Posts

Brazil investigates online voting

Image
  A demo in the upcoming elections will inform the potential future adoption of the remote model The Brazilian government is considering the adoption of online voting, in a move that aims to phase out the current electronic voting machine set-up and generate savings. The Superior Electoral Court (TSE) has released a request for proposals from technology companies and the firms will be able to demonstrate potential solutions in the upcoming municipal elections in November. The demonstration will be carried out with a sample of voters from the cities of São Paulo, Valparaiso de Goiás and Curitiba, who will choose fictitious candidates online. The demo results should inform the discussions over a potential change in the electoral process. According to the TSE, the investigations over a potential adoption of online voting aim to find a more modern approach for the electronic voting system to make the process of choosing elected representatives "even more democratic and accessible elec...

GitHub to replace 'master' with 'main' starting next month

Image
  All new Git repositories on GitHub will be named "main" instead of "master" starting October 1, 2020. Starting next month, all new source code repositories created on GitHub will be named "main" instead of "master" as part of the company's effort to remove unnecessary references to slavery and replace them with more inclusive terms. GitHub repositories are where users and companies store and synchronize their source code projects. By default, GitHub uses the term " master " for the primary version of a source code repository. Developers make copies of the " master " on their computers into which they add their own code, and then merge the changes back into the " master " repo. "On  October 1, 2020 , any new repositories you create will use  main  as the default branch, instead of  master ," the company said. Existing repositories that have " master " set as the default branch will be left as...

Smart contact lens prototype raises eyebrows

Image
  This prosthetic iris demonstrates the power and promise of nanotechnology. Smart contact lenses are a sci-fi trope, but they may also offer hope for sufferers of certain kinds of debilitating eye ailments. That's the goal of new research into a a tunable, low-powered iris embedded in a smart contact lens. It's a good example of the growing role of nanotechnology in human augmentation and therapeutics. The human iris controls pupil size in response to light, a critical function that allows the retina to take in appropriate sensory information. Too much light and the world is washed out, too little and it's veiled in darkness. A host of eye diseases and deficiencies inhibit the iris from responding appropriately, including aniridia and keratoconus. Light sensitivity, similarly, is a painful debilitation and is often associated with chronic migraine. Researchers at Imec, an innovation hub based in Belgium, along with partners like CMST, a Ghent University-affiliated research...

Firefox will add a new drive-by-download protection

Image
  Firefox will block automatic downloads initiated from sandboxed iframes -- the technology usually used for web embeds. Mozilla will add a new security feature to Firefox in October that will make it harder for malicious web pages to initiate automatic downloads and plant malware-laced files on a user's computer. Called a  drive-by download , this type of attack has been around for two decades and usually takes place when users visit a website that contains malicious code placed there by an attacker. The role of the malicious code is to abuse legitimate features in browsers and web standards to initiate an automatic file download or download prompt, in the hopes of tricking the user into running a malicious file. There are multiple forms of drive-by downloads, depending on the browser feature attackers decide to use. Browsers like  Chrome ,  Firefox , and Internet Explorer have, across the years, gradually deployed various forms of protections against automatic driv...

Microsoft: This Office 365 feature update lets you open attachments without fear of malware

Image
  Microsoft releases public preview of Application Guard for Office. Microsoft is edging closer to general availability of its Application Guard security technology for Microsoft 365 apps, which gives IT admins and security staff a little more assurance that users opening risky attachments won't cause a malware outbreak.  Application Guard offers additional protections for enterprises using Word, Excel, and PowerPoint for Microsoft 365 and Windows 10 Enterprise.  Microsoft argues that Application Guard for Office or Microsoft Defender Application Guard for Office "helps prevent untrusted files from accessing trusted resources, keeping your enterprise safe from new and emerging attacks". Microsoft released the private preview of Application Guard for Office in February, extending a feature that had until then only been available for the new Edge browser.  The feature allows users to open websites safely with the protection of hardware-level containerization. The ...

