Boom Supersonic wants you to break the sound barrier – CNET

boom-xb-1.png

Someday ordinary people might fly at supersonic speeds in this. 

Boom Supersonic

Boom Supersonic on Wednesday unveiled what it hopes to be the first step in letting ordinary people fly at supersonic speeds again. The XB-1 that rolled out at an event in Colorado won't carry passengers, but it'll serve as a demonstration aircraft to test the company's technologies.

"We have begun to pave the path of a mainstream supersonic future," said CEO Blake Scholl. "Today we stand on the precipice of a new age of travel." 

The 71-foot XB-1 will use three General Electric engines with 12,000 pounds of thrust. As with the Concorde, a long pointy nose will obscure the view of the runway from the cockpit during landing, but cameras will take the place of the Concorde's dropping nose.

"[The XB-1's] fuselage is designed for speed minimizing drag and supersonic performance," Scholl said. "Its carbon composite airframe retains its rigidity and strength even under the temperatures of supersonic flight and its delta wind balances low-speed performance for take off and landing with high speed efficiency."

Boom's ultimate goal is to bring back commercial supersonic flight following the retirement of the Anglo-French Concorde in 2003. Its planned Overture airliner, which was first announced at the 2017 Paris Air Show, promises to carry between 45-55 passengers --half the capacity of the Concorde.

Flying at more than twice the speed of sound, it would cut the current flight time between London and New York in half to just 3 hours, 15 minutes and a reduce a typical 14-hour flight between Los Angeles and Sydney to 6 hours, 45 minutes. 

More importantly, though, Boom promises the Overture will fix many of the drawbacks that plagued the Concorde. Though it still looks futuristic even a half a century after its debut, the Concorde was loud (and that's not even counting the sonic booms), had limited range and it guzzled fuel making it extraordinarily expensive to operate. 

Boom says a lighter carbon fiber skin -- some of the hardware on the XB-1 will be 3D printed by a Silicon Valley company called Velo -- will make the Overture cheaper for both airlines and passengers by being more fuel efficient. Carbon fiber will also better handle the high temperatures generated from air friction while flying at supersonic speeds (that friction caused Concorde's fuselage to grow by almost a foot at faster-than-sound speeds).

xb-1-reveal-aft-2

The XB-1 has three General Electric engines. 

Boom Supersonic

The company also says its aircraft will produce a softer sonic boom and its engines are supposed to be quieter (thanks to no afterburners) and carbon neutral by using sustainable fuel.

High promises indeed, and Boom has a long road ahead. Even today it didn't delve into deep detail about the Overture's features like its engines, except to say that it's developing a custom medium bypass turbofan with Rolls-Royce.

"They'll be both quiet and super efficient," Scholl said.

Of course, the Federal Aviation Administration will have to certify the Overture before it can carry passengers, but Boom will eventually have to fly over a higher hurdle. Sonic booms are still illegal or severely restricted over most countries, a big factor that limited the Concorde's routes and its appeal to airlines. If Boom hopes to fly more than just overwater routes, it'll need to have those bans modified or overturned. 

Boom counts Linked In founder Reid Hoffman as an investor and says it has interest from airlines including the Virgin Group. Speaking remotely during the event, Japan Airlines Chairman Yoshiharu Ueki said it's partnering with Boom on the Overture's development. 

"We imagine supersonic travel to bring significant value to us, the aviation industry and to international passengers," he said. "Boom is empowering the next era of travel through supersonic travel."

Now playing: Watch this: Boom is ready to roll out its first supersonic jet

6:24

Mike Bannister, the former chief Concorde pilot for British Airways, also made a remote appearance. "I've always believed there would be a supersonic successor," he said. "The overture will be that airliner."

But the company is not alone in helping paying passengers to break the sound barrier again. Spike Aerospace, Aerion Supersonic and Lockheed in partnership with NASA, are all working on low sonic boom aircraft to varying degrees.

Test flights of the XB-1 are to begin next year over California's Mojave Desert. If all goes well and Boom is able to clear regulatory barriers, the Overture is slated for a rollout in 2025 and an entry into service by 2029.

Let's block ads! (Why?)

Read More

Amazon Wants to ‘Win at Games.’ So Why Hasn’t It?

