RSS 생중계

Prosecutors Are Investigating Amazon's Treatment of Third-Party Sellers

Slashdot - 4시간 5분 지남
According to Bloomberg, attorneys general from New York and California are partnering with the FTC to investigate Amazon's online marketplace, in what may be the beginnings of a formal antitrust enforcement action. From a report: The agencies are going to interview witnesses jointly on conference calls over the next few weeks. The news comes after intense questioning over Amazon's Marketplace practices during [last week's landmark Big Tech antitrust hearing]. Rep. Lucy McBath (D-GA) asked CEO Jeff Bezos whether its actions toward Marketplace sellers was a pattern of behavior. She played testimony from a third-party bookseller who believed Amazon had blocked their store, without providing an explanation why, effectively destroying her business. Bezos responded that "third-party sellers in aggregate are doing extremely well on Amazon." The Marketplace platform allows third-party sellers to peddle their wares to Amazon's massive online customer base, accounting for more than half of all of the company's e-commerce sales. Marketplace products are often less expensive -- and sometimes of lower quality -- than other products sold on Amazon. But consumers don't always understand the difference between buying something from a third-party seller versus buying directly from Amazon or one of the company's private-label brands. Amazon's Marketplace has been in the spotlight over the past few months, following a bombshell report in The Wall Street Journal exposing how the e-commerce giant secretly used data it gathered from third-party sellers to launch its own branded products, a practice Amazon executives have denied in the past. At the hearing, Bezos said the company maintains a policy against using seller-specific data but said he could not guarantee that the policy had never been broken.

Read more of this story at Slashdot.

카테고리:

Astronauts Made Prank Calls From SpaceX Crew Dragon

Slashdot - 7시간 5분 지남
PolygamousRanchKid shares a report from CNET: NASA's Doug Hurley and his crewmate Bob Behnken had a satellite phone at their disposal after splashdown on Sunday. At a press conference later that day, Hurley filled us in on what they did with their spare time as they floated around. "Five hours ago we were in a spaceship bobbing around making prank satellite phone calls to whoever we could get ahold of," Hurley said. "Which was kind of fun, by the way." Hurley suggested the satellite phone bill should go to SpaceX founder Elon Musk, who was sitting nearby. Hurley and Behnken didn't elaborate on the content of the prank calls, but here's hoping they tried to order a pizza for delivery to GO Navigator, the SpaceX recovery ship that fished them out of the water.

Read more of this story at Slashdot.

카테고리:

In Wake of Apple Acquisition, Dark Sky Ends Android Support

Slashdot - 10시간 35분 지남
An anonymous reader quotes a report from Ars Technica: As promised, popular weather app Dark Sky ended support for Android and Wear OS over the weekend. Android Dark Sky users report that the app is no longer working and that it presents the user with a message saying that the "app has shut down." The impending shutdown was first announced when Apple acquired the company in March of this year. Despite the end of support for the world's most popular mobile operating system, Dark Sky's developers wrote in a blog post announcing the acquisition that joining Apple means they could "reach far more people, with far more impact, than we ever could alone." The Dark Sky Android app is not the only popular service on the chopping block as a result of the acquisition. Several app developers on both iOS and Android have used Dark Sky's API for weather data for a while now, but like Android support, that's going away. There's a little more time in that case, though: developers have until the end of next year to find and implement alternative data sources. When the acquisition was first announced, Dark Sky was slated to stop working on Android on July 1. That deadline was extended by one month, but it went into effect as planned on August 1. The Web version of Dark Sky was scheduled to end today, but Apple has extended that deadline, though embeds have been disabled. A new date for the Web shutdown has not been specified. That version will remain an option for Android users for now until it, too, stops working.

Read more of this story at Slashdot.

카테고리:

CVE-2020-5615

Latest 7 days CVE Lists - 11시간 50분 지남
Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVE-2020-5616

Latest 7 days CVE Lists - 11시간 50분 지남
[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.

CVE-2020-5617

Latest 7 days CVE Lists - 11시간 50분 지남
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.

