The United Nations announced its app 1point5 to help people social distance this week.
The suddenly popular videoconferencing app Zoom has issued a patch for a vulnerability in its Windows client that allowed attackers to steal the user's Windows login credentials from malicious chat links.
Hi @zoom_us & @NCSC - here is an example of exploiting the Zoom Windows client using UNC path injection to expose credentials for use in SMBRelay attacks. The screen shot below shows an example UNC path link and the credentials being exposed (redacted). pic.twitter.com/gjWXas7TMO
— Hacker Fantastic (@hackerfantastic) March 31, 2020
I made a simple demo of the latest Zoom UNC Path Injection Vulnerability, Take care and don't click on ANY UNC Path hyperlinks!
P.S. I used putty as a payload.exe which could be ANY_THING_ELSE.exe
— Mohamed A. Baset (@SymbianSyMoh) April 1, 2020
“Zoom issued a fix for this and other bugs, promising better transparency going forward,” reports Mark Hachman at PCWorld:
Read the rest
An unpatched vulnerability within Zoom allows an attacker to drop a malicious link into a chat window and use it to steal a Windows password, according to reports.
A hacker could use an attack called a UNC path injection to expose credentials, according to an attack posted on Twitter and subsequently followed up with an additional video. According to The Hacker News, that's because Windows exposes a user's login name and password to a remote server when attempting to connect to it and download a file.
Update: After this story and others went live April 1, Zoom CEO Eric Yuan addressed Zoom security and other issues in a blog post.
Monty Python co-founder Terry Jones who died last month was also a scholar of Geoffrey Chaucer’s The Canterbury Tales, having penned two books about the great English poet. Before Jones's death, he was collaborating with an international team of Chaucer geeks on a Canterbury Tales app called "General Prologue." It is the first in a series.
“We want the public, not just academics, to see the manuscript as Chaucer would have likely thought of it—as a performance that mixed drama and humor,” said University of Saskatchewan English professor and project leader Peter Robinson.
“We were so pleased that Terry was able to see and hear this app in the last weeks of his life. His work and his passion for Chaucer was an inspiration to us,” Robinson said. “We talked a lot about Chaucer and it was his idea that the Tales would be turned into a performance.”
From the University of Saskatchewan:
Read the rest
The app features a 45-minute audio performance of the General Prologue of the Tales—the masterpiece work by the most important English writer before Shakespeare—along with the digitized original manuscript. While listening to the reading, users have access to supporting content such as a translation in modern English, commentary, notes and vocabulary explaining Middle English words used by Chaucer.
The app, an offshoot of Robinson’s 25-year work to digitize the Canterbury Tales, contains key new research work. This includes a new edited text of the Prologue created by USask sessional lecturer Barbara Bordalejo, a new reading of the Tales by former USask student Colin Gibbings, and new findings about the Tales by UCL (University College London) medievalist professor Richard North.
Here's a terrifying new game that's one of the most popular apps in the United States, Photo Roulette. Up to fifty players allow the app to access their photos. Each round, a random photo from one of the player's galleries pops up on everyone else's phone. Players then race to guess whose photo it is.
“I was kind of freaked out by it so I went to my camera roll to make sure there wasn’t anything embarrassing and I didn’t see anything too bad,” she said.
But when she joined the game, the app displayed a photo of her Social Security number.
Emma Romney, a 20-year-old college student from Spokane, Wash., was playing Photo Roulette with her cousins, uncle and father during a road trip recently when a selfie she had taken a few years ago came up in the game.
SpotHero is an app that lets you reserve parking in advance. It seemed like a cool idea, so I installed it and gave it a try when I had a business lunch on Tuesday. I entered the name of the restaurant in Hollywood and SpotHero showed me a map of parking spots near the restaurant. I found one on the corner of Argyle and Sunset for $6.
When I arrived at the parking lot, I found that the entrance was barricaded. A worker standing by the entrance told me that the entire lot had been rented for the day. I showed her my SpotHero reservation, and she called for the lot attendant who came over told me the same thing. He said I could go to another lot at the corner of Hollywood and Vine and that I "might be able to work something out with them." He described the lot, but when I drove there I couldn't find the lot he was talking about, and I had my doubts that they would let me park there anyway.
At this point, I was already late for my meeting. Fortunately, I found a metered spot in the street, which is rare for this area, and paid $8 for 2 hours. So I ended up being late and paying $14 for parking.
