N e w s - F e e d s

[ Reuters | Slashdot | BBC News ]
[ Image Archive ]

Slashdot

    - Password-Leaking Bug Purged From LastPass Extensions
    Developers of the LastPass password manager have patched a vulnerability that made it possible for websites to steal credentials for the last account the user logged into using the Chrome or Opera extension. Ars Technica reports: The vulnerability was discovered late last month by Google Project Zero researcher Tavis Ormandy, who privately reported it to LastPass. In a write-up that became public on Sunday, Ormandy said the flaw stemmed from the way the extension generated popup windows. In certain situations, websites could produce a popup by creating an HTML iframe that linked to the Lastpass popupfilltab.html window, rather than through the expected procedure of calling a function called do_popupregister(). In some cases, this unexpected method caused the popups to open with a password of the most recently visited site. "Because do_popupregister() is never called, ftd_get_frameparenturl() just uses the last cached value in g_popup_url_by_tabid for the current tab," Ormandy wrote. "That means via some clickjacking, you can leak the credentials for the previous site logged in for the current tab." On Friday, LastPass published a post that said the bugs had been fixed and described the "limited set of circumstances" required for the flaws to be exploited. "To exploit this bug, a series of actions would need to be taken by a LastPass user including filling a password with the LastPass icon, then visiting a compromised or malicious site and finally being tricked into clicking on the page several times," LastPass representative Ferenc Kun wrote. "This exploit may result in the last site credentials filled by LastPass to be exposed. We quickly worked to develop a fix and verified the solution was comprehensive with Tavis."

    Read more of this story at Slashdot.



    - Facebook Advertisers Can Write Their Own Headlines For Shared News Stories
    An anonymous reader quotes a report from CBC.ca: Advertisers on Facebook are able to completely rewrite the displayed headline for news stories, CBC News has learned, opening the door for potential disinformation to spread on the platform while using news media branding as cover. When placing an ad on the platform, one option is to include a link to a website, including links to news stories. The news story's real headline is auto-filled into the ad copy, but advertisers have the option to rewrite the headline. However, the article's website address still appears in the ad, giving the impression that the headline is the one written by the article's author. This policy raises the possibility that it could be abused by political parties or third-party advertisers during the federal election campaign. The article provides an example where the UK's Conservative Party ran an ad containing a BBC article whose headline was, "14 billion pound cash boost for schools." However, the actual BBC story is headlined "School spending: Multi-billion pound cash boost announced," and instead put the number at 7.1 billion pounds, criticizing the government's use of 14 billion pound figure as not the usual way of calculating spending. Facebook is aware of the issue and said it is planning changes. "We have a system that gives publishers control over how their links appear on Facebook. We're working to put additional safeguards in place by the end of this year to make sure advertisers don't misuse this tool," said a Facebook spokesperson in an email to CBC News.

    Read more of this story at Slashdot.



    - CBS and MIT's 1960 Documentary On AI Is a Gem
    FastCompany magazine editor and Slashdot reader harrymcc writes: On the night of October 26, 1960, CBS aired a special -- coproduced with MIT -- about an emerging field of technology called 'artificial intelligence.' It featured demos -- like a checkers-playing computer and one that wrote scripts for TV westerns -- along with sound bits from leading scientists on the question of whether machines would ever think. It was well reviewed at the time and then mostly forgotten. But it's available on YouTube, and surprisingly relevant to today's AI challenges, 59 years later.

    Read more of this story at Slashdot.



    - Netflix Lands 'Seinfeld' Rights in $500M-Plus Deal After Losing 'Friends' and 'The Office'
    Seinfeld will be master of a new domain starting in 2021. From a report: Netflix has landed worldwide rights to the iconic sitcom in a five-year deal with distributor Sony. The show will move from current rightsholder Hulu when its deal is up in 2021. Sources tell The Hollywood Reporter that the new Seinfeld streaming deal is worth more than $500 million and covers global rights. By comparison, The Office and Friends moved to NBC's streaming platform and HBO Max, respectively, for similar valuations that only covered domestic. The deal, sources stress, was competitive with Netflix beating out rich offers from the likes of Amazon, NBC's streamer, HBO Max, Hulu and CBS All Access. The acquisition of Seinfeld for the streamer comes after Netflix lost rights to two other classic NBC comedies: Friends, which is moving to WarnerMedia's HBO Max in 2020, and The Office, which will be part of Comcast's streaming platform starting in 2021.

    Read more of this story at Slashdot.



