Tech News

Researchers Find Vulnerability In Software Underlying Discord, Microsoft Teams, and Other Apps

it - Posted On:2022-08-11 20:14:58 Source: slashdot

An anonymous reader quotes a report from Motherboard: A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Spotify and many others, which are used by tens of millions of people all over the world. At the Black Hat cybersecurity conference in Las Vegas on Thursday, the researchers presented their findings, detailing how they could have hacked people who use Discord, Microsoft Teams, and the chat app Element by exploiting the software underlying all of them: Electron, which is a framework built on the open source Chromium and the cross-platform javascript environment Node JS. In all these cases, the researchers submitted vulnerabilities to Electron to get them fixed, which earned them more than $10,000 in rewards. The bugs were fixed before the researchers published their research. Aaditya Purani, one of the researchers who found these vulnerabilities, said that "regular users should know that the Electron apps are not the same as their day-to-day browsers," meaning they are potentially more vulnerable. In the case of Discord, the bug Purani and his colleagues found only required them to send a malicious link to a video. With Microsoft Teams, the bug they found could be exploited by inviting a victim to a meeting. In both cases, if the targets clicked on these links, hackers would have been able to take control of their computers, Purani explained in the talk. For him, one of the main takeaways of their research is that Electron is risky precisely because users are very likely to click on links shared in Discord or Microsoft Teams. Read more of this story at Slashdot.

Read More

Intel Shares 48 Benchmarks To Show Its Arc A750 Can Compete With an RTX 3060

technology - Posted On:2022-08-11 16:15:00 Source: slashdot

Intel has released 48 benchmarks that show its upcoming Arc A750 GPU should be able to trade blows with Nvidia's RTX 3060 running modern games. From a report: While Intel set its expectations low for its Arc GPUs last month, the company has now tested its A750 directly against the RTX 3060 across 42 DirectX 12 titles and six Vulkan games. The results look promising for what will likely be Intel's mainstream GPU later this year. Intel has tested the A750 against popular games like Fortnite, Control, and Call of Duty: Warzone, instead of the cherry picked handful of benchmarks the company released last month. "These are all titles that we picked because they're popular," explains Intel fellow Tom Petersen, in Intel's benchmark video. "Either reviewers are using them or they're high on the Steam survey, or new and exciting. These are not cherry picked titles." We'll have to wait for independent benchmarks, but based on Intel's testing, the A750 looks like it will compete comfortably with Nvidia's RTX 3060. "You'll see we're kinda trading blows with the RTX 3060," says Petersen. "Sometimes we win, sometimes we lose." Intel's performance is, on average, 3 to 5 percent better than Nvidia's when it wins on titles running at 1080p. Over on the 1440p side, it looks like Intel wins on more of the benchmarks. On average it's a win of about 5 percent across the 42 games. Intel has also tested six Vulkan titles, where it seems be trading blows with the RTX 3060 once again. Read more of this story at Slashdot.

Read More

Ethereum Software Update Planned for September After Successful Test

technology - Posted On:2022-08-11 13:00:00 Source: slashdot

The most ambitious upgrade to the Ethereum blockchain should take place in September, possibly closer to the middle of the month, developers working on the project said during a conference call after what was billed as a final dress rehearsal. From a report: Developers have picked a number of so-called total terminal difficulty required of the final block mined in Ethereum before the network switches to new software. Figuring out the exact date range when the upgrade will occur will require complex calculations, and will be a moving target, depending on changes to the network's use and support, developers said on the call that was broadcast over YouTube on Thursday. The final date range is expected to be approved during another developer call next week, though the software engineers are currently looking at Sept. 16 to Sept. 20. Called the Merge, the software upgrade has been in the works for years, and it will change the way Ethereum orders transactions to become more energy efficient. Instead of using energy-guzzling computers called miners, the network will deploy so-called validators using staked Ether tokens -- a setup called proof of stake. Following years of delays, the time for the Merge is finally being set after Wednesday's completion of the Goerli merge test, which simulated the Merge on a smaller scale. A few problems popped up during the test, developers reported on the call. Goerli merge, which many celebrated with parties broadcast on YouTube, was the final test before the actual Merge was to take place. Read more of this story at Slashdot.

