Hudson's bootkit takes advantage of a vulnerability in how Apple computers deal with peripheral devices connected over Thunderbolt ports during a firmware update. In these cases, the flash is left unlocked, allowing an Option ROM, or peripheral firmware, to run during recovery mode boots. It then has to slip past Apple's RSA signature check. Apple stores its public key in the boot ROM and signs firmware updates with its private key. The Option ROM over Thunderbolt circumvents this process and writes its own RSA key so that future updates can only be signed by the attacker's key. The attack also disables the loading of further Option ROMs, closing that window of opportunity.
As a smaller and cross-platform subset of the .NET Framework, it will have its own update schedule, updating multiple times a year, while .NET will be updated once a year. At the release of .NET 4.6, Core will be a clear subset of the .NET Framework. With future iterations it will be ahead of the .NET Framework. "The .NET Core platform is a new .NET stack that is optimized for open source development and agile delivery on NuGet. We're working with the Mono community to make it great on Windows, Linux and Mac, and Microsoft will support it on all three platforms."
Nicholas St. Fleur writes at The Atlantic that low oil prices may also undermine the message from the UN's climate panel. The price drop comes after the UN declared earlier this week that fossil fuel emissions must drop to zero by the end of the century in order to keep global temperatures in check. "I don't think people will see the urgency of dealing with fossil fuels today," says Perl. Falling oil prices may also deter businesses from switching to energy-saving technology, as a 2006 study in the Energy Journal suggested. Saving several pennies at the pump, Perl says, may tempt Americans away from actions that can lead to a sustainable, post-carbon future.
Researchers at Palo Alto Networks discovered and dubbed the threat WireLurker because it spreads from infected OS X computers to iOS once the mobile device is connected to a Mac via USB. The malware analyzes the connected iOS device looking for a number of popular applications in China, namely the Meitu photo app, the Taobao online auction app, or the AliPay payment application. If any of those are found on the iOS device, WireLurker extracts its and replaces it with a Trojanized version of the same app repackaged with malware.
Patient zero is a Chinese third-party app store called Maiyadi known for hosting pirated apps for both platforms. To date, Palo Alto researchers said, 467 infected OS X apps have been found on Maiyadi and those apps have been downloaded more than 350,000 times as of Oct. 16 by more than 100,000 users.
HyperTalk wasn't just easy, it was also fairly powerful. Complex object structures could be built to handle complicated tasks, and the base language could be expanded by a variety of available external commands and functions (XCMDs and XFCNs, respectively), which were precursors to the modern plug-in. But ultimately, HyperCard would disappear from Mac computers by the mid-nineties, eclipsed by web browsers and other applications which it had itself inspired. The last copy of HyperCard was sold by Apple in 2004. "One thing that's changed in the intervening decades is that the hobbyist has largely gone by the wayside. Now you're either a user or a full-fledged developer, and the gulf is wider than ever," writes Peter Cohen. "There's really nothing like it today, and I think the Mac is lesser for it."