Trailrunner7 writes from a report via On the Wire: Attackers can add an arbitrary page to the end of a Google login flow that can steal users' credentials, or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process. A researcher in the UK identified the vulnerability recently and notified Google of it, but Google officials said they don't consider it a security issue. The bug results from the fact that the Google login page will take a specific, weak GET parameter. Using this bug, an attacker could add an extra step to the end of the login flow that could steal a user's credentials. For example, the page could mimic an incorrect password dialog and ask the user to re-enter the password. [Aidan Woods, the researcher who discovered the bug,] said an attacker also could send an arbitrary file to the target's browser any time the login form is submitted. In an email interview, Woods said exploiting the bug is a simple matter. "Attacker would not need to intercept traffic to exploit -- they only need to get the user to click a link that they have crafted to exploit the bug in the continue parameter," Woods said. Google told Woods they don't consider this a security issue.
Earlier this month, Sony announced PlayStation 3 games would be coming to Windows. Specifically, the company would be bringing its PlayStation Now game-streaming program to Windows PCs. Today, the service has officially launched and is available on Windows PCs. TechCrunch reports: "A 12-month subscription to PlayStation Now will run you $99.99 as part of a limited-time promotion to celebrate the PC launch. Normally, a PS Now subscription will run you more than double that. What does PlayStation Now actually provide? Access to a library of over 50 'Greatest Hits' games, which include popular titles like Mafia II, Tom Raider: GOTY edition, Borderlands and Heavy Rain. There's also over 100 console exclusives available to PC users for the first time, and a total library north of 400 games." If you're interested, you can download the app here. A USB adapter is set to go on sale September 6 that will allow you to use a DualShock 4 wireless controller with your PC.
An anonymous reader writes from a report via VentureBeat: On Monday, Google announced Google Cast is now built right into Chrome, allowing anyone using the company's browser to cast content to supported devices without having to install or configure anything. The Google Cast extension for Chrome, which launched in July 2013, is no longer required for casting. The report adds: "Here's how it works. When you browse websites that are integrated with Cast, Chrome will now show you a Cast icon as long as you're on the same network as a Cast device. With a couple of clicks, you can view the website content on your TV, listen to music on your speakers, and so on. In fact, Google today also integrated Hangouts with Google Cast: Signed-in users on Chrome 52 or higher can now use the 'Cast...' menu item from Chrome to share the contents of a browser tab or their entire desktop into a Hangout." The support document details all the ways you you can use Google Cast with Chrome.
SonicSpike quotes a report from ABC News: FBI Director James Comey warned again Tuesday about the bureau's inability to access digital devices because of encryption and said investigators were collecting information about the challenge in preparation for an "adult conversation" next year. Widespread encryption built into smartphones is "making more and more of the room that we are charged to investigate dark," Comey said in a cybersecurity symposium. The remarks reiterated points that Comey has made repeatedly in the last two years, before Congress and in other settings, about the growing collision between electronic privacy and national security. "The conversation we've been trying to have about this has dipped below public consciousness now, and that's fine," Comey said at a symposium organized by Symantec, a technology company. "Because what we want to do is collect information this year so that next year we can have an adult conversation in this country." The American people, he said, have a reasonable expectation of privacy in private spaces -- including houses, cars and electronic devices. But that right is not absolute when law enforcement has probable cause to believe that there's evidence of a crime in one of those places, including a laptop or smartphone. "With good reason, the people of the United States -- through judges and law enforcement -- can invade our private spaces," Comey said, adding that that "bargain" has been at the center of the country since its inception. He said it's not the role of the FBI or tech companies to tell the American people how to live and govern themselves. "We need to understand in the FBI how is this exactly affecting our work, and then share that with folks," Comey said, conceding the American people might ultimately decide that its privacy was more important than "that portion of the room being dark." Comey made his remarks to the 2016 Symantec Government Symposium. The Daily Dot has another take on Comey's remarks, which you can read here.
