Compromised credentials? Google can now change website passwords for you

Found on Ars Technica on Friday, 28 May 2021
Browse Internet

We'll still need to see how this feature works in the real world, but Google's demo says you'll be able to tap a single button to have Google register a new password with whatever site you're on.

Google scans your credentials against a big list of compromised usernames and passwords every time you log in, and if it detects bad credentials, the "Check Password" screen will pop up.

If Google changes your passwords, you can consider them compromised again, because they are known to a 3rd party. Do it right, do it yourself, and don't trust Google.

96% of US users opt out of app tracking in iOS 14.5, analytics find

Found on Ars Technica on Thursday, 27 May 2021
Browse Internet

It seems that in the United States, at least, app developers and advertisers who rely on targeted mobile advertising for revenue are seeing their worst fears realized: Analytics data published this week suggests that US users choose to opt out of tracking 96 percent of the time in the wake of iOS 14.5.

The change met fierce resistance from companies like Facebook, whose market advantages and revenue streams are built on leveraging users' data to target the most effective ads at those users. Facebook went so far as to take out full-page newspaper ads claiming that the change would not just hurt Facebook but would destroy small businesses around the world.

The advertisers' tears are so delicious.

Freenode IRC staff quit after new owner "seizes" control of network

Found on Boing Boing on Wednesday, 26 May 2021
Browse Internet

Resignation letters piled up from Fuchs, Ed Kellett, Emīls Piņķis, Jessica Sophie Porter and others, capping weeks of drama in the FOSS world's biggest chatbox.

Aaron Jones, one of the resignees, details the sequence of events and concludes that "a hostile entity is now in operational control over the network, and is in posession of your data."

Founded 26 years ago and home to some 80,000 users over 40,000 channels, the freenode is reportedly the largest IRC network and has enjoyed something of a rollercoaster history.

Good-bye Freenode. Hello Libera.Chat.

Prime today, gone tomorrow: Chinese products get pulled from Amazon

Found on Techcrunch on Tuesday, 25 May 2021
Browse Internet

Analysts have estimated that the share of Chinese merchants represented 75% of Amazon’s new sellers in January, up from 47% the year before, according to Marketplace Pulse, an e-commerce research firm.

Chinese sellers are swarming not just Amazon but also eBay, Wish, Shopee and Alibaba’s AliExpress.

But the get-rich-quick optimism among the cross-border community came to a halt when several top Chinese sellers disappeared from Amazon over the past few days.

Inside WeChat groups where hundreds of sellers normally exchange business strategies, anxiety is rife and the consensus is that the targeted sellers have “crossed the line” in conducting questionable platform practices.

Amazon is less than 75% interesting than it ever has been because of that; and with it's shady tax evasion, the other 25% are also not interesting anymore.

BT Smart Hub 2 router 'disrupting' home networks

Found on BBC News on Thursday, 20 May 2021
Browse Internet

Users are complaining that any devices not linked to the same frequency, such as a phone and a speaker, are refusing to communicate with each other.

"Turning off 5GHz is a short-term workaround until the kids start streaming lots of video content, at which point the whole house slows down."

Those who know wireless use cable.

New Warning For WhatsApp Users Over Account Suspension ‘Hack’

Found on Forbes on Tuesday, 11 May 2021
Browse Internet

Using just your phone number, a remote attacker can easily deactivate WhatsApp on your phone and then stop you getting back in. Even two-factor authentication will not stop this. Here’s how the attack works.

Despite its vast user base, WhatsApp is creaking at the seams. Its architecture has fallen behind its rivals, missing key features such as multi-device access and fully encrypted backups.

Clearly, the combination of this verification architecture, the SMS/code limits and the automated, keyword-based actions triggered by incoming emails is open to abuse.

That's probably the best one can do with this WhatsApp bug: pushing users to better alternatives.

Wix and Their Dirty Tricks

Found on Matt Mullenweg on Friday, 07 May 2021
Browse Internet

Wix, the website builder company you may remember from stealing WordPress code and lying about it, has now decided the best way to gain relevance is attacking the open source WordPress community in a bizarre set of ads.

Wix is a for-profit company with a valuation that peaked at around 20 billion dollars, and whose business model is getting customers to pay more and more every year and making it difficult to leave or get a refund.

Wix has always been bad. The best thing you can do is migrating away from it. Even if it is to WordPress.

Twitter Held Discussions for $4 Billion Takeover of Clubhouse

Found on Bloomberg on Wednesday, 05 May 2021
Browse Internet

Clubhouse is barely a year old but has drawn appearances from some of the biggest names in business and Hollywood. Established social media companies have quickly gone to work on their own versions of Clubhouse, including Twitter. Facebook Inc. is exploring one, too, and Microsoft Corp.’s LinkedIn and Slack Technologies Inc. have also said they’re working on similar features for their networks.

An app where people can talk. $4 billion. Seriously?

Cosmic rays causing 30,000 network malfunctions in Japan each year

Found on The Mainichi on Tuesday, 04 May 2021
Browse Internet

Most so-called "soft errors," or temporary malfunctions, in the network hardware of Nippon Telegraph and Telephone Corp. are automatically corrected via safety devices, but experts said in some cases they may have led to disruptions.

There is a chance that "greater issues" will arise as society's infrastructure becomes "more reliant on electronic devices" that use such technologies as artificial intelligence and automated driving, Hashimoto said.

Remember that next time your admin tells you that your problem was caused by solar flares or cosmic rays.

Cloudflare says new hCaptcha bypass doesn’t impact its implementation

Found on The Record on Monday, 03 May 2021
Browse Internet

Academics said their attack worked with a 95.93% accuracy rate and took around 18.76 seconds on average to crack an hCaptcha challenge.

But while machine learning-based attacks on image-based CAPTCHA solutions have been discovered before, the major breakthrough in this paper is that the research team achieved this with minimal computational resources — with the attack rig consisting of a simple Docker container running Ubuntu OS, configured with a 3-core CPU and only 2GB of memory.

As soon as spammers set up systems that solve Captchas with 95.93% accuracy, it will become a problem for Cloudflare.