Proprietary Software and Security Leftovers
Apple fixes macOS security flaw behind Gatekeeper bypass
Apple has addressed a macOS vulnerability that unsigned and unnotarized script-based apps could exploit to bypass all macOS security protection mechanisms even on fully patched systems.
After deadly 737 Max crashes, damning whistleblower report reveals sidelined engineers, scarcity of expertise, more
An Aviation Whistleblower report issued Tuesday by a US Senate committee cites numerous oversight gaps within the government and the aviation industry.
The report [PDF] was produced at the behest of the Senate Committee on Commerce, Science, and Transportation in response to two Boeing 737 MAX crashes in 2018 and 2019 that killed 346 people. It is based on testimony from seven industry whistleblowers from Boeing, GE, and the Federal Aviation Administration (FAA).
Boeing designed the 737 Max to compete against the Airbus A320neo. In order to achieve comparable fuel efficiency, Boeing basically put new engines on the existing 737 air frame, which allowed the passenger jet to avoid going through a new regulatory approval process.
Bluetooth reboot of pre-school play phone has privacy flaw • The Register
A Bluetooth phone designed to evoke the carefree days of early childhood has been found to instead threaten the very adult prospect of being surveilled in your home.
The phone is the Fisher Price Chatter Special Edition, a device that adds Bluetooth and a speaker to the smiling, brightly coloured, wheeled, rotary dial phone on which it's previously been possible to make calls only by using one's imagination.
The phone also bears the name “60G LTE” – which stands for “60 great years, Let’s Talk Everywhere” and an infomercial for the handset opens with “The past has finally arrived” before lampooning mobile phone ads quite nicely.
The 2021 version of the device connects to a smartphone and can be used as a speaker phone, or to make calls. Even the rotary dialler works for outbound calls.
Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild
Let's start with Microsoft, which put out a summary of its security updates here. All manner of products are affected, from the Windows kernel to PowerShell to Office to the beleaguered Print Spooler.
Of course a Bluetooth-using home COVID test was cracked to fake results • The Register
Security vendor F-Secure has faked a COVID test result on a Bluetooth-equipped home COVID Test. Thankfully the vendor’s since fixed the device.
The firm tested the Ellume COVID-19 Home Test, a device selected specifically because it uses a “Bluetooth connected analyzer for use with an app on your phone.”
As F-Secure probed the device and its companion app, its researchers spotted an un-exported activity called com.ellumehealth.homecovid.android/com.gsk.itreat.activities.BluetoothDebugActivity Users with root level access to an Android machine can launch that activity to “help interact with the analyzer over Bluetooth”, F-Secure found.
Police National Computer not pwned by Clop ransomware crims, insists Home Office
The Clop ransomware gang pwned a managed service provider with access to the UK's Police National Computer, dumping data on its dark web leaks site – but officials deny that police data was compromised.
Dacoll, a Scotland-based MSP, was attacked in October by the notorious criminal crew. Reports surfaced in the Mail on Sunday newspaper over the weekend that the criminals had published information from the Police National Computer on their leaks site.
New in Linux and Phoronix Test Suite 10.8
CPU 'hacking' and Raspberry Pi Devices
Programming Leftovers
Sparky 2021.12 Special Editions
There are new iso images of Sparky 2021.12 Special Editions: GameOver, Multimedia & Rescue ready to go. No big changes, all packages have been updated as of December 24, 2021 so the new images work on Linux kernel 5.15.5, and follow changes of the latest edition of Sparky 2021.12. No reinstallation is required if you have Sparky rolling installed, simply keep it up to date.