An anonymous reader writes from a report via Business Insider: According to a survey of 526 random Facebook users conducted by Spot.IM, 33% of Facebook users in the U.S. want to see fewer news articles in their feeds. The survey comes at a time when Facebook is desperately trying to improve the quality of publisher articles that gain traction on its platform. Here are some important takeaways from the study: Older people are likelier to want less news in their Facebook feeds. While 33% of all respondents indicated there was too much news and shared links in their Facebook feeds, the majority of this group was individuals aged 30 or older. Those 30-44 (37%), 45-59 (36%), and 60+ (36%) said they want less news in their feeds. Young Facebook users enjoy consuming news on social media. While middle-aged and older Facebook users don't like seeing news in their feeds, those aged 18-29 were much more interested and excited to see even more news articles on Facebook. 32% of respondents in this group wanted to see more news, while just 21% wanted less. This is an encouraging sign for publishers who want to reach a new generation of news consumers. The majority of people don't care about how much news they see on Facebook. Overall, 51% of all surveyed said they simply don't care if more or less news shows up in their Facebook feeds. A study conducted in June by Columbia University says that 59% of people don't even read the articles they share.
Finally, a major company is planning to compete with Uber in the ride-sharing service space. The Wall Street Journal reports today that Google is planning to debut its own ride-hailing service in San Francisco at "far cheaper rates." (Editor's note: the link could be paywalled, here's an alternate source.) The Mountain View-based company began a pilot program around its California headquarters in May, and enabled several thousand area workers at specific firms to use the Waze navigation app to connect with fellow commuters. Expect Google's service in the coming weeks, says the report. One key difference in Google's approach is that it aims to connect riders with drivers who are already headed in the same direction. The project is in compliance with Waze's aims to "make fares low enough to discourage drivers from operating as taxi drivers." From the report: Still, Google's push into ride-sharing could portend a clash with Uber, a seven-year-old firm valued at roughly $68 billion that largely invented the concept of summoning a car with a smartphone app. Google and Uber were once allies -- Google invested $258 million in Uber in 2013 -- but increasingly see each other as rivals. Alphabet executive David Drummond said Monday that he resigned from Uber's board because of the increasing competition between the companies. Uber, which has long used Google's mapping software for its ride-hailing service, recently began developing its own maps.Game on, Uber.
Fortune reports that the "yawning gap in tech skills" has resulted in a surprising shift in supply and demand in the software industry. And in many companies now, a growing trend of developer jobs being given to non-developers can be seen. From the article: That's because a relatively new technology, known as low-code or no-code platforms, is now doing a big chunk of the work that high-priced human talent used to do. Low-code platforms are designed so that people with little or no coding or software engineering background -- known in the business as "citizen developers" -- can create apps, both for use in-house and for clients. Not surprisingly, the low-code platform industry, made up of about 40 small companies (so far), is growing like crazy. A recent Forrester Research report put its total revenues at about $1.7 billion in 2015, a figure that's projected to balloon to $15 billion in the next four years. Low-code-platform providers, notes Forrester, are typically seeing sales increases in excess of 50% a year.The report cites QuickBase, a company whose low-code platforms are used by half of the Fortune 500 companies, as an example. Its CEO Allison Mnookin says that almost any employee can now do most or all of the same work that developers used to do. Mnookin adds that there's a big advantage in this. "Opening an app's development to the non-techies who need the app removes misunderstandings between the IT department and other employees about what the end user needs."
Earlier this year Mitsubishi admitted to using some less-than-correct tactics when calculating the fuel economy of four of its Japanese market vehicles. But that wasn't the end of the scandal. The Japanese transport ministry has announced that its investigation into Mitsubishi's practices has revealed eight additional vehicles with misreported fuel economy numbers. Reuters reports: Earlier in the day, Japan's transport ministry said its investigation had shown the automaker had overstated the fuel economy for eight vehicles including the RVR, Pajero and Outlander SUV models, in addition to four minivehicles initially confirmed in April. The latest announcement deals another reputational blow to Japan's sixth-largest automaker, which has been struggling to recover from the mileage scandal, which affected two minivehicle models produced for Nissan Motor Co Ltd. The company's market value has tumbled since the scandal broke, and the ordeal prompted the company to seek financial assistance from Nissan, which agreed to buy a controlling one-third stake for $2.2 billion.
