Miscellaneous Tech News
-
-
@scottalanmiller said in Miscellaneous Tech News:
Auto-updates, fixed it before the news story got out.
-
@scottalanmiller said in Miscellaneous Tech News:
Not actually ahigh risk unless someone already has local access to the system. I mean serious exploit, yes. But first you need to be on the system.
"If an unprivileged local attacker creates, mounts, and deletes a deep directory structure whose total path length exceeds 1GB, and if the attacker open()s and read()s /proc/self/mountinfo, then" through a series of other maneuvers you can write to out of bounds memory.
-
@jaredbusch said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
Not actually ahigh risk unless someone already has local access to the system. I mean serious exploit, yes. But first you need to be on the system.
"If an unprivileged local attacker creates, mounts, and deletes a deep directory structure whose total path length exceeds 1GB, and if the attacker open()s and read()s /proc/self/mountinfo, then" through a series of other maneuvers you can write to out of bounds memory.
Yeah, I'd put it as moderate.
-
Kaseya gets master decryptor to help customers still suffering from REvil attack
REvil ransomware struck as many as 1,500 networks, but a master key is now available.
Kaseya—the remote management software seller at the center of a ransomware operation that struck as many as 1,500 downstream networks—said it has obtained a decryptor that should successfully restore data encrypted during the Fourth of July weekend attack. Affiliates of REvil, one of the Internet’s most cutthroat ransomware groups, exploited a critical zero-day vulnerability in Miami, Florida-based Kaseya’s VSA remote management product. The vulnerability—which Kaseya was days away from patching—allowed the ransomware operators to compromise the networks of about 60 customers. From there, the extortionists infected as many as 1,500 networks that relied on the 60 customers for services. -
Zuckerberg wants Facebook to become online 'metaverse'
Mark Zuckerberg has laid out his vision to transform Facebook from a social media network into a “metaverse company” in the next five years.
A metaverse is an online world where people can game, work and communicate in a virtual environment, often using VR headsets. The Facebook CEO described it as “an embodied internet where instead of just viewing content - you are in it”. He told The Verge people shouldn't live through “small, glowing rectangles”. “That’s not really how people are made to interact,” he said, speaking of reliance on mobile phones. “A lot of the meetings that we have today, you’re looking at a grid of faces on a screen. That’s not how we process things either.” -
-
UK worries Starlink and OneWeb may interfere with each other, plans new rules
Ofcom says complexity of giant satellite networks raises interference concerns.
A UK government agency is worried that OneWeb, SpaceX's Starlink, and similar low Earth orbit (LEO) satellite-broadband systems could block each others' signals. Ofcom, the UK's communications regulator, proposed new rules today in a report that details its interference concerns. Ofcom also said it intends to amend satellite licenses already issued to SpaceX and OneWeb to require coordination of frequency use. Without new requirements, the risk of interference could prevent competition by shutting new players out of the market, Ofcom said. -
@scottalanmiller said in Miscellaneous Tech News:
The windows Team must have their hands full with all this patching they must be doing lately.
-
Instagram makes under-16s' accounts private by default
Instagram has made new under-16s' accounts private by default so only approved followers can see posts and "like" or comment.
Tests showed only one in five opted for a public account when the private setting was the default, it said. And existing account holders would be sent a notification "highlighting the benefits" of switching to private. But Instagram also said it was pushing ahead with new apps for under-13s, despite a backlash from some groups. "The reality is that they are already online and, with no foolproof way to stop people from misrepresenting their age, we want to build experiences designed specifically for them, managed by parents and guardians," parent company Facebook said. -
Ofcom appoints online safety head to take on big tech
Regulator Ofcom has announced Anna-Sophie Harling will be its online safety head, dealing with how the tech giants regulate harmful speech.
She will be in charge of implementing the Online Safety Bill, due to come into effect later this year if approved by Parliament. Ofcom will be able to fine tech firms that fail to remove offending content up to 10% of their global revenue. But one expert said this would require "bold leadership". Ms Harling is currently managing director for Europe at NewsGuard, which audits online publishers for accuracy. "I'm really excited to be joining Ofcom's online-safety team," she said. "Legislation will enable us to introduce meaningful transparency where it has been lacking and empower Ofcom to hold platforms to account. "I can't wait to get started." -
-
-
Twitter works with news sites to tackle disinformation
Twitter will collaborate with two of the largest international news providers, Reuters and the Associated Press, to debunk disinformation on its messaging site.
