By BeauHD from Slashdot's this-is-why-stickers-were-invented department
Security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conference app on Macs that could allow websites to turn on user cameras without permission. The Verge reports: He has demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed. That's possible in part because the Zoom app apparently installs a web server on Macs that accepts requests regular browsers wouldn't. In fact, if you uninstall Zoom, that web server persists and can reinstall Zoom without your intervention. Leitschuh details how he responsibly disclosed the vulnerability to Zoom back in late March, giving the company 90 days to solve the problem. According to Leitschuh's account, Zoom doesn't appear to have done enough to resolve the issue. The vulnerability was also disclosed to both the Chromium and Mozilla teams, but since it's not an issue with their browsers, there's not much those developers can do. The report notes that you can "patch" the vulnerability by making sure the Mac app is up to date and also disabling the setting that allows Zoom to turn your camera on when joining a meeting. "Again, simply uninstalling Zoom won't fix this problem, as that web server persists on your Mac," reports The Verge. "Turning off the web server requires running some terminal commands, which can be found at the bottom of the Medium post."Read Replies (0)
By BeauHD from Slashdot's cause-and-effect department
An anonymous reader quotes a report from The Guardian: Indoor levels of carbon dioxide could be clouding our thinking and may even pose a wider danger to human health, researchers say. The authors of the latest study -- which reviews current evidence on the issue -- say there is a growing body of research suggesting levels of CO2 that can be found in bedrooms, classrooms and offices might have harmful effects on the body, including affecting cognitive performance. "There is enough evidence to be concerned, not enough to be alarmed. But there is no time to waste," said Dr Michael Hernke, a co-author of the study from the University of Wisconsin-Madison, stressing further research was needed. Writing in the journal Nature Sustainability, Hernke and colleagues report that they considered 18 studies of the levels of CO2 humans are exposed to, as well as its health impacts on both humans and animals.
Traditionally, the team say, it had been thought that CO2 levels would need to reach a very high concentration of at least 5,000 parts per million (ppm) before they would affect human health. But a growing body of research suggests CO2 levels as low as 1,000ppm could cause health problems, even if exposure only lasts for a few hours. The team say crowded or poorly ventilated classrooms, office environments and bedrooms have all been found to have levels of CO2 that exceed 1,000ppm, and are spaces that people often remain in for many hours at a time. Air-conditioned trains and planes have also been found to exceed 1,000ppm.Read Replies (0)
By BeauHD from Slashdot's lost-and-found department
Mexican physicist Rafael Gonzalez has found the solution to spherical aberration in optical lenses, solving the 2,000-year-old Wasserman-Wolf problem that Isaac Newton himself could not solve. Newton invented a telescope that solved the chromatic aberration, but not the spherical aberration. PetaPixel reports: Fast forward to 2018 when Hector A. Chaparro-Romo, a doctoral student at the National Autonomous University of Mexico (UNAM), who had been trying to solve this problem for 3 years, invited Rafael G. Gonzalez-Acuna, a doctoral student from Tec de Monterrey, to help him solve the problem. At first, Gonzalez did not want to devote resources to what he knew to be a millenary, impossible to solve problem. But upon the insistence of Hector Chaparro, he decided to accept the challenge. After months of working on solving the problem, Rafael Gonzalez recalls, "I remember one morning I was making myself a slice of bread with Nutella, when suddenly, I said out loud: Mothers! It is there!" He then ran to his computer and started programming the idea. When he executed the solution and saw that it worked, he says he jumped all over the place. It is unclear whether he finished eating the Nutella bread. Afterwards, the duo ran a simulation and calculated the efficacy with 500 rays, and the resulting average satisfaction for all examples was 99.9999999999%. Which, of course, is great news for gear reviewers on YouTube, as they will still be able to argue about the 0.0000000001% of sharpness difference among lens brands. Their findings were published in the journal Applied Optics. They also published an article in Applied Optics that gives an analytical solution to the Levi-Civita problem formulated in 1900. "The Levi-Civita problem, which has existed without a solution for over a century, was also considered a mythical problem by the specialized community," reports PetaPixel.
< article continued at Slashdot's lost-and-found department
>Read Replies (0)
By BeauHD from Slashdot's always-watching department
An anonymous reader quotes a report from The Wall Street Journal: Tesco, one of the world's largest supermarket operators, is one of several grocers testing cashierless stores with cameras that track what shoppers pick (Warning: source paywalled; alternative source), so they pay by simply walking out the door. The retailers hope the technology -- similar to that pioneered by Amazon.com Inc. in its Amazon Go stores in the U.S. -- will allow them to cut costs and alleviate lines as they face an evolving threat from the e-commerce giant.