Jason H. Harper, writing for The Verge: Et tu, Hyundai? Until recently, the Korean brand offered two upmarket cars, the Genesis and the Equus. The first name had biblical shades and the latter shared a title with a play where an adolescent likes to get naked and straddle horses. So while the connotations were a bit muddled, at least they were memorable. Now Hyundai has spun Genesis into its own luxury brand, akin to what Toyota did with Lexus decades ago. And in so doing, it has cast off those memorable names in favor of an alphanumeric naming strategy. The Hyundai Genesis is reborn as the Genesis G80 and the Equus sheds its horsey homage to become the G90, which guarantees that I won't remember the new names. I'll just call the G90 the Model-Formerly-Known-as-Equus. And while the two models seemed well differentiated before, now the distinctions are hazy. The G90 apparently has 10 more units of something over the G80. Perhaps it is 10 percent better. Ten percent bigger? Ten grand more expensive? Welcome to Alphanumeric Hell.The rest of the article is worth a read as well.
Facebook's Safety Check is a handy service that allows people to let their friends and family know they are okay in an event of emergency. The social giant announced the next major step for this feature. From a BBC report: Facebook is to enable members to trigger its Safety Check service themselves if a dangerous event occurs near them. Until now, it could only be activated by Facebook staff. Safety Check lets people notify their friends and family that they are safe in the aftermath of a natural disaster or human conflict in their area. The recent earthquake in Italy marked the 25th time this year that it has been triggered. Safety notifications have reached one billion people in 2016 alone, the firm said. In the previous two years combined (2014 and 2015) it had only been activated 11 times. The Safety Check Facebook team uses three criteria to decide whether the tool should be switched on -- how many human lives are affected, the extent of that impact and the duration of the event.
An anonymous reader shares a CNBC report: Google's aggressive push into cloud computing, where it trails Amazon.com and Microsoft, has put the internet giant in the lead position to land a marquee client: PayPal. While Google is the front-runner, according to people familiar with the matter, PayPal is evaluating the other leading providers and hasn't made any final decisions. PayPal is unlikely to move its technology infrastructure in the fourth quarter, the peak period for online commerce, said the sources, who asked not to be named because the talks are confidential. Under the leadership of VMware co-founder Diane Greene, Google is out to prove that it's a legitimate player in the rapidly expanding cloud infrastructure market.
Eloking quotes a report from TorrentFreak: Grumpy Cat is not pleased, yet. Her owners have asked a California federal court to issue a $600,000 judgment against a coffee maker which allegedly exploited their copyrights (PDF). In addition, they want damages for trademark and contract breach, and a ban on the company in question from selling any associated Grumpy Cat merchandise. There are dozens of celebrity cats on the internet, but Grumpy Cat probably tops them all. The cat's owners have made millions thanks to their pet's unique facial expression, which turned her into an overnight internet star. Part of this revenue comes from successful merchandise lines, including the Grumpy Cat "Grumppuccino" iced coffee beverage, sold by the California company Grenade Beverage. The company licensed the copyright and trademarks to sell the iced coffee, but is otherwise not affiliated with the cat and its owners. Initially this partnership went well, but after the coffee maker started to sell other "Grumpy Cat" products, things turned bad. TorrentFreak adds: "The cat's owners, incorporated as Grumpy Cat LLC, took the matter to court last year with demands for the coffee maker to stop infringing associated copyrights and trademarks. After Grenade Beverage failed to properly respond to the allegations, Grumpy Cat's owners moved for a default, which a court clerk entered in early June. A few days ago they went ahead and submitted a motion for default judgement."
