Archive for May 2, 2017 | Daily archive page

Mozilla Fathom – framework for classifying the web semantically

Fathom is a JavaScript framework for extracting meaning from web pages, identifying parts like Previous/Next buttons, address forms, and the main textual content—or classifying a page as a whole. Essentially, it scores DOM nodes and extracts them based on conditions you specify. A Prolog-inspired system of types and annotations expresses dependencies between scoring steps and […]

FuturePets.com database of thousands of credit cards was left exposed for months

A US online pet store has exposed the details of more than 110,400 credit cards used to make purchases through its website, researchers have found. In a stunning show of poor security, the Austin, Texas-based company FuturePets.com exposed its entire customer database, including names, postal and email addresses, phone numbers, credit card information, and plain-text […]

Yes, your whatsapp messages can be read by the London police

Bruce66423 brings word that a terrorist’s WhatsApp message has been decrypted “using techniques that ‘cannot be disclosed for security reasons’, though ‘sources said they now have the technical expertise to repeat the process in future.’” The Economic Times reports: U.K. security services have managed to decode the last message sent out by Khalid Masood before […]

Russian-controlled telecom hijacks financial services’ Internet traffic

On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications. Anomalies in the border gateway protocol—which routes […]

Jenkins admin? Get buzzy patching, says Cloudbees

The bug, CVE-2017-1000353, exists in how Jenkins implements HTTP upload/download requests. The bug lets an attacker exploit a serialised object in the preamble of commands sent to the CLI. As described by Securiteam, “since Jenkins does not validate the serialised object, any serialise[d] object can be sent.” The attacker can use the channel to send […]

Remote security exploit in all 2008+ Intel platforms – SemiAccurate

The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) not CPU firmware. If this isn’t scary enough news, even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is […]

This Artificially Intelligent Speech Generator Can Fake Anyone’s Voice

“We train our models on a huge dataset with thousands of speakers,” Jose Sotelo, a team member at Lyrebird and a speech synthesis expert, told Gizmodo. “Then, for a new speaker we compress their information in a small key that contains their voice DNA. We use this key to say new sentences.” The end result […]

 
Skip to toolbar