Items tagged with: bug

Xiaomi-Scooter lässst sich über Bluetooth kapern #Bluetooth #Bug #E-Scooter #IT-Security #Sicherheit #Verkehr #Verkehrssicherheit #Xiaomi #XiaomiMijia

Friendica Bug

Is this issue not resolved in 2019.01? https://github.com/friendica/friendica/issues/6211
I see no contacts on my profile page. #friendica #bug
Contacts still not showing up in profile with 2019.01 release. #friendica #bug :(
Linux user? Check those patches! Public exploit published for systemd security holes…A recent bug in a very widely used Linux system tool called systemd has just been turned into a published exploit by a US cybersecurity company called Capsule8.
The systemd project is a large, complex and popular – but also controversial – toolkit used by many mainstream Linux distros to handle system startup and logging.

#Linux #systemd #security #bug #cybersecurity #unix #computer #software #hacker #internet #web #init
FaceTime-Lausch-Bug: Gruppenchats bleiben für ältere iOS-Versionen deaktiviert #Apple #Bug #Datenschutz #FaceTime #GroupFaceTime #Lauschangriff #iOS #iPad #iPhone
FaceTime Bug Let People Eavesdrop – Now, Apple Is Trying To Fix It
#facetime #bug #apple #Eavesdrop #fix

iOS 12.1.4 is coming to fix the worst iPhone and iPad bug to date

#bug #coming #date #fix #ios #ipad #iphone #worst
Apples FaceTime-Lausch-Bug: Staatsanwaltschaft schaltet sich ein #Apple #Bug #Datenschutz #Ermittlungen #FaceTime #Lauschangriff #Staatsanwaltschaft #iOS12
- #Bizarre #Apple #Bug Let #FaceTime #Callers #Spy on Each Other
A bombshell report this week by 9to5Mac revealed a shocking new Apple bug: FaceTime, the company’s popular video chat app, lets callers eavesdrop on other users before they pick up.
@Pavithran S knock on wood it hasn’t affected mine yet.
Your pod is quite new, maybe that's a hint to look for the #bug ..
Is it possible to downgrade to the previous version to see if this issue goes away or not?
Yeah please do that. The Quality of Service is going down because of this #bug.

FaceTime bug lets you hear audio of person you are calling before they pick up

A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their …
Article word count: 511

HN Discussion: https://news.ycombinator.com/item?id=19022353
Posted by uptown (karma: 63637)
Post stats: Points: 229 - Comments: 51 - 2019-01-28T23:55:12Z

\#HackerNews #are #audio #before #bug #calling #facetime #hear #lets #person #pick #they #you
Article content:

A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call. [1]Apple says the issue will be addressed in a software update “later this week”.

Naturally, this poses a pretty privacy problem as you can essentially listen in on any iOS user, although it still rings like normal, so you can’t be 100% covert about it. Nevertheless, there is no indication on the recipient’s side that you could hear any of their audio.

Update: There’s a second part to this which can expose video too …

9to5Mac has reproduced the FaceTime bug with an iPhone X calling an iPhone XR, but it is believed to affect any pair of iOS devices running iOS 12.1 or later.

Here’s how to do the iPhone FaceTime bug:
\* Start a FaceTime Video call with an iPhone contact.
\* Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
\* Add your own phone number in the Add Person screen.
\* You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.

It will look like in the UI like the other person has joined the group chat, but on their actual device it will still be ringing on the lockscreen.

Whilst the call is ringing, swipe up from the bottom of the screen and add yourself to the call.

The damage potential here is real. You can listen in to soundbites of any iPhone user’s ongoing conversation without them ever knowing that you could hear them. Until Apple fixes the bug, it’s not clear how to defend yourself against this attack either aside from disabling FaceTime altogether.

As it stands, if your phone is ringing with an incoming FaceTime request, the person on the other end could be listening in.

What we have also found is that if the person presses the Power button from the lock screen, their video is also sent to the caller — unbeknownst to them. In this situation, the receiver can now hear your own audio, but they do not know they are transmitting their audio and video back to you. From their perspective, all they can see is accept and decline. ([2]Another update: It seems there are other ways of triggering the video feed eavesdrop too.)

