You know what I hate...
Doomsday malware reporting that say the source code of all software can
be hacked
And there is nothing you can do about it
On November 1st, it was
widely reported that a vulnerability existed in the Unicode character
set upon which all digital text communication depends. This
English language webpage is encoded using one character set among the
154 different languages included in Unicode.
Brian Krebs defined the problem best: "At
issue is a component of the digital text encoding standard Unicode,
which allows computers to exchange information regardless of the
language used." It's not that such things should not be reported.
My problem here is there is nothing at all that can be done by any one
user to mitigate the threat. This vulnerability is independent of
any one operating system or hardware. Unicode text is like air. It
just is and it is everywhere.
Microsoft is still having its problems with the PrintNightmare
nightmare. But we don't have to print every thing we do print.
You can turn the print spooler on and off. Most vulnerability
announcements include some plan for mitigation. As one security
researcher was quoted: "This vulnerability is, as far as I know, the
first one to affect almost everything." And there is little
reassurance that "Given
its far-reaching implications, the vulnerability disclosure was
coordinated with multiple organizations, some of whom are now releasing
updates to address the security weakness." Yep, not
only is our online safety dependent on us patching our systems ASAP
before we get hit with an attack, but now we must hope countless web
operators do the same. Because, and I repeat, It Is All
One Network.
In fact, Doomsday software vulnerabilities have been announced
periodically as long as I can remember. Before our current digital
Apocalypse, a long term vulnerabilty in BASH was announced in 2019.
With BASH, all network traffic, like reading a webpage, was at risk.
BASH is a software interface widely used by UNIX and Linux network
adminstrators.
BASH is known to have vulnerabilities that were detected
as early as 2014, and were still present as late as 2020.
And it's not like we can call up the admin of one of our fav webs and
tell them to only use command line UNIX — or ask them if they are
current on their patches.
My point is not to bash BASH, or Unicode, or any other technology.
Many of Apple Computer current software problems can be laid at the fact
that macOS is a Linux hybrid, and as such subject to the same long term
vulnerabilities that plague the UNIX and Linux "ecosystems". Our
technology is built on a very shaky foundation that has required
innovators to "build the plane while flying it." And it ain't rocket
science. I am pretty sure rockets come with blueprints and
instruction manuals from those who built the rocket. There
never was such a large scale plan for the Internet as it exists today.
All we users can do is reduce our own "attack surface;" patch everything
that needs to be patched; and hope them network admins all over the
world patch, too.
There are readers who might find it odd that I would be critical of all
the hair on fire reporting commented upon herein. My purpose is to
point out two facts:
1. When presenting a problem, I try to offer some mitigation.
If it is malware laden software or websites, I will try to presuade the
reader to avoid such destinations. It is long past, however, that
computers users need to be made aware that malware exists.
Annoucements such as these serve no purpose for most computer users.
So as a general rule, I do not discuss such worrisome with no relief
reports.
2. There is no "secret sauce" software, no AI mojo, no operating
system magic, to protect you from harm while online. The best
protection online is the same best protection as in very other part of
life. Common Sense is the best protection from harm anywhere.
That, and always use the newest version of your applications.
Brand new song written and produced in October now is released.
"More Than Any Man Could Ever Say." Getting in touch with my inner BB.
Take the trip at www.nitebluz.com
And if you do take any one of my musical journeys, my most sincere hope
is that you come away with this one simple thought and feeling.
I don't know about the lyrics, Dick. But I sure can dance do it.
I'd give it an 8.
¯\_(ツ)_/¯
|