Connect with us

Biz & IT

Facebook AR/VR product head Hugo Barra is being replaced

Published

on

Facebook’s VP of AR/VR product Hugo Barra is out after some leadership changes at the top of the Oculus organization. After initially being hired to lead the whole VR division, Barra will now be leading global AR/VR partnerships, while Erick Tseng, Facebook’s director of product management, will be replacing Barra in his most recent role leading AR/VR product management.

Barra came on in early 2017 after the ouster of Oculus’s existing leadership structure, when then-CEO Brendan Iribe was demoted alongside much of the founding team to lead product-specific verticals. Later that year Oculus founder Palmer Luckey was ousted.

Barra’s proximity to CEO Mark Zuckerberg’s inner-circle was soon diminished after longtime executive Andrew Bosworth was placed ahead of him in the org chart leading AR/VR at Facebook in a role that also included other consumer hardware efforts like Portal. Barra’s transition comes as the company prepares to release two of its latest virtual reality products, the Rift S and Quest.

Late last year, Oculus had an internal reorganization that shifted the team to more specialization-focused groups as opposed to product-focused.

It’s unclear what the full scope of Barra’s new role is. Facebook partnered with Xiaomi — where Barra previously led international efforts — to build the Oculus Go and Xiaomi’s Mi VR headset. Facebook’s recent partnership with Lenovo to build the Rift S showcases just how important these hardware partnerships are to the company.

On Tseng’s promotion, a Facebook spokesperson said, “He is the right person to step into this role because of his experience leading product teams at Facebook, and leading the Android product team at Google .”

Alongside this news, Facebook noted that longtime content exec Jason Rubin has seen his role expand as well and has received a new title, VP of Special Gaming Initiatives.

Source link



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Biz & IT

Update Chrome now to patch actively exploited zero-day

Published

on

Enlarge / It’s a good time to restart or update Chrome—if your tabs love you, they’ll come back.

Getty Images

Google announced an update on Wednesday to the Stable channel of its Chrome browser that includes a fix for an exploit that exists in the wild.

CVE-2022-2856 is a fix for “insufficient validation of untrusted input in Intents,” according to Google’s advisory. Intents are typically a way to pass data from inside Chrome to another application, such as the share button on Chrome’s address bar. As noted by the Dark Reading blog, input validation is a common weakness in code.

The exploit was reported by Ashley Shen and Christian Resell of the Google Threat Analysis Group, and that’s all the information we have for now. Details of the exploit are currently tucked behind a wall in the Chromium bugs group and are restricted to those actively working on related components and registered with Chromium. After a certain percentage of users have applied the relevant updates, those details may be revealed.

Google says the update—104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows—will “roll out over the coming days/weeks,” but you can (and should) manually update Chrome now (check the “About” section of your settings).

There are 10 other security fixes included in the update. Dark Reading notes that this is Chrome’s fifth zero-day vulnerability disclosed in 2022.

Listing image by Getty Images

Continue Reading

Biz & IT

iOS VPNs have leaked traffic for more than 2 years, researcher claims

Published

on

Getty Images

A security researcher says that Apple’s iOS devices don’t fully route all network traffic through VPNs, a potential security issue the device maker has known about for years.

Michael Horowitz, a longtime computer security blogger and researcher, puts it plainly—if contentiously—in a continually updated blog post. “VPNs on iOS are broken,” he says.

Any third-party VPN seems to work at first, giving the device a new IP address, DNS servers, and a tunnel for new traffic, Horowitz writes. But sessions and connections established before a VPN is activated do not terminate and, in Horowitz’s findings with advanced router logging, can still send data outside the VPN tunnel while it’s active.

In other words, you’d expect a VPN to kill existing connections before establishing a connection so they can be re-established inside the tunnel. But iOS VPNs can’t seem to do this, Horowitz says, a finding that is backed up by a similar report from May 2020.

