Kategorie

Takovou snahu o zásah do soukromí uživatelů jsme tu opravdu hodně dlouho neměli! Podle několika soudních příkazů, které získal časopis Forbes, nařídili federální vyšetřovatelé Googlu, aby poskytl informace o všech divácích vybraných videí na YouTube. Určitě není velkým překvapením, že tyto ...

Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims' Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs said in a report published Friday. One

Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims' Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs said in a report published Friday. One Newsroomhttp://www.blogger.com/profile/[email protected]

Red Hat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils

Red Hat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ UtilsNewsroomhttp://www.blogger.com/profile/[email protected]

Scale AI, the data processing company that advertises itself as a way to train generative AI on higher-quality information, has apparently shut down access to its platform in several countries, leaving gig workers in the lurch.

The company, which does much of its data processing through a subsidiary called Remotasks, cut access to its portal for workers in Nigeria, Kenya and Pakistan in  March, according to a report by Rest of World. The gig workers used by Remotask, and by extension Scale, improve data quality by adding labels, annotations, and general human input to information set to be processed by AIs.

The idea is to help AI tools learn by shaping their perceptions of, say, lidar data from cars or other information.

According to Rest of World’s report, workers — many of whom rely on Remotasks for their main income — were greeted by a message saying that “we regret to inform you that at the moment we are unable to provide service in your location.” The report also notes that remote workers “often have few reliable ways to contact supervisors or escalate complaints,” despite the presence of hotlines and Slack channels.

Scale released a statement in September detailing its relationship with Remotasks, which it calls the “data annotation” side of its business. The company said it partners with the Global Living Wage Coalition and conducts quarterly pay analyses to “ensure fair and competitive compensation” for the gig workers annotating its data. Scale also criticized “misunderstandings and mischaracterizations” about the way it treats its workers through Remotasks.

Scale could not be reached for comment on Rest of World’s report, which said that many of the workers affected by the apparent shutdown only found out about it when they attempted to log in and work. According to Rest of World, a company spokesperson blamed the lack of communication with workers on an administrative error, while saying that the shutdowns were put in place for “enhanced security protocols.”

In addition to the shutdowns in Pakistan, Nigeria and Kenya, Rest of World reported that new signups for Remotask work had been blocked in several other countries, including Thailand, India, Poland and Vietnam.

Rest of World’s report ran a day after The Information reported that Scale — which has been one of the AI industry’s early success stories — was up for a new round of funding, courtesy of VC firm Accel, which was an early investor in Scale. The proposed funding round would raise the company’s value to $13 billion, a rise of 80%.

The company joins several other big names in the generative AI industry, including AI-powered robot creators Figure AI, LLM creator Anthropic, and market powerhouse OpenAI in lining up hundreds of millions in new funding from investors desperate to capitalize on the much-hyped technology, according to a report from siliconAngle.

Artificial Intelligence, Generative AI, Remote Work, Technology Industry

With WWDC 2024 now set, Apple continues to work on bringing itself more in line with US government demands. What we don’t know yet is the extent to which these changes will be restricted to the EU, or whether Apple intends to make them available worldwide in an attempt to quell regulatory zeal.

That regulators want to diminish the Apple user experience to open up additional digital competition is not in doubt. What isn’t known is whether these decisions will make things better or worse in the long run.

So, what else does Apple plan to do to bring itself into line with regulatory demands?

Android switchers get an easier life

If you end up with an Android phone and need to port all your information across from your iPhone, you can either follow this guide or wait until the end of the year; that’s  when Apple will introduce tools other mobile operating system providers can use to create user-friendly migration solutions to transfer data from iPhones to Android.

This won’t actually arrive until late 2025.

Big changes in Safari

By the end of this year or possibly early in 2025, Apple will introduce a browser switching solution for exporting and importing relevant browser data into another browser on the same device. Later this year, Apple will also make it possible to completely delete Safari from iPhones in favor of an alternative web browser.

For some, this is a step forward from what is possible in the EU, where developers can now use alternative browser engines in browsers and apps with browsing experiences inside.

RCS for Messages

Another big change is the adoption of Rich Communication Service (RCS) messaging support. Google hinted (and subsequently deleted) a claim that such support was coming this fall, which strongly suggest Apple intends to make it available in this year’s major operating system updates. This is not a total shock — Apple said it was working on this last year.

What this means is that it will be possible for Android and iPhone to exchange higher resolution media. It’s a modern messaging standard that will eventually replace SMS/MMS messaging, lack of support for which has drawn regulatory angst.

Navigation apps

It’s not ready yet, but by March 2025 Apple intends to introduce a new default control for users for navigation apps. Presumably this will let you choose which navigation app your device uses as a default – you might ask Siri how to get to your next appointment but receive instructions from Google Maps, for example.

