Flaw allows hackers to embed malware directly into source code

Trojan Source 1024x576.jpg

Nicholas Boucher and Ross Anderson, Cambridge University researchers, have discovered a new class of vulnerabilities that can be used by malicious actors to integrate visually deceptive malware directly into the source code of applications.

The technique, called “Trojan Source,” is a way to inject malware that is virtually invisible to human reviewers. To achieve this, a hacker would need to exploit certain subtleties in text encoding standards like Unicode to exploit target systems.

Car systems telematics will grow 19% over the next 5 years

cart telematics hud

The number of telematics using embedded systems is expected to grow a 19% from 133 million subscribers at the end of 2020 to 377 million by the end of 2026.

The latest research from IoT analyst firm Berg Insight, also points that global shipments of embedded car OEM telematics systems will grow from 41 million to 77 million units in the same time period, which represents an attach rate of 91%.

Pink botnet was discovered with more than 1.6 million devices infected

Pink Botnet

Cybersecurity researchers from Netlab 360 disclosed details of what they say is the “largest botnet” discovered in the last six years, infecting over 1.6 million devices, mostly located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users.

The tyranny of password creation

towfiqu barbhuiya FnA5pAzqhMM unsplash

The other day, when signing into a new site, I came across the tedious act of creating a new password. Despite using a password manager and having random passwords on my favorite sites, for other websites where I do not access where I have the password manager installed, I prefer to create passwords that are easy to memorize, but difficult to guess using brute force techniques.

“Please create an 8 character password with uppercase lowercase numbers and special characters” but … how am I going to memorize this? I’m on my mobile phone, where do I keep it? Are users really forced to suffer the tyranny of password creation? Where is the balance of usability vs security here? What is the point of still maintaining these kinds of password policies?