Technology Blog

August 15, 2022

CVE-2017-10125 (active_iq_unified_manager, cloud_backup, e-series_santricity_os_controller, e-series_santricity_storage_manager, element_software, jdk, jre, oncommand_balance, oncommand_insight, oncommand_performance_manager, oncommand_shift, oncommand_unified_manager, plug-in_for_symantec_netbackup, snapmanager, steelstore_cloud_integrated_storage, storage_replication_adapter_for_clustered_data_ontap, vasa_provider_for_clustered_data_ontap, virtual_storage_console)

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
August 15, 2022

CVE-2017-10293 (active_iq_unified_manager, cloud_backup, e-series_santricity_management_plug-ins, e-series_santricity_os_controller, e-series_santricity_storage_manager, e-series_santricity_web_services, element_software, jdk, jre, oncommand_balance, oncommand_insight, oncommand_performance_manager, oncommand_shift, oncommand_unified_manager, oncommand_workflow_automation, plug-in_for_symantec_netbackup, snapmanager, steelstore_cloud_integrated_storage, storage_replication_adapter_for_clustered_data_ontap, vasa_provider_for_clustered_data_ontap, virtual_storage_console)

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
August 15, 2022

CVE-2017-10309 (active_iq_unified_manager, cloud_backup, e-series_santricity_management_plug-ins, e-series_santricity_os_controller, e-series_santricity_storage_manager, e-series_santricity_web_services, element_software, enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_workstation, jdk, jre, oncommand_balance, oncommand_insight, oncommand_performance_manager, oncommand_shift, oncommand_unified_manager, oncommand_workflow_automation, plug-in_for_symantec_netbackup, satellite, snapmanager, steelstore_cloud_integrated_storage, storage_replication_adapter_for_clustered_data_ontap, vasa_provider_for_clustered_data_ontap, virtual_storage_console)

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
August 15, 2022

An Eye Implant Engineered From Proteins In Pigskin Restored Sight In 14 Blind People

According to a new study published in the journal Nature Biotechnology, researchers implanted corneas made from pig collagen to restore sight in 20 people who were blind or visually impaired. "Fourteen of the patients were blind before they received the implant, but two years after the procedure, they had regained some or all of their vision," notes NBC News. "Three had perfect vision after the surgery." From the report: The patients, in Iran and India, all suffered from keratoconus, a condition in which the protective outer layer of the eye progressively thins and bulges outward. "We were surprised with the degree of vision improvement," said Neil Lagali, a professor of experimental ophthalmology at Linkoping University in Sweden who co-authored the study. Not all patients experienced the same degree of improvement, however. The 12 Iranian patients wound up with an average visual acuity of 20/58 with glasses; functional vision is defined as 20/40 or better with lenses. Nonetheless, Dr. Marian Macsai, a clinical professor of ophthalmology at the University of Chicago who wasn't involved in the study, said the technology could be a game changer for those with keratoconus, which affects roughly 50 to 200 out of every 100,000 people. It might also have applications for other forms of corneal disease. To create the implant, Lagali and his team dissolved pig tissue to form a purified collagen solution. That was used to engineer a hydrogel that mimics the human cornea. Surgeons then made an incision in a patient's cornea for the hydrogel. "We insert our material into this pocket to thicken the cornea and to reshape it so that it can restore the cornea's function," Lagali said. Traditionally, human tissue is required for cornea transplants. But it's in short supply, because people must volunteer to donate it after they die. So, Lagali said, his team was looking for a low-cost, widely available substitute. "Collagen from pigskin is a byproduct from the food industry," he said. "This makes it broadly available and easier to procure." After two years, the patients' bodies hadn't rejected the implants, and they didn't have any inflammation or scarring. But any experimental medical procedure comes with risk. In this case, Soiberman said, a foreign molecule like collagen could induce an immune reaction. The researchers prescribed patients an eight-week course of immunosuppressive eyedrops to lower the risk, which is less than the amount given to people who receive cornea transplants from human tissue. In those cases, patients take immunosuppressive medicine for more than a year, Lagali said. "There's always a risk for rejection of the human donor tissue because it contains foreign cells," he said. "Our implant does not contain any cells ... so there's a minimal risk of rejection." The procedure itself was also quicker than traditional cornea transplants. The researchers said each operation took about 30 minutes, whereas transplants of human tissue can take a couple of hours. [...] It's not yet clear whether the surgery would work for patients who have other forms of corneal disease aside from keratoconus.

Read more of this story at Slashdot.

