https://ift.tt/2GbRAVd
Pre-Teens Rejoice! Federal Judge Strikes Down TikTok Ban https://ift.tt/2S42X43 A U.S federal judge has said that a ban on TikTok - scheduled for Monday, September 28 - will not go ahead as planned. The delay will allow users to access the app on various app stores while the court explores the legality of banning a consumer application on security grounds. TikTok, by Chinese software house ByteDance, has filed two injunctions against the ban since September 18. The U.S. government rejected the injunction on Friday and scheduled a public hearing in DC District Court by Judge Carl J. Nichols today. Today’s unexpected ruling has stopped the ban outright. In an opposition document filed on Friday, September 25, U.S. government noted that the ban was not a regulation of personal communications and does not violate the First Amendment. “The regulation of a single service provider is not akin to regulating or prohibiting transmission of information or informational materials themselves, nor to an indirect restriction of them through limitations imposed on an entire ‘medium of transmission,’” they wrote. The latest filings from the case are not yet publicly available and the last document of note was the sealed opposition submitted by U.S. Secretary of Commerce Wilbur Ross. G/O Media may get a commission The case against TikTok is based on the belief that it is a “mouthpiece for the Chinese Communist Party,” according to a court filing. Because TikTok’s parent company is beholden to Chinese Intelligence requirements, there is concern that the country could unduly influence U.S. citizens or steal personal data. “My clients are facing irreparable harm, not just from the ban … but from the rest of these prohibitions that’ll go into effect Nov. 12,” said TikTok’s counsel, John Hall of Covington & Burling LLP last Thursday. “It’s apparent to the world now that if nothing is done, this app is going to be shut down completely.” A deal, supported by U.S. President Donald Trump, would have sold a portion of the company to Oracle and Wal-Mart. Today’s move, at least, gives TikTok’s 100 million U.S. users continued access to the app’s countless whimsical - and, presumably, potentially identity-thieving - videos for yet another day. Digital Trends via Gizmodo https://gizmodo.com September 27, 2020 at 08:25PM
0 Comments
https://ift.tt/30fHOZj
Philippines payment processing startup PayMongo lands $12 million Series A led by Stripe https://ift.tt/36eaHsK Stripe has led a $12 million Series A round in Manila-based online payment platform PayMongo, the startup announced today. PayMongo, which offers an online payments API for businesses in the Philippines, was the first Filipino-owned financial tech startup to take part in Y Combinator’s accelerator program. Y Combinator and Global Founders Capital, another previous investor, both returned for the Series A, which also included participation from new backer BedRock Capital. PayMongo partners with financial institutions, and its products include a payments API that can be integrated into websites and apps, allowing them to accept payments from bank cards and digital wallets like GrabPay and GCash. For social commerce sellers and other people who sell mostly through messaging apps, the startup offers PayMongo Links, which buyers can click on to send money. PayMongo’s platform also includes features like a fraud and risk detection system. In a statement, Stripe’s APAC business lead Noah Pepper said it invested in PayMongo because “we’ve been impressed with the PayMongo team and the speed at which they’ve made digital payments more accessible to so many businesses across the Philippines.” The startup launched in June 2019 with $2.7 million in seed funding, which the founders said was one of the largest seed rounds ever raised by a Philippines-based fintech startup. PayMongo has now raised a total of almost $15 million in funding. Co-founder and chief executive Francis Plaza said PayMongo has processed a total of almost $20 million in payments since launching, and grown at an average of 60% since the start of the year, with a surge after lockdowns began in March. He added that the company originally planned to start raising its Series A in in the first half of next year, but the growth in demand for its services during COVID-19 prompted it to start the round earlier so it could hire for its product, design and engineering teams and speed up the release of new features. These will include more online payment options; features for invoicing and marketplaces; support for business models like subscriptions; and faster payout cycles. PayMongo also plans to add more partnerships with financial service providers, improve its fraud and risk detection systems and secure more licenses from the central bank so it can start working on other types of financial products. The startup is among fintech companies in Southeast Asia that have seen accelerated growth as the COVID-19 pandemic prompted many businesses to digitize more of their operations. Plaza said that overall digital transactions in the Philippines grew 42% between January and April because of the country’s lockdowns. PayMongo is currently the only payments company in the Philippines with an onboarding process that was developed to be completely online, he added, which makes it attractive to merchants who are accepting online payments for the first time. “We have a more efficient review of