igreulich - Slashdot User

Submission + - Journalists test an iPhone-to-HDMI adaptor which demands location/browsing data (404media.co)

Submitted by Slash_Account_Dot on Friday September 29, 2023 @11:16AM

Slash_Account_Dot writes: I recently got my hands on an ordinary-looking iPhone-to-HDMI adapter that mimics Apple’s branding and, when plugged in, runs a program that implores you to “Scan QR code for use.” That QR code takes you to an ad-riddled website that asks you to download an app that asks for your location data, access to your photos and videos, runs a bizarre web browser, installs tracking cookies, takes “sensor data,” and uses that data to target you with ads. The adapter’s app also kindly informed me that it’s sending all of my data to China.
The cord was discovered by friend of 404 Media John Bumstead, an electronics refurbisher and artist who buys devices in bulk from electronics recyclers. Bumstead tweeted about the cord and was kind enough to send me one so I could try it myself. Joseph has written about malicious lightning cables and USB cables made by hackers that can be used for keystroke logging and spying. While those malicious lightning cables are products marketed for spying, the HDMI adapter Bumstead has been found in the wild and is just another crappy knockoff cable sold on Amazon’s increasingly difficult to navigate website. This HDMI adapter is designed to look exactly like Apple’s same adapter. Here they are side-by-side:

Submission + - Raspberry Pi 5 announced (raspberrypi.com) 1

Submitted by jizmonkey on Thursday September 28, 2023 @02:18AM

jizmonkey writes: Today the Raspberry Pi 5 was announced, to ship at the end of October. The new version is priced at $60 for the 4GB variant, and $80 for its 8GB sibling, and virtually every aspect of the platform has been upgraded. The new CPU is twice as fast and new features include simultaneous 5.0 Gbps USB 3.0 ports and a PCIe 2.0 x1 interface which can be used for an m.2 storage. Priority will be given to individual buyers through the end of the year.

Submission + - GPUs From All Major Suppliers Are Vulnerable To New Pixel-Stealing Attack (arstechnica.com)

Submitted by Anonymous Coward on Tuesday September 26, 2023 @04:28PM

An anonymous reader writes: GPUs from all six of the major suppliers are vulnerable to a newly discovered attack that allows malicious websites to read the usernames, passwords, and other sensitive visual data displayed by other websites, researchers have demonstrated in a paper published Tuesday. The cross-origin attack allows a malicious website from one domain—say, example.com—to effectively read the pixels displayed by a website from example.org, or another different domain. Attackers can then reconstruct them in a way that allows them to view the words or images displayed by the latter site. This leakage violates a critical security principle that forms one of the most fundamental security boundaries safeguarding the Internet. Known as the same origin policy, it mandates that content hosted on one website domain be isolated from all other website domains.

GPU.zip works only when the malicious attacker website is loaded into Chrome or Edge. The reason: For the attack to work, the browser must:

1. allow cross-origin iframes to be loaded with cookies
2. allow rendering SVG filters on iframes and
3. delegate rendering tasks to the GPU

For now, GPU.zip is more of a curiosity than a real threat, but that assumes that Web developers properly restrict sensitive pages from being embedded by cross-origin websites. End users who want to check if a page has such restrictions in place should look for the X-Frame-Options or Content-Security-Policy headers in the source.

Comment Re:This is a really biased summary. (Score 1) 332

by igreulich on Friday April 17, 2009 @12:01PM (#27614669) Attached to: Microsoft Family Safety Filter Blocks Google

Did Steve Jobs pee in your Weaties?

Apple is a hardware company, not a software company.
Where do they promote DRM? iTunes music is DRM-free.
I can install Windows, OSX, and nearly any flavor of Linux on my Macbook, and my iMac.
My iPod mini has PodLinux on it.

I would ask if I needed to continue, but the people that read all of this already either agree, or don't really care, and every one else is already commenting how I am a 'fanboi' or 'Apple apologist' Owell.

Slashdot Top Deals