Miscellaneous Tech News

scottalanmiller

https://www.theregister.com/2021/06/15/debian_cinnamon_maintainer_quits/

Cinnamon maintainer for Debian leaves to use KDE.

scottalanmiller

Teams vulnerability exposed user data.

https://portswigger.net/daily-swig/vulnerability-in-microsoft-teams-granted-attackers-access-to-emails-messages-and-personal-files

DustinB3403

@scottalanmiller said in Miscellaneous Tech News:

Teams vulnerability exposed user data.

https://portswigger.net/daily-swig/vulnerability-in-microsoft-teams-granted-attackers-access-to-emails-messages-and-personal-files

Who would use teams on a personal computer.... eww the hackers can have my company data

Dashrender

@scottalanmiller said in Miscellaneous Tech News:

Teams vulnerability exposed user data.

https://portswigger.net/daily-swig/vulnerability-in-microsoft-teams-granted-attackers-access-to-emails-messages-and-personal-files

Tons of vulnerabilities expose user data.

Key here in my mind is

Limitations

However, Grant pointed out, the malicious actor would have to be a member of the Microsoft Teams organization that they are attacking, meaning it would only work in the context of an insider threat attack.

DustinB3403

@dashrender said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

Teams vulnerability exposed user data.

https://portswigger.net/daily-swig/vulnerability-in-microsoft-teams-granted-attackers-access-to-emails-messages-and-personal-files

Tons of vulnerabilities expose user data.

Key here in my mind is

Limitations

However, Grant pointed out, the malicious actor would have to be a member of the Microsoft Teams organization that they are attacking, meaning it would only work in the context of an insider threat attack.

This concept is fundamentally flawed as an attacker could easily setup an account within the tenant, and makes it seem as though this is only vulnerable to bad actors with the organization who otherwise are supposed to "be there".

dbeato

@dustinb3403 which is still not just a Microsoft thing, any other platform can have this happen but yes it is a vulnerability but lets not make it so bad like we haven't seen it before.

mlnews

Lina Khan: The 32-year-old taking on Big Tech

On Tuesday, 32-year-old Lina Khan was sworn in as chair of the US Federal Trade Commission (FTC).
The role is a hugely powerful one, which protects consumers from bad business practices and companies from unfair competition. And when it comes to unfair competition, there is one sector that has been singled out by Democrats and Republicans alike: Big Tech. Worryingly for technology giants, Ms Khan has been one of their most vocal critics. Ms Khan was born in the UK and moved to the US as a child. In an interview with BBC Hardtalk in January, she talked about how she started getting interested in competition law as a policy researcher after graduating.

mlnews

The relatives frozen in time on Google Street View

Social-media users are sharing Google Street View images featuring friends and relatives who have since died.
It was sparked by a post on the Twitter account Fesshole, which asks followers to submit anonymous confessions - many of which are explicit. The original poster said they had searched the map platform for images taken before their father had died. Launched in the US in 2007, Google Street View has since rolled out worldwide. The BBC's Neil Henderson shared an image of his late father at his front door. "I have literally hundreds of pics of my dad but the Google Street View is quite affecting, like he's still around," he wrote. Another tweeter showed an image of a couple holding hands in the street - his parents, he said, who had died several years ago.

mlnews

Microsoft’s Linux repositories were down for 18+ hours

The outage prevented Linux installation or upgrade of any Microsoft software.
Yesterday, packages.microsoft.com—the repository from which Microsoft serves software installers for Linux distributions including CentOS, Debian, Fedora, OpenSUSE, and more—went down hard, and it stayed down for around 18 hours. The outage impacted users trying to install .NET Core, Microsoft Teams, Microsoft SQL Server for Linux (yes, that's a thing) and more—as well as Azure's own devops pipelines. We first became aware of the problem Wednesday evening when we saw 404 errors in the output of apt update on an Ubuntu workstation with Microsoft Teams installed. The outage is somewhat better-documented at this .NET Core issue report on Github, with many users from all around the world sharing their experiences and theories.