Tesco plans to open its self-styled "pick and go" or "frictionless shopping" store to the public next year after testing with employees. Eventually it wants to use the technology, developed by Israeli startup Trigo Vision, in more of its smaller grocery stores. Tesco's 4,000-square-foot test store uses 150 ceiling-mounted cameras to generate a three-dimensional view of products as they are taken off shelves. In its recent demo, Tesco's system detected shoppers as they walked around the store. It also identified a group of products when a person holding them stood in front of a screen, tallying up their total price. Tesco is considering identifying shoppers through an app or loyalty card when they enter the store and then charging their app when they leave. Tesco told investors its method costs one-tenth of systems used by its competitors, partly because it only uses cameras. Amazon Go uses cameras and sensors to track what shoppers pick. Amazon customers scan a QR code at a gate when they enter a store, then walk out when finished. While Tesco will track the movements of their customers, the company says the system used in its trial doesn't recognize faces.Read Replies (0)
By BeauHD from Slashdot's AI-deployments department
A new study from International Data Corporation (IDC) found that of the organizations already using AI, only 25% have developed an "enterprise-wide" AI strategy, and it found that among those in the process of deploying AI, a substantial number of projects are doomed to fail. VentureBeat reports: IDC's Artificial Intelligence Global Adoption Trends & Strategies report, which was published today, summarizes the results of a May 2019 survey of 2,473 organizations using AI solutions in their operations. It chiefly focused on respondents' AI strategy, culture, and implementation challenges, as well as their AI data readiness initiatives and the production deployment trends expected to experience growth in the next two years. Firms blamed the cost of AI solutions, a lack of qualified workers, and biased data as the principal blockers impeding AI adoption internally. Respondents identified skills shortages and unrealistic expectations as the top two reasons for failure, in fact, with a full quarter reporting up to 50% failure rate.
However, that's not to suggest success stories are few in far between. More than 60% of companies reported changes in their business model in association with their AI adoption, and nearly 50% said they'd established a formal framework to encourage the ethical use, potential bias risks, and trust implications of AI, according to IDC. Moreover, 25% report having established a senior management position to ensure adherence.Read Replies (0)
By msmash from Slashdot's closer-look department
Facebook has built tools to track posts on Facebook and WhatsApp that talk about its executives, products, or moves Bloomberg reported on Monday. The company has been, for years, routinely using these tools to "snuff out" posts that it deems to offer untrue characterization of its services or people. From the report: Many companies monitor social media to learn what customers are saying about them. But Facebook's position is unique. It owns the platform it's watching, an advantage that may help Facebook track and reach users more effectively than other firms. And Facebook has been saddled with so many real problems recently that sometimes misinformation can stick. Stormchaser is just one of multiple tools Facebook has deployed to manage its reputation, which has taken a dramatic hit thanks to its role in spreading Russian misinformation during the U.S. election and numerous privacy scandals. The company employs hundreds of public relations officials and spent $13 million on government lobbying in 2018. Zuckerberg and Facebook Chief Operating Officer Sheryl Sandberg have become so intertwined with the company's image that Facebook routinely collects public survey data to understand how the general public views them -- data that shapes what the executives say and do publicly. Facebook's response: "We didn't use this internal tool to fight false news because that wasn't what it was built for, and it wouldn't have worked," the spokeswoman wrote in an email. "The tool was built with simple technology that helped us detect posts about Facebook based on keywords, so we could consider whether to respond to product confusion on our own platform. Comparing the two is a false equivalence." The New York Times' tech columnist Kevin Roose, writes: You could write a dissertation about this quote, and the difference between what Facebook considers "product confusion" (wrong stuff about us, which must be removed immediately) and "false news" (wrong stuff about other people, which is protected free speech).Read Replies (0)
By msmash from Slashdot's tussle-continues department
Mike Davidson: It took an article I almost didn't publish and tens of thousands of people saying they were creeped out, but Superhuman admitted they were wrong and reduced the danger that their surveillance pixels introduce. Good on Rahul Vohra and team for that. I will say, however, that I'm a little surprised how quickly some people are rolling over and giving Superhuman credit for fixing a problem that they didn't actually fix. [...] Let's take a look at how Superhuman [an email app that charges users $30 a month] explains their changes.
Rahul correctly lays out four of the criticisms leveled at Superhuman's read receipts: Location data could be used in nefarious ways. Read statuses are on by default. Recipients of emails cannot opt out. Superhuman users cannot disable remote image loading. However, he also omits the core criticism: Recipients of Superhuman emails do not know their actions are being tracked or sent back to senders.
