Month: February 2020

Enlarge (credit: Getty Images | MassimoVernicesole)

The Federal Communications Commission is asking phone carriers for help blocking robocalls made from outside the US and is implementing a congressionally mandated system to trace the origin of illegal robocalls.

The FCC yesterday sent letters to seven US-based voice providers "that accept foreign call traffic and terminate it to US consumers." Tracebacks conducted by the USTelecom trade group and the FCC found that each of these companies' services is "being used as a gateway into the United States for many apparently illegal robocalls that originate overseas," the FCC's letters to the companies say.

The FCC letters were sent to All Access Telecom, Globex, Piratel, Talkie, Telcast, ThinQ, and Third Base. These are mainly wholesale voice providers rather than companies that sell phone service directly to home or business customers. For example, All Access Telecom says it provides "wholesale VoIP termination services" to phone providers.

Enlarge / Facebook has patched a WhatsApp bug that would let someone read files off your desktop, (credit: NurPhoto/Getty Images)

Facebook has issued a security advisory for a flaw in WhatsApp Desktop that could allow an attacker to use cross-site scripting attacks and read the files on MacOS or Windows PCs by using a specially crafted text message. The attacker could retrieve the contents of files on the computer on the other end of a WhatsApp text message and potentially do other illicit things.

The flaw, discovered by researcher Gal Weizman at PerimeterX, is a result of a weakness in how WhatsApp's desktop were implemented using the Electron software framework, which has had significant security issues of its own in the past. Electron allows developers to create cross-platform applications based on Web and browser technologies but is only as secure as the components developers deploy with their Electron apps.

Weizman first found cross-site scripting vulnerabilities in WhatsApp in 2017, when he found he could tamper with the metadata of messages, craft bogus preview banners for Web links, and create URLs that could conceal hostile intent within WhatsApp messages. But as he continued his explorations into the WhatsApp client, he found that he could inject JavaScript code into messages that would run within WhatsApp Desktop—and then gain access to the local file system using the JavaScript Fetch API.

Enlarge / Artist's depiction of Houser departing Rockstar, shown here as (somewhat exaggerated) flaming wreckage without his guidance.

Rockstar co-founder and Creative Vice President Dan Houser will be leaving the company in March "after an extended break beginning in spring of 2019," according to a document filed with the SEC by Rockstar parent Take Two Tuesday evening. Take Two stock is down more than 4 percent in early trading following the news, dipping to its lowest level since December 9.

"We are extremely grateful for his contributions," Take Two wrote in the filing. "Rockstar Games has built some of the most critically acclaimed and commercially successful game worlds, a global community of passionate fans and an incredibly talented team, which remains focused on current and future projects."

Houser has been instrumental in creating Rockstar's wry, satirical voice over the past two decades, serving as the writer or co-writer for most of the company's best-selling titles, including the Grand Theft Auto series. Houser's brother Sam, who co-founded the company with Dan in 1998 and serves as executive producer on most of Rockstar's products, will continue to work at Rockstar, and his role at the company "remains unchanged," according to a statement Take Two issued in the wake of the news.

Enlarge / Local residents call the tracks Ciampate del Diavolo, or the Devil's Path.

Roccamonfina volcano, about 60km northwest of Vesuvius, erupted violently around 350,000 years ago. Pyroclastic flows—deadly torrents of hot gas and volcanic ash—raced down the sides of the mountain. But within a few days, a small group of hominins trekked across the layer of ash and pumice that covered the steep mountainside. Recent analysis and some newly identified prints suggest that the intrepid (or reckless) hominins may have been Homo heidelbergensis who lived and hunted near the volcano.

Another layer of ash later covered the slope, sealing away at least 81 tracks until the early 1800s, when erosion revealed them to the local humans. The tracks record where at least five climbers, all with different foot sizes, walked down the steep, ash-covered hillside. One trail zigzags back and forth downhill, and you can easily picture climbers carefully working their way diagonally across the slope. Along another, more curving path, there are still handprints where the climbers reached out to steady themselves, and a slide mark reveals where one climber slipped.

The ash must have been cool enough to walk on but still soft enough to preserve tracks—very detailed ones, in a few cases. According to ichnologist Adolfo Panarello (of University of Cassino and Southern Latium) and his colleagues, that must have happened within a few days of the pyroclastic flow; Roccamonfina may even still have been erupting. In the 1800s, people living around the now-extinct volcano were sure that only the devil could have left those tracks.