Amazon made its first sizable bet on gaming in 2008, when it acquired a small developer with a dozen or so PC and Mac titles to its name. The company hung around the low-limit tables for the next few years, releasing a kid-friendly Facebook game starring a family of foxes in 2012—its first under the banner of Amazon Game Studios.

At the time, one source said, the company thought of video games as a playful way to move product. It planned, for example, to publish titles for its ill-fated Fire phone and Kindle Fire tablet. And there was a vague idea that, somehow, Amazon could find a targeted way to sell Prime subscriptions to the gaming demographic. (In a statement, the company said, “Our goal is, and always has been, to make great games.”)

Soon, though, Amazon executives began thinking bigger. Word among employees, two sources told me, was that Jeff Bezos, the CEO, wanted to “win at games.” Mike Frazzini, who had volunteered to lead the company’s gaming initiative, was tasked with building a billion-dollar franchise. A game that huge wouldn’t just sell a few extra Kindles; it would draw in money all across the Amazon empire.

Frazzini was a trusted executive. An Amazon lifer, he had made a name for himself in the company’s marquee book business. His knowledge of video games, though, seemed thin to some. In meetings, two former employees said, Frazzini would mention his love of R.B.I Baseball, a jock’s game from the late 1980s, or talk about what an avid gamer his son was. (Amazon contested this characterization as inaccurate, writing, “While RBI is his favorite game, he has been playing games since he was a kid, and has been a passionate gamer.”)

Frazzini’s seeming lack of experience might have raised eyebrows at most studios, but at Amazon it wasn’t so unusual. The philosophy there, one former employee told me, “is that any product manager can go between any business—from groceries to film to games to Kindle. The skillset is interchangeable. They just have to learn the particular market.”

Frazzini reported to Andy Jassy, the head of Amazon Web Services, the company’s cloud-computing arm, and drew his budget from AWS’s ever-refreshing coffers. With Jassy’s support, Frazzini set about realizing the boss’s vision. His approach, according to one former employee familiar with his thinking, went like this: “I have an unlimited amount of money. I can pay the best people whatever they want to come work here. And so we should just do all of the things at once. Why waste time?”

Here again, Amazon seemed to be bucking industry norms. Most rookie studios take a cautious, incremental approach to game development: They write their code on a tried and tested third-party game engine, such as Unreal or Unity, rather than going to the trouble of building one from scratch. They release a medium-scale title or two and hope for the best. And then, if they haven’t gone out of business, they begin the long, difficult job of making a big-budget AAA game.

But Amazon Game Studios would do none of that. Instead, it would try to transform its quaint little hamlet into a Jetsons-style cityscape overnight. It would cobble together its own game engine and wrangle all the data and code on its own AWS servers. The games themselves (Amazon, of course, planned to develop several AAA titles simultaneously) would also serve as advertisements for the company’s other services. Bingo.

Over the next 18 months, Amazon transformed itself into a would-be gaming giant. In early 2014, the company acquired Double Helix Games, a studio based in Irvine, California, that employed about 75 people. Its head, Patrick Gilmore, had led production on numerous successful titles, including 2013’s Killer Instinct.

Read More

How Google’s Android Keyboard Keeps ‘Smart Replies’ Private

Google has infused its so-called Smart Reply feature, which uses machine learning to suggest words and sentences you may want to type next, into various email products for the last several years. But with Android 11, those contextual nudges—including emojis and stickers—are built directly into Gboard, Google’s popular keyboard app. They can follow you everywhere you type. The real trick? Figuring out how to keep the AI that powers all of this from becoming a privacy nightmare.

First, some basics. Google has been adamant for years that Gboard doesn’t retain or send any data about your keystrokes. The only time the company knows what you’re typing on Gboard is when you use the app to submit a Google search or input other data to the company’s services that it would see from any keyboard. But offering reply recommendations has broader potential privacy implications, since the feature relies on real-time analysis of everything that’s going on in your mobile life to make useful suggestions.

“Within Gboard we want to be smart, we want to give you the right emoji prediction and the right text prediction,” says Xu Liu, Gboard’s director of engineering. “But we don’t want to log anything you type and there’s no text or content going to any server at all. So that’s a big challenge, but privacy is our number one engineering focus.”

To achieve that privacy, Google is running all of the necessary algorithms locally on your device. It doesn’t see your data, or send it anywhere. And there’s another thing: Google isn’t trusting the Gboard app itself to do any of that processing.

