By BeauHD from Slashdot's nasty-bugs department
According to ZDNet, researchers at Microsoft have discovered a buggy Huawei utility that could have given attackers a cheap way to undermine the security of the Windows kernel. From the report: Microsoft has now detailed how it found a severe local privilege escalation flaw in the Huawei PCManager driver software for its MateBook line of Windows 10 laptops. Thanks to Microsoft's work, the Chinese tech giant patched the flaw in January. As Microsoft researchers explain, third-party kernel drivers are becoming more attractive to attackers as a side-door to attacking the kernel without having to overcome its protections using an expensive zero-day kernel exploit in Windows. The flaw in Huawei's software was detected by new kernel sensors that were implemented in the Windows 10 October 2018 Update, aka version 1809.
The kernel sensors are meant to address the difficulty of detecting malicious code running in the kernel and are designed to detect user-space asynchronous procedure call (APC) code injection from the kernel. Microsoft Defender ATP anti-malware uses these sensors to detect actions caused by kernel code that may inject code into user-mode. Huawei's PCManager triggered Defender ATP alerts on multiple Windows 10 devices, prompting Microsoft to launch an investigation. [...] The investigation led the researcher to the executable MateBookService.exe. Due to a flaw in Huawei's 'watchdog' mechanism for HwOs2Ec10x64.sys, an attacker is able to create a malicious instance of MateBookService.exe to gain elevated privileges. The flaw can be used to make code running with low privileges read and write to other processes or to kernel space, leading to a "full machine compromise."
< article continued at Slashdot's nasty-bugs department
>Read Replies (0)
By BeauHD from Slashdot's show-and-tell department
An anonymous reader quotes a report from TechCrunch: The Federal Trade Commission, in what could be considered a prelude to new regulatory action, has issued an order to several major internet service providers requiring them to share every detail of their data collection practices. The information could expose patterns of abuse or otherwise troubling data use against which the FTC -- or states -- may want to take action. The letters requesting info went to Comcast, Google, T-Mobile, and both the fixed and wireless sub-companies of Verizon and AT&T. These "represent a range of large and small ISPs, as well as fixed and mobile Internet providers," an FTC spokesperson said. I'm not sure which is mean to be the small one, but welcome any information the agency can extract from any of them.
To be clear, the FTC already has consumer protection rules in place and could already go after an internet provider if it were found to be abusing the privacy of its users -- you know, selling their location to anyone who asks or the like. (Still no action there, by the way.) But the evolving media and telecom landscape, in which we see enormous companies devouring one another to best provide as many complementary services as possible, requires constant reevaluation. As the agency writes in a press release: "The FTC is initiating this study to better understand Internet service providers' privacy practices in light of the evolution of telecommunications companies into vertically integrated platforms that also provide advertising-supported content." The report provides this example as to the kind of situation the FTC is concerned about: "If Verizon wants to offer not just the connection you get on your phone, but the media you request, the ads you are served, and the tracking you never heard of, it needs to show that these businesses are not somehow shirking rules behind the scenes."
< article continued at Slashdot's show-and-tell department
>Read Replies (0)
By msmash from Slashdot's my-way-or-highway department
The concept of the hyperlink was first outlined over 70 years ago and eventually became a central part of the web. But 30 years since the invention of the world wide web, Google, Apple, Facebook, and Amazon have skewed the original ambitions for hyperlinks, who they are for and how far they can lead you. From a feature story: The impact that Google's PageRank algorithms have had on how the commercial web chooses to deploy hyperlinks can be seen in just about any SEO (search engine optimisation) blog. Publishers and businesses are encouraged to prioritize internal links over external links that may boost the competition in Google's rankings. "Since the very moment Google came on the scene, links moved from being the defining characteristic of the web, to being a battleground. Google's core insight was that you could treat every link as, essentially, a vote for the site," says Adam Tinworth, a digital publishing strategist. Tinworth explains that Google tries to minimize the effect of these 'unnatural linking patterns', which includes comment spam and 'guest posts', but it remains part of "how the shadier side of the SEO industry operates."
