Archive for February 27, 2020

Thursday, February 27, 2020 [Tweets] [Favorites]

MarkdownAttributedString

Craig Hockenberry (tweet):

This project is an Objective-C category that generates rich text by reading Markdown as the source code. It also allows you to write Markdown using attributed strings. The code only processes link and emphasis span elements in Markdown. There is experimental support for code spans.

[…]

One of the potential uses I see for this code is with localization. Putting Markdown into your .strings files will be a lot easier than juggling separate RTF files.

It’s just a pair of .h/.m files with no dependencies, and (unlike NSAttributeString’s HTML converter) it works from any thread.

Kr00k Wi-Fi Vulnerability

Dan Goodin (via Juli Clover):

Billions of devices—many of them already patched—are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the air, researchers said on Wednesday at the RSA security conference.

[…]

Kr00k exploits a weakness that occurs when wireless devices disassociate from a wireless access point. If either the end-user device or the access point is vulnerable, it will put any unsent data frames into a transmit buffer and then send them over the air. Rather than encrypt this data with the session key negotiated earlier and used during the normal connection, vulnerable devices use a key consisting of all zeros, a move that makes decryption trivial.

Disassociation typically happens when a client device roams from one Wi-Fi access point to another, encounters signal interference, or has its Wi-Fi turned off. Hackers within range of a vulnerable client device or access point can easily send disassociation frames to trigger the vulnerability because these frames aren’t authenticated.

Apple has fixed this in macOS 10.15.1, but there doesn’t seem to be an update for Mojave. As Goodin says, most sensitive traffic should already use its own encryption rather than relying on the Wi-Fi network’s, but DNS queries are usually unencrypted.

Update (2020-03-06): Robert Barat:

It looks like they finally put out a fix for Mojave and High Sierra on the 27th