“It’s great to see advanced machine learning research work its way into practical use for strictly on-device applications,” says Kenn White, a security engineer and founder of the Open Crypto Audit Project.

Even with the precaution of keeping all the AI magic on the device, giving a keyboard app access to the content that feeds those calculations would be high risk. Malicious apps, for example, could try to attack the keyboard app to access data they shouldn’t be able to see. So the Gboard team had an idea: Why not box Gboard out of the equation entirely and have the Android operating system itself run the machine learning analyses to determine response recommendations? Android already runs all of your apps and services, meaning you’ve already entrusted it with your data. And any malware that’s sophisticated enough to take control of your smartphone’s operating system can ransack the whole thing anyway. Even in a worst-case scenario, the reasoning goes, letting Android oversee predictive replies doesn’t create an additional avenue for attack.

So when Gboard pops up three suggestions of what to type next in Android 11, you’re actually not looking at the Gboard app when you scan those options. Instead, you’re experiencing a sort of composite of Gboard and the Android platform itself.

“It’s a seamless experience, but we have two layers,” Google’s Liu says. “One is the keyboard layer and the other is the operating system layer, but it’s transparent.”

Gboard is the default keyboard on stock Android, but it’s also available on iOS. These new features aren’t available for iPhone and iPad owners, but because Android is open source, Google can offer the same predictive feature it’s using in Gboard for any other third-party keyboard to incorporate into its app. This way, alternative keyboards don’t have to do anything sneaky or try to work around Android’s permission limits for apps to offer predictive replies. And the whole system is powered by Google’s “federated learning” techniques, a way of building machine learning models off of data sets that come from all different sources and are never combined—like using data from everyone’s phones to refine prediction algorithms without ever moving the data off their devices.

Read More

The Right Way to Cover Hacks and Leaks Before the Election

News organizations need to recognize that in such maneuvers they are the target of an active information influence operation, either by a foreign adversary or a campaign foe. That requires treating adversarial hack-and-leak operations—or, just as importantly, the possibility of an adversarial hack-and-leak operation—as unique and different from a “normal” whistleblower, like an Edward Snowden or Reality Winner.

What We Might Expect This Fall

The most troubling problem with confronting hack-and-leak operations in 2020 is the special challenge of Donald Trump—a president uniquely inclined to disregard democratic norms, spread unfounded conspiratorial notions, and encourage questions about the legitimacy of the election. Trump’s day-to-day mendacity and encouragement of foreign assistance means that rather than eschewing or condemning such operations, he seems uniquely inclined to wholeheartedly embrace the leak of stolen documents.

Everything we’ve seen over the last five years about Trump’s behavior should warn us that he would embrace aid from foreign adversaries and turn it to his political benefit. He’s said as such, as evidenced by his actions in Ukraine, which lead to his impeachment in January seemingly one million news cycles and crises ago, and his calls for China and others to release information that may harm opponent Joe Biden. Similarly, recent evidence shows that Attorney General Bill Barr and Secretary of State Mike Pompeo both seem willing to use their offices to promote the Trump campaign’s interests. Together, such behaviors represent dangerous, fertile ground for a hack-and-leak operation to take root.

One scenario that seems likely to stymie the best possible intentions of the news media is how a hack-and-leak operation might collide with Donald Trump’s natural instincts to inspire second- and third-order political effects that would be impossible to ignore. President Trump, for instance, might weaponize and give oxygen to even a mundane, milquetoast leak to undermine the credibility of the Biden campaign, or attempt to raise questions about the legitimacy of the election, distracting and clouding the presidential race with the vaguest of misconduct allegations.

So how should the news media avoid allowing its pages and programs from being turned into weapons? How do we build on the awareness to do a better job of saying “Caveat lector,” let the reader beware?

This summer at the Aspen Institute, Vivian Schiller and I designed and ran a tabletop exercise geared toward an unfolding hack-and-leak operation timed to the second presidential debate in October.

