Miscellaneous Tech News
-
@jaredbusch said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
Not actually ahigh risk unless someone already has local access to the system. I mean serious exploit, yes. But first you need to be on the system.
"If an unprivileged local attacker creates, mounts, and deletes a deep directory structure whose total path length exceeds 1GB, and if the attacker open()s and read()s /proc/self/mountinfo, then" through a series of other maneuvers you can write to out of bounds memory.
Yeah, I'd put it as moderate.
-
Kaseya gets master decryptor to help customers still suffering from REvil attack
REvil ransomware struck as many as 1,500 networks, but a master key is now available.
Kaseya—the remote management software seller at the center of a ransomware operation that struck as many as 1,500 downstream networks—said it has obtained a decryptor that should successfully restore data encrypted during the Fourth of July weekend attack. Affiliates of REvil, one of the Internet’s most cutthroat ransomware groups, exploited a critical zero-day vulnerability in Miami, Florida-based Kaseya’s VSA remote management product. The vulnerability—which Kaseya was days away from patching—allowed the ransomware operators to compromise the networks of about 60 customers. From there, the extortionists infected as many as 1,500 networks that relied on the 60 customers for services. -
Zuckerberg wants Facebook to become online 'metaverse'
Mark Zuckerberg has laid out his vision to transform Facebook from a social media network into a “metaverse company” in the next five years.
A metaverse is an online world where people can game, work and communicate in a virtual environment, often using VR headsets. The Facebook CEO described it as “an embodied internet where instead of just viewing content - you are in it”. He told The Verge people shouldn't live through “small, glowing rectangles”. “That’s not really how people are made to interact,” he said, speaking of reliance on mobile phones. “A lot of the meetings that we have today, you’re looking at a grid of faces on a screen. That’s not how we process things either.” -
-
UK worries Starlink and OneWeb may interfere with each other, plans new rules
Ofcom says complexity of giant satellite networks raises interference concerns.
A UK government agency is worried that OneWeb, SpaceX's Starlink, and similar low Earth orbit (LEO) satellite-broadband systems could block each others' signals. Ofcom, the UK's communications regulator, proposed new rules today in a report that details its interference concerns. Ofcom also said it intends to amend satellite licenses already issued to SpaceX and OneWeb to require coordination of frequency use. Without new requirements, the risk of interference could prevent competition by shutting new players out of the market, Ofcom said. -
@scottalanmiller said in Miscellaneous Tech News:
The windows Team must have their hands full with all this patching they must be doing lately.
-
Instagram makes under-16s' accounts private by default
Instagram has made new under-16s' accounts private by default so only approved followers can see posts and "like" or comment.
Tests showed only one in five opted for a public account when the private setting was the default, it said. And existing account holders would be sent a notification "highlighting the benefits" of switching to private. But Instagram also said it was pushing ahead with new apps for under-13s, despite a backlash from some groups. "The reality is that they are already online and, with no foolproof way to stop people from misrepresenting their age, we want to build experiences designed specifically for them, managed by parents and guardians," parent company Facebook said. -
Ofcom appoints online safety head to take on big tech
Regulator Ofcom has announced Anna-Sophie Harling will be its online safety head, dealing with how the tech giants regulate harmful speech.
She will be in charge of implementing the Online Safety Bill, due to come into effect later this year if approved by Parliament. Ofcom will be able to fine tech firms that fail to remove offending content up to 10% of their global revenue. But one expert said this would require "bold leadership". Ms Harling is currently managing director for Europe at NewsGuard, which audits online publishers for accuracy. "I'm really excited to be joining Ofcom's online-safety team," she said. "Legislation will enable us to introduce meaningful transparency where it has been lacking and empower Ofcom to hold platforms to account. "I can't wait to get started." -
-
-
Twitter works with news sites to tackle disinformation
Twitter will collaborate with two of the largest international news providers, Reuters and the Associated Press, to debunk disinformation on its messaging site.
The news agencies will help Twitter give more context and background information on events which create a high volume of tweets. Twitter hopes this will counteract the spread of misleading information. There has been renewed pressure to remove false content from the platform. Twitter said the partnership will enable it to ensure accurate and credible information is rapidly available "when facts are in dispute". "Rather than waiting until something goes viral, Twitter will contextualize developing discourse at pace with or in anticipation of the public conversation," Twitter said. -
Trusted platform module security defeated in 30 minutes, no soldering required
Sometimes, locking down a laptop with the latest defenses isn't enough.
Let’s say you’re a large company that has just shipped an employee a brand-new replacement laptop. And let’s say it comes preconfigured to use all the latest best security practices, including full-disk encryption using a trusted platform module, password-protected BIOS settings, UEFI SecureBoot, and virtually all other recommendations from the National Security Agency and NIST for locking down federal computer systems. And let’s say an attacker manages to intercept the machine. Can the attacker use it to hack your network? -
@mlnews said in Miscellaneous Tech News:
Trusted platform module security defeated in 30 minutes, no soldering required
Sometimes, locking down a laptop with the latest defenses isn't enough.