< article continued at Slashdot's my-way-or-highway department
>Read Replies (0)
By msmash from Slashdot's marching-forward department
Google announced today that it has formed an external advisory group -- dubbed the Advanced Technology External Advisory Council (ATEAC) -- that is tasked with "considering some of the most complex challenges in AI," including facial recognition and fairness in machine learning. From a report: The council, which is slated to publish a report at the end of 2019, includes technology experts, digital ethicists, and people with public policy backgrounds, Kent Walker, Google's senior vice president for global affairs, said at a Massachusetts Institute of Technology conference. The group is meant to provide recommendations for Google and other companies and researchers working in areas such as facial recognition software, a form of automation that has prompted concerns about racial bias and other limitations. "We want to have the most informed and thoughtful conversations we can," Walker said on stage at the MIT Technology Review event in San Francisco. "We want to sit down with the council and see what agenda they want to set."Read Replies (0)
By msmash from Slashdot's how-about-that department
Google today officially launched AMP for Email, its effort to turn emails from static documents into dynamic, web page-like experiences. From a report: AMP for Email is coming to Gmail, but other major email providers like Yahoo Mail, Outlook and Mail.ru will also support AMP emails. It's been more than a year since Google first announced this initiative. Even by Google standards, that's a long incubation phase, though there's also plenty of backend work necessary to make this feature work.
The promise of AMP for Email is that it'll turn basic messages into a surface for actually getting things done. "Over the past decade, our web experiences have changed enormously -- evolving from static flat content to interactive apps -- yet email has largely stayed the same with static messages that eventually go out of date or are merely a springboard to accomplishing a more complex task," Gmail product manager Aakash Sahney writes. "If you want to take action, you usually have to click on a link, open a new tab, and visit another website." With AMP for Email, those messages become interactive. That means you'll be able to RSVP to an event right from the message, fill out a questionnaire, browse through a store's inventory or respond to a comment -- all without leaving your web-based email client.Read Replies (0)
By msmash from Slashdot's closer-look department
Palmer Luckey, founder of Oculus VR and designer of the Oculus Rift, shares his thoughts on the recently unveiled Oculus Rift S: Rift S is very cool! It takes concepts that have been around for years and puts them into a fully functional product for the first time. Sure, sure, I see people complaining about how Rift S is worse than CV1 concerning audio quality, display characteristics, and ergonomics -- some of the tradeoffs are real, some are imaginary, and people should really wait for it to come out before passing final judgement. [...] My IPD (interpupillary distance, the distance between my eyes) is a hair under 70mm and slightly skewed to the right side of my face. One of my best friends has an IPD of 59mm. I don't know what your IPD is, but both of us were perfectly served by the IPD adjustment mechanism on Rift CV1, a mechanism that was an important part of our goal to be compatible with male and female users from 5th to 95th percentile. Anyone within the supported range (about 58mm to 72mm) got a perfect optical experience -- field curvature on the focal plane was matched, geometric distortion was properly corrected, world scale was at the right size, and pupil swim was more or less even.
