Weekend Reads 111822


Internet users are being tricked into installing browser extensions that can hijack their web searches.


An offshore company that is trusted by the major web browsers and other tech companies to vouch for the legitimacy of websites has connections to contractors for U.S. intelligence agencies and law enforcement, according to security researchers, documents and interviews.


Silicon Valley startup Eliyan thinks its technology for enabling chiplet-based designs can best those from semiconductor giants Intel and TSMC by providing better performance, higher efficiency, fewer manufacturing issues, and more supply chain options.


While the number of cleartext passwords is an improvement compared with the 96,361 passwords exposed in 2020 and the more than 100,000 sent in the clear in 2019, there is still room for improvement, says Jessica Bair Oppenheimer, director of technical alliances at Cisco Secure.


Qualcomm and Arm have been engaged in one of those very entertainingly bitter court fist-fights that the industry throws up when friends fall out over money.


Unbound 1.16.0 adds support for Extended DNS Errors (EDEs) as codified in RFC 8914.


I suspect this reflects a significant change in the economics of the sector. For the last 20 years, Silicon Valley has had the wind at its back thanks to rapid adoption of new technologies like the internet and smartphones. As a result, the industry fared better than the broader economy during and after the 2008 recession.


By playing unexpected moves outside of KataGo’s training set, a much weaker adversarial Go-playing program (that amateur humans can defeat) can trick KataGo into losing.


New research released this week reveals the process used by third party advertisers to target online users can be viewed or manipulated by online adversaries using only their target’s email address.


On August 4, 2022, Microsoft publicly shared a framework that it has been using to secure its own development practices since 2019, the Secure Supply Chain Consumption Framework (S2C2F), previously the Open Source Software-Supply Chain Security (OSS-SSC) Framework.


This raises an important question: How do you take what is good about these patterns for creating innovation? Specifically, how do you apply open source principles and practices as appropriate? That’s what we’ve sought to accomplish with Red Hat Research.


Thousands of smartphone applications in Apple (AAPL.O) and Google’s (GOOGL.O) online stores contain computer code developed by a technology company, Pushwoosh, that presents itself as based in the United States, but is actually Russian, Reuters has found.


That’s opened major questions about how these now-forever-roaming workers are connected to information resources and to each other.


A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet (TTE) that’s used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft.