Miscellaneous Tech News
-
Ofcom appoints online safety head to take on big tech
Regulator Ofcom has announced Anna-Sophie Harling will be its online safety head, dealing with how the tech giants regulate harmful speech.
She will be in charge of implementing the Online Safety Bill, due to come into effect later this year if approved by Parliament. Ofcom will be able to fine tech firms that fail to remove offending content up to 10% of their global revenue. But one expert said this would require "bold leadership". Ms Harling is currently managing director for Europe at NewsGuard, which audits online publishers for accuracy. "I'm really excited to be joining Ofcom's online-safety team," she said. "Legislation will enable us to introduce meaningful transparency where it has been lacking and empower Ofcom to hold platforms to account. "I can't wait to get started." -
-
-
Twitter works with news sites to tackle disinformation
Twitter will collaborate with two of the largest international news providers, Reuters and the Associated Press, to debunk disinformation on its messaging site.
The news agencies will help Twitter give more context and background information on events which create a high volume of tweets. Twitter hopes this will counteract the spread of misleading information. There has been renewed pressure to remove false content from the platform. Twitter said the partnership will enable it to ensure accurate and credible information is rapidly available "when facts are in dispute". "Rather than waiting until something goes viral, Twitter will contextualize developing discourse at pace with or in anticipation of the public conversation," Twitter said. -
Trusted platform module security defeated in 30 minutes, no soldering required
Sometimes, locking down a laptop with the latest defenses isn't enough.
Let’s say you’re a large company that has just shipped an employee a brand-new replacement laptop. And let’s say it comes preconfigured to use all the latest best security practices, including full-disk encryption using a trusted platform module, password-protected BIOS settings, UEFI SecureBoot, and virtually all other recommendations from the National Security Agency and NIST for locking down federal computer systems. And let’s say an attacker manages to intercept the machine. Can the attacker use it to hack your network? -
@mlnews said in Miscellaneous Tech News:
Trusted platform module security defeated in 30 minutes, no soldering required
Sometimes, locking down a laptop with the latest defenses isn't enough.
Let’s say you’re a large company that has just shipped an employee a brand-new replacement laptop. And let’s say it comes preconfigured to use all the latest best security practices, including full-disk encryption using a trusted platform module, password-protected BIOS settings, UEFI SecureBoot, and virtually all other recommendations from the National Security Agency and NIST for locking down federal computer systems. And let’s say an attacker manages to intercept the machine. Can the attacker use it to hack your network?tl:dr = SPI bus communicates in clear text. Use a BitLocker PIN/Password.
Hopefully this being in the media will change that.
-
-
Google+ class action starts paying out $2.15 for G+ privacy violations
Google exposed the private data of 52 million users in 2018 and got sued.
Who remembers the sudden and dramatic death of Google+? Google's Facebook competitor and "social backbone" was effectively dead inside the company around 2014, but Google let the failed service hang around for years in maintenance mode while the company spun off standalone products. In 2018, The Wall Street Journal reported that Google+ had exposed the private data of "hundreds of thousands of users" for years, that Google knew about the problem, and that the company opted not to disclose the data leak for fear of regulatory scrutiny. In the wake of the report, Google was forced to acknowledge the data leak, and the company admitted that the "private" data of 500,000 accounts actually wasn't private. Since nobody worked on Google+ anymore, Google's "fix" for the bug was to close Google+ entirely. Then the lawsuits started. -
@mlnews said in Miscellaneous Tech News:
Google+ class action starts paying out $2.15 for G+ privacy violations
Google exposed the private data of 52 million users in 2018 and got sued.
Who remembers the sudden and dramatic death of Google+? Google's Facebook competitor and "social backbone" was effectively dead inside the company around 2014, but Google let the failed service hang around for years in maintenance mode while the company spun off standalone products. In 2018, The Wall Street Journal reported that Google+ had exposed the private data of "hundreds of thousands of users" for years, that Google knew about the problem, and that the company opted not to disclose the data leak for fear of regulatory scrutiny. In the wake of the report, Google was forced to acknowledge the data leak, and the company admitted that the "private" data of 500,000 accounts actually wasn't private. Since nobody worked on Google+ anymore, Google's "fix" for the bug was to close Google+ entirely. Then the lawsuits started.And, let's hope, that there is some regulatory scrutiny over this!