We have also replicated the problem with an iPhone calling a Mac. By default, the Mac rings for longer than a phone so it can act as a bug for an even longer duration.

Apple has said the issue will be fixed in a software update later in the week. Until then, if you are concerned, you should disable FaceTime in iOS Settings.
Now you can answer for yourself on FaceTime even if they don’t answer🤒[3]#Apple explain this.. [4]pic.twitter.com/gr8llRKZxJ

— Benji Mobb™ (@BmManski) [5]January 28, 2019


Visible links
1. https://www.buzzfeednews.com/article/nicolenguyen/facetime-bug-iphone
2. https://twitter.com/Jessassin/status/1090057063886086144
3. https://twitter.com/hashtag/Apple?src=hash&ref_src=twsrc%5Etfw
4. https://t.co/gr8llRKZxJ
5. https://twitter.com/BmManski/status/1089967572307640325?ref_src=twsrc%5Etfw

HackerNewsBot debug: Calculated post rank: 169 - Loop: 71 - Rank min: 100 - Author rank: 108
Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up
Diverse Sicherheitslücken in iTunes für Windows #Apple #Bug #Medien #Sicherheit #Sicherheitslücke #iTunes
J'essaie ce #navigateur car #firefox est trop lourd pour ma vieille bécane sous #MX18. Quelqu'un aurait-il des retours là-dessus : sécurité, tout ça ?
Pour l'instant je ne sait pas comment installer #Qwant parmi les #moteursderecherches.
Par ailleurs lorsque je rédige un commentaire dans #D*, l'image à l'écran saute à chaque lettre que je tape..
#aide #bug #logiciellibre #GNU #Linux #ordinausore
Januar-2019-Updates verursachen Netzwerkproblem in Windows 10 #Betriebssystem #Bug #EDGE #Microsoft #Web-Browser #Windows #Windows10
Hallo @Andreas vom Zwenkauer See ,

irgendwas funktioniert mit der Föderation nicht richtig. Es kommen eine ganze Reihe von Posts nicht an. Es fehlen seit mindestens einer Woche Posts von (((Horschtel))), Lillyliberty und Dr. Cassone. Vermutlich fehlt noch mehr, aber bei denen ist es mir aufgefallen. Das Diasporaprotocol ist an, manche Posts kamen an, andere nicht.

#Hubzilla #Diaspora #Fehler #Bug
Hallo @Andreas vom Zwenkauer See ,

irgendwas funktioniert mit der Föderation nicht richtig. Es kommen eine ganze Reihe von Posts nicht an. Es fehlen seit mindestens einer Woche Posts von (((Horschtel))), Lillyliberty und Dr. Cassone. Vermutlich fehlt noch mehr, aber bei denen ist es mir aufgefallen. Das Diasporaprotocol ist an, manche Posts kamen an, andere nicht.

#Hubzilla #Diaspora #Fehler #Bug
New Systemd Privilege Escalation Flaws Affect Most Linux Distributions....Security researchers have discovered three vulnerabilities in Systemd,a popular init system and service manager for most Linux operating systems,that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems.
The vulnerabilities,assigned as CVE-2018-16864,CVE-2018-16865,and CVE-2018-16866,actually resides in the "systemd-journald" service that collects information from different sources and creates event logs by logging information in the journal.

#Systemd #Privilege #Escalation #Flaw #Linux #Security #hacker #bug #internet #web #computer #software
Linux 4.20, EU Bug Bounties, MIPS Open Source, Syncthing, Mixxx, SuperTux | This Week in Linux 49 - https://tuxdigital.com/twinl49

On this episode of This Week in #Linux, there's a brand new release of the Linux #Kernel with 4.20. The #EU is offering #Bug Bounties for #OpenSource software and MIPS has announced it's going to become Open Source. We'll have a follow up to the Necuno #Mobile topic from Episode 45 and then we'll take a look at some #Distro #News for Septor Linux, OviOS and One Laptop Per Child. Then we'll cover some App News from Syncthing, Mixxx, Darktable, RawTherapee, KStars, and much more. Later in the show, we'll talk about some #LinuxGaming news. All that and much more!

