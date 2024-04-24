Security Leftovers and Windows TCO, Microsoft DRM Failing
Citizen Lab ☛ The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers
In this report, we examine cloud-based pinyin keyboard apps from nine vendors (Baidu, Honor, Huawei, iFlyTek, OPPO, Samsung, Tencent, Vivo, and Xiaomi) for vulnerabilities in how the apps transmit user keystrokes. Our analysis found that eight of the nine apps identified contained vulnerabilities that could be exploited to completely reveal the contents of users’ keystrokes in transit. We estimate that up to one billion users could be vulnerable to having all of their keystrokes intercepted, constituting a tremendous risk to user security.
Citizen Lab ☛ Chinese Keyboard App Vulnerabilities Explained
We analyzed third-party keyboard apps Tencent QQ, Baidu, and iFlytek, on the Android, iOS, and backdoored Windows platforms. Along with Tencent Sogou, they comprise over 95% of the market share for third-party keyboard apps in China. This is an FAQ for the full report titled "The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers."
LWN ☛ Security updates for Tuesday
Security updates have been issued by Debian (glibc and samba), Fedora (chromium, cjson, mingw-python-idna, and pgadmin4), Mageia (kernel, kmod-xtables-addons, kmod-virtualbox, kernel-linus, and perl-Clipboard), Red Hat (go-toolset:rhel8, golang, java-11-openjdk, kpatch-patch, and shim), Slackware (freerdp), SUSE (apache-commons-configuration, glibc, jasper, polkit, and qemu), and Ubuntu (google-guest-agent, google-osconfig-agent, linux-lowlatency-hwe-6.5, pillow, and squid).
OpenSSF (Linux Foundation) ☛ What’s in the SOSS? Podcast #2 – Christoph Kern and the Challenge of Keeping Surveillance Giant Google Secure
Windows TCO
Scoop News Group ☛ Stolen Change Healthcare data could contain information on ‘a substantial portion’ of Americans
The revelations from the UnitedHealth Group subsidiary come as the company acknowledges paying a ransom in the case.
Digital Restrictions (DRM)
Security Week ☛ Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services
Microsoft PlayReady vulnerabilities that could allow rogue subscribers to illegally download movies from popular streaming services.
EFF ☛ Podcast Episode: Right to Repair Catches the Car
