Categories
bug

Hawaii missile alert: How one employee ‘pushed the wrong button’ and caused a wave of panic

Whoever thought it’s a good idea to put 2 vastly different scenarios next to each other with similar looking text.

Around 8:05 a.m., the Hawaii emergency employee initiated the internal test, according to a timeline released by the state. From a drop-down menu on a computer program, he saw two options: “Test missile alert” and “Missile alert.” He was supposed to choose the former; as much of the world now knows, he chose the latter, an initiation of a real-life missile alert.

Source: Hawaii missile alert: How one employee ‘pushed the wrong button’ and caused a wave of panic

Categories
programming

Nibble Stew – a gathering of development thoughts: “A simple makefile” is a unicorn

Unicorn as in the mythical creature, not what VC’s think about.

Like every sentence that has the word “just”, this is at best horribly simplistic but mostly plain wrong. Let’s dive in more detail into this. If you look up simple Makefiles on the Internet, you might find something like this page. It starts with a very simple (but useless) Makefile and eventually improves it to this:

Source: Nibble Stew – a gathering of development thoughts: “A simple makefile” is a unicorn

Categories
programming

Turning Design Mockups Into Code With Deep Learning

At the current stage it could help front-end developers in some of the grunt work in converting design templates into code. Some would go further to think that it will eliminate web development jobs. That is certainly not the case, as modern websites are not static “pages” but more like applications. Someone will still need to design the behaviour and logic.

In this post, we’ll teach a neural network how to code a basic a HTML and CSS website based on a picture of a design mockup. Here’s a quick overview of the process:

Turning Design Mockups Into Code With Deep Learning

Categories
privacy security

WDMyCloud Multiple Vulnerabilities

Either terrible security practices or malicious intent. Some security research firm found serious backdoor in a range of Western Digital MyCloud devices aimed at personal home or office users.

Several serious security issues were uncovered during my research. Vulnerabilities such as pre auth remote root code execution, as well as a hardcoded backdoor admin account which can NOT be changed. The backdoor also allows for pre auth remote root code execution on the affected device.

WDMyCloud Multiple Vulnerabilities

Related:

Categories
privacy security

Critical flaws revealed to affect most Intel chips since 1995 | ZDNet

Another huge blow for Intel. The critical flaws in Intel processors allow attackers to gain access to the entire memory space, meaning it could read in-memory contents of running apps like password managers, browsers etc.

Most Intel processors and some ARM chips are confirmed to be vulnerable, putting billions of devices at risk of attacks. One of the security researchers said the bugs are “going to haunt us for years.”

Source: Critical flaws revealed to affect most Intel chips since 1995 | ZDNet

Categories
sysadmin

Apache vs Nginx: Practical Considerations | DigitalOcean

A comparison of Apache vs Nginx and what they are suitable for.

Apache and Nginx are the two most common open source web servers in the world. Together, they are responsible for serving over 50% of traffic on the internet. Both solutions are capable of handling diverse workloads and working with other software to

Source: Apache vs Nginx: Practical Considerations | DigitalOcean

Categories
security

Acoustic Denial of Service Attacks on HDDs

Another interesting side-channel attack. Using essentially sound to degrade hard disk performance. In the extreme case you can cause applications or the OS to crash by directing certain sounds towards the hard disk of a running system.

Borrowing theoretical principles from acoustics and mechan-
ics, we propose a novel denial-of-service (DoS) attack against
HDDs that exploits a physical phenomenon, known as acoustic
resonance

Acoustic Denial of Service Attacks on HDDs

Categories
cloud sysadmin

AWS EC2 Virtualization 2017

A very good summary of the advancement of virtualization technologies used in AWS EC2. The newest instance type offered is simply AWS Bare Metal, which provides all the hardware access with little performance overhead, while still retaining the benefits of cloud – elasticity etc.

AWS EC2 Virtualization 2017: explaining the different virtualization types, from emulation and binary substitution, paravirtualization and Xen, PV, HVM, and PVHVM modes, and the new Nitro hypervisor

Categories
security

Huge security flaw lets anyone log into a High Sierra Mac

This is as bad as it gets. While Apple’s hardware is still top-notch, the quality of their software – especially on macOS – seems to be going down. Too much emphasis on iOS?

Wow, this is a bad one. On Macs running the latest version of High Sierra (10.13.1 (17B48)), it appears that anyone can log in just by putting “root” in the..

Source: Huge security flaw lets anyone log into a High Sierra Mac

Updates:
2017-11-30: Apple releases a fix
2017-11-30: The fix apparently broke file sharing on macOS. Software is hard. Period.

Categories
privacy security

Experts can hack most CPUs since 2008 over USB by triggering Intel Management Engine flaw

Gaining full privileged access to the CPU just by plugging in a USB device? This is as serious as it sounds.

Positive Technologies plans to demonstrate at the next Black Hat conference how to hack over USB into Intel Management Engine of most CPUs since 2008.

Source: Experts can hack most CPUs since 2008 over USB by triggering Intel Management Engine flaw