The news agencies will help Twitter give more context and background information on events which create a high volume of tweets. Twitter hopes this will counteract the spread of misleading information. There has been renewed pressure to remove false content from the platform. Twitter said the partnership will enable it to ensure accurate and credible information is rapidly available "when facts are in dispute". "Rather than waiting until something goes viral, Twitter will contextualize developing discourse at pace with or in anticipation of the public conversation," Twitter said. -
Trusted platform module security defeated in 30 minutes, no soldering required
Sometimes, locking down a laptop with the latest defenses isn't enough.
Let’s say you’re a large company that has just shipped an employee a brand-new replacement laptop. And let’s say it comes preconfigured to use all the latest best security practices, including full-disk encryption using a trusted platform module, password-protected BIOS settings, UEFI SecureBoot, and virtually all other recommendations from the National Security Agency and NIST for locking down federal computer systems. And let’s say an attacker manages to intercept the machine. Can the attacker use it to hack your network? -
@mlnews said in Miscellaneous Tech News:
Trusted platform module security defeated in 30 minutes, no soldering required
Sometimes, locking down a laptop with the latest defenses isn't enough.
Let’s say you’re a large company that has just shipped an employee a brand-new replacement laptop. And let’s say it comes preconfigured to use all the latest best security practices, including full-disk encryption using a trusted platform module, password-protected BIOS settings, UEFI SecureBoot, and virtually all other recommendations from the National Security Agency and NIST for locking down federal computer systems. And let’s say an attacker manages to intercept the machine. Can the attacker use it to hack your network?tl:dr = SPI bus communicates in clear text. Use a BitLocker PIN/Password.
Hopefully this being in the media will change that.
-
-
Google+ class action starts paying out $2.15 for G+ privacy violations
Google exposed the private data of 52 million users in 2018 and got sued.
Who remembers the sudden and dramatic death of Google+? Google's Facebook competitor and "social backbone" was effectively dead inside the company around 2014, but Google let the failed service hang around for years in maintenance mode while the company spun off standalone products. In 2018, The Wall Street Journal reported that Google+ had exposed the private data of "hundreds of thousands of users" for years, that Google knew about the problem, and that the company opted not to disclose the data leak for fear of regulatory scrutiny. In the wake of the report, Google was forced to acknowledge the data leak, and the company admitted that the "private" data of 500,000 accounts actually wasn't private. Since nobody worked on Google+ anymore, Google's "fix" for the bug was to close Google+ entirely. Then the lawsuits started. -
@mlnews said in Miscellaneous Tech News:
Google+ class action starts paying out $2.15 for G+ privacy violations
Google exposed the private data of 52 million users in 2018 and got sued.
Who remembers the sudden and dramatic death of Google+? Google's Facebook competitor and "social backbone" was effectively dead inside the company around 2014, but Google let the failed service hang around for years in maintenance mode while the company spun off standalone products. In 2018, The Wall Street Journal reported that Google+ had exposed the private data of "hundreds of thousands of users" for years, that Google knew about the problem, and that the company opted not to disclose the data leak for fear of regulatory scrutiny. In the wake of the report, Google was forced to acknowledge the data leak, and the company admitted that the "private" data of 500,000 accounts actually wasn't private. Since nobody worked on Google+ anymore, Google's "fix" for the bug was to close Google+ entirely. Then the lawsuits started.And, let's hope, that there is some regulatory scrutiny over this!
-
Spotify calls off plans to support AirPlay 2, frustrating iPhone users
It's not a surprise to iOS users, but it's still a disappointment.
iPhone users have been asking for Spotify to add AirPlay 2 support for ages, but yesterday Spotify told users they shouldn't expect the feature to be added any time soon. AirPlay 2 was added to iOS more than three years ago, and users have been asking for Spotify to support it for many months. It offers lower latency, multi-room support, and Siri integration. Apple provides ways for developers to connect experiences to it, and sometimes works directly with prominent app developers who are seeking to implement it. Many other major audio apps on the iPhone support it. AirPlay 2 has become available in several non-Apple products too, like recent TVs from manufactures such as Samsung and LG.
