Category Blog
Today the third release of the YAFL library took place. YAFL is a library written in C containing several Kalman filtering algorithms, distributed under the Apache-2.0 license. The library is focused on use in embedded systems based on microcontrollers with hardware support for floating point calculations. A python extension, yaflpy, has been created for prototyping and evaluating the library. Compared to YAFL-0.20.0, the following changes have occurred: […]
Orange España, Spain's second-largest mobile operator, experienced a major outage on Wednesday after an unknown party gained access to an account managing its global routing table using a "ridiculously weak" password. Beginning at 9:28 UTC, an individual using the nickname "Snow" logged into the Orange account. RIPE NCC, using the password ripeadmin. RIPE NCC [...]
A compromised administrator account led to a nearly four-hour outage at Orange Espagne, Spain's second-largest telecom operator, which serves 11 million subscribers. To access the registrar interface, RIPE NCC Orange Espagne used the predictable password "ripeadmin" and didn't have two-factor authentication enabled. The RIPE password was intercepted during a compromise of an employee's system […]
A critical vulnerability (CVE-2023-7101) has been identified in the Perl module Spreadsheet::ParseExcel, which provides functions for parsing Excel files, which allows arbitrary code execution when processing XLS or XLSX files that include specially formatted number formatting rules. The vulnerability is caused by the use of data obtained from the file being processed when constructing the “eval” call. The problem is fixed in the Spreadsheet::ParseExcel 0.66 update. There is a prototype of the exploit. Vulnerable code: if […]
A vulnerability (CVE-2023-51714) in the implementation of the HTTP/2 protocol has been identified in the Qt library, which allows it to write its data beyond the allocated buffer. The vulnerability is caused by an integer overflow in the header parsing code (HPack) and occurs when more than 4 GB of total HTTP header data is received, or 2 GB for a single header. The problem was fixed in Qt updates 5.15.17, 6.2.11, 6.5.4 and 6.6.2. […]
The US Department of Justice has moved closer to a crackdown in its antitrust investigation into Apple over its actions to protect its dominance. iPhone The New York Times reports that charges are expected to be filed as early as the first half of this year, citing informed sources. According to the sources, the US Justice Department is investigating how Apple is using its control over its […]
In 2023, in the global monitor market, manufacturers tried to demonstrate new approaches, change trends and climb higher on the leadership podium. The Russian market also saw changes relative to 2022, but slightly different. Source: 3dnews.ru
Daniel Stenberg, author of a utility for receiving and sending data over the network curl, criticized the use of AI tools when creating vulnerability reports. Such reports include detailed information, are written in normal language and look high-quality, but without thoughtful analysis in reality they can only be misleading, replacing real problems with high-quality looking garbage content. Project Curl […]
One of the developers of JavaScript packages experimented with creating and placing in the NPM repository the “everything” package, which covers all existing packages in the repository with dependencies. To implement this feature, the “everything” package has direct dependencies with five “@everything-registry/chunk-N” packages, which in turn have dependencies on more than 3000 “sub-chunk-N” packages, each of which binds to 800 […]
Among American companies, at the ideological level, the leaders of automation are Tesla and Amazon, as they are trying their best to reduce costs by replacing people with robots, but the Asian giants are not going to lag behind in their fields of activity. Samsung, for example, plans to launch enterprises without personnel in just six years. Image source: Samsung ElectronicsSource: 3dnews.ru
By early December, China's Huawei Technologies was believed to have once again proven its ability to gain access to advanced components even under US sanctions that have been in place since 2019. This week, Canadian specialists from TechInsights managed to establish that the 5nm HiSilicon Kirin 9006C processor was actually released in Taiwan even before the imposition of sanctions. Image source: […]
Honor, once a subsidiary of Huawei, took the path of independence several years ago. And while there is still speculation that the companies could reunite, it doesn't look like it's going to happen anytime soon. Recently, Honor CEO George Zhao shed some light on how the relationship is currently […]