Link

DuckDuckGo to Release Private Browser for Mac in 2022

Andrew Orr ·

On Tuesday, DuckDuckGo shared its review of achievements and improvements in 2021. Looking ahead, the company plans to release a private browser for the desktop.

Instead of forking Chromium or anything else, we’re building our desktop app around the OS-provided rendering engines (like on mobile), allowing us to strip away a lot of the unnecessary cruft and clutter that’s accumulated over the years in major browsers. With our clean and simple interface combined with the beloved Fire Button from our mobile app, DuckDuckGo for desktop will be ready to become your new everyday browsing app.

Link

'Have I Been Pwned' Completes FBI Ingestion Pipeline for Passwords

Andrew Orr ·

Troy Hunt, creator of Have I Been Pwned, has completed a pipeline that enables the ingestion of passwords from law enforcement agencies, like the FBI.

The premise is simple: during the course of their investigations, they come across a lot of compromised passwords and if they were able to continuously feed those into HIBP, all the other services out there using Pwned Passwords would be able to better protect their customers from account takeover attacks. Fast forward to now and that ingestion pipeline is finally live.

Link

State Legislators Help Libraries in Fight Over Ebook Licensing Terms

Andrew Orr ·

A report from Axios says libraries want better licensing terms for eBooks from Amazon and other publishers. States are stepping in to help the libraries.

A Maryland law set to take effect in January and a similar bill in New York would require publishers that sell ebooks to consumers to also license them to libraries on reasonable terms. The Maryland law and New York bill say it is not reasonable to limit the number of ebook licenses libraries can buy at the same date they are available to the general public.

Link

Loopring Releases Layer 2 Counterfactual Wallet for iOS

Andrew Orr ·

On Tuesday Loopring announced the release of its Layer 2 Counterfactual Wallet for cryptocurrency.

With the release of our Counterfactual Wallet, users can now deploy the Wallet on L2-only, bypassing a costly creation fee on L1. This-try-it-before-you-buy-it option allows users to experience the power of Ethereum L2 right away. If users would like to withdraw funds to L1, they can deploy their Ethereum L1 smart contract wallet, paying for the creation cost at that time.

Link

'Merry Christmas' - First SMS Ever Sent Sells for US$121,000

Charlotte Henry ·

The first SMS ever sent sold for €107,000 euros (US$121,000) as an NFT at an auction in Paris on Tuesday, Reuters reported. The message says “Merry Christmas” and was sent on December 3, 1992, by an engineer at UK carrier Vodafone.

Vodafone engineer Neil Papworth sent the SMS from his computer to a manager in the United Kingdom, who received it on his 2-kg (4 lb) “Orbitel” telephone – similar to a desk phone but cordless and with a handle. “They were in the middle of end-of-year events so he sent him the message ‘Merry Christmas’,” said Maximilien Aguttes, head of development for the Aguttes Auction House…The selling of intangible goods is not legal in France and so the auction house has packaged the text message in a digital frame, displaying the code and communication protocol, Aguttes said.

[Image credt: Agutess]

Link

Explaining 'log4j' and Why it's a Serious Cybersecurity Threat

Andrew Orr ·

In early December a cybersecurity threat was discovered with the popular “log4j” utility. The Post has a good piece on the exploit, explained in non-jargon.

The fact that log4j is such a ubiquitous piece of software is what makes this such a big deal. Imagine if a common type of lock used by millions of people to keep their doors shut was suddenly discovered to be ineffective. Switching a single lock for a new one is easy, but finding all the millions of buildings that have that defective lock would take time and an immense amount of work.

Link

Wi-Fi Gateway From Airangel Affects Hundreds of Hotels

Andrew Orr ·

Security researcher Etizaz Mohsin says that the Airangel HSMX Gateway, used by many hotels to offer Wi-Fi to guests, contains hardcoded passwords that are easy to guess.

With those passwords, which we are not publishing, an attacker could remotely gain access to the gateway’s settings and databases, which store records about the guest’s using the Wi-Fi. With that access, an attacker could access and exfiltrate guest records, or reconfigure the gateway’s networking settings to unwittingly redirect guests to malicious webpages, he said.

Link

Ledger Adds Polygon (MATIC) Support in Ledger Live

Andrew Orr ·

Owners of a Ledger cryptocurrency wallet can now manage, buy, and swap MATIC through the Ledger Live app. Polygon (MATIC) is a full-stack Ethereum scaling platform allowing fast transactions and low fees.

