Researchers have uncovered gaps in Amazon’s skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information. The findings were presented on Wednesday at the […]
Top stories from Hacker News! Read by Mattan Griffel and Chris Castiglione COIN https://news.ycombinator.com/item?id=6733615 GitHub https://news.ycombinator.com/item?id=6752800 Amazon RDS for PostgreSQL https://news.ycombinator.com/item?id=6733518 Work Can Wait https://news.ycombinator.com/item?id=6754833 Google wins book-scanning case: judge finds “fair use,” cites many benefits https://news.ycombinator.com/item?id=6732983 We Got Rejected by Y Combinator https://news.ycombinator.com/item?id=6757491 37signals valuation tops 0 billion after bold VC investment https://news.ycombinator.com/item?id=6744742
Update (06-08-2019): The compromises of Amazon S3 buckets continue and some large sites are being affected. Our crawler spotted a malicious injection that loads a skimmer for the Washington Wizards page on the official NBA.com website. The skimmer was inserted in this JavaScript library: hxxps://s3[.]amazonaws[.]com/wsaimages/js/wizards[.]js Interestingly, this same library had already been altered (loading content […]
Now that post-Thanksgiving shopping is in full swing, here’s a brief tip for those purchasing Amazon gadgets as Christmas gifts: if you are giving an Amazon Device to someone outside your household, take a moment to deregister the device from your Amazon account. Otherwise you may inadvertently give more gift than you bargained for. Amazon devices […]