August 15, 2022

WeWork’s Former CEO Has a New Startup, Reportedly Valued At More Than $1 Billion

Nearly three years after Adam Neumann stepped down as CEO of WeWork following a failed attempt to take the company public, he is said to once again be in charge of a billion-dollar real estate startup. CNN Business reports: Andreessen Horowitz, the prominent venture capital firm known for its early investments in Twitter and Airbnb, has pumped about $350 million into Neumann's newest venture, called Flow, according to The New York Times, citing unnamed sources briefed on the deal. The investment valued the startup at more than $1 billion, according to the report. In a blog post Monday, Marc Andreessen, cofounder and general partner at the VC firm, announced the investment, without disclosing financial details. He also explained his thinking for backing Flow, a residential real estate company, and Neumann despite the founder's high-profile fall from grace at WeWork. "Adam is a visionary leader who revolutionized the second largest asset class in the world -- commercial real estate -- by bringing community and brand to an industry in which neither existed before," Andreessen wrote in his post Monday. "Adam, and the story of WeWork, have been exhaustively chronicled, analyzed, and fictionalized -- sometimes accurately. For all the energy put into covering the story, it's often under appreciated that only one person has fundamentally redesigned the office experience and led a paradigm-changing global company in the process: Adam Neumann." It's not immediately clear how Flow seeks to revolutionize the residential housing industry. Flow currently has a bare bones website, with the slogan "Live life in flow" and two words stating it will launch in 2023. Andreessen positioned the new company as a long-awaited solution to the nation's "housing crisis." He used a mix of jargon-filled terms -- "community-driven, experience-centric service" -- to explain how the new startup would "create a system where renters receive the benefits of owners." "We think it is natural that for his first venture since WeWork, Adam returns to the theme of connecting people through transforming their physical spaces and building communities where people spend the most time: their homes," Andreessen wrote. "Residential real estate -- the world's largest asset class -- is ready for exactly this change."

Read more of this story at Slashdot.

August 15, 2022

New US Privacy Law May Give Telecoms Free Pass On $200 Million Fines

An anonymous reader quotes a report from Motherboard: The American Data Privacy and Protection Act (ADPPA), a new federal privacy bill that has actually a chance of becoming law, is designed to introduce new privacy protections for Americans. But it may also have the side effect of wiping out $200 million worth of fines proposed against some of the country's biggest telecommunications companies as part of a major location-data selling scandal in which the firms sold customer data that ended up in the hands of bounty hunters and other parties. The issue centers around the ADPPA's shift of enforcement for privacy related matters from the Federal Communications Commission (FCC), which proposed the fines, to the Federal Trade Commission (FTC). The news highlights the complex push and pulls when developing privacy legislation, and some of the pitfalls along the way. The FCC proposed the $200 million fines in February 2020. The fines came after Motherboard revealed that the carriers sold phone location data to a complex supply chain of companies which then provided it to hundreds of bounty hunters and other third parties, including someone that allowed Motherboard to track a phone for just $300. The fines also came after The New York Times and the office of Sen. Ron Wyden found that the carriers sold location data in a similar method to a company called Securus, which allowed law enforcement officials to track the location of phones without a warrant. A former sheriff abused the tool to spy on judges and other officials. The offending telecoms -- AT&T, T-Mobile, Sprint, Verizon -- said they stopped the sale of location data at varying points in time in response to the investigations. The FCC then found that the carriers broke the law by selling such data. FCC Press Secretary Paloma Perez told Motherboard in an emailed statement that "our real-time location information is some of the most sensitive data there is about us, and it deserves the highest level of privacy protection. That is why the FCC has proposed more than $200 million in fines against the nation's largest wireless carriers for selling their customers' location data. Through our continued oversight we have ensured that these carriers are no longer monetizing their consumers' real-time location in this way, and we are continuing our investigation into these practices and expect to reach a conclusion very soon." In July FCC Chairwoman Jessica Rosenworcel sent letters to a host of U.S. telecommunications, tech, and retail companies to ask about their use of location data.

Read more of this story at Slashdot.

