Twitter as communication tool for botnets

ESET researchers discovered an Android backdoor Trojan controlled by tweets. Detected by ESET as Android/Twitoor, it’s the first malicious app using Twitter instead of a traditional command-and-control (C&C) server.

After launch, the Trojan hides its presence on the system and checks the defined Twitter account in regular intervals for commands. Based on received commands, it can either download malicious apps or change
the C&C Twitter account to another one.

“Using Twitter to control a botnet is an innovative step for an Android platform,” says Lukáš Štefanko, the ESET malware researcher who discovered the malicious app.

First appearance of twitter-controlled botnets though was discovered in 2009, as mentioned in the article.

Comparing Twitter to other social media like Facebook, blogs (WordPress, Tumblr), Twitter stands out as a massive communication protocol – everyone talks with everyone, the message format is defined, limited by size. Twitter’s been used as a communication tool in many occurrences, either helping people as “Twitter monitoring of decease outbreaks“, or organising massive manifestations in Taksim square, Turkey.

twitter_cover

No wonder, why we ended up seeing Twitter as botnet communication tool.

In those days, I posed the concept that Twitter should not be a company alone. It should be an open protocol much like HTTP or email protocols (IMAP/POP). There should be an adopted industry standard that Twitter, the company, should and could (and still can) champion and work through with the guidance of other industry members.

It’s been published in 2012. Four years later, we’re witnessing the results, and more interesting things to come. There have been rumours that Twitter isn’t profitable, but tools it developed will evolve in the community anyway. Ideas get their niche and evolve in new products.

JavaScript function call vs arrow functions

“…the ratio of time spent reading versus writing is well over 10 to 1. We are constantly reading old code as part of the effort to write new code.Because this ratio is so high, we want the reading of code to be easy even if it makes the writing harder.”

— Robert C. Martin
Clean Code: A Handbook of Agile Software Craftsmanship

Why arrow functions are still not used everywhere in the code.

Chronos: CakePHP replacement for carbon

Chronos aims to be a drop-in replacement for nesbot/carbon. It focuses on providing immutable date/datetime objects. Immutable objects help ensure that datetime objects aren’t accidentally modified keeping data more predictable.

<?php
require 'vendor/autoload.php';

use Cake\Chronos\Chronos;

printf("Now: %s", Chronos::now());

 

Simplenote went fully open-source

simplenote app

That’s one of the things I love about Automattic – freedom and community-driven development:

In this spirit, we are announcing today that all of the official Simplenote client apps are now Open Source Software under the GPLv2 license. In addition to the previously open sourced Electron app, you’ll now find the source code for the iOS, Android, and macOS applications on our GitHub page.

As an avid notes keeper, I’ve been using Evernote, Mou, MacDown, and eventually ended up with Simplenote. Sync’ed on every device, minimal markup, clean tagging – exactly what I looked for.

Shortest explanation of Marketing

The first step is to invent a thing worth making, a story worth telling, a contribution worth talking about.

The second step is to design and build it in a way that people will actually benefit from and care about.

The third one is the one everyone gets all excited about. This is the step where you tell the story to the right people in the right way.

The last step is so often overlooked: The part where you show up, regularly, consistently and generously, for years and years, to organize and lead and build confidence in the change you seek to make. (c) Original article

Enough said. That’s what it is all about.

EmberJS: JCF with components

JavaScript Custom Form elements is a useful jQuery plugin for customising your form elements, in case you have to get away from the default styling of the form elements. However, there’s a tiny “but” with the plugin when you use it with EmberJS. JCF initially designed to be used on the global scope, and in some case (like mine), it’s not what you need.

If you’re using custom select-element with JCF without JCF.Scrollable, the list becomes unusable in few cases:

  1. It overflows the layout of the site
  2. Not keyboard-friendly, when you try to filter the options and not scroll till the end.
  3. When you use Ember addons like emberx-select, it doesn’t like custom data-attributes.

Eventually, using components concept of Ember, it’s easier to isolate the setups of JCF.

In my case, language options have only few options,where I prefer to wrap the native select options:

import Ember from 'ember';

export default Ember.Component.extend({
  cart: Ember.inject.service('shopping-cart'),

  didRender() {
    Ember.run.scheduleOnce('afterRender', function(){
      //#currency-options is the action <select>-element
      jcf.replace('#currency-options','Select', {
        "wrapNative": false,
        "wrapNativeOnMobile": true
      });
    });
  },

And, to avoid custom wrapping of dropdowns, for instance, country list, better to initiate JCF like this:

import Ember from 'ember';

export default Ember.Component.extend({
  classNames: ['input2','country-list'],
  didRender() {
    Ember.run.scheduleOnce('afterRender', function(){
      jcf.replace('#input2-select','Select');
    })
  }
});

Few more samples of the code, could be found in gist.