Aggregator

Karren Brady showcased her flawless appearance in stunning Instagram snaps following The Apprentice final on Thursday.

Leading scientists have warned that the booming use of weight-loss injections such as Wegovy and Ozempic risks distracting from the real causes of rising obesity rates.

Officials are war-gaming for shortages sparked by the Iran war as early as the late May bank holiday, threatening thousands of families' getaway plans just as the peak season starts.

The 12-year-old daughter of Kim Kardashian and Kanye West brandished a gleaming set of decorative dental jewelry that covered her bottom and top teeth

An anonymous reader quotes a report from Ars Technica: Two years ago, Microsoft launched its first wave of "Copilot+" Windows PCs with a handful of exclusive features that could take advantage of the neural processing unit (NPU) hardware being built into newer laptop processors. These NPUs could enable AI and machine learning features that could run locally rather than in someone's cloud, theoretically enhancing security and privacy. One of the first Copilot+ features was Recall, a feature that promised to track all your PC usage via screenshot to help you remember your past activity. But as originally implemented, Recall was neither private nor secure; the feature stored its screenshots plus a giant database of all user activity in totally unencrypted files on the user's disk, making it trivial for anyone with remote or local access to grab days, weeks, or even months of sensitive data, depending on the age of the user's Recall database. After journalists and security researchers discovered and detailed these flaws, Microsoft delayed the Recall rollout by almost a year and substantially overhauled its security. All locally stored data would now be encrypted and viewable only with Windows Hello authentication; the feature now did a better job detecting and excluding sensitive information, including financial information, from its database; and Recall would be turned off by default, rather than enabled on every PC that supported it. The reconstituted Recall was a big improvement, but having a feature that records the vast majority of your PC usage is still a security and privacy risk. Security researcher Alexander Hagenah was the author of the original "TotalRecall" tool that made it trivially simple to grab the Recall information on any Windows PC, and an updated "TotalRecall Reloaded" version exposes what Hagenah believes are additional vulnerabilities. The problem, as detailed by Hagenah on the TotalRecall GitHub page, isn't with the security around the Recall database, which he calls "rock solid." The problem is that, once the user has authenticated, the system passes Recall data to another system process called AIXHost.exe, and that process doesn't benefit from the same security protections as the rest of Recall. "The vault is solid," Hagenah writes. "The delivery truck is not." The TotalRecall Reloaded tool uses an executable file to inject a DLL file into AIXHost.exe, something that can be done without administrator privileges. It then waits in the background for the user to open Recall and authenticate using Windows Hello. Once this is done, the tool can intercept screenshots, OCR'd text, and other metadata that Recall sends to the AIXHost.exe process, which can continue even after the user closes their Recall session. "The VBS enclave won't decrypt anything without Windows Hello," Hagenah writes. "The tool doesn't bypass that. It makes the user do it, silently rides along when the user does it, or waits for the user to do it." A handful of tasks, including grabbing the most recent Recall screenshot, capturing select metadata about the Recall database, and deleting the user's entire Recall database, can be done with no Windows Hello authentication. Once authenticated, Hagenah says the TotalRecall Reloaded tool can access both new information recorded to the Recall database as well as data Recall has previously recorded. "We appreciate Alexander Hagenah for identifying and responsibly reporting this issue. After careful investigation, we determined that the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data," a Microsoft spokesperson told Ars. "The authorization period has a timeout and anti-hammering protection that limit the impact of malicious queries."

Read more of this story at Slashdot.

This is for regression testing

The Prime Minister is under growing pressure over his Government's failure to respond to the Supreme Court ruling on women's rights a year ago.

He documents the Royal Family in great detail in his meticulously well-informed biographies, but Hugo Vickers's own life appears to be just as intriguing.

Ellie Bamber, who is playing the supermodel in upcoming film Moss And Freud, appeared in a trailer showing off genuine items of clothing borrowed from Kate's wardrobe.

The Prime Minister hauled in chiefs from X, Meta, Snap, TikTok and Google, which owns YouTube, to demand they take action to protect children.

Deciphering the third transport protocol's four RFCs is a task to rival the proverbial blind man trying to understand an elephant

While Larry was producing most of the content for the "Request/Reponse" chapter for the next edition of our book, I took the lead on writing a section on QUIC, since I have closely followed its development.…

The world No 1 has not been forgiven for a spat with Dutchman Gian van Veen in Manchester two weeks ago and was relentlessly booed throughout the 11th night of action.

Health Secretary Wes Streeting appeared to suggest benefits could be curbed, saying the money for the Armed Forces has 'got to come from somewhere'.

Sperm whales communicate through rhythmic clicks known as codas and scientists have discovered that each click comes at a different frequency - like human vowel sounds.

Downing Street is asking the British people to swallow quite implausible claims as the saga of Peter Mandelson becomes even murkier.

The 56-year-old actress wore a beige blouse over a green tank top and slacks as she stood on the beach in Marina Del Rey in Southern California.

OpenAI is updating Codex with more agent-like capabilities, positioning it as a more direct rival to Anthropic's Claude Code. Some of the new features include the ability to operate macOS desktop apps, browse the web inside the app, generate images, use new workplace plug-ins, and remember useful context from past tasks. The Verge reports: Codex will now be able to operate desktop apps on your computer, OpenAI says in a blog post announcing the update. It can work in the background, meaning it won't interfere with your own work in other apps, and multiple agents can work in parallel. For developers, OpenAI says "this is helpful for testing and iterating on frontend changes, testing apps, or working in apps that don't expose an API." The feature will start rolling out to Codex desktop app users signed in with ChatGPT today and will initially be limited to macOS. OpenAI did not indicate a timeline for when use will expand to other operating systems. EU users will also have to wait, it said, adding that the update will roll out to users there "soon." Codex is also getting the ability to generate and iterate on images with gpt-image-1.5, new plug-ins for tools like GitLab, Atlassian Rovo, and Microsoft Suite, and native web browsing through an in-app browser, "where you can comment directly on pages to provide precise instructions to the agent." OpenAI also said it will also be easier to automate tasks, with users able to re-use existing conversation threads and Codex now able to schedule future work for itself and wake up automatically to continue on a long-term task. Codex will also be getting a memory feature allowing it to remember useful context from past experience, such as personal preferences, corrections, and information that took time to gather. OpenAI said it hopes the opt-in feature, which will be released as a preview, will help future tasks complete faster and to a quality that previously required detailed custom instructions. The personalization features will roll out to Enterprise, Edu, and EU users "soon."

Read more of this story at Slashdot.

Large organizations pushed toward metered pricing

UPDATED  More bad news for Claude users. Anthropic has revised its seat-based pricing for enterprise customers, shifting them to a new pricing plan upon contract renewal.…

The Frasier star, 71, and his fourth wife Kayte Walsh, 47, couldn't hide their smiles as they stepped out with their newborn son Christopher for a lunch date in Beverly Hills.

Jessie Ware looked incredible in a daring sheer dress as she beamed at the launch of her new album, Superbloom, on Thursday.