compliance requirements for the expeditious approval of applications so that our merchants can use our platform right away and we make sure we have a fast payout to our merchants,” said Plaza. If the momentum continues even as lockdowns are lifted in different cities, that means the Philippine’s central bank is on track to reach its goal of increasing the volume of e-payment transactions to 20% of total transactions in the country this year. The government began setting policies in 2015 to encourage more online payments, in a bid to bolster economic growth and financial inclusion, since smartphone penetration in the Philippines is high, but many people don’t have a traditional bank account, which often charge high fees. Though lockdown restrictions in the Philippines have eased, Plaza said PayMongo is still seeing strong traction. “We believe the digital shift by Filipino businesses will continue, largely because both merchants and customers continue to practice safety measures such as staying at home and choosing online shopping despite the more lenient quarantine levels. Online will be the new normal for commerce.” Digital Trends via TechCrunch https://techcrunch.com September 27, 2020 at 08:03PM Strategies for overcoming male domination in cyber https://ift.tt/367r4XU People come into cyber security from a wide range of backgrounds, but the usual image is of a core cadre of techies depicted as having progressed from being boys in bedrooms hacking into games – but that’s not true, rather, it was only ever part of the picture, with women also involved in every step of the nascent cyber security industry. Joan D Pepin, Chief Security Officer at AuthO is a great example. She explains her own route into cyber, telling Guru how, from the age of eight, for three years in the 1980s, she was sent by her parents to a kids computer summer camp. While not the majority, girls were by no means a rarity and computing was not perceived as primarily a male domain. There she learned Logo and Basic programming languages, wrote games, programmed robots and learned graphics progams and data structure – which she readily admits was quite advanced for the time. She went on to get an early computer and became interested in hacking, had access to BBS, and was using a 300 baud modem, to sign on. In her junior year of high school she was able to log in to Massachusetts University and got onto the internet, which was not commercialised at that stage. “There were some girls on the course – it seems that back then there were more women in the computing field than there seem to be today. One of the instructors was a woman and at least a quarter of those attending were women. And before the 60s, women such as Hopper etc were pioneers, and at places such as Bletchley Park, women were instrumental and many of the first programmers. It wasn’t until the 1980s and 90s that it became an increasingly male dominated field.” While the reasons for this change are not clear Pepin suggests, “Maybe it was because it became more lucrative, and it became easier to push women aside. Also, the very first games that I remember were text based adventures – black screens and green lettering, eg you are standing in a field, type ‘go left’ etc and work out what you understand and draw out the map. They were not gendered, you were you, and they were built around exploration and you had a mystery to solve. You were playing yourself. Later as graphics evolved we saw more of those games (such as Doom, that developed into today’s ‘shoot ‘em up’ franchises). Pepin later went to the University of Massachusetts and hung out with hackers, was a member of a group that met regularly, and produced a fracking publication. While she majored in art and film, on graduating she subsequently saw that the best way to make a living was to leverage security schools. “I still consider myself an artist and a musician, but I have a really good day job. It’s a career that has been very good to me. I’d moved from home at 18, so the prospect of moving back home was not attractive. I worked in a non-profit healthcare centre where I did everything as IT manager as I was the sole IT person. I did that for a year and a half before going into website design then LLC Rap Group LLC, the Wu-Tang Clan, and Wu-Wear fashion label, one of the first ecommerce sites. Taking credit cards meant being part of that early technology, before PCI, so security was very important – and it aligned with my hacking interest. I then got a job as a penetration tester with International Network Services, hacker for hire, getting two-week engagements, primarily manual pen testing as there was not much in the way of automation tools then. So from broad IT, to web design to specifically focussing on security, then I went to a company that does not exist, associated with MIT Lincoln Laboratories, doing top secret research for the department of defence, and worked on things that I still can’t talk about. From there I went on to managed security services and have spent most of my career in security services, with VeriSign Inc’s Managed Security Services (MSS) which was sold to SecureWorks Inc and then Dell and I came out as director of security at Sumo Logic where I was employee No 11, then Nike business security manager for its US$10 billion revenue consumer division.” Now Pepin is at Auth0, a high growth start-up. She explained that there are three things that appealed about this role.
