to the Python data science and scientific computing ecosystem. NumPy, SciPy, and pandas—sponsored projects within NumFOCUS—are now part of the Tidelift Subscription. Working in collaboration with NumFOCUS, Tidelift financially supports the work of project maintainers to provide ongoing security updates, maintenance and code improvements, licensing verification and indemnification, and more to enterprise engineering and data science teams via a managed open source subscription from Tidelift.

  • Python Plotting With Matplotlib

    A picture is worth a thousand words, and with Python’s matplotlib library, it fortunately takes far less than a thousand words of code to create a production-quality graphic. However, matplotlib is also a massive library, and getting a plot to look just right is often achieved through trial and error. Using one-liners to generate basic plots in matplotlib is relatively simple, but skillfully commanding the remaining 98% of the library can be daunting.

  • Nominations for 2019 Malcolm Tredinnick Memorial Prize

    Malcolm was an early core contributor to Django and had both a huge influence and large impact on Django as we know it today. Besides being knowledgeable he was also especially friendly to new users and contributors. He exemplified what it means to be an amazing Open Source contributor. We still miss him. The DSF Prize page summarizes the prize nicely: The Malcolm Tredinnick Memorial Prize is a monetary prize, awarded annually, to the person who best exemplifies the spirit of Malcolm’s work - someone who welcomes, supports and nurtures newcomers; freely gives feedback and assistance to others, and helps to grow the community. The hope is that the recipient of the award will use the award stipend as a contribution to travel to a community event -- a DjangoCon, a PyCon, a sprint -- and continue in Malcolm’s footsteps.

  • Dirk Eddelbuettel: pkgKitten 0.1.5: Creating R Packages that purr

    This release provides a few small changes. The default per-package manual page now benefits from a second refinement (building on what was introduced in the 0.1.4 release) in using the Rd macros referring to the DESCRIPTION file rather than duplicating information. Several pull requests fixes sloppy typing in the README.md, NEWS.Rd or manual page—thanks to all contributors for fixing these. Details below.

Commitment To Elevating The Very Best

OSI applauds the efforts of every individual who has ever spoken up and taken steps to make free, libre, and open source software communities more inclusive. Without you, the movement would be less vibrant, less welcoming, and irreversibly diminished. Whether you’ve led your community to implement a code of conduct or taken the time to mentor someone who isn’t like you, whether you’ve reported toxic behavior or pressured community leaders to act: thank you. It takes courage to change the status quo, and all too often, that comes at a personal expense. Ultimately, ours is a moral movement, and our integrity hinges on whether we rise to meet the challenge of seeking justice and equity for all. As we move forward, we hope that we can learn as a community and incorporate the lessons of the past into building a better future. Further, we hope we can build bridges to those who have been shut out of our movement, whether by omission or commission, at the hands of systemic bias as well as toxic and predatory behavior. As the saying goes in open source, “Many eyes lead to shallower bugs.” So too do many perspectives lead to better software. Here’s to a better, more inclusive tomorrow. - The OSI Board of Directors Read more

NextCloud on Pi Adventures and Escaping Google

  • NextCloud on Pi Adventures

    I spent yesterday *finally* setting up a NextCloud instance of my own. It’s been on my todo since I installed fiber at home and got a decent Internet connection. I started out with Rasbian Lite and combined it with the NextCloudPi install script from ownyourbits. I then used certbot to install certificates from let’s encrypt before migrating the data directory using these instructions. After that it was happy account creation time, before realizing that I could not upload files larger than ~10kB. Very annoying.

  • Escape Google!

    Being practical most people are going to want to keep using Google services, but at least knowing what the issues are, how you can use privacy-enhanced versions or escape completely with your own services is good to know. While Nextcloud is so slick these days and with pre-packaged options it’s certainly fun just to try out, if not deployed as a full-time personal cloud solution. But it’s not all worrying about invasion of the privacy snatchers, we’ve plenty of down-to-earth tutorials and projects to keep you busy. We take another look at using Audacity to improve your YouTube audio and create effects, we test out of a bunch of server distros to see which is best for you in Roundup, there’s some lovely retro loving with a look at running ZX Basic and we look at building a wearable webcam from a Pi Zero. Enjoy!