FAA Proposes Requiring Four Key Boeing 737 MAX Design Changes

Slashdot - 12시간 3분 지남
The Federal Aviation Administration said on Monday that it is proposing requiring four key Boeing 737 MAX design changes to address safety issues seen in two crashes that killed 346 people and led to the plane's grounding in March 2019. Al Jazeera reports: The agency is issuing a proposed airworthiness directive to require updated flight-control software, revised display-processing software to generate alerts, revising certain flight-crew operating procedures, and changing the routing of some wiring bundles. The announcement is significant, but there are still other major steps, including finalizing pilot-training procedures, that must be completed before the 737 MAX can resume flights. The public has 45 days to comment on the changes, and it is still unclear if flights will resume before the end of 2020. The FAA said in a separate 96-page report released on Monday that it "has preliminarily determined that Boeing's proposed changes to the 737 MAX design, flight crew procedures and maintenance procedures effectively mitigate the airplane-related safety issues" in the two fatal crashes. The airworthiness directive seeks to require Boeing changes. The FAA said the changes minimize "dependence on pilot action and the effect of any potential single failure."

Read more of this story at Slashdot.

카테고리:

'Wakaresaseya': Private Agents Hired To End Relationships

Slashdot - 12시간 40분 지남
Christine Ro from the BBC writes about the private agents in Japan, called "wakaresaseya," that you can hire to seduce your spouse or their partner. From the report: The industry is still serving a niche market. One survey showed around 270 wakaresaseya agencies advertising online. Many are attached to private-detective firms, similar to private investigators in other countries (who can also become entangled in relationship dissolution). "Wakaresaseya service costs quite a lot of money," acknowledges [Yusuke Mochizuki, an agent of the "farewell shop" First Group], so clients tend to be well-off. Mochizuki, a former musician who has turned his lifelong interest in detective work into a career, says that he might charge 400,000 yen for a relatively straightforward case in which there's plenty of information about the target's activities, but more if the target is, for example, a recluse. Fees can go as high as 20 million yen if a client is a politician or a celebrity, requiring the highest level of secrecy. (While Mochizuki says that his firm has a high success rate, a consultancy that provides advice on the industry points out that potential clients should be sceptical of such claims, and prepared for possible failure.) Although some features of the wakaresaseya industry are unique to Japan, similar services exist around the world. They may be less formalized honeytrap or con-artist arrangements, or they may be part of the private-investigations industry. Conventionally "the Western perspective was to sensationalize the industry and almost exoticise it. There's this false exoticisation of Japan that occurs in the West quite frequently." It's difficult to gain a full understanding of the people affected by the wakaresaseya industry, because according to Scott, "people are very reluctant to be seen as associated with it, let alone a victim of it." The industry has a seedy reputation. As TV and radio producer Mai Nishiyama comments; "There's a market for everything in Japan." This includes a variety of relationship-based services like renting faux family members and the additional services offered by wakaresaseya firms, such as assistance with romantic reconciliation, separating a child from an unsuitable girlfriend or boyfriend or preventing revenge porn. Agents can also be hired to gather evidence that will help a wronged spouse collect consolation money, which is compensation for the dissolution of a relationship. Although the Yamagami International Law Office hasn't worked with wakaresaseya agents, lawyer Shogo Yamagami notes that some clients do work with private agents more generally to obtain evidence of adultery. The consolation payment system means that hiring wakaresaseya agents can be beneficial not just emotionally, but also in practical monetary terms.

Read more of this story at Slashdot.

카테고리:

Trump Fires TVA Chair, Cites Hiring of Foreign Workers

Slashdot - 13시간 20분 지남
schwit1 writes: President Trump announced the removal of Tennessee Valley Authority's chair James Thompson and board member Richard Howoth and called for the removal of their CEO Bill Johnson. This was in response to the company laying off employees and hiring H1-B visa holders. [TVA announced it would outsource 20% of its technology jobs to companies based in foreign countries, which could cause more than 200 highly skilled American tech workers in Tennessee to lose their jobs to foreign workers, according to the White House.] During the round table discussion, it was announced the company is willing to reverse course and rehire previously laid off employees. The president also said he would not ban the TikTok app if Microsoft or another company bought it before September 15th. "The TVA is a federally owned corporation created in 1933 to provide flood control, electricity generation, fertilizer manufacturing and economic development to the Tennessee Valley, a region that was hard hit by the Great Depression," reports The Associated Press. "The region covers most of Tennessee and parts of Alabama, Mississippi and Kentucky as well as small sections of Georgia, North Carolina and Virginia." Trump said the new chief executive officer must "[put] the interests of Americans first," adding: "The new CEO must be paid no more than $500,000 a year. We want the TVA to take action on this immediately. [...] Let this serve as a warning to any federally appointed board: If you betray American workers, you will hear two words: 'You're fired.'" The announcement was made as Trump signed an executive order to require all federal agencies to complete an internal audit to prove they are not replacing qualified American workers with people from other countries. According to the White House, the order will help prevent federal agencies from unfairly replacing American workers with lower cost foreign labor.

