Cross posted from: https://beehaw.org/post/13390116

Typing logographic languages such as Chinese is more difficult than typing alphabetic languages, where each letter can be represented by one key. There is no way to fit the tens of thousands of Chinese characters that exist onto a single keyboard. Despite this obvious challenge, technologies have developed which make typing in Chinese possible. To enable the input of Chinese characters, a writer will generally use a keyboard app with an “Input Method Editor” (IME).

Almost all keyboard apps used by Chinese people around the globe share a security vulnerability that can be exploited to to detect what users are typing, researchers at the Citizen Lab, a technology and security research lab affiliated with the University of Toronto, have found.

Acvording to Citizen Lab, the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state surveillance groups.

"Our analysis revealed critical vulnerabilities in keyboard apps from eight out of the nine vendors in which we could exploit that vulnerability to completely reveal the contents of users’ keystrokes in transit," a new report says, adding that "most of the vulnerable apps can be exploited by an entirely passive network eavesdropper".

Combining the vulnerabilities discovered in this and our previous report analyzing Sogou’s keyboard apps, Citizen Lab estimates that up to one billion users are affected by these vulnerabilities. "Given the scope of these vulnerabilities and the ease with which these vulnerabilities may have been discovered, it is possible that such users’ keystrokes may have also been under mass surveillance," the report says.

In their report, the researchers analyzed the security of cloud-based pinyin keyboard apps from nine vendors: Baidu, Honor, Huawei, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi.

We examined these apps’ transmission of users’ keystrokes for vulnerabilities.

In eght out of the nine vendor, the researchers could exploit the vulnerability to completely reveal the contents of users’ keystrokes in transit, the only exception being a phone by Huawei.

Having the capability to read what users type on their devices is of interest to a number of actors — including government intelligence agencies that operate globally — because it may encompass exceptionally sensitive information about users and their contacts including financial information, login credentials such as usernames or passwords, and messages that are otherwise end-to-end encrypted.

I really want to use AI like llama, ChatGTP, midjourney etc. for something productive. But over the last year the only thing I found use for it was to propose places to go as a family on our Hokaido Japan journey. There were great proposals for places to go.

But perhaps you guys have some great use cases for AI in your life?

Isn't that a prerequisite for enshitification? Publicly-traded companies are required (by law, I think) to maximize profits for their shareholders, even if that means utterly ruining their original product (Reddit, Boeing, etc.), yes? What do you think?

• IBM is registered as a sales company in Brazil, making its employees ineligible for benefits granted to tech workers.
• Workers in the state of Minas Gerais won a lawsuit against the company to be recognized as IT employees.
• Galvanized by the successful lawsuit, workers in another state are following suit, opening the possibility for a flood of legal action against IBM.

Edward Zitron has been reading all of google's internal emails that have been released as evidence in the DOJ's antitrust case against google.

This is the story of how Google Search died, and the people responsible for killing it.

The story begins on February 5th 2019, when Ben Gomes, Google’s head of search, had a problem. Jerry Dischler, then the VP and General Manager of Ads at Google, and Shiv Venkataraman, then the VP of Engineering, Search and Ads on Google properties, had called a “code yellow” for search revenue due to, and I quote, “steady weakness in the daily numbers” and a likeliness that it would end the quarter significantly behind.

HackerNews thread: https://news.ycombinator.com/item?id=40133976

MetaFilter thread: https://www.metafilter.com/203456/The-core-query-softness-continues-without-mitigation

"Google issued a stern warning to its employees, with the company’s vice president of global security, Chris Rackow, saying, “If you’re one of the few who are tempted to think we’re going to overlook conduct that violates our policies, think again,” according to an internal memo obtained by CNBC."

cross-posted from: https://infosec.pub/post/11194362

49.6% of all internet traffic came from bots in 2023, a 2% increase over the previous year, and the highest level Imperva has reported since it began monitoring automated traffic in 2013. For the fifth consecutive year, the proportion of web traffic associated with bad bots grew to 32% in 2023, up from 30.2% in 2022, while traffic from human users decreased to 50.4%. Automated traffic is costing organizations billions (USD) annually due to attacks … More → The post Bots dominate internet activity, account for nearly half of all traffic appeared first on Help Net Security.

