Error message

Deprecated function: The each() function is deprecated. This message will be suppressed on further calls in menu_set_active_trail() (line 2405 of /home/scain/scottca.in/includes/menu.inc).

Geek

Windows.com Bitsquatting Hack Can Wreak 'Unknown Havoc' On PCs

Slashdot - Thu, 03/04/2021 - 17:02
An anonymous reader quotes a report from Ars Technica: Bitflips are events that cause individual bits stored in an electronic device to flip, turning a 0 to a 1 or vice versa. Cosmic radiation and fluctuations in power or temperature are the most common naturally occurring causes. Research from 2010 estimated that a computer with 4GB of commodity RAM has a 96 percent chance of experiencing a bitflip within three days. An independent researcher recently demonstrated how bitflips can come back to bite Windows users when their PCs reach out to Microsoft's windows.com domain. Windows devices do this regularly to perform actions like making sure the time shown in the computer clock is accurate, connecting to Microsoft's cloud-based services, and recovering from crashes. Remy, as the researcher asked to be referred to, mapped the 32 valid domain names that were one bitflip away from windows.com. Of the 32 bit-flipped values that were valid domain names, Remy found that 14 of them were still available for purchase. This was surprising because Microsoft and other companies normally buy these types of one-off domains to protect customers against phishing attacks. He bought them for $126 and set out to see what would happen. Over the course of two weeks, Remy's server received 199,180 connections from 626 unique IP addresses that were trying to contact ntp.windows.com. By default, Windows machines will connect to this domain once per week to check that the time shown on the device clock is correct. What the researcher found next was even more surprising. "The NTP client for windows OS has no inherent verification of authenticity, so there is nothing stopping a malicious person from telling all these computers that it's after 03:14:07 on Tuesday, 19 January 2038 and wreaking unknown havoc as the memory storing the signed 32-bit integer for time overflows," he wrote in a post summarizing his findings. "As it turns out though, for ~30% of these computers doing that would make little to no difference at all to those users because their clock is already broken."

Read more of this story at Slashdot.

Categories: Geek

Some Android and iOS apps are leaking data due to improperly configured cloud services

iDownloadBlog - Thu, 03/04/2021 - 16:56

Research shows that some apps are leaking sensitive user information due to misconfigured cloud services.
Categories: Geek

Some iOS apps are leaking data due to misconfigured cloud services, research shows

9to5Mac - Thu, 03/04/2021 - 16:34

Despite Apple’s efforts to keep iOS secure, it’s difficult to have control over how third-party apps store user data. A new research from mobile security firm Zimperium has found that thousands of iOS and Android apps are exposing users’ personal information due to misconfigured cloud services.

more…

The post Some iOS apps are leaking data due to misconfigured cloud services, research shows appeared first on 9to5Mac.

Categories: Geek

Get this MagSafe wireless charger and PD adapter for just $21

iDownloadBlog - Thu, 03/04/2021 - 16:32

Heads up, Amazon is running a solid deal on this MagSafe-friendly wireless charger from RavPower. It has the built-in magnets so it will snap to the iPhone 12's charging coils, it comes with a 20W PD (power delivery) adapter, and for a limited time it's just $21.
Categories: Geek

Oakland Bans Leaf Blowers, Trimmers and Other Lawn Equipment That Rely on Combustion Engines

Slashdot - Thu, 03/04/2021 - 16:20
Oakland has banned the use of leaf blowers, trimmers and other lawn equipment that rely on combustion engines, citing health and climate change concerns. From a report: The city says that the "significant health hazards" to users and residents from the discharge of particle matter and carbon monoxide lead to the decision, as well as unwanted noise pollution. The city recommends using electric or non-motorized options. The ban is included for commercial landscaping or gardening services as well as private usage.

Read more of this story at Slashdot.

