An anonymous reader quotes a report from ZDNet: WordPress site owners who use commercial themes provided by ThemeGrill are advised to update one of the plugins that come installed with these themes in order to patch a critical bug that can let attackers wipe their sites. The vulnerability resides in ThemeGrill Demo Importer, a plugin that ships with themes sold by ThemeGrill, a web development company that sells commercial WordPress themes. The plugin, which is installed on more than 200,000 sites, allows site owners to import demo content inside their ThemeGrill themes so they'll have examples and a starting point on which they can build their own sites. However, in a report published yesterday, WordPress security firm WebARX says that older versions of the ThemeGrill Demo Importer are vulnerable to remote attacks from unauthenticated attackers. Remote hackers can send a specially crafted payload to vulnerable sites and trigger a function inside the plugin. The vulnerable function resets the site's content to zero, effectively wiping the content of all WordPress sites where a ThemeGrill theme is active, and the vulnerable plugin is installed. Furthermore, if the site's database contains a user named "admin," then the attacker is granted access to that user with full administrator rights over the site.

Read more of this story at Slashdot.

Apple said on Monday that it does not expect to meet the revenue guidance for the March quarter. In a press release, the company added: As the public health response to COVID-19 continues, our thoughts remain with the communities and individuals most deeply affected by the disease, and with those working around the clock to contain its spread and to treat the ill. Apple is more than doubling our previously announced donation to support this historic public health effort. Our quarterly guidance issued on January 28, 2020 reflected the best information available at the time as well as our best estimates about the pace of return to work following the end of the extended Chinese New Year holiday on February 10. Work is starting to resume around the country, but we are experiencing a slower return to normal conditions than we had anticipated. As a result, we do not expect to meet the revenue guidance we provided for the March quarter due to two main factors. The first is that worldwide iPhone supply will be temporarily constrained. While our iPhone manufacturing partner sites are located outside the Hubei province -- and while all of these facilities have reopened -- they are ramping up more slowly than we had anticipated. The health and well-being of every person who helps make these products possible is our paramount priority, and we are working in close consultation with our suppliers and public health experts as this ramp continues. These iPhone supply shortages will temporarily affect revenues worldwide. The second is that demand for our products within China has been affected. All of our stores in China and many of our partner stores have been closed. Additionally, stores that are open have been operating at reduced hours and with very low customer traffic. We are gradually reopening our retail stores and will continue to do so as steadily and safely as we can.

Read more of this story at Slashdot.

MORE II refcard from the late 80s. We used to include these in our products, a quick summary of all the keystrokes the software responds to. I'm glad to have this online now.,

Days before Julian Assange's extradition hearings are set to continue, WikiLeaks' journalist Kristin Hrafnsson reports that the official WikiLeaks twitter account has been locked. "All attempts to get it reopened via regular channels have been unsuccessful," writes Hrafnsson in a tweet. "It has been impossible to reach a human at twitter to resolve the issue. Can someone fix this?" RT reports: The @wikileaks account's most recent posts date back to February 9 and concern the dire precedent set by extraditing a publisher to stand trial on espionage charges. Assange's extradition hearing in the UK, which a court ordered to be split into two parts, is set to begin next week, while the second half is scheduled for May. The publisher's lawyers have complained that access to their client is being restricted, and Assange was only recently moved from solitary confinement at Belmarsh prison after his fellow inmates staged a protest. The UN special rapporteur on torture Nils Melzer has accused the UK government of contributing to Assange's "psychological torture" after examining the activist last year. ZeroHedge also points out that this isn't the first time WikiLeaks' account was locked. In 2016, "Twitter lit up in late July with allegations that it tried to suppress news that secret-leaking website Wikileaks exposed thousands of emails obtained from the servers of the Democratic National Committee," reports ZeroHeads, citing The Washington Examiner. "Friday afternoon, users noted, '#DNCLeaks' was trending, with more than 250,000 tweets about it on the platform. By Friday evening, it vanished completely from the site's 'trending' bar for at least 20 minutes. It returned as '#DNCLeak' after users erupted, though it was too late to quell their rage." For what it's worth, Twitter CEO Jack Dorsey at the time denied any attempt to intentionally silence the account.

Read more of this story at Slashdot.