    - Australia Concludes China Was Behind Hack on Parliament, Political Parties
    Australian intelligence determined China was responsible for a cyber-attack on its national parliament and three largest political parties before the general election in May, Reuters reports. From the report: Australia's cyber intelligence agency -- the Australian Signals Directorate (ASD) -- concluded in March that China's Ministry of State Security was responsible for the attack, the five people with direct knowledge of the findings of the investigation told Reuters. The report, which also included input from the Department of Foreign Affairs, recommended keeping the findings secret in order to avoid disrupting trade relations with Beijing, two of the people said. The Australian government has not disclosed who it believes was behind the attack or any details of the report.

    Read more of this story at Slashdot.



    - The World Has a Third Pole -- and It's Melting Quickly
    An anonymous reader shares a report: Many moons ago in Tibet, the Second Buddha transformed a fierce nyen (a malevolent mountain demon) into a neri (the holiest protective warrior god) called Khawa Karpo, who took up residence in the sacred mountain bearing his name. Khawa Karpo is the tallest of the Meili mountain range, piercing the sky at 6,740 metres (22,112ft) above sea level. Local Tibetan communities believe that conquering Khawa Karpo is an act of sacrilege and would cause the deity to abandon his mountain home. Nevertheless, there have been several failed attempts by outsiders -- the best known by an international team of 17, all of whom died in an avalanche during their ascent on 3 January 1991. After much local petitioning, in 2001 Beijing passed a law banning mountaineering there. However, Khawa Karpo continues to be affronted more insidiously. Over the past two decades, the Mingyong glacier at the foot of the mountain has dramatically receded. Villagers blame disrespectful human behaviour, including an inadequacy of prayer, greater material greed and an increase in pollution from tourism. People have started to avoid eating garlic and onions, burning meat, breaking vows or fighting for fear of unleashing the wrath of the deity. Mingyong is one of the world's fastest shrinking glaciers, but locals cannot believe it will die because their own existence is intertwined with it. Yet its disappearance is almost inevitable. Khawa Karpo lies at the world's "third pole." This is how glaciologists refer to the Tibetan plateau, home to the vast Hindu Kush-Himalaya ice sheet, because it contains the largest amount of snow and ice after the Arctic and Antarctic -- about 15% of the global total. However, a quarter of its ice has been lost since 1970. This month, in a long-awaited special report on the cryosphere by the Intergovernmental Panel on Climate Change (IPCC), scientists will warn that up to two-thirds of the region's remaining glaciers are on track to disappear by the end of the century. It is expected a third of the ice will be lost in that time even if the internationally agreed target of limiting global warming by 1.5C above pre-industrial levels is adhered to.

    Read more of this story at Slashdot.



    - There's a Lost Continent 1,000 Miles Under Europe
    Scientists have reconstructed the tumultuous history of a lost continent hidden underneath Southern Europe, which has been formally named "Greater Adria" in a new study. From a report: This ancient landmass broke free from the supercontinent Gondwana more than 200 million years ago and roamed for another 100 million years before it gradually plunged underneath the Northern Mediterranean basin. Researchers led by Douwe van Hinsbergen, a professor of global tectonics and paleogeography at Utrecht University, have been piecing together Greater Adria's past for a decade. The team collected rock samples from Spain to Iran, looking for the last material remnants of the continent that are accessible to scientists. The results were published this month in the journal Gondwana Research, and include an animated summary of the lost continent's birth, life, and death. Unless you live in an earthquake zone, it can be easy to forget that Earth is constantly cannibalizing its own landmasses. The map of our world morphs over the eons, as continental plates shift around, bump into each other, and undergo subduction, which occurs when one plate slides underneath another.

    Read more of this story at Slashdot.



    - SoftBank Backers Rethink Role in Next Vision Fund on WeWork
    The biggest backers of SoftBank's gargantuan Vision Fund are reconsidering how much to commit to its next investment vehicle as an oversized bet on flexible workspace provider WeWork sours. From a report: Saudi Arabia's Public Investment Fund, which contributed $45 billion to the $100 billion Vision Fund, is now only planning to reinvest profits from that vehicle into its successor, according to people familiar with the talks. Abu Dhabi's Mubadala Investment, which invested $15 billion, is considering paring its future commitment to below $10 billion, the people said, asking not to be identified in disclosing internal deliberations. A partial retreat of the two anchor investors would complicate fundraising for SoftBank Chief Executive Officer Masayoshi Son, who upended venture capital by making huge bets on promising yet unproven companies and spurring others to follow suit. Perhaps more than any other startup, WeWork has come to symbolize that brash style, and the success or failure of its IPO is likely to impact Son's ability to raise cash for future deals.

