An anonymous reader quotes a report from The Register: A dozen Wi-Fi design and implementation flaws make it possible for miscreants to steal transmitted data and bypass firewalls to attack devices on home networks, according to security researcher Mathy Vanhoef. On Tuesday, Vanhoef, a postdoctoral researcher in computer security at New York University Abu Dhabi, released a paper titled, "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation" [PDF]. Scheduled to be presented later this year at the Usenix Security conference, the paper describes a set of wireless networking vulnerabilities, including three Wi-Fi design flaws and nine implementation flaws. Vanhoef, who in 2017 along with co-author Frank Piessens identified key reinstallation attacks (KRACKs) on the WPA2 protocol (used to secure Wi-Fi communication), has dubbed his latest research project FragAttacks, which stands for fragmentation and aggregation attacks.

The dozen vulnerabilities affect all Wi-Fi security protocols since the wireless networking technology debuted in 1997, from WEP up through WPA3. [...] In total, 75 devices -- network card and operating system combinations (Windows, Linux, Android, macOS, and iOS) -- were tested and all were affected by one or more of the attacks. NetBSD and OpenBSD were not affected because they don't support the reception of A-MSDUs (aggregate MAC service data units). [...]

Patches for many affected devices and software have already been deployed, thanks to a nine-month-long coordinated responsible disclosure overseen by the Wi-Fi Alliance and the Industry Consortium for Advancement of Security on the Internet (ICASI). Linux patches have been applied and the kernel mailing list note mentions that Intel has addressed the flaws in a recent firmware update without mentioning it. Microsoft released its patches on March 9, 2021 when disclosure was delayed tho Redmond had already committed to publication. Vanhoef advises checking with the vendor(s) of Wi-Fi devices about whether the FragAttacks have been addressed. "[F]or some devices the impact is minor, while for others it's disastrous," he said.

"Chromium-based web browser Opera is all set to fully integrate with blockchain domain name provider Unstoppable Domains," reports TechRadar, "in a bid to provide millions of its users with decentralized web access." Opera users will now be able to access decentralized websites hosted via the InterPlanetary File System (IPFS) using Unstoppable Domains' popular .crypto NFT addresses from the Opera browser. This will include platforms such as iOS, Android, Windows, Mac or Linux. Right now, Opera has over 320 million monthly active users across its offerings, following the addition of a crypto wallet to its browsers in 2019.

Unstoppable Domains was launched in 2018 and provides domain names to users with no renewal fees. Users of Unstoppable Domains are granted full ownership and control when they claim a domain because it is minted as an NFT on the Ethereum blockchain. Domain names such as .crypto replace complex wallet addresses for payments across over 40 cryptocurrency wallets and exchanges in addition to accessing the decentralized web through Opera.

Maciej Kocemba, Product Director at Opera said that the company believes in giving all people the ability to access the full web, regardless of the technology behind it.
The Opera product director was further quoted by Business Insider: "We have always supported web innovation, and the decentralized web or Web3 is the natural next wave. Making Unstoppable Domains accessible in the Opera browsers means our users can try blockchain technologies for themselves. Registering your .crypto domain, which is forever yours, is a great first step into Web3," the company's product director Maciej Kocemba said.

Opera is quickly becoming a leader in pushing for the adoption of Web 3.0, also often described as the decentralized web.

The next generation of Mac processors designed by Apple entered mass production this month, Nikkei Asia reported Tuesday, citing sources, bringing the U.S. tech giant one step closer to its goal of replacing Intel-designed central processing units with its own. From the report: Shipments of the new chipset -- tentatively known as the M2, after Apple's current M1 processor -- could begin as early as July for use in MacBooks that are scheduled to go on sale in the second half of this year, the people said. The new chipset is produced by key Apple supplier Taiwan Semiconductor Manufacturing Co., the world's largest contract chipmaker, using the latest semiconductor production technology, known as 5-nanometer plus, or N5P. Producing such advanced chipsets takes at least three months. The start of mass production came as Apple introduced new iMac and iPad Pro models using the M1. The company said the M1 offers CPU performance up to 85% faster than an iMac using an Intel chipset, and graphics performance that is twice as fast.

