Month: September 2019

Still image from the long-running but currently defunct gameshow Password. (credit: ABC Photo Archives / Getty Images)

Developers of the LastPass password manager have patched a vulnerability that made it possible for websites to steal credentials for the last account the user logged into using the Chrome or Opera extension.

The vulnerability was discovered late last month by Google Project Zero researcher Tavis Ormandy, who privately reported it to LastPass. In a write-up that became public on Sunday, Ormandy said the flaw stemmed from the way the extension generated popup windows. In certain situations, websites could produce a popup by creating an HTML iframe that linked to the Lastpass popupfilltab.html window rather than through the expected procedure of calling a function called do_popupregister(). In some cases, this unexpected method caused the popups to open with a password of the most recently visited site.

"Because do_popupregister() is never called, ftd_get_frameparenturl() just uses the last cached value in g_popup_url_by_tabid for the current tab," Ormandy wrote. "That means via some clickjacking, you can leak the credentials for the previous site logged in for the current tab."

Enlarge / An example of a "hand-shaped" knife blade made out of frozen human feces by anthropologists at Kent State University. (credit: M. Eren et al./J. Arch. Sci.)

Famed anthropologist Wade Davis inadvertently created an academic urban legend with his account of an elderly Inuit man in the 1950s who fashioned a knife out of his own frozen feces and vanished into the Arctic. That's the conclusion of a new study by experimental anthropologists at Kent State University, who fashioned their own blades out of frozen feces—for science!—and tested them on pig hide, muscle, and tendon under ideal conditions. The knives failed every test.

As Davis recounted in his 1998 book, Shadows in the Sun, the Inuit man's family had taken away his tools in a vain attempt to persuade him to leave the ice and join them in a settlement. Undeterred, the man "stepped out of the igloo, defecated, and honed the feces into a frozen blade, which he sharpened with a spray of saliva," Davis wrote. "With the knife he killed a dog. Using its rib cage as a sled and its hide to harness another dog, he disappeared into the darkness."

Davis acknowledged that the story could be apocryphal; his source was the grandson of the man in question. But there is a similar, credible account from the same time period by Danish arctic explorer Peter Freuchen, who fashioned a chisel out of his own excrement when he found himself trapped in a pit of hardened snow.

Enlarge / Amazon boxes. (credit: Getty Images | Julie Clopper)

Amazon changed its search algorithm in ways that boost its own products despite concerns raised by employees who opposed the move, The Wall Street Journal reported today.

The change was made late last year and was "contested internally," the WSJ reported. People who worked on the project told the WSJ that "Amazon optimized the secret algorithm that ranks listings so that instead of showing customers mainly the most-relevant and best-selling listings when they search—as it had for more than a decade—the site also gives a boost to items that are more profitable for the company."

The goal was to favor Amazon-made products as well as third-party products that rank high in "what the company calls 'contribution profit,' considered a better measure of a product's profitability because it factors in non-fixed expenses such as shipping and advertising, leaving the amount left over to cover Amazon's fixed costs," the WSJ said.

Enlarge / California State Capitol building in Sacramento. (credit: Getty Images | joe chan photography)

The California legislature worked through the summer to finalize the text of the state's landmark data privacy law before time to make amendments ran out on Friday. In the Assembly (California's lower house), Assemblywoman Jacqui Irwin has been a key voice and vote backing motions that would weaken the law, and a new report says her reasoning may be very, very close to home.

A review of state ethics documents conducted by Politico found that Ms. Irwin is married to Jon Irwin, the chief operating officer of Amazon's controversial Ring home surveillance business. That company stands to benefit if the California law is weakened in certain key ways before it can take effect.

California Governor Gavin Newsom signed the California Consumer Privacy Act into law in June 2018. This legislation gives California residents several protections with regard to their personal information, including the rights to know what is being collected, what is being sold, and to whom it is being sold. It also grants Californians the right to access their personal information, the right to delete data collected from them, and the right to opt out—without being charged extra for services if they choose to do so.

Enlarge / Disney CEO and former Apple board member Bob Iger. (credit: DC Comics/Creative Commons)

Disney CEO Bob Iger has sat on Apple's board since 2011, but that tenure came to an end this month, according to a SEC filing Apple made on Friday. The filing says that Iger resigned from Apple's board on September 10, the day that Apple announced the pricing and launch date for Apple TV+.

Iger released the following statement:

It has been an extraordinary privilege to have served on the Apple board for eight years, and I have the utmost respect for Tim Cook, his team at Apple and for my fellow board members. Apple is one of the world's most admired companies, known for the quality and integrity of its products and its people and I am forever grateful to have served as a member of the company's board.

Iger's position on the board became a topic of discussion and speculation after Apple and Disney both announced streaming TV services that will launch close to the same time, at similar price points, though neither Iger nor Apple have shared any clarification as to the reason for the resignation.

Enlarge / "If I lose this Netflix streaming deal, that's it for me." (credit: Aurich Lawson / Seinfeld)

Netflix and Sony Pictures Television confirmed on Monday that they had reached a streaming-exclusivity deal for one of the most popular TV series in the world: Seinfeld.

Beginning in 2021, Netflix will become the exclusive online-streaming home for the series throughout the world. This will bump current online distributors Hulu (USA) and Amazon (most other streamed regions). Hulu's previous five-year deal for the series' domestic streaming rights to the series was pegged at anywhere between $160M and $180M per year. This new Netflix's deal likely adds up to more money based solely on its international reach, but neither Sony, Netflix, or Castle Rock Entertainment disclosed any terms.

The LA Times reported that Netflix has announced full 4K resolution support for Seinfeld's Netflix run, a first for the series. It remains to be seen how this upscaling will be handled—whether to expect the original, grain-filled video being recreated like on some of the finest UHD Blu-rays on the market or if we will see significant digital touch-ups instead. (Either way, we wonder whether Kramer will apply his ingenuity to this 4K-ization, akin to his work on tie dispensers and male lingerie.)