Miscellaneous Tech News
-
@stacksofplates said in Miscellaneous Tech News:
https://www.the-sun.com/tech/3525714/microsoft-power-apps-exposed-data-leaks/
Kind of click-baity title but power apps automatically makes a database public when you enable an API to interact with the database.
At what point do we hold people (Microsoft) criminally liable who design and implement these systems with such poor security practices, by default the database was public when using an API....
Um my 3 year old would know better than to use that as a default setting.
-
Google Pay team reportedly in major upheaval after botched app revamp
"Dozens of employees and executives have left" the struggling payments division.
Google Pay is apparently just as much a disaster internally as the app transition has been externally. That's the big takeaway from a recent Business Insider article detailing an exodus of executives from Google's payment division, lower-than-expected app adoption, and employees frustrated with the slow movement of the division. Business Insider spoke with ex-employees and learned that "dozens of employees and executives have left" the Google Payments team in recent months, including "at least seven leaders on the team with roles of director or vice president." The most prominent departure, of payments chief Caesar Sengupta, kicked off the exodus in April, and now employees are worried about another reorganization and even slower progress. Many rank-and-file team members have reportedly departed, too, with the story saying, "One former employee estimated that half the people working on the business-development team for Google Pay—a group of about 40 people—have left the company in recent months." -
-
As expected, another vendor hardware installer exposed critical Windows 10 bug...
-
Need to get root on a Windows box? Plug in a Razer gaming mouse
Razer's automatically downloaded installer exposes a SYSTEM shell to any user.
This weekend, security researcher jonhat disclosed a long-standing security bug in the Synapse software associated with Razer gaming mice. During software installation, the wizard produces a clickable link to the location where the software will be installed. Clicking that link opens a File Explorer window to the proposed location—but that File Explorer spawns with SYSTEM process ID, not with the user's. By itself, this vulnerability in Razer Synapse sounds like a minor issue—after all, in order to launch a software installer with SYSTEM privileges, a user would normally need to have Administrator privileges themselves. Unfortunately, Synapse is a part of the Windows Catalog—which means that an unprivileged user can just plug in a Razer mouse, and Windows Update will cheerfully download and run the exploitable installer automatically. -
@mlnews said in Miscellaneous Tech News:
Need to get root on a Windows box? Plug in a Razer gaming mouse
Razer's automatically downloaded installer exposes a SYSTEM shell to any user.
This weekend, security researcher jonhat disclosed a long-standing security bug in the Synapse software associated with Razer gaming mice. During software installation, the wizard produces a clickable link to the location where the software will be installed. Clicking that link opens a File Explorer window to the proposed location—but that File Explorer spawns with SYSTEM process ID, not with the user's. By itself, this vulnerability in Razer Synapse sounds like a minor issue—after all, in order to launch a software installer with SYSTEM privileges, a user would normally need to have Administrator privileges themselves. Unfortunately, Synapse is a part of the Windows Catalog—which means that an unprivileged user can just plug in a Razer mouse, and Windows Update will cheerfully download and run the exploitable installer automatically.Days late, we've discussed this in depth. Arstechnica needs to step up their game
-
Overwatch to change cowboy character McCree's name
Jesse McCree, a character in Blizzard's Overwatch game, will be renamed in the wake of fallout over sexual harassment allegations against the company.
The in-game McCree, a revolver-toting cowboy character, was named after a real-life Blizzard staff member. In August, he and two other executives left the company without explanation. In a statement, the Overwatch team said it was "necessary to change the name... to something that better represents what Overwatch stands for". "Going forward, in-game characters will no longer be named after real employees," it promised. But the Overwatch developers did not reveal what the character's new name would be. -
Azure Databases Compromised.
-
Update on Windows 11 minimum system requirements and the PC Health Check app
First, an update on Windows 11 minimum system requirements based, in part, on feedback from the Windows Insider community. Second, information on the updated PC Health Check app that is now available to Windows Insiders.
-
-
@dustinb3403 said in Miscellaneous Tech News:
Worst cloud vulnerability you can imagine” discovered in Microsoft Azure
Arstechnica needs to step up their game
-
@dustinb3403 said in Miscellaneous Tech News:
Worst cloud vulnerability you can imagine” discovered in Microsoft Azure
Who woulda thought that misconfiguring services could open up vulnerabilities?