Apple has spent years reinforcing macOS with new security features to make it tougher for malware to break in. But a newly discovered vulnerability broke through most of macOS' newer security protections with a double-click of a malicious app, a feat not meant to be allowed under Apple's watch. From a report: Worse, evidence shows a notorious family of Mac malware has already been exploiting this vulnerability for months before it was subsequently patched by Apple this week. Over the years, Macs have adapted to catch the most common types of malware by putting technical obstacles in their way. macOS flags potentially malicious apps masquerading as documents that have been downloaded from the internet. And if macOS hasn't reviewed the app -- a process Apple calls notarization -- or if it doesn't recognize its developer, the app won't be allowed to run without user intervention.

But security researcher Cedric Owens said the bug he found in mid-March bypasses those checks and allows a malicious app to run. Owens told TechCrunch that the bug allowed him to build a potentially malicious app to look like a harmless document, which when opened bypasses macOS' built-in defenses when opened. "All the user would need to do is double click -- and no macOS prompts or warnings are generated," he told TechCrunch. Owens built a proof-of-concept app disguised as a harmless document that exploits the bug to launch the Calculator app, a way of demonstrating that the bug works without dropping malware. But a malicious attacker could exploit this vulnerability to remotely access a user's sensitive data simply by tricking a victim into opening a spoofed document, he explained.

Earlier this week, Apple unveiled the refreshed 11 and 12.9-inch iPad Pro models with a notable change: The new iPad Pro models are powered by the M1 chip, the company's in-house chipset that also powers the current-generation MacBook Pro, MacBook Air, and Mac mini. Is the company planning to put macOS on the iPad in the future or merge iPads and Macbooks? No remains the answer. Apple marketing chief Greg Joswiak, in an interview: "There's two conflicting stories people like to tell about the iPad and Mac. On the one hand, people say that they are in conflict with each other. That somebody has to decide whether they want a Mac, or they want an iPad. Or people say that we're merging them into one: that there's really this grand conspiracy we have, to eliminate the two categories and make them one. And the reality is neither is true. We're quite proud of the fact that we work really, really hard to create the best products in their respective category." Hardware chief John Ternus, in the same interview: "We're pushing to make the best Mac we can make; we're pushing to make the best iPad we can make."

Despite only being released in November, sales of the M1-powered MacBook Air, MacBook Pro, and Mac mini now represent the majority of Mac sales, outperforming Mac computers powered by Intel processors, according to Apple CEO Tim Cook. MacRumors reports: Cook made the remarks during Apple's "Spring Loaded" event yesterday, where it introduced a completely redesigned 24-inch iMac powered by the M1 Apple silicon chip. Cook says that the M1 and Apple silicon "isn't just an upgrade, but a breakthrough," while touting Mac's industry-leading customer satisfaction. According to Cook, the four M1-powered Macs now outperform the five remaining Intel-powered computers in its lineup in terms of sales. During the keynote, Cook's comment went largely unnoticed but is likely to be a key point the CEO makes during Apple's upcoming earnings call, which is being held on April 28.

wiredmikey shares a report from SecurityWeek: Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in active attacks. This is the fourth in-the-wild Chrome zero-day discovered so far in 2021 and the continued absence of IOC data or any meaningful information about the attacks continue to raise eyebrows among security experts.

The newest Chrome update -- 90.0.4430.85 -- is available for Windows, Mac and Linux users and is being rolled out via the browser's automatic update mechanism. The vulnerability being exploited is identified as CVE-2021-21224 and simply described as a "type confusion" in the V8 Chrome rendering engine. Google credited the Jose Martinez (tr0y4) from VerSprite Inc. for reporting the vulnerability. "Google is aware of reports that exploits for CVE-2021-21224 exist in the wild," the company said, with no additional details.

At today's Spring Loaded event, Apple unveiled a new version of the iPad Pro, equipped with the M1 chip that was first introduced on the company's Mac line. TechCrunch reports: The new chip sports an 8-core CPU, with performance up to 50% faster than the A12Z Bionic found on the previous generation. There's also an 8-core GPU, which it claims is up to 40% faster. The system can be decked out to up to 16 GB of RAM and 2 TB of storage. The device further blurs the line between the company's tablet and desktop offerings, as well as improved battery life now listed as "all day." The Pro also adds Thunderbolt support to the USB-C, which allows for a number of new features including external display support and wired transfers up to 40 Gbps.

As reported, the new tablet (12.9-inch only for now) features an improved display -- Liquid Retina XDR, according to Apple's marketing terms. Among other things that brings much improved high dynamic range. The display is powered by 10,000 micro-LED. That allows for a hugely improved contrast ratio and 1,000 nits of brightness, without hammering the battery life. The 11-inch version starts at $799 and the 12.9-inch, which adds the Liquid Retina display, starts at $1,099. Pre-orders on the tablets starts April 30 and the product is set to start shipping in the second half of May -- along with a number of other products introduced at today's show.