    Read more of this story at Slashdot.



    - Amazon Changed Search Algorithm in Ways That Boost Its Own Products
    Amazon.com has adjusted its product-search system to more prominently feature listings that are more profitable for the company, WSJ reported Monday citing people who worked on the project, a move, contested internally, that could favor Amazon's own brands. From the report: Late last year, these people said, Amazon optimized the secret algorithm that ranks listings so that instead of showing customers mainly the most-relevant and best-selling listings when they search -- as it had for more than a decade -- the site also gives a boost to items that are more profitable for the company. The adjustment, which the world's biggest online retailer hasn't publicized, followed a yearslong battle between executives who run Amazon's retail businesses in Seattle and the company's search team, dubbed A9, in Palo Alto, Calif., which opposed the move, the people said. Any tweak to Amazon's search system has broad implications because the giant's rankings can make or break a product. The site's search bar is the most common way for U.S. shoppers to find items online, and most purchases stem from the first page of search results, according to marketing analytics firm Jumpshot. The issue is particularly sensitive because the U.S. and the European Union are examining Amazon's dual role -- as marketplace operator and seller of its own branded products. An algorithm skewed toward profitability could steer customers toward thousands of Amazon's in-house products that deliver higher profit margins than competing listings on the site. Further reading: Amazon Falls After Report That the Company Prioritized Profit in Its Search Listings.

    Read more of this story at Slashdot.



    - Database Leaks Data on Most of Ecuador's Citizens, Including 6.7 Million Children
    The personal records of most of Ecuador's population, including children, has been left exposed online due to a misconfigured database, ZDNet reported Monday. From the report: The database, an Elasticsearch searver, was discovered two weeks ago by vpnMentor security researchers Noam Rotem and Ran Locar, who shared their findings exclusively with ZDNet. Together, we worked to analyze the leaking data, verify its authenticity, and contact the server owner. The leaky server is one of the, if not the biggest, data breaches in Ecuador's history, a small South American country with a population of 16.6 million citizens. The Elasticsearch server contained a total of approximately 20.8 million user records, a number larger than the country's total population count. The bigger number comes from duplicate records or older entries, containing the data of deceased persons.

    Read more of this story at Slashdot.



    - LastPass Bug Leaks Credentials From Previous Site
    Password manager LastPass has released an update last week to fix a security bug that exposes credentials entered on a previously visited site. From a report: The bug was discovered last month by Tavis Ormandy, a security researcher with Project Zero, Google's elite security and bug-hunting team. LastPass, believed to be the most popular password manager app today, fixed the reported issue in version 4.33.0, released last week, on September 12. If users have not enabled an auto-update mechanism for their LastPass browser extensions or mobile apps, they're advised to perform a manual update as soon as possible. This is because yesterday, Ormandy published details about the security flaw he found. The security researcher's bug report walks an attacker through the steps necessary to reproduce the bug.

    Read more of this story at Slashdot.



    - Mozilla and Creative Commons Want To Reimagine the Internet Without Ads, and They Have $100M To Do It
    An anonymous reader shares a report: Funding online content with small consumer payments rather than intrusive and privacy-compromising ads has for years been a goal for many internet theorists and publishers. "We're at a point where it's clear there's kinds of negative side effects for people and even for democracy of the data-driven ad economy that funds the internet," says Mark Surman, executive director of the Mozilla Foundation. Now, Mozilla, Creative Commons, and a new micropayment startup have announced a $100 million grant program to finally bring that dream to fruition. The program, called Grant for the Web, will give roughly $20 million per year for five years to content sites, open source infrastructure developers, and others building around Web Monetization, a proposed browser standard for micropayments. "When we started Coil, Coil was essentially the first Web Monetization provider," says founder and CEO Stefan Thomas. Coil users pay a fixed monthly fee that's distributed among sites they visit that have Web Monetization enabled, such as the web development site CSS-Tricks, based on how long they visit the sites. The underlying technology supports other providers routing user funding as well.

    Read more of this story at Slashdot.



