At least some 300,000 machines reachable on the internet are vulnerable to a remote code execution vulnerability that appears to be rather easy to execute on all of those. The vulnerable package is cups-browsed - a tool for printing - which does get installed by default on many desktop linux systems but who knows ... maybe you are running some media server with your bitcoin wallet and your printer reachable via the same RaspberryPi? Check your machines. Android appears not to run cups but if you run Linux or Mac, you might want to double-check if you're one of the lucky 300,000 that get to update their system **now**.

evilsocket

Attacking UNIX Systems via CUPS, Part I

At WalletScrutiny.com, we track 4574 apps on Google Play. 2956 of those are not on Google Play anymore. Can that be right? The Apple App Store "only" shows 550 of 1291 apps as removed. Either way, especially if you found a cool new wallet, assume the fun will not last.

We have long been working on testing desktop wallets but it's really tricky as there is just so many binaries floating around for what claims to be the same product. Even Bitcoin Core is showing 8 download options depending on your operating system or distribution channel preference: With snapcraft obviously being tricky: Either way, for desktop wallets, most of the time people have download links and want to verify those downloads, so Chris is working on a binary checker. It's still only a draft merge request and clearly needs a design but what it will enable is actually pretty cool: WalletScrutiny calculates the hash of the file dropped onto it and if it's an apk, it also determines the appId which allows finding the right product. If the hash is known, the verdict is immediately displayed. If not, the page invites the user to upload the file for analysis. The attestations for artifacts will live on nostr as signed events and nostr will also be used to advertise the existance of new binaries for reviewers.

Not all metal backups are made equally. If you use metal to not have to also worry about your bitcoins when your house is on fire, don't use this product: But running these tests must have been great fun, right @Jameson Lopp? If we add these backup solutions to our website, we would certainly heavily lean on Jameson Lopp's work as a hydrolic press and acids isn't what we had planned to play around with ourselves for now. Jameson are you planning to test more products any soon? Adding "backup tools" to WalletScrutiny might get excessive if we don't draw lines like you did. If it's not at least claiming to be heat resistant, we won't bother to list it or else we end up listing a million different ways to print on paper.

Some fan art ✨ 🎶 🎶 Which one do you like best?