RSS 생중계

Bernie Sanders Supports Video Game Workers Unions

Slashdot - 2시간 54분 지남
U.S. Senator and presidential candidate Bernie Sanders has taken to Twitter to announce his support for video game workers unions. "In his message, Sanders gives shout-outs to IATSE (the International Alliance of Theatrical Stage Employees) and Game Workers Unite, two organizations that have been working to help game creators organize," reports VentureBeat. "He also links to a June 11 Time story about the epidemic of worker burn out occurring in the industry." From the report: Video games make a ton of money, including $43 billion in revenue in 2018 in the U.S. (as Sanders also points out). But the people making games are often overworked and suspect to "crunch," mandatory (and sometimes unpaid) overtime. Recently, stories of unhealthy crunch cultures have surrounded giant game makers like Rockstar and Electronic Arts. Other employees suffer mass layoffs, like at Activision Blizzard earlier this year, even when their companies are big or even record profits. Some studios shut down completely.

Read more of this story at Slashdot.

카테고리:

Secretive Magic Leap Says Ex-Engineer Copied Headset For China

Slashdot - 3시간 31분 지남
Magic Leap, a secretive U.S. startup that makes a $2,295 augmented-reality headset, filed a lawsuit Monday accusing one of its former engineers of stealing its technology to create his own AR device for China. Bloomberg reports: In a lawsuit filed Monday, Magic Leap alleges that Chi Xu, who left in 2016, exploited its confidential information to "quickly develop a prototype of lightweight, ergonomically designed, mixed reality glasses for use with smart phones and other devices that are strikingly similar" to the Florida-based startup's designs. The lawsuit marks the latest accusation from an American firm of intellectual property theft by Chinese companies, a perennial sore point that's helped escalate tensions between the world's two largest economies. With more than $2 billion in financing, Magic Leap is one of the better-funded startups delving into so-called augmented or mixed reality, a technology that gives users the illusion that fantastical, three-dimensional digital objects exist in the physical world. Xu, who founded Beijing-based Hangzhou Tairuo Technology Co., also known as Nreal, unveiled his own augmented reality glasses at a major Las Vegas trade show in January, touting them as lighter than the Magic Leap One, Forbes has reported. Magic Leap released its headset last August after seven years of secretive work and more than $2 billion of investment. The startup alleges that Xu plotted during his roughly 13 months working there to launch his own competing company in China and "neglected his work duties" to acquire proprietary information. Xu is accused in the suit of breach of contract, fraud and unfair competition.

Read more of this story at Slashdot.

카테고리:

Facebook's Calibra Is a Secret Weapon For Monetizing Its New Cryptocurrency

Slashdot - 4시간 11분 지남
Earlier today, Facebook announced its cryptocurrency "Libra" and the nonprofit association that will oversee it. "But behind Facebook's ambitions to create a quasi-nation state ruled by mostly corporate interests is a secret weapon, one the company hopes it can use to create another platform used by billions of people -- and generate enormous new revenue streams along the way," reports The Verge. "It's called Calibra, and it's a new subsidiary of Facebook the company is launching to build financial services and software on top of the Libra blockchain." From the report: At first blush, Calibra resembles a fairly standard payments company -- but its tight integration with Facebook's enormous user base could give it a significant advantage over any rivals. Thanks to its proximity to the technical development of Libra, and its ability to leverage WhatsApp, Messenger, and Instagram, Calibra could very well become Facebook's next big thing. Calibra's immediate goal is to develop and launch its own digital cryptocurrency wallet, and integrate that wallet into other Facebook products. The company will become a member of the nonprofit Libra Association and have equal voting power the other partners as Facebook's official representative, which include Uber, Lyft, eBay, and PayPal, along with several other tech companies, financial service providers, venture capitalists, and fellow nonprofits. That way, Facebook can say it does not solely control the currency or the network by itself. It also gets the benefit of having twice the representation as other companies, at least for now. Libra is the technology that underpins the network. But when it launches, Calibra will likely be how most people interact with the currency until competing wallets arise. In fact, it will likely be the first cryptocurrency wallet that hundreds of millions of people will have access to, by nature of being bundled with Facebook's massive ecosystem. With billions of users potentially interacting with Calibra, it will instantaneously have many hundreds of times the user base of the world's most popular existing wallets from Coinbase and others. Kevin Weil, vice president of product at Calibra, says the primary business model isn't to make money off ads targeted using your purchase history or to charge people for using the Calibra app. The real goal, Weil says, is to boost adoption to the point where Libra can have a vibrant financial services economy built on top of it, not just by Facebook but by any other company in the world. Weil says Libra becoming successful will have all sorts of positive ripple effects for all participants. "You suddenly have billions of new consumers for any online service. Businesses today that operate in cash only, if they have access to a digital currency they have access to advertising platforms, including Facebook," he says. "There are meaningful side effects on Facebook's business if Libra is successful."

