News briefs for July 17, 2019.
Malicious Python libraries have been found on the official Python Package Index (PyPI), which contain a hidden backdoor that would activate when installed on Linux systems. According to ZDNet, the three packages are named libpeshnx, libpesh and libari, and they "were authored by the same user (named ruri12) and had been available for download from PyPI for almost 20 months, since November 2017, before the packages were discovered earlier this month by security researchers from ReversingLabs. The PyPI team removed the packages on July 9, the same day ReversingLabs notified the PyPI repo maintainers about their findings." In addition, "None of the three packages ever listed a description, so it's impossible to tell what was their purpose. However, PyPI stats showed that the packages were being regularly downloaded, with tens of monthly installations for each."
Offensive Security, the creators of open-source Kali Linux, has launched the Kali NetHunter App Store, "a new one stop shop for security relevant Android applications. Designed as an alternative to the Google Play store for Android devices, the NetHunter store is an installable catalogue of Android apps for pentesting and forensics". The press release also notes that the NetHunter store is a slightly modified version of F-Droid: "While F-Droid installs its clients with telemetry disabled and asks for consent before submitting crash reports, the NetHunter store goes a step further by removing the entire code to ensure that privacy cannot be accidentally compromised". See the Kali.org blog post for more details.
IBM to reunite original Apollo 11 mission technicians today for a live panel discussion celebrating the 50th anniversary of the Apollo 11 moon landing. The panel will be available via livestream starting at 2:30pm EDT. From the press release: "Moderated by Dr. John E. Kelly, IBM Executive Vice President, from the Johnson Space Center in Houston, Texas, the panel will reunite veterans of the Apollo 11 mission to share behind-the-scenes details of what it was like to be right in the middle of the action in the lead-up to and during this historic moment in time. The panelists will also look ahead to how the future of artificial intelligence, quantum computing, and other technologies could help us reach new frontiers." The livestream will be available here.
Azul Systems announces it has created OpenJSSE, an open-source implementation of TLS 1.3 for Java SE 8, which is now included in the latest releases of its Zulu Community and Zulu Enterprise products. You can find source code, example use cases and documentation on GitHub.
Krita 4.2.3 was released this morning. This release is mainly a bug fix release, but it does include one new feature: "it is now possible to rotate the canvas with a two-finger touch gesture. This feature was implemented by Sharaf Zaman for his 2019 Google Summer of Code work of porting Krita to Android. The feature also works on other platforms, of course."