You can now create a MATIC account in your Ledger Live app, buy MATIC with our partners (MoonPay), swap them (1inch or Paraswap) and send them through your Ledger Live app, with no need for another wallet! It’s convenient and safe.

Link

Loving AirPods Max After Using Them For a Year

Charlotte Henry ·

The AirPods Max headphones were met with quite a lot of skepticism when they were first released, thanks largely to the US$549.00 price point. Over on iMore, Joe Wituschek explains why he loves his, a year after getting them.

After using AirPods Max for about a year now, I can say that the experience of these headphones is phenomenal. If you love good audio and are in the Apple ecosystem, it’s tough to find a better pair of over-the-ear headphones. Not only are they integrated with Find My and Apple’s quick pairing and switching between devices features, but they sound incredible. Now, sound quality can be subjective in a lot of ways – everyone has a different preference of what they want to hear. More bass, more treble, more detail, and a host of other preferences can make some headphones better for certain people. However, it is easy to recognize for most when you are wearing a pair of quality headphones. You can hear the difference. You hear more at higher volumes with more clarity and less distortion. And these headphones nail all of those things. You truly get immersed in what you are listening to.

Link

Some Essential Siri Commands For The Apple Music Voice Plan

Charlotte Henry ·

The release of iOS 15.2 and watchOS 8.3 brought with it the Apple Music Voice Plan. While I’m still skeptical about why the plan exists, Apple Must has a good list of useful Siri commands if you’re using it.

To start the trial? Just use Siri and say “Hey Siri, start my Apple Music Voice trial,” though you can also sign up through the Apple Music app. So, what can it do? You can Play, pause, skip forward and skip back on tracks. You can raise and lower volume. One good trick is to ask Siri how loud it is now, and then reduce it in percentages, such as “Play Music at 35% volume”. Apple Music Voice Plan also lets you access Apple Music’s entire lineup of playlists, including Today’s Hits, R&B Now, danceXL, The Agenda and others. You should be able to check through what’s available in the Apple Music app, though you won’t be able to play anything unless you use Siri.

Link

Apple Releases macOS Monterey 12.2 Developer Beta One Without Universal Control

Charlotte Henry ·

Apple seeded the fist developer beta of macOS Monterey 12.2 on Thursday. MacRumors reported on the, rather limited, details that were available. One thing missing was Universal Control.

Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update mechanism in System Preferences. We don’t yet know what’s included in ‌macOS Monterey‌ 12.2, but Apple has yet to implement a major feature — Universal Control. Universal Control is designed to allow a single mouse and trackpad to be used with multiple Macs and iPads, and Apple has said it will be launching this spring.

Link

Sennheiser Leak Exposed 55GB of Data for Thousands of Customers

Andrew Orr ·

Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a cache of data from audio company Sennheiser. It appears to be from an old cloud account that’s been dormant since 2018. Over 28,000 Sennheiser customers were exposed, with sensitive private data leaked.

While it’s unclear how all this data was collected, it appears to be from customers and businesses requesting samples of Sennheiser products.

Examples of entries: Full names, Email addresses, Phone numbers, Home addresses, Names of companies requesting samples, Number of the requesting company’s employees

Link

Here's What Coinbase and Intel Think About the 'Metaverse'

Andrew Orr ·

“The Metaverse” has been hyped in the news recently by companies such as Facebook/Meta. Brian Armstrong, CEO and cofounder of crypto exchange Coinbase, as well as Raja Koduri, Senior vice president and General manager of the Accelerated Computing Systems and Graphics Group at Intel, both recently shared their thoughts.

From Mr. Koduri: “Truly persistent and immersive computing, at scale and accessible by billions of humans in real time, will require even more: a 1,000-times increase in computational efficiency from today’s state of the art.”

From Mr. Armstrong: “The Metaverse is the distant evolution of Web3. In its most complete form, it will be a series of decentralized, interconnected virtual worlds with a fully functioning economy where people can do just about anything they can do in the physical world.”

Link

US Logistics Company 'D.W. Morgan' Leaks Data Through Amazon S3

Andrew Orr ·

A report from Website Planet reveals D.W Morgan left an Amazon S3 bucket unprotected, resulting in the exposure of over 2.5 million files.

An Amazon S3 bucket owned by D.W. Morgan was left accessible without authorization controls in place, exposing sensitive data relating to shipments and the company’s clients.