August 15, 2022

US Bans Export of Tech Used In 3nm Chip Production On Security Grounds

The United States is formally banning the export of four technologies tied to semiconductor manufacturing, calling the protection of the items "vital to national security." The Register reports: Announced Friday (PDF) by the US Commerce Department's Bureau of Industry and Security (BIS) and enacted today, the rule will ban the export of two ultra-wide bandgap semiconductor materials, as well as some types of electronic computer-aided design (ECAD) technology and pressure gain combustion (PGC) technology. In particular, the BIS said that the semiconductor materials gallium oxide and diamond will be subject to renewed export controls because they can operate under more extreme temperature and voltage conditions. The Bureau said that capability makes the materials more useful in weapons. ECAD software, which aids design for a wide range of circuits, comes in specialized forms that supports gate-all-around field effect transistors (GAAFETs), which are used to scale semiconductors to 3 nanometers and below. PGC technology also has "extensive potential" for ground and aerospace uses, the BIS said. All four items are being classified under Section 1758 of the Export Control Reform Act, which covers the production of advanced semiconductors and gas turbine engines. Those types of technology are also covered by the Wassenaar Arrangement, made in 2013 between the US and 41 other countries, which functions as a broader arms control treaty. "We are protecting the four technologies identified in today's rule from nefarious end use by applying controls through a multilateral regime," Assistant Secretary of Commerce for Export Administration Thea D Rozman Kendler said in a statement. "This rule demonstrates our continued commitment to imposing export controls together with our international partners." The reason for the addition of the four forms of technology to export controls is a change made in May to how the BIS characterizes emerging and foundational technologies. Under the change, such tech was reclassified to be covered by Section 1758. The BIS statement announcing the export ban made no mention of the countries, but recent events make it clear the target is China -- the US has been considering other tech export bans (and investment freezes), recently all of which appeared tailored to target China. Analysts in the Middle Kingdom have claimed the ban would have little short-term impact on China's chipmaking industry as no one in China has yet managed to design chips as advanced as those targeted by the ban.

Read more of this story at Slashdot.

August 15, 2022
" loading="lazy" />

AT&T Workers Fight Return To Office Push: ‘We Can Do the Same Job From Home’

AT&T workers are pushing to keep working from home as an option, citing "long commutes to and from work, exorbitant childcare costs, ongoing concerns over exposure to COVID-19 variants and now monkeybox," reports The Guardian. From the report: At AT&T, the world's largest telecommunication company, workers represented by the Communications Workers of America agreed to a work from home extension until the end of March 2023, but workers say the company is forcing many workers to return to the office much sooner than that, while other departments had already been forced back to the office by their managers. [...] AT&T workers have started a petition demanding the company makes working from home a permanent option for workers. [...] Val Williams, an AT&T worker and union steward for the Communications Workers of America in Houston, Texas, was forced to return to work in the office in April 2022. She criticized the push to bring workers back into the office after she said workers had been praised for productivity while working from home. Williams criticized the pushback to return to the office given AT&T is a communications company with the technology and resources to make working from home a seamless option. "Our revenue has increased over the last two years while we were working from home. Our job descriptions state we are capable of working with little to minimum management and that's what we've been doing," she said. She also argued it was unfair how the push to return workers to the office has been enforced, with some departments being brought back while others are still working from home. "We don't feel like anybody's health is greater than any others. Because everybody has their own health issues, or they may have family members that have health issues that they have to return home to," she added. [...] A spokesperson for AT&T did not provide data on how many workers at the company are still working from home, but claimed it was never the company's intention to make working from home indefinite. "The health and safety of our employees continues to be our priority," said the spokesperson in an email. "As we have throughout the pandemic, we adhere to guidance from the medical community, including implementing safety protocols to help protect our employees' wellbeing. And now that we are a largely vaccinated workforce, we believe it's safe for employees to return to the workplace. We do our best work when we're together."

Read more of this story at Slashdot.

August 15, 2022

Paramount+ to Be Bundled With Walmart+ Membership Program

Walmart reached a deal with Paramount Global to include the Paramount+ streaming service as part of the retailing giant's Walmart+ membership program starting in September. Variety reports: The Paramount+ Essential plan, which includes ads, will be available for no extra cost to Walmart+ members. In the U.S., Paramount+ Essential is regularly $4.99/month. The Essential plan does not include local live CBS stations (available only in Paramount+ Premium, $9.99/month), but it does provide NFL and UEFA Champions League games available via separate live feeds. The move by Walmart is intended to make Walmart+, which launched in September 2020, more competitive with Amazon's Prime by adding a streaming-entertainment component. Walmart+ costs $12.95 per month (or $98 per year), providing subscribers with same-day delivery on more than 160,000 products. Program members also can save up to 10 cents per gallon on gas at more than 14,000 participating stations nationwide and get up to six months of Spotify Premium for free. "In announcing Q2 earnings, Paramount said that Paramount+ now has 43.3 million paid customers, a net add of 3.7 million for the June quarter (including 1.2 million disconnects in Russia)," adds the report. Walmart does not disclose the number of Walmart+ members, but according to a Morgan Stanley survey in May, "the service has around 16 million members compared with about 15 million in November 2021."

Read more of this story at Slashdot.