Connect with us

General

Browser Bug Exposed Facebook Messenger Chat History

Advertisement
Code: HAP10. Enter this code at checkout and Save 10% on All Orders of $79 or More. No minimum required. Restrictions apply. Limited time offer.

A now-patched vulnerability in the Web version of Facebook Messenger allowed any website to see who you have been texting.

Cybersecurity service Imperva this week reported a so-called “Cross-Site Frame Leakage” (CSFL)—a side-channel attack previously spotted in November.

“As happens with applications I regularly use, I felt the need to understand how Facebook Messenger works,” Imperva security researcher Ron Masas wrote in a blog post.

“I started poking around the Messenger Web application and noticed that iFrame elements were dominating the user interface,” he continued. “The chat box, as well as the contact list, were rendered in iFrames, opening the possibility for a CSFL attack.”

Testing his theory, Masas found that by recording “full state” and “empty state” data, he could remotely determine whether someone has chatted with a specific person or business.

When illustrated as lines (below), you can see a blip in the empty state iFrame count, which signifies zero communication between two users; if contact has been made, the pattern remains steady.

And while the glitch doesn’t allow hackers to retrieve individual conversations, it does, as Masas pointed out, violate users’ privacy.

He reported the vulnerability to Facebook, which has since removed all iFrames from the Messenger interface completely.

“The bug is a browser issue related to how they handle content embedded in webpages, and could affect any site, not just Messenger.com,” a Facebook spokesman told Geek in an email. “We already fixed the issue for Messenger.com last year to safeguard our users and made recommendations to browser makers to prevent this type of issue from happening.”

“Browser-based side-channel attacks are still an overlooked subject,” Masas said. “While big players like Facebook and Google are catching up, most of the industry is still unaware.”

Imperva researchers in November discovered a similar bug that allowed websites to extract data from Facebook user profiles, thanks to a security flaw relating to cross-site frame leakage.

A month later, the social network announced that its internal team found a photo API flaw that could have impacted up to 6.8 million users, and might have allowed third-party apps access to people’s private images.

More on Geek.com:

Editor’s note: This article was updated on March 11, with comment from Facebook.

SOURCE

Advertisement
Code: VZWDEAL. Enter this coupon code at checkout to get $100 discount on Samsung Galaxy Note 8. Includes free shipping. Restrictions may apply. Device payment purchase required.
Save over 50% and receive free two-day shipping on HiFiMan HE400i Over-Ear Headphones!

General

Tokyo Introduces Support Robots for 2020 Olympics

Advertisement

Human athletes won’t be the only spectacles at next summer’s Olympic Games.

As part of the aptly named Tokyo 2020 Robot Project, the organizing committee introduced a team of androids designed to assist disabled fans at the sporting extravaganza.

Olympic sponsor Toyota is contributing the Human Support Robot (HSR) and Delivery Support Robot (DSR), which will roam the National Stadium, carrying food and other goods, guiding people to their seats, and providing event information.

Human Support Robot (HSR), developed by Toyota Motor Corporation (via Tokyo 2020)

“We believe that the robots will help spectators in wheelchairs to enjoy watching the events without any restrictions, to soak up the atmosphere inside stadiums, and to feel the excitement of sport,” Nobuhiko Koga, chief officer of Toyota’s Frontier Research Center, said in a statement.

Officials plan to deploy up to 16 HSRs and five DSRs, as reported by the Associated Press.

Delivery Support Robot (DSR), developed by Toyota Motor Corporation (via Tokyo 2020)

Panasonic, also a major sponsor, will provide 20 of its Power Assist Suits, used to support the wearer’s back and hips while carrying or lifting heavy objects—like, say, guest luggage.

“We strongly believe that our robot technology … will be of use to all people regardless of impairments, and to society in general, becoming a legacy for future generations,” according to Panasonic Executive Officer Masahiro Ido.

Panasonic’s Power Assist Suits come in handy when handling heavy luggage (via Tokyo 2020)

While these bots will be deployed in specific roles during the Games, the Tokyo 2020 Robot Project team hopes this international stage will help showcase their potential for wider applications in everyday life.

“The Tokyo 2020 Games are a unique opportunity for us to display Japanese robot technology,” Hirohisa Hirukawa, leader of the Tokyo 2020 Robot Project, said in a statement.

“This project will not simply be about exhibiting robots, but showcasing their practical real-life deployment helping people,” he continued. “So there will be not only sports at the Tokyo 2020 Games, but some cool robots at work to look forward to, as well.”