Categories: Geek

AT&T increasing prices for legacy DirecTV Now and AT&T TV Now plans by $10 per month

9to5Mac - Thu, 03/04/2021 - 16:03

Earlier this year, AT&T announced that it would be shutting down its legacy AT&T TV Now streaming service (formerly known as DirecTV Now) to new subscribers. Existing subscribers could stick around, AT&T said at the time, but now it has quietly announced a price increase for those customers…

more…

The post AT&T increasing prices for legacy DirecTV Now and AT&T TV Now plans by $10 per month appeared first on 9to5Mac.

Categories: Geek

Show HN: LinkWall – Your Landing Page Linked to Social Activity

Hacker News - Thu, 03/04/2021 - 15:49

Article URL: https://linkwall.me

Comments URL: https://news.ycombinator.com/item?id=26348079

Points: 20

# Comments: 2

Categories: Geek

Launch HN: Lendflow (YC W21) – Infrastructure for embedded lending services

Hacker News - Thu, 03/04/2021 - 15:40

Hi HN! We’re Jon and Matthew, the co-founders of Lendflow (https://lendflow.io). We make it easy for software companies to embed lending services into their product. It allows you to easily create your own version of Square, Shopify or Stripe Capital and offer it to your customers in-app.

Does it take your users 15-90 days to get paid out by their customers? You can embed a factoring product that gives them the option to get paid instantly for a small fee. Do your users purchase materials, supplies, inventory, or equipment on your platform? Embed a loan in your platform to give them timely access to capital to help them spread out upfront project costs, take advantage of wholesale rates on their purchases, or invest in more assets for their business.

We’ve been in the lending space since 2014 and have helped tens of thousands of small businesses acquire financing. We saw the struggles on both sides: how tough it is for small businesses to find the right lending products and how difficult it was for lenders to find the right customer at the right time. Companies like Square, Shopify and Stripe have launched capital programs for their users that allow them to get better priced, more timely funding for their business than they could elsewhere. It’s helped their business customers invest in themselves, grow and transact more, and made them more loyal to those services. And we're only scratching the surface!

The problem is that launching lending programs is complex, timing consuming and costly. It can take a team of 10 at least a few million dollars and 18+ months to get to market with their program. It takes significant upfront commitment and investment, making it very risky. This means the lending services aren’t offered and businesses don't get access to the capital they need.

It is really gratifying to see the impact of providing increased access to capital. We’ve seen restaurants who invested money in a digital transformation not only survive through the pandemic, but double their revenues and improve their margins by embracing take out and delivery. We’ve seen an HVAC company gain the ability to hire more technicians and triple the amount of customers they are able to service on a given day. A home renovation contractor was able to spread out his upfront costs over time to take on multiple projects at once, increasing his monthly revenue by 3x over the past 6 months. An ecommerce company was able to purchase inventory at wholesale rates and invest in an ad campaign to drive traffic to their store to increase sales by 240%.

We provide all of the infrastructure and tools to make it easy to launch capital products that can have this impact for small businesses. We’ve had platform customers get a lending program up and running in a day. You can customize the funding products and experience based on the needs of your own customers. You can use our platform to build a data advantage and more efficiently go to market with your own funding service. We have a lending API, pre-built customizable applications, lending service provider aggregation API, white-labeled sales and support teams to walk customers through the process, and connections into 85 of the top lenders and funding products available to businesses. We also can spin up custom endpoints to add new data points to underwriting models to help businesses obtain better rates/terms and to deliver a better experience. We are paid by 3rd party lenders for the work we do to onboard the small business for funding, and we split those fees with our platform partners. If you build your own funding service, you simply pay a subscription for using our tools.

We’re live and integrated with 32 platforms and are processing thousands of business financing applications per month. We successfully helped businesses access millions of dollars from best-in-market lending services. We also have customers who've used the data from their lending program to build their own custom funding products on Lendflow.