After my meeting, I contacted SpotHero through Twitter to let them know about the problem with the lot. I received a reply on Wednesday morning:
Read the rest
This is Emily from SpotHero, our Social Media Monitor passed your information along to me.
The app used some tricks to get through the App Store review process, which generally prohibits the use of images from Apple products or interfaces. It works just like any other third-party player created for Apple Music and you probably won’t find it in the store as an “iPod Classic simulator”.
That’s because the app comes with normal control buttons by default. The secret is in a function that allows users to add any type of image as a player skin. When you add the iPod Classic theme, which is not included in the app, it hides the buttons so it can be controlled by the virtual Click Wheel.
david.li/paint is a spectacularly gloopy painting app online. You can set paint fluidity, bristle count and brush size, and of course pick any color you like. What I like about it (as opposed to pro apps like Corel Painter or Artrage that offer similar natural media simulations) is that it's just a loaded messy brush that doesn't make it easy or clean itself up for you. The limitations force you to work with it! Author David Li published the source code. Read the rest
The Most Dangerous Writing App is a simple, attractive text editor on the web. But there's a twist to Manuel Ebert's design: if you stop typing before 5 minutes is up, your work starts to fade, and if you don't start again immediately, it disappears completely.
It's not absolute—you can copy your work out of the box, and it's not bugging you with a spellchecker to stop you going klsdafjgh alskdfjhasd kjfh to get through moments of block. But you are gonna be typing all the same, and that's the point.
— Manuel Ebert (@maebert) February 29, 2016
I wrote a while back about why typing on old keyboards feels better: it's because they were simple, low-latency devices interacting with your computer's bare metal. Nowadays, many device instructions end up filtered through a zillion layers of microcontrollers, firmware, virtual machinery, applications, hardware abstraction layers and God knows what else before a byte gets to the screen. How annoying is too annoying? is a Glitch site by Monica Dinculescu that lets you simulate keyboard latency, to see exactly how much of it you can take.
This is an experiment to see what amount of delay is too annoying for a user interaction like typing. Here are some presets; make sure to type a lot of characters at once for the full effect.
Note that whatever you select in the app, it's added to the actual latency of your own keyboard and computer--probably 100ms or so for most of us. After about 50ms of extra wait, I start to get aggravated. Read the rest
Bad Hombre is an award-winning satirical game created by 16-year-old Jackie George. Two days after it won the Shortly Award and was recognized in her school newsletter, Bad Hombre was removed from both Apple's App Store and Google Play (George notes that her town of Naples, FL is very conservative with a lot of Trump supporters and is suspicious that one of her neighbors reported the app). Read the rest
If you need to build an app quickly and easily, you might decide to use Facebook's SDK, which has lots of bells and whistles, including easy integration of Facebook ads in your app's UI. Read the rest
Second Chance is a smartphone app developed by University of Washington engineers to detect an opioid overdose. The researchers tested the app at a public supervised injection facility in Vancouver, Canada with encouraging results. From Science News:
Read the rest
Second Chance, described online January 9 in Science Translational Medicine, converts a smartphone’s speaker and microphone into a sonar system that works within about a meter of a user’s body. When the app is running, the phone continuously emits sound waves at frequencies too high to hear, which bounce off a user’s chest. Tracking when these echoes reach the phone allows the app to detect two possible signs of an impending overdose: slow breathing or no breathing at all...
For real-world use, the researchers envision the app notifying a user if it detects breathing problems and sending for help only if the user doesn’t respond to that notification, says study coauthor and computer scientist Shyam Gollakota. The scientists still need to ensure that this setup could reliably alert emergency contacts or medical personnel in time to resuscitate a person.
Pixelmash is clever indeed: create your resolution-independent art with the same freeform speed as you might in any other painting app, then let it nondestructively pixelize it, with 1-pixel outlines, adjustable gradients and dithering.
Pixelmash's resolution-independence lets you do really cool things... Like create animations using layer transforms rather than having to paint every frame pixel-by-pixel. Or make outlines, shading, and dithering easily adjustable by having them applied as layer effects. Or easily create different resolutions and color variants of the same image. Or convert photos or other hi-res artwork into pixel art using layer effects and the resolution slider.
Free demo, $15 to pre-order. Read the rest