The Weekly Accountability 2

Engineering

Concepts

• The author has improved a website’s lighthouse score by increasing the image size of the thumbnails. Earlier, a google map tile was the largest element in the page and it was bringing the overall score down as it took a lot of time to load since it was an important metric in calculating the lighthouse score. By increasing the thumbnail size, it became the largest element and the score improved. Lesson: Do not trust metrics/ Design better metrics. More
• An effective way for programmers to make non-programmers to understand the cost of interruptions. More

Tools

• Linux Kernel Commit History Search with Typesense
• Water Resistance Tester: An app to check the integrity of the phone’s waterproof coating by using the Barometer

Security

Attacks

• REvil has exploited a vulnerability in the update mechanisms for Kaseya which is used to manage business networks and devices and used it to deliver ransomware to all of it’s clients. Layman Analysis Sophos detailed analysis & IoCs
• MonPass, a mongolian CA certificate authority was breached and their installer was backdoored with CobaltStrike binaries. More

News

• An iphone vulnerability which causes WiFi to be rendered unusable if one connects to a network with “%” in the name. More
• The article shares concerns about insecure code and PII that can be output by Github’s Co-pilot More
• PrintNightMare, a vulnerability in Windows Print Spooler Service, which exists in all versions of Windows gives an authenticated attacker a way to gain system-level access which will let attackers run arbitrary code, download malware, create new user accounts or view, change and delete data. More

Overview of Single Incidents

• A Microsoft engineer has made more than $7 million by selling Xbox gift cards that he stole by exploiting a loophole in their test procedures. More
• An account of how a vandal took over and deleted NewsBlur’s MongoDB while migrating to Docker and how it was recovered. More
• KasperSky’s password had a lot of issues with the was that the passwords where generated, including using the current time as the only source of randomness, which meant that any number of people who generated passwords at the same time had the same password, which can now be easily cracked by an attacker with the dictionary of passwords generated by the same password manager. More

Technology

News

• An AI bot which monitors Flemish goverment’s livestreams and analyses who are looking at their phones and tweets about it. While this could be construed as anything from a joke to some form of activism or even art, the potential application of such systems to monitor employees in the factory floor or in a cubicle and issue warnings is a scary thought. More
• “Nothing”, the start up which Carl Pei left OnePlus for is finally launching their first product priced at $99 with transparent body and Active Noise Cancelling. More
• Tiktok’s parent company has started selling it’s recommendation algorithm to other clients like US fashion app Goat, Singapore travel site WeGo, Indonesian shopping app Chilibeli, and India-based social gaming platform GamesApp. More
• Oneplus’s OxygenOS and Oppo’s ColorOS are integrating their codebases. They have promised OnePlus users won’t notice any difference and it is to utilise Oppo’s larger resources. They have also promised longer update periods for their devices. More
• An NFT which includes the source code which made the display of HTML possible signed by the creator of the World Wide Web, Sir Tim Berners Lee has been sold for $ 5.4 million. More

Business

Development

• This an interview with someone who helps brands build their narrative. He talks about how important a narrative is to a business and how it helps small companies have an advantage over their competitors in an age where anyone can easily clone any software product. More