Episode 49 | This Week in Linux

TuxDigital: Episode 49 | This Week in Linux – TuxDigital (Michael Tunnell)

NSA to Open Source its Reverse Engineering Tool GHIDRA....GHIDRA is a software reverse engineering framework developed by NSA that is in use by the agency for more than a decade.
Basically,a software reverse engineering tool helps to dig up the source code of a proprietary program which further gives you the ability to detect virus threats or potential bugs.You should read how reverse engineering works to know more.

#NSA #OpenSource #Reverse Engineering #GHIDRA #software #computer #code #virus #bug
@Friendica Developers

Since a week the autocomplete function for hashtags is terrible slow, it slows down the whole input, it feels like the PC is frozen. Is that a bug? Any idea what I can do to fix it?

#help #bug #Friendica

More and more leaning away from d\*, towards Hubzilla

I do confess: I used to be a user, and *just* a user of social media. Hubzilla with all its options can be quite intimidating, therefore I didn't dive into all the details and opportunities like I possibly should have. During the last 2-3 months, coming from g+, I therefore thriftily but mainly used diaspora*. Now I need to set up some own instance or pod and I just *need* to take a closer look. Project maintenance is one more topic that adds to several others which more and more drive me away from d*. At this point I find it important to note: \[1\] It's way easier to point out a problem than to solve it. If there was no other platform than diaspora\* I'd wish I knew how to code and would most certainly offer to commit myself to the d\* project. \[2\] Please consider participating on the [diaspora\\* GitHub repository](https://github.com/diaspora/diaspora), or on any other platform's repository, if you know how to code! *Fair warning: rather lengthy post ahead (as always, when I write stuff like this)* :-)
View article
View summary
A user on a Hubzilla instance who I'm connected to had a problem with Hz posts not being federated to d* pods after an update of their instance. The problem was caused mainly by the version leap from integrated federation-enforcing code towards external apps-for-networks-that-don't-play-well-with-Hz-protocols. Accordingly, things broke as long as these apps were not available, installed or activated. Naturally, one would post to the support community and describe the problem. That's what this user did. *Side note: Hz has a support forum, d\* doesn't support forums at all.* > Diaspora doesn't federate with anything, the other platforms federate with it/them\[?\]... > (Mike Macgirvin, as seen in some comment thread recently. I forgot where exactly.) So, I've seen this problem's description from my d* stream only because and therefore *after* the issue had been solved, but I wasn't sure about that at this point. It got solved by helpful co-Hubzillians in a comment thread of another help-seeking post, where noone complained and noone blamed this user for not knowing. The topic itself was intriguing for me. For that reason I wrote a (hopefully not too) comprehensive comment to help out with my findings. I wrote all that from my d* pod, just as a reminder. Sure enough, I didn't see from my limited d* perspective what other people, coming from Friendica or Hubzilla, added to the comment thread. And most probably vice versa. Then I tried to double-check whether I might trick broken federation by clicking on the "permalink" symbol, just to find yet another issue: **Long-version Hubzilla permalinks are broken on diaspora\* and it's a known bug.** Let me explain and come back to my initial topic afterwards: In case you (as in: d* users) didn't know: By clicking on the little chain lock link symbol next to the "date posted" in a d* stream one can open the long-format permalink to a post that has made its way to your pod and stream. For posts created on Hubzilla, this will result in a "404 - not found", sported by the/your d* pod, while the short version (from clicking on the date/time combo itself) works, but only on this very d* pod, e.g. `https://dspr.io/posts/[7-digit-number]`. What I learned so far: - one could use the long permalink version (with the so-called GUID) on every single d\\* pod as long as the first section corresponds with the pod they're on, i.e. just replace `https://dspr.io/` by your own pod-URL - long permalinks will work as a public link even if the reader is not logged into any hub (as long as the post was public. Maybe even if not, haven't tested.) - short "perma"link will only work on this very pod internally. Therefore I investigated whether this is a matter of instance/pod or platform. Here are the different link schemes: - yay `https://dspr.io/posts/xxxx5xxxx10xxx15xxx20xxx25xxxx31` diaspora\\*: 31 digits - yay `https://dspr.io/posts/xxxx5xx8-xxx4-xxx4-xxx4-xxxx5xxxxx12` Friendica: 5 groups, with a total of 36 digits/characters - **NAY**`https://dspr.io/posts/xxxx5xxxx10xxx15xxx20xxx25xxx30xxx35xxx40xxx45xxx50xxx55xxx60xxx@[subdomain].[domain].[tld]` Hubzilla: 63 digits plus user ID I've tested several posts I've found in my d* stream from different people on different pods and instances, with the result that only Hz GUIDs didn't work. **What would be *your* initial conclusion?** If you're like me: "It must be Hubzilla's fault", right? Now we're slowly approaching the main topic again. Not only does Hz sport communities, their developer team is incredibly responsive as well. I've seen Mike Macgirvin join discussions on literally every Zot-related platform I am aware of, always helpful, always outcome-oriented. I do not know (as in: have seen their profiles) of each single team member, but Mike's presence is remarkable, and just the opposite of a statement he made over at gnusocial: > Fediverse developers can be an incredibly toxic mob. I've found they are often more polite if you talk to them using their own software. > (source: https://quitter.es/notice/6047220) Should I file an issue then? Sure, if it's helpful..? [I searched for "perma" over at Hz's issue tracker](https://framagit.org/hubzilla/core/issues?scope=all&utf8=✓&state=opened&search=perma) and found this: https://framagit.org/hubzilla/core/issues/1214 > **Hubzilla, Diaspora & permalink** > \[...