!publish   1255

« earlier    

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service — Krebs on Security
This week, the U.S. Secret Service issued an internal alert warning that many of its field offices have reported crooks are indeed using Informed Delivery to commit various identity theft and credit card fraud schemes.
security  !publish  !share 
10 days ago by zephyr777
Photopea | Online Image Editor
Free online design editor supporting PSD, XCF, SKetch, XD and CDR formats
Services  graphics  !publish  !share 
11 days ago by zephyr777
Intel CPUs fall to new hyperthreading exploit that pilfers crypto keys | Ars Technica
researchers document how they were able to exploit the newly discovered leak to recover an elliptic curve private key from a server running an OpenSSL-powered TLS server. The attack, which was carried out on servers running Intel Skylake and Kaby Lake chips and Ubuntu, worked by sending one logical core a steady stream of instructions and carefully measuring the time it took for them to get executed ... The specific timing allowed PortSmash to deduce the key being processed in another logical core of the same processor. The resource providing the leak is port contention, a phenomenon that happens when multiple instructions using the same physical processor resources get assigned to various ports to await completion.
security  Core_i7  !publish 
17 days ago by zephyr777
Overusing lambda expressions in Python
When an experienced Python programmer sees a lambda expression they know that they’re working with a function that is only used in one place and does just one thing ... lambda expressions allow a function to be created and passed around (often into another function) all in one line of code.

I’d say that using lambda expressions is acceptable only if your situation meets all four of these criteria:

- The operation you’re doing is trivial: the function doesn’t deserve a name
- Having a lambda expression makes your code more understandable than the function names you can think of
- You’re pretty sure there’s not already a function that does what you’re looking for
- Everyone on your team understands lambda expressions and you’ve all agreed to use them

[also lists common examples of overuse]
python  !publish 
27 days ago by zephyr777
The Illustrated TLS Connection: Every Byte Explained
In this demonstration a client has connected to a server, negotiated a TLS 1.2 session, sent "ping", received "pong", and then terminated the session.
Networking  security  !publish 
27 days ago by zephyr777
Python's New Package Landscape
The benefits of using Pipenv in application development led PyPA to recommend it for dependency management of _applications_ ... In conclusion, although pip remains the key tool for installing distributions, and virtual environments are still necessary for isolation, a host of new tools make installation and isolation a more seamless experience. Some of these tools introduce dependency resolution, ensuring consistent installations of dependency trees for different developers over time. Pipenv is the official new tool for managing application dependencies, but it is not your only choice, and the alternatives may better suit your needs.
python  !publish 
4 weeks ago by zephyr777
Windows 10 has a secret screen recording tool -- here's how to use it
The Game bar is a toolbar which Microsoft meant for gamers to use to capture screenshots of their high scores, as well as video footage of their gaming skills. Despite the name, it is not limited to use within games

Hit the Windows key and G, and a popup will appear asking if you would like to open Game bar -- there are no Yes and No buttons, but check the 'Yes, this is a game' box (you will have to do this the first time you access the screen recorder in any application) ... Things are pretty self-explanatory here -- just hit the standard record button to start capturing footage. Hit the button again to stop recording, or you can use the Windows key + Alt + R keyboard shortcut. The Settings button can be used to place a limit on the length of videos that can be recorded -- this helps you to avoid filling up your hard drive if you forget to stop a recording. Videos are saved in MP4 format in the Videos\Captures folder
Win10  !publish  !share 
4 weeks ago by zephyr777
Data-deletion bug forces Microsoft to suspend rollout of Windows 10 update | Ars Technica
The company has now halted that rollout after many reports that installing the update is causing serious data loss: specifically, deleting the Documents, and perhaps Pictures, folders. Microsoft is also advising anyone who has downloaded the update but not yet installed it to not install it at all ... The exact circumstances causing data loss aren't clear;
Win10  !publish 
6 weeks ago by zephyr777
Voice Phishing Scams Are Getting More Clever — Krebs on Security
Just as you would never give out personal information if asked to do so via email, never give out any information about yourself in response to an unsolicited phone call ... It’s a good idea to advise your loved ones to ignore calls unless they appear to come from a friend or family member, and to just hang up the moment the caller starts asking for personal information.
security  !publish  !share 
6 weeks ago by zephyr777
Microsoft killing off the old Skype client… for real this time | Ars Technica
With plans now in place to reinstate those missing features, Microsoft has resurrected plans to deprecate the old Skype client. Skype version 7, the classic client, will no longer be supported after November 1 on desktop devices and November 15 on mobile devices.
voip  TechSupport  !publish  !share 
7 weeks ago by zephyr777
Why I’m done with Chrome – A Few Thoughts on Cryptographic Engineering
every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you. (However, and this is important: Google developers claim this will not actually start synchronizing your data to Google — yet.
security  TechSupport  !publish 
8 weeks ago by zephyr777
Credit card skimmers now need to fear the Reaper | Ars Technica
SkimReaper is aimed specifically at overlays and inserts. It uses a card-shaped sensor with a printed circuit that, when powered, can detect the voltage spikes created by coming in contact with magnetic reader heads. If it detects two or more, there's a skimmer in play.
security  !publish  !share 
august 2018 by zephyr777
Intel’s SGX blown wide open by, you guessed it, a speculative execution attack | Ars Technica
SGX, standing for Software Guard eXtensions, is a new feature that Intel introduced with its Skylake processors that enables the creation of Trusted Execution Environments (TEEs). TEEs are secure environments where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). SGX is used to create what are called enclaves ... The processor governs access to the enclave memory

he attack depends on the fact that only data in main memory is encrypted: once it's inside the processor in a cache, it's decrypted. Specifically, if the data is in level 1 cache, the speculative execution can use it before the processor determines that there's no permission to use it.

