technology-news.space - All about the world of technology!

  • Artificial Intelligence
  • Data Management & Statistics
  • Information Technology
  • Internet of Things
  • Networking
  • Robotics
  • Network
    • *** .SPACE NETWORK ***
      • art-news
      • eco-news
      • economic-news
      • family-news
      • job-news
      • motor-news
      • myhome-news
      • politic-news
      • realestate-news
      • scientific-news
      • show-news
      • technology-news
      • traveller-news
      • wellness-news
    • *** .CLOUD NETWORK ***
      • sportlife
      • calciolife
    • *** VENTIDI NETWORK ***
      • ventidinews
      • ventidisocieta
      • ventidispettacolo
      • ventidisport
      • ventidicronaca
      • ventidieconomia
      • ventidipolitica
    • *** MIX NETWORK ***
      • womenworld
      • sportlife
      • foodingnews
      • sportingnews
      • notiziealvino
Search
Login

technology-news.space - All about the world of technology!

Menu
Search

HOTTEST

  • Chances are unless you’re a JavaScript programmer, you’ve never heard of the open-source Javascript libraries ‘colors.js’ and ‘faker.js.” They’re simple programs that respectively let you use colored text on your node.js, a popular JavaScript runtime, console, and create fake data for testing. Faker.js is used with more than 2,500 other Node Package Manager (NPM) programs and is downloaded 2.4 million times per week. Colors.js is built into almost 19,000 other NPM packages and is downloaded 23 million times a week. In short, they’re everywhere. And, when their creator, JavaScript developer Marak Squires, fouled them up, tens of thousands of JavaScript programs blew up.

    Thanks, guy.This isn’t the first time a developer deliberately sabotaged their own open-source code. Back in 2016, Azer Koçulu deleted a 17-line npm package called ‘left-pad, ‘which killed thousands of Node.js programs that relied on it to function. Both then and now the actual code was trivial, but because it’s used in so many other programs its effects were far greater than users would ever have expected.  Why did Squires do it? We don’t really know. In faker.js’s GitHub README file, Squires said, “What really happened with Aaron Swartz?” This is a reference to hacker activist Aaron Swartz who committed suicide in 2013 when he faced criminal charges for allegedly trying to make MIT academic journal articles public.Your guess is as good as mine as to what this has to do with anything.What’s more likely to be the reason behind his putting an infinite loop into his libraries is that he wanted money. In a since-deleted GitHub post, Squires said, “Respectfully, I am no longer going to support Fortune 500s ( and other smaller-sized companies ) with my free work. There isn’t much else to say. Take this as an opportunity to send me a six-figure yearly contract or fork the project and have someone else work on it.”Excuse me. While open-source developers should be fairly compensated for their work, wrecking your code isn’t the way to persuade others to pay you. 

    This is a black eye for open-source and its developers. We don’t need programmers who crap on their work when they’re ticked off at the world.Another problem behind the problem is that too many developers simply automatically download and deploy code without ever looking at it. This kind of deliberate blindness is just asking for trouble. Just because a software package was made by an open-source programmer doesn’t mean that it’s flawless. Open-source developers make as many mistakes as any other kind of programmer. It’s just that in open source’s case, you have the opportunity to check it out first for problems. If you choose to not look before you deploy, what happens next is on you.

    Some criminal developers are already using people’s blind trust to sneak malware into their programs. For example, the DevOps security firm JFrog recently discovered 17 new JavaScript malicious packages in the NPM repository that deliberately attack and steal a user’s Discord tokens. These can then be used on the Discord communications and digital distribution platform.Is that a lot of work? You bet it is. But, there are tools such as NPM audit, GitHub’s DependendaBot, and OWASP Dependency-Check that can help make it easier. In addition, you can simply make sure that before any code goes into production, you simply run a sanity check on it in your continuous integration/continuous distribution (CI/CD) before deploying it to production. I mean, seriously, if you’d simply run either of these libraries in the lab they would have blown up during testing and never, ever make it into the real world. It’s not that hard!In the meantime, GitHub suggests you revert back to older, safer versions. To be exact, that’s colors.js 1.40 and faker.js 5.5.3. As CodeNotary, a software supply chain company, pointed out in a recent blog post, “Software is never complete and the code base including its dependencies is an always updating document. That automatically means you need to track it, good and bad, keeping in mind that something good can turn bad.” Exactly!Therefore, they continued, “The only real solution here is to be on top of the dependency usage and deployment. Software Bill of Materials (SBOMs) can be a solution to that issue, but they need to be tamper-proof, queryable in a fast and scalable manner, and versioned.CodeNotary suggests, of course, you use their software, Codenotary Cloud and the vcn command-line tool, for this job. There are other companies and projects that address SBOM as well. If you want to stay safe, moving forward you must — I repeat must — use an SBOM. Supply chain attacks, both from within projects and without, are rapidly becoming one of the main security problems of our day.Related Stories: More

  • Bouygues Construction has confirmed falling victim to ransomware that it detected across its network on January 30. “As a precautionary measure, information systems have been shut down to prevent any propagation,” the company said in a brief statement. “Our teams are currently fully focused on returning to normal as quickly as possible, with the support […] More

  • Malware developers are increasingly turning to unusual or “exotic” programming languages to hamper analysis efforts, researchers say. 

    According to a new report published by BlackBerry’s Research & Intelligence team on Monday, there has been a recent “escalation” in the use of Go (Golang), D (DLang), Nim, and Rust, which are being used more commonly to “try to evade detection by the security community, or address specific pain-points in their development process.” In particular, malware developers are experimenting with loaders and droppers written in these languages, created to be suitable for first and further-stage malware deployment in an attack chain.  BlackBerry’s team says that first-stage droppers and loaders are becoming more common in order to avoid detection on a target endpoint, and once the malware has circumvented existing security controls able to detect more typical forms of malicious code, they are used to decode, load, and deploy malware including Trojans.  Commodity malware cited in the report includes the Remote Access Trojans (RATs) Remcos and NanoCore. In addition, Cobalt Strike beacons are often deployed.  Some developers, however — with more resources at their disposal — are rewriting their malware fully into new languages, an example being Buer to RustyBuer. Based on current trends, the cybersecurity researchers say that Go is of particular interest to the cybercriminal community. 

    According to BlackBerry, both advanced persistent threat (APT) state-sponsored groups and commodity malware developers are taking a serious interest in the programming language to upgrade their arsenals. In June, CrowdStrike said a new ransomware variant borrowed features from HelloKitty/DeathRansom and FiveHands, but used a Go packer to encrypt its main payload.  “This assumption is based upon the fact that new Go-based samples are now appearing on a semi-regular basis, including malware of all types, and targeting all major operating systems across multiple campaigns,” the team says.  While not as popular as Go, DLang, too, has experienced a slow uptick in adoption throughout 2021. By using new or more unusual programming languages, the researchers say they may hamper reverse-engineering efforts and avoid signature-based detection tools, as well as improve cross-compatibility over target systems. The codebase itself may also add a layer of concealment without any further effort from the malware developer simply because of the language in which it is written.  “Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies,” commented Eric Milam, VP of Threat Research at BlackBerry. “This has multiple benefits from the development cycle and inherent lack of coverage from protective solutions. It is critical that industry and customers understand and keep tabs on these trends, as they are only going to increase.”

    Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

  • Mozilla’s virtual private network (VPN) service has arrived in seven more countries, including Austria, Belgium, France, Germany, Italy, Spain and Switzerland. The expansion is a big move for the Firefox browser-maker, which launched its VPN in summer 2020 in the US, UK, Canada, New Zealand, Singapore, and Malaysia.  The service is available for Windows 10, macOS, Linux, Android, and iOS and uses the WireGuard protocol. Mozilla lets users connect up to five devices and currently has over 400 servers in over 30 countries.  The VPN market has grown considerably over the past few years as consumers realize the value of additional privacy, partly driven by Edward Snowden’s leaks about US mass surveillance. VPNs let users encrypt traffic between a device, the VPN’s servers, and the website a user wants to connect to. That makes them useful for preventing snoops on the same public Wi-Fi networks at cafes and airports from capturing your credentials. Mozilla, traditionally trusted because it’s a non-profit, is seeking new sources of revenue as its traditional search revenues from Firefox dwindles. But it also has a recognizable and trustworthy brand that lends itself to new services like a VPN. The Mozilla-branded VPN launched with a price of $4.99 a month, making it competitively priced compared with better known, consumer-focused paid-for VPNs like ExpressVPN and NordVPN. According to Mozilla, “thousands of people” have signed up its VPN. But those prices are about to change. It will honor the $4.99 a month price for customers from the US, Canada, UK, Singapore, Malaysia, and New Zealand, who signed up already. But from now on that price will only be available for customers who sign up for a year. Otherwise the fee rises to $7.99 a month for a six month deal or $9.99 for a month of access. That makes it slightly cheaper than ExpressVPN but more expensive than NordVPN.   

    “We changed our prices after we heard from consumers who wanted more flexibility and different plan options at different price points,” Mozilla says in a blogpost.  “For new customers in those six countries that subscribe after July 14, 2021, they can get the same low cost by signing up for a 12 month subscription,” Mozilla notes.   Mozilla also launched a new feature called split tunneling, which allows users to move some traffic through the VPN and funnel the rest through a local connection outside the VPN. This feature is offered by ExpressVPN, NordVPN and other commercial VPN providers. “We’re launching the split tunneling feature so you can choose which apps that you want to use the Mozilla VPN and which ones you want to go through an open network,” Mozilla said. It lets users choose the internet connections on apps they want to to be protected by the Mozilla VPN. It’s available on Windows, Linux and Android. More

  • It has taken security researchers nearly ten months to discover a reliable method of cleaning smartphones infected with xHelper, a type of Android malware that, until recently, has been impossible to remove. The removal technique is described at the end of this article, but first some context for readers who want to learn more about […] More

Internet of Things

  • Samsung Spotlights Next-generation IoT Innovations for Retailers at National Retail Federation’s BIG Show 2017

    Read More

  • That’s Fantasy! The World’s First Stone Shines And Leads You to The Right Way

    Read More

  • LG Pushes Smart Home Appliances To Another Dimension With ‘Deep Learning’ Technology

    Read More

  • The Port of Hamburg Embarks on IoT: Air Quality Measurement with Sensors

    Read More

Artificial Intelligence

  • in Artificial Intelligence

    Contact-aware robot design

    19 July 2021, 04:00

  • in Artificial Intelligence

    MIT Schwarzman College of Computing awards named professorships to two faculty members

    16 July 2021, 15:45

  • in Artificial Intelligence

    Getting dressed with help from robots

    14 July 2021, 19:15

  • in Artificial Intelligence

    Software to accelerate R&D

    13 July 2021, 04:00

  • in Artificial Intelligence

    Sertac Karaman named director of the Laboratory for Information and Decision Systems

    12 July 2021, 16:00

  • in Artificial Intelligence

    The tenured engineers of 2021

    9 July 2021, 20:00

  • in Artificial Intelligence

    US Air Force pilots get an artificial intelligence assist with scheduling aircrews

    8 July 2021, 18:45

  • in Artificial Intelligence

    Infrared cameras and artificial intelligence provide insight into boiling

    7 July 2021, 20:15

  • in Artificial Intelligence

    Designing exploratory robots that collect data for marine scientists

    7 July 2021, 04:00

Robotics

  • in Robotics

    Autonomous freight truck due to hit U.S. roads

    29 June 2022, 11:00

  • in Robotics

    Autonomous aircraft take off amid labor shortages

    28 June 2022, 11:00

  • in Robotics

    No really, robots are about to take A LOT of jobs

    24 June 2022, 15:15

  • in Robotics

    Can wall crawling robots help solve our infrastructure problems?

