Forget all about that malarky
You order a ride from your house to restaurant, some unchecked driver turns up who now knows your home is empty for the next couple of hours.
A potentially nasty XSS vulnerability discovered on the website of controversial ride-sharing service Uber has been fixed, according to the security researcher who reported the bug. The cross-site scripting vulnerability put visitors at risk of being compromised via theft of cookies, personal details, authentication …
And it would be nice if they could find a way to fix the "flaws" in some of their drivers, who have been beating passengers up, kidnapping passengers, running over pedestrians, raping passengers, and other "fun activities" performed by them.
But hey...just think how much money you can save by using Uber. Probably enough to afford a lawyer...later.
"You order a ride from your house to restaurant, some unchecked driver turns up who now knows your home is empty for the next couple of hours."
And when you leave a bad review because you find your house ransacked after you get home, next day you have three big boofy blokes at your doorstep dressed in suits who wish to have a "chat" with you.
A US judge yesterday threw out an attempt to dismiss wire fraud charges against a former Uber employee accused of trying to cover up a computer crime.
Former Uber security chief Joseph Sullivan is set to face criminal charges after US District Judge William Orrick yesterday [PDF] rejected his claim that prosecutors did not "adequately" allege that the goal of the claimed misrepresentation of the security breach was to get Uber's drivers to stay with the platform and continue paying service fees.
In December last year, a federal grand jury handed down a superseding indictment adding wire fraud to the list of charges pending against Sullivan for his role in the alleged attempted cover-up of the 2016 security breach at Uber. The incident led to around 57 million user and driver records being stolen.
Waymo and Uber announced on Tuesday a "long-term strategic partnership" promising to work together to deploy autonomous freight trucks on US roads, years after both companies fought bitterly over self-driving technology.
The collaboration will see Waymo retrofitting trucks with its AI-powered driving software operating on Uber's logistics and network infrastructure. Shippers can tap into the Uber Freight service to connect with truckers willing to deliver their goods across the country. Vehicles running the Waymo Driver software will be able to complete part of the journey autonomously, although human drivers will still need to be present.
"With trucking, we plan to first tackle highway driving," a spokesperson from Waymo told The Register. "It's a natural environment to start this deployment due to the large number of highway miles, which are often the most tiring stretches for humans to drive, and which are a large opportunity to improve efficiency in the industry."
India has accused ride-sharing companies of over-charging loyal customers who regularly take the same route, and directed six platforms to become part of a scheme that offers third-party grievance handling services.
The directive to join the scheme was issued during a meeting with officials of India's Department of Consumer Affairs, attended by Ola, Uber, Rapido, Meru Cabs and Jugnoo. The platforms were advised to improve responses to customer concerns and rights and directed to become "convergence partners" in India's National Consumer Helpline. Such partners are required to accept and resolve consumer grievances reported to the Helpline.
The Department said ride-sharing companies need to sign up for the helpline for reasons including that their algorithms set fares in ways that are not easy to understand – sometimes even charging loyal customers higher rates than first-timers on the same route.
Some tech companies are tightening their belts as they adjust to ongoing financial turbulence, with Uber and Meta both looking to reduce expenses and hiring.
Uber CEO Dara Khosrowshahi told employees in an internal email that the ride-hailing service is going to try harder to stop losing so much money. Khosrowshahi's email, obtained by CNBC's Deirdre Bosa, begins, "It's clear that the market is experiencing a seismic shift and we need to react accordingly."
The memo says hiring will be more cautious and promises cost cutting.
Machine learning alumni from Google, Uber, and Apple have started a new company to address errors in unstructured data.
CEO Vikram Chatterji was previously product management lead for Google Cloud AI. CTO Atindriyo Sanyal was engineering leader for Uber AI's Michelangelo platform and was a founding engineer for SiriKit at Apple. VP of Engineering Yash Sheth led Google's speech recognition team.
Galileo, their new venture, was founded in November 2021, operating under stealth until today's announcement.
Updated Gig workers have urged London Mayor Sadiq Khan to force Uber to give its app drivers a better deal on pay as the ride-hailing biz seeks to renew its license to operate in the British capital.
The App Drivers and Couriers Union (ADCU) wants Mayor Khan to enforce a UK Supreme Court finding that Uber drivers are workers and not self-employed contractors.
As workers, the app-hailed drivers are entitled to at least minimum wage and paid holidays, the union said. It went on to claim that due to the way Uber pays drivers, it doesn't meet minimum wage, and drivers should therefore get more money.
Enterprises need to create a more strategic alliance between their application security and cybersecurity teams if they are going to better protect themselves against cyberthreats.
Organizations can no longer wait for attacks to happen and then respond, according to Sean Wright, principal application security SME at Immersive Labs, creators of an enterprise platform that measures the cyber capabilities of their workforce. Instead, they need to embrace the shift-left mantra that calls for more security-related tasks – with testing being a big one – being performed earlier in the software development process, essentially weeding out potential flaws and vulnerabilities before they're compromised by attackers.
The end result should be to reduce the risk to the organization, Wright told The Register.
There is a live cross-site scripting (XSS) vulnerability in takedowns website DMCA-dot-com's user interface. It's existed for more than a year and the site's operators don't appear to be interested in fixing it.
Infosec researcher Joel Ossi, founder of Dutch security firm Websec, announced his findings after spending more than a year trying and failing to get DMCA-dot-com to take the XSS seriously.
"I registered at DMCA at first with an intention to protect my own website," he blogged, explaining that he found unescaped free-text entry boxes in the DMCA user interface allowed him to create an XSS.
A security bod scored a $100,500 bug bounty from Apple after discovering a vulnerability in Safari on macOS that could have been exploited by a malicious website to potentially access victims' logged-in online accounts – and even their webcams.
Ryan Pickren, last seen on The Register after scooping $75k from Cupertino's coffers for finding an earlier webcam-snooping flaw, said the universal cross-site scripting (UXSS) bug in Safari could have been abused by a webpage to hijack a web account the user is logged into, which would be bad. It was also possible to activate the webcam.
Pickren told El Reg the flaw granted "full access to every website you've visited in Safari, meaning that if you're visiting my evil website on one tab, and then your other tab, you have Twitter open, I can jump into that tab and do everything you can from that screen. So it does allow me to fully perform an account takeover on every website you visited in Safari."
Uber Technologies' munchies delivery service, Uber Eats, has set its sights on another growth industry in the Canadian province of Ontario, Reuters reports.
Yeah, it's weed. Canada legalised cannabis in 2018, and since then the market has taken off to be worth CAD$5bn (£2.9bn, $3.9bn) a year – helped along by the pandemic leaving tokers homebound with not much else to do but, well, toke.
Uber CEO Dara Khosrowshahi has already made overtures to the marijuana market in the US, where the psychoactive plant has been largely decriminalised but remains illegal in some states, telling CNBC in April: "When the road is clear for cannabis, when federal laws come into play, we're absolutely going to take a look at it."
Biting the hand that feeds IT © 1998–2022