Pragmatic idealist. Worked on Ubuntu Phone. Inkscape co-founder. Probably human.
1293 stories
·
11 followers

Marfa’s Answer to the Collapse of Local News: Coffee and Cocktails

1 Comment
Can drinks, community events and the occasional wedding subsidize small-town journalism?

Read the whole story
tedgould
2 days ago
reply
Making the newsroom open, as well as a place for additional income, has a potential to make small town newspapers viable again.
Texas, USA
Share this story
Delete

Buni

1 Comment

Read the whole story
tedgould
10 days ago
reply
Evolution is going to catch up to us
Texas, USA
Share this story
Delete

Trump’s De-Polarizing Architecture Plan

1 Comment
A draft of a Trump administration executive order would establish a classical style as the default for federal buildings.

Read the whole story
tedgould
11 days ago
reply
Don't agree with all the details of this opinion piece but I find this thought remarkable in how it frames the divisiveness America is feeling right now: "This has sharpened one of our many forms of polarization. Conservatives have political power but feel shut out of cultural power, and liberals have cultural power but lack the political power to match."
Texas, USA
Share this story
Delete

North Korea’s Internet Use Surges, Thwarting Sanctions and Fueling Theft

1 Comment
The North has evaded America’s “maximum pressure” campaign with a 300 percent increase in internet use that has opened up new opportunities for cybercrime.

Read the whole story
tedgould
12 days ago
reply
Have to say that I didn't expect state level actors to use cryptocurrency, but it seems obvious now.
Texas, USA
Share this story
Delete

Cardboard trafficking gang busted by police in Madrid

1 Comment
The gang is accused of shipping waste worth €10 million (£8.4m) from Madrid to Asian countries.
Read the whole story
tedgould
13 days ago
reply
Recycling gang. Adding to the list of things I could never imagine existing.
Texas, USA
Share this story
Delete

Flaws in WhatsApp’s desktop app allowed remote access to files

1 Comment
Facebook has patched a WhatsApp bug that would let someone read files off your desktop.

Enlarge / Facebook has patched a WhatsApp bug that would let someone read files off your desktop. (credit: NurPhoto/Getty Images)

Facebook has issued a security advisory for a flaw in WhatsApp Desktop that could allow an attacker to use cross-site scripting attacks and read the files on MacOS or Windows PCs by using a specially crafted text message. The attacker could retrieve the contents of files on the computer on the other end of a WhatsApp text message and potentially do other illicit things.

The flaw, discovered by researcher Gal Weizman at PerimeterX, is a result of a weakness in how WhatsApp's desktop was implemented using the Electron software framework, which has had significant security issues of its own in the past. Electron allows developers to create cross-platform applications based on Web and browser technologies but is only as secure as the components developers deploy with their Electron apps.

Weizman first found cross-site scripting vulnerabilities in WhatsApp in 2017, when he found he could tamper with the metadata of messages, craft bogus preview banners for Web links, and create URLs that could conceal hostile intent within WhatsApp messages. But as he continued his explorations into the WhatsApp client, he found that he could inject JavaScript code into messages that would run within WhatsApp Desktop—and then gain access to the local file system using the JavaScript Fetch API.

All of this was possible because the vulnerable versions of WhatsApp Desktop had been developed using an outdated, known vulnerable version of Google's Chrome browser engine—Chrome 69. More recent versions of the Chromium engine would catch the malicious code.

According to Facebook, the vulnerability affects WhatsApp Desktop versions 0.3.9309 and earlier, for users who have paired the desktop app with WhatsApp for iPhone versions prior to 2.20.10. Facebook has shipped new versions of WhatsApp Desktop that use updated browser components.

Read Comments

Read the whole story
tedgould
17 days ago
reply
Apps that bundle dependencies will have those deps out-of-date. They need to be sandboxed if they're bundled.
Texas, USA
Share this story
Delete
Next Page of Stories