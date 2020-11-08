Security Leftovers
-
Melbourne firm takes a hit from Windows REvil ransomware
Nexia Australia and New Zealand, a network of solutions-focused accountancy and consultancy firms, has been hit by cyber criminals using the Windows REvil ransomware.
-
Second biggest laptop maker Compal hit by Windows ransomware
Taiwanese original design manufacturer Compal Electronics has suffered a cyber intrusion, with the attackers using the Windows DoppelPaymer ransomware to infiltrate the company's systems in an attack that was reported over the weekend.
-
EU continues to push for lawful access (aka backdoors) to end-to-end encrypted data
What the EU is calling for is a “balance” between regular encryption use and lawful access to encrypted data. The EU seeks to work with tech companies and academics to find out a way to lawfully access encrypted data aka have an encryption backdoor:
-
Spectrum auctions delayed as court strikes Sweden ban on Huawei
Sweden's 5G spectrum auctions have been put on hold after a court suspended sections of a decision that had excluded Chinese telecommunications equipment vendor Huawei Technologies from participating in the bids.
-
Huawei, Assange may gain from Biden presidential win
With the US administration changing next year, it is very likely that Google will be able to get a waiver on selling the proprietary version of its Android operating system to Chinese telecommunications vendor Huawei Technologies, something it has been unable to do ever since the Trump administration put in place sanctions on the Chinese firm.
-
Firefox for Android: LAN-Based Intent Triggering – Attack & Defense
In its inception, Firefox for Desktop has been using one single process for all browsing tabs. Since Firefox Quantum, released in 2017, Firefox has been able to spin off multiple “content processes”. This revised architecture allowed for advances in security and performance due to sandboxing and parallelism. Unfortunately, Firefox for Android (code-named “Fennec”) could not instantly be built upon this new technology. Legacy architecture with a completely different user interface required Fennec to remain single-process. But in the fall of 2020, a Fenix rose: The latest version of Firefox for Android is supported by Android Components, a collection of independent libraries to make browsers and browser-like apps that bring latest rendering technologies to the Android ecosystem.
For this rewrite to succeed, most work on legacy Android product (“Fennec”) was paused and put into maintenance mode except for high-severity security vulnerabilities.
It was during this time, coinciding with the general availability of the new Firefox for Android, that Chris Moberly from GitLab’s Security Red Team reported the following security bug in the almost legacy browser.
[....]
I’m lucky enough to be paid to hack things at GitLab, but after a long hard day of hacking for work I like to kick back and unwind by… hacking other things! I’d recently come to the devastating conclusion that a bug I had been chasing for the past two years either didn’t exist or was simply beyond my reach, at least for now. I’d learned a lot along the way, but it was time to focus on something new.
A friend of mine had been doing some cool things with Android, and it sparked my interest. I ordered a paperback copy of “The Android Hacker’s Handbook” and started reading. When learning new things, I often order the big fat physical book and read it in chunks away from my computer screen. Everyone learns differently of course, but there is something about this method that helps break the routine for me.
Anyway, I’m reading through this book and taking notes on areas that I might want to explore. I spend a lot of time hacking in Linux, and Android is basically Linux with an abstraction layer. I’m hoping I can find something familiar and then tweak some of my old techniques to work in the mobile world.
-
Android Leftovers
Qt 6.0 Beta 4 Released
For those on the Qt 5.12 LTS series the Qt 5.12.10 point release is out today with 30 new bug fixes. But for those looking ahead to Qt 6 also out today is Qt 6.0 Beta 4. Qt 5.12.10 details can be found on Qt.io. Among the changes for this latest point release are various error fixes, a possible heap corruption scenario, an issue with GIFs not playing in some Qt applications, inconsistent XPM handling, and other problems. Direct: Qt 6.0 Beta4 is out
How to Install and Use virt-manager Virtual Machine Manager in Ubuntu and Other Linux
The virt-manager application or package uses the libvirt library to provide virtual machine management services. It comes with a desktop interface that helps to create, delete, and manage multiple virtual machines.
KDE Plasma 5.21 Desktop Environment to Ship with a New System Monitor App
Developed by Arjen Hiemstra during the past two years using Kirigami UI Framework and Plasma's KSystemStats system statistics service, the new Plasma System Monitor app is here as a drop-in replacement for the KSysGuard utility that currently ships by default with the KDE Plasma desktop environment. The Plasma System Monitor app promises not only a fancier and modern user interface, but also a simpler way for monitoring system resources on your KDE Plasma-based GNU/Linux distribution, along with more powerful customization options and cool new features.
