🥂🥂🥂

🥂🥂🥂

😐😐😐

🤔🤔🤔

🙃🙃🙃

🍎🍎🍎

😶😶😶

😶😶😶

😶😶😶

Project Freta by Microsoft

New feature in google chrome.

The creators of the Python language are giving some thought to a new proposition, PEP 622, that would finally bring a Pattern Matching statement structure to Python. PEP 622 proposes a method for matching an expression against various kinds of patterns using a match/case (simply like switch/case in C) language structure :

match some_expression:
case pattern_1:
...
case pattern_2:
...

It includes literals, names, constant values, mapping, a class or a mixture of the above.

Source : https://python.org/dev/peps/...

According to a report from ZDNet: IBM's new toolkit give developers easier access to Fully Homomorphic Encryption (FHE) which is a technology with promise for a number of security use cases. In case you do not know about FHE, you can take a look at My Quora Answer (https://qr.ae/pNKR2p).

"While the technology holds great potential, it does require a significant shift in the security paradigm," the report adds. "Typically, inside the business logic of an application, data remains decrypted, [Flavio Bergamaschi, FHE pioneer and IBM Researcher] explained. But with the implementation of FHE, that's no longer the case -- meaning some functions and operations will change."

The toolkit is available on GitHub for MacOS and iOS and it will soon be available for Linux and Android.

OpenSSH has announced plans to drop support for it's SHA-1 authentication method.

According to the report of ZDNet : The OpenSSH team currently considered SHA-1 hashing algorithm insecure (broken in real-world attack in February 2017 when Google cryptographers disclosed SHAttered attack which could make two different files appear as they had the same SHA-1 file signature). The OpenSSH project will be disabling the 'ssh-rsa' (which uses SHA-1) mode by default in a future release, they also plan to enable the 'UpdateHostKeys' feature by default which allow servers to automatically migrate from the old 'ssh-rsa' mode to better authentication algorithms.

Two security researchers have published details about a vulnerability in the Windows Printing Service which impacts all Windows versions.

According to a Report of ZDNet : The vulnerability codenamed 'PrintDemon' which is located in Windows Print Spooler (Windows component responsible for managing print operations). The service sends data to be printed to a USB port for physically connected printers. In a report published, security researchers Alex Ionescu & Yarden Shafir said they found a bug in this old component that can be abused to hijack the Printer Spooler internal mechanism. The bug can not be used to break into a Windows client remotely over the internet, so it's not something that could be exploited to hack Windows systems over the internet.

Which one is IPv6 loop-back address ?
A. ::01
B. 127.0.0.1
C. ::1
D. ::10
E. I put a loop-back on your loop-back
F. None of the above

GitHub has launched Codespaces : A feature that lets you code directly on the web {as a virtual Integrated Development Environment (IDE) on the cloud}.

According to the Github Blog: Earlier, to contribute to a project you would need to make a pull request and set up the environment on your local machine according to the requirements of a project. With Codespaces, you don't need to do that anymore. As soon as you click on the code button, the website sets up the environment in seconds.

In addition to Codespaces, GitHub is also launching Discussions : A forum-like feature that lives under your project that allows others to engage with you and other contributors.

Code scanning : With code scanning enabled, every git push is scanned for new potential security vulnerabilities, and results are displayed directly in your pull request.

A report from The Register :

ICANN has halted the proposed $1.1 billion sale of the .org registry to a private equity firm. The DNS overseer has been under growing pressure to use its authority to refuse the planned transfer of the top-level domain from the Internet Society to Ethos Capital. "ICANN ultimately bowed to the US state's top lawyer when it concluded today it "finds the public interest is better served in withholding consent."

The decision will likely spark a mixture of relief and celebration from millions of .org domain holders, including some of the world's largest non-profit organizations, many of which were certain that their long-standing online addresses were going to be milked for profit by an organization that never fully revealed who its directors or investors were.

When you are dealing with Public Key Infrastructure (PKI) services, which of the following you would use to verify an email with a digital signature ?
A. The sender's public key
B. The sender's private key
C. Your public key
D. Your private key
E. What are you talking about ?
F. None of the above

Project Zero team found that a specially crafted URL could make the Git client into sending credential information of an alternative host to an attacker's host. In this case, the specially crafted URL needs to contain a newline character to trick the credential handling (performs url decoding on most possible url components, no additional validation) and sending the data off to an alternate host.

Updated Now : Credential protocol code is now forbidding newline characters in any values.

More : https://lore.kernel.org/lkml/...

Cybersecurity firm Sophos announced that it has open-sourced the Sandboxie Windows sandbox-based isolation utility. According to the reports of Bleeping Computer: Sandboxie was developed by Ronen Tzur and released on June 26, 2004, as a simple utility to help run Internet Explorer within a secure and isolated sandbox environment. Later, Tzur upgraded Sandboxie to also support sandboxing any other Windows applications that required a secure virtual sandbox.

Sophos Director of Product Marketing Seth Geftic said "We are thrilled to give the code to the community. The Sandboxie tool has been built on many years highly-skilled developer work and is an example of how to integrate with Windows at a very low level. The Sandboxie user base represents some of the most passionate, forward-thinking, and knowledgeable members of the security community, and we hope this announcement will spawn a fresh wave of ideas and use cases."

You can download Sandboxie and its source code here.

https://www.sandboxie.com/

Twitter disclosed a bug on its platform that impacted users who accessed their platform using Firefox browsers.

