Skip to main content

Posts

Showing posts from July, 2016

Aussie Bloke Caught Stroking The Salami By His Own Webcam

An Australian man was shocked to receive an email with a video of a man, er, pleasuring himself. That was surprising enough; but in this case it was a video of himself "choking the chicken" caught via his laptop's webcam and some malicious software. 
Oh, and the email also wanted him to cough up a large sum of money or else the video would be sent to his Facebook friends. That's the kind of stuff nightmares are made of, and it's not that uncommon in Australia these days. He wrote back. He told them to do their worst and release the footage. But then they replied with a screenshot of his Facebook friends, and personal details from his website. He realised the threat was serious. They asked for $10,000. He began negotiating. ABC Australia


And The Winner Is...Windows 10

My wheel-of-operating-systems has spun once again and landed at...Windows 10! I don't know why, but the muse took me and I just replaced Ubuntu Mate (Linux) with Windows 10 on my laptop, which is my primary PC.
It's an older but nice AMD-powered laptop with an upgraded SSD drive, and everything loaded fine and seems to be working. The one quirk so far is that the touchpad seems to act kind of "jittery" when I use two-finger scrolling; not sure what that is about, but I will look into it.
I do this pretty regularly, and have been hopping around various Linux distributions on this machine for several years. It originally came with Windows 7, and I had (briefly) tried Windows 8 and later 8.1, but it has mostly been used with Linux.
As a cheapskate of long standing, I like Linux as the various distros generally come with a lot of usable software right off the bat, and the quality is such that I usually don't feel that I am traveling "second class".
Windows…

Osram Patches LED Lamps For Security Issues

You know the Brave New World has arrived when you need to fix security issues with your IoT light bulbs. Osram moved to address flaws in their "Lightify" connected bulbs after researches at Rapid7 discovered some problems with the way the Zigbee wirless control protocol was set up. The way the Osram Lightify connected bulbs communicate is over the ZigBee wireless protocol. One of the vulnerabilities Rapid7 discovered is a ZigBee network command replay attack (CVE-2016-5054). According to Rapid7's advisory, it is possible for a malicious actor to capture and replay the Zigbee communication at any time, and replay those commands to disrupt lighting services without any other form of authentication. eWeek

Comic Con Releases The Trailers

Comic-Con 2016 has given us a few new superhero movie trailers to gnaw on while waiting for their release dates. Trailers are funny beasts; they prove that at least something has been committed to film and try to generate buzz, but can sometimes be presented or received poorly - making a good trailer seems to be an art in itself.
DC's new Wonder Woman trailer looked pretty great to me, but I enjoyed the brief glimpse of Gal Gadot's portrayal already in Batman v Superman: Dawn of Justice. There is action, humor and a more vibrant color palette on display here. Everything looked like I hoped it would, and Wonder Woman mentions Zeus, which is in keeping with the modern comic book origins.



Nintendo Classic Is Just TOO Cute

Geezer gamer alert! Nintendo has brought us a cute little homage to the original classic gaming NES platform - the NES Classic Edition. It comes with 30 classic 8-bit games and an HDMI cable to hook it up to your flat screen. The little device will come with a newly designed controller that harkens back to the original, and the whole shebang will set you back only about $60, and a second controller will be another $10. For those gamers who do keep pace with the new while wanting that blast from the past, the NES Classic Edition also can be paired with a Wii remote to play Virtual NES Console games via a Wii or Wii U.TechNewsWorld 


AT&T Embraces Flying COWs

Nothing to do with the momentarily aerial bovine in the 1996 movie "Twister", but AT&T has a plan to put flying COWs to work. The COW here is a "Cell On Wings", an airborne mini cell tower on a drone which can help augment existing cell network resources. AT&T sees them being shipped into disaster zones to provide coverage when infrastructure is damaged, flying over crowded venues to provide more bandwidth for those below, or as a stopgap measure for remote locations. TheRegister

Maxon Browser Sends Your Stuff To China

The freeware Maxon web browser has been found to send a zip file to it's makers in China containing quite the little treasure trove of data on your browsing habits and computer setup. The ZIP file contains all kinds of data about the system of the user and the internet history. Information about the system includes the CPU, memory, the adblocker status and the startpage. Also the URL of all visited websites, Google searches and a list of installed application on the system including their version number is sent to the Chinese company.The browser has an opt-in setting for users to send specific information as part of Maxthon’s ‘User Experience Program’ but whether the user has this disabled or not, the ZIP file is sent to Maxthon.[emphasis mine] The information that is sent to the Chinese company is perfect for cybercriminals to perform a targeted attack, according to one of the security researchers.
Myce

Smart Fridges: Dumb, Dumb, Dumb

Thank you; someone has written an article about why smart fridges are dumb. My contention is that in these early stages most smart devices are a dopey idea simply because:
1 - the much-needed security is SO not there yet.
2 - most of the smart devices are solutions looking for problems.
3 - because we are so early in the process, a lot of these things will end up unsupported in a couple of years (and they are usually expensive)
These objections are all brought up in this article from How To Geek, specifically referring to the smart fridge.