    - Russia Carried Out a 'Stunning' Breach of FBI Communications System, Escalating the Spy Game on US Soil
    Zach Dorfman, Jenna McLaughlin, and Sean D. Naylor, reporting for Yahoo News: On Dec. 29, 2016, the Obama administration announced that it was giving nearly three dozen Russian diplomats just 72 hours to leave the United States and was seizing two rural East Coast estates owned by the Russian government. As the Russians burned papers and scrambled to pack their bags, the Kremlin protested the treatment of its diplomats, and denied that those compounds -- sometimes known as the "dachas" -- were anything more than vacation spots for their personnel. The Obama administration's public rationale for the expulsions and closures -- the harshest U.S. diplomatic reprisals taken against Russia in several decades -- was to retaliate for Russian meddling in the 2016 presidential election. But there was another critical, and secret, reason why those locations and diplomats were targeted. Both compounds, and at least some of the expelled diplomats, played key roles in a brazen Russian counterintelligence operation that stretched from the Bay Area to the heart of the nation's capital , according to former U.S. officials. The operation, which targeted FBI communications, hampered the bureau's ability to track Russian spies on U.S. soil at a time of increasing tension with Moscow, forced the FBI and CIA to cease contact with some of their Russian assets, and prompted tighter security procedures at key U.S. national security facilities in the Washington area and elsewhere, according to former U.S. officials. It even raised concerns among some U.S. officials about a Russian mole within the U.S. intelligence community. "It was a very broad effort to try and penetrate our most sensitive operations," said a former senior CIA official. American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams. Officials also feared that the Russians may have devised other ways to monitor U.S. intelligence communications, including hacking into computers not connected to the internet. Senior FBI and CIA officials briefed congressional leaders on these issues as part of a wide-ranging examination on Capitol Hill of U.S. counterintelligence vulnerabilities.

    Read more of this story at Slashdot.



    - Extreme Weather Events This Decade Have Cost America $750B
    An anonymous reader quotes NBC News: An analysis of weather disasters that did more than $1 billion in damage from the National Centers for Environmental Information finds that such high-cost events are up markedly since the 1980s. (The dollar figures for the events were adjusted for inflation.) There have been 250 such events since 1980 and almost half them, 111, have occurred in the current decade. And the 2019 figure does not include any events after May, so Hurricane Dorian is not on the list yet. There were only 28 billion-dollar weather events in the 1980s. There is a wide range of events in that extreme weather calculation. Besides hurricanes, it includes floods, droughts, freezes, severe storms, wildfires and winter storms. And there are some trends in the data. For instance, there were seven freeze/winter storm events on the list in the 1980s, but only six (so far) in the current decade. But there were only seven severe storms on the 1980s list and 64 in the current decade... The 28 high-impact weather events in the 1980s cost a total of about $172 billion in inflation-adjusted dollars. But the current set of 111 storms this decade has cost a total of more than $761 billion dollars. Again, that does not include the costs of Dorian and of two other events on the list -- the March floods in the Midwest and May floods of the Southern Plains. When you tally it all up, the costs are likely to end up at three-quarters of a trillion dollars or more. And that's just for this decade. At this pace, the number seems all but certain to climb over the trillion-dollar mark in the 2020s. And then there are the human costs. The number of fatalities from these extreme weather events has largely been climbing -- from 2,800 in the 1980s to almost 5,200 this decade (again before Dorian's damage is added in).

    Read more of this story at Slashdot.



    - 'Men In Black' Director Barry Sonnenfeld Calls 8K, Netflix HDR 'Stupid'
    CIStud writes Barry Sonnenfeld, director of the "Men in Black" series, "Get Shorty" and most recently Netflix's "Series of Unfortunate Events", says 8K is "only good for sports" and High Dynamic Range (HDR) is "stupid" and "a waste." Sonnenfeld, speaking with actor Patrick Warburton at the CEDIA Expo last week in Denver, called for a "filmmaker mode" on all TVs that can turn off unwanted HDR. He says Netflix's insistence everything be shot in HDR altered the cinematography on "Series of Unfortunate Events" to his disliking. Sonnenfeld said Netflix and other streaming services feel HDR makes them appear "next level" from a technology perspective, according to the article, then conceded that "HDR is the future... but it shouldn't be. It's great for watching sports, like hockey, but nothing else... " He also said today's cinematographers are actually using older lenses and filters on digital cameras to make them look like they weren't shot with a 4K or 8K camera. "The problem with 8K and even 4K is that all it is doing is bringing us closer to a video game aesthetic. It just looks more and more 'not real.' I can't watch any Marvel movies because none of the visual effects look real." And both Sonnenfeld and Patrick Warburton believe that subscribers to streaming services should be able to watch first-run movies at home the same day the films are released in theaters.

    Read more of this story at Slashdot.





Old Board