Connect with us

Gadgets

Shopped at Vero Moda, Jack Jones Online? Your Data Was at Risk

Published

on

Shopped at Vero Moda, Jack Jones Online? Your Data Was at Risk
Vero Moda, Jack and Jones, Only, and other Bestseller India websites had a security flaw that allowed the hijacking of user accounts by anyone who simply knew the targets email ID used for signing up. This would in turn expose information such as the user’s delivery addresses, their full name and phone number, and any saved credits with the sites. Although this information might not worry you, such data is actually highly valuable, and such information is also often used in phishing attacks to impersonate a real business and scam you out of your money. After Gadgets 360 raised the issue with the company — a full year after the security researcher had done so — the flaw was finally fixed, so customers data is no longer accessible, but the company has shared no details on how long customer data was at risk.Security researcher Sayaan Alam wrote to the company’s executives in September 2019. At the time, Alam tweeted to the company’s CEO and was asked to send an email. Alam then sent a report of the issue to the company’s CEO, and received a tweet in response from Vero Moda India’s account, which said it had “forwarded this to the concerned team.”In emails reviewed by Gadgets 360, Alam explained that he had been carrying out security testing and found a bug that could allow takeover of accounts for Vero Moda, Jack and Jones, and Only India. He asked to be connected to the company’s CTO.

More than a year later, Alam said he did not receive any further information from the company, while the bug remained active. In December, Alam contacted Gadgets 360, and by creating a dummy account with a secret detail, we were able to confirm that Alam could in fact take over an account if he was aware of the email ID used to sign up.

Given how widely email IDs are used, it wouldn’t be difficult for someone to obtain anyone’s email ID, and then through this, get other details like a person’s home address, compromising their safety and security.

In chats with Gadgets 360, Alam explained that he “did not want to make the issue public while the bug was still active, as that could put user accounts at risk.”

Photo Credit: We created a dummy account in order to confirm that a user’s account could be compromised with nothing more than the email ID used

Gadgets 360 then reached out to the company, and exchanged emails with its Chief Information Officer Ranjan Sharma who responded quickly and collected information about Alam’s findings. After getting the details, Sharma replied that he would “check.” A week later, when asked for updates, Sharma replied that the bug had been fixed.

“First of all let me thank you for bringing this to our notice,” he said via email. “We did a deep dive and found a version issue with our system and hence the token exchange was getting missed out which we fixed the same day. We are also working on a plan to reach out to our registered customers.”

At this point, we asked for information about how many customers use the site, and whether the company has any bug bounty program to encourage security researchers towards bringing in reports. However, Sharma did not share any responses after that and it’s unclear if any users were informed — the test account we created did not receive any updates about its information being breached — three months after the issue was disclosed to the company and the bug fixed.

Sharma and Bestseller responded quickly when contacted by Gadgets and resolved the issue once it was discussed, which is a positive development. However, the lack of communication to users is one area that could certainly be improved upon.

The bug in question, as demonstrated by Alam, was fairly simple, and it is possible that any number of user data could have been compromised by this flaw. However, this is in line with a continuing problem in India, where security researchers are actively discouraged from exploring weaknesses in online systems — and users are rarely, if ever, told about problems unless the matter goes public from other sources.

Source link

Continue Reading
Click to comment

Leave a Reply

Gadgets

Microsoft Partners With Inworld to Bring AI Game Development Tools to Xbox

Published

on

By

Microsoft Partners With Inworld to Bring AI Game Development Tools to Xbox


Microsoft is teaming up with Inworld AI to create game development tools for Xbox, enabling developers to create characters, generate entire scripts and quests, and more. The multi-year deal brings an AI design copilot and an AI character runtime engine to the forefront, both of them being totally optional to use and to varying degrees. Of course, the use of AI in art has been criticised by many for simply lacking originality, in addition to running the risk of fewer jobs for artists — a growing fear among many considering the alarming number of layoffs seen at game studios this year in an attempt to cut costs.

“At Xbox, we believe that with better tools, creators can make even more extraordinary games,” Haiyan Zhang, GM, Xbox Gaming AI, said in a blog post. “This partnership will bring together: Inworld’s expertise in working with generative AI models for character development, Microsoft’s cutting-edge cloud-based AI solutions including Azure OpenAI Service, Microsoft Research’s technical insights into the future of play, and Team Xbox’s strengths in revolutionizing accessible and responsible creator tools for all developers.”

The aforementioned AI design copilot is a toolset that will help game designers turn prompts into scripts and dialogue trees. In contrast, the character runtime will enable dynamically generated plot beats and quests. We’ve already seen heavy AI integration in games by way of procedural generation — a more recent example being the 1000+ planets in Starfield. Not to mention, enemy AI has been around for way longer.

Inworld made headlines in August when it launched a modded story mode for Grand Theft Auto V, Sentient Streets, in which players had to investigate the rise of a bizarre AI-worshipping cult — a segment loaded with characters that spoke in AI-generated dialogue, on the fly. The mod was later taken down by publisher Take-Two, leaving a permanent strike on the creator Bloc’s YouTube channel. As per The Verge, Inworld’s AI technology can also be used for narration in top-down RPGs to warn players about any events awaiting off-screen and respond to questions like we’ve seen in the past year with AI chatbots like ChatGPT and Bing Chat. Microsoft has also been heavily banking on artificial intelligence, having made a $10 billion (about Rs. 83,254 crore) investment in OpenAI. The company has also integrated AI tools into its popular suite of services and also added an AI copilot to Windows.

