Hackers exploit WordPress plugin flaw that gives full control of millions of sites

Elementor Pro fixed the vulnerability, but not everyone has installed the patch.

Hackers exploit WordPress plugin flaw that gives full control of millions of sites

Enlarge (credit: Getty Images)

Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said.

The vulnerability, which carries a severity rating of 8.8 out of a possible 10, is present in Elementor Pro, a premium plugin running on more than 12 million sites powered by the WordPress content management system. Elementor Pro allows users to create high-quality websites using a wide range of tools, one of which is WooCommerce, a separate WordPress plugin. When those conditions are met, anyone with an account on the site—say a subscriber or customer—can create new accounts that have full administrator privileges.

The vulnerability was discovered by Jerome Bruandet, a researcher with security firm NinTechNet. Last week, Elementor, the developer of the Elementor Pro plugin, released version 3.11.7, which patched the flaw. In a post published on Tuesday, Bruandet wrote:

Read 7 remaining paragraphs | Comments

Twitter posts the code it claims determines which tweets people see, and why

Posted algorithm code includes “is_democrat,” “is_republican,” and “is_elon.”

Section of Twitter's source code, displayed at an angle

Enlarge / Twitter has posted what it states is the code used by its algorithm to recommend tweets to its users.

Twitter has made good on one of CEO Elon Musk's many promises, posting on a Friday afternoon what it claims is the code for its tweet recommendation algorithm on GitHub.

The code, posted under a GNU Affero General Public License v3.0, contains numerous insights as to what factors make a tweet more or less likely to show up in users' timelines.

In a blog post accompanying the code release, Twitter's engineering team (under no particular byline) notes that the system for determining which "top Tweets that ultimately show up on your device's For You timeline" is "composed of many interconnected services and jobs." Each time a Twitter home screen is refreshed, Twitter pulls "the best 1,500 Tweets from a pool of hundreds of millions," the post states.

Read 11 remaining paragraphs | Comments

GM kills more than CarPlay support, it kills choice

The software-driven vehicle is supposed to be a place of choice.

Apple CarPlay screenshot showing Devo's freedom of choice playing

Enlarge / Use your freedom of choice. (credit: Apple)

A long while back, Toyota told me it didn't want to give up interior real estate to Apple’s CarPlay. The automaker felt that losing that space to the tech company would be a huge mistake. Fast forward a few years, and after what I assume were some internal struggles, it caved and now you can get CarPlay and Android Auto on your fancy new Highlander, Prius, Tacoma, or Camry. It seemed like a silly decision had been reversed. Now it’s GM’s turn to go down the same path.

Today, news dropped that GM would be phasing out CarPlay support in future EVs. In its partnership with Google, it hopes that all the features you get from mirroring your iPhone can be replaced with an Android Automotive feature. GM, like Toyota before it, wants to control the digital real estate in its vehicles. It’s a revenue-based and walled-garden (ironically against Apple) decision that will cost them.

Software-driven vehicles should be about choice. Instead, GM is making a short-sighted decision based on a trickle of revenue under the guise of better integration. Owning all the data that a vehicle generates while driving around could be a great source of cash. The problem is potential customers have become accustomed to choosing which device they use to navigate, chat, text, and rock out within their vehicle. They’ve grown weary of being mined for data at the expense of their choice and they’re really not all that keen on in-car subscription services.

Read 10 remaining paragraphs | Comments

Google Bard gets better at homework with improved math and logic capabilities

Bard learns how to add 1+2, still flunks some basic logic questions.

A large Google logo is displayed amidst foliage.

Enlarge (credit: Sean Gallup | Getty Images)

Google Bard is getting a little smarter today with the addition of math and logic capabilities. Google employee Jack Krawczyk announced the change on Twitter, saying, "Now Bard will better understand and respond to your prompts for multi-step word and math problems, with coding coming soon."

Logic questions were a big flaw when Bard arrived tens of days ago, and some answers made Bard seem particularly dumb to early testers. In one example from last week, Bard repeatedly asserted that one plus two equaled four. Today, Google's state-of-the-art AI chatbot models can now correctly say that the answer is three. So there has been at least some change. It can also correctly list the months in a year instead of making up names like "Maruary."

