KarnaSubarna

Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies. That number varied significantly, with some panelists’ data listing over 7,000 companies providing their data.

X’s move to make people pay for a basic form of two-factor is problematic. It also created confusion because the company prompted free users to switch away from SMS two-factor, but then seemingly simply turned off the protection altogether for those who didn’t. This likely left a group of users in a situation where they think they have two-factor authentication on, but actually don’t.

To exploit the vulnerability, which the researchers call LeftoverLocals, attackers would need to already have established some amount of operating system access on a target’s device. Modern computers and servers are specifically designed to silo data so multiple users can share the same processing resources without being able to access each others’ data. But a LeftoverLocals attack breaks down these walls. Exploiting the vulnerability would allow a hacker to exfiltrate data they shouldn’t be able to access from the local memory of vulnerable GPUs, exposing whatever data happens to be there for the taking, which could include queries and responses generated by LLMs as well as the weights driving the response.

The researchers did not find evidence that Nvidia, Intel, or Arm GPUs contain the LeftoverLocals vulnerability, but Apple, Qualcomm, and AMD all confirmed to WIRED that they are impacted. This means that well-known chips like the AMD Radeon RX 7900 XT and devices like Apple’s iPhone 12 Pro and M2 MacBook Air are vulnerable. The researchers did not find the flaw in the Imagination GPUs they tested, but others may be vulnerable.

Update 1/16 - Adblock has informed BleepingComputer that its engineers fixed the problem and released ABP 3.22.1 and AB 5.17.1 on the Opera and Edge extension stores. The same versions are currently in review on the Mozilla and Chrome add-on stores, and should be made available soon.

The Beijing institute developed the technique to crack an iPhone’s encrypted device log to identify the numbers and emails of senders who share AirDrop content, the city’s judicial bureau said in an online post. Police have identified multiple suspects via that method, the agency said, without disclosing if anyone was arrested. “It improves the efficiency and accuracy of case-solving and prevents the spread of inappropriate remarks as well as potential bad influences,” the bureau said.

Further read: https://sfj.beijing.gov.cn/sfj/sfdt/ywdt82/flfw93/436331732/index.html

"After signing into their ACT account, if a student accepted cookies on the following page, Facebook received details on almost everything they clicked on—including scrambled but identifiable data like their first and last name, and whether they’re registering for the ACT. The site even registered clicks about a student’s ethnicity and gender, and whether they planned to request college financial aid or needed accommodations for a disability"