More on Geek.com:

SOURCE

Advertisement
Code: 10%OFFCTMFOOD. Get 10% Off Custom food Pinata, turn your favorite food into one!
Code: AM1212. Coupon to be reedemed in checkout, restrictions may apply, visit store for additional info.
Continue Reading

General

AI Polygraph Is Better At Detecting Lies Than You

Advertisement
Get headphones that actively eliminate background noise when you go through this link. Includes free shipping. Restrictions may apply.

Some people are natural liars, while others have no poker face. But it doesn’t take much to fool someone in blind computer conversations.

In an attempt to remove those blinders, Florida State University researcher Shuyuan Ho has developed the first online polygraph test.

“You could use it for online dating, Facebook, Twitter—the applications are endless,” Ho, an associate professor in the College of Communication and Information, said in a statement. “I think the future is unlimited for an online polygraph system.”

Imagine a future where technology can automatically identify liars and truth-tellers based on the words they type in electronic messages.

In a study published by the journal Computer in Human Behavior, Ho detailed the findings of an online game created to measure truthful and deceptive communication between people.

Players were randomly assigned the role of “Saint” or “Sinner,” then left to have a computerized chat. Researchers, meanwhile, followed along, using machine learning tech to scrutinize patterns of words and writing.

[embedded content]

Just as physical cues provide context, so, too, do language-action cues in written text.

Lying sinners were less expressive but used more ornamental words, displayed more negative emotions, and appeared anxious when communicating with truth-tellers.

Conversely, saints tended toward speculation, taking longer to respond to inquiries; sincere players provided more reasoned ideas and expressed more reflective thinking, according to the study.

Ho’s experiment highlighted that while a human can spot lies in messages about 50 percent of the time, the machine-learning approach has a much higher success rate of 85 to 100 percent.

“I want to get the world’s attention on this research so we can hopefully make it into a commercial product that could be attached to all kinds of online social forums,” she said.

“I think we all have good common sense about the people we meet face to face, but how much common sense do we have with the strangers we encounter online where you can meet a lot of people very fast,” Ho continued. “This research is so important because it can provide another reference point offering more protection. All of society can benefit.”

More on Geek.com:

SOURCE

Advertisement
Get a 4K Camera Drone with Obstacle Sensing Now for Only $1199! Don't Miss!
Click this link and get free shipping on Cooper tires. Restrictions may apply.
Continue Reading

General

Jeff Bezos Shows Off ‘Nerdy’ Innovations at Annual Mars Conference

Advertisement
Samsung J7 V just $5 mo. New device payment purchase req'd. Plus, free shipping.

Jeff Bezos, Amazon’s CEO, is hosting his annual Mars Conference again, an invite-only event that showcases many “nerdy” innovations, including flying robots, electric multicopters, and rocket engines.

The conference, which is taking place in Palm Springs, California this week, celebrates quirky technology in the sectors of machine learning, automation, robotics, and space (MARS), CNBC reported. The aim of the Mars Conference is to advance new technology ideas, enable attendees to engage with high-tech gadgets, and discuss how these four fields will impact the future.

This year, Bezos opened the Mars Conference by taking “my new dog,” Boston Dynamics’ latest electric quadruped SpotMini robot dog, out for a quick stroll on the grounds, TechCrunch noted.

However, this wasn’t all: The Mars Conference, which doesn’t allow press in, only gives fans a sneak peek of what’s happening via tweets. Attendees shared some cool insights from the invite-only event on Twitter.

Star Wars actor Mark Hamill discussed robot sidekicks.

Bezos went for a ride in Hexa’s electric, single-passenger multicoptor.

Attendees experienced an “out of this world” feeling with NASA’s Orion spacecraft simulator.

Meet Centauro, the robot that can be your next yoga buddy.

Blue Origin’s massive rocket engine was on display outside.

Even though the “secret” Mars Conference is in session, it will be interesting to see which “geeky” devices will be advancing machine learning, automation, robotics, and space in coming years.

More on Geek.com:

SOURCE

Advertisement
Click this link to get $200 discount on iPad. Includes free shipping. Restrictions may apply.
Code: VS922. Fall Dresses,Your Fresh Looks.Up To 45% OFF+Free shipping
Continue Reading

Deals

Advertisement
Click this link to get the Moto Z2 Force for just $31.50/month. Unlimited and device payment activation required. Includes free shipping. Restrictions may apply.
Samsung J7 V just $5 mo. New device payment purchase req'd. Plus, free shipping.
Code: VZWDEAL. Enter this coupon code at checkout to get $100 discount on Samsung Galaxy Note 8. Includes free shipping. Restrictions may apply. Device payment purchase required.

Trending