Read More

Email Marketing Firm Mailchimp Suspends Several Crypto-Related Accounts

technology - Posted On:2022-08-11 12:30:00 Source: slashdot

Mailchimp appears to have suspended the accounts of several crypto-related firms, according to the affected outlets. Crypto firms on the chopping board include intelligence platform Messari. From a report: Founder Ryan Selkis posted on Twitter revealing the suspension and expressing his disappointment. Crypto wallet provider Edge, NFT artist Ocarina, and Jesse Friedland -- the founder of NFT collection Cryptoon Goonz -- are among prominent names that appear to have had their accounts suspended in the last several weeks, according to the Decrypt report. Read more of this story at Slashdot.

Read More

Cisco Hacked By Yanluowang Ransomware Gang, 2.8GB Allegedly Stolen

it - Posted On:2022-08-11 09:15:02 Source: slashdot

An anonymous reader quotes a report from BleepingComputer: Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. The company revealed that the attackers could only harvest and steal non-sensitive data from a Box folder linked to a compromised employee's account. "Cisco experienced a security incident on our corporate network in late May 2022, and we immediately took action to contain and eradicate the bad actors," a Cisco spokesperson told BleepingComputer. "Cisco did not identify any impact to our business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations. On August 10 the bad actors published a list of files from this security incident to the dark web. We have also implemented additional measures to safeguard our systems and are sharing technical details to help protect the wider security community." The Yanluowang threat actors gained access to Cisco's network using an employee's stolen credentials after hijacking the employee's personal Google account containing credentials synced from their browser. The attacker convinced the Cisco employee to accept multi-factor authentication (MFA) push notifications through MFA fatigue and a series of sophisticated voice phishing attacks initiated by the Yanluowang gang that impersonated trusted support organizations. The threat actors finally tricked the victim into accepting one of the MFA notifications and gained access to the VPN in the context of the targeted user. Once they gained a foothold on the company's corporate network, Yanluowang operators spread laterally to Citrix servers and domain controllers. "They moved into the Citrix environment, compromising a series of Citrix servers and eventually obtained privileged access to domain controllers," Cisco Talos said. After gaining domain admin, they used enumeration tools like ntdsutil, adfind, and secretsdump to collect more information and installed a series of payloads onto compromised systems, including a backdoor. Ultimately, Cisco detected and evicted them from its environment, but they continued trying to regain access over the following weeks. [...] Last week, the threat actor behind the Cisco hack emailed BleepingComputer a directory listing of files allegedly stolen during the attack. The threat actor claimed to have stolen 2.75GB of data, consisting of approximately 3,100 files. Many of these files are non-disclosure agreements, data dumps, and engineering drawings. Read more of this story at Slashdot.

