• Dev Notes
  • Posts
  • Entirely New Way For Hackers To Backdoor Into Microsoft Windows

Entirely New Way For Hackers To Backdoor Into Microsoft Windows

Good Morning! Do you think the (OSS) ecosystem is facing a "bubble" that will burst. While OSS is not a typical tech hype bubble, this author argues there are concerning trends that threaten the fundamental values and sustainability of the OSS movement. These include the debate over the "open-source AI" definition, the rise of "source-available" licenses, and the EU's cut to open-source funding.

Entirely New Way For Hackers To Backdoor Into Microsoft Windows

This bad boy, dubbed Backdoor.Msupedge, is employing a rarely-seen technique that's got security experts raising their eyebrows. It's using DNS traffic to chat with its command-and-control (C&C) server, flying under the radar of many traditional security measures.

What's New:

  • The backdoor, disguised as a DLL, sets up shop in specific file paths and uses DNS tunneling based on the open-source dnscat2 tool.

  • It's got some tricks up its sleeve, including using the resolved IP address of its C&C server as a command switch. Pretty clever, right?

The backdoor supports various commands, from creating processes to downloading files and even taking strategic naps. The initial breach likely exploited a recent PHP vulnerability (CVE-2024-4577), affecting Windows-based PHP installations.

While we're still in the dark about who's behind this or their endgame, it's a reminder that attackers are constantly upping their game. As always, keep your systems patched and your eyes peeled for unusual DNS traffic.

Read More Here

AI-Assisted Code Transformation Saved Us 4,500 Years of Developer Work

Amazon Q's new code transformation capability according to Andy Jassy’s tweet. This AI assistant is turning the tables on Java upgrades:

  • Time to upgrade to Java 17? Slashed from 50 developer-days to mere hours.

  • 50% of Amazon's production Java systems modernized in under 6 months.

  • 79% of auto-generated code reviews shipped without changes.

  • Estimated savings: A whopping 4,500 developer-years of work and $260M in annualized efficiency gains.

Read More Here

A new definition of open-source AI could clarify an industry debate

Justin Sullivan/Getty Images

The AI world has been split between those advocating for openness (think Meta and IBM) and those cautioning against it (like OpenAI and Anthropic) for a while actually. The lack of a clear definition for open-source AI hasn't helped matters. But now, the Open Source Initiative (OSI) is stepping in to clear the air.

The OSI has released a draft definition of open-source AI, and it's got some interesting points:

  1. Source code for training and running the AI? Open.

  2. Model weights and parameters? Also open.

  3. Training data? Well, that's where it gets tricky.

Instead of requiring the full dataset release (which could be a legal minefield), the OSI suggests providing enough info for a skilled person to recreate a similar system using comparable data.

This definition could be a game-changer for upcoming AI regulations, providing a concrete metric for what qualifies as "open-source AI." It's not set in stone yet, but it's a solid step towards bringing some order to the Wild West of AI development.

Read More Here

🔥 More Notes

📹 Youtube Spotlight

SpaceX Completing a Boeing Mission: NASA’s Backup Plan, Explained | WSJ

Wall Street Journal

Was this forwarded to you? Sign Up Here