Read more of this story at Slashdot.

카테고리:

Engineers Boost Output of Solar Desalination System By 50 Percent

Slashdot - 4시간 54분 지남
An anonymous reader quotes a report from Phys.Org: Researchers in Rice's Laboratory for Nanophotonics (LANP) this week showed they could boost the efficiency of their solar-powered desalination system by more than 50% simply by adding inexpensive plastic lenses to concentrate sunlight into "hot spots." The results are available online in the Proceedings of the National Academy of Sciences. "The typical way to boost performance in solar-driven systems is to add solar concentrators and bring in more light," said Pratiksha Dongare, a graduate student in applied physics at Rice's Brown School of Engineering and co-lead author of the paper. "The big difference here is that we're using the same amount of light. We've shown it's possible to inexpensively redistribute that power and dramatically increase the rate of purified water production." In conventional membrane distillation, hot, salty water is flowed across one side of a sheetlike membrane while cool, filtered water flows across the other. The temperature difference creates a difference in vapor pressure that drives water vapor from the heated side through the membrane toward the cooler, lower-pressure side. Scaling up the technology is difficult because the temperature difference across the membrane -- and the resulting output of clean water -- decreases as the size of the membrane increases. Rice's "nanophotonics-enabled solar membrane distillation" (NESMD) technology addresses this by using light-absorbing nanoparticles to turn the membrane itself into a solar-driven heating element. Dongare and colleagues, including study co-lead author Alessandro Alabastri, coat the top layer of their membranes with low-cost, commercially available nanoparticles that are designed to convert more than 80% of sunlight energy into heat. The solar-driven nanoparticle heating reduces production costs, and Rice engineers are working to scale up the technology for applications in remote areas that have no access to electricity.

Read more of this story at Slashdot.

카테고리:

House Lawmakers Demand End To Warrantless Collection of Americans' Data

Slashdot - 5시간 36분 지남
Two House lawmakers are pushing an amendment that would effectively defund a massive data collection program run by the National Security Agency unless the government promises to not intentionally collect data of Americans. TechCrunch reports: The bipartisan amendment -- just 15 lines in length -- would compel the government to not knowingly collect communications -- like emails, messages and browsing data -- on Americans without a warrant. Reps. Justin Amash (R-MI, 3rd) and Zoe Lofgren (D-CA, 19th) have already garnered the support from some of the largest civil liberties and rights groups, including the ACLU, the EFF, FreedomWorks, New America and the Sunlight Foundation. Under the current statute, the NSA can use its Section 702 powers to collect and store the communications of foreign targets located outside the U.S. by tapping into the fiber cables owned and run by U.S. telecom giants. But this massive data collection effort also inadvertently vacuums up Americans' data, who are typically protected from unwarranted searches under the Fourth Amendment. The government has consistently denied to release the number of how many Americans are caught up in the NSA's data collection. For the 2018 calendar year, the government said it made more than 9,600 warrantless searches of Americans' communications, up 28% year-over-year.

Read more of this story at Slashdot.

카테고리:

CVE-2019-12881

Latest 7 days CVE Lists - 5시간 41분 지남
i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0.

