Apple Accidentally Approved Malware to Run on MacOS

Found on Wired on Monday, 31 August 2020
Browse Software

Even software distributed outside of the Mac App Store now needs notarization, or users wouldn't be able to run them without special workarounds. Seven months later, though, researchers have found an active adware campaign attacking Mac users with the same old payloads—and the malware has been fully notarized by Apple.

As with any trust-based system, notarization can help Apple keep security pretty tight, but anything that does sneak past can then spread quickly because it has the company's imprimatur. This is already a problem in both Apple's iOS App Store and Google's Play Store for vetted Android apps. Malicious apps often slip in and then get downloaded by unsuspecting users.

That's what you get for making users believe that walled gardens are by default secure.

Challenge to scientists: does your ten-year-old code still run?

Found on Nature on Friday, 28 August 2020
Browse Software

Conceived in 2019 together with Konrad Hinsen, a theoretical biophysicist at the French National Centre for Scientific Research (CNRS) in Orléans, the challenge dares scientists to find and re-execute old code, to reproduce computationally driven papers they had published ten or more years earlier.

It depends mainly on the language. If you pay at least some attention to the quality of your code, it will run fine.

You can now play an ultra-rare Quake arcade cabinet at home

Found on Ars Technica on Friday, 21 August 2020
Browse Software

Even many serious fans of the series don't know about Quake Arcade Tournament Edition (Quake ATE), an officially licensed version of the game that ran on custom arcade cabinets.

The main difference is that enemies occasionally drop backpacks that earn players in-game "coins," (and an announced crying "Instaprize!" when you pick them up). Those coins can cause the game to spout out prize-redemption tickets through an optional printer.

That sounds like some modern form of archaeology.

India says 'Zoom is a not a safe platform' and bans government users

Found on The Register on Thursday, 20 August 2020
Browse Software

It comes as India has decided to become self-sufficient by crowdsourcing a Zoom-like service in a competition that will award the winner fat government contracts.

Zoom, meanwhile, has announced it will "re-architect" its bug bounty program as part of an effort to "help get Zoom's overall security house in order".

More countries should take IT seriously and not rely on products developed somewhere else for critical and/or official communications.

Firefox maker Mozilla axes a quarter of its workforce

Browse Software

Firefox maker Mozilla has axed 250 employees, or a quarter of its workforce, claiming the COVID-19 coronavirus pandemic is to blame after hitting it in the wallet. The organization will also "ship new products faster and develop new revenue streams."

According to Baker, "our pre-COVID plan for 2020 included a great deal of change already: building a better internet by creating new kinds of value in Firefox; investing in innovation and creating new products; and adjusting our finances to ensure stability over the long term." These efforts have not done, or are unlikely to do, the trick, apparently.

Maybe if Mozilla should not have alienated its userbase by constant UI-changes, removed features, redesigns and overally dumbing down the browser. Firefox has been a browser for the more technical people who like control over various settings; hiding and removing these controls are just nails for the coffin.

Whoops, our bad, we may have 'accidentally' let Google Home devices record your every word

Found on The Register on Monday, 10 August 2020
Browse Software

The Chocolate Factory admitted it had accidentally turned on a feature that allowed its voice-controlled AI-based assistant to activate by itself and record its surroundings.

It may be that this feature is or was intended to be used for home security at some point: imagine the assistant waking up whenever it hears a break in, for instance. Google just bought a $450m, or 6.6 per cent, stake in anti-burglary giant ADT, funnily enough.

"Happy little accidents", as Bob Ross would call them.

Firefox gets fix for evil cursor attack

Found on ZD Net on Saturday, 08 August 2020
Browse Software

The bug is a classic "evil cursor" attack and works because modern browsers allow site owners to modify how the mouse cursor looks while users are navigating their websites.

For example, mouse cursors can be defined to be as large as 256 pixels in width and height. An evil cursor attack is when a regular mouse cursor is shown in the top-left corner, but the click spot is defined in the bottom-right corner, to create a huge discrepancy between where the user sees the cursor and where the actual click is.

Essentials things like curors should never be left open to the design ideas of website operators.

Windows 10: HOSTS file blocking telemetry is now flagged as a risk

Found on Bleeping Computers on Tuesday, 04 August 2020
Browse Software

Starting at the end of July, Microsoft has begun detecting HOSTS files that block Windows 10 telemetry servers as a 'Severe' security risk.

Users who intentionally modify their HOSTS file can allow this 'threat,' but it may enable all HOSTS modifications, even malicious ones, going forward.

So the domains just go into your router then. Or wait, with DoH that will start to fail too and telemetry is back for everybody.

VMware to stop describing hardware as ‘male’ and ‘female’ in new terminology guide

Found on The Register on Sunday, 26 July 2020
Browse Software

A message about the IT giant's “Offensive Terminology Effort,” sighted by The Register, recommends that when referring to hardware and cabling, “female” should be replaced by “jack” or “socket” while “plug” should be used instead of “male”. The company hopes that “she” and “he” will be replaced by “they”.

Also in the guide is a recommendation that the word “abort” be replaced by “stop” and that “segregate” and “segregation” be replaced by “separate” and “separation”.

This is getting so ridiculous that it's impossible to take all that serious anymore. Words in software are not a problem; people who thing they are problems are the real problem.

Please insert disc: Microsoft Flight Simulator will spread across ten DVDs

Found on Ars Technica on Saturday, 18 July 2020
Browse Software

After installing the game from those discs, players will still be encouraged to download update files to the simulation itself, as well as stream copious cloud-based data like high-res satellite photos, geographic details, and live weather updates for an even higher level of realism.

Despite all that online-exclusive data, though, Kok added that "the boxed version makes it possible for people on a slower Internet connection to get the sim installed without downloading the 'content.' So the simulator is in every way 100% the same. The boxed retail version just gets you a nice box, printed manual and about 90GB you do not have to download."

The sizes of games is getting ridiculous.