As a market leader, D.W. Morgan provides services to some of the biggest companies in the world and there are major Fortune 500 organizations with data exposed on the open bucket.

Link

Google's Project Zero Deep Dives into NSO Group 'FORCEDENTRY' Exploit

Andrew Orr ·

Google’s Project Zero security team published a deep dive into FORCEDENTRY, a zero-click exploit in iMessage used by NSO Group. Apple’s Security Engineering and Architecture (SEAR) group collaborated on the analysis.

Based on our research and findings, we assess this to be one of the most technically sophisticated exploits we’ve ever seen, further demonstrating that the capabilities NSO provides rival those previously thought to be accessible to only a handful of nation states.

The vulnerability discussed in this blog post was fixed on September 13, 2021 in iOS 14.8 as CVE-2021-30860.

Link

Google Sets Out Plan For News Content to French Antitrust Regulator

Charlotte Henry ·

Google has set out a plan for paying news agencies and publishers to French antitrust regulators. The proposals will now be put to public consultation, with responses required by January 31, 2022, Reuters reported. Google’s influence on the news business is obviously far more significant than Apple’s, although I imagine Cupertino will be keeping a keen eye on how this plays out.

News organizations, which have been losing ad revenue to online aggregators such as Google and Facebook (FB.O), have complained for years about tech companies using stories in search results or other features without copyright payment. As part of its proposals, Google commits to negotiate “in good faith” with news agencies and publishers the amount it would pay for using their protected content. It also commits to making a payment offer within three months from the start of the negotiation. If a deal cannot be reached, it would be possible to go to an arbitration court that would decide on the amount to pay.

Link

This Roboticist Says a Major Robotics Revolution is Around the Corner

Andrew Orr ·

ZDNet interviewed Pieter Abbeel, a professor of electrical engineering and computer science at the University of California, Berkeley. He says a major revolution is coming thanks to machine vision.

Giving robots the gift of sight completely changes what’s possible. Computer Vision, the area of AI concerned with making computers and robots see, has undergone a night-and-day transformation over the past 5-10 years — thanks to Deep Learning. Deep Learning trains large neural networks (based on examples) to do pattern recognition, in this case pattern recognition enabling understanding of what’s where in images. And then Deep Learning, of course, is providing capabilities beyond seeing.

Link

Update to Cash App Lets People Gift Stocks and Bitcoin

Andrew Orr ·

Block updated Cash App recently to let people gift each other Bitcoin and traditional stocks. It works with a USD balance or debit card.

To make this feature work, users will actually be sending the fiat value of the stock or the bitcoin from either their Cash App balance or a linked debit card, the company explains. While the earlier feature of sending bitcoin was accessed from the investing tab, the new feature is available both from the app’s payment tab or from a new “gift box” button on the investing tab.

Link

Instagram's Takedown of Metaverse Account Proves You Own Nothing on Web

Andrew Orr ·

The New York Times reports how Meta-owned Instagram blocked an @metaverse account, claiming it was impersonating someone else. The account has since been restored to its original owner, but the saga shows how you don’t truly own anything on Web 2.0.

“This account is a decade of my life and work. I didn’t want my contribution to the metaverse to be wiped from the internet,” she said. “That happens to women in tech, to women of color in tech, all the time,” added Ms. Baumann, who has Vietnamese heritage.

I disagree with that quote, however. I think Instagram would’ve taken the handle from anyone, regardless of gender or race.

Link

iCloud, Twitter, MineCraft, Cloudflare, All Vulnerable to a Powerful Bug

Andrew Orr ·

According to a report on Friday, major apps and services such as iCloud, Cloudflare, Steam, Twitter, and others are vulnerable to a bug.

On Thursday, researchers noticed that a popular Java logging library (log4j) had a bug that allows for Remote Code Execution or RCE, hacker lingo for one of the most dangerous types of vulnerabilities, one that essentially allows hackers to take control of the target. GitHub labeled the vulnerability as “critical severity,” and many researchers, as well as the Director of Cybersecurity at the NSA, are sounding the alarm.

If the NSA is publicly worried, you know it’s bad. Update: Cloudflare says they are not vulnerable, “We responded quickly to evaluate all potential areas of risk and updated our software to prevent attacks, and have not been able to replicate any external claims that we might be at risk.” The company published a blog post on the matter.