Caveat: It isn't available in the app store in the EU, and is instead only available via the developer's marketplace, AltStore¹. As far as I can tell, this genuinely isn't because of greed, but because of a little detail in Apple's EU rules (possibly wrong):

[...] Developers can choose to remain on the App Store’s current business terms or adopt the new business terms for iOS apps in the EU.

Developers operating under the new business terms for EU apps will have the option to distribute their iOS apps in the EU via the App Store, Web Distribution, and/or alternative app marketplaces. [...] Developers who achieve exceptional scale on iOS, with apps that have over one million first annual installs in the past 12 months in the EU, will pay a Core Technology Fee. ²

The problem being, if you're under the old terms, there is no "Core Technology Fee." However, in order to distribute on another marketplace, you must opt into the new terms, meaning you now have to pay the fee even on apps that are distributed on Apple's app store. Thus, if you distribute on the iOS app store in the EU for free, and lets say it gets 2 million installs, you get 1 million installs free... and you now owe Apple half a million dollars.

1. https://news.ycombinator.com/item?id=40067556
2. https://developer.apple.com/support/core-technology-fee/

I work for the support department of a large multinational imaging company. Starting yesterday, we started getting tons of calls from customers who have been sending email from their devices from Gmail domains who are not able to send emails to M365 users. A bit of snooping in our test M365 domain shows that they are being dropped as spam from M365. What's odd is that I cannot find any mention of this behavior anywhere on the Internet. Has anyone else seen this yet?

The nonprofit company is contemplating federating Ghost over ActivityPub. There is a survey asking users about their usage of ActivityPub platforms like Mastodon and how they expect ActivityPub functionality to work in Ghost.

Credit to @bontchev

I am no stranger to Excel and Tech in general, however this stumped me! This all occurred on the corporate laptop where we connect to the network remotely using a security token ID. Any help is extremely appreciated as I would hate to have to do hours of re-work. Adulting is hard.

I was working in an Excel spreadsheet, when suddenly the Excel application started glitching. Any updates to a given cell would not immediately reflect. I could only view the change after toggling to a different tab and returning to the tab with the updated cell. Instead of clicking the Save button, I clicked the Exit button on the Excel file as I know a pop-up would be triggered if changes were made since the most recent save. The file closed with no pop-ups, so I figured that was because I had already recently saved the file which I remember doing. I then rebooted the laptop, logged in again with new token as we do each time, expecting to see all my updates when re-opening the file. Especially because the time stamp of the file clearly indicated the moment right before the reboot. But the file had completely reverted to the original state! I even checked many other local folders including Downloads, Documents, Desktop. I checked the Recent Files panel within the Excel file but all versions were also in original state. I looked for the Auto-recovery panel but none was available.

I'm panicking as I'm really in a bind and time crunch. I considered consulting our IT team but they are usually so slow and would most likely be too late, if they can even recover the updated file. Is it possible to recover the updated file in general now? What was the issue in this series of events, and what would have been the best solution? Any other advice or insight to help me out? Thank you all!

The full power of next-generation quantum computing could soon be harnessed by millions of individuals and companies thanks to a breakthrough by scientists at Oxford’s Department of Physics guaranteeing security and privacy. The advance promises to unlock the transformative potential of cloud-based quantum computing and is detailed in a new study published in Physical Review Letters.

In the new study, the researchers use an approach known as ‘blind quantum computing’, which connects two totally separate quantum computing entities – potentially an individual at home or in an office accessing a cloud server – in a completely secure way. Importantly, their new methods could be scaled up to large quantum computations.