加密货币钱包提供商

What do you do when you discover a vulnerability placed into your app to steal from your users? Cryptocurrency wallet maker Komodo’s answer: hack its app and take its users’ money before the hackers. It even worked.

当发现应用程序中存在要从用户那里窃取的漏洞时，您会怎么做？ 加密货币钱包制造商科莫多(Komodo)的答案：入侵其应用程序，并在黑客面前抢走用户的钱。 它甚至有效。

Komodo is a developer startup known for its work in cryptocurrency and creating the Agama cryptocurrency wallet. That wallet is dependent on a JavaScript library maintained in npm (node package manager), and a malicious actor tried to take advantage of the open source nature of the code.

Komodo是一家开发公司初创公司，以其在加密货币领域的工作和创建Agama加密货币钱包而闻名。 该钱包依赖于npm(节点程序包管理器)中维护JavaScript库，并且恶意行为者试图利用代码的开源性质。

A few months ago, an anonymous contributor made a “useful update” to the library, creating a new dependency. They waited until that update incorporated into the Agama app, then made a change to the new dependency to create a backdoor into the app.

几个月前，一个匿名贡献者对该库进行了“有用的更新”，从而创建了新的依赖关系。 他们等到该更新合并到Agama应用程序中之后，然后对新的依赖项进行更改以在应用程序中创建后门。

The staff at npm , realized what was going on, and contacted Komodo. Unfortunately, by this point, the backdoor was already in place. Merely updating the app to remove it might not be enough; anyone who didn’t get the update before the hacker broke in would lose their cryptocurrency.

npm的工作人员 ，意识到发生了什么，并联系了Komodo。 不幸的是，到目前为止，后门已经存在。 仅更新应用程序以将其删除可能还不够； 任何在黑客入侵之前未获得更新的人都将丢失其加密货币。

So Komodo took a rather novel approach, it hacked itself. It used the very backdoor the malicious actor planted to sweep up 13 million dollars worth of cryptocurrency and move it to a place the hacker couldn’t reach.

因此，科莫多采取了一种相当新颖的方法，即自行入侵。 它利用恶意行为者植入的后门来清除价值1300万美元的加密货币并将其转移到黑客无法到达的地方。

Komodo to inform its users of what it did, why it did it, and how they can reclaim their money and transfer it back to new, hopefully, more secure, wallets.

科莫多(Komodo) 以告知其用户这样做的原因，原因以及如何取回钱款并将其转移回希望更安全的新钱包。

All of this is, of course, a lesson in the dangers and strengths developers encounter when using third-party libraries and open software that allow anyone to contribute.

当然，所有这些都是关于开发人员在使用允许任何人做出贡献的第三方库和开放软件时遇到的危险和优势的教训。

Bad actors can manipulate open software in ways that aren’t possible with proprietary software. But it can also be examined more thoroughly for vulnerabilities. These events illustrate both sides of that coin.

错误的参与者可以以专有软件无法实现的方式操纵开放软件。 但是也可以更彻底地检查漏洞。 这些事件说明了硬币的两面。

We’ll say it one more time though: maybe it’s best to stay away from cryptocurrency. []

我们再说一次：也许最好远离加密货币。 [ ]

在其他新闻中： (In Other News:)

• Original Final Fantasy Soundtracks are now free to stream: In a surprise move, Square-Enix loaded nearly every to Spotify and Apple Music. These aren’t orchestrations, but how the songs sounded in the games. Unfortunately, most titles and songs with vocals, like , are in Japenese. But if you love Final Fantasy, give them a listen. []

  原始的《最终幻想》原声带现在可以免费流式传输：出人意料的是，Square-Enix将几乎所有《 加载到Spotify和Apple Music中。 这些不是业务流程，而是游戏中歌曲的声音。 不幸的是，大多数带有声乐的标题和歌曲，例如 ，都是日语的。 但是，如果您喜欢《最终幻想》，请给他们听。 [ ]

• Amazon’s new delivery drone is wild: Amazon yesterday, and it has some neat tricks up its sleeve. It doesn’t work like drones you might picture, and instead changes positions for flying and landing/takeoff. The drone can travel 15 miles and carry a five-pound package, and Amazon says it’ll start delivering in the coming months. Where will it deliver? Amazon didn’t answer. []

  亚马逊的新交付无人机是疯狂的：亚马逊昨天 ，并且袖手旁观。 它不能像您想象的无人机那样工作，而是改变飞行和着陆/起飞的位置。 无人机可以行驶15英里，并携带五磅重的包裹，亚马逊表示将在未来几个月内开始交付。 它会送到哪里？ 亚马逊没有回答。 [ ]

• Google is killing Trips, another app you never used: Google continues its version of the Thanos Snap by wiping another of its products out of existence. This time Trips is on the chopping block, an app used for trip organization. The company says Google Travel is its replacement, but as Ars Technica points out, that’s a website, not an app. Worse yet, it’s a garbage-pile of endless ads. []

  谷歌正在杀死Trips，这是另一个您从未使用过的应用程序：谷歌通过淘汰其另一种产品来继续其Thanos Snap版本。 这次Trips位于砧板上，该模块用于旅行组织。 该公司表示，Google Travel是其替代产品，但正如Ars Technica指出的那样，这是一个网站，而不是一个应用程序。 更糟糕的是，这是无休止的广告的堆砌。 [ ]