Let’s say you’re a large company that has just shipped an employee a brand-new replacement laptop. And let’s say it comes preconfigured to use all the latest best security practices, including full-disk encryption using a trusted platform module, password-protected BIOS settings, UEFI SecureBoot, and virtually all other recommendations from the National Security Agency and NIST for locking down federal computer systems. And let’s say an attacker manages to intercept the machine. Can the attacker use it to hack your network?tl:dr = SPI bus communicates in clear text. Use a BitLocker PIN/Password.
Hopefully this being in the media will change that.
-
-
Google+ class action starts paying out $2.15 for G+ privacy violations
Google exposed the private data of 52 million users in 2018 and got sued.
Who remembers the sudden and dramatic death of Google+? Google's Facebook competitor and "social backbone" was effectively dead inside the company around 2014, but Google let the failed service hang around for years in maintenance mode while the company spun off standalone products. In 2018, The Wall Street Journal reported that Google+ had exposed the private data of "hundreds of thousands of users" for years, that Google knew about the problem, and that the company opted not to disclose the data leak for fear of regulatory scrutiny. In the wake of the report, Google was forced to acknowledge the data leak, and the company admitted that the "private" data of 500,000 accounts actually wasn't private. Since nobody worked on Google+ anymore, Google's "fix" for the bug was to close Google+ entirely. Then the lawsuits started. -
@mlnews said in Miscellaneous Tech News:
Google+ class action starts paying out $2.15 for G+ privacy violations
Google exposed the private data of 52 million users in 2018 and got sued.
Who remembers the sudden and dramatic death of Google+? Google's Facebook competitor and "social backbone" was effectively dead inside the company around 2014, but Google let the failed service hang around for years in maintenance mode while the company spun off standalone products. In 2018, The Wall Street Journal reported that Google+ had exposed the private data of "hundreds of thousands of users" for years, that Google knew about the problem, and that the company opted not to disclose the data leak for fear of regulatory scrutiny. In the wake of the report, Google was forced to acknowledge the data leak, and the company admitted that the "private" data of 500,000 accounts actually wasn't private. Since nobody worked on Google+ anymore, Google's "fix" for the bug was to close Google+ entirely. Then the lawsuits started.And, let's hope, that there is some regulatory scrutiny over this!
-
Spotify calls off plans to support AirPlay 2, frustrating iPhone users
It's not a surprise to iOS users, but it's still a disappointment.
iPhone users have been asking for Spotify to add AirPlay 2 support for ages, but yesterday Spotify told users they shouldn't expect the feature to be added any time soon. AirPlay 2 was added to iOS more than three years ago, and users have been asking for Spotify to support it for many months. It offers lower latency, multi-room support, and Siri integration. Apple provides ways for developers to connect experiences to it, and sometimes works directly with prominent app developers who are seeking to implement it. Many other major audio apps on the iPhone support it. AirPlay 2 has become available in several non-Apple products too, like recent TVs from manufactures such as Samsung and LG. -
New “Glowworm attack” recovers audio from devices’ power LEDs
A new class of passive TEMPEST attack converts LED output into intelligible audio.
Researchers at Ben-Gurion University of the Negev have demonstrated a novel way to spy on electronic conversations. A new paper released today outlines a novel passive form of the TEMPEST attack called Glowworm, which converts minute fluctuations in the intensity of power LEDs on speakers and USB hubs back into the audio signals that caused those fluctuations. The Cyber@BGU team—consisting of Ben Nassi, Yaron Pirutin, Tomer Gator, Boris Zadov, and Professor Yuval Elovici—analyzed a broad array of widely used consumer devices including smart speakers, simple PC speakers, and USB hubs. The team found that the devices' power indicator LEDs were generally influenced perceptibly by audio signals fed through the attached speakers. -
Today’s Firefox 91 release adds new site-wide cookie-clearing action
New features build on Total Cookie Protection, simplifying privacy management.
Mozilla's Firefox 91, released this morning, includes a new privacy management feature called Enhanced Cookie Clearing. The new feature allows users to manage all cookies and locally stored data generated by a particular website—regardless of whether they're cookies tagged to that site's domain or cookies placed from that site but belonging to a third-party domain, eg Facebook or Google. -
Google may cut pay of staff who work from home
Google employees in the US who opt to work from home permanently may get a pay cut.
The technology giant has developed a pay calculator that lets employees see the effects of working remotely or moving offices. Some remote employees, especially those with a long commute, could have their pay cut without changing address. Google has no plans at this time to implement the policy in the UK. Employees in many businesses have proved that working from home permanently is viable during the Covid pandemic. Many companies are looking ahead to how employees will work as the pandemic recedes, even as the US continues to battle the Delta variant of the disease.