-
Spotify calls off plans to support AirPlay 2, frustrating iPhone users
It's not a surprise to iOS users, but it's still a disappointment.
iPhone users have been asking for Spotify to add AirPlay 2 support for ages, but yesterday Spotify told users they shouldn't expect the feature to be added any time soon. AirPlay 2 was added to iOS more than three years ago, and users have been asking for Spotify to support it for many months. It offers lower latency, multi-room support, and Siri integration. Apple provides ways for developers to connect experiences to it, and sometimes works directly with prominent app developers who are seeking to implement it. Many other major audio apps on the iPhone support it. AirPlay 2 has become available in several non-Apple products too, like recent TVs from manufactures such as Samsung and LG. -
New “Glowworm attack” recovers audio from devices’ power LEDs
A new class of passive TEMPEST attack converts LED output into intelligible audio.
Researchers at Ben-Gurion University of the Negev have demonstrated a novel way to spy on electronic conversations. A new paper released today outlines a novel passive form of the TEMPEST attack called Glowworm, which converts minute fluctuations in the intensity of power LEDs on speakers and USB hubs back into the audio signals that caused those fluctuations. The Cyber@BGU team—consisting of Ben Nassi, Yaron Pirutin, Tomer Gator, Boris Zadov, and Professor Yuval Elovici—analyzed a broad array of widely used consumer devices including smart speakers, simple PC speakers, and USB hubs. The team found that the devices' power indicator LEDs were generally influenced perceptibly by audio signals fed through the attached speakers. -
Today’s Firefox 91 release adds new site-wide cookie-clearing action
New features build on Total Cookie Protection, simplifying privacy management.
Mozilla's Firefox 91, released this morning, includes a new privacy management feature called Enhanced Cookie Clearing. The new feature allows users to manage all cookies and locally stored data generated by a particular website—regardless of whether they're cookies tagged to that site's domain or cookies placed from that site but belonging to a third-party domain, eg Facebook or Google. -
Google may cut pay of staff who work from home
Google employees in the US who opt to work from home permanently may get a pay cut.
The technology giant has developed a pay calculator that lets employees see the effects of working remotely or moving offices. Some remote employees, especially those with a long commute, could have their pay cut without changing address. Google has no plans at this time to implement the policy in the UK. Employees in many businesses have proved that working from home permanently is viable during the Covid pandemic. Many companies are looking ahead to how employees will work as the pandemic recedes, even as the US continues to battle the Delta variant of the disease. -
@mlnews said in Miscellaneous Tech News:
Google may cut pay of staff who work from home
Google employees in the US who opt to work from home permanently may get a pay cut.
The technology giant has developed a pay calculator that lets employees see the effects of working remotely or moving offices. Some remote employees, especially those with a long commute, could have their pay cut without changing address. Google has no plans at this time to implement the policy in the UK. Employees in many businesses have proved that working from home permanently is viable during the Covid pandemic. Many companies are looking ahead to how employees will work as the pandemic recedes, even as the US continues to battle the Delta variant of the disease.Google confirming they are a horrible company to work for. What does the area you live in have to do with the amount of value you bring to the company?
-
Accenture downplays ransomware attack as LockBit gang leaks corporate data
Fortune 500 company Accenture has fell victim to a ransomware attack but said today the incident did not impact its operations and has already restored affected systems from backups.
News of the attack became public earlier this morning when the company’s name was listed on the dark web blog of the LockBit ransomware cartel. The LockBit gang claimed it gained access to the company’s network and was preparing to leak files stolen from Accenture’s servers at 17:30:00 GMT. In an emailed statement, Accenture not only confirmed the attack but also greatly played down its impact. -
@mlnews said in Miscellaneous Tech News:
Accenture downplays ransomware attack as LockBit gang leaks corporate data
Fortune 500 company Accenture has fell victim to a ransomware attack but said today the incident did not impact its operations and has already restored affected systems from backups.
News of the attack became public earlier this morning when the company’s name was listed on the dark web blog of the LockBit ransomware cartel. The LockBit gang claimed it gained access to the company’s network and was preparing to leak files stolen from Accenture’s servers at 17:30:00 GMT. In an emailed statement, Accenture not only confirmed the attack but also greatly played down its impact. -
-
-
@scottalanmiller said in Miscellaneous Tech News:
That news is just now being reported? I'd be surprised if the ransomware gangs took an entire day to start using the exploits.
-
SynAck ransomware gang releases decryption keys for old victims
The El_Cometa ransomware gang, formerly known as SynAck, has released today master decryption keys for the victims they infected between July 2017 and early 2021.
The keys have been verified as authentic by Michael Gillespie, a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service. Gillespie told The Record he was able to use the leaked decryption utilities and private keys to decrypt files from old SynAck attacks. The Record will not be making these keys generally available as the decryption process can be somewhat complicated for non-technical users, and former SynAck victims who may try to decrypt older data might end up damaging files even further. Instead, Gillespie said that Emsisoft would be developing its own decryption utility that will be safer and easier to use, which they will be releasing within the next few days.
