Tag: journal

Backdoor Found In WordPress Plugin With More Than 200,000 Installations

According to Bleeping Computer, a WordPress plug that goes by the name Display Widgets has been used to install a backdoor on WordPress sites across the internet for the past two and a half months. While the WordPress.org team removed the plugin from the official WordPress Plugins repository, the plugin managed to be installed on more than 200, 000 sites at the time of its removal. The good news is that the backdoor code was only found between Display Widgets version 2.6.1 (released June 30) and version 2.6.3 (released September 2), so it’s unlikely everyone who installed the plugin is affected. WordPress.org staff members reportedly removed the plugin three times before for similar violations. Bleeping Computer has compiled a history of events in its report, put together with data aggregated from three different investigations by David Law, White Fir Design, and Wordfence. The report adds: The original Display Widgets is a plugin that allowed WordPress site owners to control which, how, and when WordPress widgets appear on their sites. Stephanie Wells of Strategy11 developed the plugin, but after switching her focus to a premium version of the plugin, she decided to sell the open source version to a new developer who would have had the time to cater to its userbase. A month after buying the plugin in May, its new owner released a first new version — v2.6.0 — on June 21. Read more of this story at Slashdot.

See the original post:
Backdoor Found In WordPress Plugin With More Than 200,000 Installations

Equifax Had ‘Admin’ as Login and Password in Argentina

Reader wired_parrot writes: The credit report provider Equifax has been accused of a fresh data security breach, this time affecting its Argentine operations. The breach was revealed after security researchers discovered that an online employee tool used by Equifax Argentina was accessible using the “admin/admin” password combination. Read more of this story at Slashdot.

See the original post:
Equifax Had ‘Admin’ as Login and Password in Argentina

Chatbot Lets You Sue Equifax For Up To $25,000 Without a Lawyer

Shannon Liao reports via The Verge: If you’re one of the millions affected by the Equifax breach, a chatbot can now help you sue Equifax in small claims court, potentially letting you avoid hiring a lawyer for advice. Even if you want to be part of the class action lawsuit against Equifax, you can still sue Equifax for negligence in small claims court using the DoNotPay bot and demand maximum damages. Maximum damages range between $2, 500 in states like Rhode Island and Kentucky to $25, 000 in Tennessee. The bot, which launched in all 50 states in July, is mainly known for helping with parking tickets. But with this new update, its creator, Joshua Browder, who was one of the 143 million affected by the breach, is tackling a much bigger target, with larger aspirations to match. He says, “I hope that my product will replace lawyers, and, with enough success, bankrupt Equifax.” Not that the bot helps you do anything you can’t already do yourself, which is filling out a bunch of forms — you still have to serve them yourself. Unfortunately, the chatbot can’t show up in court a few weeks later to argue your case for you either. To add to the headache, small claims court rules differ from state to state. For instance, in California, a person needs to demand payment from Equifax or explain why they haven’t demanded payment before filing the form. Read more of this story at Slashdot.

Read the original:
Chatbot Lets You Sue Equifax For Up To $25,000 Without a Lawyer

TechCrunch: Equifax Hack-Checking Web Site Is Returning Random Results

An anonymous reader quotes security researcher Brian Krebs: The web site that Equifax advertised as the place where concerned Americans could go to find out whether they were impacted by this breach — equifaxsecurity2017.com — is completely broken at best, and little more than a stalling tactic or sham at worst. In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat. In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones. TechCrunch has concluded that “the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach.” One user reports that entering the same information twice produced two different answers. And ZDNet’s security editor reports that even if you just enter Test or 123456, “it says your data has been breached.” TechCrunch writes: The assignment seems random. But, nevertheless, they were still asked to continue enrolling in TrustID. What this means is not only are none of the last names tied to your Social Security number, but there’s no way to tell if you were really impacted. It’s clear Equifax’s goal isn’t to protect the consumer or bring them vital information. It’s to get you to sign up for its revenue-generating product TrustID. Meanwhile, one web engineer claims the secret 10-digit “security freeze” PIN being issued by Equifax “is just a timestamp of when you made the freeze.” Read more of this story at Slashdot.

More:
TechCrunch: Equifax Hack-Checking Web Site Is Returning Random Results

An Intelligent Speed Bump Uses Non-Newtonian Liquid

turkeydance quotes Business Insider: A Spanish company has designed a speed bump that won’t hinder slow drivers but will still stop motorists driving too fast. The speed bump is filled with a non-Newtonian liquid which changes viscosity when pressure is applied at high velocity. They’ve been installed in Villanueva de Tapia, Spain and there has also been interest from Israel and Germany. There’s a video on the site showing the speed bump in action. Read more of this story at Slashdot.