We’d love to hear how we can build better in-product lending experiences with you. The possibilities in lending are just starting to be explored. We're super excited to build the next generation of lending products. We’d love to hear your thoughts, please leave your feedback below!

Comments URL: https://news.ycombinator.com/item?id=26347962

Points: 34

# Comments: 16

Categories: Geek

After Third Large Quake Near New Zealand, Tsunami Warning Issued; Tsunami Watch in Hawaii

Slashdot - Thu, 03/04/2021 - 15:40
A major magnitude 8.0 earthquake struck roughly 600 miles northeast of New Zealand on Thursday afternoon, triggering concerns of a potentially damaging tsunami. From a report: It's the third major earthquake in less than eight hours on the Kermadec Fault, which passes east of New Zealand. A magnitude 7.3 hit near New Zealand early on Thursday, followed by a 7.4 about 560 miles to the north a few hours later. Tsunami waves of 10 feet or greater are possible in the Kermadec Islands, with 3 to 9 foot waves in French Polynesia. American Samoa, the Cook Islands , Fiji, New Zealand and the Pitcairn Islands can expect water levels fluctuating by up to three feet. A tsunami warning was issued for American Samoa as well. A tsunami warning is in effect for New Zealand. The country's National Emergency Management Agency tweeted "TSUNAMI WARNING issued following Kermadecs earthquake." DW adds: The Pacific Tsunami Warning Center (PTWC) had withdrawn an earlier tsunami warning after the first quake, saying the threat had passed, but authorities renewed the warning following the second and third quake. There were no immediate reports of serious damage or casualties.

Read more of this story at Slashdot.

Categories: Geek

Git's list of banned C functions

Hacker News - Thu, 03/04/2021 - 15:33
Categories: Geek

How to transfer iCloud photos and videos to Google Photos

iDownloadBlog - Thu, 03/04/2021 - 15:30

Google Photos Ready to Add

Learn how to transfer iCloud photos and videos to Google Photos along with requirements, limitations, and other things you need to know.
Categories: Geek

9to5Mac Watch Time: Week 3

9to5Mac - Thu, 03/04/2021 - 15:27

This week on Watch Time join 9to5Mac’s Zac Hall and Tempo developer Rahul Matta as they give updates on their health journey and lives, discuss some Apple Watch news, and how last week’s homework went then assign each other new tasks for next week.

Sponsored by Pillow: Pillow is an all-in-one sleep tracking solution to help you get a better night’s sleep. Download it from the App Store today.

more…

The post 9to5Mac Watch Time: Week 3 appeared first on 9to5Mac.

Categories: Geek

Sarah Niles joins the second season of ‘Ted Lasso’ as a season regular

iDownloadBlog - Thu, 03/04/2021 - 15:15

Sarah Niles has joined the cast of the hit Apple TV+ comedy series "Ted Lasso" as a season regular.
Categories: Geek

Three Top Russian Cybercrime Forums Hacked

Slashdot - Thu, 03/04/2021 - 15:05
tsu doh nimh shares a report: Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums' user databases, including email and Internet addresses and hashed passwords. Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums. On Tuesday, someone dumped thousands of usernames, email addresses and obfuscated passwords on the dark web apparently pilfered from Mazafaka (a.k.a. "Maza," "MFclub"), an exclusive crime forum that has for more than a decade played host to some of the most experienced and infamous Russian cyberthieves. At the top of a 35-page PDF leaked online is a private encryption key allegedly used by Maza administrators. The database also includes ICQ numbers for many users. ICQ, also known as "I seek you," was an instant message platform trusted by countless early denizens of these older crime forums before its use fell out of fashion in favor of more private networks, such as Jabber and Telegram. This is notable because ICQ numbers tied to specific accounts often are a reliable data point that security researchers can use to connect multiple accounts to the same user across many forums and different nicknames over time. Cyber intelligence firm Intel 471 assesses that the leaked Maza database is legitimate.

Read more of this story at Slashdot.

Categories: Geek

Pages