Quote:

How to Encrypt an Email in Outlook

How to Encrypt Email in Kleopatra

How to Send Encrypted Email. Top 5 Choices in Secure Email Agents.

Quote:

The Zen 3 cometh

With the Ryzen 5000 series, it's fair to say that AMD has finally, and fully, eclipsed Intel's performance dominance in desktop PCs. AMD's Zen 3 architecture has landed in the new Ryzen 5000 series, breaking the 5GHz barrier with a newer version of AMD's most successful architecture to date. We've got plenty of gaming and application benchmarks, power measurements, and thermal testing here in this article to serve as a guide to the performance you can expect from AMD's most dominant series of processors in more than a decade. We also have pricing guides and links to tips on where to find the chips at retail, and you can see how the Ryzen 5000 chips rank compared to Intel's chips in our CPU Benchmark Hierarchy.

The desktop PC was first on AMD's Zen 3 chopping block, but the new microarchitecture will eventually power AMD's full lineup of next-gen processors, including the Ryzen 5000 "Vermeer" desktop processors that have taken over our list of Best CPUs, and the EPYC Milan data center processors. AMD has also now announced its new Ryzen 5000 Mobile series, which is coming to retail soon in a host of new laptops. 

The first four Ryzen 5000 series desktop PC models stretch from the $299 Ryzen 5 5600X up to the $799 Ryzen 9 5950X. Barring shortages, the CPUs are on shelves now and represent a massive shift in the AMD vs Intel CPU wars. AMD has finally eclipsed Intel's desktop PC processors in every single metric that matters, like single- and multi-threaded workloads, productivity applications, and 1080p gaming performance, all by surprising margins. 

AMD's Zen 3 features a ground-up rethinking of the microarchitecture that finally allows it to take the 1080p gaming performance lead from Intel. Paired with a 19% boost to instructions per cycle (IPC) throughput and peak rated boost speeds of up to 4.9 GHz, Zen 3 is the magic 7nm bullet that finally upsets Intel from its position at the top of our CPU gaming benchmarks. In fact, given what we've seen so far, it looks like AMD could soon enjoy a dominating position in the desktop PC market unlike anything we've seen since the Athlon 64 days.  

Intel is stuck with its Comet Lake CPUs until next month to try to fend off the Ryzen 5000 series when Rocket Lake arrives in Q1 2021. Intel has finally dropped the details on Rocket Lake, revealing that it comes with a backported Cypress Cove microarchitecture that also delivers a 19% IPC gain, just like Zen 3, which might help even the score against the Ryzen 5000 processors in some areas - but definitely not all. Rocket Lake tops out at eight cores, and it's not coming to market until March while Zen 3 is on shelves now.

Here's the Zen 3 Ryzen 5000 series processors that AMD has launched thus far, but we expect more to come to market soon:

AMD Ryzen 5000 Series CPUs Zen 3 Ryzen 5000 Series Processors
RCP (MSRP) Cores/Threads Base/Boost Freq. TDP L3 Cache

---

Ryzen 9 5950X $799 16 / 32 3.4 / 4.9 GHz 105W 64MB (2x32)
Ryzen 9 5900X $549 12 / 24 3.7 / 4.8 GHz 105W 64MB (2x32)
Ryzen 7 5800X $449 8 / 16 3.8 / 4.7 GHz 105W 32MB (2x16)
Ryzen 5 5600X $299 6 / 12 3.7 / 4.6 GHz 65W 32MB (2x16)

AMD's Zen 3 Ryzen 5000 series begins with the impressive 16-core 32-thread Ryzen 9 5950X that has a recommended $799 price tag. This chip boosts up to 4.9 GHz, has 64MB of unified L3 cache, and a 105W TDP rating. As you'll see in the CPU benchmark comparisons below, AMD's Ryzen chip is faster than Intel's 10-core Core i9-10900K in pretty much everything, which isn't surprising — Intel has no equivalent for the mainstream desktop.

The $549 Ryzen 9 5900X slots in as the more mainstream contender, at least by AMD's definition of 'mainstream,' with 12 cores and 24 threads that boost up to 4.8 GHz. This chip beats the Core i9-10900K by even more impressive margins in gaming. 