Apple has finally given the world a dramatic new iMac redesign, aimed at the company's long-standing goal of "making the computer disappear." From a report: Naturally, the latest version of the 24-inch all-in-one desktop is built around the company's new proprietary M1 chips. The screen sports a 4.5K Retina Display, coupled with a 1080p camera -- a first for the Mac line, and a sign the company is taking both audio and video more seriously as these products are serving as a kind of life line for the work from home crowd. True Tone is, naturally, on board for better color balance, and sound have been improved with six-speaker setup.

The new devices are significantly thinner -- with overall volume reduced by half, according to the company. The rear is also flat, instead of curved. All told, the company says it's up to 85% faster than the last model, coupled with a GPU that's up to twice as fast and 3x the machine learning. Around back are two Thunderbolt ports and a new magnetic power adapter that also delivers Ethernet. The system comes in seven colors. It starts at $1,299.

Dave Knott writes: Microsoft has announced Visual Studio 2022, the next major revision of their flagship development IDE. A public beta will be arriving this summer. The most significant change, which has long been rumored, is that the entire application suite will now be 64-bit. Other major changes include:

* Performance improvements in the core debugger
* Support for .NET 6, which can be used to build web, client and mobile apps by both Windows and Mac developers, as well as improved support for developing Azure apps
* An update UI meant to reduce complexity and which will add integration with Accessibility Insights. Microsoft plans to update the icons and add support for Cascadia Code, a new fixed-width font for better readability
* Support for C++ 20 tooling. language standardization and Intellisense
* Integration of text chat into the Live Share collaboration feature
* Additional support for Git and GitHub
* Improved code search

Parallels today announced the release of Parallels Desktop 16.5 for Mac with full support for M1 Macs, allowing for the Windows 10 ARM Insider Preview and ARM-based Linux distributions to be run in a virtual machine at native speeds on M1 Macs. From a report: Parallels says running a Windows 10 ARM Insider Preview virtual machine natively on an M1 Mac results in up to 30 percent better performance compared to a 2019 model 15-inch MacBook Pro with an Intel Core i9 processor, 32GB of RAM, and Radeon Pro Vega 20 graphics. Parallels also indicates that on an M1 Mac, Parallels Desktop 16.5 uses 2.5x less energy than on the latest Intel-based MacBook Air. Microsoft does not yet offer a retail version of ARM-based Windows, with the Windows 10 ARM Insider Preview available on Microsoft's website for Windows Insider program members. The ability to run macOS Big Sur in a virtual machine is a feature that Parallels hopes to add support for in Parallels Desktop later this year as well.

Cory Doctorow, writing at Wired: When we talk about social media monopolies, we focus too much on network effects, and not enough on switching costs. Yes, it's true that all your friends are already stuck in a Big Tech silo that doesn't talk to any of the other Big Tech silos. It needn't be that way: interoperable platforms have existed since the first two Arpanet nodes came online. You can phone anyone with a phone number and email anyone with an email address.

The reason you can't talk to Facebook users without having a Facebook account isn't that it's technically impossible -- it's that Facebook forbids it. What's more, Facebook (and its Big Tech rivals) have the law on their side: the once-common practice of making new products that just work with existing ones (like third-party printer ink, or a Mac program that can read Microsoft Office files, or an emulator that can play old games) has been driven to the brink of extinction by Big Tech. They were fine with this kind of "competitive compatibility" when it benefited them, but now that they dominate the digital world, it's time for it to die.

To restore competitive compatibility, we would need reform to many laws: software copyright and patents, the anti-circumvention laws that protect digital rights management, and the cybersecurity laws that let companies criminalize violations of their terms of service.

If you're wondering when Apple will hold its next event, Siri may have the answer. From a report: Ask the digital helper: "When is the next Apple event?" and it will respond with "the special event is on Tuesday, April 20, at Apple Park in Cupertino, CA. You can get all the details on Apple.com." MacRumors, which spotted the reply, says the virtual assistant is providing it in certain instances on iPhone, iPad, Mac, and HomePod. While it's an open secret that Apple is planning an event for later this month where it's expected to debut a new iPad Pro, Siri has seemingly leaked the date ahead of confirmation. We won't have to wait long to find out if the info is correct, though. Apple normally sends out invites to the press a week ahead of the proceedings, so it should make it official later today. The event itself is expected to be a virtual affair starring the iPad Pro (in two sizes) and possibly featuring the AirTags Bluetooth tracker. Apple's next premium slate reportedly features a Mini LED display on the flagship 12.9-inch model, but supply chain issues could see it ship later than planned and in limited quantities.

