feed on feeds - 2019/10/08 - items 0 to 15

D-Link won't patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code. Threatpost reports: The vulnerability (CVE-2019-16920) exists in the latest firmware for the DIR-655, DIR-866L, DIR-652 and DHP-1565 products, which are Wi-Fi routers for the home market. D-Link last week told Fortinet's FortiGuard Labs, which first discovered the issue in September, that all four of them are end-of-life and no longer sold or supported by the vendor (however, the models are still available as new via third-party sellers). The root cause of the vulnerability, according to Fortinet, is a lack of a sanity check for arbitrary commands that are executed by the native command-execution function. Fortinet describes this as a "typical security pitfall suffered by many firmware manufacturers." With no patch available, affected users should upgrade their devices as soon as possible.

Read more of this story at Slashdot.

We need a new name for podcast-like things that have no feeds, are locked behind a paywall, can't be archived, cited or shared, and don't create any kind of record.

Something like "Dead-end-cast."

Or "Business-model-cast."

Or "VC-friendsly-cast."

A long thread on Hacker News about yesterday's anniversary. One commenter said "I feel bad for Dave. He was so early to the table on so many occasions yet he was left behind and never really made it big monetarily. He is the definition of missing the boat." I replied "Please don't feel bad. I was never trying to make a lot of money from the web. I had lots of opportunities to sell out. I did that once, in the 80s, and that has funded my creative work ever since. Money isn't that useful, I learned, pretty early-on. Here's a piece I wrote about that recently." I'd add that I was disappointed that when the VCs started RSS companies and then podcast companies, they did it with other people, with imho predictably bad results. That was disappointing, but what the hell, no one made any money from those things, and I get to enjoy the podcasts and feeds as much as anyone. And for that I'm grateful. I also wish people like Zuckerberg cared more about the ecosystem, but he and I look at the world differently.

The bill would tighten the laws around the exchange of campaign information between candidates and foreign governments.

Antonio Costa asked form a new government after his centre-left Socialists came first in Sunday's election.

An anonymous reader quotes a report from Reuters: The U.S. government widened its trade blacklist to include some of China's top artificial intelligence startups, punishing Beijing for its treatment of Muslim minorities and ratcheting up tensions ahead of high-level trade talks in Washington this week. The decision, which drew a sharp rebuke from Beijing, targets 20 Chinese public security bureaus and eight companies including video surveillance firm Hikvision, as well as leaders in facial recognition technology SenseTime Group Ltd and Megvii Technology Ltd. The action bars the firms from buying components from U.S. companies without U.S. government approval -- a potentially crippling move for some of them. It follows the same blueprint used by Washington in its attempt to limit the influence of Huawei for what it says are national security reasons. The Commerce Department said in a filing the "entities have been implicated in human rights violations and abuses in the implementation of China's campaign of repression, mass arbitrary detention, and high-technology surveillance against Uighurs, Kazakhs, and other members of Muslim minority groups." "The U.S. Government and Department of Commerce cannot and will not tolerate the brutal suppression of ethnic minorities within China," said Secretary of Commerce Wilbur Ross. In response, foreign ministry spokesman Geng Shuang said the U.S. should stop interfering in its affairs and that it will continue to take firm and resolute measures to protect its sovereign security.