schwit1 writes: Astronomers have discovered several new objects orbiting the Sun at extremely great distances beyond the orbit of Neptune. The most interesting new discovery is 2014 FE72: "2014 FE72 is the first distant Oort Cloud object found with an orbit entirely beyond Neptune," reports Carnegie Institution for Science. "It has an orbit that takes the object so far away from the Sun (some 3000 times farther than Earth) that it is likely being influenced by forces of gravity from beyond our Solar System such as other stars and the galactic tide. It is the first object observed at such a large distance." This research is being done as part of an effort to discover a very large planet, possibly as much as 15 times the mass of Earth, that the scientists have proposed that exists out there.
An anonymous reader writes: The RATAN-600 radio telescope in Zelenchukskaya, Russia has detected a strong signal around 11 GHz (which is very unlikely to be naturally-caused) coming from HD164595, a star nearly identical in mass to the Sun and located about 95 light years from Earth. The system is known to have at least one planet. If the signal were isotropic, it would seem to indicate a Kardashev Type II civilization. While it is too early to draw any conclusions, the discovery will be discussed at an upcoming SETI committee meeting on September 27th. According to Paul Gilster, author of the Centauri Dreams website, "No one is claiming that this is the work of an extraterrestrial civilization, but it is certainly worth further study. Working out the strength of the signal, the researchers say that if it came from an isotropic beacon, it would be of a power possible only for a Kardashev Type II civilization. If it were a narrow beam signal focused on our Solar System, it would be of a power available to a Kardashev Type I civilization. The possibility of noise of one form or another cannot be ruled out, and researchers in Paris led by Jean Schneider are considering the possible microlensing of a background source by HD164595. But the signal is provocative enough that the RATAN-600 researchers are calling for permanent monitoring of this target."
An anonymous reader quotes a report from BBC: New evidence suggests that the famous fossilized human ancestor dubbed "Lucy" by scientists died falling from a great height -- probably out of a tree. CT scans have shown injuries to her bones similar to those suffered by modern humans in similar falls. The 3.2 million-year-old hominin was found on a treed flood plain, making a branch her most likely final perch. It bolsters the view that her species -- Australopithecus afarensis -- spent at least some of its life in the trees. Writing in the journal Nature, researchers from the U.S. and Ethiopia describe a "vertical deceleration event" which they argue caused Lucy's death. In particular they point to a crushed shoulder joint, of the sort seen when we humans reach out our arms to break a fall, as well as fractures of the ankle, leg bones, pelvis, ribs, vertebrae, arm, jaw and skull. Discovered in Ethiopia's Afar region in 1974, Lucy's 40%-complete skeleton is one of the world's best known fossils. She was around 1.1m (3ft 7in) tall and is thought to have been a young adult when she died. Her species, Australopithecus afarensis, shows signs of having walked upright on the ground and had lost her ancestors' ape-like, grasping feet -- but also had an upper body well-suited to climbing. The bones of this well-studied skeleton are in fact laced with fractures, like most fossils. By peering inside the bones in minute detail, the scanner showed that several of the fractures were "greenstick" breaks. The bone had bent and snapped like a twig: something that only happens to healthy, living bones. "The Ethiopian ministry has agreed to release 3D files of Lucy's right shoulder and her left knee. So anyone with an interest in this can print Lucy out and evaluate these fractures, and our hypothesis, for themsleves." You can find the files here.
Gamoid writes: The venerable C programming language hit a 15-year low on the TIOBE Index, perhaps because more mobile- and web-friendly languages like Swift and Go are starting to eat its lunch. "The C programming language has a score of 11.303%, which is its lowest score ever since we started the TIOBE index back in 2001," writes Paul Jansen, manager of TIOBE Index. With that said, C is still the second most popular programming language in the world, behind only Java. Also worth noting as mentioned by Matt Weinberger via Business Insider, "C doesn't currently have a major corporate sponsor; Oracle makes a lot of money from Java; Apple pushes both Swift and Objective-C for building iPhone apps. But no big tech company is getting on stage and pushing C as the future of development. So C's problems could be marketing as much as anything."
