Tech Thoughts Daily Net News – August 7, 2014

Facebook Data Privacy Class Action Now Oversubscribed;  Five tech items you should stow away in your glove box;  Google Search: 5 of the most useful instant answers;  Five unanswered questions about massive Russian hacker database;  Gmail gets official “Unsubscribe” button;  Unclouded App Lets You See What’s Eating Up Your Cloud Storage;  Get your Guardians of the Galaxy fix with these 6 apps;  Fundamental ‘Fake ID’ Flaw Lets Malware Run Wild;  9 tips every Windows user should know;  The guide to password security (and why you should care);  US Homeland Security data possibly stolen in cyberattack;  What’s up with watts; how many watts do your speakers need?  AV-Test proves antimalware apps can restore infected computers;  Cyber defender Brandis is proving unfit for purpose; Top gov’t spyware company hacked; Gamma’s FinFisher leaked.

The guide to password security (and why you should care) – Reports of a massive security breach circulated this week. There are a lot of questions about the extent of this alleged breach, but if you’re concerned that your password and credentials have been taken, we recommend updating your passwords. Here’s our advice for creating a strong password you can actually remember.

Top gov’t spyware company hacked; Gamma’s FinFisher leaked – The maker of secretive FinFisher spyware — sold exclusively to governments and police agencies — has been hacked, revealing its clients, prices and its effectiveness across an unbelievable span of apps, operating systems and more.

Facebook Data Privacy Class Action Now Oversubscribed – A civil class action lawsuit being brought against Facebook on privacy grounds by Europe vs Facebook campaigner Max Schrems has hit its current maximum of 25,000 participants less than a week after the action was announced. Additional participants wanting to join the action are being asked to register their interest, via a Facebook class action website, in the eventuality of the case organizers being able to increase the number of participants.

9 tips every Windows user should know – Still need to upgrade to Windows 8.1 from an earlier version? Read this guide to learn how to do so. As for those of you who have already made the switch, we’ve compiled a list of the top tips to help make your Windows 8.1 experience more enjoyable.

Five unanswered questions about massive Russian hacker database – There’s still much that’s unclear about Tuesday’s revelation that a small group of hackers in Russia have amassed a database of 1.2 billion stolen user IDs and passwords. The company that disclosed the incident, Hold Security, didn’t offer any fresh information Wednesday, but here are five questions we’d like to see answered (and a bonus one that we already know the answer to).

Tech Thoughts Daily Tech News 2

Google Search: 5 of the most useful instant answers – Google isn’t just a search engine it’s also an answer machine. Here are five key queries you may find helpful on a day-to-day basis.

Five tech items you should stow away in your glove box – Having a few pieces of tech on-hand can make your drive a bit easier. We’re not talking about the tech baked into your car’s software, but the things you can tote around with you. From listening to music to not running out of power, these five items can make your day a bit easier on you.

Gmail gets official “Unsubscribe” button – Now that we’ve got non-latin character support, Gmail is officially doing us another big favor. If you’ve ever signed up for a newsletter, only to find yourself inundated with daily roundups of stuff you don’t care to know about, Gmail can now unsubscribe you with a single click.

Public Knowledge readies complaint on mobile traffic throttling – Digital rights group Public Knowledge will file net neutrality complaints against each of the four largest mobile carriers in the U.S. over their practice of throttling some traffic, in some cases on so-called unlimited data plans. Public Knowledge on Wednesday sent letters to AT&T, Verizon Wireless, Sprint and T-Mobile USA, telling the carriers it plans to file traffic-throttling complaints at the U.S. Federal Communications Commission. The letters are the first step toward filing a formal complaint with the FCC.

Unclouded App Lets You See What’s Eating Up Your Cloud Storage – Back when the PC was king, a number of software programs were available that would let you analyze your hard drive utilization, allowing you to delete and relocate files in order to free up more storage space. But now that we’ve moved to using cloud services, where overuse isn’t just an annoyance, but incurs additional monthly charges, gaining that same sort of visibility is more important than ever. A new application called Unclouded, launching today, helpfully analyzes, explores and assists you with cleaning up your cloud storage in an easy-to-use app offering a level of insight into your online storage usage that you may have not had before.

wps_clip_image-2910

What’s up with watts; how many watts do your speakers need? – How much is enough? 25, 50, 100 or more watts, or maybe a lot less; the Audiophiliac ponders the wattage question.

Security:

AV-Test proves antimalware apps can restore infected computers – Independent lab AV-Test confirms that certain antimalware apps do restore Windows 7 computers to pre-infection condition.

(Unless you are experienced in removing malware, don’t be overly encouraged by this news. A proper inspection by a certified computer tech is a small price to pay to ensure your personal and confidential data is in fact, malware free – or not. Especially in this age of malware chaos.)

Foursquare now tracks your location, even when you aren’t using it – The new Foursquare app has drawn some mixed reviews. Some consider it a Yelp challenger, aiming to provide you with food reviews more than a social layer. Now that Swarm is handling check-ins, Foursquare is free to do other things… like monitor you constantly. A new report from The Wall Street Journal touches on the new Foursquare permissions, and they’re uncomfortably intrusive. When you have the app on your device, you’re now allowing Foursquare to check up on you constantly. Even when the app isn’t running, it’s keeping tabs on you (so long as your phone is on, of course).

