PEAKS No. 12: Linux UEFI Exploits, Webcam Manipulation, and AI's Latest Moves
Hi there!
Last week, I started investigating a strange issue regarding Mendeley citations inserted in a Word document. For some reason, the citations break when the document is opened on another computer, which is the last thing you want to happen before a submission deadline. Nevertheless, I managed to compile this newsletter issue for you. I hope you enjoy it.
🛡️ Security & Privacy
- Twelve senators urged the TSA to review its facial recognition program, citing privacy risks and confusing opt-out processes for travelers. More here.
- This repository offers tools to remotely control the ThinkPad X230 webcam LED, showcasing how malware can record video unnoticed.
- ESET researchers found RomCom exploiting zero-day vulnerabilities in Firefox and Windows, enabling unauthorized code execution and backdoor installation More here.
- Researchers discovered Bootkitty, the first UEFI bootkit targeting Linux, which can evade security tools and manipulate boot processes. Read more here.
- Russian spies executed an unprecedented hack by jumping between networks using nearby Wi-Fi connections. More here.
- New study that evaluates Linux malware detection, revealing challenges and introducing a benchmark dataset for improvement available here.
- SpyLoan apps, posing as legitimate loan services, have been downloaded over 12 million times from Google Play. These malicious apps steal sensitive personal data, including call logs, location, and SMS messages, and extort users through high-interest loans. Read more here.
🛸 Tech
General
- Neuralink's CONVOY Study aims to help paralyzed individuals control robotic arms using brain-implanted devices. More here.
- Australia has banned social media for children under 16, supported by 77% of citizens. Read more here.
- The FCC has approved SpaceX to use Starlink satellites for T-Mobile cell service, enhancing coverage. More here.
- While studying the Pentium processor's silicon die, the author discovered antenna diodes protecting circuitry during manufacturing. Read more here.
- Researchers developed a salt-sized camera using meta-optics, enabling high-quality imaging for various applications, including medical use. More here.
Dev
- How to replace OpenVPN with WireGuard guide.
- This post provides an overview of automotive lidar technology.
- The aspiration for a unified, dialect-free C++ has likely been unattainable for many years. Read more here.
- Herb Sutter is leaving Microsoft. More here.
- Starting with November 22, users can access Warp without signing up or logging in, enjoying core features and previews. More here.
AI
- Anthropic has launched new features for its AI assistant Claude, including preset writing modes and style customization tools. Read more here.
- Anthropic has launched the Model Context Protocol (MCP), an open-source standard connecting AI assistants to various data sources, enhancing AI application capabilities across industries. More here.
- Artists leaked OpenAI's Sora video generator to protest exploitative practices, prompting a temporary access suspension. More here.
- "Feels Like Paper!" prototypes enhance physical paper with AI, blending digital properties while preserving physical traits. Have a look here.
- Elon Musk's xAI plans to launch a standalone Grok app in December, competing with ChatGPT. More here.
- OpenAI is funding research at Duke University to create algorithms that predict human moral judgments and enhance AI decision-making. More here.
- Anthropic raised $4 billion from Amazon, making AWS its primary cloud partner for AI model training. More here.
- Anthropic raised $4 billion from Amazon, making AWS its primary cloud partner for AI model training. More here.
- An analysis of LLMs chess capabilities available here.
🛠️ Tools
Personal Use
- huntlie - discover new products in tech.
- Zeta Office - LibreOffice in your browser.
Dev
- lla - a modern alternative to
ls
written in Rust. - Fly.io - a public cloud designed specifically for developers.
- git-crypt - allows transparent encryption of files in a Git repository, enabling secure sharing of public and private content.
- Bananas Screen Sharing - an intuitive and user-friendly screen sharing tool for Mac, Windows, and Linux.
- Stack Analyser - an easy method to extract dependencies, languages, infrastructure, SaaS, databases, and more from any repository.
- AutoFlow - an open source GraphRAG (Knowledge Graph) built on top of TiDB Vector and LlamaIndex and DSPy.
☄️ Misc
- The Indian Ocean Geoid Low is a significant gravitational anomaly caused by ancient Tethys Ocean floor subduction and mantle plumes. Read more here.
- Kyawthuite, Earth's rarest mineral, was discovered in Myanmar, featuring unique bismuth-tungsten composition and a single recognized specimen. More here.
- This study explores converting asteroid hydrocarbons into food, estimating significant biomass yields for human consumption.
- Teen mathematicians demonstrated that all knots can be embedded in the Menger sponge, advancing knot theory and fractals. Read more here.
📩 Please feel free to share this article with colleagues and friends who will find it valuable.
Thanks for reading!
Have a great day!
Bogdan