The 6-core 12-thread $299 Ryzen 5 5600X's base clocks come in at 100 MHz less than the previous-gen 3600XT, while boosts are 100 MHz higher at 4.6 GHz. AMD's previous-gen 6C/12T Ryzen 5 3600XT had a 95W TDP, but AMD dialed that back to 65W with the 5600X, showing that Zen 3's improved IPC affords lots of advantages. Despite the reduced TDP rating, the 5600X delivers explosive performance gains. 

The Ryzen 5 5600X's $300 price tag establishes a new price band for a mainstream processor, so Intel doesn't have chips with an identical price range; the Core i5-10600K is the nearest Intel comparable. This chip carries a $262 price tag for the full-featured model, while the graphics-less 10600KF weighs in at $237. 

Intel's Core i7-10700K also isn't nearly as fast as the 5600X in gaming and lightly-threaded work, and overclocking doesn't change the story in any meaningful way. It does have two additional cores that might make it a compelling value alternative for content creation-focused tasks, but its $375 price tag makes that an iffy proposition. If there's room in the budget, it is better to step up another Ryzen tier.

But AMD does have a glaring hole in its product stack: You'll have to shell out an extra $150 to step up from the $300 6C/12T Ryzen 5 5600X to the $450 8C/16T Ryzen 7 5800X, which is a steep jump that leaves room for the 10700K to operate. Based upon product naming alone, it appears there is a missing Ryzen 7 5700X in the stack, but it remains to be seen if AMD will actually introduce that model. 

AMD also recently announced the Ryzen 9 5900 and Ryzen 7 5800 processors, but those are destined for OEMs, meaning you won't be able to find them at retail. The company also announced its Ryzen 5000 Mobile 'Cezanne' processors at CES 2021, bringing the power of Zen 3 to laptops for the first time, which we'll dive into further below. 

As odd as it sounds, Intel may have one hidden advantage — pricing. AMD now positions the Ryzen 5000 series as the premium brand. As a result, AMD has pushed pricing up by $50 across the stack compared to its Ryzen XT models. However, the XT family doesn't really represent AMD's best value; its own Ryzen 3000 series, which comes at much lower price points, holds that crown. As a result, Intel's Comet Lake CPUs now have comparatively lower price points than AMD's Ryzen 5000 series. 

However, AMD still maintains the performance-per-dollar lead that justifies the price tag. Let's see below how that shakes out.  
...

Quote:

But watch out for the Apple M1.

The first alleged independent benchmark results of AMD's recently introduced eight-core Ryzen 9 5980HS "Cezanne" laptop processors have been published. AMD's Zen 3-based chip uses integrated Radeon graphics, and, according to the new numbers, beats its predecessor and Intel 10th Gen Comet Lake in single- and multi-core workloads, as well as 11th Gen intel Tiger Lake in single-core. However, there is a processor that still beats AMD's Cezanne. 

Hardware enthusiast @Tum_Apisak found two Geekbench 5 results from the Asus ROG Flow X13. The gaming notebook runs the eight-core Ryzen 9 5980HS at a 3.30 GHz default clock speed and can boost it all the way to a 4.53 GHz. In one case, AMD's Cezanne APU hit a 1,532 single-core score and 8,219 multi-core score. In another case, the processor finished with 1,541 single-core points and 8,224 multi-core points.  

CPU Single-Core Multi-Core Cores/Threads, uArch Cache Clocks TDP Link

---

AMD Ryzen 9 5980HS 1540 8,225 8C/16T, Zen 3 16MB 3.30 ~ 4.53 GHz 35W https://browser.geekbench.com/v5/cpu/6027200
AMD Ryzen 9 4900H 1230 7,125 8C/16T, Zen 2 8MB 3.30 ~ 4.44 GHz 35~54W https://browser.geekbench.com/v5/cpu/6028856
Intel Core i9-10885H 1335 7,900 8C/16T, Skylake 16MB 2.40 ~ 5.08 GHz 45W https://browser.geekbench.com/v5/cpu/6006773
Intel Core i7-1185G7 1550 5,600 4C/8T, Willow Cove 12MB 3.0 ~ 4.80 GHz 28W https://browser.geekbench.com/v5/cpu/5644005
Apple M1 1710 7,660 4C Firestorm + 4C Icestorm 12MB + 4MB 3.20 GHz 20~24W https://browser.geekbench.com/v5/cpu/6038094

