Hackers put a back door in a code library that powers 79% of websites

Posted onAuthoradmin

On Sunday some malicious actors tried to install a back door into the PHP code library, a server-side programming language that powers 79% of sites on the internet, including Facebook and Wikipedia. The attack recalled one of the worst government hacks in history , on SolarWinds, the IT management software used by many government agencies and large U.S. companies. The SolarWinds attackers—widely thought to be employed by Russia’s Foreign Intelligence Service—planted malware in the SolarWinds system that sends out updates to end users. As in the SolarWinds attack, the PHP hackers targeted the code base of a widely used library so that the changes they made would impact instances of the software run by end users. The hackers attempted to install a back door that would have allowed them to remotely execute changes to the PHP code after it was put into use by websites. Since they might have activated malware, the hackers may have been able to take control of websites, freeze them, or take them offline. The PHP exploit was first reported by the BleepingComputer blog. The hackers made two additions to the PHP Git repository on Sunday. The attackers signed the first addition using the name of the PHP library’s creator, Rasmus Lerdorf, and the second was made using the name of well-known PHP maintainer Nikita Popov, likely to avoid suspicion. They also tried to disguise the major change to the code base they proposed as something trivial by labeling the additions “Fix Typo.” The work of the hackers was discovered and reversed during a standard review process on Sunday. Still, this was no trivial event. Popov said in an email to the PHP developer community that Sunday’s incident was likely the result of the git.php.net server being compromised, rather than just a single Git account. The PHP maintainers have now decided to migrate the official PHP source code library over to GitHub. “We have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the git.php.net server,” Popov explains in the email. Read More …

‘Roblox’ isn’t just a gaming company. It’s also the future of education

Posted onAuthoradmin

Roblox , which recently made its debut on the New York Stock Exchange, has quickly become one of the most valuable video game companies in the world.  As I write this article, Roblox has effortlessly overtaken household video game names such as Take-Two (maker of Grand Theft Auto ) and Electronic Arts (EA) (maker of Battlefield and FIFA ) in terms of market cap, while only making a fraction of the incumbents’ revenues and none of their profits. And there is good reason for this change in pecking order. Unlike Take-Two and EA, Roblox is not just a gaming company. It is a virtual playground for nearly 200 million monthly users, with two-thirds of those users being of school-going age. Read More …

In a rare move, this transportation startup is adding equity experts to its board

Posted onAuthoradmin

Startups don’t usually put outsiders—let alone experts on equity and technology—on their boards of directors. But Lacuna Technologies , a startup that develops digital tools to help cities regulate traffic, announced last week that it’s adding Tamika L. Butler , an expert on “issues related to the built environment, equity, anti-racism, diversity, and inclusion,” and Rashida Richardson , a legal scholar with expertise on race and technology, to its board. Lacuna’s technology is designed to help cities better understand and regulate transportation, including tech-linked transportation services such as app-based ride-hailing and scooter rentals. CEO Hugh Martin anticipates that Butler will contribute her knowledge of transportation and related equity issues and Richardson will help guide Lacuna on challenges related to equity and data privacy. This is a potentially tricky balancing act since the company and the cities it works with likely want to understand the demographics of who is using transportation and how without tracking too much about individuals. Lacuna’s products include tools for cities to study and regulate the use of curbside areas for parking and other purposes, and a similar tool specialized for use in helping airports avoid passenger pickup logjams. Ideally, Richardson says, the company can help give regulators more of a level playing field in negotiating with tech-savvy transportation companies, which can allow cities to push for more equity in transportation. “A lot of mobility-disruptive technologies come in and offer a service that . . . is often not available to everyone in the community and often very much aligns with those who already have resources and power in a lot of ways,” Richardson says. Butler says joining the board gives her an opportunity to participate directly in decision-making at a tech company, rather than just observing and critiquing from the sidelines. She says she’s confident that Lacuna values the training and knowledge she and Richardson bring to the table, not merely the fact that they’re Black women. “I’m excited to be a Black queer woman in the tech sector who is being involved and included, not just to check a box but because of my expertise,” she says. Historically, people in positions of power—particularly business magnates, venture capital investors, and senior executives—have also been those appointed to corporate boards. But in California, a new state law designed to help remedy that will soon require publicly traded companies to have people from underrepresented communities on their boards. The law won’t apply to privately held businesses like Lacuna, but Martin says he still considers it important to ensure diverse membership among the company’s directors. “There are many, many decisions that are made about the deployment and the development of technology that are not rooted in the real understanding of a wide swath of the community,” he says, noting that it’s often the case that engineers develop products designed to appeal to the engineer at the next workbench over. “If you do that all the time, and it’s a bunch of middle-aged white guys that are trying to invent things,” he says, “you really develop a skewed view of the world and a skewed view of products.” Read More …