We imagined how the media might respond to an anonymous “DCLeaks”-style website that appears and purportedly contains internal document stolen from Burisma, the Ukrainian energy company that was at the center of the impeachment inquiry. It wouldn’t take much effort for such an operation to contain a few key doctored documents, appearing to allege that perhaps we don’t know the full truth about Hunter Biden’s role with the company. In the days ahead, journalists compete ferociously, racing to responsibly confirm the authenticity of the documents and, within a relatively few days, determine the most damning documents are false—that there’s no concrete evidence of wrongdoing by the Bidens at all, just some Sony-style internal Burisma corporate gossip, some financial records, and strategy PowerPoints.

In the meantime, though, the mere existence of the leaks ricochets through the right-wing media bubble—they are speculated about on Fox & Friends, OAN, and elevated online by Trump fan sites. The president—who in real life today spent the anniversary of the Podesta leaks tweeting unceasingly about some made-up scandal about “Obamagate”—begins amplifying the claims as evidence that Joe Biden is crooked. He calls for the FBI to investigate. He tweets something reckless and unproven, like, “Is Joe Biden biggest criminal of all time?” His supporters break into “Lock him up!” chants at rallies. Before the authenticity of the documents are even disproved by reporters, “senior Justice Department officials” leak that a grand jury has been empaneled to investigate the Biden family, and Secretary of State Mike Pompeo and Director of National Intelligence John Ratcliffe announce that they’re traveling to Ukraine to find out the truth. The Biden campaign hits back, saying that the Trump campaign is acting as a pawn of Russia, weaponizing the US government for the president’s reelection. By that point, even if responsible news organizations decide the underlying documents are forgeries, the story has morphed from an “information operation” to an arguably genuine political controversy.

Read More

How to Watch the 2020 Vice Presidential Debate

So, some stuff has happened since the last one of these. Not going to get into all of it now, but suffice to say some circumstances have changed ahead of tonight’s debate between Vice President Mike Pence and Senator Kamala Harris.

Read More

illustration of 2020 in red and blue

For one, the candidates are going to be separated by a wider gap than previously planned, up from 7 feet to 12 feet, 3 inches. A pair of plexiglass partitions have also been added to the stage. The additional measures were put in place as multiple members of the White House—including the president, the first lady, the press secretary, and others—have tested positive for Covid-19 since last week. President Trump was hospitalized for the virus over the weekend. While Pence attended some of the same events as those who tested positive, White House physicians and the CDC have both issued memos that he does not need to quarantine and is safe to participate in tonight’s debate after a series of negative tests. As of this writing, Pence’s most recent test was Tuesday afternoon, according to White House physicians. The Biden campaign announced that Harris also tested negative on Tuesday, according to the Associated Press.

The debate will air live beginning at 9 pm ET (6 pm PT), with USA Today Washington bureau chief Susan Page moderating. The planned format for the evening is divided into nine themed segments of approximately 10 minutes each, with no commercial breaks. The topics of those segments have not been announced in advance, but let’s assume that at least one of them is about the virus. Pence was named head of the White House coronavirus task force in February. So far, more than 200,000 Americans have died in the pandemic.

The debate is taking place at the University of Utah in Salt Lake City, before a small live audience that will include some students. The university is in the middle of a two-week shift to online courses, as part of what school officials are calling a “circuit breaker” designed to reduce the risk of transmission. Everyone at the debate venue is supposed to be tested for coronavirus and take other precautions such as wearing masks and social distancing. Pence, Harris, and Page will be able to take off their masks once they’re onstage.

How to Watch the Debate

With a comfort beverage of your choosing.

Seriously, though, you have options. Like its presidential counterpart, the vice presidential debate will be simulcast across all the major networks and cable news programs, including ABC, CBS, CNN, C-SPAN, FOX, NBC, and PBS. Check your local listings, take your pick. The event is scheduled to kick off at 9 pm ET (6 pm PT).

Read More

Amazon Prime Day 2020 UK: Last deals still available on phones, cameras, headphones and more – CNET

Deal

Savings

Price

This story is part of Amazon Prime Day, CNET's guide on everything you need to know and how to make sure you get the best deal.

Amazon Prime Day has officially come to an end, but there are some deals still available, which we've rounded up here, including the Samsung Galaxy S20, the Fujifilm X-A7 mirrorless camera and smart toothbrushes from Oral-B. 

Note that this article was last updated at 11:30am UK time on Friday October 16 and will not be updated further.