Typically, Cezanne looks very good compared to previous-generation AMD and Intel architectures. The most interesting comparison we can make with a Zen 3 APU is with an Intel Willow Cove processor. Since Intel hasn't launched its eight-core Tiger Lake-H chips yet, quad-core Core i7 1100-series "Tiger Lake-U" processors are the only available CPUs featuring the Willow Cove microarchitecture. These CPUs are not quite meant for gaming machines and, therefore, come inside notebooks with less sophisticated cooling. 

Generally, Intel Core i7-1185G7-based machines score 1,350-1450 single-core points on Geekbench 5. A well-cooled example can hit around 1,550 on a single core and about 5,600 on multi-cores. 

Therefore, it looks like mobile CPUs featuring AMD's Zen 3 and Intel's Willow Cove cores have comparable single-core performance (assuming that both are cooled properly). Naturally, AMD's eight-core gaming APU naturally beats Intel's quad-core CPU in workloads leveraging multiple cores. 

As far as Geekbench 5 results go, AMD's Ryzen 9 5980HS looks like a very potent mobile APU with a 35W TDP. Yet, it's not unbeatable. 

Apple's tiny M1 system-on-chip  (SoC) running at 3.20 GHz scored 11% better than the Ryzen 9 5980HS in single-core workloads and 7% worse in multi-core workloads while consuming about 30% less power, assuming that its TDP is up to 24W. 

AMD's eight-core Ryzen 9 4900H "Renoir" APUs, based on the Zen 2 microarchitecture, scores about 1,230 single-core points and around 7,100 multi-core points when running at 3.30 / 4.44 GHz clocks in Geekbench 5. Therefore, the new Cezanne APU is apparently 25% faster than its Renoir predecessor in single-core tasks and about 15% faster in multi-core workloads. 

Cezanne's noticeably higher performance compared to its predecessor can be explained by microarchitectural improvements, as well as a two times larger L2 cache. The Ryzen 94900H is rated for up to a 54W TDP, whereas the new one has a default TDP of 35W. 

A comparison of the new numbers for the Ryzen 9 5980HS to Intel's eight-core Core i9-10885H, Intel's fastest mobile Comet Lake CPU with a locked multiplier, suggests the Ryzen 9 5980HS is 15% faster in single-core workloads and 4% faster in multi-core tasks. 

It should be noted that the Ryzen 9 5980HS numbers haven't been confirmed, so you should take them with a grain of salt.
...

Quote:

Full speed ahead!

Hardware detective APISAK spotted Intel's Rocket Lake Core i9-11900K running full blast at 5.3Ghz (single-core) in Geekbench 5 and PassMark. Surprisingly, the chip manages to beat all of AMD's Zen 3 parts in the single-threaded tests. This somewhat verifies what we saw at CES 2021 where Intel showed its 11900K beating a Ryzen 9 5900X by roughly 5% in pure single-threaded workloads, portending a shakeup to our CPU Benchmark Hierarchy.

PassMark Single-Threaded Scores:

• Core i9-11900K - 3764
  
• Core i7-11700K - 3548
  
• Ryzen 7 5800X - 3511
  
• Ryzen 9 5900X - 3500
  
• Ryzen 9 5950X - 3493
  
• Ryzen 5 5600X - 3386
  
• Core i9-10900K - 3173
  
• Core i7-10700K - 3083
  

The i9-11900K scored 3764 points in Passmark, with the closest rival, the i7-11700K, landing at 3548 points. Meanwhile, the Ryzen 7 5800X weighs in with 3511 points. (Strangely, the higher-clocked Ryzen 9 5900X and 5950X scored lower than the 5800X.) 

If we compare the best of Team Blue to Team Red, the 11900K is 6% faster than the 5800X -- and even less if we compare it to the 11700K.

