Edge Security Flaw Allows Theft of Facebook and Twitter Credentials

To exploit the flaw, Caballero says that an attacker can use server redirect requests combined with data URIs, which would allow him to confuse Edge’s SOP filter and load unauthorized resources on sensitive domains. The expert explains the attack step by step on his blog.

In the end, the attacker will be able to inject a password form on another domain, which the built-in Edge password manager will automatically fill in with the user’s credentials for that domain. Below is a video of the attack.

Source: Edge Security Flaw Allows Theft of Facebook and Twitter Credentials

Here Comes the War for Commercial Drone Dominance

Into this universe comes Airbus SE, the European aerospace conglomerate. Airbus is starting a new data company, called Airbus Aerial, to provide an array of unmanned aerial vehicles (UAV) services, a field the company estimates could increase to more than $120 billion annually as the use of these fleets expands, said Dirk Hoke, CEO of Airbus’s defence and space group. Hoke introduced the new company Wednesday at Xponential.

Source: Here Comes the War for Commercial Drone Dominance – Bloomberg

Leaked NSA Malware Is Helping Hijack Computers Around the World

The U.S. software weapon would have allowed the spy agency’s hackers to break into potentially millions of Windows computers by exploiting a flaw in how certain versions of Windows implemented a network protocol commonly used to share files and to print.

Source: Leaked NSA Malware Is Helping Hijack Computers Around the World

From:  Security Update for Microsoft Windows SMB Server (4013389)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Standing Up to a Dangerous New Breed of Patent Troll

There’s no social value here. There’s no support for a maligned inventor. There’s no competing business or product. There’s no validation of an incentive structure that supports innovation. This is a shakedown where a patent troll, Blackbird Technologies, creates as much nuisance as it can so its attorney-principals can try to grab some cash.

Source: Standing Up to a Dangerous New Breed of Patent Troll

Cloudflare does not intend to play along. As explained later in this blog post, we plan to (i) contest the patent lawsuit vigorously, (ii) fund an award for a crowdsourced search for prior art that can be used to invalidate Blackbird patents, and (iii) ask the relevant bar associations to investigate what we consider to be violations of the rules of professional conduct by Blackbird and its attorneys.

How One Little Cable Company Exposed Telecom’s Achilles’ Heel

See the problem? If people begin noticing that there’s no competition, that Americans are paying too much for too little, and that the entire country is suffering as a result, that’s a big problem for Big Cable.

Source: How One Little Cable Company Exposed Telecom’s Achilles’ Heel

What really matters is whether, someday, we’ll take on as a country the issue of the dismal state of high-speed internet access in America. If the Title II reclassification holds, it’s more likely that we will take that step sooner. And the carriers know that.

Repair Shops Are Stoked That the Samsung Galaxy S8 Is the Most Fragile Phone Ever Made

Soon after its release, electronics insurance company SquareTrade put Samsung’s new flagship phone through its breakability test, a series of drops, dunks, and tumbles. It was deemed the most breakable phone of all time: “S8 is the first phone we’ve tested that’s cracked on the first drop on ALL sides,” SquareTrade wrote in a video demonstrating the drops.

Source: Repair Shops Are Stoked That the Samsung Galaxy S8 Is the Most Fragile Phone Ever Made – Motherboard

Iceland drills 4.7 km down into volcano to tap clean energy

Iceland’s decision to harness the heat inside the earth in a process known as geothermal energy dates back to the 1970s and the oil crisis.

But the new geothermal well is expected to generate far more energy, as the extreme heat and pressure at that depth makes the water take the form of a “supercritical” fluid, which is neither gas nor liquid.

Source: Iceland drills 4.7 km down into volcano to tap clean energy

SpaceX plans to start launching high-speed internet satellites in 2019

SpaceX hopes to start testing its satellites before the end of this year and continuing through the early months of 2018. If that’s successful, the company plans to launch satellites in phases between 2019 and 2024, after which the system will be at full capacity.

Source: SpaceX plans to start launching high-speed internet satellites in 2019

OAUTH phishing against Google Docs ? beware!

As you can see, it appears as Google Docs wants full access to my Gmail as well as my contacts. Of course, this is not real Google Docs – the attacker has simply named his “application” Google Docs – this can be verified by clicking on the Google Docs text where the real web site behind this and developer info is shown:

Source: InfoSec Handlers Diary Blog – OAUTH phishing against Google Docs ? beware!

Finally, if you accidentally clicked on “Allow”, go to https://myaccount.google.com/u/0/permissions?pli=1 to revoke permissions.

What is a lambda expression in C++11?

C++ includes useful generic functions like std::for_each and std::transform, which can be very handy. Unfortunately they can also be quite cumbersome to use, particularly if the functor you would like to apply is unique to the particular function.

Source: What is a lambda expression in C++11?

C++11 introduces lambdas allow you to write an inline, anonymous functor to replace the struct f. For small simple examples this can be cleaner to read (it keeps everything in one place) and potentially simpler to maintain,