An anonymous reader quotes a report from ZDNet: A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. The researchers from Computest demonstrated a three-bug attack chain that caused an RCE on a target machine, and all without any form of user interaction. As Zoom has not yet had time to patch the critical security issue, the specific technical details of the vulnerability are being kept under wraps. However, an animation of the attack in action demonstrates how an attacker was able to open the calculator program of a machine running Zoom following its exploit. As noted by Malwarebytes, the attack works on both Windows and Mac versions of Zoom, but it has not -- yet -- been tested on iOS or Android. The browser version of the videoconferencing software is not impacted. Computest researchers Daan Keuper and Thijs Alkemade earned themselves $200,000 for this Zoom discovery, as it was part of the Pwn2Own contest.

In a statement to Tom's Guide, Zoom thanked the Computest researchers and said the company was "working to mitigate this issue with respect to Zoom Chat." In-session Zoom Meetings and Zoom Video Webinars are not affected. "The attack must also originate from an accepted external contact or be a part of the target's same organizational account," Zoom added. "As a best practice, Zoom recommends that all users only accept contact requests from individuals they know and trust."

Matt Mullenweg, co-founder of the open-source blogging platform WordPress, writes: Wix, the website builder company you may remember from stealing WordPress code and lying about it, has now decided the best way to gain relevance is attacking the open source WordPress community in a bizarre set of ads. They can't even come up with original concepts for attack ads, and have tried to rip-off of Apple's Mac vs PC ads, but tastelessly personify the WordPress community as an absent, drunken father in a therapy session.

I have a lot of empathy for whoever was forced to work on these ads, including the actors, it must have felt bad working on something that's like Encyclopedia Britannica attacking Wikipedia. WordPress is a global movement of hundreds of thousands of volunteers and community members, coming together to make the web a better place. The code, and everything you put into it, belongs to you, and its open source license ensures that you're in complete control, now and forever. WordPress is free, and also gives you freedom. So if we're comparing website builders to abusive relationships, Wix is one that locks you in the basement and doesn't let you leave. I'm surprised consumer protection agencies haven't gone after them.

Wix is a for-profit company with a valuation that peaked at around 20 billion dollars, and whose business model is getting customers to pay more and more every year and making it difficult to leave or get a refund. (Don't take my word for it, look at their investor presentations.) They are so insecure that they are also the only website creator I'm aware of that doesn't allow you to export your content, so they're like a roach motel where you can check in but never check out. Once you buy into their proprietary stack you're locked in, which even their support documentation admits.

Apple said on Monday it is expanding its "Independent Repair Provider" to over 200 countries, nearly every country where the iPhone-maker's products are sold. From a press release: Launched originally in 2019 and expanded to Europe and Canada last year, the program enables repair providers of all sizes access to genuine Apple parts, tools, repair manuals, and diagnostics to offer safe and reliable repairs for Apple products. There are now more than 1,500 Independent Repair Provider locations serving customers across the US, Canada, and Europe. "Being a part of the Independent Repair Provider program has been a huge benefit to my business, employees, and customers," said Scott Baker, owner of Mister Mac in Wimberley, Texas. "Since joining, we've received great support from Apple, and we're able to deliver that same level of service to our customers. It has even brought genuine excitement to our town." All participating repair providers in the program have access to free training from Apple and the same genuine parts, tools, repair manuals, and diagnostics as Apple Authorized Service Providers (AASPs) and Apple Store locations. Further reading: Apple's Independent Repair Program is Invasive To Shops and Their Customers, Contract Shows (Published in February 2020).

This week Swedish developer Daniel Stenberg posted a remarkable reflection on the 23rd anniversary of his command-line data tool, cURL: curl was adopted in Red Hat Linux in late 1998, became a Debian package in May 1999, shipped in Mac OS X 10.1 in August 2001. Today, it is also shipped by default in Windows 10 and in iOS and Android devices. Not to mention the game consoles, Nintendo Switch, Xbox and Sony PS5.

Amusingly, libcurl is used by the two major mobile OSes but not provided as an API by them, so lots of apps, including many extremely large volume apps bundle their own libcurl build: YouTube, Skype, Instagram, Spotify, Google Photos, Netflix etc. Meaning that most smartphone users today have many separate curl installations in their phones.

