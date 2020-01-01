Security and Proprietary Software Issues
Security updates for Friday
Security updates have been issued by Debian (drupal7), Fedora (dbus, kernel, microcode_ctl, mingw-glib-networking, moby-engine, and roundcubemail), Mageia (libjpeg), openSUSE (chromium and rmt-server), Oracle (kernel and microcode_ctl), Red Hat (rh-nodejs8-nodejs and thunderbird), Slackware (bind), and SUSE (adns, containerd, docker, docker-runc, golang-github-docker-libnetwork, dbus-1, fwupd, gegl, gnuplot, guile, java-1_7_1-ibm, java-1_8_0-ibm, kernel, mozilla-nspr, mozilla-nss, perl, and php7).
Malicious Chrome Extensions Downloaded Over 33 Million Times
Google has removed scores of malicious and fake Chrome extensions being used in a global eavesdropping campaign.
The threat was spotted by Awake Security, which detected 111 of the malicious extensions over the past three months. When it notified Google of the issue last month, it claimed that 79 were present in the Chrome Web Store, where they had been downloaded nearly 33 million times.
Figures for the others not in the official marketplace are hard to calculate for obvious reasons.
“These extensions can take screenshots, read the clipboard, harvest credential tokens stored in cookies or parameters, grab user keystrokes (like passwords), etc,” it said in a report detailing the investigation.
How I Accidentally Hijacked Someone's WhatsApp
Earlier this month, I bought a pay-as-go SIM card because I needed a fresh number for a particular article I was working on. I then downloaded WhatsApp and registered with my new number.
When I logged into WhatsApp for the first time, something was wrong. I was immediately in multiple group chats with other people and numbers I did not know. I checked my 'status' in the app, and my profile picture was of a blonde woman. This, I quickly realized, wasn't really my WhatsApp account, but someone else's.
Apple’s App Store fees are ‘highway robbery,’ says House antitrust committee chair
Rep. David Cicilline (D-RI) joined The Vergecast along with Basecamp CTO David Heinemeier Hansson to discuss the plight of Hey, Basecamp’s new $99-a-year premium email service. Earlier this week, Heinemeier Hansson revealed that Apple had rejected the Hey iPhone app from the App Store because it didn’t offer any way to sign up and pay in the app itself — which would require giving Apple a 30 percent cut of the fee.
“Because of the market power that Apple has, it is charging exorbitant rents — highway robbery, basically — bullying people to pay 30 percent or denying access to their market,” said Rep. Cicilline. “It’s crushing small developers who simply can’t survive with those kinds of payments. If there were real competition in this marketplace, this wouldn’t happen.”
Apple doubles down on controversial decision to reject email app Hey
“The HEY Email app is marketed as an email app on the App Store, but when users download your app, it does not work,” the letter reads. Apple cites three App Store policies — Guideline 3.1.1 and Guidelines 3.1.3 (a) and 3.1.3 ( — that outline the company’s requirements for in-app purchases for most apps, with exceptions only carved out for a subset of “Reader Apps,” like Netflix and other streaming services.
Android Leftovers
DragonFlyBSD vs. FreeBSD vs. Ubuntu 20.04 On Intel's Core i9 10900K Comet Lake
One of the areas where Intel has the leg up over AMD when it comes to open-source software support is on the BSD side where generally the likes of FreeBSD and DragonFlyBSD often exhibit better out-of-the-box support at launch. Here is a look at how DragonFlyBSD and FreeBSD are running on the Core i9 10900K "Comet Lake" processor with Z490 motherboard. Tested for this article were the Core i9 10900K at stock speeds with the Gigabyte Z490 AORUS MASTER motherboard. The BSD candidates for this testing were FreeBSD 12.1 and DragonFlyBSD 5.8.1 as the latest stable releases for these two BSDs. Long story short, the support experience for this latest-generation Intel desktop platform was smooth: the only exception was the Ethernet not working out of the box, but that isn't surprising considering even on the Linux side 5.6 or newer is needed. But once plugging in a USB Ethernet adapter, it was off to the races in running DragonFlyBSD and FreeBSD on this i9-10900K box.
CSI kit for the RPi CM3 has FPGA for camera control
Vision Components’ $335 “VC Embedded Vision Kit CMI” for the Raspberry Pi Compute Module offers GbE, USB, 2x CSI, and an FPGA. It defaults to a 1MP, 120fps Omnivision module but supports up to 20MP modules German embedded vision vendor Vision Components has launched an adapter board for its VC MIPI camera modules that supports the Raspberry Pi Compute Module 3 or 3+. Designed for industrial-grade embedded vision systems,” the VC Embedded Vision Kit CMI is built around a VC Compute Module Interface Board with 2x MIPI-CSI-2 connectors that enable independent video inputs or stereo vision. The board is equipped with a programmable FPGA for individual image acquisition controls such as triggering.
Top stress tools in Kali Linux 2020.1
Stress testing is used to check the system’s stability; this testing involves the creation of traffic that is more than normal operational capacity. There are many tools available open-source as well as paid, but we have identified the top 7 stressing tools in Kali Linux 2020.1 that will help in testing the availability of a system or a network. Also: Top 13 Password Cracking Tools in Kali Linux 2020.1 Top Wireless Attack tools in Kali Linux 2020.1
