Dspl.ca Homepage

Welcome to our little spot on the Internet. Finally got it back to the basics. This site is made only from a few PHP files and a flat file directory structure.

Things will get broken, and things will get better. Cheers.

Old School News Feeds (RSS)

Slashdot

Microsoft: Windows 10 Devices Open To 'Full Compromise' From Huawei PC Driver
Posted on Thursday January 01, 1970

According to ZDNet, researchers at Microsoft have discovered a buggy Huawei utility that could have given attackers a cheap way to undermine the security of the Windows kernel. From the report: Microsoft has now detailed how it found a severe local privilege escalation flaw in the Huawei PCManager driver software for its MateBook line of Windows 10 laptops. Thanks to Microsoft's work, the Chinese tech giant patched the flaw in January. As Microsoft researchers explain, third-party kernel drivers are becoming more attractive to attackers as a side-door to attacking the kernel without having to overcome its protections using an expensive zero-day kernel exploit in Windows. The flaw in Huawei's software was detected by new kernel sensors that were implemented in the Windows 10 October 2018 Update, aka version 1809. The kernel sensors are meant to address the difficulty of detecting malicious code running in the kernel and are designed to detect user-space asynchronous procedure call (APC) code injection from the kernel. Microsoft Defender ATP anti-malware uses these sensors to detect actions caused by kernel code that may inject code into user-mode. Huawei's PCManager triggered Defender ATP alerts on multiple Windows 10 devices, prompting Microsoft to launch an investigation. [...] The investigation led the researcher to the executable MateBookService.exe. Due to a flaw in Huawei's 'watchdog' mechanism for HwOs2Ec10x64.sys, an attacker is able to create a malicious instance of MateBookService.exe to gain elevated privileges. The flaw can be used to make code running with low privileges read and write to other processes or to kernel space, leading to a "full machine compromise." Long-time Slashdot reader shanen writes: Though the story features Huawei, there doesn't seem to be anything specific to that company there. Just innuendo that you can't trust Chinese companies, eh? "Don't throw your computer into that Chinese briar patch!" Anyway, the sordid reality is that Microsoft is the root of all evils in the Windows platform. If increasing security had been half as important as maximizing profits, then we'd be in a much better world today. All complicated software is buggy, but adding complexity for no good reason is just begging for more problems. Here's a crazy solution approach: Any OS feature that isn't used by a LARGE majority of the users should be REMOVED from the OS. Maybe that isn't strong enough. Maybe the OS should be strictly limited to what absolutely needs to be there. Guard those eggs carefully!

Read more of this story at Slashdot.

It Sure Looks Like Google's $599 Celeron Pixel Slate is Dead
Posted on Thursday January 01, 1970

Two variants of the Pixel Slate, a tablet-laptop hybrid that Google unveiled last year, have been "out of stock" for months now, leading many to believe that Google may have quietly gotten rid of them. From a report: [The Pixel Slate that are powered by the Celeron processor] are nowhere to be seen. They've been out of stock on the Google Store -- the only place these models were very briefly available -- since shortly after launch, four months ago. The $599 and $699 versions of the Pixel Slate brought sub-iPad Pro pricing to Google's prosumer tablet, even if it turned out that the tablet itself beat the iPad in pretty much no sense that mattered. Marques Brownlee, typically known for his easy-going takes and willingness to embrace misunderstood tech products, basically called the cheaper Celeron Slate a turd. This was not a good look for Google. Shortly after that, the Celeron Pixel Slate showed up as sold out on the Google Store, and that status hasn't changed since.

Read more of this story at Slashdot.

FTC Tells ISPs To Disclose Exactly What Information They Collect On Users and What It's For
Posted on Thursday January 01, 1970