“The move was for the opportunities here. I have several titles at AuthO, and often have the chance to stretch beyond my normal remit. I’ve had the opportunity to wear many different hats – I have managed security, ran an IT department, a private SAS business, engineering operations, during different periods, QA, built the pipeline, and been CISO twice before. Now I am able to focus more on security with growth; we’ve gone from 250 to 700 employees now and its good to be involved in further growth. “It may look like it’s been an easy progression, but first, it’s been a lot of work. A lot of hours, many of which were stressful. Often it entailed handling difficult situations with not enough resources. But like Nietzsche (‘What doesn’t kill you, makes you stronger’) I’d say I am now seasoned, not stressed out or traumatised.” Pepin agrees that there are specific challenges as a woman in a male dominated sector, and says its good if women are able to tell (their issues to) women who mentor. She adds that a significant problem identified by research is that, “When a woman talks more than 25 percent of the time, men see her as dominating the conversation, so they don’t get as many words in the conversation. And so they have to always be correct.” Pepin describes the problem faced many women, and explains her own strategies to overcome it: “I will ask myself, ‘Do I really have something to say, am I just going to tell a relatable anecdote’ or I will have less chance to say what I need to say, before they (men) hear Wah, Wah, Wah. “(My approach has therefore been) Only open my mouth if I have something of value to add, make my point clear and precise and understood and then shut up. This has been a big part of my success. “If you have something to say, send enough emails about it with your name on so no one can claim its their idea. It’s not just about doing the work, but making sure you get credit for the work, and so do the work AND get recognised. Doing that can get you reputation as a diva, or a reputation hog, but it has to be a price you are willing to pay. You will either be known as someone who didn’t do a lot even if you did, or a self-promoter and I would rather pick the latter. At some point that won’t be necessary, and I can’t wait for that to happen. “I guarantee that if women do group projects where they are 10 to 20 percent of the group, they will already know this is true, whether they have put voice to it or not. It should not be necessary, but something is. “Another tool, a curse – can be used positively. I am cursed to empathise with both sides of the argument and know why they want those things and this has been a successful tool that has enabled me to mediate both sides of an argument. It has allowed me to be seen as someone who wants what’s best for the team (compared to wanting to get credit for things) and to give to the other side. The mediator role has also been very helpful. “Being a good communicator bridges gaps and shines a light on issues. Whether it’s viewed as a stereotype not, if women are either better at or more comfortable doing that then they should do that, ie understand the other point of view even if it is wrong. “When it comes to soft skills or tech skills – both have a purpose. I have a relatively complicated patent (thanks to my tech skills). My soft skills have also been very important. If you are super tech and that excites you, well we are understaffed, and all teams need more tech help. Its important to be excited about what you do and women can do those (tech) jobs fantastically well. But if you are more interested in building those connections there is room for that too. If you want to stay focussed on tech that’s your prerogative. To get the promotion and do interesting projects, not the maintenance, you will have to employ some social skills, as just being a good technical worker will probably not get you on the good projects. “Stereotypically when men are socialising with other men, men talk for status “I caught a bigger fish” etc. When women do that it’s seen as rude. Woman can’t play that game – so they have to play a different game. She is not going to be standing around talking about catching a bigger fish. Soft skills are necessary for everyone but if you are a minority, there’s a particular way to do it, it’s not natural and we need to learn. “What barriers are there to women progressing in this sector? Thinking of things that have happened to me, at one company where I was director of security, I sat near the front door and was assumed to be secretary, I was near the thermostat and told to adjust it. At small companies, someone is expected to buy the birthday cake – and