GeekBench 5 Scores: 

Single Threaded Scores:

• Core i9-11900K - 1892
  
• Ryzen 9 5950X - 1682
  
• Ryzen 7 5800X - 1669
  
• Ryzen 9 5900X - 1664
  

Multi-Threaded Scores:

• Ryzen 9 5950X - 16726
  
• Ryzen 9 5900X - 14061
  
• Core i9-11900K - 10934
  
• Ryzen 7 5800X - 10427
  

Moving over to the Geekbench 5 results, the 11900K maintains its single-threaded performance lead, beating the 5950X by 12% (which in Geekbench is on top of the single-threaded chart for AMD). 

But, of course, Rocket Lake's higher frequency and backported cores won't give the 11900K an advantage in the multi-core race, where the 5900X and 5950X easily beat Intel's best. But if we compare just the eight-core models, the 11900K does come out 4% faster than the 5800X.

Conclusion:

If any of these benchmarks are representative of the Core i9-11900K's real-world performance (spoiler alert, these benchmarks generally are not), then Intel will have beaten AMD in the single-threaded race and re-claimed that crown once again. But when it comes to multi-threaded performance, the Core i9-11900K really gets hit hard from being downgraded to eight cores.

We'll have to see how this all plays out once Rocket Lake fully releases and we get our hands on these chips ourselves to benchmark. If the story for Rocket Lake is similar to the story here, Intel will have to price the 11900K aggressively to keep it competitive against AMD's Ryzen 9 parts.
...

Quote:

Over the years, Intel’s consumer processor lineup has featured its usual array of overclocking ‘K’ models, and more recently the ‘F’ series that come without integrated graphics. The bulk of the lineup however are still the versions without a suffix, the ‘nones’, like the Core i7-10700 in this review. These processors sit in the middle of the road, almost always having a 65 W TDP compared to the 91-125 W overclockable models, but also having integrated graphics, unlike the F family. What makes it interesting is when we pair one of these 65 W parts against its 125 W overclocking counterpart, and if the extra base and turbo frequency boost is actually worth the money in an era where motherboards don't seem to care about power?

Intel’s Core i7-10700 at 65 W: Is It Really 65 W?

The understanding of the way that Intel references its TDP (thermal design point) values has gone through a mini-revolution in the last few years. We have had an almost-decade of quad-core processors at around 90 W and 65 W, and most of them would never reached these numbers even under turbo modes - for example, the Core i5-6600K was rated at 91 W, but peak power draw was only 83 W. This has been the norm for a while, until recently when Intel had to start boosting the core count. As we have slowly gone up in core count, from 4 to 6 to 8 and now 10, these numbers have seemed almost arbitrary for a while.

The reason comes down to what TDP really is. In the past, we used to assume that it was the peak power consumption of the processor was its TDP rating – after all, a ‘thermal design point’ of a processor was almost worthless if you didn’t account for the peak power dissipation. What makes Intel’s situation different (or confusing, depending on how you want to call it) is that the company defines its TDP in the context of a 'base' frequency. The TDP will be the maximum power under a sustained workload for which the base frequency is the minimum frequency guarantee. Intel defines a sustained workload one in which the 'turbo budget' has expired, and the processor will achieve its best frequency above base frequency (but not turbo modes).

The point about ‘not turbo’ is the key element here. Intel’s TDP ratings are only in effect for the base frequency, not the turbo frequency. If a PC is built with a maximum power dissipation in mind, allowing a processor to turbo above that power might have catastrophic consequences for the thermal performance of that system. The other angle is that Intel never quotes the turbo power levels (also known as Power Level 2, or PL2) alongside the other specifications, although they are technically in the specification documents when they get released.

On top of all this, motherboard manufacturers also get a say in how a processor performs. Because turbo power is only an optional suggestion from Intel, technically Intel will accept any value for the ceiling of the turbo power, and accept turbo under any circumstances if the motherboard manufacturer wants it.

Motherboard manufacturers overengineer their motherboards to support longer turbo times (or overclocking), and so they will often ignore these Intel recommended values for PL2, allowing the processor to turbo harder for longer, and in a lot of cases of premium motherboards, indefinitely.