Bard still gets tripped up by really basic logic questions, though. HowToGeek's Chris Hoffman posed the question to Bard on day one, "What's heavier, five pounds of feathers or a one pound dumbbell?" Google Bard responded with the ridiculous claim that "There's no such thing as 5 pounds of feathers." In the replies, ChatGPT didn't do any better, saying that five pounds of feathers and a one pound dumbbells "weigh the same amount, which is five pounds."

Read 5 remaining paragraphs | Comments

Deadly fungal outbreak in Wisconsin linked to neighborhood construction

The outbreak centered around a one-mile area where the fungus wasn’t known to lurk.

This micrograph shows the presence of the fungal agent Blastomyces dermatitidis, 1978.

Enlarge / This micrograph shows the presence of the fungal agent Blastomyces dermatitidis, 1978. (credit: Getty | CDC/Dr. Libero Ajello)

Toxic fungal spores wafting around a Wisconsin neighborhood—possibly spread by recent construction in the area—sparked an outbreak of rare infections that left one person dead, state health officials reported Friday in the Morbidity and Mortality Weekly Report.

In all, the outbreak cluster included five pet dogs and four people, with the onset of symptoms spanning from October 2021 to February 2022. While two of the cases in people were mild, the other two required hospitalization, including the fatal case. The five dogs were reported to have mild to moderate cases.

The outbreak was caused by the poorly understood fungus Blastomyces (B. dermatitidis and B. gilchristii), which lurks in moist soil and decomposing organic matter, such as wood and leaves, often near water. The Centers for Disease Control and Prevention estimates the fungus could exist throughout the eastern US, but its distribution is uneven. It's often found around the Ohio and Mississippi River valleys and the Great Lakes. Parts of Wisconsin and Minnesota are considered hotspots.

Read 8 remaining paragraphs | Comments

Review: D&D: Honor Among Thieves is a worthy homage to the classic RPG

Directors cite Princess Bride, Monty Python and the Holy Grail as influences, and it shows.

Chris Pine and Michelle Rodriguez star as Elgin (a bard) and Holga (a barbarian) in D&D: Honor Among Thieves

Enlarge / Chris Pine and Michelle Rodriguez star as Elgin (a bard) and Holga (a barbarian) in D&D: Honor Among Thieves. (credit: Paramount Pictures)

Of all the films due for release this spring, Dungeons and Dragons: Honor Among Thieves was one of my most anticipated premieres, solely on the strength of those killer trailers. The film does not disappoint. It's a fresh, good-humored, energetic, and vastly entertaining fantasy/action/comedy, boasting a stellar cast and solid emotional core that serves as a worthy homage to the famous RPG that inspired it.

(Some spoilers below, but no major reveals.)

Honor Among Thieves is set in the hugely popular Forgotten Realms campaign setting. The film's official premise is short and sweet: "A charming thief and a band of unlikely adventurers undertake an epic heist to retrieve a lost relic, but things go dangerously awry when they run afoul of the wrong people."

Read 9 remaining paragraphs | Comments

A remotely operated lab is taking shape 2.5 km under the sea

Oceanography, geology, and… particle physics? A new lab does it all without humans.

Image of a collection of hardware being hosted over a ship's side.

Enlarge / Deployment of LSPM junction box 1. (credit: IN2P3/CNRS)

In 1962, one of the world's first underwater research laboratories and human habitats was established off the coast of Marseilles, France, at a depth of 10 meters. The Conshelf 1 project consisted of a steel structure that hosted two men for a week.

Now, more than 60 years later, another underwater laboratory is being set up not far from Marseilles, this time to study both the sea and sky. Unlike the Conshelf habitat, the Laboratoire Sous-marin Provence Méditerranée (LSPM) won't be manned by humans. Located 40 km off the coast of Toulon at a depth of 2,450 meters, it is Europe’s first remotely operated underwater laboratory.

Physics under the sea

Currently, three junction boxes capable of powering several instruments and retrieving data are at the heart of LSPM. The boxes, each measuring 6 meters long and 2 meters high, are connected to a power system on land via a 42-kilometer-long electro-optical cable. The optical portion of this cable is used to collect data from the junction boxes.