When the attack was reported to Intel ... It discovered that SGX data isn't the only thing that's at risk. The processor also has other specially protected zones of memory: the Extended Page Tables used by hypervisors, and memory used by System Management Mode (SMM), which can be used for power management or other low-level functions. As with the SGX data, the EPT and SMM data that's held in level 1 cache can be speculatively read and, hence, leaked to an attacker if memory is marked as being not present.
security  !publish 
august 2018 by zephyr777
Decade-old Bluetooth flaw lets hackers steal data passing between devices | Ars Technica
attackers can view any exchanged data, which might include contacts stored on a device, passwords typed on a keyboard, or sensitive information used by medical, point-of-sale, or automotive equipment. Attackers could also forge keystrokes on a Bluetooth keyboard to open up a command window or malicious website ... The attack uses a newly developed variant of what cryptographers call an invalid curve attack to exploit a major shortcoming in the Bluetooth protocol that remained unknown for more than a decade. As a result, attackers can force the devices to use a known encryption key [during pairing] ... It’s not mathematically/theoretically novel at all, and it’s in fact about the simplest attack you can do on elliptic curve cryptosystems. Notably, this is a protocol-level fault, so if you implemented the Bluetooth spec out of the book ... Attacks require specialized hardware that probably wouldn’t be hard for more advanced hackers to build or obtain ... For attacks to be successful, both of the paired devices must be vulnerable.
security  !publish 
july 2018 by zephyr777
Leaked benchmarks show Intel is dropping hyperthreading from i7 chips | Ars Technica
i7 chips will have 8 cores and 8 threads, leaving the 8 core/16 thread combination for the i9 ... Below the i7s will be i5s with six cores and six threads and below them, i3s with four cores and four threads.

Even without hyperthreading, the new i7s should be faster than old i7s. A part with eight cores is going to be faster than the four-core/eight-thread chips of a couple of generations ago and should in general also be faster than the six-core/12-thread 8th generation chips. Peak clock speeds are pushed slightly higher than they were for the 8th generation chips, too.
HW  !publish 
july 2018 by zephyr777
Microsoft is making the Windows command line a lot better | Ars Technica
Microsoft is working to build a better console for Windows, one that we hope will open the door to the same flexibility and capabilities that Unix users have enjoyed for more than 40 years. The APIs seem to be in the latest Windows 10 Insider builds, though documentation is a little scarce for now. The command-line team is publishing a series of blog posts describing the history of the Windows command-line, and how the operating system's console works. The big reveal of the new API is coming soon, and with this, Windows should finally be able to have reliable, effective tabbed consoles, with emoji support, rich Unicode, and all the other things that the Windows console doesn't do... yet.
win10  TechSupport  !publish 
july 2018 by zephyr777
Nokia 6.1 Review—The best answer to “What Android phone should I buy?” | Ars Technica
The similarities between HMD and Nokia are so numerous, it is almost suspicious ... It feels more like someone walked into a dusty old Nokia factory, switched on the lights, and started churning out phones again ... The main competition for the $270 Nokia 6.1 is going to be the $249 Moto G6, and I think the Nokia is the better choice ... If you don't think you need to spend $700+ dollars on a flagship smartphone and are just looking for an inexpensive, no-frills device that gets the basics right, the Nokia 6.1 is the phone to buy. You get a metal body, stock Android, a good update policy, USB-C, and a headphone jack. The screen is good enough that you don't feel like you're missing out, and HMD is offering decent performance for this spot in the market. Nokia's two-year update plan is absolutely unheard of at this price point ... the Moto G6 turns in better shots than the Nokia 6.1, and that phone boasts the added bonus of a second rear camera.
cell_phones_tablets  !publish  !share 
july 2018 by zephyr777
New Spectre-like attack uses speculative execution to overflow buffers | Ars Technica
The processor assumes that a write to a buffer is safe (even though it actually overflows the buffer), and it speculatively overwrites a code address. The code at that address is then speculatively executed, causing a measurable disturbance to the processor's cache. Eventually, the processor will notice that the array access was invalid, and all the speculative execution will be rolled back. The buffer isn't actually overflowed. But the disturbance to the processor's state, in particular to its cache, doesn't get undone ... Intel processors allow speculative writes to be made to read-only memory, giving even more power to an attacker

The researchers also propose a family of hardware changes that should offer broader protection against this kind of attack. These protections may be possible to implement in a microcode update, offering a way to protect software running on existing processors. Broadly speaking, the changes would prevent the processor from using the speculatively written values in other contexts.
!publish  security 
july 2018 by zephyr777

« earlier    

related tags

!share  !updates  $tag_more  abine  andres_martinson  android  apple  backup  bash  basic  basics  bestpractices  bookmarks_bar  browser  cell_phones_tablets  core_i7  development  ebooks  ereading  fb  finance  fonts_scripts  graphics  hw  ifttt  learning  linux  misc  mobile_dev  networking  noobs  privacy  productivity  python  science  security  services  techsupport  virtual_machines  voip  web_dev  win10  密码管理 

Copy this bookmark: