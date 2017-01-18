Security Leftovers
KrØØk WiFi vulnerability affected WiFi encryption on over a billion devices
Apple described the impact of the kr00k vulnerability as such when they patched this vulnerability in October 2019...
Daniel Stenberg: curl 7.69.1 better patch than sorry
Quite obviously this release was not shipped aligned with our standard 8-week cycle. The reason is that we had too many semi-serious or at least annoying bugs that were reported early on after the 7.69.0 release last week. They made me think our users will appreciate a quick follow-up that addresses them. See below for more details on some of those flaws.
How can this happen in a project that soon is 22 years old, that has thousands of tests, dozens of developers and 70+ CI jobs for every single commit?
The short answer is that we don’t have enough tests that cover enough use cases and transfer scenarios, or put another way: curl and libcurl are very capable tools that can deal with a nearly infinite number of different combinations of protocols, transfers and bytes over the wire. It is really hard to cover all cases.
[...]
This was an out-of-schedule release but the plan is to stick to the established release schedule, which will have the effect that the coming release window will be one week shorter than usual and the full cycle will complete in 7 weeks instead of 8.
Windows has a new wormable vulnerability, and there’s no patch in sight
Critical bug in Microsoft's SMBv3 implementation published under mysterious circumstances.
You Don't Own What You Buy Episode 9,000: Philips' Light Bulbs Lose Functionality
One of the common themes here at Techdirt over the last decade is how in the digital and internet-connected era, the very meaning of "ownership" and "property" has changed -- often for the worse. In the broadband-connected era, firmware updates can often eliminate functionality promised to you at launch, as we saw with the Sony Playstation 3. And with everything now relying on internet-connectivity, companies can often give up on supporting devices entirely, often leaving users with very expensive paperweights as we saw after Google acquired Revolv.