Superhuman said it was keeping the read status feature, but turning it off by default. Users who want it will have to explicitly turn it on. Mike adds: This addresses the concern about teaching customers to surveil by default but also establishes that Superhuman is keeping the feature working almost exactly as-is, with the exception of not collecting or displaying actual locations. I've spoken with several people about how they interpreted Rahul's post on this particular detail. Some believed the whole log of timestamped read events was going away and were happy about that. Others read it as: you can still see exactly when and how many times someone has opened your email, complete with multiple timestamps -- you just can't see the location anymore. That, to me, is not sufficient. "A little less creepy" is still creepy. Also worth noting, "turning receipts off by default" does nothing to educate customers about the undisclosed surveillance they are enabling if they flip that switch.Read Replies (0)
By msmash from Slashdot's catch-me-if-you-can department
News blog TorrentFreak spoke with a member of piracy group "The Scene" to understand how they obtain -- or rip -- movies and shows from sources such as Netflix and Amazon Prime Video. The technique these people use is different from hardware capture cards or software-based 'capping' tools. From the report: "Content for WEB releases are obtained by downloading the source content. Whenever you stream a video online, you are downloading chunks of a video file to your computer. Sceners simply save that content and attempt to decrypt it for non-DRM playback later," the source said. When accessing the content, legitimate premium accounts are used, often paid for using prepaid credit cards supported by bogus identities. It takes just a few minutes to download a video file since they're served by CDNs with gigabits of bandwidth.
"Once files are downloaded from the streaming platform, however, they are encrypted in the .mp4 container. Attempting to view such video will usually result in a blank screen and nothing else -- streams from these sites are protected by DRM. The most common, and hard to crack DRM is called Widevine. The way the Scene handles WEB-releases is by using specialized tools coded by The Scene, for The Scene. These tools are extremely private, and only a handful of people in the world have access to the latest version(s)," source noted. "Without these tools, releasing Widevine content is extremely difficult, if not impossible for most. The tools work by downloading the encrypted video stream from the streaming site, and reverse engineering the encryption." Our contact says that decryption is a surprisingly quick process, taking just a few minutes. After starting with a large raw file, the finalized version ready for release is around 30% smaller, around 7GB for a 1080p file.Read Replies (0)
By msmash from Slashdot's up-next department
Mozilla is funding a project for bringing the Julia programming language to Firefox and the general browser environment. From a report: The project received funding part of the Mozilla Research Grants for the first half of 2019, which the browser maker announced on Friday. In April, when Mozilla opened this year's submissions period for research grants, the organization said it was looking for a way to bring data science and scientific computing tools to the web. It said it was specifically interested in receiving submissions about supporting R or Julia at the browser level. Both R and Julia are programming languages designed for high-performance numerical, statistical, and computational science.
Mozilla engineers have worked in previous years to port data science tools at the browser level, as part of Project Iodide. Previously, as part of this project, Mozilla engineers ported the Python interpreter to run in the browser using WebAssembly. "This project, Pyodide, has demonstrated the practicality of running language interpreters in WebAssembly," Mozilla engineers said.Read Replies (0)
By msmash from Slashdot's privacy-woes department
An anonymous reader shares a report: Permissions on Android apps are intended to be gatekeepers for how much data your device gives up. If you don't want a flashlight app to be able to read through your call logs, you should be able to deny that access. But even when you say no, many apps find a way around: Researchers discovered more than 1,000 apps that skirted restrictions, allowing them to gather precise geolocation data and phone identifiers behind your back. The discovery highlights how difficult it is to stay private online, particularly if you're attached to your phones and mobile apps. Tech companies have mountains of personal data on millions of people, including where they've been, who they're friends with and what they're interested in.
Lawmakers are attempting to reel that in with privacy regulation, and app permissions are supposed to control what data you give up. Apple and Google have released new features to improve people's privacy, but apps continue to find hidden ways to get around these protections. Researchers from the International Computer Science Institute found up to 1,325 Android apps that were gathering data from devices even after people explicitly denied them permission. Serge Egelman, director of usable security and privacy research at the ICSI, presented the study in late June at the Federal Trade Commission's PrivacyCon.Read Replies (0)
By msmash from Slashdot's closer-look department
Some think automated radio emails are mucking up the spectrum reserved for amateur radio, while others say these new offerings provide a useful service. Wave723 writes: Like many amateur radio fans his age, Ron Kolarik, 71, still recalls the "pure magic" of his first ham experience nearly 60 years ago. Lately, though, encrypted messages have begun to infiltrate the amateur bands in ways that he says are antithetical to the spirit of this beloved hobby. So Kolarik filed a petition, RM-11831 [PDF], to the U.S. Federal Communications Commission (FCC) proposing a rule change to "Reduce Interference and Add Transparency to Digital Data Communications." And as the proposal makes its way through the FCC's process, it has stirred up heated debate that goes straight to the heart of what ham radio is, and ought to be. The core questions: Should amateur radio -- and its precious spectrum -- be protected purely as a hobby, or is it a utility that delivers data traffic? Or is it both? And who gets to decide?
< article continued at Slashdot's closer-look department
>Read Replies (0)