Mike Godwin, the first staff counsel of the Electronic Frontier Foundation, writes in a column: Another thing we clearly got wrong is how large platforms would rise to dominate their markets -- even though they never received the kind of bespoke regulated-monopoly partnership with governments that, generations before, the telephone companies had received. In most of today's democracies, Google dominates search and Facebook dominates social media. In less-democratic nations, counterpart platforms -- like Baidu and Weibo in China or VK in Russia -- dominate their respective markets, but their relationships with the relevant governments are cozier, so their market-dominant status isn't surprising. We didn't see these monopolies and market-dominant players coming, although we should have. Back in the 1990s, we thought that a thousand website flowers would bloom and no single company would be dominant. We know better now, particularly because of the way social media and search engines can built large ecosystems that contain smaller communities -- Facebook's Groups is only the most prominent example. Market-dominant players face temptations that a gaggle of hungry, competitive startups and "long tail" services don't, and we'd have done better in the 1990s if we'd anticipated this kind of consolidation and thought about how we might respond to it as a matter of public policy. We should have -- the concern about monopolies, unfair competition, and market concentration is an old one in most developed countries -- but I have no reflexive reaction either for or against antitrust or other market-regulatory approaches to address this concern, so long as the remedies don't create more problems than they solve. What's new and more troubling is the revival of the idea, after more than half a century of growing freedom-of-expression protections, that maybe there's just too much free speech. There's a lot to unpack here. In the 1990s, social conservatives wanted more censorship, particularly of sexual content. Progressive activists back then generally wanted less. Today, progressives frequently argue that social media platforms are too tolerant of vile, offensive, hurtful speech, while conservatives commonly insist that the platforms censor too much (or at least censor them too much). Both sides miss obvious points. Those who think there needs to be more top-down censorship from the tech companies imagine that when censorship efforts fail, it means the companies aren't trying hard enough to enforce their content policies. But the reality is that no matter how much money and manpower (plus less-than-perfect "artificial intelligence") Facebook throws at curating hateful or illegal content on its services, and no matter how well-meaning Facebook's intentions are, a user base edging toward 3 billion people is always going to generate hundreds of thousands, and perhaps millions, of false positives every year. On the flip side, those who want to restrict companies' ability to censor content haven't given adequate thought to the consequences of their demands. If Facebook or Twitter became what Sen. Ted Cruz calls a "neutral public forum," for example, they might become 8chan writ large. That's not very likely to make anyone happier with social media.

Read more of this story at Slashdot.

Microsoft has published a roadmap for the new Microsoft Edge. The roadmap includes features that are currently planned, in discussion, under review, and not planned. It gives an insight into the new Microsoft Edge's development because you can see where Microsoft is trying to take the browser. From a report: Here are a few notable features Microsoft plans to roll out to the new Microsoft Edge: 1. Enable sync of installed browser extensions between devices 2. Enable sync of browsing history between devices 3. Make Edge available on Linux 4. Support read aloud of PDF files 5. Add the ability to ink on web pages

Read more of this story at Slashdot.

Amazon CEO Jeff Bezos says he's launching a $10 billion Bezos Earth Fund that will issue grants aimed at addressing climate change -- a move that comes less than a month after hundreds of Amazon employees criticized what they saw as the company's weak commitment to tackling the issue. From a report: Bezos, who's the world's richest individual with a net worth estimated at nearly $130 billion, unveiled his philanthropic initiative in an Instagram post. "Climate change is the biggest threat to our planet," he wrote. "I want to work alongside others both to amplify known ways and to explore new ways of fighting the devastating impact of climate change on this planet we all share."

Read more of this story at Slashdot.

SpaceX on Monday successfully sent another batch of Starlink satellites into orbit but didn't quite stick the landing of its Falcon 9 rocket. From a report: Elon Musk's space company did achieve its primary objective of sending 60 more flying nodes for its nascent global broadband service into space, bringing the total number of Starlink satellites in low-Earth orbit to nearly 300. A secondary goal for the fifth Starlink mission, as with most SpaceX launches, was to recover the first stage of the Falcon 9 by landing it on a droneship stationed in the Atlantic Ocean. But this time the rocket missed the mark by a smidge. At the time it was expected to land, the live webcast from the droneship showed smoke or steam just off camera as the Falcon 9 made a "soft water landing." SpaceX reported during the webcast that the rocket appears to be intact and floating on the ocean, but it remains unclear whether it can be recovered. The booster had a useful life, having already launched three earlier SpaceX missions in 2019 before Monday's Starlink mission. Had it landed successfully, it would have been the 50th successful booster landing for the company. Now we may have to wait until the next planned Falcon 9 launch on March 2 to see that milestone.

Read more of this story at Slashdot.

Google scolded Samsung this week for an issue discovered on the Korean phone maker's Galaxy A50. From a report: Google says Samsung made "unnecessary changes to Android's core kernel," adding the changes Samsung made threaten rather than strengthen the phone's security. The tech giant has a vested interest in making sure Android is secure for OEMs and end users alike. Earlier this week Google announced it has made measurable efforts to limit malicious apps on its Google Play Store and it's clamping down on the permissions apps can request, resulting in a 98% reduction in requests for access to user's call history and text messages. It's also been tackling more worrying bugs, like self-reinstalling ones. But in this instance, it's a hardware partner that's causing the problems. In a detailed blog post from Google's Project Zero Team, researcher Jann Honn outlines the exact issue with Samsung's changes to the Android kernel on the A50. Samsung's changes included a security feature to restrict an attacker from reading or modifying user data, but Honn says the move is "futile" and rather than bolstering security, it introduces vulnerabilities that could increase an attacker's ability to arbitrarily execute code.

Read more of this story at Slashdot.