\]The Hubzilla permalinks generate an 404 error from a Diaspora account\[...\] Exactly what I was looking for! ... But wait, that issue is still open, although it's 6 months old..? Oh well. But wait, there's more, this is not the end of my story, not by far --- thank you for your patience, by the way, please bear with me :-) And again, I'd like to make this point clear: the following is absolutely not meant to be offensive, nor would I want to point out a single person. Every developer of whatever fediverse platform has my honest respect, not only for working on their project(s) in their spare time. I wish I could participate more, I wish I had the knowledge to do so. Jun 8th, 2018 - The person who filed the issue to the Hz issue tracker did so as well on diaspora\*'s GitHub repository, As you can read from the framagit comment, that was a duplicate. He/she got redirected to a slightly older issue from May 15th, 2018 which you can find [here](https://github.com/diaspora/diaspora/issues/7812). A common procedure. That timeline reads as follows: - May 15th - initial comment with description and suggestions. - same day - 6 comments later the 3 participants (author plus 2 project maintainers) agree on a way how it *is* possible to fix it. They have immediately and open-heartedly stated that GUID permalinks from Hz don't work, but used to do so. Some background info is shared, including remarks about coding philosophies and guidelines. - Jun 8th - nothing visible has happened so far. The duplicate reference is documented. - Sep 4th - a team member adds labels: "bug" (for the first time) and "weird" (I love that one!). 3 1/2 months have passed. - Oct 4th - Some change has been merged, declaredly having fixed the issue. Issue is closed, because the fix has been approved. - Oct 5th thru Oct 8th - this is where it gets confusing for me, but interesting as well: A bump, some pull requests and, if you're still not tired of following all the cross referencing links, the attempt of a willing-to-help person to "spam" the maintainers with his solution for organizing pull requests. He gets answered elaborately. Appropriately? Please make up your own mind and think of what Mike said. - Oct 5th - somehow something didn't work, the ticket is open again, still not fixed. - Dec 31st (today) - Another 2 1/2 months passed. The issue is 7 1/2 months old, still open although seemingly quite easy to fix. Some questions arise to me: *Did GUID permalinks ever work for Hubzilla?* --- The statements differ. If they did, at some point some d* developer has broken it. If not, why would this platform need to produce as many links prone to 404 status as there are posts on a pod? For web crawlers, this is just a nightmare and it takes no wonder why decentralized networks *technically only(!), as seen from a search engine's view* have mendable reputation. *Why did it take over 3 months to label the issue a "(weird) bug"?* --- Was there no structure to the issue list before? Of course, labels alone won't make for a well-organized work flow, there are many different and efficient ways to approach a growing list of todos and priorities. Well, someone finally felt the need of labelling it. *The issue had been worked on, got marked fixed and closed. Why the withdrawal?* --- This is where it gets opaque, but maybe it's just me not reading the documentation thoroughly enough. I hope it's legit to apprehend that there is a massive problem concerning capacity, availability and of course time. *A link that isn't producible is a link not shareable...* --- which makes d* sort of a "closed" network, doesn't it? I didn't join MeWe for that reason (amongst others). From what I have learned about development-related people over at diaspora\*, they're focused but open-minded, they know how they're doing things and why. Besides a whole lot of time they put pride in their work. Unfortunately it looks like there are not enough of them..? This means for me as a *user* that I most probably can or should not count on major improvements in functionality, at least not very soon. There are several more issues I personally see in the d* concept, but it took me a while to find out. To put these in here as well would be overkill. Diaspora* really shines when it comes to simplicity but ease of use is not my main priority. My verdict: Hubzilla has --by far-- much more potential than diaspora*. The team behind Hz appears to be very present, numerically adequate and striving for constant improvement. With all the extra features Hz has built-in in contrast to d* it's the one platform I can think of self-hosting it, d* won't offer incentive enough to do so right now. If you (like me) want diaspora\* to become an even better platform, the platform needs your help. If you (unlike me) are a skilled Ruby, JSON, you name it wizard, please consider participating, the platform deserves your support. And if you really have read this post completely: thank you! I hope I didn't stress your patience too much -- it was *your* decision to spend your time this way, I've warned you! ;-) This was very probably my last post for 2018. I would appreciate your feedback nevertheless. Happy New Year! #olafw en #olaftestet #hubzilla #diaspora #github #framagit #issue #issuetracker #bug
In #January, the #EU #starts #running #Bug #Bounties on #Free and #OpenSource #Software
It’s been a while since I last wrote about the Free and Open Source Software Audit project, FOSSA, so let me start with a quick recap that you can safely skip if you’re already familiar with the project.