What we've lost in the push to agile software development, and how to get it back

Image
  The process of software design often begins on a messy whiteboard that doesn't prepare anyone for anything, according to design advocate Simon Brown. It's time for more upfront thinking. In the age of agile, too many software designers are afraid to over-design their applications upfront. As a result, many software teams have abandoned architectural thinking, up front design, documentation, diagramming, and modelling. "In many cases this is a knee-jerk reaction to the heavy bloated processes of times past, and in others it's a misinterpretation and misapplication of the  Agile Manifesto ." That's the word from  Simon Brown , author of  Software Architecture for Developers , who urged, in a compelling  talk  at the Yow! conference, that more thinking about applications be moved up to the whiteboard phase of software creation. Incidentally, he eschews whiteboards, noting they often result in confusing or unintelligible sketchings. "Tragically, as an indus...

Microsoft August 2020 Patch Tuesday fixes 120 vulnerabilities, two zero-days

Image
  Microsoft says attackers have used a Windows zero-day to spoof file signatures and another RCE in the Internet Explorer scripting engine to execute code on users' devices. Microsoft has started rolling out today the August 2020 Patch Tuesday security updates. This month, the company has patched 120 vulnerabilities across 13 different products, from Edge to Windows, and from SQL Server to the .NET Framework. Among the 120 vulnerabilities fixed this month, 17 bugs have received the highest severity rating of "Critical," and there are also two zero-days — vulnerabilities that have been exploited by hackers before Microsoft was able to provide today's patches. Zero-day #1 The first of the two zero-days patched this month is a bug in the Windows operating system. Tracked as  CVE-2020-1464 , Microsoft says that an attacker can exploit this bug and have Windows incorrectly validate file signatures. The OS maker says attackers can (ab)use this bug to "bypass security f...

Samsung Galaxy Phone Users, Beware of this Fraud Android App

Image
  Samsung Galaxy phones users download this app thinking it will offer them software updates from the company. Samsung phones are known for getting slow updates compared to other manufacturers and its users have shared that concern regularly. But this month, there’s a big warning for the users of Samsung, who could’ve easily downloaded a fraud app on the phones. This app called  Update for Samsung - Android Update Version  was reportedly asking users to pay to get regular software updates, which should never be the case. The app, downloaded by over 10 million users, according to this report was merely showing them ads and charging them for doing it. Unfortunately, most of these users didn’t realise they were downloading a fraud app, which meant that a lot of people lost money to it. Thankfully, ZDNet reported that Aleksejs Kuprins, malware analyst at the CSIS Security Group reached out to Google Play Store team about the fraudulent app and asked them to remove it imm...

Google and Facebook to bargain with Aussie news outlets for 'fair' payment terms

Image
  The platforms would be forced to inform news media businesses of algorithm changes that are likely to materially affect referral traffic to news, the ranking of news behind paywalls, and any substantial changes to the display and presentation of news and advertising directly associated with news. The Australian Competition and Consumer Commission (ACCC) has developed a draft code for how media organisations can bargain with Facebook and Google to secure "fair" payment for news content shown on their respective platforms. The draft code of practice [PDF] adopts a model based on negotiation, mediation, and arbitration to "best facilitate genuine commercial bargaining between parties, allowing commercially negotiated outcomes suited to different business models used by Australian news media businesses". Each media business is expected to come to an agreement with the digital platform, with no one-size-fits-all model intended. But the code, as it stands, would allow g...

Garmin hit by massive outage after possible ransomware attack

Image
  Garmin’s fitness wearables remain disconnected after almost a day Garmin fitness devices have been left disconnected for nearly a day after the company suffered a major outage, possibly caused by a ransomware attack. The outage first reported by Garmin over 20 hours ago, as of this writing, affects Garmin wearables and apps, as well as Garmin call centers. “We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats,” wrote the company  on Twitter  and its Garmin Connect website. Garmin Connect is the service that allows owners of Garmin devices like Forerunner smartwatches to obsessively track their running performance, for example.  Tech News reports  that flyGarmin, the navigation service that supports Garmin’s aviation devices, has also been down affecting some pilots. Garmin was forced to shut down a number of cr...