there are unconscious gendered expectations. Assumptions need to be overcome. There is a little fight every day, situation by situation. Are they a jackass or confused about unconscious bias? What is the small indignity today and how do I deal with it gracefully today, or if I am all out of grace, how do I deal with it?” As a parting shot, Pepin concludes: “Women, if you are at all interested in a career in cyber security, it’s not always easy, and may not be initially welcoming but you can have a successful career, others have, and there are interesting jobs and promotions to be had in cyber security.” The post Strategies for overcoming male domination in cyber appeared first on IT Security Guru. Digital Trends via IT Security Guru https://ift.tt/2Q5RfHI September 27, 2020 at 07:53PM
https://ift.tt/3mYLKHq
Your FedEx Packages May Soon Arrive By Autonomous Cargo Plane https://ift.tt/36e926u It’s 2020, and while the skies aren’t full of flying cars like we thought it would be by now, something else straight out of science fiction just got closer to reality: pilotless cargo planes delivering whatever stupid shit you ordered online. FedEx is partnering with Reliable Robotics to incorporate the firm’s unmanned aircraft into its delivery fleet, FedEx CEO Fred Smith said during an annual stockholder meeting last week that has largely flown under the radar. Reliable Robotics, an aviation startup run by former Tesla and SpaceX engineers, completed test flights for two of its remote-piloted aircraft models last month, per a company press release. According to Federal Aviation Administration documents, FedEx now owns the larger model of the two, the Cessna 208 Caravan or C208, a single-engine plane that can carry up to 14 passengers. You can watch a video of the plane’s fully automated remote landing here. “This initiative deals with smaller turboprop airplanes and in this case the single-engine C208, which we are looking at putting in very remote and uninhabited areas as part of our network,” Smith said. FedEx isn’t phasing out its existing delivery aircraft fleet just yet, however. Smith told stockholders that the company’s aircraft crews don’t need to worry about their jobs becoming automated “for the foreseeable future—decades, I would say.” G/O Media may get a commission This partnership is part of FedEx’s larger effort to cut down on delivery costs, especially in that infamous last mile before it arrives at your doorstep, through partially automating its supply chain. On Sept. 19, the air delivery company Wing announced it was teaming up with FedEx Express and other retailers to roll out a pilot program for drone deliveries in Virginia. FedEx also unveiled its in-house fleet of autonomous delivery robots last year to help retailers with same-day and last-mile deliveries. They’re one of several companies racing to gain a foothold in the automated delivery market. Alphabet, the parent company of Google, and UPS have both already received federal approval for their drone delivery services, and the FAA certified Amazon’s program in August. Reliable Robotics said in its release that it’s “now working with the FAA on incrementally bringing this technology to market,” so it may well be on its way to securing federal approval. Digital Trends via Gizmodo https://gizmodo.com September 27, 2020 at 07:48PM
https://ift.tt/3czYAqS
Trump administration’s TikTok ban has been delayed, court rules https://ift.tt/368Hak1 A U.S. federal court has said a ban on TikTok will not go into effect on Monday as scheduled. The move to delay the anticipated ban will allow Americans to continue using the app while the court considers the ban’s legality and whether the app poses a risk to national security as the Trump administration claims. For weeks since President Donald Trump signed two executive orders in early August, the government has threatened to shut down the viral video sharing app over fears that its parent company ByteDance, headquartered in Beijing, could be forced to turn over user data to the Chinese government. TikTok, which has 100 million users in the United States alone, has long rejected the claims. TikTok first filed a lawsuit against the administration on September 18, and on Thursday this week filed a last minute injunction in an effort to stop the ban going into effect Sunday night. On Friday, the government asked the court to reject the injunction in a sealed motion, which the government later refiled as a public motion with some redactions. A public hearing on the injunction was set for Sunday morning. The case is being heard in DC District Court presided by judge Carl J. Nichols. In its ruling on Sunday, the court gave just its