EU to fund bug bounty programs for open-source projects

Some of the approved projects include KeePass, 7-zip, VLC Media Player, Drupal, and FileZilla.
Article word count: 470

HN Discussion: https://news.ycombinator.com/item?id=18786929
Posted by svenfaw (karma: 2173)
Post stats: Points: 109 - Comments: 34 - 2018-12-30T02:06:50Z

\#HackerNews #bounty #bug #for #fund #open-source #programs #projects
Article content:


The European Union will foot the bill for bug bounty programs for 14 open source projects, EU Member of Parliament Julia Reda announced this week.

The 14 projects are, in alphabetical order, 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PuTTY, the Symfony PHP framework, VLC Media Player, and WSO2.

The bug bounty programs are being sponsored as part of the third edition of the Free and Open Source Software Audit (FOSSA) project.

EU authorities first approved FOSSA in 2015, after security researchers discovered a year earlier severe vulnerabilities in the OpenSSL library, an open source project used by many websites to support HTTPS connections.

"The issue made lots of people realise how important Free and Open Source Software is for the integrity and reliability of the Internet and other infrastructure," said Reda in her [1]announcement. "Like many other organisations, institutions like the European Parliament, the Council and the Commission build upon Free Software to run their websites and many other things."

The [2]first FOSSA edition ran between 2015 and 2016, as a pilot program, with an initial budget of €1 million. The EU inventorized the most popular open source projects used by EU offices and officials, and they held a public survey to decide what program that should sponsor a security audit for. Two projects were selected, the Apache HTTP web server and the KeePass password manager.

[3]FOSSA 2 ran throughout 2017 as a bug bounty program on HackerOne for the VLC Media Player app. The program received €2 million in funding, but the bug bounty programʼs budget was capped at €60,000.

