Saturday, June 24, 2017

A hacker’s dream!
Heaps of Windows 10 internal builds, private source code leak online
The data – some 32TB of official and non-public installation images and software blueprints that compress down to 8TB – were uploaded to, the latest load of files provided just earlier this week.  It is believed the confidential data in this dump was exfiltrated from Microsoft's in-house systems around March this year.
The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code.
Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide.  The code runs at the heart of the operating system, at some of its most trusted levels.  It is supposed to be for Microsoft, hardware manufacturers, and select customers' eyes only. 

Selling rope to the hangman?  Is Russia that valuable a market? 
Under pressure, Western tech firms bow to Russian demands to share cyber secrets
Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found.
Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country.  The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems.
But those inspections also provide the Russians an opportunity to find vulnerabilities in the products' source code - instructions that control the basic operations of computer equipment - current and former U.S. officials and security experts said.

I’m working on a similar App for Mom and Dad, so they can spy on their teenage drivers. 
Textalyzer Device Will Allow Cops To Snoop Your Cell Phone To See If You’ve Been Texting While Driving
According to the National Safety Council, one-quarter of all accidents in the United States are caused by texting and driving.  Approximately 330,000 people a year are injured due to accidents involving texting and driving.  In order to combat the problem, some police departments in the US are currently testing the “Textalyzer”, a device that can reveal whether or not a person was on their mobile device while driving.
The Textalyzer is a tablet-like device and police officers will be able to connect the driver’s smartphone to it and download their activity data within a few seconds.  The device records every click, tap or swipe, as well as the apps the driver was using at the time.
The Textalyzer was developed by Cellebrite, the same company that supposedly unlocked the iPhone involved in the San Bernardino shooting.
   There is currently a measure in New York waiting to be passed that would allow police officers to suspend a suspect’s license if they refused to hand over their mobile device.  There is also similar legislation being considered in the city of Chicago and the states of New Jersey and Tennessee.  It is important to note that the Textalyzer is still being tested and it is currently unclear how much information would be downloaded in a routine stop and what data would be retained afterward.

What must a corporate Gmail account be worth to Google? 
Google will stop scanning your Gmail messages to sell targeted ads
Google will stop its long-standing practice of scanning the contents of individual Gmail users for advertising purposes, the company announced in a blog post today.  The practice, something Google has done nearly since the launch of its email service, allows the company to digest the contents of email messages and use them to deliver targeted ads within Gmail itself.
Users are allowed to opt out, and Google also reserves the practice only for personal Gmail users and not those of corporate accounts.  However, the practice has made it difficult for Google to find and retain corporate clients for its cloud services business, according to Diane Greene, Google’s cloud division head, who spoke with the Financial Times.  This is due to general confusion over Google’s business tactics and an overall apprehension to trust the company with sensitive data, the report says.  

Far from Superbowl prices, but not bad for a small(?) share of the market.
Amazon to charge advertisers $2.8 million for Thursday night NFL ad packages
Amazon is looking to charge advertisers $2.8 million for packages that include 30-second spots during the Thursday night National Football League games it will stream live to its Prime customers this coming season, two people familiar with the matter told Reuters.
   Amazon is paying $50 million to the NFL to stream this season’s 10 Thursday night games, sources told Reuters in April.
   For each game, Amazon can sell 10 30-second spots, one of the sources said.

Look past your customers to their customers…
Kansas farmers win $218 million payout in suit against Syngenta
A Kansas federal jury awarded nearly $218 million on Friday to farmers who sued Swiss agribusiness giant Syngenta over its introduction of a genetically engineered corn seed variety. 
Syngenta vowed to appeal the verdict favoring four Kansas farmers representing roughly 7,300 growers from that state in what served as the first test case of tens of thousands of U.S. lawsuits assailing Syngenta’s decision to introduce its Viptera seed strain to the U.S. market before China approved it for imports. 
   Most of the farmers suing didn’t grow Viptera, but China also rejected millions of metric tons of their grain because elevators and shippers typically mix grain from large numbers of suppliers, making it difficult to source corn that was free of the trait.  So they say all farmers were hurt by the resulting price drop.

Another one for the geek toolkit.  
CheerpJ converts Java apps into JavaScript for the web
Melding Java and web development, CheerpJ is being readied as compiler technology that takes Java bytecode and turns it into JavaScript, for execution in browsers.  Based on the LLVM/Clang compiler platform as well as Learning Technologies’ own Cheerp C++-to-JavaScript compiler, CheerpJ takes Java bytecode and turns it into JavaScript without needing the Java source.

No comments: