Have a suggestion?

Click here to suggest a blog item.

Newsletters Archive

Catch up with DonationCoder by browsing our past newsletters, which collect the most interesting discussions on our site: here.

Editorial Integrity

DonationCoder does not accept paid promotions. We have a strict policy of not accepting gifts of any kind in exchange for placing content in our blogs or newsletters, or on our forum. The content and recommendations you see on our site reflect our genuine personal interests and nothing more.


Latest News

April 27, 2019
Software Updates

Feb 26, 2019
Software Updates

Feb 23, 2019
Software Updates

Feb 14, 2019
Software Updates

Jan 6, 2019
Event Results

Dec 2, 2018
Software Updates

Nov 13, 2018
Software Releases

July 30, 2018
Software Updates

June 24, 2018
Software Updates

June 6, 2018
Software Updates

Apr 2, 2018
Fundraiser Celebration

Apr 2, 2018
Software Updates

Feb 24, 2018
Software Updates

Jan 14, 2018
Major Site News

Jan 10, 2018
Event Results

Latest Forum Posts

What they say about us..
Softoxi Editor's Review image
Screenshot Captor - powerful, versatile and flexible desktop tool designed to give you an elegant and efficient alternative to capturing your screen.

Our daily Blog

This page spotlights the most interesting posts collected from our forum every day.

prev1 2 [3] 4 5 6 7 8 ... 604next

Nice long hacker article on jailbreaking a car head unit

subaru-head-unit-featured.jpg
Some of us enjoy reading a good man versus machine detective story.
This is a long description of the process of getting access to the software running the head unit (audio, navigation, etc.) in his car.

Back in June, I purchased a new car: the 2018 Subaru Crosstrek. This vehicle has an interesting head unit that's locked down and running a proprietary, non-Android operating system. Let's root it. If this was Android, we could most likely find plenty of pre-existing PoCs and gain root rather trivially as most vehicle manufacturers never seem to update Android. Because this isn't an old Android version, we'll have to put a little more work in than usual.

https://github.com/s...master/doc/README.md



The Bayrob malware gang's rise and fall

Screenshot - 4_15_2019 , 12_12_45 PM_thumb001.png
Longish interesting article on zdnet about a malware gang that was recently convicted of fraud and scamming people out of money.

The Bayrob malware gang's rise and fall: The story of how a talented computer science student and his friends created and ran a multi-million dollar botnet...
A graduate of one of Bucharest's top mathematics and computer sciences college, Danet won several international computer science contests, even ranking third in an ACM (Association for Computing Machinery) edition, and ranking high in many others.
According to Romanian TV station Kanal D, in 2008, Danet was elected the coach of Romania's National Computer Science Team, even though he was still a university student.
"He could have worked anywhere he wanted for the same money he made as a hacker," our source said over the phone when describing Danet's programming skills. "I still can't believe it after all these years."

https://www.zdnet.co...gangs-rise-and-fall/



How BioWare's Anthem Went Wrong

Screenshot - 4_3_2019 , 11_44_35 AM_thumb001.png
Interesting article on how a big game development team went off the rails.

Very few things went right in the development of BioWare’s latest game, an online cooperative shooter that was first teased in mid-2012 but spent years floundering in pre-production. Many features weren’t finalized or implemented until the very final months, and to some who worked on the project, it wasn’t even clear what kind of game Anthem even was until that E3 demo in June of 2017, less than two years before it actually came out.

https://kotaku.com/h...ent-wrong-1833731964


Mozilla's X-Ray Goggles, browsing web page modifier?

Anyone check this out?

X-Ray Goggles makes it easy to see and remix the code behind your favorite web pages.  The best part: you don't need any prior coding experience! Just activate Goggles, click on a section,  and edit. Then, share your remixes with others.

A video demonstrating it:



Serious Chrome zero-day – Google says update “right this minute” (06 MAR 2019)

blog clipart
Details are scarce as it seems Google is withholding information until more people have had a chance to update to a version of Chrome which doesn't have the vulnerability. This is the most specific information I found:

According to the official release notes, this vulnerability involves a memory mismanagement bug in a part of Chrome called FileReader.

That’s a programming tool that makes it easy for web developers to pop up menus and dialogs asking you to choose from a list of local files, for example when you want to pick a file to upload or an attachment to add to your webmail.

When we heard that the vulnerability was connected to FileReader, we assumed that the bug would involve reading from files you weren’t supposed to.

Ironically, however, it looks as though attackers can take much more general control, allowing them to pull off what’s called Remote Code Execution, or RCE.

RCE almost always means a crooks can implant malware without any warnings, dialogs or popups.

Just tricking you into looking at a booby-trapped web page might be enough for crooks to take over your computer remotely.

I'm curious if this affects all Chromium-based browsers. :-\


Nasty code-execution bug in WinRAR threatened millions of users for 14 years

Screenshot - 3_1_2019 , 12_55_55 PM.png
WinRAR, a Windows file compression program with 500 million users worldwide, recently fixed a more than 14-year-old vulnerability that made it possible for attackers to execute malicious code when targets opened a booby-trapped file.

The vulnerability was the result of an absolute path traversal flaw that resided in UNACEV2.DLL, a third-party code library that hasn’t been updated since 2005. The traversal made it possible for archive files to extract to a folder of the archive creator’s choosing rather than the folder chosen by the person using the program. Because the third-party library doesn’t make use of exploit mitigations such as address space layout randomization, there was little preventing exploits.

https://arstechnica....-users-for-14-years/


prev1 2 [3] 4 5 6 7 8 ... 604next

Share on Facebook