The pricing below assumes you have an Amazon Prime membership (£8 a month or £80 a year). Pricing was accurate at the time of publication but may fluctuate without warning. We'll be updating this story with the best UK Prime Day deals we find throughout the week.

Best Prime Day smartphone and tablet deals

Best Prime Day 4K TV and home entertainment deals

Best Prime Day camera and photography deals

oneplus-8-pro-0605
Angela Lang/CNET

Best Prime Day wireless headphone and speaker deals

Best Prime Day home and kitchen appliances deals

Angela Lang/CNET

The Galaxy S10 5G saw bigger discounts during the main two days of Prime Day, but even at this price it's still a good price and a good entry into the superfast speeds of 5G.

David Carnoy/CNET

The JBL Boombox's beefy size means it's great for kicking out a big sound when you're partying in the park, on the beach or just in your back garden. Its battery lasts up to 24 hours on a charge and its handle and sturdy build make it well-equipped to handle a life on the move.

Angela Lang/CNET

Samsung's Galaxy S20 packs great specs and a superb camera into a water-resistant body. It's an all-round high performance phone and well worth a look at this price. 

Oral-B

The Oral-B 6 6000N electric toothbrush connects to an app over Bluetooth to give real-time feedback on your brushing, promising a superior clean over manual brushes.

Tyler Lizenby/CNET

The Echo Dot is Amazon's smallest and most affordable smart speaker, making it a great option for adding Alexa voice control to any -- or every -- room in your house.


Let's block ads! (Why?)

Read More

Bits of Venus may be lurking on the moon, scientists suggest – CNET

NASA created this computer-simulated global view of Venus' northern hemisphere.

NASA/JPL

Does Venus host alien life? That's the big question after a recent study spotted phosphine -- a gas with possible biological origins -- in the planet's clouds. We won't have answers until further investigation, but clues to the planet's history of habitability could be closer than expected.

Yale University astronomers Samuel Cabot and Gregory Laughlin said we should look to the moon for a peek into Venus' past. They explained why in a paper accepted into the Planetary Science Journal this month.

The study suggests "asteroids and comets slamming into Venus may have dislodged as many as 10 billion rocks and sent them into an orbit that intersected with Earth and Earth's moon," Yale said in a statement. These impacts were more common billions of years ago, meaning bits of ancient Venus could remain as well-preserved meteorites on the lunar surface. 

Venus is currently an inhospitable place with a toxic atmosphere. It's the hottest planet in our solar system and is experiencing what NASA calls "a runaway greenhouse effect." But it wasn't always like this. Venus may have had oceans and even been habitable for life as recently as 700 million years ago.

We may not have to wait too terribly long to bring new moon rocks back to Earth for the first time since the 1970s. NASA is encouraging private companies to launch sample collection missions and has its own ambitious plans to return humans to the moon in 2024.

Chemical analysis of moon rocks could tell us if they're original parts of the moon or meteorites from elsewhere. 

"An ancient fragment of Venus would contain a wealth of information," Laughlin said. "Venus' history is closely tied to important topics in planetary science, including the past influx of asteroids and comets, atmospheric histories of the inner planets, and the abundance of liquid water."   

Let's block ads! (Why?)

Read More

How to see the Draconid meteor shower before it’s too late – CNET

859714042260

"Comet 21P" is the source of the Draconids.

NASA

The Draconid meteor shower peaked Wednesday evening right around sunset, but Thursday night still offers a chance to see shooting stars or even a fireball in the sky without having to put much effort or planning into the endeavor. 

Most similar showers require staying up late or getting up well before dawn to catch the best part of the show, but the Draconids are the rare bunch that tend to be out in force just after dinner. 

The Draconids are what the American Meteor Society considers a variable meteor shower, meaning they're typically not that exciting, producing only a few shooting stars per hour at best. But they can produce strong activity on rare occasions. 

The Draconids occur when the Earth passes through trails of debris left behind by past visits from the comet 21P/Giacobini-Zinner. AMS reports that our planet is predicted to pass through two trails of dust and other detritus the space snowball left behind during its trips to the inner solar system all the way back in 1704 and 1711. 

It's possible this will lead to an increase in activity and it especially favors the East Coast of the US, where the peak in activity will come as night falls and the constellation of Draco the dragon is high in the sky. The trails of the Draconids will appear to originate from around the head of the dragon, hence the shower's name. 