Read 15 remaining paragraphs | Comments

Chuwi CoreBook X laptop now available with Core i3-1215U for $470 and up

The Chuwi Corebook X is a 14 inch laptop that pairs a premium design with a budget processor. Last year the Chinese PC maker released a model with a 2160 x 1440 pixel display, an aluminum body and a 10th-gen Intel Core processor. Now Chuwi has release…

The Chuwi Corebook X is a 14 inch laptop that pairs a premium design with a budget processor. Last year the Chinese PC maker released a model with a 2160 x 1440 pixel display, an aluminum body and a 10th-gen Intel Core processor. Now Chuwi has released an updated version of the Corebook X that’s powered […]

The post Chuwi CoreBook X laptop now available with Core i3-1215U for $470 and up appeared first on Liliputing.

Pirate Site Blocking Decreases Internet Traffic, Research Finds

New academic research shows that blocking pirate site domain names effectively decreases internet traffic and, presumably, piracy. However, widespread blocking by ISPs doesn’t necessarily boost the use of paid VoD or TV services. When it comes to legal alternatives, the researchers only find a marginal boost in TV viewership.

From: TF, for the latest news on copyright battles, piracy and more.

an old tvIn recent years, website blocking has become one of the most widely-used anti-piracy enforcement mechanisms in the world.

ISPs in several dozen countries prevent subscribers from accessing a variety of ‘pirate’ sites. While new blocks are added every month, research on the effectiveness of these efforts is rather limited.

Early Piracy Blocking Research

One of the earliest pieces of academic research, based on UK data, showed that the local Pirate Bay blockade had little effect on legal consumption. Instead, pirates turned to alternative pirate sites, proxies, or VPNs to bypass the virtual restrictions.

A follow-up study added more color and brought hope for rightsholders. The research showed that once a large number of sites were blocked in the UK, overall pirate site traffic decreased. At the same time, the researchers observed an increase in traffic to legal services such as Netflix.

These academic studies originated at Carnegie Mellon University. They were conducted independently but the research received sizable gifts from the Motion Picture Association. The movie industry group often cites these results to show that site blocking is effective.

New Blocking Study Adds Nuance

The two blocking papers and their results are founded on quality research, but they’re not without limitations. One shortcoming is that they are based on UK data that may differ from how blocking measures affect piracy and legal consumption in other parts of the world.

A recently released study can partly fill this gap. It was conducted by researchers from the Catolica-Lisbon School of Business and Economics in Portugal, in collaboration with a colleague who, again, is affiliated with Carnegie Mellon University.

Instead of looking at UK data, the researchers analyzed data from a country where a voluntary pirate site blocking scheme was introduced at some point.

The target country isn’t mentioned but considering that the researchers are Portuguese, paired with the fact that Portugal is one of the few countries which has a voluntary blocking scheme, we can take an informed guess.

Tracking Internet, TV, and Spending Habits

Similar to the UK research, the new study uses a natural experiment, namely, the introduction of ISP blocking efforts. The researchers relied on survey data and received help from a telco provider who provided anonymous data on a random sample of 100k subscribers.

These data can differentiate BitTorrent users from the general sample and includes other metrics such as upload and download traffic, paid VoD expenses, aggregate TV viewership time, as well as daily BitTorrent use.

This treasure trove of data resulted in an article of which a preprint copy was published recently. The writeup has yet to be peer-reviewed but the results are interesting enough to warrant an early inspection.

Less Traffic

One of the main and most unique findings is that blocking measures have a clear effect on the Internet traffic generated by BitTorrent users. Both upload and download usage decreased significantly for (former) BitTorrent users, without a noticeable rebound over time.

This finding is backed up by an overall drop in the percentage of households that used BitTorrent, which clearly declined and continued to do so in the months after the blockades were implemented. All in all, this suggests that piracy has decreased as well.

