The report concluded that most critical open source projects potentially contain memory safety vulnerabilities. This is a result of direct use of memory unsafe languages or external dependency on projects that use memory-unsafe languages.
Emphasis on “potentially” is mine
Quite a lot more than 55% of projects have an external dependency on projects that use memory unsafe languages. Aside from a certain amount of Go or Rust projects that manage to avoid any dependency that drops down into C to expose some library at some point, I think it’s all of them.
Not sure if that is even the point. The article is all about memory unsafe programming!!1!. But there is no context at all.
Sure, there are vulnerabilities because of unsafe memory handling. But I looked for some statistic which would bring unsafe memory handling into context with say the high profile vulnerabilities from the last few weeks / months. I haven't spent too much time on research but looking at some lists containing vulns from the last few months it seems as if all those pre-auth, priv escalation, directory traversal and whatnot very based on much simpler failures like wrong error handling or logical errors or missing code than unsafe memory handling.
I might be wrong, then please show me the numbers, but shooting at C/C++ because unsafe!!1! sounds like a very biased story there.
And while we are at it. I'd also be interested in C vs. (somewhat modern) C++.
Wow, they're going for $125 on eBay right now. I'd consider getting one to play around with, but I saw the bringus video on running stock android. It's just not there yet, and there's no way to bring back the stock OS
Misleading. When trying to connect to a device, an attacker can spoof being said device to get the airpods to connect to them instead. Similar to SSID spoofing with Wi-Fi.
Nothing in the linked article indicates this allows eavesdropping on existing connections.
I wouldn’t be surprised. What’s going to happen to them if they did get hit by ransomware and millions of peoples’ sensitive info is leaked? Take a look at what happen to Equifax and you’ll see. Not a damn thing.
Scammers targeting people who have been scammed is so common and they are incredibly brazen about it. Basically every post I see on smaller crypto subs on Reddit where some hapless individual has lost money somehow and is asking for help, half the response comments are obvious scammers offering to privately 'assist' them through their problem in DMs.
Wait, so having to click "back" on the Microsoft account login screen befire being given the option to create an offline account didn't already make it obvious enough?
when new technologies roll out to replace old methods of doing things, governments should work harder on tech literacy surrounding these new solutions.
Pulse of Truth
Newest
This magazine is not receiving updates (last activity 2 day(s) ago). Subscribe to start receiving updates.