Hundreds of Thousands of Realtek-based Devices Under Attack from IoT Botnet Slashdotby msmash on security at January 1, 1970, 1:00 am (cached at August 23, 2021, 11:36 pm)

A dangerous vulnerability in Realtek chipsets used in hundreds of thousands of smart devices from at least 65 vendors is currently under attack from a notorious DDoS botnet gang. From a report: The attacks started last week, according to a report from IoT security firm SAM, and began just three days after fellow security firm IoT Inspector published details about the vulnerability on its blog. Tracked as CVE-2021-35395, the vulnerability is part of four issues IoT Inspector researchers found in the software development kit (SDK) that ships with multiple Realtek chipsets (SoCs). These chips are manufactured by Realtek but are shipped to other companies, which then use them as the basic System-on-Chip (SoC) board for their own devices, with the Realtek SDK serving as a configurator and starting point for their own firmware. IoT Inspector said they found more than 200 different device models from at least 65 different vendors that had been built around these chips and were using the vulnerable SDK.

Read more of this story at Slashdot.

Intel Inks Deal with Department of Defense To Support Domestic Chip-Building Ecosyst Slashdotby msmash on intel at January 1, 1970, 1:00 am (cached at August 23, 2021, 11:05 pm)

Intel has signed a deal with the Department of Defense to support a domestic commercial chip-building ecosystem. The chipmaker will lead the first phase of a program called Rapid Assured Microelectronics Prototypes - Commercial (RAMP-C), which aims to bolster the domestic semiconductor supply chain. From a report: The chipmaker's recently launched division, Intel Foundry Services, will lead the program. As part of RAMP-C, Intel will partner with IBM, Cadence, Synopsys and others to establish a domestic commercial foundry ecosystem. Intel says the program was designed to create custom integrated circuits and commercial products required by the Department of Defense's systems. "The RAMP-C program will enable both commercial foundry customers and the Department of Defense to take advantage of Intel's significant investments in leading-edge process technologies," said Randhir Thakur, president of Intel Foundry Services, in a statement. "Along with our customers and ecosystem partners, including IBM, Cadence, Synopsys and others, we will help bolster the domestic semiconductor supply chain and ensure the United States maintains leadership in both R&D and advanced manufacturing."

Read more of this story at Slashdot.

38 Million Records Were Exposed Online -- Including Contact-Tracing Info Slashdotby msmash on security at January 1, 1970, 1:00 am (cached at August 23, 2021, 10:05 pm)

More than a thousand web apps mistakenly exposed 38 million records on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases. The data included a range of sensitive information, from people's phone numbers and home addresses to social security numbers and Covid-19 vaccination status. From a report: The incident affected major companies and organizations, including American Airlines, Ford, the transportation and logistics company J.B. Hunt, the Maryland Department of Health, the New York City Municipal Transportation Authority, and New York City public schools. And while the data exposures have since been addressed, they show how one bad configuration setting in a popular platform can have far-reaching consequences. The exposed data was all stored in Microsoft's Power Apps portal service, a development platform that makes it easy to create web or mobile apps for external use. If you need to spin up a vaccine appointment sign-up site quickly during, say, a pandemic, Power Apps portals can generate both the public-facing site and the data management backend. Beginning in May, researchers from the security firm Upguard began investigating a large number of Power Apps portals that publicly exposed data that should have been private -- including in some Power Apps that Microsoft made for its own purposes. None of the data is known to have been compromised, but the finding is significant still, as it reveals an oversight in the design of Power Apps portals that has since been fixed. In addition to managing internal databases and offering a foundation to develop apps, the Power Apps platform also provides ready-made application programming interfaces to interact with that data. But the Upguard researchers realized that when enabling these APIs, the platform defaulted to making the corresponding data publicly accessible. Enabling privacy settings was a manual process. As a result, many customers misconfigured their apps by leaving the insecure default.

Read more of this story at Slashdot.

Google Pay Team Reportedly in Major Upheaval After Botched App Revamp Slashdotby msmash on google at January 1, 1970, 1:00 am (cached at August 23, 2021, 9:35 pm)

Google Pay is apparently just as much a disaster internally as the app transition has been externally. From a report: That's the big takeaway from a recent Business Insider article detailing an exodus of executives from Google's payment division, lower-than-expected app adoption, and employees frustrated with the slow movement of the division. Business Insider spoke with ex-employees and learned that "dozens of employees and executives have left" the Google Payments team in recent months, including "at least seven leaders on the team with roles of director or vice president." The most prominent departure, of payments chief Caesar Sengupta, kicked off the exodus in April, and now employees are worried about another reorganization and even slower progress. Many rank-and-file team members have reportedly departed, too, with the story saying, "One former employee estimated that half the people working on the business-development team for Google Pay -- a group of about 40 people -- have left the company in recent months."