Read more of this story at Slashdot.

카테고리:

PS4 Gamepads Won't Work For PS5 Games, Sony Says

Slashdot - 14시간 2분 지남
An anonymous reader quotes a report from Ars Technica: You won't be able to use Sony's DualShock 4 or other third-party PS4 gamepads to play PlayStation 5 games, Sony confirmed in a blog post today. Those older gamepads will still work with "supported PS4 games" running on the PS5, Sony said, and PS5 software will work with "specialty peripherals" designed for the PS4 -- including "officially licensed racing wheels, arcade sticks, and flight sticks." Those caveats highlight the fact that there's no technical limitation or communication protocol mismatch stopping the upcoming hardware from communicating with legacy controllers. But Sony says it "believe[s] that PS5 games should take advantage of the new capabilities and features we're bringing to the platform, including the features of DualSense wireless controller." Those features include what Sony is calling "haptic feedback and dynamic trigger effects" and a built-in microphone (last month, Geoff Keighley hosted what is, thus far, the only public hands-on impressions of these new controller features). The DualSense compatibility decision casts Sony in contrast to Microsoft, which is promising that "your Xbox One gaming accessories come into the future with you, too" with the coming Xbox Series X. While that promise doesn't extend to the defunct Kinect camera, it does include specialty pads like the Xbox Elite Controller and Xbox Adaptive Controller. "We believe that your investments in gaming should move with you into the next generation," Microsoft wrote in a blog post last month. PlayStation Move controllers -- first released in 2010 for use with the PS3—will continue to work with PlayStation VR games on the PS5, Sony said. The PS4's existing PlayStation Camera accessory will also work on the PS5, though it will require an adaptor that Sony says it will be providing to users for free.

Read more of this story at Slashdot.

카테고리:

AI-Generated Text Is the Scariest Deepfake of All

Slashdot - 14시간 40분 지남
An anonymous reader shares a report: In the future, deepfake videos and audiofakes may well be used to create distinct, sensational moments that commandeer a press cycle, or to distract from some other, more organic scandal. But undetectable textfakes -- masked as regular chatter on Twitter, Facebook, Reddit, and the like -- have the potential to be far more subtle, far more prevalent, and far more sinister. The ability to manufacture a majority opinion, or create a fake-commenter arms race -- with minimal potential for detection -- would enable sophisticated, extensive influence campaigns. Pervasive generated text has the potential to warp our social communication ecosystem: algorithmically generated content receives algorithmically generated responses, which feeds into algorithmically mediated curation systems that surface information based on engagement. Our trust in each other is fragmenting, and polarization is increasingly prevalent. As synthetic media of all types -- text, video, photo, and audio -- increases in prevalence, and as detection becomes more of a challenge, we will find it increasingly difficult to trust the content that we see. It may not be so simple to adapt, as we did to Photoshop, by using social pressure to moderate the extent of these tools' use and accepting that the media surrounding us is not quite as it seems. This time around, we'll also have to learn to be much more critical consumers of online content, evaluating the substance on its merits rather than its prevalence.

Read more of this story at Slashdot.

카테고리:

Garmin Reportedly Paid Millions To Obtain Decryption Key, Resolve Recent Ransomware Attack

Slashdot - 15시간 20분 지남
Garmin has reportedly paid a ransom to receive a decryption key to recover its files, after they were hit by the WastedLocker Ransomware last month. Digital Trends reports: [BleepingComputer] found that the attackers used the WastedLocker Ransomware and reported that they demanded $10 million as a ransom. Now, it also uncovered that Garmin is using a decryption key to regain access to its files, suggesting that the company may have paid that ransom demand or some other amount. The WastedLocker software uses encryption which has no known weaknesses, so the assumption is that to break it, the company must have paid the attackers for the decryption key. [...] The company reassured customers that no customer data was stolen, and that no payment information from the Garmin Pay payment system was accessed or stolen either. On Twitter, the company announced last week, "We are happy to report that many of the systems and services affected by the recent outage, including Garmin Connect, are returning to operation. Some features still have temporary limitations while all of the data is being processed."

