Miscellaneous Tech News
-
-
Akamai Edge DNS outage brings down Playstation Network, Steam, others
Contrary to popular belief, it's not always DNS... but it is today.
A massive Internet outage today has downdetector.com covered in warnings for popular websites and services such as the PlayStation Network, Steam, Fidelity Investments, Airbnb, FedEx, LastPass, UPS, Amazon, and others. The root cause of the outage appears to be a failure in Akamai's Edge DNS Service. Its system status page reports that Akamai is aware of "an emerging issue with the Edge DNS service"—one downgraded to "Minor Service Outage" with no further explanation as of press time. -
-
@scottalanmiller said in Miscellaneous Tech News:
Auto-updates, fixed it before the news story got out.
-
@scottalanmiller said in Miscellaneous Tech News:
Not actually ahigh risk unless someone already has local access to the system. I mean serious exploit, yes. But first you need to be on the system.
"If an unprivileged local attacker creates, mounts, and deletes a deep directory structure whose total path length exceeds 1GB, and if the attacker open()s and read()s /proc/self/mountinfo, then" through a series of other maneuvers you can write to out of bounds memory.
-
@jaredbusch said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
Not actually ahigh risk unless someone already has local access to the system. I mean serious exploit, yes. But first you need to be on the system.
"If an unprivileged local attacker creates, mounts, and deletes a deep directory structure whose total path length exceeds 1GB, and if the attacker open()s and read()s /proc/self/mountinfo, then" through a series of other maneuvers you can write to out of bounds memory.
Yeah, I'd put it as moderate.
-
Kaseya gets master decryptor to help customers still suffering from REvil attack
REvil ransomware struck as many as 1,500 networks, but a master key is now available.
Kaseya—the remote management software seller at the center of a ransomware operation that struck as many as 1,500 downstream networks—said it has obtained a decryptor that should successfully restore data encrypted during the Fourth of July weekend attack. Affiliates of REvil, one of the Internet’s most cutthroat ransomware groups, exploited a critical zero-day vulnerability in Miami, Florida-based Kaseya’s VSA remote management product. The vulnerability—which Kaseya was days away from patching—allowed the ransomware operators to compromise the networks of about 60 customers. From there, the extortionists infected as many as 1,500 networks that relied on the 60 customers for services. -
Zuckerberg wants Facebook to become online 'metaverse'
Mark Zuckerberg has laid out his vision to transform Facebook from a social media network into a “metaverse company” in the next five years.
A metaverse is an online world where people can game, work and communicate in a virtual environment, often using VR headsets. The Facebook CEO described it as “an embodied internet where instead of just viewing content - you are in it”. He told The Verge people shouldn't live through “small, glowing rectangles”. “That’s not really how people are made to interact,” he said, speaking of reliance on mobile phones. “A lot of the meetings that we have today, you’re looking at a grid of faces on a screen. That’s not how we process things either.” -
-
UK worries Starlink and OneWeb may interfere with each other, plans new rules
Ofcom says complexity of giant satellite networks raises interference concerns.
A UK government agency is worried that OneWeb, SpaceX's Starlink, and similar low Earth orbit (LEO) satellite-broadband systems could block each others' signals. Ofcom, the UK's communications regulator, proposed new rules today in a report that details its interference concerns. Ofcom also said it intends to amend satellite licenses already issued to SpaceX and OneWeb to require coordination of frequency use. Without new requirements, the risk of interference could prevent competition by shutting new players out of the market, Ofcom said. -
@scottalanmiller said in Miscellaneous Tech News:
The windows Team must have their hands full with all this patching they must be doing lately.
-
Instagram makes under-16s' accounts private by default
Instagram has made new under-16s' accounts private by default so only approved followers can see posts and "like" or comment.
Tests showed only one in five opted for a public account when the private setting was the default, it said. And existing account holders would be sent a notification "highlighting the benefits" of switching to private. But Instagram also said it was pushing ahead with new apps for under-13s, despite a backlash from some groups. "The reality is that they are already online and, with no foolproof way to stop people from misrepresenting their age, we want to build experiences designed specifically for them, managed by parents and guardians," parent company Facebook said. -
Ofcom appoints online safety head to take on big tech
Regulator Ofcom has announced Anna-Sophie Harling will be its online safety head, dealing with how the tech giants regulate harmful speech.
She will be in charge of implementing the Online Safety Bill, due to come into effect later this year if approved by Parliament. Ofcom will be able to fine tech firms that fail to remove offending content up to 10% of their global revenue. But one expert said this would require "bold leadership". Ms Harling is currently managing director for Europe at NewsGuard, which audits online publishers for accuracy. "I'm really excited to be joining Ofcom's online-safety team," she said. "Legislation will enable us to introduce meaningful transparency where it has been lacking and empower Ofcom to hold platforms to account. "I can't wait to get started." -
-
-
Twitter works with news sites to tackle disinformation
Twitter will collaborate with two of the largest international news providers, Reuters and the Associated Press, to debunk disinformation on its messaging site.
The news agencies will help Twitter give more context and background information on events which create a high volume of tweets. Twitter hopes this will counteract the spread of misleading information. There has been renewed pressure to remove false content from the platform. Twitter said the partnership will enable it to ensure accurate and credible information is rapidly available "when facts are in dispute". "Rather than waiting until something goes viral, Twitter will contextualize developing discourse at pace with or in anticipation of the public conversation," Twitter said. -
Trusted platform module security defeated in 30 minutes, no soldering required
Sometimes, locking down a laptop with the latest defenses isn't enough.
Let’s say you’re a large company that has just shipped an employee a brand-new replacement laptop. And let’s say it comes preconfigured to use all the latest best security practices, including full-disk encryption using a trusted platform module, password-protected BIOS settings, UEFI SecureBoot, and virtually all other recommendations from the National Security Agency and NIST for locking down federal computer systems. And let’s say an attacker manages to intercept the machine. Can the attacker use it to hack your network? -
@mlnews said in Miscellaneous Tech News:
Trusted platform module security defeated in 30 minutes, no soldering required
Sometimes, locking down a laptop with the latest defenses isn't enough.
Let’s say you’re a large company that has just shipped an employee a brand-new replacement laptop. And let’s say it comes preconfigured to use all the latest best security practices, including full-disk encryption using a trusted platform module, password-protected BIOS settings, UEFI SecureBoot, and virtually all other recommendations from the National Security Agency and NIST for locking down federal computer systems. And let’s say an attacker manages to intercept the machine. Can the attacker use it to hack your network?tl:dr = SPI bus communicates in clear text. Use a BitLocker PIN/Password.
Hopefully this being in the media will change that.
-
-
Google+ class action starts paying out $2.15 for G+ privacy violations
Google exposed the private data of 52 million users in 2018 and got sued.
Who remembers the sudden and dramatic death of Google+? Google's Facebook competitor and "social backbone" was effectively dead inside the company around 2014, but Google let the failed service hang around for years in maintenance mode while the company spun off standalone products. In 2018, The Wall Street Journal reported that Google+ had exposed the private data of "hundreds of thousands of users" for years, that Google knew about the problem, and that the company opted not to disclose the data leak for fear of regulatory scrutiny. In the wake of the report, Google was forced to acknowledge the data leak, and the company admitted that the "private" data of 500,000 accounts actually wasn't private. Since nobody worked on Google+ anymore, Google's "fix" for the bug was to close Google+ entirely. Then the lawsuits started.