Read More

Researchers Find Way To Shrink a VR Headset Down To Normal Glasses Size

technology - Posted On:2022-08-11 06:14:57 Source: slashdot

Researchers from Stanford University and Nvidia have teamed up to help develop VR glasses that look a lot more like regular spectacles. PC Gamer reports: "A major barrier to widespread adoption of VR technology, however, is the bulky form factor of existing VR displays and the discomfort associated with that," the research paper published at Siggraph 2022 says. These aptly named "Holographic Glasses" can deliver a full-colour 3D holographic image using optics that are only 2.5mm thick. Compared to the traditional way a VR headset works, in which a lens magnifies a smaller display some distance away from it, shrinking all the prerequisite parts down to such a small size is quite the spectacular step forward for VR. The Holographic Glasses prototype uses pancake lenses, which is a concept that has been thrown around a couple of times in the past few years. These pancake lenses not only allow for a much smaller profile but reportedly they have a few other benefits, too: the resolution they can offer is said to be unlimited, meaning you can crank up the resolution for VR headsets, and they offer a much wider field of view at up to 200 degrees. [...] The research paper lists the glasses as such: "a coherent light source that is coupled into a pupil-replicating waveguide, which provides the illumination for a phase-only SLM that is mounted on the waveguide in front of the user's eye. This SLM creates a small image behind the device, which is magnified by a thin geometric phase (GP) lens." Though, it's very much a promise of what's to come more than an immediately shippable product today. There are some limitations: while there's scope to have a much higher FOV than current generation VR headsets, this particular wearable prototype only offered an FOV of 22.8 degrees. The benchtop prototype offered even less, at only 16.1 degrees. "[The FOV] is far smaller than commercially available VR/AR displays. However, the FOV was mainly limited by the size of the available SLM and the focal length of the GP lens, both of which could be improved with different components," the researchers say. Another limitation is the likely requirement for a very accurate measurement of the user's pupil, which won't be easy without a well-thought-out design. It would be possible to use an infrared gaze tracker to do this, the researchers note, but you'd need to be able to track the wearer's pupil size constantly as they will adjust often to different light conditions while using the glasses. Read more of this story at Slashdot.

Read More

FCC Cancels $886 Million In Funding For SpaceX's Starlink

technology - Posted On:2022-08-11 03:14:57 Source: slashdot

The FCC is canceling $886 million in funding for Starlink to expand access in rural areas, citing the satellite internet system's cost and doubts over whether it can supply fast enough speeds. PC Magazine reports: The agency today announced it had rejected "long-form applications" from both SpaceX and an ISP called LTD Broadband to secure funding from the FCC's Rural Digital Opportunity Fund. "The Commission determined that these applications failed to demonstrate that the providers could deliver the promised service," the FCC said in a statement. FCC Chairwoman Jessica Rosenworcel added: "We cannot afford to subsidize ventures that are not delivering the promised speeds or are not likely to meet program requirements." In December 2020, the FCC awarded $886 million to SpaceX to help its Starlink service supply high-speed broadband to 642,925 locations in 35 states. However, it came with a requirement that SpaceX provide a long-form application about how Starlink would meet its obligations before the federal funding could be fully secured. The FCC's goal with the Rural Digital Opportunity Fund is to supply gigabit internet speeds to over 85% of the selected rural locations and at least 100Mbps download speeds for all 99.7% of the locations in the coming years. "Starlink's technology has real promise," Rosenworcel said. "But the question before us was whether to publicly subsidize its still developing technology for consumer broadband -- which requires that users purchase a $600 dish -- with nearly $900 million in universal service funds until 2032." Read more of this story at Slashdot.

Read More

GM Makes $1,500 OnStar Subscription Mandatory On GMC, Buick, Cadillac Models

technology - Posted On:2022-08-10 23:44:58 Source: slashdot

An anonymous reader quotes a report from The Drive: If you don't want to pay for in-car subscriptions every month, no problem: Just pay it all upfront. That's the line from General Motors today after news spread that it's making a three-year, $1,500 OnStar connected services subscription a mandatory "option" for new Buick, GMC, and Cadillac Escalade models. The subscription, which enables things like using your phone as a key fob, data-enabled navigation, audio streaming, and Amazon's Alexa virtual assistant, is still optional on other GM vehicles, with the Premium package running $49.99 a month. But don't be surprised if this new setup spreads across the automaker's full portfolio. The $1,500 charge for OnStar will effectively raise the base prices of these cars, though the exact increase varies from model to model. All Buicks will see a price increase of $1,500. Higher trim GMCs will see an increase of as little as $905 with the Hummer EV getting no MSRP boost. Base model GMC pickups, the Sierra and Canyon, are hit the hardest with a $1,675 increase. By far the most common price hike is $1,500, which also applies to the Cadillac Escalade, Automotive News reports. Speaking to GM Authority, a spokesperson said making customers pay for the service will "enhance [their] vehicle ownership experience." They went on to state that "By including this plan as standard equipment on the vehicle, it provides more customer value and a more seamless onboarding experience." The automaker confirmed to AN that buyers who don't activate OnStar and have no desire to use the services will not be offered a discount. Further reading: BMW Starts Selling Heated Seat Subscriptions For $18 a Month Read more of this story at Slashdot.