The shower should be visible for sky watchers in other parts of the world, too. Astronomer Tony Phillips estimates that meteor fans should be able to see as many as 10 per hour in the northern hemisphere. Folks south of the equator won't be totally cut out of the fun, but expect to see fewer shooting stars. 

To get a glimpse of the Draconids yourself, plan to head outside as soon as night falls. Get as far away from all light pollution as you can to a location with a wide, open view of the sky. Lay on your back, let your eyes adjust and just watch. If you can find Draco in the sky, great, but you should be able to see meteors without focusing on a particular part of the sky. 

Should you happen to capture a photo of anything spectacular in the sky, don't forget to share it with me on Twitter @EricCMack.  

Let's block ads! (Why?)

Read More

Vulnerability Exposes Over 4 Million Sites Using WPBakery

On July 27th, our Threat Intelligence team discovered a vulnerability in WPBakery, a WordPress plugin installed on over 4.3 million sites. This flaw made it possible for authenticated attackers with contributor-level or above permissions to inject malicious JavaScript in posts.

We initially reached out to the plugin’s team on July 28, 2020 through their support forum. After receiving confirmation of the appropriate support channel, we disclosed the full details on July 29, 2020. They confirmed the vulnerability and reported that their development team had begun working on a fix on July 31, 2020. After a long period of correspondence with the plugin development team, and a number of insufficient patches, a final sufficient patch was released on September 24, 2020.

We highly recommend updating to the latest version, 6.4.1 as of today, immediately. While doing so, we also recommend verifying that you do not have any untrusted contributor or author user accounts on your WordPress site.

Wordfence Premium users have been protected against exploits targeting these vulnerabilities since July 28, 2020. Wordfence free users received the same protection on August 28, 2020.

Description: Authenticated Stored Cross-Site Scripting (XSS)
Affected Plugin: WPBakery
Plugin Slug: js_composer
Affected Versions: <= 6.4
CVE ID: Pending.
CVSS Score: 6.4 Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Fully Patched Version: 6.4.1

WPBakery page builder is the most popular page builder for WordPress. It is a very easy to use tool that allows site owners to create custom pages using drag and drop capabilities.

Unfortunately, the plugin was designed with a flaw that could give users with contributor and author level roles the ability to inject malicious JavaScript into pages and posts. This flaw also gave these users the ability to edit other users’ posts. The plugin explicitly disabled any default post HTML filtering checks in the saveAjaxFe function using kses_remove_filters();. This meant that any user with access to the WPBakery builder could inject HTML and JavaScript anywhere in a post using the page builder.

	public function saveAjaxFe() {
		vc_user_access()->checkAdminNonce()->validateDie()->wpAny( 'edit_posts', 'edit_pages' )->validateDie();

		$post_id = intval( vc_post_param( 'post_id' ) );
		if ( $post_id > 0 ) {
			ob_start();

			// Update post_content, title and etc.
			// post_title
			// content
			// post_status
			if ( vc_post_param( 'content' ) ) {
				$post = get_post( $post_id );
				$post->post_content = stripslashes( vc_post_param( 'content' ) );
				$post_status = vc_post_param( 'post_status' );
				$post_title = vc_post_param( 'post_title' );
				if ( null !== $post_title ) {
					$post->post_title = $post_title;
				}
				kses_remove_filters();
				remove_filter( 'content_save_pre', 'balanceTags', 50 );

Furthermore, while WPBakery only intended pages that were built with the WPBakery page builder to be editable via the builder, users could access the editor by supplying the correct parameters and values for any post. This could be classified as a general bug as well as a security issue, and is what made it possible for contributors and editors to use the wp_ajax_vc_save AJAX action and corresponding saveAjaxFe function to inject malicious JavaScript on their own posts as well as other users’ posts.

The plugin also had custom onclick functionality for buttons. This made it possible for an attacker to inject malicious JavaScript in a button that would execute on a click of the button. Furthermore, contributor and author level users were able to use the vc_raw_js, vc_raw_html, and button using custom_onclick shortcodes to add malicious JavaScript to posts.

All of these meant that a user with contributor-level access could inject scripts in posts that would later execute once someone accessed the page or clicked a button, using various different methods. As contributor-level users require approval before publishing, it is highly likely that an administrator would view a page containing malicious JavaScript created by an attacker with contributor-level access. By executing malicious JavaScript in the administrator’s browser, it would be possible for an attacker to create a new malicious administrative user or inject a backdoor, among many other things.

