Étiquette : failure (Page 1 of 11)

Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app’s perspective

FFmpeg vulnerabiltiies by year

“Given the number of opportunities present, we found that it’s possible to execute arbitrary code on a Cellebrite machine simply by including a specially formatted but otherwise innocuous file in any app on a device that is subsequently plugged into Cellebrite and scanned. There are virtually no limits on the code that can be executed. For example, by including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it’s possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data), with no detectable timestamp changes or checksum failures. This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question.”

Source : Signal >> Blog >> Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app’s perspective

Facebook has been autogenerating pages for white supremacists

Facebook CEO Mark Zuckerberg testifying before Congress in April 2018. It wasn't his only appearance in DC this decade.

“A total of 113 white supremacist organizations and groups had a presence on Facebook, sometimes more than one. One user-generated page that has been active for over a decade had 42,000 likes. Ten other pages and one group had more than 1,000 likes each.Much of Facebook’s moderation system relies on artificial intelligence to flag potential violations for human moderators, a system that appears to be easily thwarted. Simple misspellings of words—whether by adding vowels or using $ in place of S, for example—have been enough to foil algorithmic moderation.”

Source : Facebook has been autogenerating pages for white supremacists | Ars Technica

Image for post

“Sadly, despite the team’s groundbreaking technical achievements over the last 9 years — doing many things previously thought impossible, like precisely navigating balloons in the stratosphere, creating a mesh network in the sky, or developing balloons that can withstand the harsh conditions of the stratosphere for more than a year — the road to commercial viability has proven much longer and riskier than hoped. So we’ve made the difficult decision to close down Loon. In the coming months, we’ll begin winding down operations and it will no longer be an Other Bet within Alphabet.”

Source : Loon’s final flight. Loon’s time as an Other Bet is coming… | by Astro Teller | Jan, 2021 | X, the moonshot factory

Après plusieurs désastres, Uber met un « stop » à la conduite autonome

“Uber et la conduite autonome, c’est terminé. Dans un communiqué publié le 7 décembre, la startup Aurora a annoncé l’acquisition d’Advanced Technologies Group, la division d’Uber dédiée au développement de la conduite autonome. Ces derniers mois, la structure n’a pas été épargnée entre l’accident mortel pendant un test et la condamnation d’un ingénieur accusé de vol industriel et de pratiques déloyales pour embaucher ses anciens collègues de Google (très investi dans la conduite autonome).”

Source : Après plusieurs désastres, Uber met un « stop » à la conduite autonome

“Twitter it was looking into why the neural network it uses to generate photo previews apparently chooses to show white people’s faces more frequently than Black faces. Several Twitter users demonstrated the issue over the weekend, posting examples of posts that had a Black person’s face and a white person’s face. Twitter’s preview showed the white faces more often.”

Source : Twitter is looking into why its photo preview appears to favor white faces over Black faces – The Verge

“Social Data retourne la responsabilité aux victimes : « les utilisateurs qui ne souhaitent pas donner leurs informations passent leurs profils en privé ». Ce raisonnement technique ne correspond pas à la réalité légale, notamment en Europe, où le RGPD protège les données personnelles des résidents contre leur traitement sans consentement préalable.”

Source : Un fichier de 235 millions de profils Instagram, TikTok et YouTube a fuité à cause d’une seule entreprise – Cyberguerre

Facebook tarde à livrer les données promises aux scientifiques

“Facebook avait précisé que les données transmises aux scientifiques sélectionnés seraient anonymisées. Mais il est techniquement très compliqué de le faire totalement sur de vastes jeux de données personnelles. Par le biais de croisements et de recoupements, il est possible de réidentifier des internautes pourtant « anonymes », comme l’avaient montré, dès les années 2000, des recherches effectuées à partir d’une fuite de données issues du moteur de recherche d’AOL. Pour limiter ces risques, Facebook avait annoncé travailler à une anonymisation dite « différentielle » des jeux de données, censée régler le problème. C’est ce nouveau processus qui « a pris plus de temps que prévu », explique le réseau social.”

Source : Facebook tarde à livrer les données promises aux scientifiques

Pensive sad woman sitting on a bed

“Federal prosecutors have charged three men and a woman with sex trafficking charges for operating the popular porn site GirlsDoPorn. At least 22 women featured on the site have sued the site’s owners, charging that the pornographers used lies and coercion to gain their participation. The 22 women said they responded to ads for clothed modeling gigs. When they were asked to shoot porn instead, they initially resisted. But they went along with it after the company assured them that their videos would only be sold on DVD to customers outside the United States and would not be posted online. That turned out to be a lie, as their videos wound up on GirlsDoPorn, a website with plenty of American viewers.”

Source : Feds hit GirlsDoPorn owners with criminal sex trafficking charges | Ars Technica

« Older posts

© 2021 no-Flux

Theme by Anders NorenUp ↑