Further, libcurl is used by some of the most played computer games of all times: GTA V, Fortnite, PUBG mobile, Red Dead Redemption 2 etc.

libcurl powers media players and set-top boxes such as Roku, Apple TV by maybe half a billion TVs.

curl and libcurl ships in virtually every Internet server and is the default transfer engine in PHP, which is found in almost 80% of the world's almost two billion websites.

Cars are Internet-connected now. libcurl is used in virtually every modern car these days to transfer data to and from the vehicles.

Then add media players, kitchen and medical devices, printers, smart watches and lots of "smart"; IoT things. Practically speaking, just about every Internet-connected device in existence runs curl.

I'm convinced I'm not exaggerating when I claim that curl exists in over ten billion installations world-wide...

Those 300 lines of code in late 1996 have grown to 172,000 lines in March 2021.
Stenberg attributes cURL's success to persistence. "We hold out. We endure and keep polishing. We're here for the long run. It took me two years (counting from the precursors) to reach 300 downloads. It took another ten or so until it was really widely available and used." But he adds that 22 different CPU architectures and 86 different operating systems are now known to have run curl.

In a later blog post titled "GitHub Steel," Stenberg also reveals that GitHub gave him a 3D-printed steel version of his 2020 GitHub contribution matrix — accompanied by a friendly note. "Please accept this small gift as a token of appreciation on behalf of all of us here at GitHub, and everyone who benefits from your work."

On March 24, 2001, Mac OS X first became available to users around the world. Ars Technica's Samuel Axon reflects on the OS and the many new features and technologies it brought that we now take for granted. From the report: Of course, Mac OS X (or macOS 10 as it was later known) didn't quite survive to its 20th birthday; last year's macOS Big Sur update brought the version number up to 11, ending the reign of X. But despite its double life on x86 and ARM processors and its increasingly close ties to iOS and iPadOS, today's macOS is still very much a direct descendant of that original Mac OS X release. Mac OS X, in turn, evolved in part from Steve Jobs' NeXT operating system -- which had recently been acquired by Apple -- and its launch was the harbinger of the second Jobs era at Apple.

[Mac OS X] enabled Apple's laptops to wake up from sleep immediately, and it introduced dynamic memory management, among other things. Mac OS X's greatest impact in retrospect may be in the role it had in inspiring and propping up iOS, which has far surpassed macOS as Apple's most widely used operating system. [...] Despite Apple's resounding success in the second Steve Jobs era, as well as in the recent Tim Cook era, the Mac is still a relatively niche platform -- beloved by some, but skipped by much of the mainstream. After 20 years, a lot has changed, but a whole lot has stayed the same.

An anonymous reader quotes a report from Ars Technica: Google is officially bringing its "Live Caption" technology to any website with the new version of Chrome. The feature, which debuted on Pixel phones and should be available on most Android 10+ devices, lets you easily apply Google's speech-to-text technology to any audio source, making it simple to get closed-captioning on audio that's lacking in the accessibility department. Starting today, Google is beginning to roll out the feature to Chrome 89 and up on desktop PCs.

You can enable the feature from the Chrome settings by going to "Advanced" and "Accessibility" and then turning on "Live Caption." Live captions appear on webpages as a gray box that fills with text as the video or audio plays. You can drag the box around so it never gets in the way, and you can even pick between two sizes. Live Caption will attempt to work with every audio source on the web; you can temporarily close the box each time you load a page, but there's no way to enable it on some websites and disable it on others. Google says all the processing happens locally on your device and won't end up on the Internet. For now, Google says Live Caption "currently supports English and is available globally on the latest release of Chrome on Windows, Mac and Linux devices and will be coming soon to ChromeOS."

Intel has hired Apple's former "I'm a Mac" actor Justin Long to create new ads praising PCs. From a report: Long starts each commercial with "Hello I'm a... Justin," with the typical white background you'd find on Apple's Mac vs. PC ads from the 2000s. Naturally, the ads focus on Mac vs. PC again, with Long mocking Apple's Touch Bar, lack of M1 multiple monitor support, and the "gray and grayer" color choices for a MacBook. One even goes all-in on Apple's lack of touchscreens in Macs or 2-in-1 support by mocking the fact you have to buy a tablet, keyboard, stylus, and even a dongle to match what's available on rival Intel-based laptops. Another ad also points out that "no one really games on a Mac." Intel has put out more ads where they point out that Mac doesn't have the gaming ecosystem that Windows laptops enjoy.