Marketplace setting

A new Setting on iPhones will appear that lets users enable and disable third-party apps on their device. The idea here is that users can very easily stop using apps they don’t like or don’t trust sourced from outside the App Store.

User data sharing

On the very slim chance you’re prepared to share your personal data with developers (which I don’t recommend), Apple will by the end of the year introduce a new solution that lets users authorize developers to access such information. The idea is that users will get asked if they are willing to share this information and to what extent, while developers will be able to access that information subject to that approval.

This particular piece of privacy erosion comes from the EU.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple, iOS, iPhone, Regulation

1. Mở đầu Bài viết này là phần mô tả sơ lược và bình luận bài báo "Spoiled Onions: Exposing Malicious Tor Exit Relays"[1]. Tor exit relay là nút cuối dùng trong hành trình vận chuyển của các gói tin trọng mạng Tor, gói tin từ đây sẽ đi đến địa chỉ ...

Nhaccuatui vừa nâng cấp trình chơi nhạc trên web của mình có thể hiển thị lời nhạc theo thời gian khá tốt. Bài viết này sẽ trình bày các bước để lấy lời nhạc đó và cung cấp một công cụ để thực hiện trong 1 cú enter ;) (*). Lấy ...

Challenge was getting 0x1000 bytes from socket, and executing it following these rules (all shellcodes and codes are at the end of this writeup): [code] - all general purpose registers are 0 - stack is at 0x42000000 - pc    is at 0x41000000 [/code] All binaries: x86 : polyglot_9d64fa98df6ee55e1a5baf0a170d3367 armel : polyglot_6a3875ce36a55889427542903cd43893 armeb : polyglot_c0e7a26d7ce539efbecc970c154de844 PowerPC: polyglot_5b78585342a3c116aebb5a9b45e88836 Our shellcode ...

Lưu ý: các phân tích trong bài viết này được dựa trên phiên bản Btalk 1.0.6 tải về từ PlayStore. Các vấn đề được nêu trong bài viết này BKAV đã được gửi email thông báo từ trước. (pdah - cb_ - k9) Cơ chế đăng ký và kích hoạt Quá trình xác ...

In previous post, we analyzed and exploited stack based buffer overflow vulnerability in chunked encoding parsing of nginx-1.3.9 - 1.4.0. We mentioned that there was another attack vector which was more practical, more reliable. I talked about this attack vector at SECUINSIDE 2013 in July (btw, a great conference and ...

Challenge itself is very interesting, as we have typical use-after-free problem. It's running on Ubuntu 13.04 with NX + ASLR. When we run challenge it gives us message as : [code] ###################################### #                                    # #   Welcome to the movie talk show   # #                                    # ###################################### 1. movie addition 2. movie deletion 3. my movie list 4. quit : [/code] movie addition is very straight ...

Description: http://war.secuinside.com/files/reader ip : 59.9.131.155 port : 8282 (SSH) account : guest / guest We have obtained a program designed for giving orders to criminals. Our investigators haven't yet analyzed the file format this program reads. Please help us analyze the file format this program uses, find a vulnerability, and take a shell. From the description we can ...

Challenge summary: Binary : http://war.secuinside.com/files/pwnme Source : http://war.secuinside.com/files/pwnme.c =================================== OS : Ubuntu 13.04 with PIE+ASLR+NX md5 of libc-2.17.so : 45be45152ad28841ddabc5c875f8e6e4 IP : 54.214.248.68 PORT : 8181,8282,8383 This is the only exploit challenge comes with source. The bug is simple: buffer overflow with only 16-bytes at pwnme.c:67, just enough to control EIP. The goal is to bypass PIE+ASLR+NX. We ...

Description: IP : 59.9.131.155 port : 18562 (SSH) account :  control  / control porsche binary : http://war.secuinside.com/files/firmware data : http://war.secuinside.com/files/car.bin (To prevent meaningless waste of time on certain analysis, car.bin is open to public.) hint : root@ubuntu:~# uname -a Linux ubuntu 3.8.0-19-generic #29-Ubuntu SMP Wed Apr 17 18:19:42 UTC 2013 i686 i686 i686 GNU/Linux The evil group is running ...

A few days after the release of nginx advisory (CVE-2013-2028), we managed to successfully exploit the vulnerability with a full control over the program flow. However, in order to make it more reliable and useful in real world environment, we still explored several program paths and found some other ...

Latest M$ tuesday patch kill one of my 0day in Microsoft Internet Explorer 9/10. So I decided release Proof Of Concept code and writeup some analyze about this bug. Hope it helpful. Here is the PoC: [sourcecode language="html"] ...

Nhận lời mời từ IDG, VNSecurity đồng ý đứng ra phối hợp tổ chức cuộc thi "Snatching the h@t" như một sự kiện trong khuôn khổ hội thảo CSO Asean năm 2012 với mong muốn giới thiệu và phát triển CTF như một hình thức học tập và thể hiện ...