    23 June 2022, 11:00

  • in Robotics

    Oatly goes electric with new milk trucks

    22 June 2022, 11:00

  • in Robotics

    AT&T doubling down on 5G Flying COW, robot dogs

    16 June 2022, 11:00

  • in Robotics

    The #1 way AI is transforming grocery shopping

    16 June 2022, 11:00

  • in Robotics

    Axon ethics board members resign over taser-equipped drone

    8 June 2022, 20:30

  • in Robotics

    Amazon teams up with a fast food robot

    7 June 2022, 12:00

Networking

  • Netgear Orbi 5G WiFi 6 Mesh System (NBK752) review: Fast Wi-Fi 6 mesh networking with 5G mobile broadband

  • Singtel gives Optus more 'autonomy' to run enterprise unit

  • Why you can't trust Instagram

  • Bluetooth-based Auracast tech can power 'unlimited' headphones in public spaces

  • Google Fi: The best phone service for international travel

  • Bypass restrictions online, download files, and more for just $40

  • Broadcom makes a $61 billion play for VMware

Data Management & Statistics

  • Building explainability into the components of machine-learning models

  • 3 Questions: Marking the 10th anniversary of the Higgs boson discovery

  • Exploring emerging topics in artificial intelligence policy

  • Robots play with play dough

  • Mining social media data for social good

  • Researchers release open-source photorealistic simulator for autonomous driving

  • Companies use MIT research to identify and respond to supply chain risks

ABOUT

The QUATIO - web agency di Torino - is currently composed of 28 thematic-vertical online portals, which average about 2.300.000 pages per month per portal, each with an average visit time of 3:12 minutes and with about 2100 total news per day available for our readers of politics, economy, sports, gossip, entertainment, real estate, wellness, technology, ecology, society and much more themes ...

technology-news.space is one of the portals of the network of:

Quatio di CAPASSO ROMANO - Web Agency di Torino
SEDE LEGALE: CORSO PESCHIERA, 211 - 10141 - ( TORINO )
P.IVA IT07957871218 - REA TO-1268614

ALL RIGHTS RESERVED © 2015 - 2020 | Developed by: Quatio

ITALIAN LANGUAGE

calciolife.cloud | notiziealvino.it | sportingnews.it | sportlife.cloud | ventidicronaca.it | ventidieconomia.it | ventidinews.it | ventidipolitica.it | ventidisocieta.it | ventidispettacolo.it | ventidisport.it

ENGLISH LANGUAGE

art-news.space | eco-news.space | economic-news.space | family-news.space | job-news.space | motor-news.space | myhome-news.space | politic-news.space | realestate-news.space | scientific-news.space | show-news.space | sportlife.news | technology-news.space | traveller-news.space | wellness-news.space | womenworld.eu | foodingnews.it

This portal is not a newspaper as it is updated without periodicity. It cannot be considered an editorial product pursuant to law n. 62 of 7.03.2001. The author of the portal is not responsible for the content of comments to posts, the content of the linked sites. Some texts or images included in this portal are taken from the internet and, therefore, considered to be in the public domain; if their publication is violated, the copyright will be promptly communicated via e-mail. They will be immediately removed.

  • Home
  • Network
  • Terms and Conditions
  • Privacy Policy
  • Cookies
  • Contact
Back to Top
Close
  • Artificial Intelligence
  • Data Management & Statistics
  • Information Technology
  • Internet of Things
  • Networking
  • Robotics
  • Network
    • *** .SPACE NETWORK ***
      • art-news
      • eco-news
      • economic-news
      • family-news
      • job-news
      • motor-news
      • myhome-news
      • politic-news
      • realestate-news
      • scientific-news
      • show-news
      • technology-news
      • traveller-news
      • wellness-news
    • *** .CLOUD NETWORK ***
      • sportlife
      • calciolife
    • *** VENTIDI NETWORK ***
      • ventidinews
      • ventidisocieta
      • ventidispettacolo
      • ventidisport
      • ventidicronaca
      • ventidieconomia
      • ventidipolitica
    • *** MIX NETWORK ***
      • womenworld
      • sportlife
      • foodingnews
      • sportingnews
      • notiziealvino