< article continued at Slashdot's closer-look department
>Read Replies (0)
By msmash from Slashdot's interesting-products department
If you're a Firefox true believer, or even just a Firefox user, your password struggles just got a little easier with the release of Firefox Lockbox for Android devices. From a report: The password manager, based on login information already in Firefox, makes it easier to sign into apps as well. It integrates with login autocomplete systems in both Apple's iOS and Google's Android software, Mozilla said. It's not as fancy as password managers like LastPass, BitWarden, 1Password and Dashlane, and the only browser it works with is Firefox. On the other hand, if you're already in the Firefox world, it's basically already set up for you. There's no migration process as with dedicated password managers.Read Replies (0)
By msmash from Slashdot's huge-step-backward-for-humanity department
EU lawmakers today endorsed an overhaul of the bloc's two-decade old copyright rules, which will force Google and Facebook to pay publishers for use of news snippets and make them filter out protected content. From a report: The set of copyright rules known as the Directive on Copyright in the Digital Single Market, but more succinctly as the EU Copyright Directive, has been debated and discussed for several years. While it is broadly uncontroversial in many regards, there are two facets to the directive that has caused the internet to freak out. Article 11, which has been dubbed the "link tax," stipulates that websites pay publishers a fee if they display excerpts of copyrighted content -- or even link to it. This obviously could have big ramifications for services such as Google News. Then there is Article 13, dubbed the "upload filter," which would effectively make digital platforms legally liable for any copyright infringements on their platform, which has stoked fears that it would stop people from sharing content -- such as GIF-infused memes -- on social networks. In a statement, EFF said, "In a stunning rejection of the will five million online petitioners, and over 100,000 protestors this weekend, the European Parliament has abandoned common-sense and the advice of academics, technologists, and UN human rights experts, and approved the Copyright in the Digital Single Market Directive in its entirety."Read Replies (0)
By BeauHD from Slashdot's new-and-shiny department
HTC has debuted their new virtual-reality headset called the Vive Focus Plus. Starting at $799, the headset functions similarly to the Oculus Quest, which starts shipping this spring at half the cost, but has improved specifications and is geared towards the business market. HTC says the Vive Focus Plus would be available to developers on April 15. UploadVR reports: The Vive Focus Plus will ship in most markets with an enterprise license. The headset is said to launch with 250 Vive Wave applications while its Viveport Infinity subscription program claims to include "over 70 premium titles." [Some of the specifications include a 3K AMOLED (2880x1600) display, Qualcomm Snapdragon 835 processor, 75Hz frame rate, 110-degree field of view, and inside-out tracking.]
HTC is a company that appears to be in technological transition -- with the Vive Focus Plus the latest example. HTC's first generation Vive headset debuted in 2016 for $$799, a full $200 more than the Rift with a wider feature set. That system relied on Valve's SteamVR Tracking technology to operate. All headsets HTC released since 2016, except for the Vive Pro, don't rely on this technology. It should still be possible for some HTC systems to interact with SteamVR content but we've yet to test that sort of of functionality in a home setting. While Vive Focus Plus is HTC's current standalone headset the company is also planning the convertible Vive Cosmos as well. It is hard to get a full picture right now of how different Vive Focus Plus and Oculus Quest are from another in actual real-world use. HTC is trying to gear the headset to the business market but it is not clear how the headset or its business license will outperform Oculus Quest for business use cases.Read Replies (0)
By BeauHD from Slashdot's surprise-findings department
kenh shares a report from NBC News: A major Greenland glacier that was one of the fastest shrinking ice and snow masses on Earth is growing again, a new NASA study finds. The Jakobshavn (YA-cob-shawv-en) glacier around 2012 was retreating about 1.8 miles (3 kilometers) and thinning nearly 130 feet (almost 40 meters) annually. But it started growing again at about the same rate in the past two years, according to a study in Monday's Nature Geoscience. Study authors and outside scientists think this is temporary.
A natural cyclical cooling of North Atlantic waters likely caused the glacier to reverse course, said study lead author Ala Khazendar, a NASA glaciologist on the Oceans Melting Greenland (OMG) project. Khazendar and colleagues say this coincides with a flip of the North Atlantic Oscillation -- a natural and temporary cooling and warming of parts of the ocean that is like a distant cousin to El Nino in the Pacific. The water in Disko Bay, where Jakobshavn hits the ocean, is about 3.6 degrees cooler than a few years ago, study authors said. While this is "good news" on a temporary basis, this is bad news on the long term because it tells scientists that ocean temperature is a bigger player in glacier retreats and advances than previously thought, said NASA climate scientist Josh Willis, a study co-author. Over the decades the water has been and will be warming from man-made climate change, he said, noting that about 90 percent of the heat trapped by greenhouse gases goes into the oceans.Read Replies (0)