“Our results show that blocking access to copyright infringing websites reduces Internet traffic, which proxies piracy activity,” the researchers write.

traffic drop

Interestingly, the drop in upload and download traffic is asymmetric, with a relatively larger decrease in upload traffic. The researchers suggest that this could potentially mean that some BitTorrent users switched to streaming piracy, which doesn’t require uploading, or to legal streaming services that were not measured.

VPN Searches Spiked

The data sample also covered search activity, which was sourced from Google trends. The researchers specifically examined the terms “proxy”, “VPN”, and “DNS” which all spiked when the blocking measures were implemented.

We have seen similar patterns in other countries where site-blocking measures first appeared. This would suggest that people were trying to find ways to circumvent the blockades.

search boost

After a few months, search activity returns to normal levels, but by then, most persistent pirates will have figured out how to access the blocked sites.

“These figures suggest that although website blocking seems to have been effective in leading some households away from piracy, some users learnt how to circumvent the DNS blocks and likely continued downloading content from the blocked websites,” the researchers note.

No Boost in Legal Alternatives

Ideally, pirate site blocks should positively impact legal consumption. For example, people could use VoD services more, show interest in paid TV channels, and increase regular TV viewing.

However, when comparing the legal use of BitTorrent users before and after the widespread blocking measures, the researchers found little effect.

“We found no statistically significant changes in the consumption of the paid legal alternatives considered, only a very modest increase in TV viewership. These results suggest that the website blocks were effective in curbing digital piracy but did not benefit offline legal alternatives.”

The referenced modest effect translates to a 2.5-minute increase in total TV time for these pirates and a 1.8-minute boost in viewership for channels dedicated to movies and TV shows.

Limitations

These results show that site blocking impacts Internet traffic and presumably piracy too. However, a boost in legal activity is not guaranteed. There are some important caveats to this overall conclusion, however.

One drawback is that legal movie and TV streaming alternatives in the researched country were rather underdeveloped at the time. The availability and use of services such as Netflix was limited, for example.

This means that the results may have been different in a country with more legal options. And in general, the researchers note that results in one region, can’t always be generalized to other countries.

In addition, the findings are limited to mostly BitTorrent piracy. They don’t show how usage of other pirate options, such as streaming sites and IPTV may have changed.

All in all, however, we can say that the study adds some very welcome extra insight into the effectiveness of pirate site blockades.

A copy of the preprint publication titled ‘Controlling Digital Piracy Via Domain Name System Blocks: A Natural Experiment’, is available on SSRN.

Reis, Filipa and Godinho de Matos, Miguel and Ferreira, Pedro, Controlling Digital Piracy Via Domain Name System Blocks: A Natural Experiment. http://dx.doi.org/10.2139/ssrn.4335662

From: TF, for the latest news on copyright battles, piracy and more.

Right-to-repair rules for electronics, appliances targeted for 2024, Canada says

Canada’s newly released budget considers consumers’ wallets and e-waste.

Mobile phone repair, closeup

Enlarge (credit: Getty)

Like in other parts of the world, Canada is working out what the right to repair means for its people. The federal government said in its 2023 budget released Tuesday that it will bring the right to repair to Canada. At the same time, it's considering a universal charging port mandate like the European Union (EU) is implementing with USB-C.

The Canadian federal government's 2023 budget introduces the right to repair under the chapter entitled “Making Life More Affordable and Supporting the Middle Class." It says that the "government will work to implement a right to repair, with the aim of introducing a targeted framework for home appliances and electronics in 2024." The government plans to hold consultations on the matter and claimed it will "work closely with provinces and territories" to implement the right to repair in Canada:

When it comes to broken appliances or devices, high repair fees and a lack of access to specific parts often mean Canadians are pushed to buy new products rather than repairing the ones they have. This is expensive for people and creates harmful waste.

Devices and appliances should be easy to repair, spare parts should be readily accessible, and companies should not be able to prevent repairs with complex programming or hard-to-obtain bespoke parts. By cutting down on the number of devices and appliances that are thrown out, we will be able to make life more affordable for Canadians and protect our environment.

The budget also insinuates that right-to-repair legislation can make third-party repairs cheaper than getting a phone, for example, repaired by the manufacturer, where it could cost "far more than it should.” 

Read 11 remaining paragraphs | Comments