News

Apple’s System Integrity Protocol (SIP) has been something of a mix bag when it comes to security. It is a great feature from a raw and basic security viewpoint, but the same feature also has created challenges for the installation of third-party anti-malware and other security tools since its launch. All that aside, Microsoft, of all people, has shared details on a vulnerability that can be used by attackers to completely bypass the protections that SIP is supposed to offer.

Google has been very interested in pushing new standards for messaging, Rich Communication Services. RCS started in 2007 as a new way to make “texting” more functional and complete. This included things like read receipts, response indictors (typing icon) and more. It was a way to make standard android messaging services on par with apps like Signal, WhatsApp, and Telegram. In and of itself it is a great feature and one that enhances standard SMS and MMS functionality. Along the journey Google and others started to add encryption (end-to-end) as a way of protecting the message content (which was a core component of RCS).

This one will get filed in the “you knew it was going to happen” file. After the announcement of a few new top-level domains (TLDs) including .zip and .mov by Google the security world silently shook its head. The concept of using file extensions as TLDs is one that defies logic. As soon as I read about these new domains, I knew someone was going to create phishing or malware attacks with URLs that look like common file names. These attacks can leverage modern web design to make a target think they are using an application to run or open the file when they are really executing commands in the background to compromise their systems. Lo and behold! We now have file archiver in the browser as shown off by mr.d0x.

Wait, another danger of AI article? Yes, another one. Since far too many people and companies are ok with ignoring the dangers simply for the sake of the next big shiny thing, we thought we would at least be part of the awareness of it. I might also say “I told you so” when things do start to go sideways… ok I would not be that much of a jackass, but I do think that making sure to point out issues with new technology while others seem ok with glossing them over is a good idea.