Month: April 2025

Vertrauliche Daten können durch eine Shell leicht abhandenkommen. Das lässt sich aber vermeiden! Eine Anleitung von Linus Heckemann (Security, API)

Google is hosting dozens of extensions in its Chrome Web Store that perform suspicious actions on the more than 4 million devices that have installed it and that the developer has taken pains to carefully conceal.

The extensions, which so far number at least 35, use the same code patterns, connect to some of the same servers, and require the same list of sensitive systems permissions, including the ability to interact with web traffic on all URLs visited, access cookies, manage browser tabs, and execute scripts. In more detail, the permissions are:

• Tabs: manage and interact with browser windows
• Cookies: set and access stored browser cookies based on cookie or domain names (ex., "Authorization" or "all cookies for GitHub.com")
• WebRequest: intercept and modify web requests the browser makes
• Storage: ability to store small amounts of information persistently in the browser (these extensions store their command & control configuration here)
• Scripting: the ability to inject new JavaScript into web pages and manipulate the DOM
• Alarms: an internal messaging service to trigger events. The extension uses this to trigger events like a cron job as it can allow for scheduling the heartbeat callbacks by the extension
• <all_urls>: This works in tandem with other permissions like webRequest, but allows for the extension to be functionally interact all browsing activity (completely unnecessary for an extension that should just look at your installed extensions

These sorts of permissions give extensions the ability to do all sorts of potentially abusive things and, as such, should be judiciously granted only to trusted extensions that can’t perform core functions without them.

Read full article

Comments

Unter dem Druck, neue Sprachmodelle schnell zu veröffentlichen, verkürzt OpenAI die Sicherheitstests für seine KIs drastisch. (OpenAI, KI)

I recently wrote a story about the wild ride of the Starliner spacecraft to the International Space Station last summer. It was based largely on an interview with the commander of the mission, NASA astronaut Butch Wilmore.

His account of Starliner’s thruster failures—and his desperate efforts to keep the vehicle flying on course—was riveting. In the aftermath of the story, many readers, people on social media, and real-life friends congratulated me on conducting a great interview. But truth be told, it was pretty much all Wilmore.

Essentially, when I came into the room, he was primed to talk. I'm not sure if Wilmore was waiting for me specifically to talk to, but he pretty clearly wanted to speak with someone about his experiences aboard the Starliner spacecraft. And he chose me.

Read full article

Comments

Welcome to Edition 7.39 of the Rocket Report! Not getting your launch fix? Buckle up. We're on the cusp of a boom in rocket launches as three new megaconstellations have either just begun or will soon begin deploying thousands of satellites to enable broadband connectivity from space. If the megaconstellations come to fruition, this will require more than a thousand launches in the next few years, on top of SpaceX's blistering Starlink launch cadence. We discuss the topic of megaconstellations in this week's Rocket Report.

As always, we welcome reader submissions. If you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets as well as a quick look ahead at the next three launches on the calendar.

So, what is SpinLaunch doing now? Ars Technica has mentioned SpinLaunch, the company that literally wants to yeet satellites into space, in previous Rocket Report newsletters. This company enjoyed some success in raising money for its so-crazy-it-just-might-work idea of catapulting rockets and satellites into the sky, a concept SpinLaunch calls "kinetic launch." But SpinLaunch is now making a hard pivot into small satellites, a move that, on its face, seems puzzling after going all-in on kinetic launch, and even performing several impressive hardware tests, throwing a projectile to altitudes of up to 30,000 feet. Ars got the scoop, with the company's CEO detailing why and how it plans to build a low-Earth orbit telecommunications constellation with 280 satellites.

Read full article

Comments

Innovation, Forschung oder zukünftige Energieversorgung erhalten viel Platz im Koalitionsvertrag. Zwischendurch hat aber der Übermut Einzug gehalten. Ein IMHO von Mario Petzold (Koalitionsvertrag, KI)

Ein Team aus Bastlern hat Spannungsschwankungen und Bugs bekämpft und Faceball 2000 auf dem Game Boy im 16er-Multiplayer gespielt. (Game Boy, Spiele)

Das National Recording Register der USA hat den Windows-95-Track ins Archiv aufgenommen - genauso wie die Hintergrundmusik in Minecraft. (Windows 95, Microsoft)

Das National Recording Register der USA hat den Windows-95-Track ins Archiv aufgenommen - genauso wie die Hintergrundmusik in Minecraft. (Windows 95, Microsoft)

Der iPad-Stift von Variglas, Bestseller unter den Apple-Pencil-Alternativen, bietet grundlegende Funktionen zu einem deutlich geringeren Preis. (Technik/Hardware, Apple Pencil)