Now, FOSSA returns for its third edition with budgets for 14 bug bounty programs, with the highest budgets being reserved for PuTTY and the Drupal CMS.
Software Project Bug Bounty Amount (Euro) Start Date End Date Bug Bounty Platform
[4]Filezilla 58.000,00 € 07/01/2019 15/08/2019 [5]HackerOne
[6]Apache Kafka 58.000,00 € 07/01/2019 15/08/2019 [7]HackerOne
[8]Notepad++ 71.000,00 € 07/01/2019 15/08/2019 [9]HackerOne
[10]PuTTY 90.000,00 € 07/01/2019 15/12/2019 [11]HackerOne
[12]VLC Media Player 58.000,00 € 07/01/2019 15/08/2019 [13]HackerOne
[14]FLUX TL 34.000,00 € 15/01/2019 15/10/2019 [15]Intigriti/Deloitte
[16]KeePass 71.000,00 € 15/01/2019 31/07/2019 [17]Intigriti/Deloitte
[18]7-zip 58.000,00 € 30/01/2019 15/04/2020 [19]Intigriti/Deloitte
[20]Digital Signature Services (DSS) 25.000,00 € 30/01/2019 15/10/2019 [21]Intigriti/Deloitte
[22]Drupal 89.000,00 € 30/01/2019 15/10/2020 [23]Intigriti/Deloitte
[24]GNU C Library (glibc) 45.000,00 € 30/01/2019 15/12/2019 [25]Intigriti/Deloitte
[26]PHP Symfony 39.000,00 € 30/01/2019 15/10/2019 [27]Intigriti/Deloitte
[28]Apache Tomcat 39.000,00 € 30/01/2019 15/10/2019 [29]Intigriti/Deloitte
[30]WSO2 58.000,00 € 30/01/2019 15/04/2020 [31]Intigriti/Deloitte
[32]midPoint 58.000,00 € 01/03/2019 15/08/2019 [33]HackerOne

Starting with January, security researchers and security companies can hunt vulnerabilities in these open source projects and report them to the bug bounty programs linked above, in the hopes of a monetary reward, if the bug report is approved and results in a patch.

[34]Many of 2018ʼs most dangerous Android and... [35]SEE FULL GALLERY

[IMG]Related cybersecurity coverage:


Visible links
1. https://juliareda.eu/2018/12/eu-fossa-bug-bounties/
2. https://news.softpedia.com/news/eu-to-give-free-security-audits-to-apache-http-server-and-keepass-506526.shtml
3. https://www.bleepingcomputer.com/news/security/the-eu-will-foot-the-bill-for-vlc-players-public-bug-bounty-program/
4. https://filezilla-project.org/
5. https://www.hackerone.com/
6. https://kafka.apache.org/
7. https://www.hackerone.com/
8. https://notepad-plus-plus.org/
9. https://www.hackerone.com/
10. https://www.putty.org/
11. https://www.hackerone.com/
12. https://www.videolan.org/
13. https://www.hackerone.com/
14. https://joinup.ec.europa.eu/solution/flux-tl
15. https://www.intigriti.com/
16. https://keepass.info/
17. https://www.intigriti.com/
18. https://www.7-zip.org/
19. https://www.intigriti.com/
20. https://ec.europa.eu/cefdigital/wiki/pages/viewpage.action?pageId=46992515
21. https://www.intigriti.com/
22. https://www.drupal.org/
23. https://www.intigriti.com/
24. https://www.gnu.org/software/libc/
25. https://www.intigriti.com/
26. https://symfony.com/
27. https://www.intigriti.com/
28. https://tomcat.apache.org/
29. https://www.intigriti.com/
30. https://wso2.com/
31. https://www.intigriti.com/
32. https://evolveum.com/midpoint/
33. https://www.hackerone.com/
34. https://www.zdnet.com/pictures/the-most-dangerous-vulnerabilities-security-flaws-found-in-google-android-apple-ios-over-2018/
35. https://www.zdnet.com/pictures/the-most-dangerous-vulnerabilities-security-flaws-found-in-google-android-apple-ios-over-2018/
36. https://www.zdnet.com/pictures/the-most-dangerous-vulnerabilities-security-flaws-found-in-google-android-apple-ios-over-2018/
37. https://www.zdnet.com/pictures/the-most-dangerous-vulnerabilities-security-flaws-found-in-google-android-apple-ios-over-2018/2/
38. https://www.zdnet.com/pictures/the-most-dangerous-vulnerabilities-security-flaws-found-in-google-android-apple-ios-over-2018/3/
39. https://www.zdnet.com/pictures/the-most-dangerous-vulnerabilities-security-flaws-found-in-google-android-apple-ios-over-2018/4/
40. https://www.zdnet.com/pictures/the-most-dangerous-vulnerabilities-security-flaws-found-in-google-android-apple-ios-over-2018/5/
41. https://www.zdnet.com/pictures/the-most-dangerous-vulnerabilities-security-flaws-found-in-google-android-apple-ios-over-2018/6/
42. https://www.zdnet.com/pictures/the-most-dangerous-vulnerabilities-security-flaws-found-in-google-android-apple-ios-over-2018/7/
43. https://www.zdnet.com/pictures/the-most-dangerous-vulnerabilities-security-flaws-found-in-google-android-apple-ios-over-2018/8/
44. https://www.zdnet.com/pictures/the-most-dangerous-vulnerabilities-security-flaws-found-in-google-android-apple-ios-over-2018/9/
45. https://www.zdnet.com/pictures/the-most-dangerous-vulnerabilities-security-flaws-found-in-google-android-apple-ios-over-2018/10/

