What to do if you find a vulnerability in your app that could steal your users? The answer of Cryptocurrency purse maker Komodo: Hack your app and take the money of its users in front of the hackers. It even worked.
A few months ago, an anonymous contributor did a "useful update" to the library to create a new dependency. They waited for this update to be included in the Agama app and then made a change to the new dependency to create a backdoor in the app.
npm's staff noticed the changes, saw what was going on, and contacted Komodo. Unfortunately, the back door was already available at this time. It may not be enough to update the app only to remove it. Anyone who did not receive the update before the hacker broke in would lose their cryptocurrency.
So, Komodo took a rather new approach, chopping himself. It used the back door that the malevolent actor set up to collect $ 1
Komodo has published a blog to inform users about what he did and why and how they can reclaim their money and send it back to new, hopefully safer wallets.
All of this, of course, is a lesson from the dangers and strengths that developers encounter when using third-party libraries open software that allows anyone to contribute.
Bad actors can manipulate open software in ways that are not possible with proprietary software. It can also be examined more closely for vulnerabilities. These events illustrate both sides of this coin.
But we'll say it again: Maybe it's best to stay away from cryptocurrency. [ZDNet]
In other news:
- Original Final Fantasy soundtracks can now be streamed for free: In a startling move, Square-Enix has loaded almost every Final Fantasy original soundtrack for Spotify and Apple Music. These are not orchestrations, but how the songs sounded in the games. Unfortunately, most songs and songs with vocals, like Suteki da ne, are in Japanese. But if you love Final Fantasy, listen to them. [Engadget]
- The new delivery drone from Amazon is wild: Amazon showed off its delivery drone yesterday and some nice tricks up its sleeve. It does not work like drones you might imagine, but changes the positions for flying and landing / taking off. The drone can travel 24 km and carry a 5-pound package. According to Amazon, delivery will begin in the coming months. Where will it deliver? Amazon did not answer. [TechCrunch]
- Google kills Trips, another app you've never used: Google continues its version of Thanos Snap by stealing its products. This time Trips is on the Hackklotz, an app for organizing trips. The company says Google Travel is its replacement, but as Ars Technica points out, this is not an app, it's a website. Worse, it's a dump of endless ads. [Ars Technica]
- iOS 13 gives the Sony Remote Play app a suitable controller: We like the Sony Remote Play App, but its drawback is the touchscreen controls. You can use a third-party controller, but this is a different purchase and the buttons may not match. iOS13 solves this problem by adding dual-shock support for PS4. This includes the Remote Play app. Good times. [MacRumors]
- Chrome Remote Desktop is available on the Web: Chrome Remote Desktop is an easy way to give a computer remote access. This is useful if you need technical help remotely. Google has been testing Chrome Remote Desktop on the Internet for over a year. However, the beta phase is still ongoing and officially available to all. Very nice. [9to5Google]
- Alexa becomes more talkative in the future: The use of Alexa can be a bit frustrating at the moment. Say a command, get a result, wake it up again, say a new command, start over. Soon she will be asked to move on to the previous information on the next related skill. Did you buy tickets for a movie? She can propose a table reservation near the theater without you having to ask her or tell her where the theater is again. Pretty cool stuff. [VentureBeat]
- Cadillac Upgrades SuperCruise by 70,000 Miles Compatible Highway: Cadillac's driver assistance program, SuperCruise, offers a unique approach to hands-free driving. You can keep your hands off the steering wheel longer, but only if you are on a pre-mapped highway and are constantly looking at the road. Watch cameras to make sure you are attentive. Cadillac has just extended its highways with lidar maps by 70,000 miles, which means you can use SuperCruise much more often than before. [Digital Trends]
- The beta version of Android Q introduces Bootloops: You should never install a beta operating system on your primary device, whether it's a computer, tablet or phone. The reason for this advice is obvious today as Google has just discontinued its Android Q-beta launch after it was discovered that Android phones got stuck in a bootloop. Apparently the only way out was a factory reset. Not pretty, but it's a beta. [The Verge]
In good scientific news, astronomers have finally discovered an accretion disk that surrounds the supermassive black hole at the center of our galaxy.
Like most galaxies, the center of our galaxy is a supermassive black hole called Sagittarius A *. How supermassive? Imagine the sun and multiply that size by four million. It's one of those incredibly big sizes that are really impossible to understand.
The special thing about Sag A * is that it's pretty quiet. In other galaxies, astronomers can easily detect hot disks of orbiting gases called accretion disks. When TV shows and moves show a black hole, the swirling stuff you normally see as a black hole is the accretion disk.
Despite being close to Sag A * (compared to other supermassive black holes), scientists could not find his accretion disk. As it turns out, Sag A * does not eat everything around it, like the monster it is, but feeds more slowly and the gasses that surround it are cooler. That made the disc very hard to recognize.
The very unusual characteristics of the center of our galaxy underscore how much more there is to learn and discover when it comes to the nature of our universe. [Science News]