Despite being a Microsoft-affiliated AI toolset, it would be interesting to see whether titles using them will be allowed to thrive on other platforms. In July, Valve claimed that it would be cracking down on games that included AI-generated assets if the developer didn’t own the copyright to the piece of art. For the uninitiated, when you insert a prompt to create something in AI, the software simply repurposes existing assets found online and mushes them together — basically stealing from other artists and writers without appropriate commercial licenses. Infringing them would lead to the game not being distributed on Steam, forcing the developers to seek proper licenses for the asset by reaching out to the AI companies involved. It’s unclear how Microsoft’s partnership will play out — as long as AI content is being used as a catalyst to innovate and create something new, it should be fine.


Affiliate links may be automatically generated – see our ethics statement for details.



Source link

Continue Reading

Gadgets

BSNL Offers Free 4G SIM Upgrade: Here’s How to Get It

Published

on

By

BSNL Offers Free 4G SIM Upgrade: Here’s How to Get It


BSNL (Bharat Sanchar Nigam Limited) is a state-owned telecommunication company in India. Earlier this year in May, the government said that the firm started rolling out 4G services in the country. By December, the networks were said to be upgraded to 5G. However, at the India Mobile Congress, BSNL chairman P K Purwar said that the company will launch 4G services in December and then roll it across the country by June 2024. The chairman added that the 5G upgrades will take place after June next year.

In a post on X shared by BSNL’s Andhra Pradesh (@bsnl_ap_circle) unit, the company confirmed that BSNL users can upgrade their older 2G or 3G SIMs to a 4G SIM for free. Not only will the upgrade be free, but a promotional image shared with the post suggests that users who opt for the upgrade will also receive 4GB of free data that will be valid for three months. It is speculated that BSNL is aiming to boost its upcoming 4G services with this offer. The announcement was first spotted by Telecom Talk.

To access the free data offer and the free upgrade, BSNL users are requested to get in touch with executives at BSNL’s Customer Service Centre, franchisee or retailer stores, or contact one of their Direct Selling Agents (DSA). The promo image also adds in a finer print that the offer is available with certain terms and conditions, but hasn’t detailed any, so far.

Reliance’s Jio recently launched the 4G-supported Bharat B1 feature phone in India. The handset is priced at Rs. 1,299 in India. Alongside 4G connectivity, the phone comes with JioCinema and JioSaavn applications pre-installed.

The Jio Bharat B1 is equipped with the JioPay application, which is said to allow users to make UPI payments. Aiming to increase accessibility, the phone supports 23 languages overall, including multiple regional languages.


Affiliate links may be automatically generated – see our ethics statement for details.





Source link

Continue Reading

Gadgets

Realme GT 5 Pro Teased to Feature 3,000 Nits Display; More Details Revealed

Published

on

By

Realme GT 5 Pro Teased to Feature 3,000 Nits Display; More Details Revealed


Realme GT 5 Pro’s launch date is not far away. The Chinese smartphone brand on Tuesday (November 7) confirmed the arrival of the new GT series smartphone in its home country. The Realme GT 5 Pro is teased to come with a display with over 3000 nits of peak brightness. It is also confirmed to pack a larger heat dissipation area for thermal management. The handset will ship with Qualcomm’s new Snapdragon 8 Gen 3 SoC. The Realme GT 5 Pro is expected to come as a successor to the Realme GT 5 that debuted in China in August.

Realme, via Weibo, announced the arrival of the Realme GT 5 Pro in China. The display of the handset is confirmed to offer 3000 nits peak brightness. It has also been teased to offer heat dissipation with a surface area of around 10,000mm2. It is confirmed to ship with Qualcomm’s new Snapdragon 8 Gen 3 SoC. The post doesn’t specify the exact launch date of the smartphone, however, given the release of the teasers, the launch could be just around the corner.

The Realme GT 5 Pro has been in the news a lot lately. It is expected to feature a 6.78-inch (1,264×2,780 pixels) AMOLED display and is tipped to come in 8GB, 12GB, and 16GB RAM options along with 128GB, 256GB, 512GB, and 1TB inbuilt storage options.

For optics, the Realme GT 5 Pro is said to have a triple rear camera unit comprising two 50-megapixel sensors and an 8-megapixel shooter at the rear. The camera setup might include a Sony LYTIA LYT808 sensor, an OmniVision OV08D10 secondary sensor, and a Sony IMX890 telephoto sensor. For selfies, there could be a 32-megapixel sensor at the front. It is said to carry a 5,400mAh battery with support for 100W wired charging and 50W wireless charging.

The Realme GT 5 Pro is expected to come with upgrades over Realme GT 5. The latter was launched in China in August with a price tag of CNY 2,999 for the base model with 12GB of RAM and 256GB of storage.


The Motorola Edge 40 recently made its debut in the country as the successor to the Edge 30 that was launched last year. Should you buy this phone instead of the Nothing Phone 1 or the Realme Pro+? We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated – see our ethics statement for details.



Source link

Continue Reading

Trending

Copyright © 2017 Zox News Theme. Theme by MVP Themes, powered by WordPress.