• iOS 13 gives a proper controller to the Sony Remote Play app: , but its downfall is touchscreen controls. You can use a third-party controller, but that’s another thing to buy, and the buttons may not match. iOS13 solves that problem by adding PS4 dual-shock support, and that includes the Remote Play app. Good times. []

  iOS 13为Sony Remote Play应用程序提供了适当的控制器： ，但它的缺点是触摸屏控件。 您可以使用第三方控制器，但这是另一回事，按钮可能不匹配。 iOS13通过添加PS4双重震动支持解决了该问题，其中包括Remote Play应用程序。 美好的时光。 [ ]

• Chrome Remote Desktop hits the web: Chrome Remote Desktop is an easy way to give remote access to a computer, which is useful when you need to lend tech help from afar. Google has been testing Chrome Remote Desktop on the web , but now it’s seemingly out of beta and officially available for all. Very nice. []

  Chrome远程桌面可以访问网络： Chrome远程桌面是一种提供对计算机的远程访问的简便方法，当您需要远距离提供技术帮助时，该方法非常有用。 Google已经在网上测试Chrome远程桌面 ，但现在看来它已经过测试版，并且正式面向所有人提供。 非常好。 [ ]

• Alexa will become more conversational in the future: Right now, using Alexa can be a bit frustrating. Say a command, get a result, wake her back up say a new command, start over. Soon she’ll prompt to move to related skill using previous information. Did you buy tickets to a movie? She can suggest a dinner reservation near the theater, without you having to ask or tell her where the theater is again. Pretty cool stuff. []

  Alexa将来会变得更加对话：现在，使用Alexa可能会令人沮丧。 说一个命令，得到一个结果，叫醒她，说出一个新命令，重新开始。 很快，她将提示您使用以前的信息来学习相关技能。 你买电影票了吗？ 她可以建议在剧院附近预约晚餐，而无需您问或告诉她剧院又在哪里。 很酷的东西。 [ ]

• Cadillac adds 70,000 miles of compatible highway to SuperCruise: Cadillac’s driver assist program, called SuperCruise, takes a unique approach to hands-free driving. You can keep your hands off the wheel for longer, but only if you’re on a pre-mapped highway and you keep looking at the road. Cameras watch you to make sure you’re paying attention. Cadillac just expanded its lidar-mapped highways by 70,000 miles, which means you’ll be able to use SuperCruise a lot more than before. []

  凯迪拉克为SuperCruise增加了70,000英里的兼容高速公路：凯迪拉克的驾驶员辅助程序SuperCruise采用了独特的免提驾驶方法。 您可以将手放在方向盘上的时间更长，但前提是您处于预先映射的高速公路上，并且一直在注视着这条路。 相机会注视着您，以确保您受到关注。 凯迪拉克(Cadillac)刚刚将其激光雷达映射的公路扩展了70,000英里，这意味着您将能够比以前更多地使用SuperCruise。 [ ]

• Android Q beta is causing bootloops: You should never put a beta OS on your primary device, whether that be a computer, tablet, or phone. The reason for that advice is clearly demonstrated today, as Google just paused its Android Q beta rollout after learning Android phones were getting stuck in a bootloop. Apparently, the only way out was a factory reset. Not pretty, but hey it’s a beta. []

  Android Q beta会导致启动循环：永远不要在主要设备(无论是计算机，平板电脑还是手机)上安装beta操作系统。 该建议的原因已在今天清楚地证明了，因为Google在得知Android手机陷入引导循环后才暂停了Android Q beta的发布。 显然，唯一的出路是恢复出厂设置。 不漂亮，但是嘿，它是一个beta。 [ ]

In neat science news, astronomers have finally spotted an accretion disc long theorized to surround the supermassive black hole at the center of our galaxy.

在纯净的科学新闻中，天文学家终于发现了一个吸积盘，其理论被认为可以围绕我们银河系中心的超大质量黑洞。

Like most galaxies, our galaxy’s center is a supermassive black hole designated Sagittarius A*. How supermassive? Picture the sun then multiply that size by four million. It’s one of those incredibly large sizes that’s truly impossible to comprehend fully.

像大多数星系一样，我们的星系中心是一个名为人马座A *的超大质量黑洞。 有多大？ 想象一下太阳，然后将该尺寸乘以四百万。 这是难以置信的大尺寸之一。

The thing about Sag A* is it’s fairly quiet. In other galaxies, astronomers can readily spot evidence of hot disks of orbiting gases, called an accretion disk. When tv shows and moves show a black hole, that swirly stuff that you tend to think of as the black hole is the accretion disk.

关于凹陷A *的事情是相当安静。 在其他星系中，天文学家可以轻易发现绕行气体热盘的证据，称为吸积盘。 当电视节目显示和移动显示一个黑洞时，您通常会认为是黑洞的漩涡状物质是吸积盘。

But despite being so close to Sag A* (compared to other supermassive black holes), scientists couldn’t find its accretion disk. As it turns out, rather than gobble up everything around it like the monster it is, Sag A* feeds more slowly, and the gasses surrounding it are cooler. That made the disk very hard to spot.

但是，尽管非常接近Sag A *(与其他超大质量黑洞相比)，科学家们找不到它的吸积盘。 事实证明，Sag A *并没有像吞噬怪物一样吞噬它周围的所有东西，它的进食速度更慢，周围的气体也更凉爽。 这使得磁盘很难发现。

The very unusual characteristics to the center of our galaxy emphasize how much more there is to learn and discover when it comes to the nature of our universe. []

银河系中心非常不寻常的特征强调，当涉及到我们宇宙的本质时，还有更多的知识需要学习和发现。 [ ]

翻译自:

加密货币钱包提供商