2001 stories
·
6 followers

Potent LastPass exploit underscores the dark side of password managers

1 Comment

(credit: Wikimedia)

Developers of the widely used LastPass password manager are scrambling to fix a serious vulnerability that makes it possible for malicious websites to steal user passcodes and in some cases execute malicious code on computers running the program.

The flaw, which affects the latest version of the LastPass browser extension, was briefly described on Saturday by Tavis Ormandy, a researcher with Google's Project Zero vulnerability reporting team. When people have the LastPass binary running, the vulnerability allows malicious websites to execute code of their choice. Even when the binary isn't present, the flaw can be exploited in a way that lets malicious sites steal passwords from the protected LastPass vault. Ormandy said he developed a proof-of-concept exploit and sent it to LastPass officials. Developers now have three months to patch the hole before Project Zero discloses technical details.

"It will take a long time to fix this properly," Ormandy said. "It's a major architectural problem. They have 90 days, no need to scramble!"

Read 4 remaining paragraphs | Comments

Read the whole story
freeAgent
22 minutes ago
reply
Please don't get into the wild. Please don't get into the wild. Please don't get into the wild.
Los Angeles, CA
Share this story
Delete

Scottish lawmakers back independence referendum call

1 Comment

Scottish lawmakers voted Tuesday to seek a new referendum on independence, to be held within the next two years — an unwanted headache for the British government as it prepares to push the European Union exit button.

The Edinburgh-based legislature voted 69 to 59 to back First Minister Nicola Sturgeon's...

Read the whole story
freeAgent
27 minutes ago
reply
Los Angeles, CA
Share this story
Delete

We Don't Know The Environmental Effects Of Junking Half A Million Volkswagen Diesels

1 Comment

If Volkswagen can’t find a fix to its cheating TDI diesels, the cars will have to be “responsibly recycled,” which is just another way of saying they’re going to the junkyard. Is this really better for the environment than simply keeping the highly fuel efficient cars on the road? The answer is: we don’t know.

Read more...

Read the whole story
freeAgent
33 minutes ago
reply
Oh, irony.
Los Angeles, CA
Share this story
Delete

An App to Track Drone Strikes Lasted Less Than a Day Before Apple Yanked It

1 Comment

Reaper droneThis was supposed to be a post about how anybody who wants to easily keep track of U.S. drone strikes overseas can do so through an app on their iPhone. But never mind. They can't anymore.

This morning, Josh Begley, a data artist for The Intercept, wrote about his struggle to get such an app into the iTunes store for the past several years. His post was supposed to be good news: After rejecting the app several times and at one point allowing it on the market, and then yanking it, Apple had approved the app again.

But then this afternoon, Apple yanked the app from the market yet again. The app, titled Metadata+ (formerly Drones+) is not available for download (I have an iPhone and I checked myself). Begley explained at The Intercept that all the app did was send a push notification to the user whenever a report of a drone strike appeared in the news. He has been told by Apple that the content (which he wasn't even writing) was "excessively objectionable and crude."

Begley described what he was hoping to accomplish:

For the past 15 years, journalists on the ground in Yemen, Pakistan, and Somalia have worked hard to uncover the contours of U.S. drone attacks — in some cases at their own peril. Filmmakers, academics, and attorneys have done important work documenting their ghastly aftermath. Websites like The Intercept have published whistleblower exposés about how the covert drone program clicks together.

But buried in the details is a difficult truth: no one really knows who most of these missiles are killing.

Because the particulars of the drone wars are scant, we only have 'metadata' about most of these strikes — perhaps a date, the name of a province, maybe a body count. Absent documentary evidence or first-person testimony, there isn't much narrative to speak of.

Given that the Trump administration appears to be ramping up military escalations overseas (Ed Krayewski has the terrible details here), one would think there would be an increase in interest among those who don't like where this is all heading, even if they ignored these actions under President Barack Obama's administration.

While Begley's app has been yanked yet again, he does still have a Twitter feed (@Dronestream) that tweets out links to all media coverage of U.S. drone strikes. If you have the Twitter app on your phone, you can follow that feed and at least stay informed.

Read the whole story
freeAgent
52 minutes ago
reply
Really, Apple? Information on drone strikes is "excessively objectionable and crude"? WTF?
Los Angeles, CA
Share this story
Delete

For coffee in China, there’s Starbucks, and then there’s everything else

1 Share
A man walks past an advertisement board of Starbucks in Wuhan, Hubei province, in this October 29, 2013 file photo. A China state television investigative report accusing Starbucks of overcharging local customers for coffee triggered enormous disquiet among journalists at the network and even some soul-searching after it aired. December 16, 2013

KFC and McDonald’s have spent the better part of the past year getting out of China. The world’s best-known American coffee chain, however, is only getting bigger there.

Last week during its annual shareholders meeting Starbucks announced that it had reached a minor milestone when it revealed it had opened 2,600 stores in China. That figure is up from a store count of around 2,500 by the end of 2016, and over 2,300 from the start of October, when the company’s most recent financial year ended.

That means that almost 10% percent of the company’s stores—both company-operated ones and licensed outlets—now reside in the China. In 2009 the country was home to just 2.9% of Starbucks stores around the world.

