‘Boombox’ function sparks Tesla recall

Updated Brave this week said it is blocking the installation of a popular Chrome extension called L.O.C. because it exposes users’ Facebook data to potential theft.

“If a user is already logged into Facebook, installing this extension will automatically grant a third-party server access to some of the user’s Facebook data,” explained Francois Marier, a security engineer at Brave, in a GitHub Issues post. “The API used by the extension does not cause Facebook to show a permission prompt to the user before the application’s access token is issued.”

However, the developer of the extension, Loc Mai, told The Register that his extension is not harvesting information – as the extension’s privacy policy states. The extension currently has around 700,000 users.

Apple on Thursday patched a zero-day security vulnerability in its WebKit browser engine, issuing updates for iOS, iPadOS, and macOS.

Its Safari browser, based on WebKit, received the security update separately for instances where it is being used with an older version of macOS, like Big Sur. Apple’s tvOS was also refreshed, but without the security fix.

The updates – iOS 15.3.1, iPadOS 15.3.1, and macOS Monterey 12.2.1 – address CVE-2022-22620, reported to Apple by an anonymous researcher.

Microsoft has dropped a gentle reminder that the clock is ticking for older versions of Visual Studio.

April is set to be a busy month for VS admins. Mainstream support for Visual Studio 2017 ends on 12 April (although there will be another five years of security fixes for v15.9). Support for Visual Studio 2019 v16.7 ends on 12 April, necessitating a hop to v16.11 (which keeps mainstream support to April 2024) or going direct to Visual Studio 2022.

Or you could opt for an entirely new set of tools. There are some worthy alternatives out there, not least Microsoft’s own Visual Studio Code. Then again, things do move rather quickly these days, and for many the familiar moth-eaten blanket of Microsoft’s development environment is a comfort even if it is now garbed in 64-bit clothes.

The US government has added 15 vulns under active attack to a little-known but very useful public database: its Known Exploited Vulnerabilities catalogue.

Building on numerous advisory notes over the past few years warning of currently exploited tools, the Cybersecurity and Infrastructure Security Agency (CISA) now maintains a public list of vulnerabilities that are, or have been, actively exploited.

These latest additions to the database include CVEs as old as 2017 and affecting products from Microsoft, Oracle, and Apple. Each entry comes with a “remediation due date” – though all but one of the latest entries all have remediation dates in August.

Microsoft has responded to Google’s plan to shift users of G Suite’s “legacy free edition” to paid subscriptions with the offer of a 60 per cent discount on a year of Microsoft 365.

The offer only applies to a Microsoft 365 Business Basic, Business Standard, or Business Premium subscription.

It’s all a far cry from the previous decade, where Microsoft worried there was a danger of losing out to Google in the cloud applications game. Since then, the Windows giant has cashed in with its Microsoft 365 subscription model and is confident enough to make a move on customers jumpy about a forced move to paid Google subscriptions with an offer of its own.

Later this year Intel will start selling a chip designed to mine Bitcoin as it rushes into the digital transactions market.

The company says it will ship an energy-efficient accelerator for those cryptocurrency miners; Argo Blockchain, BLOCK (formerly known as Square), and GRIID Infrastructure will be among its earliest users. Specifics on the chip will be detailed at this month’s International Solid-State Circuits Conference (ISSCC).

“This architecture is implemented on a tiny piece of silicon so that it has minimal impact to the supply of current products,” Intel’s Raja Koduri said in a letter posted on Friday.

Optical-fibre internet now makes up 32 per cent of fixed broadband subscriptions across the OECD countries, and is the fastest growing broadband technology. However, there is a mixed picture with cable still dominant in the Americas and the UK still predominantly DSL.

These figures come from an update to the OECD’s broadband portal, indicating that fibre subscriptions grew by 15 per cent across the OECD countries between June 2020 and June 2021, with demand for faster internet speeds as employees worked remotely due to COVID-19 restrictions cited as one reason.

Fixed broadband subscriptions in OECD countries totalled 462.5 million as of June 2021, up from 443 million a year earlier, while mobile broadband subscriptions totalled 1.67 billion, up from 1.57 billion a year earlier.

British competition regulators have accepted promises by Google that its cookie-killing Privacy Sandbox project won’t shut other adtech companies out of the market.

In a statement this morning the Competition and Markets Authority (CMA) said it had intervened “over concerns that the proposals would cause online advertising spending to become even more concentrated on Google, weakening competition and so harming consumers.”

Google has promised to send data about its Privacy Sandbox cookie replacement project to the CMA at regular intervals, also allowing the regulator to inspect key APIs for the service. It has also promised to give the CMA two months’ notice before pulling the plug on cookies.

ZFS has been around for 16 years and has a solid reputation, but it does have limitations compared to its rivals. One of these is in the process of being lifted: soon it will be possible to add space to an existing ZFS array. As long as you’re using FreeBSD, anyway.

Filesystems are one of the core differentiators between enterprise Linux distributions (and other Unix and Unix-like OSes). That means, like anything in the Unix world, there’s “advocacy” – in other words, bitter squabbling about which is best or worst.

ZFS was originally developed by Sun for Solaris. At one point, Apple was going to adopt it, but changed its mind. Now, of course, Oracle owns it – but there is OpenZFS, and a very small chance that the situation might change.

UK IT contractors have been given no guidance on how to claw back tax erroneously taken by employers under IR35 rules, which already cost central government bodies £263m when they failed to correctly adhere to the guidelines.

According to a report from public spending watchdog the National Audit Office (NAO), the UK’s tax collector has failed to clarify the controversial new rules which govern contractor’s tax status, while there is no new legal framework to interpret the rules.

The IR35 reforms, which put the onus on the employer, rather than the contractor, for determining their employment status, were introduced in the public sector in 2017. Following a year’s delay, they were introduced to large and medium-sized private sector businesses in April 2021.

What appears to be stolen data belonging to customers of accounting conglomerate Optionis Group has surfaced on the dark web weeks after the firm confirmed intruders had broken into its systems.

Optionis Group houses brands including Parasol Group, Clearsky, SJD Accounting and NixonWilliams.

The Vice Society ransomware gang dumped what appears to be thousands of files onto their dark web blog as downloadable links, as seen by The Register.