“Data leaves the iOS device outside of the VPN tunnel,” Horowitz writes. “This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers. The latest version of iOS that I tested with is 15.6.”

Security blogger Michael Horowitz's logs show a VPN-connected iPad reaching out to both his VPN provider (37.19.214.1) and Apple Push (17.57.144.12). The Apple connection is outside the VPN and could potentially expose his IP address if seen by an ISP or other parties.

Security blogger Michael Horowitz’s logs show a VPN-connected iPad reaching out to both his VPN provider (37.19.214.1) and Apple Push (17.57.144.12). The Apple connection is outside the VPN and could potentially expose his IP address if seen by an ISP or other parties.

Privacy company Proton previously reported an iOS VPN bypass vulnerability that started at least in iOS 13.3.1. Like Horowitz’s post, ProtonVPN’s blog noted that a VPN typically closes all existing connections and reopens them inside a VPN tunnel, but that didn’t happen on iOS. Most existing connections will eventually end up inside the tunnel, but some, like Apple’s push notification service, can last for hours.

The primary issue with non-tunneled connections persisting is that they could be unencrypted and that the IP address of the user and what they’re connecting to can be seen by ISPs and other parties. “Those at highest risk because of this security flaw are people in countries where surveillance and civil rights abuses are common,” ProtonVPN wrote at the time.

ProtonVPN confirmed that the VPN bypass persisted in three subsequent updates to iOS 13. ProtonVPN indicated in its blog post that Apple would add functionality to block existing connections, but this functionality as added did not appear to make a difference in Horowitz’s results.

Horowitz tested ProtonVPN’s app in mid-2022 on an iPad iOS 15.4.1 and found that it still allowed persistent, non-tunneled connections to Apple’s push service. The Kill Switch function added to ProtonVPN, which describes its function as blocking all network traffic if the VPN tunnel is lost, did not prevent leaks, according to Horowitz.

Horowitz tested again on iOS 15.5 with a different VPN provider and iOS app (OVPN, running the WireGuard protocol). His iPad continued to make requests to both Apple services and to Amazon Web Services.

ProtonVPN had suggested a workaround that was “almost as effective” as manually closing all connections when starting a VPN: Connect to a VPN server, turn on airplane mode, then turn it off. “Your other connections should also reconnect inside the VPN tunnel, though we cannot guarantee this 100%,” ProtonVPN wrote. Horowitz suggests that iOS’s Airplane Mode functions are so confusing as to make this a non-answer.

We’ve reached out to both Apple and OpenVPN for comment and will update this article with any responses.

Horowitz’s post doesn’t offer specifics on how iOS might fix the issue. For his part, Horowitz recommends a $130 dedicated VPN router as a truly secure VPN solution.

VPNs, especially commercial offerings, continue to be a complicated piece of Internet security and privacy. Picking a “best VPN” has long been a challenge. VPNs can be brought down by vulnerabilities, unencrypted servers, greedy data brokers, or by being owned by Facebook.

Continue Reading

Biz & IT

Chrome “Feed” is tantalizing, but it’s not the return of Google Reader

Published

on

Enlarge / Digging into bleeding-edge Chrome code has made some bloggers hopeful, but Google has been focused on its own feeds for a while now. (credit: Getty Images)

Does Google enjoy teasing and sometimes outright torturing some of its products’ most devoted fans? It can seem that way.

Tucked away inside a recent bleeding-edge Chrome build is a “Following feed” that has some bloggers dreaming of the return of Google Reader. It’s unlikely, but never say never when it comes to Google product decisions.

Chrome added a sidebar for browsing bookmarks and Reading List articles back in March. Over the weekend, the Chrome Story blog noticed a new flag in Gerrit, the unstable testing build of Chrome’s open source counterpart Chromium. Enabling that #following-feed-sidepanel flag (now also available in Chrome’s testing build, Canary) adds another option to the sidebar: Feed.

Read 7 remaining paragraphs | Comments

Continue Reading

Trending