Company data show that during the company’s fiscal 2016, China surpassed Japan (pdf, pg 4) as the company’s number-two market for company-owned stores—the outlets that generate a majority of Starbucks’ revenue. By January 2017, it had 1,212 wholly-owned stores there.

The company’s growth comes as China’s rising middle class, which has a taste for the cosmopolitan, sent sales for fresh-brewed coffee served at retail restaurants surging. Research firm Euromonitor estimates that the market size for coffee served in cafes hit 20 billion yuan (about $2.9 billion USD) in 2016, up from a mere 1.1 billion yuan 10 years earlier.

Starbucks captures a majority of this market in China. Three-fourths of coffee shop sales went to the Seattle-based giant in 2014, with the remainder shared by Costa Coffee, McDonald’s, and Hong Kong chain Pacific Coffee, according to Euromonitor.

Last year Starbucks announced plans to increase its store count to China to 5,000 by 2021, which will require opening an average of a dozen stores each week to achieve. The company’s bet on expansion bucks a trend as other foreign restaurant chains struggle to maintain a foothold in China. In January McDonald’s announced it successfully sold 80% of its business in mainland China and Hong Kong to franchisees, as it struggled in the face of competition from local fast food chains. Yum! Brands, meanwhile, spun off its China division last autumn as slowing sales at KFC and Pizza Hut in China burdened the company’s share price in New York.

What has insulated Starbucks from meeting a similar fate? The company’s marker as a status symbol ensures that its brand remains aspirational. As a result, it can charge its famously high prices—which at times dwarfs those in the US. In 2013, various media outlets ran pieces noting how some Starbucks beverages in China were more expensive than they were in the US. State broadcaster CCTV even ran a 20-minute smear piece (link in Chinese) on the price difference, which remains one of the more memorable examples of government-backed media targeting foreign companies (sometimes, but not always, with good reason).



Read the whole story
freeAgent
7 hours ago
reply
Los Angeles, CA
Share this story
Delete

Dressing Like the Joker Is a Felony in Virginia

1 Comment

Last Friday police in Winchester, Virginia, arrested a guy for walking around dressed as The Joker. Yes, the Batman villain. And yes, that is illegal in Virginia.

Jeremy Putman, 31, was charged with violating Virginia's anti-mask law, which makes it a Class 6 felony, punishable by one to five years in prison, for "any person over 16 years of age, with the intent to conceal his identity, wear any mask, hood, or other device, whereby a substantial portion of the face is hidden or covered, so as to conceal the identity of the wearer, to be or appear in any public place." According to police, Putman's Joker makeup qualified.

The law includes exceptions for people wearing "traditional holiday costumes" or "engaged in any bona fide theatrical production or masquerade ball," so Putman would have been in the clear if had done the same thing on Halloween, Purim, or Mardi Gras, or if he had been shooting a movie or performing a play. But dressing like The Joker just for the hell of it—that's a felony.

Winchester police say they "received several calls" about Putman and "want to remind the community of the seriousness of the crime." But just because the penalties are serious does not mean the crime is. In fact, what Putman did is a crime only because legislators made it so, since there is nothing inherently injurious about putting on white makeup and a black cape (or a creepy clown mask), even if you do it on a day when no one else is wearing a costume.

More than a dozen states have laws similar to Virginia's, many of which were enacted in response to the Ku Klux Klan. Like the Guy Fawkes masks worn by Occupy Wall Street protesters, KKK masks are both a form of a political expression and a way of protecting people who otherwise might be penalized for their views. Some courts nevertheless have ruled that anti-mask laws are consistent with the First Amendment.

In 1990 the Georgia Supreme Court rejected a First Amendment challenge to that state's anti-mask law by a Klansman named Shade Miller, finding that "the statute was passed in response to a demonstrated need to safeguard the people of Georgia from terrorization by masked vigilantes." The court held that the interests served by the law "are in no way related to the suppression of constitutionally protected expression" and that "the statute's incidental restriction on expression is de minimis." In response to Miller's argument that the anti-mask law was unconstitutionally vague and overbroad, the court read it as applying "only to mask-wearing conduct when the mask-wearer knows or reasonably should know that the conduct provokes a reasonable apprehension of intimidation, threats or violence."

In 2004 three members of the U.S. Court of Appeals for the 2nd Circuit, including future Supreme Court Justice Sonia Sotomayor, heard a challenge to New York's anti-mask law by Jeffrey Berry, head of a KKK group known as the Church of the Imperial Knights of the Ku Klux Klan. A federal judge had agreed with Berry that New York's mask ban violated his right to freedom of speech. The 2nd Circuit panel conceded that wearing KKK regalia is a kind of expressive conduct but deemed the mask "redundant," saying it "adds no expressive force to the message portrayed by the rest of the outfit." The appeals court also rejected the argument that the right to engage in anonymous political speech protects mask wearing at public rallies, saying "the individual's right to speech must always be balanced against the state's interest in safety, and its right to regulate conduct that it legitimately considers potentially dangerous."

[Thanks to Rory Rohde for the tip.]

Read the whole story
freeAgent
1 day ago
reply
Wait a second. He wasn't wearing a "mask". He just did a really bad job matching his foundation to his skin tone. Is it illegal to wear makeup in Virginia?
Los Angeles, CA
Share this story
Delete
Next Page of Stories