CVE-2019-3953

Latest 7 days CVE Lists - 5시간 41분 지남
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.

Google Explains How It Licenses Song Lyrics For Search, Will Add Attribution

Slashdot - 6시간 16분 지남
Over the weekend, Google Search was caught allegedly copying song lyrics from Genius.com. In response, Google published a long explanation of how lyrics in Search work and said that they will add attribution to note which third-party service is supplying the lyrics. 9to5Google reports: When you look up a song in Search, Google often returns a YouTube video with the Knowledge Panel featuring lyrics, links to streaming services, and other artist/album/release/genre info. A query that explicitly asks for "lyrics" will display the full text as the first item at the top of Google.com. The Wall Street Journal over the weekend reported on an accusation that Search was taking content from Genius. According to Google today, it does "not crawl or scrape websites to source these lyrics." When available, Google will pay music publishers for the right to display lyrics. However, in most cases, publishers do not have digital transcripts, with the search engine instead turning to third-party "lyrics content providers." Google today reiterated that it's asking partners to "investigate the issue," with the third-party -- and not Google directly -- likely at fault for scraping Genius content. Meanwhile, Knowledge Panels in Search will soon gain attribution to note who is supplying digital lyrics text. "Google today reiterated that it's asking partners to 'investigate the issue,' with the third-party -- and not Google directly -- likely at fault for scraping Genius content," Google said in a blog post. "Meanwhile, Knowledge Panels in Search will soon gain attribution to note who is supplying digital lyrics text."

Read more of this story at Slashdot.

카테고리:

CVE-2019-12133

Latest 7 days CVE Lists - 6시간 41분 지남
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.

YouTuber Simone Giertz Transformed a Tesla Model 3 Into a Pickup Truck

Slashdot - 6시간 53분 지남
An anonymous reader quotes a report from The Verge: Simone Giertz was tired of waiting for Elon Musk to unveil his new Tesla pickup truck, so she decided to make one herself. The popular YouTuber and self-described "queen of shitty robots" transformed a Model 3 into an honest-to-god pickup truck, which she dubs "Truckla" -- and naturally you can watch all the cutting and welding (and cursing) on her YouTube channel. There's even a fake truck commercial to go along with it. Giertz spent over a year planning and designing before launching into the arduous task of turning her Model 3 into a pickup truck. And she recruited a ragtag team of mechanics and DIY car modifiers to tackle the project: Marcos Ramirez, a Bay Area maker, mechanic and artist; Boston-based Richard Benoit, whose YouTube channel Rich Rebuilds is largely dedicated to the modification of pre-owned Tesla models; and German designer and YouTuber Laura Kampf. Giertz's truck looks exactly like what it is: a Model 3 with the top part of the back half removed. As such, it blurs the line between sedan and pickup, which used to be a popular design style in the 1970s and 80s, until consumers decided that bigger is better. Think Chevy El Camino, or Ford Ranchero. But Giertz smartly added some standard truck accoutrements, like a lumber rack with Hella lights attached to the front, so that it wouldn't look out of place among the Rams and Silverados of the world. It wasn't a project without its obstacles. After stripping the backseat and the trunk of its many parts, the Model 3 refused to start. Ramirez explained that the car was reporting "all of its many faults" to Tesla headquarters via cell connection, or essentially "snitching" on the YouTubers who were trying to modify it. They also ran into problems after cutting through the first beam when the metal started to buckle slightly. Luckily they were able to reinforce the steel and keep going.

Read more of this story at Slashdot.

카테고리:

Senator Rubio Targets Huawei Over Patents

Slashdot - 7시간 31분 지남
hackingbear writes: While intellectual property violation is a major accusation against China in the on-going US-China trade war, U.S. Senator Marco Rubio filed legislation on Monday that would prevent Huawei from seeking damages in U.S. patent courts, after the Chinese firm demanded that Verizon Communications pay $1 billion to license the rights to patented technology. Under the amendment -- seen by Reuters -- companies on certain U.S. government watch lists, which would include Huawei, would not be allowed to seek relief under U.S. law with respect to U.S. patents, including bringing legal action over patent infringement.