HackerNewsBot debug: Calculated post rank: 84 - Loop: 134 - Rank min: 80 - Author rank: 86

In January, the EU starts running Bug Bounties on Free and Open Source Software

In January the European Commission is launching 14 out of a total of 15 bug bounties on Free Software projects that the EU institutions rely on.

This is definitely cool! Even better if other countries, institutions and companies will follow up and do the same.

#software #security #bug #bugbounty #eu
Well, this cannot work when the edit of the post doesn't reach the forum at all. The forum should distribute everything. But it cannot work when it doesn't arrive in the first place.

#Bug #RC
#Bug #RC

Article: New Facebook API bug exposed private photos from almost 6.8 million users.

by Ian Dorfman @ AlternativeTo.
[...] Facebook announced that it has discovered a bug within its photo application program interface that allowed app developers that users signed up to use to see photos that users decided not to share with anyone on the service. [...] Facebook Engineering Director Tomer Bar detailed that this photo API bug enabled these third party developers to have access to private photos in a 12-day window from September 13, 2018 to September 25, 2018. [...] Users potentially impacted by this bug will be informed via an alert within Facebook that links them directly to this Facebook Help Center article with further details. [...] In an extra dose of coincidence, this API bug was discovered on September 25th, the same day that Facebook discovered the data breach that impacted more than 50 million users.

Tags: #userdata #privacy #facebook #bigbrother #userdata #social #networking #developer #bug #itsec #security #datadump #leak #private #photo #disclosure #stealing

A look at home routers, and a surprising bug in Linux/MIPS

We reviewed 28 popular home routers for basic hardening features. None performed well. Oh, and we found a bug in the Linux/MIPS architecture.
Article word count: 238

HN Discussion: https://news.ycombinator.com/item?id=18688947
Posted by walterbell (karma: 35756)
Post stats: Points: 100 - Comments: 61 - 2018-12-15T16:16:49Z

\#HackerNews #and #bug #home #linux #look #mips #routers #surprising
Article content:

We reviewed 28 popular home routers for basic hardening features. None performed well. Oh, and we found a bug in the Linux/MIPS architecture.

Today weʼre pleased to announce the release of two papers:

In the first paper, we analyze the firmware images of 28 popular home routers, checking for basic code hygiene and software safety features. What we found was disappointing: none of the routers made consistent use of basic [1]software safety features like [2]ASLR, [3]stack guards, and [4]DEP - features which have been standard in desktop environments for over 15 years.

Given the role these devices play in consumersʼ homes, and the ease with which these issues could be resolved, we believe the absence of these features is reckless and negligent. We strongly urge vendors to review their software build practices and adopt practices which ensure these basic security features are present prior to product release.

But thatʼs not all. In the second paper, we describe an unfortunate bug in the Linux/MIPS architecture which we encountered in the course of our reporting on routers. This bug, whose origins date back to 2001, prevents most Linux/MIPS binaries from enjoying the full protections of DEP and ASLR. Given the popularity of Linux/MIPS in embedded devices (such as IoT, consumer and enterprise network equipment, etc), and the enormous diversity of threat models for such devices, we believe this bug represents a significant risk to a large segment of Internet-connected devices.


