GitHub Announces that Free Accounts Now Can Create Private Repositories, Bash-5.0 Released, iPhone Apps Linked to Golduck Malware, Godot Game Engine Reaches 3.1 Beta, NSA to Open-Source Its GHIDRA Reverse-Engineering Tool

News briefs for January 8, 2019.

GitHub's CEO Nat Friedman yesterday announced that free accounts now can create private repositories (previously only paid accounts could have private repositories). Ars Technica reports that "Now every GitHub account can create an unlimited number of private repositories. These are still restricted—only three people can collaborate on these repositories—but a great many of those projects that once had no option but to be opened up might now be marked as private." The Ars Technica article also expresses concern that one possibility with this change is that "programs that would previously have been published as open source will now be closed up forever".

Bash-5.0 was released yesterday. This release fixes several bugs and introduces many new features. From the release announcement: "The most notable new features are several new shell variables: BASH_ARGV0, EPOCHSECONDS, and EPOCHREALTIME. The `history' builtin can remove ranges of history entries and understands negative arguments as offsets from the end of the history list. There is an option to allow local variables to inherit the value of a variable with the same name at a preceding scope. There is a new shell option that, when enabled, causes the shell to attempt to expand associative array subscripts only once (this is an issue when they are used in arithmetic expressions). The `globasciiranges' shell option is now enabled by default; it can be set to off by default at configuration time."

Security researchers at Wandera recently discovered "more than a dozen iPhone apps covertly communicating with a server associated with Golduck, a historically Android-focused malware that infects popular classic game apps." According to TechCrunch, the malware was discovered more than a year ago and affected retro-style games on Google Play "by embedding backdoor code that allowed malicious payloads to be silently pushed to the device". See the post for more details.

Godot, the open-source, cross-platform game engine, announced it has entered the beta phase for Godot 3.1. New features include the OpenGL ES 2.0 renderer, visual shader editor, improved animation editor, WebSockets support and much more. See the Changelog for the full list. Note that this is a beta build and not intended for use in production.

The NSA plans to open-source its GHIDRA reverse-engineering tool. It's FOSS reports that senior NSA advisor Robert Joyce wrote in his session description for the March RSA Conference 2019, "NSA has developed a software reverse engineering framework known as GHIDRA, which will be demonstrated for the first time at RSAC 2019. An interactive GUI capability enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS, and Linux and supports a variety of processor instruction sets. The GHISDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed. and will be released for free public use at RSA."