FBI server was attacked by hackers; research found that 97% of applications have vulnerabilities; Git 2.34 released | SiFu Weekly

40s News Express

• 123456 became the most commonly used password this year
• Research found that 97% of applications have vulnerabilities
• Apple plans to launch self-driving cars in four years
• Google and Agence France-Presse reach agreement to pay for news content
• Apple launches its own maintenance program
• Google Chrome browser support for Win7 will be extended to 2023
• FBI server was attacked by hackers: over 100,000 people received spam
• Eight online disk companies jointly signed a self-discipline agreement and promised to launch "undifferentiated rate" products within this year
• CentOS Linux 8.5 released
• Chrome 97 beta released
• Visual Studio Code 1.62.2 released
• Git 2.34 released
• TypeScript 4.5 official version released

Industry Information

123456 became the most commonly used password this year

NordPass announced the list of the most commonly used passwords in 2021. You don’t need to guess what the first few passwords are. This year’s number one is still 123456. It is far ahead of other passwords with 103 million “excellent results”. Well-deserved first.

Another new study shows that in India, the most popular password is not "123456", but "password". Japan is the only country outside of India where "password" is the most popular password.

Research found that 97% of applications have vulnerabilities

Synopsys recently released a "2021 Software Vulnerability Snapshot" research report, based on 3900 tests conducted on 2600 software or system targets.

Among them, 83% of the test targets are Web applications or systems, 12% are mobile applications, and the rest are source code or network systems/applications. The industries participating in the test cover software and the Internet, financial services, business services, manufacturing, media and entertainment, and healthcare.

The report data shows that 97% of the test targets have some form of vulnerability, 36% of the tests found high-risk or serious vulnerabilities; 76% of the vulnerabilities found belong to the OWASP Top 10 category, and application and server configuration errors accounted for 21% of the overall vulnerabilities found.

In mobile applications, 80% of discovered vulnerabilities are related to insecure data storage; this may allow attackers to gain access to mobile devices through physical or malicious software. Another 53% of mobile tests found vulnerabilities related to insecure communications.

In addition, 18% of the conducted penetration tests found vulnerable third-party libraries. This data also highlights the urgent need for a software bill of materials to track component usage. The report points out that although 64% of the vulnerabilities found in the test are considered to be the lowest, low or medium risk; it cannot be taken lightly, because even these vulnerabilities can be exploited to facilitate attacks.

Apple plans to launch self-driving cars in four years

People familiar with the matter said that Apple has made a major breakthrough in advancing its electric vehicle development project and shifted its research and development focus to fully autonomous driving technology. Apple’s internal goal is to launch its self-driving cars within four years (before 2025), faster than the five to seven-year timetable planned by some previous engineers.

Google and Agence France-Presse reached agreement to pay for news content

According to foreign media reports, Google announced on Wednesday that it has signed a five-year partnership agreement with AFP, which includes payment for AFP news content, which is also one of the largest licensing agreements reached by technology giants under the new French law. Google declined to disclose the financial terms of the transaction, but confirmed that the transaction will last for 5 years. The two companies said in a joint press release that they will also cooperate on verification and other projects. Agence France-Presse chief executive officer Fabrice Fries said in a statement: "This agreement is a recognition of the value of news information."

Apple launches its own maintenance program

Apple recently announced that starting with iPhone 12 and iPhone 13, it will provide individual consumers with parts, tools, and repair manuals, known as the "self-repair program." The program will allow customers to obtain Apple original parts and tools to repair the equipment themselves. It is reported that the plan will first be applied to the iPhone 12 and iPhone 13 series products, and Mac computers equipped with the M1 chip will also be added soon.

Google Chrome browser support for Win7 will be extended to 2023

The Google Chrome browser was originally scheduled to end support for Windows 7 on July 15, 2021, but due to the epidemic, it was extended to January 15, 2022.

On November 18th, Google decided to extend this deadline for another year. Chrome support on Windows 7 will end no earlier than January 15, 2023. At that time, all versions of the Windows 7 operating system will no longer receive system patches. support.

