The scary Stack Clash affecting servers, the $1,000,000 ransomware, and more news

More Arduino foundation drama rounds out the news. Read on...

Share this using the hashtag #SWE.

Stack Clash. A super-nasty security vulnerability called Stack Clash was released last week after a short embargo time, intended to help vendors create patches. The vulnerability affects most Unix-based server operating systems and provides local privilege escalation. Similar bugs to this one have been fixed in 2005 and 2010, but this is the gift that keeps on giving. Check out my video below for more details, or read the detailed announcement from Qualys here.

gdc? The D programming language was accepted for inclusion in GCC, which will likely go a long way towards making the default reaction to reading about D no longer “what’s D?” (Obviously other than the one after C, of course.)

Google: becoming slightly less creepy. Google has announced that they will stop scanning emails in Gmail for the purposes of display advertising. Obviously, they’ll still need to scan them for spam and phishing protection, and search… but maybe this will make folks feel better about using Gmail in general?

Cryptocurrency post: skip to the end and leave an angry comment. Cryptocurrency blogger “WhalePanda” discusses the ICO (initial coin offering) ecosystem built on top of Ethereum, and why it’s probably another bubble.

It’s expensive to cut the cord. If you live in central Iowa, it is very expensive to cut the cord. How expensive? The only ISP in one part of the state (Ogden Telephone Company) charges you $30 a month to get a (now-required) landline phone… or they charge you $80 a month to not have a landline. I have no words.

What’s coming in High Sierra? APFS, HEVC, HEIF, and several other acronyms as well. Learn more in this explainer from Ars Technica, which discusses some of the under-the-hood improvements in the next version of the Mac operating system.

How your right to tinker is being diluted. The Economist brings us a piece detailing how our ownership of physical things is being harmed by constant ‘innovation’ on the part of companies coming up with new ways to restrict repair and tinkering with physical devices.

The $1,000,000 ransom. Cybersecurity guru Matthew Rosenquist writes about a web hosting firm in South Korea that had to pay $1,000,000 to have over 150 Linux servers decrypted after being hit with a ransomware attack. Learn more in his post.

The state of the Arduino Foundation. If you’ve followed tinkering platforms, the “Internet of Things”, or other small-scale development stuff, surely you’ve heard of the Arduino. What you may not have heard is the seemingly-perpetual battle going on between the people behind the device, resulting in new companies being formed and other high drama that’s succinctly summarized and mostly brought to a close in this piece from Hackaday.

The security corner is taking the week off due to Stack Clash, but one more thing:

In news I’m certain surprised absolutely nobody, OpenVPN has many security vulnerabilities. Security researcher Guido Vranken discusses four of them that were missed in two separate code audits, how to fuzz, and why code audits aren’t a be-all, end-all solution.

The rundown is on vacation for two weeks for the fourth of July holiday in the US. Thanks for reading – as always, if you have feedback, or think there’s something I should cover next time, leave a comment!

Cover photo: It’s a “stack”! Ha ha, get it? It’s funny because of stack clash. Image ? John Moore / Getty