Read More

A Fifth of US Teens Use YouTube 'Almost Constantly,' With TikTok Not Far Behind

technology - Posted On:2022-08-10 18:44:59 Source: slashdot

Pew Research has published a new report that examines social media usage trends among US teens. The organization found that a whopping 95 percent of them use YouTube, while 19 percent are on the platform "almost constantly." Engadget reports: Perhaps unsurprisingly, two-thirds (67 percent) said they used TikTok, with 16 percent claiming they are on the app "almost constantly." The third most-popular social media platform among teens is Instagram, per Pew, with 62 percent using it. A tenth say they use it almost all the time -- despite the app occasionally telling them to take a break. A previous poll conducted in 2014-15 found that 52 percent were using Instagram (Pew didn't ask about YouTube usage for that survey and TikTok didn't exist at the time). Snapchat also rose among teens, with 59 percent using it in 2022, compared with 41 percent in the previous poll. Facebook was the top social media app among teens seven years ago, with 71 percent of them using it, but that figure has dropped to 32 percent. Teen adoption of Twitter (down from 33 percent to 23 percent) and Tumblr (14 percent to five percent) has fallen over the same period too. The 2014-15 poll didn't ask about Twitch, WhatsApp or Reddit. These days, a fifth of teens use Twitch, 17 percent are on WhatsApp and 14 percent are accessing Reddit. Read more of this story at Slashdot.

Read More

AMD Continues PC and Server Market Share Gains Amid Slumping Demand

technology - Posted On:2022-08-10 16:44:59 Source: slashdot

The preliminary Mercury Research CPU market share results are in for the second quarter of 2022, arriving during what is becoming a more dire situation for the PC market as sales cool after several years of stratospheric growth. From a report: According to the recent earnings report from Intel, AMD, and Nvidia, the recovery will be a long one. Still, for now, AMD appears to be weathering the storm better than its opponents as it continued to steal market share from Intel in every segment of the CPU market. The desktop PC market is still on fire, but it isn't a good kind of fire. Intel issued a dire earnings report last week -- the company lost money for the first time in decades, partially driven by PC declines. Intel also announced it was delaying its critical Xeon Sapphire Rapids data center chips and killing off another failing business unit, Optane; the sixth unit retired since new CEO Pat Gelsinger took over. In contrast, AMD's revenue was up 70% year-over-year as the company continued to improve its already-great profitability. AMD is firing on all cylinders and will launch its Ryzen 7000 CPUs, RDNA 3 GPUs, and EPYC Genoa data center processors on schedule. That consistent execution continues to pay off. AMD continued to take big strides in the mobile/laptop market, setting another record for unit share in that segment with 24.8%. AMD also gained in the server market for the 13th consecutive quarter, reaching 13.9% of the market. Notably, AMD's quarterly gain in servers is the highest we've seen with our historical data, which dates back to 2017. Read more of this story at Slashdot.

Read More

Google Fiber Plans 5-State Growth Spurt, Biggest Since 2015

technology - Posted On:2022-08-10 15:29:59 Source: slashdot

Google Fiber plans to bring its high-speed internet service to multiple cities in Arizona, Colorado, Idaho, Nebraska and Nevada over the next several years in its first big expansion since it spun out as an independent Alphabet unit in 2015. From a report: In his first media interview since becoming chief executive of Google Fiber in February 2018, Dinni Jain told Reuters on Wednesday that his team was finally prepared to "add a little bit more build velocity" after over four years of sharpening operations. The anticipated expansion to 22 metro areas across the United States from 17 today includes previously announced projects to launch in Mesa, Arizona and Colorado Springs, Colorado. The choices were based the company's findings of where speeds lag. "There was an impression 10 years ago that Google Fiber was trying to build the entire country," Jain said. "What we are gesturing here is, 'No, we are not trying to build the entire country.'" Read more of this story at Slashdot.