decision, with the formal opinion handed over privately to just the two opposing parties. Due to sensitive material included in the government’s motion, the parties have until Monday to ask for any redactions before the final opinion will be published. The decision is just the latest episode in the continuing saga of the sprawling fight over the future of the fastest-growing social app in America. A deal reached between ByteDance and the U.S. government last weekend was believed to have resolved the standoff between the two parties, but the deal has frayed over disputed details between buyer Oracle and ByteDance. The administration first launched an action against TikTok on August 6, with President Trump arguing in an executive order that the app posed an unreasonable national security risk for American citizens. That order mirrored a similar one published the same day that put restrictions on the popular Mandarin-language messenger app WeChat, which is owned by China-based Tencent. Last weekend, a federal magistrate judge in San Francisco put in place an injunction on the Commerce Department’s ban on WeChat, pending further court deliberations. TikTok, whose arguments mirror those in the WeChat lawsuit, was hoping for a similar outcome in its own legal proceedings. One difference between the two lawsuits is the plaintiffs. In WeChat’s case, a group of WeChat users filed a lawsuit arguing that a ban would hurt their expression of speech. TikTok is representing itself in its own fight with the government. The court case is TikTok Inc. et al v. Trump et al (1:2020-cv-02658). Digital Trends via TechCrunch https://techcrunch.com September 27, 2020 at 07:33PM Microsoft Edge/ChakraCore Chakra Scripting Engine memory corruption https://ift.tt/310yypg A vulnerability was found in Microsoft Edge and ChakraCore (Web Browser) (unknown version) and classified as critical. This issue affects an unknown part of the component Chakra Scripting Engine. Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability. Digital Trends via vuldb.com https://vuldb.com September 26, 2020 at 09:36AM Microsoft Edge/ChakraCore Chakra Scripting Engine memory corruption https://ift.tt/2Vqs3e8 A vulnerability has been found in Microsoft Edge and ChakraCore (Web Browser) (the affected version is unknown) and classified as critical. This vulnerability affects some unknown functionality of the component Chakra Scripting Engine. Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability. Digital Trends via vuldb.com https://vuldb.com September 26, 2020 at 09:36AM Microsoft Edge/ChakraCore Chakra Scripting Engine memory corruption https://ift.tt/35hbciG A vulnerability, which was classified as critical, was found in Microsoft Edge and ChakraCore (Web Browser) (the affected version unknown). This affects an unknown functionality of the component Chakra Scripting Engine. Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability. Digital Trends via vuldb.com https://vuldb.com September 26, 2020 at 09:36AM
https://ift.tt/2G5hslR
Amazon Luna Isn't Solving Cloud Gaming's Biggest Problems https://ift.tt/340pbJP Luna—no, not the surprisingly delicious protein bars--is Amazon’s upcoming foray into the world of cloud gaming. Some of us probably rolled our eyes at the announcement and thought, “Ugh, why does Amazon need to have its greedy little paws in everything?” When you dig into the announcement and see what its service will offer at launch, there’s nothing mind-blowing about it. Arguably even less so compared to Stadia’s launch nearly a year ago, and Luna is going to be in the same spot Stadia was and still is. There are big problems with cloud gaming and Luna so far isn’t poised to solve any of them. Exclusives are the most immediate problem that Amazon seems to be struggling with. “It’s a real question whether or not Amazon can pull this off,” said Joost van Dreunen, co-founder and former CEO of Superdata and now a professor at NYU Stern and author of the gaming newsletter SuperJoost Playlist. That’s because the only thing Luna currently has over Stadia at this point is its partnership with Ubisoft. Ubisoft will have its own games channel on Luna at launch, where future users will find Assassin’s Creed: Valhalla and Far Cry 6 released on the same day they’re released on other platforms.. Those games will not be Luna exclusives, however. As of now, Amazon has no major exclusives. By comparison, Google has had timed exclusives and signed more exclusive deals with developers to bring their new games to Stadia next year. And when Stadia was still in its testing phase, Assassin’s Creed: Odyssey was the game beta testers played. Assassin’s Creed: Valhalla will be on