Mastodon

Winsage
March 5, 2025
Integer overflows and memory corruption errors have been identified during the encoding of the kerb-message OCTET STRING field in the KDC Proxy. The ASN1encoder.buf is allocated a buffer of size 1,024, while ASN1encoder.current points to ASN1_encoder.buf + 4. The KDC Proxy accepts Kerberos responses with a maximum size of 4,294,967,295. When a Kerberos response is sent with a length from 4,294,967,291 to 4,294,967,295, an overflow occurs due to the addition being stored in a 4-byte unsigned variable, leading to a heap buffer overflow when ASN1BEREncCharString() calls memcpy(). Similarly, for responses with lengths between 4,294,966,267 and 4,294,967,290, an overflow occurs during reallocation, causing an out-of-bounds write or heap buffer overflow. An edge case arises when passing 0 as the new size to LocalReAlloc(), leading to an access violation. A remote, unauthenticated attacker could exploit this vulnerability for arbitrary code execution. Detection involves monitoring traffic on UDP port 389 and TCP port 88, focusing on Kerberos responses. If a response exceeds 0x80000000 bytes, it should be flagged as suspicious. The vulnerability was patched in November, and only KDC servers are at risk; domain controllers are unaffected. Immediate patching of all instances of the KPSSVC server is recommended.
AppWizard
February 18, 2025
Social media platform X has implemented restrictions on links to the Signal messaging application, resulting in error messages when users attempt to share signal.me links through public posts, direct messages, or profile pages. This blockage also affects existing signal.me links. Signal, known for its end-to-end encryption, is commonly used by journalists and whistleblowers. X has previously restricted links to Facebook, Instagram, Mastodon, and Substack, despite Signal not being a direct competitor. Users can still share Signal handles on X, and a workaround exists by copy-pasting the link into Signal to bypass the restrictions.
AppWizard
February 13, 2025
- The Apple TV app is set to arrive on Android devices, expanding Apple's streaming service accessibility. - Apple has partnered with Alibaba to advance artificial intelligence initiatives in China. - Apple has introduced a feature allowing users to merge their Apple Accounts for a streamlined experience. - The new Powerbeats Pro includes heart rate monitoring capabilities, appealing to fitness enthusiasts. - Announce Notifications in CarPlay aims to improve driver safety by allowing notifications without distraction. - The Sports app has added NASCAR coverage to enhance its sports content offerings. - The UK government has taken a controversial stance on encryption, raising privacy and security concerns.
Winsage
February 12, 2025
Clapper 0.8.0 introduces a libpeas-based plugin system, enhancing its media playback capabilities for other applications. Key features include an exit fullscreen keyboard shortcut (esc), a "New Window" menu item, an option to clear the playback queue, and a middle-click functionality for resizing the app window to the media aspect ratio. This version also officially supports Microsoft Windows, with the installer available on the Clapper GitHub releases page. Users can download Clapper from Flathub or build it from source, requiring GNOME 47 and associated media runtimes. An older version is available for Ubuntu users as a DEB package or unofficial snap.
AppWizard
December 26, 2024
Seal is a minimalist downloader app for Android that allows users to download videos from platforms like TikTok, YouTube, and Instagram in various formats and qualities. Zerocam is a camera replacement app that focuses on a natural photographic experience without excessive image processing, offering a free version with a limit of five photos per day and a subscription for additional features. Openvibe aggregates multiple social media platforms into one app, allowing users to post to Bluesky, Threads, Nostr, and Mastodon simultaneously. Twine is an RSS app that consolidates favorite feeds into one location and allows users to import collections via OPML files. AI Screenshot Finder helps users search and categorize their screenshots, processing data locally while leveraging cloud AI systems. Crate organizes links, recipes, and videos into custom sections and uses AI to assist in finding saved content. Sponge gamifies file management, allowing users to swipe to delete or tag files, organized by the month they were saved. Tooly is a versatile toolbox app that includes various tools for unit conversions and text formatting.
AppWizard
September 4, 2024
The Pidgin messaging app has removed the ScreenShareOTR plugin from its official third-party plugin list due to reports of its misuse, which included keyloggers and malware. The plugin was added to the list on July 6, 2024, and was reported to be malicious by a user on August 16. Security researcher Johnny Xmas confirmed the presence of a keylogger by August 22. The malicious plugin was signed with a valid certificate from INTERREX – SP. Z O.O., and it could download additional malware, including DarkGate, affecting both Windows and Linux versions of Pidgin. Pidgin's maintainer stated that the organization does not track plugin installations. In response to the incident, Pidgin will now only accept plugins with an OSI Approved Open Source License to enhance security scrutiny. Users are advised to uninstall the compromised plugin and scan their systems for threats.
Winsage
August 22, 2024
The Framework 13 laptop, equipped with an AMD Ryzen 7 7840U processor and Radeon 780M graphics, was tested for gaming performance on Windows 11 and Fedora 40. Both operating systems were set to "Performance" mode, and results were recorded from the second run of each benchmark to avoid thermal throttling. In the game "Shadow of the Tomb Raider," Fedora 40 achieved a 7% higher average framerate compared to Windows. For "Total War: Warhammer III," Windows had a slight performance lead, while in "Cyberpunk 2077," Fedora 40 outperformed Windows by 3% without FSR scaling and by 7% with FSR, also showing a 24% increase in minimum framerate when settings were adjusted from Low to Medium. In "Forza Horizon 5," Windows led by 7%, but the performance gap has narrowed significantly compared to previous years.
AppWizard
August 1, 2024
Wavelet, an equalizer app for Android, has introduced a new equal loudness feature that maintains consistent volume levels across all frequencies, improving audio playback, especially at lower volumes. This feature is based on the ISO 226 standards and the Fletcher-Munson curves, which explain how humans perceive sound at different frequencies. The upcoming version 24.05 allows users to toggle the equal loudness mode, adjusting the volume threshold for optimal performance. Users have reported enhanced listening experiences, particularly with bass clarity. Additionally, Wavelet offers various audio tuning tools, and the developer is hosting a giveaway of 100 promo codes for the pro version of the app.
Search