This page has been left intentionally blank
Graphic images Everyone knows the trope. The baddies smash their way in and gun down the guard standing in front of the vault. "Dammit," says the lead bad guy, "it's a biometric scanner, we'll never get in!" His most grizzled henchman turns round, holding up the dead guard's lifeless arm. "Oh yes we will…"
A Reg reader recreated this scene in real life (bits of it) using his Samsung Galaxy A20 phone – and the severed tip of his index finger, parted from his hand thanks to an industrial accident involving a crane.
Kieran Higgins, a semi-retired auditor living in Spain, showed El Reg that his phone's fingerprint sensor read his two-weeks-dead fingertip's print and happily unlocked the device.
Highways England, the authority responsible for the nation's roads and related infrastructure, is asking tech vendors to bid for a project worth up to £15m to replace its ageing pavement information management systems.
Still running on an unsupported Windows 2003 system, the Highways Agency Pavement Management System (HAPMS) dates back more than 20 years and is responsible for recording the status of 6,920km of pavement in England.
Highways England, which has an annual budget of around £4.5bn, is now looking for someone to build a new system based on commercial off-the-shelf software. The current system is based upon an outdated version of the Pitney Bowes Confirm product.
Singapore’s dominant ride-sharing app Grab has added a service for large dogs, or humans who own large numbers of dogs.
The company, which bought Uber’s local operations, has seen close to 170 percent growth over the last two years for its current “GrabPet” service that offers to carry two humans, “two small to medium-sized pets, or one large pet”.
The new GrabPet XL will schlep three human passengers and three small to medium-sized pets (up to 41cm in length), or two large pets (41cm in length or more).
Version 90 of Google's Chrome browser includes a bit of extra security for users of recent versions of Windows and the latest x86 processors, in the form of hardware-enforced stack protection.
This basically means that, if your PC supports it, it's a bit harder for malicious websites to exploit bugs in Chrome to hijack your computer.
Released in April, Chrome 90 supports Intel’s Control-flow Enforcement Technology (CET) [PDF], a processor-based defense against exploits that use something like Return Oriented Programming (ROP) to violate a program's control-flow integrity (CFI).
Video SpaceX’s latest test of its Starship vehicle has stuck its landing for the first time.
On Wednesday, US time, Starship serial number 15 (SN15) ascended to 10,000 metres, turned off its three raptor engines, and then belly-flopped back toward Earth.
The belly-flop phase of the flight was intentional: the craft has four flaps that let it control its descent.
Black Hat Asia A trio of researchers at Palo Alto Networks has detailed vulnerabilities in the JET database engine, and demonstrated how those flaws can be exploited to ultimately execute malicious code on systems running Microsoft’s SQL Server and Internet Information Services web server.
The team also said Microsoft dismissed some of their findings as not worthy of a fix.
In a talk today at Black Hat Asia titled Give Me a SQL Injection, I Shall PWN IIS and SQL Server, the three explained they found the JET engine – for years an underlying tech for Microsoft Access and other products, and still downloadable today – has many vulnerabilities. We've previously reported on such holes.
Blue Origin is planning to launch its first crew into space on July 20 – and a seat on this inaugural spaceflight is up for auction.
There will be three stages to this process. Anyone can enter a sealed bid from May 5: all you have to do is fill out a form containing personal and contact information, and say how much you’re willing to pay to go space.
On May 19, Blue Origin will unseal the auction, and people must place the high bid to continue. Finally, on June 12, the richest person highest bidder and thus winning space tourist will be determined at auction held live online.
VMware has admitted its vRealize Business for Cloud product includes an “unauthorised VAMI API” that can be exploited to achieve remote code execution on the virtual appliance. The security flaw is rated critical, scoring 9.8 on the ten-point Common Vulnerability Scoring System.
VAMI is the vCenter Server Appliance Management Interface, the tool administrators use to drive its flagship vCenter Server Appliance and manage fleets of virtual machines. For VAMI to have an "unauthorised" API that can be abused by miscreants to gain unauthorized control of systems over the network or internet is very scary indeed.
VMware’s advisory does not explain how an unauthorised API made its way into such a sensitive product.
Chinese web giant Baidu has commenced operations of actual autonomous taxis on the streets of Beijing.
The Apollo robo-taxi service only operates in Shougang Park, an area of the capital city that will host some events in the 2022 Winter Olympics. Just ten self-driving cars are rolling in this first commercial test of the tech.
The cars are summoned with an Uber-like app and offer level-four autonomy – meaning they can independently drive in predefined geo-fenced areas, and allow humans to take the wheel if they feel it necessary.
Microsoft this week released a Python tool that probes AI models to see if they can be hoodwinked by malicious input data.
And by that, we mean investigating whether, say, an airport's object-recognition system can be fooled into thinking a gun is a hairbrush, or a bank's machine-learning-based anti-fraud code can be made to approve dodgy transactions, or a web forum moderation bot can be tricked into allowing through banned hate speech.
The Windows giant's tool, dubbed Counterfit, is available on GitHub under the MIT license, and is command-line controlled. Essentially, the script can be instructed to delve into a sizable toolbox of programs that automatically generate thousands of adversarial inputs for a given AI model under test. If the output from the model differs from what was expected from the input, then this is recorded as a successful attack.
Encrypted messaging service Signal on Tuesday made a show of trolling Instagram and its parent company Facebook by creating ads that incorporated audience targeting categories into its ad copy.
The ads address viewers by identifying targeting criteria like lifestyle categories, occupation, geographic location, and personal interests presumably gleaned through online data collection.
Apart from the marketing value of tweaking a dominant messaging rival, Signal did so, it claims, to expose the inner workings of ad tech data collection.
Biting the hand that feeds IT © 1998–2021