Annoyed that a website is doing something custom on right-click?
Did you expect the browser's context menu (Back, Reload, Save Page As, View Source etc.)?

Just hold the ⇧Shift key while clicking and Firefox will show the built-in context menu.

Edit: I had no idea this was such a widely appreciated post. Credit where credit is due: @dveditz told me about this trick a couple of months ago.

How the first gen ipod was reverse engineered to run #Rockbox:

1. Someone figured out that when loading a particular HTML page (for viewing on the device), the device would reboot. It crashed. A buffer overflow in the HTML viewer!

2. The device remembered what it did before the crash, so it would reload the HTML page again after boot. Unless you connected to it over USB and removed the HTML file it would stick in this cycle.

(continues...)

Apache CouchDB 3.3.3 is now available. It is a maintenance release that among a number of bug fixes addresses CVE-2023-45725, the details of which will be released in seven days. We recommend all CouchDB users upgrade.

[Update: the blog post has now been amended with the CVE details.]

https://blog.couchdb.org/2023/12/05/3-3-3/

I can finally reveal some research I've been involved with over the past year or so.

We (@redford, @mrtick and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parti
es.

1/4

Provisional agreement reached between the Council of Europe and European Parliament on the CRA.

For us software security needs, this is BIG.

The EU is the only jurisdiction to be proposing a bespoke regulatory regime for hardware _and software_ products, as opposed to merely using procurement regs/consumer protection law.

Of course, in Australia, we will never have the temperament to propose anything like this for software security. We prefer voluntary self-regulation and eventually fixing procurement regulations (see Shield 2 of our cyber security strategy).
https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/

Three days after Amazon announced its AI chatbot Q, some employees are sounding alarms about accuracy and privacy issues. Q is “experiencing severe hallucinations and leaking confidential data,” including the location of AWS data centers, internal discount programs, and unreleased features, according to leaked documents obtained by Platformer.

An employee marked the incident as “sev 2,” meaning an incident bad enough to warrant paging engineers at night and make them work through the weekend to fix it.

https://www.platformer.news/p/amazons-q-has-severe-hallucinations

NEW: David Vincenzetti, the founder of spyware maker Hacking Team, has been arrested.

Vincenzetti is accused of attempted murder. He allegedly stabbed a relative at his home. A judge has ordered him to stay in prison as a precautionary measure, and has ordered a psychological evaluation, according to Italian media reports.

I'm honestly in shock. Hacking Team's story is still getting crazier, eight years after it got spectacularly hacked.

https://techcrunch.com/2023/11/29/founder-of-spyware-maker-hacking-team-arrested-for-attempted-murder-local-media/

Terry Pratchett was wise

Whenever I explain my #research at Google into mobile text editing, I'm usually met with blank stares or a slightly hostile "Everyone can edit text on their phones, right? What's the problem?"

Text editing on mobile isn't ok. It's actually much worse than you think, an invisible problem no one appreciates. I wrote this post so you can understand why it's so important.
https://jenson.org/text
#UXDesign #UX

Microsoft paid money for this. A lot of money.

Dear Microsoft. Here is a list of things I want the Start Menu to do:

* Show my installed programs
* Search my local files
* Provide access to system settings

Here is a list of things I do *not* want the Start Menu to do:

* Show the weather for a randomly-selected town near my network's public IP infrastructure
* Show tabloid headlines
* Show programs I *don't* have installed
* Search the web via Bing
* Show adverts(!)
* Attempt to engage me in conversation with a hallucinating LLM

Thanks.

Check it out, it's tmp.0ut Volume 3!

https://tmpout.sh/3/

Turing test.

When we warn the real threat of AI is how it’s used against people in the present, not the fantasies that some day computers might think for themselves, this is exactly the kind of thing we’re talking about: health insurers using AI to deny care.

https://arstechnica.com/health/2023/11/ai-with-90-error-rate-forces-elderly-out-of-rehab-nursing-homes-suit-claims/

#tech #ai #health #healthcare

the eu is fucking wild man
“hey, we just passed landmark privacy regulations!”
“oh by the way we’re trying to mandate backdoors into every encryption scheme”
“we are forcing google, apple, and microsoft to stop locking down their ecosystems!”
“oh yeah we’re also trying to mandate backdoors in all browsers’ certificate stacks”
“anti-adblock is spyware ^_^ we’re suing youtube”

if it walks like malware and talks like malware, license it to game publishers and call it an anti-cheat solution

Anyone gonna switch to Mozilla Firefox?

In what may be a first: AlphV filed an SEC complaint against one of its victims for not disclosing the breach to the SEC:

https://www.databreaches.net/alphv-files-an-sec-complaint-against-meridianlink-for-not-disclosing-a-breach-to-the-sec/

#databreach #SEC #compliance #infosec #cybersecurity #hacking

@brett @campuscodi @briankrebs @euroinfosec @BleepingComputer

I spent this year talking to the 3 young hackers behind Mirai, the malware that once broke the internet.

This is WIRED's resulting cover story—an epic, untold, 22,000-word tale of cybercrime, friendship, chaos, betrayal, paranoia, and redemption.

Read: https://www.wired.com/story/mirai-untold-story-three-young-hackers-web-killing-monster/

The FBI reportedly has known the identities of at least a dozen hackers tied to the notorious Scattered Spider gang (which hacked MGM and Caesars in September) for more than six months, but has failed to make any arrests, according to this new @Reuters investigation.

The unusual part: Many of the hackers are seemingly based in the U.S. and other Western nations, making arrests actually possible!

https://www.reuters.com/technology/cybersecurity/fbi-struggled-disrupt-dangerous-casino-hacking-gang-cyber-responders-say-2023-11-14/