Stadia at release, too. Sure, Stadia doesn’t have a dedicated Ubisoft channel like Amazon’s Luna, but you can still play Assassin’s Creed and other Ubisoft games on nearly every platform, even GeForce Now. “What we saw [with Stadia] is that streaming is going to [be big]. We want to have games that are easy to access and can be played by everyone,” said Ubisoft CEO Yves Guillemot in a June 2019 interview with VentureBeat. When you take all that into consideration, Ubisoft was most likely an easy company for Amazon to approach because it was the one most likely to say yes. Ubisoft has its own channel on Luna, but are game developers raving about the tools they can use to make games? Not right now, and who knows if or when they will. Amazon does own Lumberyard, a game engine that integrates with Amazon Web Services, so it’s possible they could get a small game exclusive or two to start like Stadia did with the game Gylt. But it doesn’t look like Amazon has spent any of its billions on snagging exclusives. Amazon could have made a bigger splash with its announcement if it had a flashy, in-house exclusive to launch with Luna. That may have been the original plan, but it’s first major game launch, Crucible, went back to a closed beta after its release. That’s not a normal occurrence in the videogame world, and the developer made the decision after the game received a preverbal truckload of negative feedback. G/O Media may get a commission Games are not one of Amazon’s strengths anymore than games are one of Stadia’s, or even Apple’s, strengths. What Amazon has done well is create platforms and devices for content distribution. Amazon has its Kindle. The Marvelous Mrs. Maisel, an Emmy award-winning show, is a Prime Video Exclusive. But videogames are different. And Amazon has kind of tried this before and failed. In 2009, it launched a digital game store that was mostly filled with casual games, but it grew to incorporate games from major publishers and developers. However, at that point you could already buy games from the PlayStation and Xbox digital stores. Steam, too. There wasn’t a need to buy games from Amazon unless it was a casual game, and even then Google Play and Apple’s App Store were already around. It was easier to buy a game directly from the source instead of buying a game code from Amazon you had to then input elsewhere. You could buy a physical copy of the game, but the industry was moving away from that. Fast. Strains of the old store still remain, where digital copies of games can be purchased from the developers’ and publishers’ storefronts hosted on the Amazon marketplace. But Amazon’s game marketplace itself is mostly gift cards loaded with in-game currencies. Like Amazon’s 2009 gaming storefront, Luna feels like an afterthought too. “Gaming in the larger, internal Amazon universe is sort of an oddball effort that doesn’t necessarily sit well with whatever else it’s doing,” said van Dreunen. One of its big appears seems to be the way it can leverage Amazon Web Services (AWG) to integrate some features with Twitch, which the tech giant also owns. But again, that’s not creating original content. That’s just distribution, and it’s more complicated with games than just making a few deals with Hollywood to put shows on your streaming service. “Building an ecosystem with third-party content providers, building an audience that likes the live operations of your game, that logs in and engages with your content, that’s a very different effort,” said van Dreunen. According to van Dreunen, unless Amazon is willing to spend $5 to $10 billion over the next two years to acquire exclusive content it could take Luna several years to catch on as a gaming platform. Perhaps even slower than Stadia. “Whether it’s Apple, Facebook, Google, or Amazon, big tech has a really hard time understanding that content is king. They don’t give a crap about content creators in the same way that that, say, Microsoft and Sony have been doing with their consoles,” said van Dreunen. “So that difference in ability to value content that highly [...] Amazon has got a long way ahead of itself. It doesn’t have the content, it doesn’t have the sensibility to come up with the content.” And he’s right. Luna doesn’t have anything special to offer that isn’t already offered by Stadia or another gaming platform right now. Does that mean Amazon won’t give up like it gave up on its videogame digital storefront? Does that mean Amazon won’t become a big player in the gaming industry? Victor Kao, partner and technology senior analyst at RSM US LLP, doesn’t think so. “The scary thing about Amazon? If there’s something that they’re interested in, they will throw