According to the report of ZDNet: Twitter stored private files inside the Firefox browser's cache (a folder where websites store information and files temporarily). Twitter said that once users left their platform or logged off, the files would remain in the browser cache, allowing anyone to retrieve it. The company is now warning users who share systems or used a public computer that some of their private files may still be present in the Firefox cache. Malware could be used to scrape and steal this data.

Microsoft has released Visual Studio 2019 version 16.6 with a new IntelliSense Linter to help C++ developers efficiently clean up code.

The tool IntelliSense checks code on the go, using squiggly lines to highlight problems and Lightbulb actions for suggested fixes.

The feature can be enabled in Visual Studio 2019 version 16.6 from the Preview Features within the Tools > Options menu.

Source : https://devblogs.microsoft.com/cppb...

Microsoft announced a new security feature for the Windows operating system.

According to a report of ZDNet: Named "Hardware-Enforced Stack Protection", which allows applications to use the local CPU hardware to protect their code while running inside the CPU's memory. As the name says, it's primary role is to protect the memory-stack (where an app's code is stored during execution).

"Hardware-Enforced Stack Protection" works by enforcing strict management of the memory stack through the use of a combination between modern CPU hardware and Shadow Stacks (refers to a copies of a program's intended execution).

The new "Hardware-Enforced Stack Protection" feature plans to use the hardware-based security features in modern CPUs to keep a copy of the app's shadow stack (intended code execution flow) in a hardware-secured environment.

Microsoft says that this will prevent malware from hijacking an app's code by exploiting common memory bugs such as stack buffer overflows, dangling pointers, or uninitialized variables which could allow attackers to hijack an app's normal code execution flow. Any modifications that don't match the shadow stacks are ignored, effectively shutting down any exploit attempts.

Mozilla has announced plans to remove support for the FTP protocol from Firefox. Users won't be able to download files via the FTP protocol and view the content of FTP folders inside the Firefox browser.

According to the report of ZDNet: Michal Novotny, a software engineer at the Mozilla Corporation said "We're doing this for security reasons, FTP is an insecure protocol and there are no reasons to prefer it over HTTPS for downloading resources. Also, a part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past." Novotny says Mozilla plans to disable support for the FTP protocol with the release of Firefox 77, scheduled for release in June this year.

Users will still be able to view and download files via FTP, but they'll have to re-enable FTP support via a preference inside the about:config page.

Friend,

I signed a petition on Action Network urging Congress to reject the dangerous EARN IT Act and protect our online free speech.

The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2019 — also known as the EARN IT Act — gives Attorney General Willliam Barr the power to demand that tech companies kill important encryption programs. That puts us all at risk of government censorship, cybersecurity breaches, and human rights abuses.

Don’t let Congress chip away at your essential freedoms online. Sign our petition now to tell your lawmakers to reject the dangerous EARN IT Act: https://actionnetwork.org/petitions...

Thanks!

Changes with Java 14 are:

Records is available (preview), a new class java.lang.Record. The java.lang package is implicitly imported on demand, that is, import java.lang.*

The G1 garbage collector now supports NUMA-aware memory allocations.

The ZGC (Z Garbage Collector) is now available as an experimental feature on macOS and Windows.

Improvements to Parallel GC.

The following methods related to thread suspension in java.lang.Thread and java.lang.ThreadGroup have been terminally deprecated in this release.

Microsoft is acquiring Node package manager npm Inc., officials announced on March 16. (Neither company is sharing the purchase price.) Microsoft plans to integrate GitHub with npm with the intent of making the combined community even more appealing to JavaScript developers.

GitHub CEO Nat Friedman said " npm is a critical part of the JavaScript world. The work of the npm team over the last 10 years, and the contributions of hundreds of thousands of open source developers and maintainers, have made npm home to over 1.3 million packages with 75 billion downloads a month. Together, they've helped JavaScript become the largest developer ecosystem in the world. We at GitHub are honored to be part of the next chapter of npm's story and to help npm continue to scale to meet the needs of the fast-growing JavaScript community."

Source : Github Blog

Q.14 - Suppose that R sends a msg 'm' which is digitally signed to M and the pair of private and public keys for M and R be denoted as K(x)- and K(x)+ for x=R,M respectively. Let K(x)(m) represent the encryption of 'm' with a key K(x) and H(m) is the message digest. Which of the following is the way of sending the msg 'm' along with the digital signature to M?
A. [m, K(R)+(H(m))]
B. [m, K(R)-(H(m))]
C. [m, K(M)-(H(m))]
D. [m, K(A)+(m)]
E. WOW, REALLY ?

EY and ConsenSys announced the formation of the Baseline Protocol with Microsoft which is an open source initiative that combines cryptography, messaging and blockchain to deliver secure and private business processes at low cost via the public Ethereum Mainnet. The protocol will enable confidential and complex collaboration between enterprises without leaving any sensitive data on-chain. The work will be governed by the Ethereum-Oasis Project.

Past approaches to blockchain technology have had difficulty meeting the highest standards of privacy, security and performance required by corporate IT departments. Overcoming these issues is the goal of the Baseline Protocol.

John Wolpert, ConsenSys’ Group Executive for Enterprise Mainnet added, “A lot of people think of blockchains as the place to record transactions. But what if we thought of the Mainnet as middleware? This approach takes advantage of what the Mainnet is good at while avoiding what it’s not good at.”

Source : ConsenSys