Cautionary Tales About Proprietary Stuff, Security, and FUD

posted by Roy Schestowitz on Oct 08, 2022

• Your smart watches may be vulnerable to hacking

  Apart from the rapidly increasing usage of smart phones and watches, augmented reality headsets, ingestible and implantable smart devices like pacemakers and automated insulin patches are pouring into the market faster than any laws for their usage. India currently does not have any law for these devices falling in the category of Internet of Bodies (IoB).

  The term IoB, which was coined in 2016, describes connected devices that monitor the human body, collect physiological, biometric, or behavioral data, and exchange information over a wireless or hybrid network.

• These Developers Fixed Instagram. Facebook Banned Their Accounts.

  Developers of an app that clones Instagram without the ads claim that Facebook and Instagram banned the personal accounts of their staff, in retaliation for making a better version of Instagram.

  A spokesperson for The OG App told Motherboard that since the team’s personal accounts were not linked to the app, they believe that a Meta employee searched their identities on Google to carry out the bans. “This is a gross misuse of their power and this is clearly extralegal retaliation simply because we made Instagram into something people actually want to use,” The OG App said in an email to Motherboard.

• Apple’s New AirPods Are Telling Users to Replace the Batteries Already. Too Bad That’s Impossible

  Just a week after the launch of Apple’s AirPod Pro 2, new owners started receiving an unusual alert: It was, apparently, time to replace their batteries soon. This is unusual, of course, both because the AirPod Pros are brand new—and because it is, for all intents and purposes, impossible to replace said battery.

  In fact, the AirPods have a reputation as being one of the most famously unfixable pieces of consumer electronics of the modern era. Which is precisely why we were eager to get our hands onto these, “the world’s most popular headphones”—the second generation AirPods Pro. We wanted to see if, as with the iPhone 4, anything had changed. Well, we’re sorry to say the irony of Apple’s device telling you to replace a battery that cannot physically be replaced will live on: The AirPods are as unrepairable as ever.

• Report: Big U.S. Banks Are Stiffing Account Takeover Victims

• Ongoing 0-day attacks backdoor Zimbra servers by sending a malicious email [Ed: This was already patched upstream; the Zimbra issue is old news (about a month old) and servers have already been patched by responsible administrators]

• What We Know About the Zero-Day Vulnerability Affecting Zimbra Collaboration and cpio | Flashpoint [Ed: Well, this seems to be a way to distract from several critical Microsoft flaws, including those affecting Exchange in a critical fashion]

  A zero-day vulnerability was reported in the Zimbra forums by a threat actor. Reports state that the 0day is actively being exploited.

• Reproducible Builds in September 2022

  David A. Wheeler reported to us that the US National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the Director of National Intelligence (ODNI) have released a document called Securing the Software Supply Chain: Recommended Practices Guide for Developers (PDF).

• Reentrancy Attacks

  Reentrancy is a bit different in smart contract execution. For one, all state is global state. On the other hand, for most EVM implementations, there is no concurrency. However, reentrancy is fairly common, as contracts can arbitrarily call and execute code in other contracts.

  The attack goes something like this: [...]

• Ways to protect yourself when a data breach happens

  While these suggestions may not completely help if you do appear in a data breach, they are best to do from the start, and may stop someone from getting into another account you have.

• Patching

  He outlines the ways he commonly opens the developer tools and tweaks websites to do what he wants or needs — an empowering feeling!

  I find myself doing this a lot, so I figured I’d document a couple recent examples where I empowered myself with a little devtools magic — all due to the open nature of the web, an attribute where native apps fall woefully short.