Danp

https://arstechnica.com/gadgets/2021/06/newly-discovered-vigilante-malware-outs-software-pirates-and-blocks-them/

mlnews

Facebook tests ads in virtual reality headsets

Facebook has begun displaying ads in its Oculus virtual reality headsets, despite the founder of the platform saying it would never do so.
In what the social network described as an experiment, ads will begin to appear in a game called Balston with other developers rolling out similar ads. It said it would listen to feedback before launching virtual reality ads more widely. It also revealed it is testing new ad formats "that are unique to VR". In 2017, shortly after Facebook bought Oculus, creator Palmer Luckey told the Next Web: "We are not going to track you, flash ads at you, or do anything invasive." But in a blog on Oculus's website, the firm said: "We're exploring new ways for developers to generate revenue - this is a key part of ensuring we're creating a self-sustaining platform that can support a variety of business models that unlock new types of content and audiences." Users will be able to hide specific ads or those from a certain advertiser and Facebook promised that its privacy policy would remain the same. "Facebook will get new information, like whether you interacted with an ad, and if so, how... for example, if you clicked on the ad for more information or if you hid the ad." It encourages customers to share their feedback via the Oculus support page.

scottalanmiller

@mlnews time to move to Steam Index for sure!

dafyre

@mlnews said in Miscellaneous Tech News:

Facebook tests ads in virtual reality headsets

Facebook has begun displaying ads in its Oculus virtual reality headsets, despite the founder of the platform saying it would never do so.
In what the social network described as an experiment, ads will begin to appear in a game called Balston with other developers rolling out similar ads. It said it would listen to feedback before launching virtual reality ads more widely. It also revealed it is testing new ad formats "that are unique to VR". In 2017, shortly after Facebook bought Oculus, creator Palmer Luckey told the Next Web: "We are not going to track you, flash ads at you, or do anything invasive." But in a blog on Oculus's website, the firm said: "We're exploring new ways for developers to generate revenue - this is a key part of ensuring we're creating a self-sustaining platform that can support a variety of business models that unlock new types of content and audiences." Users will be able to hide specific ads or those from a certain advertiser and Facebook promised that its privacy policy would remain the same. "Facebook will get new information, like whether you interacted with an ad, and if so, how... for example, if you clicked on the ad for more information or if you hid the ad." It encourages customers to share their feedback via the Oculus support page.

If they're going to start doing that, then the prices of apps in the Oculus store need to come down a good bit -- not that I actually expect them to!

nadnerB

@mlnews said in Miscellaneous Tech News:

Facebook tests ads in virtual reality headsets

Facebook has begun displaying ads in its Oculus virtual reality headsets, despite the founder of the platform saying it would never do so.
In what the social network described as an experiment, ads will begin to appear in a game called Balston with other developers rolling out similar ads. It said it would listen to feedback before launching virtual reality ads more widely. It also revealed it is testing new ad formats "that are unique to VR". In 2017, shortly after Facebook bought Oculus, creator Palmer Luckey told the Next Web: "We are not going to track you, flash ads at you, or do anything invasive." But in a blog on Oculus's website, the firm said: "We're exploring new ways for developers to generate revenue - this is a key part of ensuring we're creating a self-sustaining platform that can support a variety of business models that unlock new types of content and audiences." Users will be able to hide specific ads or those from a certain advertiser and Facebook promised that its privacy policy would remain the same. "Facebook will get new information, like whether you interacted with an ad, and if so, how... for example, if you clicked on the ad for more information or if you hid the ad." It encourages customers to share their feedback via the Oculus support page.