Read more of this story at Slashdot.

카테고리:

Chinese Games Will Force Players To Use Their Real Names

Slashdot - 16시간 2분 지남
The Chinese government will soon require video game users to log in with their real names. According to the South China Morning Post, the government is rolling out a state-run authentication system that will ask game makers to join the system in batches. From the report: The plan has been in the works for some time, with the government pushing for tighter controls based on the argument that it needs to protect minors. In 2019, the State Administration of Press and Publications (SAPP), the body in charge of regulating games, introduced new limits on how much time and money minors can spend on games. Anyone under 18 years old is limited to 90 minutes on weekdays and three hours on holidays. To enforce these limits, players are required to to give out their real names which can be checked against ID numbers. Tencent and NetEase, the country's two largest gaming companies, got a jump on these plans by introducing their own verification systems. For now, not much is known about how the national verification system will work or whether it will resemble the independent systems already in place. In some cases, the private systems have introduced some stringent controls. In Honour of Kings, the immensely popular Tencent game known as Arena of Valor overseas, the verification system includes a facial recognition scan. China also has other rules governing what games are even allowed in the country. One requirement is for game publishers to submit games for content and monetisation review before they can be legally distributed in China.

Read more of this story at Slashdot.

카테고리:

Google To Buy Stake In ADT In Home Security Push For $450 Million

Slashdot - 16시간 40분 지남
An anonymous reader quotes a report from Reuters: Alphabet's Google is picking up a 6.6% stake in ADT for $450 million, betting on the home security company's strong customer base and an army of technicians to drive sales of its Nest devices. The investment gives ADT the backing of a high-profile technology partner and broadens its services business. In return, Google gets access to about 6.5 million customers, strengthening its presence as it competes with Amazon's Ring and Boston-based SimpliSafe, among others. ADT said on Monday that the two companies would work on ways to package popular Google products like Home Mini, Nest Thermostat and Nest Wifi with ADT's strength in installation and maintenance. "Later this year, we will begin integrating Google devices and make them available for installations to our customers," ADT Chief Executive Officer Jim DeVries told Reuters. "We will exclusively support Nest products," DeVries said, adding that the companies will build products together and start rolling them out next year. The companies will commit an additional $150 million each for co-marketing, product development, technology and employee training, ADT said.

Read more of this story at Slashdot.

카테고리:

CVE-2020-11583

Latest 7 days CVE Lists - 16시간 50분 지남
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.

CVE-2020-11584

Latest 7 days CVE Lists - 16시간 50분 지남
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.

DOD, FBI, DHS Release Info on Malware Used in Chinese Government-Led Hacking Campaigns

Slashdot - 17시간 20분 지남
The U.S. government today publicly exposed malware used in Chinese government hacking efforts for more than a decade. From a report: The Chinese government has been using malware, referred to as Taidoor, to target government agencies, entities in the private sector, and think tanks since 2008, according to a joint announcement from the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, the Department of Defense, and the FBI. The Chinese Communist Party has been using the malware, in conjunction with proxy servers, "to maintain a presence on victim networks and to further network exploitation," according to the U.S. government's malware analysis report (MAR). In particular, Taidoor has been used to target government and private sector organizations that have a focus on Taiwan, according to previous FireEye analysis. It is typically distributed to victims through spearphishing emails that contain malicious attachments. U.S. Cyber Command, the DOD's offensive cyber unit, has also shared samples of Taidoor through malware-sharing platform VirusTotal so information security professionals can further examine it. Cyber Command has been uploading malware samples to VirusTotal since 2018 in an effort to help the private sector better protect against foreign adversaries, as well as to deter adversaries from running hacking campaigns. But it appeared to be the first time in the program's approximately two-year history that the Pentagon has chosen to identify malware that looks to be Chinese in origin. The DOD has frequently exposed North Korean hacking through VirusTotal uploads, as well as campaigns linked with Russian and Iranian hacking.

Read more of this story at Slashdot.

카테고리:

CVE-2020-5770

Latest 7 days CVE Lists - 17시간 50분 지남
Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

CVE-2020-5771

Latest 7 days CVE Lists - 17시간 50분 지남
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive.

CVE-2020-5772

Latest 7 days CVE Lists - 17시간 50분 지남
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.

페이지

KLDP 수집기 구독하기