Read More

One of 5G's Biggest Features Is a Security Minefield

technology - Posted On:2022-08-10 14:45:00 Source: slashdot

True 5G wireless data, with its ultrafast speeds and enhanced security protections, has been slow to roll out around the world. As the mobile technology proliferates -- combining expanded speed and bandwidth with low-latency connections -- one of its most touted features is starting to come in to focus. But the upgrade comes with its own raft of potential security exposures. From a report: A massive new population of 5G-capable devices, from smart-city sensors to agriculture robots and beyond, are gaining the ability to connect to the internet in places where Wi-Fi isn't practical or available. Individuals may even elect to trade their fiber-optic internet connection for a home 5G receiver. But the interfaces that carriers have set up to manage internet-of-things data are riddled with security vulnerabilities, according to research that will be presented on Wednesday at the Black Hat security conference in Las Vegas. And those vulnerabilities could dog the industry long-term. After years of examining potential security and privacy issues in mobile-data radio frequency standards, Technical University of Berlin researcher Altaf Shaik says he was curious to investigate the application programming interfaces (APIs) that carriers are offering to make IoT data accessible to developers. These are the conduits that applications can use to pull, say, real-time bus-tracking data or information about stock in a warehouse. Such APIs are ubiquitous in web services, but Shaik points out that they haven't been widely used in core telecommunications offerings. Looking at the 5G IoT APIs of 10 mobile carriers around the world, Shaik and his colleague Shinjo Park found common, but serious API vulnerabilities in all of them, and some could be exploited to gain authorized access to data or even direct access to IoT devices on the network. "There's a big knowledge gap. This is the beginning of a new type of attack in telecom," Shaik told WIRED ahead of his presentation. "There's a whole platform where you get access to the APIs, there's documentation, everything, and it's called something like âIoT service platform.' Every operator in every country is going to be selling them if they're not already, and there are virtual operators and subcontracts, too, so there will be a ton of companies offering this kind of platform." Read more of this story at Slashdot.

Read More

As Metaverse Land Prices Plummet, Mark Cuban Says Buying Digital Land Is 'the Dumbest Sh*t Ever'

technology - Posted On:2022-08-10 13:00:00 Source: slashdot

Mark Cuban, the billionaire Dallas Mavericks owner and avid crypto enthusiast, is not sold on the metaverse. "The worst part is that people are buying real estate in these places. That's just the dumbest shit ever," he told the crypto-themed YouTube channel Altcoin Daily this past weekend. From a report: Cuban's comments come as the hype surrounding the metaverse -- a term that loosely describes an emerging virtual world where people can hang out, play, and shop -- seems to be cooling. Last November, Facebook changed its name to Meta, spurring a flurry of excitement about the potential of the metaverse, which fueled a land grab for digital plots in so-called metaverse platforms created by the likes of the Sandbox and Decentraland. These platforms enable investors to buy land as an NFT, which can be developed with virtual buildings or experiences or resold on secondary markets like NFT exchange OpenSea. Companies like Warner Music Group, Atari, Samsung, and Adidas have all bought digital land -- a move that Cuban, based on his latest comments, appears unlikely to follow. Cuban also isn't buying the central claim of metaverse land speculators that scarcity will make these digital plots valuable. "It's not even as good as a URL or an ENS [Ethereum naming service], because there's unlimited volumes that you can create," he said during the YouTube interview. Despite being an investor in Yuga Labs, the owner of popular NFT collections Bored Ape Yacht Club and CryptoPunks, Cuban said he was not a fan of the company's land sale, which raised about $317 million for its metaverse platform Otherside in April. "I still thought it was dumb to do the real estate. That was great money for them, you know, but that wasn't based off a utility," he said. Read more of this story at Slashdot.