So why does all this matter with respect for this review? Well my key comparison in this review is our new processor, the Core i7-10700, up against its overclocking counterpart, the Core i7-10700K. Aside from the suffix difference, the K variant has a TDP almost twice as high, and this manifests almost entirely in the base frequency difference.Even though the TDP is 125 W vs 65 W, the peak turbo frequency difference is only +300 MHz, and the all-core turbo difference is only +100 MHz. In contrast, the base frequency difference is +900 MHz, and that is ultimately what the user is paying for. But this base frequency only matters if the motherboard bothers to put a cap on turbo budgets.

The base frequency is more of a minimum guaranteed frequency, than an absolute 'this is what you will get' value under a sustained workload. Intel likes to state that the base frequency is the guarantee, however if a processor can achieve a higher frequency while power limited, it will - if it can achieve that power value with 200 MHz above base frequency, it will run at the higher frequency. If this sounds familiar, this is how all AMD Ryzen processors work, however Intel only implements it when turbo is no longer available. This ends up being very processor dependent. 

For the turbo, as mentioned, Intel has recommendations for power levels and turbo time in its documentation, however OEMs and motherboard manufacturers are free to routinely ignore it. This is no more obvious than when comparing these two processors. What does this mean for end-users? Well, graphs like this.
...

Quote:

Evade spammers, take control of your notifications, and protect your Discord account from hijacking.

It’s more fun to compete with your friends on CS:GO or Apex Legends if everyone is on the same instant messaging platform. For lots of people, having a platform to joke around, chat in general, and stream gameplay for friends is a crucial part of the game. If you’re a big fan of online games, you’ve probably already used Discord, which over the years has become the go-to communication channel for gamers. Some games and gaming platforms have their own

Discord servers for finding teammates, contacting tech support, or just chatting.

As you might guess, though, it’s not only people with a shared hobby who are drawn to large communities; scammers, spammers, and trolls turn up as well.

And if you don’t take care of your privacy and security settings beforehand, they can ruin the fun of playing or chatting on Discord. Here’s how to set up the messaging service properly.

• Where to find the security and privacy settings on Discord
  
• How to protect your Discord account from hijacking
  
• How to set up two-factor authentication on Discord
  
• How to get rid of spammers on Discord
  
• How to remove annoying notifications on Discord
  
• How to hide your data from prying eyes
  • How to stop Discord from collecting your data
    
  • How to restrict third-party applications from accessing Discord data
    
  • How to hide your data and game activity from strangers
    
• How to protect other accounts
  

Where to find the security and privacy settings on Discord

All of the options we need here are in the User settings menu. Click the gear icon underneath your list of friends and chats to open it.

How to protect your Discord account from hijacking

First, let’s deal with account security. If you have a simple password, set a new one — preferably a very long one (not sure how?). It helps to include numbers, a mix of capital and lowercase letters, and special characters, but length is the most important thing.

To change your Discord password on your computer:

• Go to My Account;
  
• Click Change Password;
  
• Enter your old password, then the new one;
  
• Click Done.
  

The process is a bit different in the mobile app:

• Swipe the current chat to the right. Then, in the bottom menu, tap on your avatar;
  
• Select Account (iOS) or My account (Android);
  
• Tap Change password;
  
• Enter your old password and the new one;
  
• Tap Save.
  

Now hacking your account will be a lot harder!

How to set up two-factor authentication on Discord

To lock out cybercriminals, turn on Discord’s two-factor authentication. That way, when you log in to your account, Discord will request a one-time code from you. You can use an authenticator app such as Authy or Google Authenticator. You’ll need to have the app installed on your smartphone or tablet, but it may come in handy for protecting other accounts as well.

On a computer:

• Go to My Account and click Enable Two-Factor Auth;
  
• Launch the authenticator app and scan the QR code from the screen, or enter the code manually;
  
• In the Login with your code field, enter the six numbers the authenticator gives you and click Activate.
  

Done! You’re now protected. For safety’s sake, add your phone number and download backup codes; they’ll come in handy if you need a code but don’t have access to the authenticator app.