Read this article:
An Intelligent Speed Bump Uses Non-Newtonian Liquid

AI Can Detect Sexual Orientation Based On Person’s Photo

ugen shares a report from CNBC: Artificial Intelligence (AI) can now accurately identify a person’s sexual orientation by analyzing photos of their face, according to new research. The Stanford University study, which is set to be published in the Journal of Personality and Social Psychology and was first reported in The Economist, found that machines had a far superior “gaydar” when compared to humans. Slashdot reader randomlygeneratename adds: Researchers built classifiers trained on photos from dating websites to predict the sexual orientation of users. The best classifier used logistic regression over features extracted from a VGG-Face conv-net. The latter was done to prevent overfitting to background, non-facial information. Classical facial feature extraction also worked with a slight drop in accuracy. From multiple photos, they achieved an accuracy of 91% for men and 83% for women (and 81% / 71% for a single photo). Humans were only able to get 61% and 54%, respectively. One caveat is the paper mentions it only used Caucasian faces. The paper went on to discuss how this capability can be an invasion of privacy, and conjectured that other types of personal information might be detectable from photos. The source paper can be found here. Read more of this story at Slashdot.

Read More:
AI Can Detect Sexual Orientation Based On Person’s Photo

Google Drive Faces Outage, Users Report [Update]

Numerous Slashdot readers are reporting that they are facing issues access Google Drive, the productivity suite from the Mountain View-based company. Google’s dashboard confirms that Drive is facing outage. Third-party web monitoring tool DownDetector also reports thousands of similar complaints from users. The company said, “Google Drive service has already been restored for some users, and we expect a resolution for all users in the near future. Please note this time frame is an estimate and may change. Google Drive is not loading files and results in a failures for a subset of users.” Update: 09/07 17:13 GMT: Google says it has resolved the issue. Read more of this story at Slashdot.

Continue reading here:
Google Drive Faces Outage, Users Report [Update]

Linux Kernel 4.13 Officially Released

prisoninmate writes: As expected, the Linux 4.13 kernel series was made official this past weekend by none other than its creator, Linus Torvalds, which urges all Linux users to start migrating to this version as soon as possible. Work on Linux kernel 4.13 started in mid-July with the first Release Candidate (RC) milestone, which already gave us a glimpse of the new features coming to this major kernel branch. There are, of course, numerous improvements and support for new hardware through updated drivers and core components. Highlights of Linux kernel 4.13 include Intel’s Cannon Lake and Coffee Lake CPUs, support for non-blocking buffered I/O operations to improve asynchronous I/O support, support for “lifetime hints” in the block layers and the virtual filesystem, AppArmor enhancements, and better power management. There’s also AMD Raven Ridge support implemented in the AMDGPU graphics driver, which received numerous improvements, support for five-level page tables was added in the s390 architecture, and the structure randomization plugin was added as part of the build system. Read more of this story at Slashdot.

Continue reading here:
Linux Kernel 4.13 Officially Released

Sharp Announces 8K Consumer TVs Now That We All Have 4K

Thuy Ong reports via The Verge: Now that you’ve upgraded to a shiny new 4K TV, Sharp has revealed its latest screen to stoke your fear of missing out: a 70-inch Aquos 8K TV. That 8K (7, 680 x 4, 320) resolution is 16 times that of your old Full HD (1920 x 1080) TV. Sharp calls it “ultimate reality, with ultra-fine details even the naked eye cannot capture, ” which doesn’t seem like a very good selling point. Keep in mind that having a screen with more pixels doesn’t buy you much after a certain point, because those pixels are invisible from a distance — while an 8K panel would be beneficial as a monitor, where you’re sitting close, it won’t buy you much when leaning back on the couch watching TV. HDR, however, is something else entirely, and fortunately, Sharp’s new 8K set is compatible with Dolby Vision HDR and BDA-HDR (for Blu-ray players). The lack of available 8K HDR content is also a problem. But there is some content floating around. The TV will be rolling out to China and Japan later this year, and then Taiwan in February 2018. Sharp is repurposing its 70-inch 8K TV as an 8K monitor (model LV-70X500E) for Europe, which will be on sale in March. There is no news about a U.S. release. Read more of this story at Slashdot.

Originally posted here:
Sharp Announces 8K Consumer TVs Now That We All Have 4K

Linux Desktop Market Share Crosses 3%

Data for the month of August 2017 from reliable market analytics firm Net Applications is here, and it suggests that Linux has finally surpassed the three percent mark, quite possibly for the first time in recent years. According to Net Applications, the desktop market share of Linux jumped from 2.53 percent in July to 3.37 percent in August. There’s no explanation for what amounted for this growth. Read more of this story at Slashdot.

Taken from:
Linux Desktop Market Share Crosses 3%