Read More

DNSFilter Acquires iOS Firewall App Guardian

technology - Posted On:2022-08-10 10:14:57 Source: slashdot

DNSFilter, a Washington, D.C.-based provider of DNS-based web content filtering and threat protection, has announced it's acquiring Guardian, a privacy-protecting firewall for iOS. Financial terms of the deal were not disclosed. From a report: Guardian was founded in 2013 by Will Strafach, a security researcher and former iPhone jailbreaker who in 2017 discovered that AccuWeather was secretly sending precise location data to a third-party company without a user's permission. The company's "smart firewall" iPhone app blocks apps from sharing users' personal information with third-parties, such as IP addresses and location data, by funneling data through an encrypted virtual private network (VPN). The startup, which claims to have so far blocked more than 5 billion data trackers and 1 billion location trackers, recently joined forces with Brave to integrate its firewall and VPN functionality into its eponymous non-tracking browser. Read more of this story at Slashdot.

Read More

Burger King Blank Email Orders Confuse Thousands of Customers

technology - Posted On:2022-08-09 19:29:58 Source: slashdot

Burger King has just emailed thousands of customers with a blank order email receipt. The Verge reports: The blank emails started appearing at around 12:15AM ET, leaving Burger King customers confused whether the company has been breached by a hungry hacker attempting a midnight feast, or if the emails are simply a giant whopper of a mistake. Twitter users were quick to turn to the social network in a state of confusion over the blank emails, with some even receiving two Burger King emails in an apparent double whopper of a mistake. The order emails are totally blank, and were sent by Burger King's main promotional marketing email address. After this story was published, an email from "BK PR Team" responded to our request for more information, claiming the issue was "the result of an internal processing error." We have asked for a specific individual to attribute the information to. Read more of this story at Slashdot.

Read More

Windows 11 Encryption Bug Could Cause Data Loss, Temporary Slowdowns On Newer PCs

it - Posted On:2022-08-09 18:14:59 Source: slashdot

An anonymous reader quotes a report from Ars Technica: Microsoft has published a knowledge base article acknowledging a problem with encryption acceleration in the newest versions of Windows that could result in data corruption. The company recommends installing the June 2022 security updates for Windows 11 and Windows Server 2022 "to prevent further damage," though there are no suggested solutions for anyone who has already lost data because of the bug. The problems only affect relatively recent PCs and servers that support Vector Advanced Encryption Standard (VAES) instructions for accelerating cryptographic operations. Microsoft says affected systems use AES-XTS or AES-GCM instructions "on new hardware." Part of the AVX-512 instruction set, VAES instructions are supported by Intel's Ice Lake, Tiger Lake, Rocket Lake, and Alder Lake architectures -- these power some 10th-generation Core CPUs for laptops, as well as all 11th- and 12th-gen Core CPUs. AMD's upcoming Zen 4 architecture also supports VAES, though by the time these chips are released in the fall, the patches will have had plenty of time to proliferate. Microsoft says that the problem was caused when it added "new code paths" to support the updated encryption instructions in SymCrypt, Windows' cryptographic function library. These code paths were added in the initial release of Windows 11 and Windows Server 2022, so the problem shouldn't affect older versions like Windows 10 or Windows Server 2019. The initial fix for the problem, provided in Windows' June 2022 security update package (Windows 11 build 22000.778), will prevent further damage at the cost of reduced performance, suggesting that the initial fix was to disable encryption acceleration on these processors entirely. Using Bitlocker-encrypted disks or the Transport Layer Security (TLS) protocol or accessing encrypted storage on servers will all be slower with the first patch installed, though installing the July 2022 security updates (Windows 11 build 22000.795) should restore performance to its previous level. Read more of this story at Slashdot.