-
@obsolesce said in Miscellaneous Tech News:
Who woulda thought that misconfiguring services could open up vulnerabilities?
WTF are you trying to say here?
Yes the cloud provider left a gaping hole. There was nothing misconfigured by users.
-
@jaredbusch said in Miscellaneous Tech News:
@obsolesce said in Miscellaneous Tech News:
Who woulda thought that misconfiguring services could open up vulnerabilities?
WTF are you trying to say here?
Yes the cloud provider left a gaping hole. There was nothing misconfigured by users.
I took it as a misconfiguration on the customers part. But reading it again now, not sure if a misconfiguration on MS's part or the customer. But yes, that is in addition to a vulnerability with the service itself. That part I wasn't debating.
-
I know you "Anti" Windows people won't care about this
But something new about the Windows 11 OOBE
Based on your feedback, we have added the ability to name your PC during the setup experience too -
@hobbit666 said in Miscellaneous Tech News:
I know you "Anti" Windows people won't care about this
But something new about the Windows 11 OOBE
Based on your feedback, we have added the ability to name your PC during the setup experience tooOMG! about fucking time!!!! they brought that back.
-
@hobbit666 said in Miscellaneous Tech News:
I know you "Anti" Windows people won't care about this
But something new about the Windows 11 OOBE
Based on your feedback, we have added the ability to name your PC during the setup experience tooKinda ridiculous it took this long. I always liked that you could do it when installing a Linux OS.
-
New Fossil smartwatches are still stuck in the bad old days of Wear OS
Gen 6 watches are slower, costlier, and have older software than a Galaxy Watch 4.
Before Samsung showed up and took over the Wear OS ecosystem, the top Android smartwatch manufacturer was Fossil. Even after Samsung's arrival, Fossil is still going, and today the company announced the Fossil Gen 6 watches. The Gen 6 Fossil watches are the company's first to ship with Qualcomm's Snapdragon Wear 4100+, a 12 nm, Cortex A53-based ARM chip. The "plus" at the end of that 4100 model number means there's a low-power co-process on the SoC now, which can handle things like health tracking without waking up the big cores. It looks like the new SoC is the only upgrade over the gen 5 watches. There's still a 1.28-inch OLED display, 1GB of RAM, and 8GB of storage. Fossil doesn't say how big the battery is, but it charges to 80 percent in 30 minutes. The watch has GPS, NFC, Wi-Fi, a PPG heart rate sensor, and is water-resistant. -
@mlnews said in Miscellaneous Tech News:
New Fossil smartwatches are still stuck in the bad old days of Wear OS
Gen 6 watches are slower, costlier, and have older software than a Galaxy Watch 4.
Before Samsung showed up and took over the Wear OS ecosystem, the top Android smartwatch manufacturer was Fossil. Even after Samsung's arrival, Fossil is still going, and today the company announced the Fossil Gen 6 watches. The Gen 6 Fossil watches are the company's first to ship with Qualcomm's Snapdragon Wear 4100+, a 12 nm, Cortex A53-based ARM chip. The "plus" at the end of that 4100 model number means there's a low-power co-process on the SoC now, which can handle things like health tracking without waking up the big cores. It looks like the new SoC is the only upgrade over the gen 5 watches. There's still a 1.28-inch OLED display, 1GB of RAM, and 8GB of storage. Fossil doesn't say how big the battery is, but it charges to 80 percent in 30 minutes. The watch has GPS, NFC, Wi-Fi, a PPG heart rate sensor, and is water-resistant.Just got a Gen 5 refurb and can't really complain. One of the guys at work is a die-hard Samsung fan but won't get another one of their watches until they either ditch the Samsung Pay or at least allow their stuff to work with the Google Pay ecosystem.
-
Hackers steal $29 million from crypto-platform Cream Finance
Hackers are estimated to have stolen more than $29 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations.
The company confirmed the hack earlier today, half an hour after blockchain security firm PeckShield noticed signs of an ongoing attack. Cream Finance said the hacker used a “reentrancy attack” in its “flash loan” feature to steal 418,311,571 in AMP tokens (estimated at around $25.1 million at the time of the hack) and 1,308.09 in ETH coins (estimated at around $4.15 million). The term “flash loan” refers to a contract (script) that runs on the Etherium blockchain that allows Cream Finance users to take quick loans from the company’s funds and then return them at a later date.