If you’re using Discord from a smartphone or tablet:

• Go to Account (iOS) or My Account (Android) and tap Enable Two-Factor Auth;
  
• Tap Next, copy the code from Discord, tap Next again and open the authenticator app;
  
• Enter the code from the authenticator app in Discord.
  

How to get rid of spammers on Discord

Now, let’s make messaging better. To prevent spammers and other dubious people from swamping your messages, sort out your privacy settings and set the appropriate level of sociophobia.

• Open Privacy & Safety;
  
• Under Safe direct messaging, select Keep me safe.
  

With that option enabled, Discord’s artificial intelligence will scan all incoming images and block junk. If you trust all of your Discord friends, select the My friends are nice option and the AI will skip messages from them.

You can also stop random people from adding you to their friend lists by going to the section aptly named Who can add you as a friend and designating groups from whom you are prepared to accept friend requests. It should come as no surprise that choosing the Everyone option increases your chances of encountering spam in your inbox.

You can also choose to Allow direct messages from server members — a shared setting for all servers you join. The setting is enabled by default, but you can set your own rules for each server.

To do so, go back to the main Discord window, right-click the server logo in the menu at the left and select Privacy Settings. In the mobile version, click on the three dots to the right of the server name and enable the option in the Direct messages section.
...

Quote:

Mozilla Add-ons Product Manager Jorge Villalobos announced the end of Mozilla's Promoted Add-ons pilot for the Firefox web browser on January 21, 2021. The organization decided not to move forward and make the program a permanent feature of the browser's add-ons ecosystem.
 

Quote:After reviewing the pilot results, we have decided not to move forward with this iteration of the program.

Mozilla introduced the program in September 2020 as a pilot program called Promoted Add-ons. The main idea was to provide developers with an option to get their add-ons promoted by Mozilla, and for Mozilla to extend the number of add-ons that would get reviewed through payments made by accepted developers.

Selected add-ons would get manual reviews and as a consequence, if successful, a verified badge on the add-ons profile page and Mozilla's Add-ons homepage.

Up until that point, only extensions selected by Mozilla for its Recommended Extensions program would be code-reviewed by the organization and would receive these batches to increase user trust in them.

The Recommended Extensions program created a two-tier add-ons system, with verified extensions on one side and all other extensions on the other. Verified extensions would get promoted, some included in Firefox for Android, and all other extensions display a scary message when opened with Firefox stating that the extension is not monitored by Mozilla and that users should only install trusted extensions.

Participation was free of charge during the pilot, but the idea was to evolve the pilot into a paid service that developers could utilize to get extra exposure for their add-ons; this won't happen as Mozilla decided to end the program entirely.

Mozilla provides no explanation why it decided to end the program. The program has been criticized since its introduction. Some feared that it would allow companies with deep pockets to buy promotions and cause some developers to stop developing add-ons for the browser.

Now You: Did Mozilla the right thing to end the program after the pilot?
...

Quote:

If you are using the Nightly version of the Thunderbird email client, called Thunderbird Daily, then you may have noticed that recent versions of Thunderbird Daily use multiple processes. Stable and Beta versions of Thunderbird use a single process on the other hand.Thunderbird, being based on code that Mozilla Firefox uses, will follow the Firefox web browser.

Mozilla introduced support for a multi-processor architecture in Firefox in the year 2016 to improve the browser's stability. Downside to using multiple-processes is that the browser uses more memory. Google Chrome and all Chromium-based browsers have a multi-process architecture as well.

The first step towards a multi-process architecture has been made in Thunderbird Daily. The current implementation won't provide "noticeable improvements" for the foreseeable future, but it is the cornerstone that future improvements will build-on.

Thunderbird users won't notice changes when they upgrade to a Daily version that supports multiple-processes. Users may check the system's process manager to verify that Thunderbird uses multiple processes, but that is about it currently.

Thunderbird loads extensions in child processes, and will use processes for content that is loaded, e.g. the homepage or a new tab page or window.

Beta versions of Thunderbird may receive the update as early as next week, and Thunderbird Stable later in 2021, likely after the release of the next Thunderbird ESR version, version 91 in Summer.

