Quite unforgiveable for a company that does cloud consultancy.
According to Vickery, the largest server contained over 137 gigabytes of data, which included large databases of credentials, some of which appeared to relate directly to Accenture customers. Vickery also found almost 40,000 passwords in one backup database — the vast majority were stored in plaintext.
Source: Accenture left a huge trove of sensitive data on exposed servers
What could possibly go wrong..
A computer virus has infected the cockpits of America’s Predator and Reaper …
Source: Computer virus hits US Predator and Reaper drone fleet
It’s a sad day for the Web. Yes the controversial EME (Encrypted Media Extensions) – basically an implementation of DRM – is now in all major browsers and the writing’s on the wall. But W3C being complicit in this is just wrong. I’m glad that EFF is taking a strong stand on this important issue.
The W3C is a body that ostensibly operates on consensus. Nevertheless, as the coalition in support of a DRM compromise grew and grew — and the large corporate members continued to reject any meaningful compromise — the W3C leadership persisted in treating EME as topic that could be decided by one side of the debate. In essence, a core of EME proponents was able to impose its will on the Consortium, over the wishes of a sizeable group of objectors — and every person who uses the web.
Source: World Wide Web Consortium abandons consensus, standardizes DRM with 58.4% support, EFF resigns
Lucrative exploit market might just swing more people over to the dark side.
Exploit broker Zerodium ups the ante with $500,000 to target Signal and WhatsApp.
Source: Wanted: Weaponized exploits that hack phones. Will pay top dollar
Popular chrome extension gets hijacked.
We log into our developer account and boom – our Copyfish extension is gone! It seems the hackers/thieves/idiots moved it to THEIR developer account. We currently have no access to it!
An impressively detailed start-to-end explanation of how an exploit is created. This exploit is unusually powerful in that it does not require the user to perform any action – no need to open attachments, click on hyperlinks etc. The only requirement is that Wifi is turned on. For iOS users, this exploit has been patched in the latest iOS 10.3.3.
Broadpwn is a fully remote attack against Broadcom’s BCM43xx family of WiFi chipsets, which allows for code execution on the main application processor in both Android and iOS. It is based on an unusually powerful 0-day that allowed us to leverage it into a reliable, fully remote exploit.
Someone implemented the same 3D scene using different API/frameworks. Interesting from a learning point of view. But as someone commented in HN, some implementations could be made to look the same given enough effort.
This repository contains multiple implementations of the same 3D scene, using different APIs and frameworks on various platforms. The goal is to provide a comparison between multiple rendering methods. This is inherently biased due to the variety of algorithms used and available CPU/GPU configurations, but can hopefully still provide interesting insights on 3D rendering.
Privacy concerns or fearmongering?
The Roomba is generally regarded as a cute little robot friend that no one but dogs would consider to be a potential menace. But for the last couple of years, the robovacs have been quietly mapping homes to maximize efficiency. Now, the device’s makers plan to sell that data to smart home device manufacturers, turning the friendly robot into a creeping, creepy little spy.
Source: Roomba’s Next Big Step Is Selling Maps of Your Home to the Highest Bidder
See how closed API reverse engineering typically happens.
Now that I was able to sign and fingerprint my login requests, I combined everything into a small Node.js module that allows some basic Starbucks API functions. The good news is that it’s (mostly) hosted here on GitHub!
Voilà! Programmatic coffee.
Source: Starbucks should really make their APIs public. – Tendigi
Oh wow. You can’t even trust your printer now ‘cos it could expose potentially incriminating information about how you are using it.
The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.
Source: Errata Security: How The Intercept Outed Reality Winner