In the latest version of WPBakery, lower level users no longer have unfiltered_html capabilities by default, however, administrators can grant that permission if they wish to. In addition, users without the appropriate privileges can no longer edit other users’ posts, access the page builder unless permitted, or use shortcodes that could allow the injection of malicious JavaScript.

Dual Account Control

One strategy to keep your site protected from Cross-Site Scripting attacks against higher-privileged accounts is to use dual accounts. Dual account control uses two accounts for any user that may require administrative capability. This can be done by using one user account with administrative capabilities for admin-related tasks like adding new users and plugins and another user account with editor capabilities used to review and approve author and contributor posts.

Doing so will limit the impact that a Cross-Site Scripting vulnerability may have. When you access a page as a site administrator, any malicious JavaScript that an attacker injects can use administrative only functions like adding a new user or editing a theme file to further infect the site. By using a user account with only editor capabilities while editing, creating, and checking on posts created by lower-level users, an XSS exploitation attempt could be limited, as an attacker can’t successfully add new admin accounts or edit themes through an Editor account.

Especially in cases where many users can access authenticated actions, we recommend using an administrative user account only when you need to perform administrative functions on your site.

Disclosure Timeline

July 27, 2020 – Initial discovery of the vulnerability. We develop a firewall rule and move it into the testing phase.
July 28, 2020 – The firewall rule is sufficiently tested and released to premium users. We make our initial outreach to the WPBakery plugin team.
July 29, 2020 – The WPBakery team responds confirming the appropriate inbox and we send over full disclosure details.
August 21, 2020 – After some follow-up an initial patch is released.
August 26, 2020 – We let the WPBakery team know that there are some additional minor problems missed that require resolution.
August 28, 2020 – Wordfence free users receive the firewall rule.
September 2, 2020 – We follow up to see if the WPBakery team received our last email.
September 9, 2020 – The WPBakery team confirms they received our email and are working on getting an additional patch released.
September 11, 2020 – The WPBakery team releases an additional patch that is not fully sufficient.
September 11 to 23, 2020 – We work together more closely to get an adequate patch out.
September 24, 2020 – Final sufficient patch released in version 6.4.1.

Conclusion

In today’s post, we detailed a flaw in the WPBakery Plugin that provided authenticated users with the ability to inject malicious JavaScript into posts using the WPBakery Page builder. Along with that, we provided some insight on how you can protect yourself against Contributor and Author level vulnerabilities. This flaw has been fully patched in version 6.4.1. We recommend that users immediately update to the latest version available, which is version 6.4.1 at the time of this publication.

As WPBakery is a premium plugin often included as a page builder with numerous premium themes, you may need to double check that any updates are available to you with your theme purchase. Verifying the plugin version number in your plugins dashboard should alert you to the version installed on your site.

Sites using Wordfence Premium have been protected against attacks attempting to exploit this vulnerability since July 28, 2020. Sites still using the free version of Wordfence received the same protection on August 28, 2020.

If you know a friend or colleague who is using this plugin on their site, we highly recommend forwarding this advisory to them to help keep their sites protected as this is a significant security update.

The post Vulnerability Exposes Over 4 Million Sites Using WPBakery appeared first on Wordfence.

Read More

Watch: Nintendo Treehouse livestream to reveal more Hyrule Warriors: Age Of Calamity – CNET

For weeks, Nintendo has been teasing Hyrule Warriors: Age of Calamity, the Legend of Zelda: Breath of the Wild prequel it revealed last month. But the upcoming Nintendo Switch game is getting another major showcase on Wednesday during the Nintendo Treehouse livestream. The event will also feature Pikmin 3 Deluxe, a remastered version of the 2013 Wii U game.

The livestream kicks off at 10 a.m. PT (1 p.m. ET/6 p.m. BST/ 3 a.m. Thursday AEST), and we've embedded it above so you can watch right here.

Pikmin 3 Deluxe comes out Oct. 30, and Hyrule Warriors: Age of Calamity arrives Nov. 20.

Let's block ads! (Why?)

Read More
Page 30 of 1,616« First...1020«2829303132»405060...Last »