Thunderbird users who don't want the email client to use a multi-process architecture may disable it in the following way for now:

1. Select Tools > Options in Thunderbird. If you don't see the menu bar, tap on the Alt-key to display it.
   
2. Scroll all the way down on the "General" page.
   
3. Select the Config Editor button to open the advanced configuration editor.
   
4. Confirm that you will be careful if a warning page is displayed.
   
5. Search for the preference browser.tabs.remote.autostart and set it to FALSE.
   
6. Search for the preference extensions.webextensions.remote and set it to FALSE. Doing so disables the multi-process architecture for installed extensions that are enabled.
   
7. Restart the Thunderbird email client.
   

Thunderbird will go back to using a single process for the entire client.

Now You: What is your take on the integration?
...

Quote:Three vulnerabilities in the Amazon Kindle e-reader would have allowed a remote attacker to execute code and run it as root – paving the way for siphoning money from unsuspecting users.
 
Yogev Bar-On, researcher at Realmode Labs, found that it was possible to email malicious e-books to the devices via the “Send to Kindle” feature to start a chain of attack – a discovery that earned him $18,000 from the Amazon bug-bounty program.
 
“The first vulnerability allowed an attacker to send an e-book to the victim’s Kindle device,” he explained in a Thursday posting. “Then, the second vulnerability was used to run arbitrary code while the e-book is parsed, under the context of a weak user. The third vulnerability allows the attacker to escalate privileges and run code as root.”
 
To make the attack work (which the researcher calls KindleDrip), an attacker would first need to know the email address assigned to the victim’s device. There’s also a predefined list of approved emails that any e-books would need to be sent from. According to Bar-On, neither requirement is much of a hurdle.
 
The special destination email address assigned by Amazon is typically just the user’s regular email under the kindle.com domain (e.g. name@gmail.com becomes name@kindle.com), which “can be brute forced,” he explained.
 
And as for the list of approved addresses, spoofing can easily get around this. “Email authentication is still not as widespread as you may think,” he wrote. “Since many email servers still don’t support authentication, it is not unreasonable to assume that Amazon will not verify the authenticity of the sender.” And indeed, he was able to spoof an email message to send an e-book to his own device.

Quote:Three malicious software packages have been published to npm, a code repository for JavaScript developers to share and reuse code blocks. The packages represent a supply-chain threat given that they may be used as building blocks in various web applications; any applications corrupted by the code can steal tokens and other information from Discord users, researchers said.
 
Discord is designed for creating communities on the web, called “servers,” either as standalone forums or as part of another website. Users communicate with voice calls, video calls, text messaging, media and files. Discord “bots” are central to its function; these are AIs that can be programmed to moderate discussion forums, welcome and guide new members, police rule-breakers and perform community outreach. They’re also used to add features to the server, such as music, games, polls, prizes and more.
 
Discord tokens are used inside bot code to send commands back and forth to the Discord API, which in turn controls bot actions. If a Discord token is stolen, it would allow an attacker to hack the server.
 
As of Friday, the packages (named an0n-chat-lib, discord-fix and sonatype, all published by “scp173-deleted”) were still available for download. They make use of brandjacking and typosquatting to lure developers into thinking they’re legitimate. There is also “clear evidence that the malware campaign was using a Discord bot to generate fake download counts for the packages to make them appear more popular to potential users,” according to researchers at Sonatype.
 
The authors are the same operators behind the CursedGrabber Discord malware,  the researchers said, and the packages share DNA with that threat.
The CursedGrabber Discord malware family, discovered in November, targets Windows hosts. It contains two .exe files which are invoked and executed via ‘postinstall’ scripts from the manifest file, ‘package.json’. One of the .exe files scans user profiles from multiple web browsers along with Discord leveldb files, steals Discord tokens, steals credit-card information, and sends user data via a webhook to the attacker. The second unpacks additional code with multiple capabilities, including privilege escalation, keylogging, taking screenshots, planting backdoors, accessing webcams and so on.
 
In the case of the three npm packages, these “contain variations of Discord token-stealing code from the Discord malware discovered by Sonatype on numerous occasions,” said Sonatype security researcher Ax Sharma, in a Friday blog posting.