Windows 7 Home Edition stopped supporting as early as January 14, 2020. The Edge browser on Windows 7 will also stop supporting on January 15, 2023, and Internet Explorer will stop supporting on June 15, 2022.

It is unclear what level of support Google will provide for Chrome on Windows 7, but it may only include bugs and security fixes, rather than providing new features.

FBI server was attacked by hackers: over 100,000 people received spam

Recently, a hacker maliciously sent spam to at least 100,000 people through the FBI mail server. The person’s motives are unclear, and the extent to which the hackers penetrated the FBI’s e-mail system is also unclear. In an email statement, the FBI and the Cybersecurity and Infrastructure Security Agency stated that they were aware of fake emails sent from FBI accounts, but declined to disclose more information. The statement said, "The situation is continuing and we are unable to provide any additional information at this time. We continue to encourage the public to be cautious about unknown senders and urge the reporting of suspicious activities."

Eight online disk companies jointly signed a self-discipline agreement and promised to launch "undifferentiated rate" products within this year

Under the guidance of the Information and Communication Development Department of the Ministry of Industry and Information Technology, the Internet Association of China and the China Academy of Information and Communications Technology organized Baidu Netdisk, Tencent Weiyun, Tianyi Cloud Disk, He Caiyun, Alibaba Cloud Disk, Thunder Cloud Disk, 360 Secure Cloud Disk and NetEase Net Disk, etc. Eight online disk companies jointly signed the "Self-Discipline Convention on User Experience Guarantee of Personal Online Disk Service Business" in Beijing, promising to launch "undifferentiated rate" products within 2021, and provide undifferentiated upload/download rate services for all types of users.

The latest technology trends

CentOS Linux 8.5 released

The CentOS community announced the release of the latest version of CentOS Linux 8 (2111) based on the upstream Red Hat Enterprise Linux 8.5 source code.

RHEL 8.5 brings various container improvements, Cockpit network management improvements, real-time kernel patching of all RHEL minor versions, enhanced SSSH logs, NTS for NTP, RHEL system roles for Microsoft SQL Server, and various other updates and improvements .

In addition, RHEL 8.5 also supports the recently launched OpenJDK 17 and .NET 6.

Chrome 97 beta release

Google announced the new features of the Chrome 97 beta. These changes apply to the latest Chrome 97 beta for Android, Chrome OS, Linux, macOS and Windows.

Main update content

• Automatically expand detailed information elements;
• Push content security policies through response headers;
• New keyboard API features;
• Standardize existing client prompt naming, etc.

Visual Studio Code 1.62.2 released

Microsoft released the second update to version 1.62 of Visual Studio Code.

Main update content

• Git operation hangs due to the empty string in $GIT_ASKPASS;
• Solved the problem of shell environment failure in version 1.62.1;
• WSL extension installation failed;
• SetDecorations using contentText cannot be rendered on non-ASCII lines;
• Never been prompted to select a kernel in Notebooks;
• In 1.62 and later versions, semantic highlighting will flash, etc.

Git 2.34 released

Git 2.34 is now released. This update contains features and bug fixes from more than 109 contributors, 29 of which are new contributors.

Main update content

• Added a feature that supports sparse indexes to help deal with very large Git repositories similar to "monorepo" settings;
• Added multi-package reachability bitmap;
• The "ort" merge strategy is used by default;
• Support the use of OpenSSH 8.0+ SSH keys as signing keys for Git tags;
• Improved the performance of git fetch and git push

TypeScript 4.5 official version released

Microsoft recently released the official version of TypeScript 4.5.

Main update content

• Support Node.js to run ECMAScript module in night version;
• The template string can be used as a determinant;
• Remove the tail recursion of Conditional Types;
• Disable the omitted type Import and add a new Import type modifier;
• Two new code completion functions: fragment completion for rewriting or implementing methods in a class, and code completion for JSX attributes;
• The editor will directly display the original name and so on for unresolved types