Great... so they're reducing it to another ad slinging paltform.
I guess that's all FB is. A place to go to see ads and maybe argue with strangers.

scottalanmiller

@dafyre said in Miscellaneous Tech News:

@mlnews said in Miscellaneous Tech News:

Facebook tests ads in virtual reality headsets

Facebook has begun displaying ads in its Oculus virtual reality headsets, despite the founder of the platform saying it would never do so.
In what the social network described as an experiment, ads will begin to appear in a game called Balston with other developers rolling out similar ads. It said it would listen to feedback before launching virtual reality ads more widely. It also revealed it is testing new ad formats "that are unique to VR". In 2017, shortly after Facebook bought Oculus, creator Palmer Luckey told the Next Web: "We are not going to track you, flash ads at you, or do anything invasive." But in a blog on Oculus's website, the firm said: "We're exploring new ways for developers to generate revenue - this is a key part of ensuring we're creating a self-sustaining platform that can support a variety of business models that unlock new types of content and audiences." Users will be able to hide specific ads or those from a certain advertiser and Facebook promised that its privacy policy would remain the same. "Facebook will get new information, like whether you interacted with an ad, and if so, how... for example, if you clicked on the ad for more information or if you hid the ad." It encourages customers to share their feedback via the Oculus support page.

If they're going to start doing that, then the prices of apps in the Oculus store need to come down a good bit -- not that I actually expect them to!

What SHOULD happen is people start buying something else. Vote with your wallet, it's the only real voice you have. If you buy an Oculus now, you are voting with your wallet that you want the ads.

mlnews

Snapchat removes controversial speed filter

Snapchat is removing a feature that displays how fast a user is travelling when taking a picture or video footage.
Parent company Snap said it was because the speed filter was "barely used". But the company is being sued by the parents of two young men, who allege the filter encouraged their sons to drive at dangerous speeds and three deaths were due to "negligent design". Snap said it had already "disabled the filter at driving speeds", capping it at 35mph (56km/h), and added a warning. "Nothing is more important than the safety of our Snapchat community," a representative added.

mlnews

Even creepier COVID tracking: Google silently pushed app to users’ phones

Massachusetts launched a COVID tracking app, and uh, it was automatically installed?!
Over the weekend, Google and the state of Massachusetts managed to make creepy COVID tracking apps even creepier by automatically installing them on people's Android phones. Numerous reports on Reddit, Hacker News, and in-app reviews claim that "MassNotify," Massachusetts' COVID tracking app, silently installed on their Android device without user consent. Google gave the following statement to 9to5Google, and the company does not deny silently installing an app.

CloudKnight

Now that China has all but banned cryptocurrencies, GPU prices are falling like Bitcoin

https://www.theregister.com/2021/06/22/as_china_shutters_cryptomining_plants/

mlnews

Monero emerges as crypto of choice for cybercriminals

Untraceable "privacy coin" is rising in popularity among ransomware gangs.
For cybercriminals looking to launder illicit gains, bitcoin has long been the payment method of choice. But another cryptocurrency is coming to the fore, promising to help make dirty money disappear without a trace. While bitcoin leaves a visible trail of transactions on its underlying blockchain, the niche “privacy coin” monero was designed to obscure the sender and receiver, as well as the amount exchanged. As a result, it has become an increasingly sought-after tool for criminals such as ransomware gangs, posing new problems for law enforcement. The rise of monero comes as authorities race to crack down on cyber crime in the wake of a series of audacious attacks, notably the hack on the Colonial Pipeline, a major petroleum artery supplying the US east coast.

mlnews

Ahoy, there’s malice in your repos—PyPI is the latest to be abused

Open source repositories can be vectors for badness, so look before you run.
Counterfeit packages downloaded roughly 5,000 times from the official Python repository contained secret code that installed cryptomining software on infected machines, a security researcher has found. The malicious packages, which were available on the PyPI repository, in many cases used names that mimicked those of legitimate and often widely used packages already available there, Ax Sharma, a researcher at security firm Sonatype reported. So-called typosquatting attacks succeed when targets accidentally mistype a name such as typing “mplatlib” or “maratlib” instead of the legitimate and popular package matplotlib.