An anonymous reader quotes a report from TechCrunch: The Federal Trade Commission, in what could be considered a prelude to new regulatory action, has issued an order to several major internet service providers requiring them to share every detail of their data collection practices. The information could expose patterns of abuse or otherwise troubling data use against which the FTC -- or states -- may want to take action. The letters requesting info went to Comcast, Google, T-Mobile, and both the fixed and wireless sub-companies of Verizon and AT&T. These "represent a range of large and small ISPs, as well as fixed and mobile Internet providers," an FTC spokesperson said. I'm not sure which is mean to be the small one, but welcome any information the agency can extract from any of them. To be clear, the FTC already has consumer protection rules in place and could already go after an internet provider if it were found to be abusing the privacy of its users -- you know, selling their location to anyone who asks or the like. (Still no action there, by the way.) But the evolving media and telecom landscape, in which we see enormous companies devouring one another to best provide as many complementary services as possible, requires constant reevaluation. As the agency writes in a press release: "The FTC is initiating this study to better understand Internet service providers' privacy practices in light of the evolution of telecommunications companies into vertically integrated platforms that also provide advertising-supported content." The report provides this example as to the kind of situation the FTC is concerned about: "If Verizon wants to offer not just the connection you get on your phone, but the media you request, the ads you are served, and the tracking you never heard of, it needs to show that these businesses are not somehow shirking rules behind the scenes." "For instance, if Verizon Wireless says it doesn't collect or share information about what sites you visit, but the mysterious VZ Snooping Co (fictitious, I should add) scoops all that up and then sells it for peanuts to its sister company, that could amount to a deceptive practice," TechCrunch adds. "Of course it's rarely that simple (though don't rule it out), but the only way to be sure is to comprehensively question everyone involved and carefully compare the answers with real-world practices."

Read more of this story at Slashdot.

UPS Is Using Drones To Transport Medical Supplies Between Hospitals
Posted on Thursday January 01, 1970

UPS has partnered with autonomous drone company Matternet and hospital WakeMed in Raleigh, North Carolina, to test a new drone delivery service for transporting medical samples to nearby facilities. The FAA is overseeing the program. CNBC reports: UPS said the service will utilize Matternet's M2 "quadcopter" drone, which can carry medical samples of up to 5 pounds as far as 12.5 miles. The program will begin with "numerous planned daily revenue flights at the WakeMed Raleigh campus," UPS said. The drone delivery service aims to replace WakeMed's reliance on a fleet of courier cars, which currently transports most of the hospital's medical samples. Using a UPS "secure drone container," WakeMed employees can load medical specimens like blood samples and send them quickly to a nearby WakeMed facility. Matternet has completed "more than 3,000 flights for healthcare systems in Switzerland," UPS added. The WakeMed program is also under the FAA's broader effort called the "Unmanned Aircraft System Integration Pilot Program," which "aims to test practical applications of drones by partnering local governments with private sector companies."

Read more of this story at Slashdot.

How Google, Facebook, Apple, and Amazon Warped the Hyperlink
Posted on Thursday January 01, 1970

The concept of the hyperlink was first outlined over 70 years ago and eventually became a central part of the web. But 30 years since the invention of the world wide web, Google, Apple, Facebook, and Amazon have skewed the original ambitions for hyperlinks, who they are for and how far they can lead you. From a feature story: The impact that Google's PageRank algorithms have had on how the commercial web chooses to deploy hyperlinks can be seen in just about any SEO (search engine optimisation) blog. Publishers and businesses are encouraged to prioritize internal links over external links that may boost the competition in Google's rankings. "Since the very moment Google came on the scene, links moved from being the defining characteristic of the web, to being a battleground. Google's core insight was that you could treat every link as, essentially, a vote for the site," says Adam Tinworth, a digital publishing strategist. Tinworth explains that Google tries to minimize the effect of these 'unnatural linking patterns', which includes comment spam and 'guest posts', but it remains part of "how the shadier side of the SEO industry operates." With clear, financial incentives to serve Google's web spiders, which regularly 'crawl' website content to determine its placement in searches, a common strategy involves placing hyperlinks on specific 'anchor text' -- the actual words that you click on -- that benefit that site's PageRank for keywords rather than tailor links to readers. That's not inherently a problem but research from the University of Southampton, published in February, suggests it doesn't go unnoticed. [...] In the cases of Apple and Facebook, the question isn't so much how we link and how we react to them, as where we can link to and where we can follow links to. Apple News, Facebook's Instant Articles and Google AMP all propose variations on limited systems of linking back to sources of information. As for Instagram, it's based on a two-tier system: users can't add external links to posts (#linkinbio) unless they buy adverts whereas accounts with a large number of followers are able to add external links to Stories.

Read more of this story at Slashdot.

Proudly powered by a Text Editor and some Internet Searches.

 

 

2017 dspl.ca end of file.