news.buyenne.com

Enlarge / At least three companies have reported the dbutil_2_3.sys security problems to Dell over the past two years. (credit: Blogtrepreneur / Flickr)

Yesterday, infosec research firm SentinelLabs revealed 12-year-old flaws in Dell's firmware updater, DBUtil 2.3. The vulnerable firmware updater has been installed by default on hundreds of millions of Dell systems since 2009.

The five high-severity flaws SentinelLabs discovered and reported to Dell lurk in the dbutil_2_3.sys module, and they have been rounded up under a single CVE tracking number, CVE-2021-21551. There are two memory-corruption issues and two lack of input validation issues, all of which can lead to local privilege escalation and a code logic issue which could lead to a denial of service.

A hypothetical attacker abusing these vulnerabilities can escalate the privileges of another process or bypass security controls to write directly to system storage. This offers multiple routes to the ultimate goal of local kernel-level access—a step even higher than Administrator or "root" access—to the entire system.

Enlarge / Before you tweet, you might be asked if you meant to be so rude. (credit: Getty Images / Sam Machkovech)

Want to know exactly what Twitter's fleet of text-combing, dictionary-parsing bots defines as "mean"? Starting any day now, you'll have instant access to that data—at least, whenever a stern auto-moderator says you're not tweeting politely.

On Wednesday, members of Twitter's product-design team confirmed that a new automatic prompt will begin rolling out for all Twitter users, regardless of platform and device, that activates when a post's language crosses Twitter's threshold of "potentially harmful or offensive language." This follows a number of limited-user tests of the notices beginning in May of last year. Soon, any robo-moderated tweets will be interrupted with a notice asking, "Want to review this before tweeting?"

Earlier tests of this feature, unsurprisingly, had their share of issues. "The algorithms powering the [warning] prompts struggled to capture the nuance in many conversations and often didn't differentiate between potentially offensive language, sarcasm, and friendly banter," Twitter's announcement states. The news post clarifies that Twitter's systems now account for, among other things, how often two accounts interact with each other—meaning, I'll likely get a flag for sending curse words and insults to a celebrity I never talk to on Twitter, but I would likely be in the clear sending those same sentences via Twitter to friends or Ars colleagues.

Enlarge / Starship SN15 descending back to Texas under two of its three upgraded raptor engines. Successful landing! (credit: Trevor Mahlmann)

By now many readers are familiar with SpaceX's Starship tests. The rocket makes its way skyward and performs maneuvers that seem like impossibilities to a generation raised on rockets that simply shot things to orbit. These maneuvers are followed by an ungainly looking float towards the Earth below, which ends in a sudden lurch as the rocket struggles to a vertical orientation and tries to lose speed.

In general, this has been followed by a dramatic explosion as one aspect or another of the incredibly complex series of events required doesn't work quite right. The biggest exception was one case where that explosion waited for several minutes after its landing.

Today's launch followed the script right up to the landing, at which point everything changed. The landing went off without a hitch this time, and the hardware stayed intact—albeit on fire—well after the landing.

• 

  Entertainment Space. It's like Google TV, but for your tablet.

Google just remembered that Android tablets exist, and the company has announced "Entertainment Space," a new, tablet-exclusive interface that the company says is "a one-stop, personalized home for all your favorite movies, shows, videos, games and books."

Google's blog post is vague about the details of Entertainment Space. Is Space an app? Is it a new home screen, which would give Google a similar UI to a Fire tablet? Is it a report from The Verge that fills in some of the blanks: Entertainment Space is a new home screen page.

Just like how the Google Discover news feed lives on the left side of a home screen, or how Samsung puts "Bixby Home" over there, Entertainment Space will be the new left-most home screen for tablets, replacing Discover. So for apps widgets (and a customizable home screen), you'll have the main home screen page any others you want to add. For media, you have this big custom interface on the left.

Enlarge / Pharmaceutical bottles on a conveyor belt in South Africa. (credit: Westend61 / Getty Images)

The Biden administration has thrown its weight behind an international effort to loosen patent and other legal protections for COVID vaccines.

"The Administration believes strongly in intellectual property protections, but in service of ending this pandemic, supports the waiver of those protections for COVID-19 vaccines," wrote US Trade Representative Katherine Tai in a Wednesday statement.

If successful, that effort might open up the vaccine market to independent drug makers, speeding production and distribution and ending the pandemic more quickly. Or it might not.

The monkey wrench of the legal system. (credit: Aurich Lawson)

Microsoft Vice President of Xbox Business Development Lori Wright took center stage at the Epic versus Apple trial today. The executive's testimony served up some interesting comparisons and contrasts with Epic's complaints and addressed questions about the Xbox consoles' closed, iOS-style app market and the difficulties Microsoft faced getting xCloud streaming on iOS devices.

Open vs. closed

In defending Microsoft's iOS-style 30 percent commission on apps sold on the Xbox store, Wright pointed out that the company has never made a profit on the sale of an Xbox console. That's in contrast to the profit-generating iPhone and iPad hardware and to a company like Nintendo, which doesn't take a loss on Switch hardware sales.

"The business model is set out to be an end-to-end gaming experience," Wright said. "Hardware is critical to delivering that experience. We need gamers to be able to have a console. We make money back in the long run on game sales and gaming subscriptions."

Enlarge / The 2020 iPhone lineup. From left to right: iPhone 12 Pro Max, iPhone 12 Pro, iPhone 12, iPhone SE, and iPhone 12 mini. (credit: Samuel Axon)

Researchers at Brigham Young University conducted a study to see how much blue-light-reducing features like Apple's Night Shift improve sleep quality. Their conclusion? Night Shift doesn't help at all.

In the study, which was published in Sleep Health, the BYU researchers assessed the sleep quality of 167 young adults, asking each to wear a wrist accelerometer before sleep. Participants were randomly assigned three conditions regarding iPhone use before bed: one group didn't use their iPhones at all, one group used their iPhones without Night Shift enabled, and another group used their iPhones with Night Shift enabled.

"There were no significant differences in sleep outcomes across the three experimental groups," the researchers concluded.

Enlarge (credit: Peloton)

Peloton is having a rough day. First, the company recalled two treadmill models following the death of a 6-year-old child who was pulled under one of the devices. Now comes word Peloton exposed sensitive user data, even after the company knew about the leak. No wonder the company’s stock price closed down 15 percent on Wednesday.

Peloton provides a line of network-connected stationary bikes and treadmills. The company also offers an online service that allows users to join classes, work with trainers, or do workouts with other users. In October, Peloton told investors it had a community of 3 million members. Members can set accounts to be public so friends can view details such as classes attended and workout stats, or users can choose for profiles to be private.

I know where you worked out last summer

Researchers at security consultancy Pen Test Partners on Wednesday reported that a flaw in Peloton’s online service was making data for all of its users available to anyone anywhere in the world, even when a profile was set to private. All that was required was a little knowledge of the faulty programming interfaces that Peloton uses to transmit data between devices and the company’s servers.