Tesla is planning to further restrict its Autopilot mode via a v8.0 software update that will make it much harder for drivers to ignore safety alerts. Tesla's Autopilot currently issues alerts on the dashboard "reading Hold Steering Wheel and the driver has to apply pressure on the wheel to make it go away," reports Electrek. "If you quickly respond to those alerts, the Autopilot's Autosteer and Traffic Aware Cruise Control (TACC) do not disengage." The system will disengage if you ignore those warnings for too long. Electrek reports: "Now we learn that Tesla is about to introduce a new restriction with the upcoming v8.0 software update to give more weight to the alerts. According to sources familiar with the Autopilot program, Tesla will add a safety restriction that will result in not only the Autopilot disengaging after alerts are repeatedly ignored, but also blocking the driver from re-engaging the feature after it was automatically disengaged. The driver will not be able to reactivate the Autopilot until the car is stopped and put in 'Park.' So far, it looks like it would only affect the Autosteer feature of the Autopilot and TACC would still be available for the duration of the drive. The goal of the new restriction appears to be to encourage Tesla owners to respond to the visual alert and not to ignore them."
Kim Dotcom has been granted the right to livestream his extradition appeal on YouTube. The appeal hearing began Monday, but will be livestreamed tomorrow because "the cameraman needs to set this up professionally and implement the judge's live streaming rules." tweets Kim Dotcom. Mashable reports: "The United States, which wants Dotcom extradited from New Zealand, is against the request. Dotcom says a livestream is the only way to ensure a fair hearing. The U.S. is seeking the extradition of Dotcom and other Megaupload co-founders in hopes of taking them to court in America on charges of money-laundering, racketeering and copyright infringement. The charges stem from the operation of file-sharing website Megaupload, founded by Dotcom in 2005 and once the 13th most popular website on the internet. Users could upload movies, music and other content to the site and share with others, a practice the U.S. considers copyright infringement. The website reportedly made around $175 million before the FBI took it down in 2012. The U.S. says Megaupload cost copyright holders around $500 million, though Dotcom says it's not his fault users chose to upload the shared copyrighted material. Dotcom was arrested in 2012 after police raided his home, but was released on bail. A judge ruled in favor of his extradition to the U.S. in 2015, though Dotcom said at the time the judge was not interested in a fair hearing." Dotcom plans to revive Megaupload on January 20, 2017, urging people to "buy bitcoin while cheap," since he claims the launch will send the bitcoin price soaring way above its current $575 value. Every file transfer taking place over Megaupload "will be linked to a tiny Bitcoin micro transaction," Dotcom posted on Twitter.
The drone industry is expected to expand dramatically in the coming months and years with the passing of a new rule (PDF) that makes it easier to become a commercial drone operator. The Federal Aviation Administration predicts there to be roughly 600,000 drones to be used commercially within the next year. NPR reports: "For context, the FAA says that 20,000 drones are currently registered for commercial use. What's expected to produce a 30-fold increase in a matter of months is a new rule that went into effect today and makes it easier to become a commercial drone operator. Broadly, the new rules change the process of becoming a commercial drone pilot: Instead of having to acquire a traditional pilot's license and getting a special case-by-case permission from the regulators, drone operators now need to pass a new certification test and abide by various flying restrictions (and, well, be older than 16). The rest of the drone safety rules still apply: No flights beyond line-of-sight, over people, at night, above 400 feet in the air or faster than 100 miles an hour. Drones also can't be heavier than 55 pounds, and all unmanned aircraft have to be registered. Businesses, however, may get special wavers to skip some of the restrictions if they can prove they can do so safely. The drone association expects the industry will create more than 100,000 jobs and generate more than $82 billion for the economy in the first 10 years of being integrated into the national airspace. The FAA is also working on new rules that eventually will allow drone flights over people and beyond line of sight."