Aug 23
“The Loud House Movie,” a Nickelodeon animated series adaptation, is also a top pick.
Aug 23
For its entire existence so far, Minecraft Dungeons has existed in two places on PC: Xbox Game Pass for PC and the Microsoft Store. If you’re a PC gamer and you want to play Minecraft Dungeons, those are your choices. However, that’s all changing next month, as Minecraft Dungeons will be launching on Steam will all of its DLCs. How … Continue reading
Aug 23
A Spider-Man NWH trailer (that’s No Way Home, mind you), leaked this week in just about as potato a quality as possible. We’re going to take a peek at what’s in this video and expect that it’ll be shared by Marvel in far higher quality in the very, very near future. Generally this is the course of things when we … Continue reading
Aug 23
The FDA has fully approved Comirnaty, the Pfizer-BioNTech COVID-19 vaccine, in a move that’s likely to put greater attention on the wisdom of being immunized and whether employers can legally require it of their employees. While Comirnaty may be approved now, though, that doesn’t mean it’s the end of the emergency use authorization, or indeed of monitoring those vaccinated for … Continue reading
Aug 23
Poly Network says it has recovered all $610 million it lost in cryptocurrency heist
Posted in: Today's ChiliOne of the most unusual cryptocurrency heists in recent memory has come to a close. On Monday, Poly Network, a decentralized finance platform that saw a hacker named “Mr. White Hat” exploit a vulnerability in its code to steal $610 million in Ethereum, Shiba Inu and other cryptocurrencies, says it has recovered all the money it lost in the theft.
Dear “Hacker”,
Thank You! We are ready for a new journey.
Poly Network Teamhttps://t.co/djwsVJRXrN
— Poly Network (@PolyNetwork2) August 23, 2021
“At this point, all the user assets that were transferred during the incident have been fully recovered,” the company said in a Medium post. Poly Network is now working to return control of those digital currencies to their rightful owners, a process the company says it hopes to complete as soon as possible.
The Poly Network hack took one strange turn after another. Less than a day after stealing the digital currencies, the hacker started returning millions and sent a token indicating they were “ready to surrender.” Everything was going smoothly until they locked more than $200 million in assets in an account that required passwords from both them and Poly Network. They said they would only provide their password once everyone was “ready.” At that point, Poly Network offered the hacker a $500,000 reward.
It’s unclear why the perpetrator had a change of heart, though some experts believe they may have found it difficult to launder and cash out the money they had on their hands. All we have to go on from the hacker is that they were trying to help in their own way.
“My actions, which may be considered weird, are my efforts to contribute to the security of the Poly project in my personal style,” the hacker said in a message they included with the final transaction, according to CNBC. “The consensus was reached in a painful and obscure way, but it works.”
Aug 23
Data leak exposed 38 million records, including COVID-19 vaccination statuses
Posted in: Today's ChiliAround 38 million records from north of a thousand web apps that use Microsoft’s Power Apps platform were left exposed online, according to researchers. The records are said to have included data from COVID-19 contact tracing efforts, vaccine registrations and employee databases, such as home addresses, phone numbers, social security numbers and vaccination status.
Data from some large companies and institutions was exposed in the incident, according to Wired, including American Airlines, Ford, the Indiana Department of Health and New York City public schools. The vulnerability has mostly been resolved.
Researchers from security company Upguard started looking into the issue in May. They found data from many Power Apps that was supposed to be private was available for anyone to access if they knew where to look.
The Power Apps service aims to make it easy for customers to make their own web and mobile apps. It offers application programming interfaces (APIs) for developers to use with the data they collect. However, Upguard found that using those APIs makes the data obtained through Power Apps public by default, and manual reconfiguration was required to keep the information private.
Upguard says it sent a vulnerability report to the Microsoft Security Resource Center on June 24th, including links to Power Apps accounts on which sensitive data was exposed and steps to identify APIs that enabled anonymous access to data. Researchers worked with Microsoft to clarify how to reproduce the issue. However, an Microsoft analyst told the firm on June 29th that the case was closed and they “determined that this behavior is considered to be by design.”
Upguard then started notifying some of the affected companies and organizations, which moved to lock down their data. It raised an abuse report with Microsoft on July 15th. By July 19th, the company says that most of the data from the Power Apps in question, including the most sensitive information, had been made private. Engadget has contacted Microsoft for comment.
Earlier this month, Microsoft said Power Apps will keep data private by default when developers harness the APIs. In addition, it released a tool for developers to check their Power Apps settings.
There’s no indication as yet that any of the exposed data has been compromised. Among the most sensitive information that was left in the open were 332,000 email addresses and Microsoft employee IDs that are used for payroll, according to Upguard. The company also says that more than 39,000 records from portals related to Microsoft Mixed Reality were exposed, including users’ names and email addresses.
The incident underscores the fact that a misconfiguration, no matter how seemingly minor, could lead to serious data breaches. That doesn’t appear to be the case here, thankfully. Still, it goes to show that developers should probably triple check their settings, especially when plugging in an API they haven’t designed themselves.
Aug 23
Marvel’s Shang-Chi and the Legend of the Ten Rings is a blend of opposites: otherworldly martial arts grounded by slacker humor. From fast-paced split kicks to lyrical dance-fights, the film deserves to be seen on the big screen. But of course, even if you didn’t feel it was safe to do so, that’s the only way you can…
Aug 23
Apple just released a refreshed M1 Mac Mini last November, but it looks like we might see a higher-end version featuring the rumors M1X chip sometime this fall.
Aug 23
Greece has suffered through a summer of hellish heat. Now, experts want to give heat waves names and rankings like the ones assigned to hurricanes and tropical storms.
Aug 23
Jeff Bezos might have felt triumphant when he rocketed toward the edge of space last month, but apparently the same can’t be said about other employees at Blue Origin. On Friday, CNBC was first to report that over a dozen engineers had left Bezos’s company in recent weeks, with some departing for high-ranking roles at…
Who's in charge here?
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.