Microsoft acquiring Discord for $10B would be a huge bet on gaming—and a smart one

Posted onAuthoradmin

While Zoom has become the be-all and end-all of staying connected over the past year, for gamers the first point of call has been Discord. This free voice, video, and text communication service may not have stolen headlines like Zoom, but the platform has seen user growth surge over the last year. Now, it has around 150 million users relying on the service to chat, meet, share, and play games. This growth appears to have caught the eye of Microsoft, with recent reports suggesting that it is interested in acquiring Discord for the colossal price of nearly $10 billion. Assessing the interest The driving force behind Microsoft’s interest in Discord may be that it would increase the company’s exposure to the global gaming market. Although Discord is not a developer or a platform where people directly play games, the service has become a central social hub for millions of gamers. If the acquisition occurs, Microsoft will likely seek to embed Discord and its millions of active users into an ecosystem of Microsoft products. The most comparable move would be Amazon’s acquisition of Twitch for just under $1 billion in 2014 . It was mutually beneficial: Amazon was able to incentivize Twitch’s users to sign up for Prime while encouraging Prime subscribers to watch and follow users on Twitch. Twitch now hosts 91% of all video game streaming , dwarfing competition from YouTube and Facebook, and attracts more than 2 million viewers at any given time of any given day. Microsoft will likely look to create a similar symbiotic relationship between Microsoft Game Pass—a monthly subscription that gives users access to a vast library of games—and Discord’s premium service Nitro, which provides an enhanced experience through upgraded video and upload functions and access to a global bank of emojis and avatars. The tech giant is also building an online gaming service, Project xCloud, that will let users stream Xbox games to any device with a screen and an internet connection. This could one day make expensive hardware, such as consoles, unnecessary. Microsoft could potentially integrate this service within Discord, since the platform already offers popular streaming options for users, paving the way for the post-console era of gaming. But if it is to succeed, Microsoft will need to learn from the mistakes of the past. Understanding the challenges Microsoft acquired Mixer, an upstart competitor to Twitch, in 2017 and spent as much as $30 million on deals with high-profile streamers such as Ninja to lure users to the platform. But the service failed to attract viewers and streamers in equal measure. Compounded by a lackluster user experience, it quickly ran out of steam and was shut down permanently last year . Read More …

5 things people are getting wrong about NFTs

Posted onAuthoradmin

NFTs (nonfungible tokens) are having a moment right now. Tons of digital collectibles have been traded, including Dapper Labs’ NBA Top Shot , which raked in $1.05 million for just one recent pack of basketball videos, and Everydays: The First 5000 Days , a digital image by artist Mike Winkelmann (aka Beeple), which sold for $69.3 million at high-end auction house Christie’s. NFT transactions tripled in 2020, reaching more than $250 million, according to the Non-Fungible Tokens 2020 Yearly Report from NonFungible and L’Atelier. And they show no sign of slowing in 2021. But the big money currently being thrown around for single pieces leads to overall misconceptions about the cost and value of NFTs and their place in the market. Read More …