'Smart' Light Bulbs Vulnerable to Cyber-Attacks, Researchers Show
Today's topics include Eugene Kaspersky's allegations that Microsoft Windows Defender is anti-competitive, the news that a new network worm could infect internet of things devices in the home, the unveiling of Facebook's Messenger Group Chat in Canada and Australia and the joint effort of the Linux Foundation and Reproducible Build to create a more secure software.
Eugene Kaspersky, founder of security vendor Kaspersky Lab, isn't happy with Microsoft's business practices and he wants the whole world to know about it.
Kaspersky alleges that the close integration between Microsoft's Windows Defender security software and Windows 10 makes it more difficult for users to install alternative anti-malware applications from Kaspersky and other security software companies.
These claims are not falling on deaf ears as the Federal Antimonopoly Service in Kaspersky's native Russian Federation is now investigating the situation for any potential wrongdoing.
A team of academic researchers demonstrated how even the simplest internet of things devices could be used to spread malicious code when they exploited a vulnerability in a popular smart light bulb to infect other devices.
In a draft research paper, researchers from the Weizmann Institute of Science in Israel and Dalhousie University in Canada outlined their method of wresting control of Philips Hue smart lights from a home-automation network and then remotely updating the devices with malicious code.
With just 15,000 randomly distributed smart lights in an urban area, a network worm could spread in a chain reaction throughout a city the size of Paris, the researchers concluded using a type of analysis known as percolation theory.
Facebook is in the process of enabling groups of people, and not necessarily "friends" who know each other, to interact around specific topics in real time on the social network.
The app, called Rooms, is the same as a standalone app it attempted two years ago but then pulled back right after it bought WhatsApp for $19 billion in February 2014. However, users in the United States will have to wait a while to be able to use it.
The launch, which Facebook has discussed publicly earlier this year, was rolled out Nov. 11 through 13 in Canada and Australia. It is apparently a test to see if Facebook's Messenger chat platform is able to both scale and enable more public conversations focused on specific topics.
In an effort to help open-source software developers build more secure applications, the Linux Foundation is doubling down on its efforts to help the Reproducible Builds Project.
Among the most basic and often most difficult aspects of software development is making sure that software end-users get the same software code that developers actually built.
"Reproducible builds are a set of software development practices that create a verifiable path from human readable source code to the binary code used by computers," the Reproducible Builds project explains.
Without the promise of a verified reproducible build, security can potentially be compromised, as the binary code might not be the same as the original developer intended. The Reproducible Builds project benefits from the support of the Linux Foundation's Core Infrastructure Initiative.