The vulnerability was discovered while doing work to fix another vulnerability in a widely used NPM library known as Private IP. That module, which was also widely used by open source developers, enables applications to block request forgery attacks by filtering out attempts to access private IP4 addresses and other restricted IP4 address ranges, as defined by ARIN.

The IP4 address 0127.0.0.01 should be evaluated as the public IP address 87.0.0.1 as the octal string “0127” is the same as the integer “87.” However, netmask reads the address as 127.0.0.1, a trusted, localhost address. Treating an untrusted public IP address as a trusted private IP address opens the door to local- and remote file inclusion (LFI/RFI) attacks, in which a remote authenticated or unauthenticated attacker can bypass packages that rely on netmask to filter IP address blocks.

The whistle-blower, who uncovered a privacy breach within the Canterbury District Health Board (DHB) system, has told Stuff the issue was not a “coding error” but incompetence.

“It is not a coding error. It is incompetence. The developer who developed this is incompetent ... This is basic stuff.”

Boston Dynamics’ new robot, named Stretch, is going straight to work in a warehouse. Rolling around on a wheeled base, it’s basically a large robotic arm that grabs boxes using vacuum power, and it’s designed for tasks like unloading trucks or stacking pallets.

A beta version of Tesla's "Full Self Driving" Autopilot update has begun rolling out to certain users. And man, if you thought "Full Self Driving" was even close to a reality, this video of the system in action will certainly relieve you of that notion. It is perhaps the best comprehensive video at illustrating just how morally dubious, technologically limited, and potentially dangerous Autopilot's "Full Self Driving" beta program is.

Police specialists gained access to encrypted messages from an encrypted messaging service called Sky ECC, which revealed detailed information about cocaine shipments, said the statement.

"During a judicial investigation into a potential service criminal organization suspected of knowingly providing encrypted telephones to the criminal environment, police specialists managed to crack the encrypted messages from Sky ECC," reads the statement.

Biden has long been critical of Bezos's conglomerate on matters such as unions, which Amazon vehemently opposes, and taxes, which Amazon seemingly now accepts must rise.

In remarks delivered on March 31, Biden said an independent analysis found 91 of Fortune 500 companies used various loopholes to avoid paying any federal income tax.

Amazon paid exactly zero dollars in federal taxes in 2017 and 2018, thanks to use of legitimate deductions that allowed it to reduce its liabilities.

Dahl and Belder claimed the server-side JavaScript ecosystem (which is dominated by Node.js) is "hopelessly fragmented, deeply tied to bad infrastructure, and irrevocably ruled by committees without the incentive to innovate." Server-side JavaScript has not kept pace with the browser platform, they said.

Michael Dawson, Node.js lead for Red Hat and IBM and a member of the Technical Steering Committee, told us in October: "All projects are going to end up with some legacy, it's the price of success that you can't go back and just change all those things." As you would expect, though, Dawson takes the line that Node should be improved rather than replaced.

Twitter has now suspended many of the accounts, and Amazon has confirmed at least one is fake.

Most of the accounts were made just a few days ago, often with only a few tweets, all related to Amazon.

Several of the high-profile accounts have been suspended by Twitter. It told the BBC that Amazon Ambassadors are subject to Twitter's rules on spam and platform manipulation.

During the UK's third lockdown, the leadership coach says that boredom has prompted her to relax that rule.

One problem with this for retailers is that customers are far more likely to return items when they buy them online. This is especially the case for items of clothing, which obviously cannot be tried on first.

He says that younger shoppers were already happy to "buy, try, return", but during the pandemic this has also become learned behaviour for older customers.

Cable company WideOpenWest (which markets itself as WOW!) yesterday told customers that it is imposing a data cap and explained the change with a pizza analogy that would seem more appropriate for a kindergarten classroom than for an email informing Internet users of new, artificial limits on their data usage.