Juno Missed It By *That* Much, But It's All Good

After a tremendous 1.7 billion mile, 5 year journey across the solar system, the 4 ton Juno spacecraft fired its engine for some 35 minutes to slow down enough to end up in mighty Jupiter's orbit - a first for a man-made craft. After all that, Juno ended within tens of miles of the exact spot it was supposed to, and there was much rejoicing July 5th back at NASA. In reality, NASA also now sentenced its $1.1 billion (~£850M) spacecraft to die. Mission managers hope to get 37 orbits out of Juno over the next 20 months before radiation slowly breaks down its electronics and propulsion system. Even though a 1cm-thick wall of titanium encases the spacecraft’s electronics to provide some protection, a few of its nine instruments may begin to fail in as few as eight or 10 orbits. Before the spacecraft fails entirely engineers will place Juno into a slowly degrading orbit that will eventually force it to plunge into the planet. This is so that none of its potentially life bearing moons, …

One Guy. 135 Scam Tech Support Domains

I guess if you don't have any kind of internal voice telling you not to screw other people over, running a tech support scam is a good way to make some quick bucks. I guess. I also expect if you registered 135 domain names for this purpose, it wasn't really a spur-of-the-moment decision...
Security researchers have spotted an individual who registered 135 domains to host and push out tech support scams.According to MalwareHunterTeam, the individual's name and address are tied to 135 tech support scam domains, including 120 which are hosted on Internet domain registrar GoDaddy.This isn't the first time crooks have abused GoDaddy accounts for malicious purposes. For instance, back in May, a rogue advertiser hijacked poorly protected GoDaddy accounts, which they in turn incorporated into a malvertising attack that targeted two TV stations affiliated with the American CBS TV network.Graham Cluley 

Nearly Half Of Steam Gamers Use Windows 10

Windows 10 and the Steam gaming platform are a popular mix, according to recent statistics from Valve. Some 95% of Steam users are running Windows, with about 45% of the total using Windows 10, up around 6% over the last 3 months. 
I am a little surprised that Linux use is down slightly, since it was a big deal when Steam was made available on Linux. There are still not that many desktop Linux users in the big scheme of thing of course, but one might have expected the Steam number to increase steadily, since many complained that there was little quality gaming available for Linux prior to Steam. Other interesting stats revealed by the company indicate that 32.30% of Steam gamers on Windows have 8GB of RAM installed on their systems. More than three-quarters utilize Intel CPUs, while the rest make use of AMD CPUs. NeoWin

Android Full Disk Encryption Flaw Found

Google's Android operating system can provide full disk encryption, but there are some issues that make it more breakable than it should be under some circumstances. Android 5 or later, particularly if running on devices with a Qualcomm processor are demonstrably hackable, researcher Gal Beniamini has shown. While the technical details are all here, the gist of the research is that Android uses a strong 2048-bit RSA key alongside the user’s PIN, password or pattern to encrypt files. That strong RSA key makes brute-force attacks, where a computer simply tries every single possible combination of a password, almost impossible.However, the researcher proved that thanks to flaws in the way Qualcomm implements some security measures, combined with Android kernel flaws, an attacker could get that key. That means that all that stands between him and your data is your password. And we know how good users are at choosing secure passwords.NeoWin

Note To Microsoft: Enough Already!

Dear Microsoft, Windows 10 is a nice upgrade from Windows 8. We appreciate the free offer too, and we know it's ending in a few weeks.

But Microsoft, please stop with the upgrade stuff, huh? I'm pretty sure everyone that wants Windows 10 is there by now, you are just annoying everyone else at this point.

It just feels craven and slightly desperate now.
According to the KB 3173040 article, if you have Windows set to automatically install updates, and have the Windows Update "Check for updates but let me choose whether to download and install them" box checked, your machine will suddenly sprout a full-screen purple message... [my emphasis]InfoWorld