Visible links
1. https://cyber-itl.org/about/methodology/#safety-features
2. https://cyber-itl.org/about/glossary/#a
3. https://cyber-itl.org/about/glossary/#s
4. https://cyber-itl.org/about/glossary/#d

HackerNewsBot debug: Calculated post rank: 87 - Loop: 228 - Rank min: 80 - Author rank: 49
Facebook: API-Bug gab Apps Zugriff auf Bilder von 6,8 Millionen Benutzern #Bug #Datenschutz #Facebook
Intels NUCs: Viele Mini-PCs mit fehlerhaftem BIOS-Schutz #BIOS #BIOS-Update #Bug #Firmware #Security #Sicherheit #Sicherheitslücken #UEFI

PHP Fatal error: Uncaught ImagickException: Can not process empty Imagick object

!{hubzilla@project.hubzilla.org} !{support@zotadel.net}
#hubzilla #bug

I get emails with a PHP fatal error about Imagick. My hub seems to work otherwise, so it is not an urgent problem, but anyway:

Does somebody have an idea, how to fix it? Is it a hubzilla bug, or a problem of the server? Should I ignore it?

Thanks in advance.

(I run hubzilla 3.8.6)
PHP Fatal error:  Uncaught ImagickException: Can not process empty Imagick object in /var/www/virtual/isle8/html/include/photo/photo_imagick.php:52<br></br>Stack trace:<br></br>#0 /var/www/virtual/isle8/html/include/photo/photo_imagick.php(52): Imagick->coalesceimages()<br></br>&#35;1 /var/www/virtual/isle8/html/include/photo/photo_driver.php(87): photo_imagick->load('HTTP/2 200 \r\nse...', 'image/png')<br></br>&#35;2 /var/www/virtual/isle8/html/include/photo/photo_driver.php(26): photo_driver->__construct('HTTP/2 200 \r\nse...', 'image/png')<br></br>&#35;3 /var/www/virtual/isle8/html/include/photo/photo_driver.php(654): photo_factory('HTTP/2 200 \r\nse...', 'image/png')<br></br>&#35;4 /var/www/virtual/isle8/html/Zotlabs/Daemon/Cron.php(167): import_xchan_photo('https://hub.vol...', '0BCgEBLoEvpzH2R...')<br></br>&#35;5 /var/www/virtual/isle8/html/Zotlabs/Daemon/Master.php(33): Zotlabs\Daemon\Cron::run(1, Array)<br></br>&#35;6 /var/www/virtual/isle8/html/Zotlabs/Daemon/Master.php(11): Zotlabs\Daemon\Master::Release(1, Array)<br></br>&#35;7 {main}<br></br>  thrown in /var/www/virtual/isle8/html/include/photo/photo_imagick.php on line 52

Friendica Forum Accounts

Hello !Friendica Support

if i visit a connected forum via the forum icon (is this called the magic link?) it is not possible to interact. I can not start a post or comment something. The buttons are missing.

Friendica 2018.12-rc, PHP 7.2.13
#friendica #2018.12-rc #bug #forum
Ich habe jetzt gerade mal bei mir einen neuen Test-Account angelegt und kann es bestätigen. Wenn noch keine Gruppen vorhanden sind, erscheint dieses Widget wohl noch nicht.

Gleiches Verhalten mit dem Thema Vier.

Friendica 2018.12-rc - 1291, PHP 7.2.13, MySQL / MariaDB

#bug #2018.12-rc
Hello !Friendica Support again,

maybe this is a new issue. If i visit a forum via the small icon on the left side

i can see the Verbinden/connect button. I thinkt, the button should not appear, because i always conncted with the forum.

#friendica #2018.12-rc #bug #ui


Hello !Friendica Support,

i use the personal notes (/notes) funktion in friendica and now i miss a lot of older notes. Can someone confirm this problem?

Friendica 2018.12-rc - 1291, PHP 7.2.13, MySQL / MariaDB

#friendica #2018.12-rc #bug #notes
How we #spent two #weeks #hunting an #NFS #bug in the #Linux #kernel
Here's an in-depth recap of debugging a GitLab issue that culminated in a patch for the Linux kernel.
newer older