<h3>Researchers hide vulnerabilities in the source code that are invisible to the human eye</h3>
Researchers at the University of Cambridge have published a paper describing attack methods that hide invisible vulnerabilities in the source code. This attack, known as Trojan-Source, takes advantage of special characters in Unicode to create source code that differs visually from compilers and humans through directional overrides, homogeneity, and more. The human eye cannot see the vulnerability, but the logical coding order and the display order are different for the compiler. This attack method works well for most major programming languages, and researchers have reported vulnerabilities to projects.
Lao Wang commented: "Seeing is not believing", this pot is on the one hand caused by Unicode's unrestrained addition of various strange characters and control characters, on the other hand, it is also the traditional ascritic character programming language support for Unicode did not anticipate this malicious exploitation.
<h3>U.S. aviation agencies and telecommunications agencies have a dispute over 5G</h3>
The Federal Aviation Administration is preparing to warn pilots and airlines that a new 5G wireless service could interfere with aircraft cockpit safety systems, automation systems, and will go live in early December. The FCC has countered the security concerns, saying that after reviewing the potential impact on aviation safety, the spectrum usage rules were established in early 2020, and the available evidence does not support the conclusion that 5G networks will interfere with aviation safety. At the heart of the debate is the radio spectrum in the band between 3.7 and 4.2 GHz. This band is well suited for 5G network transmission and is already serving cellular networks in some countries. Aviation equipment, on the other hand, operates in the nearby frequency bands of 4.2 to 4.4 GHz, so the Federal Aviation Administration feels the potential for interference increases.
Lao Wang commented: In the end, it is still a spectrum dispute.
<h3>Bluetooth tags are used to track stolen items</h3>
In April, Apple released the $29 AirTag, bringing more effective Bluetooth tracking technology to a wider audience. While Apple never said that AirTag could be used to recover stolen property, the company actually built a network that was well suited for such use cases. Each compatible iPhone, iPad, and Mac is silently used as a location device, and AirTag uses Bluetooth to send pings with their encrypted locations to the nearest Apple devices, which relay information to Apple's Find My network. With nearly 1 billion compatible Apple devices, Find My is very effective, especially in cities.
Lao Wang's comments: Technically, it is a very useful progress, but how to avoid being abused is a problem.