money at it. If you look at the grocery and retail sector, they just completely threw money at it.” Cloud gaming won’t go away. Too many big companies have invested heavily in it, and it’s really just the next step in the evolution of games. As Kao points out, cartridges turned into CDs, CDs turned into digital downloads, and now we’re in the process of moving away from digital downloads to games that are stored and played entirely on the cloud. “You’ve got all the big players that are starting to get involved in cloud gaming. You got Microsoft. You got Google. You got Amazon. You got Nvidia,” said Kao. “Amazon is certainly is a big threat into the overall gaming environment. It doesn’t typically pull out of investments such as these.” But ultimately, Luna’s success won’t be determined by how well its controller works, how many platforms support it, or even how many games it has. To some extent, the number of games matters only if there are a lot of major and diverse titles, but cloud gaming as it’s envisioned can only take off if we have the infrastructure for it. And if the times spent fighting over net neutrality and expanding affordable, reliable internal to urban and rural locations haven’t been telling enough, it’s going to be a long time before we have the infrastructure for cloud gaming to become a major platform. “It’s baby steps right now, but I think this is gonna become bigger when you think about 5G. When you think about Gigabit fiber connections in everyone’s home. All of that is eventually going to get there,” said Kao. And when it does get there, it could have latency speeds equivalent to, or faster than, gaming on a local machine. For anyone who doesn’t want to spend hundreds of dollars on a console, or even thousands on a PC, cloud gaming is the way to go, especially as more games, major and indie alike, find homes on these platforms. But until lawmakers and ISPs get their shit together and actually provide equitable internet access across the entire country, cloud gaming will remain out of reach for a massive chunk of the country. Microsoft claims over 157 million Americans don’t use broadband. So while cloud gaming remains out of reach for many, Amazon has to bring something new to the table to make Luna seem exciting. Stadia has the dev tools and exclusives, Microsoft has its Xbox Game Pass, Nvidia’s GeForce Now works on ChromeOS. Luna...Luna is trying very hard to copy everything else. Digital Trends via Gizmodo https://gizmodo.com September 26, 2020 at 09:12AM Microsoft Edge/ChakraCore Chakra Scripting Engine memory corruption https://ift.tt/2VpXRzT
A vulnerability, which was classified as critical, has been found in Microsoft Edge and ChakraCore (Web Browser) (affected version not known). Affected by this issue is an unknown function of the component Chakra Scripting Engine. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. Impacted is confidentiality, integrity, and availability. The weakness was released 10/08/2019 as confirmed security update guide (Website). The advisory is available at portal.msrc.microsoft.com. The public release was coordinated with the vendor. This vulnerability is handled as CVE-2019-1307 since 11/26/2018. The attack may be launched remotely. No form of authentication is required for exploitation. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment (estimation calculated on 09/26/2020). The advisory points out: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability. Entries connected to this vulnerability are available at 143069, 143068 and 143067. Type Vendor Name VulDB Meta Base Score: 6.0 VulDB Meta Temp Score: 5.7 VulDB Base Score: 6.3VulDB Temp Score: 6.0VulDB Vector: ?VulDB Reliability: ?Vendor Base Score (Microsoft): 4.2 Vendor Vector (Microsoft): ?NVD Base Score: 7.5NVD Vector: ?
: ?VulDB Temp Score: ?VulDB Reliability: ?NVD Base Score: ?Class: Memory corruption ( CWE-119) Local: No Remote: Yes Availability: ?Status: Not defined Price Prediction: ?Current Price Estimation: ?
Threat IntelligenceinfoeditThreat: ?Adversaries: ?Geopolitics: ?Economy: ?Predictions: ?Remediation: ?Recommended: Patch Status: ?Reaction Time: ?0-Day Time: ?Exposure Time: ?11/26/2018 CVE assigned10/08/2019 +316 days Advisory disclosed10/08/2019 +0 daysCountermeasure disclosed 10/08/2019 +0 days VulDB entry created09/26/2020 +354 days VulDB last updateVendor: https://www.microsoft.com/Advisory: portal.msrc.microsoft.comStatus: Confirmed Coordinated: ?CVE: CVE-2019-1307( ?) See also: ?Created: 10/08/2019 08:53 PM Updated: 09/26/2020 03:55 PM Changes: ?Complete: ?Digital Trends via vuldb.com https://vuldb.com September 26, 2020 at 09:08AM |
Categories
All
Archives
October 2020
|