Elon Musk's Tesla technology is far ahead of the industry giants, a new report has concluded. From the report: This is the takeaway from Nikkei Business Publications' teardown of the Model 3, the most affordable car in the U.S. automaker's all-electric lineup, starting at about $33,000. What stands out most is Tesla's integrated central control unit, or "full self-driving computer." Also known as Hardware 3, this little piece of tech is the company's biggest weapon in the burgeoning EV market. It could end the auto industry supply chain as we know it. One stunned engineer from a major Japanese automaker examined the computer and declared, "We cannot do it." The module -- released last spring and found in all new Model 3, Model S and Model X vehicles -- includes two custom, 260-sq.-millimeter AI chips. Tesla developed the chips on its own, along with special software designed to complement the hardware. The computer powers the cars' self-driving capabilities as well as their advanced in-car "infotainment" system. This kind of electronic platform, with a powerful computer at its core, holds the key to handling heavy data loads in tomorrow's smarter, more autonomous cars. Industry insiders expect such technology to take hold around 2025 at the earliest. That means Tesla beat its rivals by six years. The implications for the broader auto industry are huge and -- for some -- frightening. Tesla built this digital nerve center through a series of upgrades to the original Autopilot system it introduced in 2014. What was also called Hardware 1 was a driver-assistance system that allowed the car to follow others, mostly on highways, and automatically steer in a lane. Every two or three years, the company pushed the envelope further, culminating in the full self-driving computer.

Read more of this story at Slashdot.

Labour calls for Andrew Sabisky to be sacked over reported comments on race and eugenics.

Google said on Monday that it is winding down Google Station, a program that rolled out free Wi-Fi in more than 400 railway stations in India and "thousands" of other public places in several additional pockets of the world. The company worked with a number of partners on the program. From a report: Caesar Sengupta, VP of Payments and Next Billion Users at Google, said the program, launched in 2015, helped millions of users surf the internet -- a first for many -- and not worry about the amount of data they consumed. But as mobile data prices got cheaper in many markets including India, Google Station was no longer as necessary, he said. The company plans to discontinue the program this year. Additionally, it had become difficult for Google to find a sustainable business model to scale the program, the company said, which in recent years expanded Station to Indonesia, Mexico, Thailand, Nigeria, Philippines, Brazil and Vietnam. The company launched the program in South Africa just three months ago.

Read more of this story at Slashdot.

schwit1 writes: Purdue President Mitch Daniels announced Saturday night the university would freeze tuition for the 9th straight year, holding it at 2012 levels through 2021-22. If Purdue can do it, why can't everyone else?

Read more of this story at Slashdot.

Members of the Hamas Palestinian militant group have posed as young teenage girls to lure Israeli soldiers into installing malware-infected apps on their phones, a spokesperson for the Israeli Defence Force (IDF) said today. From a report: Some soldiers fell for the scam, but IDF said they detected the infections, tracked down the malware, and then took down Hamas' hacking infrastructure. IDF said Hamas operatives created Facebook, Instagram, and Telegram accounts and then approached IDF soldiers. According to IDF spokesperson Brigadier General Hild Silberman, Hamas agents posed as new Israeli immigrants in order to excuse their lacking knowledge of the Hebrew language. IDF investigators said they tracked accounts for six characters used in the recent social engineering campaign. The accounts were named Sarah Orlova, Maria Jacobova, Eden Ben Ezra, Noa Danon, Yael Azoulay, and Rebecca Aboxis, respectively. Soldiers who engaged in conversations were eventually lured towards installing one of three chat apps, named Catch & See, Grixy, and Zatu, where the agents promised to share more photos.

Read more of this story at Slashdot.

I have a test account for Scroll so I can figure out what it is.

Scroll is interesting because it comes from Tony Haile. He's a real product guy, having created Chartbeat. For the last few years, as I understand, he's been going to various future-of-news conferences. I met him at the Newsgeist show a couple of years ago. He's been talking about collaborating with news orgs on a new distribution system, and that's Scroll. There's a page for Scroll on Crunchbase and they have a Twitter account.

Once you're logged on you see a list of partners, and a section called reading activity. I wasn't paying attention the first few times I went there, but I assume they gave me a cookie, so that when I show up at their partner sites, it knows it's me, and they share the fact that I read that article with Scroll. I assume then that they give the publisher a micropayment from the monthly fee I pay them. The reading activity section shows me the partner stories I read.

I guess the theory goes like this. Paywalls are a pain in the butt. Users hate them. But you can go to these sites, without subscribing, without caring about the paywall. Read the story, and the fee is deducted from your Scroll balance.

This page has a list of their partners, not sure if you can read this without paying.

If every pub adopted it, I could cancel my subscriptions to the Washington Post, NY Times and The Athletic. And I would be able to read as many articles on currently paywalled sites like New York, New Yorker, The Atlantic and a few others that I usually run out of free reads on before the end of a month. I would no longer have to ration my clicks, and I would feel free to share links to all sites, as I did before there were paywalls.

So that's the trick. Tony has to get the paywalled sites that are in demand, the ones which people are on the edge of subscribing to but don't. He already has the sites without paywalls. But I don't see the ones I miss there. And until they are there, while I like Tony and expect great things from him, honestly, there's no reason for me to use Scroll.