Read more of this story at Slashdot.

카테고리:

CVE-2019-12592

Latest 7 days CVE Lists - 7시간 41분 지남
A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame.

CVE-2017-8328

Latest 7 days CVE Lists - 7시간 41분 지남
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change a user's password. Also this is a systemic issue.

CVE-2017-8330

Latest 7 days CVE Lists - 7시간 41분 지남
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the "NewInMessage" SOAP parameter passed with a huge payload results in crashing the process. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "miniupnpd" is the one that has the vulnerable function that receives the values sent by the SOAP request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function WscDevPutMessage at address 0x0041DBB8 in IDA pro is identified to be receiving the values sent in the SOAP request. The SOAP parameter "NewInMesage" received at address 0x0041DC30 causes the miniupnpd process to finally crash when a second request is sent to the same process.

CVE-2017-8332

Latest 7 days CVE Lists - 7시간 41분 지남
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might be deemed unsafe using the web management interface. It seems that the device does not implement any cross-site scripting protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a stored cross-site scripting payload on the user's browser and execute any action on the device provided by the web management interface.

CVE-2017-8334

Latest 7 days CVE Lists - 7시간 41분 지남
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site scripting payload on the user's browser and execute any action on the device provided by the web management interface.

CVE-2017-8337

Latest 7 days CVE Lists - 7시간 41분 지남
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an attacker who can trick a user to navigate to an attacker's webpage to exploit this issue and brute force the password for the web management interface. It also allows an attacker to then execute any other actions which include management if rules, sensors attached to the devices using the websocket requests.

Google Launches Chrome Extension For Flagging Bad URLs To the Safe Browsing Team

Slashdot - 8시간 11분 지남
Google today launched a new Chrome extension that will simplify the process of reporting a malicious site to the Google Safe Browsing team so that it can be analyzed, reviewed, and blacklisted in Chrome and other browsers that support the Safe Browsing API. From a report: Named the Suspicious Site Reporter, this extension adds an icon to the Google Chrome toolbar that when pressed, opens a popup window from where users can file an automatic report for the current site they're on, and which they suspect might be up to no good. "If the site is added to Safe Browsing's lists, you'll not only protect Chrome users but users of other browsers and across the entire web," said Emily Schechter, Chrome Product Manager. The Safe Browsing API is implemented not only in the mobile and desktop versions of Chrome but also in the mobile and desktop versions of Mozilla Firefox and Apple's Safari.

Read more of this story at Slashdot.

카테고리:

CVE-2017-8329

Latest 7 days CVE Lists - 8시간 41분 지남
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting a name for the wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the POST parameters passed in this request to set up names on the device do not have a string length check on them. This allows an attacker to send a large payload in the "mssid_1" POST parameter. The device also allows a user to view the name of the Wifi Network set by the user. While processing this request, the device calls a function at address 0x00412CE4 (routerSummary) in the binary "webServer" located in Almond folder, which retrieves the value set earlier by "mssid_1" parameter as SSID2 and this value then results in overflowing the stack set up for this function and allows an attacker to control $ra register value on the stack which allows an attacker to control the device by executing a payload of an attacker's choice. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "goahead" is the one that has the vulnerable function that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST parameter "mssid_1" at address 0x0042BA00 and then sets in the NVRAM at address 0x0042C314. The value is later retrieved in the function at address 0x00412EAC and this results in overflowing the buffer as the function copies the value directly on the stack.

CVE-2017-8331

Latest 7 days CVE Lists - 8시간 41분 지남
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in passing commands to a "system" API in the function and thus result in command injection on the device. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "goahead" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_43C280in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "ip_address" is extracted at address 0x0043C2F0. The POST parameter "ipaddress" is concatenated at address 0x0043C958 and this is passed to a "system" function at address 0x00437284. This allows an attacker to provide the payload of his/her choice and finally take control of the device.

페이지

KLDP 수집기 구독하기