Read More

Ford Raises Prices of F-150 Lightning Electric Truck By Thousands of Dollars, Citing Rising Material Costs.

technology - Posted On:2022-08-09 17:00:00 Source: slashdot

Ford Motor on Tuesday became the latest automaker to raise the price of electric vehicles when it significantly increased prices of its popular F-150 Lightning because of rising materials costs. From a report: The company began making the Lightning in April and had sold more than 4,400 through the end of July. Ford has taken reservations for more than 200,000, and the higher prices will go into effect for the 2023 model year. Ford said it was increasing the starting prices of the truck by $6,000 to $8,500 for newly ordered vehicles. After the increase, the truck will cost from $46,974 for a base model to $96,874 for a Platinum version with an extended-range battery pack. The increases do not affect customers who have already placed orders and are waiting for their trucks. Reservations give customers a spot in line to place an order to buy a truck. Ford stopped taking orders because of strong demand but said it would resume doing so on Thursday, when the new prices go into effect. "We've announced pricing ahead of reopening order banks so our reservation holders can make an informed decision around ordering a Lightning," said Marin Gjaja, chief customer officer for Ford's electric vehicle division, known as Model e, in a statement. Read more of this story at Slashdot.

Read More

SGX, Intel's Supposedly Impregnable Data Fortress, Has Been Breached Yet Again

it - Posted On:2022-08-09 14:44:59 Source: slashdot

Intel's latest generation of CPUs contains a vulnerability that allows attackers to obtain encryption keys and other confidential information protected by the company's software guard extensions, the advanced feature that acts as a digital vault for security users' most sensitive secrets. From a report: Abbreviated as SGX, the protection is designed to provide a fortress of sorts for the safekeeping of encryption keys and other sensitive data, even when the operating system or a virtual machine running on top is maliciously compromised. SGX works by creating trusted execution environments that protect sensitive code and the data it works with from monitoring or tampering by anything else on the system. SGX is a cornerstone of the security assurances many companies provide to users. Servers used to handle contact discovery for the Signal Messenger, for instance, rely on SGX to ensure the process is anonymous. Signal says running its advanced hashing scheme provides a "general recipe for doing private contact discovery in SGX without leaking any information to parties that have control over the machine, even if they were to attach physical hardware to the memory bus." The example is purely hypothetical. Signal spokesperson Jun Harada wrote in an email: "Intel alerted us to this paper... and we were able to verify that the CPUs that Signal uses are not impacted by the findings of this paper and therefore are not vulnerable to the stated attack." Key to the security and authenticity assurances of SGX is its creation of what are called "enclaves," or blocks of secure memory. Enclave contents are encrypted before they leave the processor and are written in RAM. They are decrypted only after they return. The job of SGX is to safeguard the enclave memory and block access to its contents by anything other than the trusted part of the CPU. Read more of this story at Slashdot.

Read More

Someone Is Trolling Celebs by Sending ETH From Tornado Cash

it - Posted On:2022-08-09 14:15:00 Source: slashdot

An anonymous user sent a slew of Tornado Cash transactions to high-profile Ethereum addresses on Tuesday in what appears to be a troll implicating them in a potential regulatory mess. From a report: Affected wallets include those controlled by Coinbase CEO Brian Armstrong, TV host Jimmy Fallon, clothing brand Puma and a wallet created for donations to Ukraine, according to Etherscan. Prominent crypto figures such as artist Beeple and more mainstream celebrities such as comedian Dave Chappelle received ether (ETH). Read more of this story at Slashdot.

Read More

Google Tries Publicly Shaming Apple Into Adopting RCS

technology - Posted On:2022-08-09 13:30:00 Source: slashdot

Google is kicking off a new publicity campaign today to pressure Apple into adopting RCS, the cross-platform messaging protocol that's meant to be a successor to the aging SMS and MMS standards. From a report: The search giant has a new "Get The Message" website that lays out a familiar set of arguments for why Apple should support the standard, revolving around smoother messaging between iPhone and Android devices. Naturally, there's also a #GetTheMessage hashtag to really get those viral juices flowing. For most people, the problems Google describes are most familiar in the form of the green bubbles that signify messages to Android users in Apple's Messages app. While the iPhone app uses Apple's own iMessage service to send texts between iPhones (complete with modern features like encryption, support for group chats, and high-quality image and video transfers), they revert to old-fashioned SMS and MMS when texting an Android user. Not only are these messages shown in a color-clashing green bubble but also they break many of the modern messaging features people have come to rely on. Read more of this story at Slashdot.

Read More