Read more of this story at Slashdot.

Gain Admin Privileges To a Windows Machine By Plugging In a Razer Mouse Slashdotby msmash on security at January 1, 1970, 1:00 am (cached at August 23, 2021, 9:05 pm)

An anonymous reader writes: A Razer Synapse zero-day vulnerability has been disclosed that allows you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard.

Read more of this story at Slashdot.

Ethiopia To Build Local Rival To Facebook, Other Platforms Slashdotby msmash on social at January 1, 1970, 1:00 am (cached at August 23, 2021, 8:05 pm)

Ethiopia has begun developing its own social media platform to rival Facebook, Twitter and WhatsApp, though it does not plan to block the global services, the state communications security agency said on Monday. From a report: Ethiopia has been engulfed since last year in an armed conflict pitting the federal government against the Tigray People's Liberation Front, which controls the Tigray region in the country's north. Supporters of both sides have waged a parallel war of words on social media. The government wants its local platform to "replace" Facebook, Twitter, Whatsapp and Zoom, the director general of the Information Network Security Agency (INSA), Shumete Gizaw, said. Shumete accused Facebook of deleting posts and user accounts which he said were "disseminating the true reality about Ethiopia." International human rights groups have criticized the Ethiopian government for unexplained shutdowns to social media services including Facebook and WhatsApp in the past year. The government has not commented on those shutdowns.

Read more of this story at Slashdot.

World's Biggest Wind Turbine Shows the Disproportionate Power of Scale Slashdotby msmash on china at January 1, 1970, 1:00 am (cached at August 23, 2021, 7:35 pm)

China's MingYang Smart Energy has announced an offshore wind turbine even bigger than GE's monstrous Haliade-X. From a report: The MySE 16.0-242 is a 16-megawatt, 242-meter-tall (794-ft) behemoth capable of powering 20,000 homes per unit over a 25-year service life. The stats on these renewable-energy colossi are getting pretty crazy. When MingYang's new turbine first spins up in prototype form next year, its three 118-m (387-ft) blades will sweep a 46,000-sq-m (495,140-sq-ft) area bigger than six soccer fields. Every year, each one expected to generate 80 GWh of electricity. That's 45 percent more than the company's MySE 11.0-203, from just a 19 percent increase in diameter. No wonder these things keep getting bigger; the bigger they get, the better they seem to work, and the fewer expensive installation projects need to be undertaken to develop the same capacity.

Read more of this story at Slashdot.

The Fierce Legal Battle at the Heart of the Fight Over Reclining Airline Seats Slashdotby msmash on business at January 1, 1970, 1:00 am (cached at August 23, 2021, 7:05 pm)

An excerpt from Slate's interview with law professor Michael Heller, who has co-written a book called 'Mine!: How the Hidden Rules of Ownership Control Our Lives': Heller: Just to give you a concrete example, there's a guy named James Beach who was flying from Boston to Denver, and he had actually a little plastic clamp called a Knee Defender, which you can buy online. It's really very effective. You stick it on the seat in front of you, on the little tray table, and it keeps the seat in front of you from leaning back. On this particular flight, the woman in front of him tried to lean back. She couldn't; she realized what was wrong. She asked him to take them off. He didn't comply. She turned around and threw her water at him. The pilot did an emergency landing right away. They were taken off the flight. The plane went on to Denver an hour and 38 minutes late. But those little Knee Defenders turn out to reveal a tremendous amount about the ownership conflicts that are all through our lives. The woman in front is saying, "That space behind my seat, it's mine, because the little button reclines the seat." And the guy behind, like the kids in the playground, he's saying, "No, it was mine. I had it first, for my laptop," or "I possessed it first with my knees." So that wedge of space is an ownership battle, it turns out, between attachment and possession and first-in-time. When I talk to audiences about that conflict, I always poll them, and it's amazing to me that invariably half say the person in front is in the right, and half say the person in back is in the right. What's most amazing is how each side is just amazed that anybody else could have a different view. It feels and looks and seems so obvious, what's mine, the same way it is to toddlers on a playground. But that little conflict on the airplane seat is not just an accident, it turns out. It's deliberately engineered by the airlines so they can sell that same space twice. Most of us are just polite; we try to work it out, and that's true in all of the ownership conflicts we go through throughout our day, throughout our lives, in the Starbucks line, to line up at Disney World. Anywhere that we're trying to make something mine, our experience is being engineered and designed by some owner to shape our behavior. And on the airplane seat, the design is to get us to fight with each other instead of being mad at the airlines, to not realize that they're selling that same space twice. And what they're using is one of the most advanced tools of ownership design that Jim and I have uncovered in doing this work, which is what we call strategic ambiguity. Ownership is ambiguous a lot more often than people realize. And that ambiguity is really valuable, in this case to the airlines.

Read more of this story at Slashdot.

Firefox Follows Chrome and Prepares To Block Insecure Downloads Slashdotby msmash on firefox at January 1, 1970, 1:00 am (cached at August 23, 2021, 6:05 pm)

Mozilla developers are putting the finishing touches on a new feature that will block insecure file downloads in Firefox. From a report: Called mixed content downloaded blocking, the feature works by blocking files downloads initiated from an encrypted HTTPS page but which actually take place via an unencrypted HTTP channel. The idea behind this feature is to prevent Firefox users from getting misled by the URL bar and think they're downloading a file securely via HTTPS when, in reality, the file could be tampered with by third parties while in transit.

Read more of this story at Slashdot.

This Tiny Simpsons TV Lets You Watch Tiny Simpsons TV Slashdotby msmash on tv at January 1, 1970, 1:00 am (cached at August 23, 2021, 5:35 pm)

Reddit user buba447 has created an iconic Simpsons TV with working dials that plays episodes of the long-running animated sitcom whenever it's turned on. From a report: The palm-sized TV was designed in Fusion 360 and printed using an Ender-3 Pro from Creality, according to its creator. Inside you'll find a tiny Raspberry Pi Zero running Jessie Lite connected to the 640x480 display. The top dial turns on the TV (actually, just the display and speaker) while the lower dial adjusts the volume. Its 32GB SD Card is loaded with 11 seasons of compressed episodes that play in random order. The whole thing is powered by a USB port with a cable running out the back.

Read more of this story at Slashdot.

[no title] Scripting News(cached at August 23, 2021, 5:32 pm)

The remains of Tropical Storm Henri has been parked over my head for about 24 hours. Pouring rain, hour after hour. Not much wind. Only downside is I couldn't go riding yesterday, and probably won't be able to today either. Tomorrow should be hot and humid. Good swimming weather.
PayPal Launches Its Cryptocurrency Service in the UK Slashdotby msmash on uk at January 1, 1970, 1:00 am (cached at August 23, 2021, 5:05 pm)

PayPal is launching its cryptocurrency service in the U.K. From a report: The U.S. online payments giant said Monday it would let British customers buy, hold and sell digital currencies, starting this week. It marks the the first international expansion of PayPal's crypto product, which first launched in the U.S. in October last year. "It has been doing really well in the U.S.," Jose Fernandez da Ponte, PayPal's general manager for blockchain, crypto and digital currencies, told CNBC. "We expect it's going to do well in the U.K." PayPal's crypto feature lets customers buy or sell bitcoin, bitcoin cash, ethereum or litecoin with as little as 1 pound. Users can also track crypto prices in real-time, and find educational content on the market. Like the U.S. version of the product, PayPal is relying on Paxos, a New York-regulated digital currency company, to enable crypto buying and selling in the U.K. PayPal said it has engaged with relevant U.K. regulators to launch the service.

Read more of this story at Slashdot.

Pfizer, BioNTech Vaccine Gets Full Approval From US Regulators Slashdotby msmash on medicine at January 1, 1970, 1:00 am (cached at August 23, 2021, 4:35 pm)

The Covid-19 vaccine made by Pfizer and BioNTech was granted a full approval by U.S. regulators, a move that is expected to help bolster the immunization drive amid a surge in infections caused by the delta variant. From a report: The Food and Drug Administration said in a statement on Monday that it had cleared the vaccine for the prevention of Covid-19 in individuals 16 years of age and older. It will be marketed under the Comirnaty. The vaccine continues to be available to people age 12 to 15 under an emergency-use authorization, the agency said. The approval is expected to boost confidence in the shot and is likely to open the door to more vaccine mandates among employers and businesses. It is also likely to solidify its future as a blockbuster for its makers.

Read more of this story at Slashdot.

[no title] Scripting News(cached at August 23, 2021, 4:32 pm)

Remember how Reagan said government is the problem. He was wrong, it's actually journalism.
[no title] Scripting News(cached at August 23, 2021, 4:32 pm)

I'd say BingeWorthy didn't work. Nice software, but the goal was to keep an easy to find public list of shows I recommend, and those that my friends recommend. A couple of weeks ago I discovered, entirely on my own, Rick and Morty. I loved it from the first scene in the first epsiode. I started telling everyone I know how great it is, and with few exceptions they "old news Dave," they loved the show since it started in 2013. The system isn't working. Why did I struggle for years to find something great to watch when Rick and Morty was out there. I'm sure there are a dozen other delicious shows I don't know about, and it's only getting worse. What is the answer? It seems like a simple problem to solve, yet it evades an answer.