Now even Internet Explorer will throw lousy old Java into the abyss – Internet Explorer will soon join its rival browsers by automatically blocking old, insecure add-ons – and it’s got its eye set squarely on Java. Microsoft said on Wednesday that starting on August 12, Internet Explorer will begin alerting users when web pages try to launch ActiveX controls that are considered out-of-date and potentially insecure. The change mirrors similar features found in competing browsers, including Chrome and Firefox, both of which already block out-of-date and unsafe plugins.

MDM is Terrible: When Security Solutions Hurt Security – Much to Blackberry’s chagrin, most people aren’t interested in carrying a stodgy work phone along with the fun smart phone they picked out themselves. That’s why big companies have invested heavily in mobile device management (MDM). But how secure are these security tools? A recent Black Hat demonstration had surprising answers.

CryptoLocker decrypted: Researchers reveal website that frees your files from ransomware – CryptoLocker is a nasty bit of ransomware that encrypts all your files unless you fork over $300 in Bitcoin—but Fox-IT and FireEye can help you find the key for free.

Why The Gmail Scan That Led To A Man’s Arrest For Child Porn Was Not A Privacy Violation – No one will argue against the outcome of a case which saw a man arrested on child pornography charges, after Google tipped off authorities about illegal images found in the Houston suspect’s Gmail account. But the nature of how the discovery came about led some to questions about the methodologies used behind the scenes. Was Google actively scanning Gmail for illegal activity?

Man arrested after Microsoft finds child porn on OneDrive account – A Microsoft tip-off led to a man being arrested after it discovered child abuse imagery on his OneDrive account, and found that he had tried emailing similar pictures from his live.com email address.

Fundamental ‘Fake ID’ Flaw Lets Malware Run Wild – One of the best things about mobile operating systems is sandboxing. At Black Hat, Jeff Forristal demonstrated how a flaw in how Android handles certificates could be used to escape the sandbox. It could even be used give malicious apps higher privilege levels, all without giving victims a clue as to what’s going on in their phone. Forristal said that this vulnerability could be used to steal data, passwords, and even take full control of multiple apps.

US Homeland Security data possibly stolen in cyberattack – In what “has all the markings of a state-sponsored attack,” government contractor US Investigations Services reveals the probable theft of government employees’ personal information.

Company News:

Microsoft China offices raided again in government antitrust investigation – Government officials have again raided Microsoft offices in China – as well as the offices of consultancy firm Accenture, to which Microsoft outsources some of its financial work in the country.

Google Acquires Directr, An App For Shooting Short Films On Your Phone – Directr, an app that we’ve covered a few times since its launch back in 2012, has just been snatched up by Google. In an age of ultra-brief videos, Directr existed to help users and businesses shoot videos that were a bit longer than your average Vine — think ads, or promo clips, or family holiday videos.

wps_clip_image-32636

Twitter is once again toying with shopping services – Twitter is once again looking at letting its users do their shopping directly in the news stream. And this time the company seems to be serious about new shopping and commercial services

AMD to launch Radeon R7 branded SSDs this month – In April a rumor appeared that AMD was working with Toshiba to create a new range of SSDs that would be sold with Radeon branding. It turns out that rumor is true, and we are set to get three new drives branded Radeon R7 Series SSD. The R7 drives will use Toshiba’s 19nm MLC NAND combined with an Indilux Barefoot 3 controller. They are basically OCZ Vector 150 drives. Capacities include 120GB, 240GB, and 480GB options, with read and write speeds in the 450-550MB/s range. A generous 5-year warranty is also expected.

Google Could Face Lawsuit Over Autocomplete – A Hong Kong court recently gave local business magnate Albert Yeung Sau-shing the thumbs up to sue Google for defamation. Google argued that it is not responsible for autocomplete suggestions, which run on an automated algorithm, and change depending on what the lion’s share of users search for. Besides, the Asian court does not have personal jurisdiction over the U.S. search giant, Google said. But Deputy High Court Judge Marlene Ng disagreed. In her ruling, as reported by Reuters, she said that there “is a good arguable case that Google Inc is the publisher of the words and liable for their publication.”

Games and Entertainment:

Get your Guardians of the Galaxy fix with these 6 apps – If you saw the movie recently and can’t wait until the 2017 sequel to see more of these characters and their adventures, a handful of mobile apps and games can help you geek out on Guardians of the Galaxy—with a couple more set to arrive next month. Snag these downloads on your phone or tablet to learn more about the ragtag bunch of heroes and enjoy their antics, and then go see the movie again with your enhanced knowledge.

wps_clip_image-24357

California man sues Sony over Killzone’s 1080p graphics claims – The latest generation of game consoles has led to a fair share of pixel-counting debates and complaints from gamers and developers. But they all pale in comparison to the proposed class action lawsuit just filed against Killzone: Shadow Fall maker Sony Computer Entertainment, which accuses the game of falsely advertising 1080p graphics it did not deliver. In the complaint filed yesterday in California’s Northern District federal court, plaintiff Douglas Ladore notes that Sony promised 1080p single and multiplayer graphics in advertisements and interviews for Killzone: Shadow Fall before the game was released last November. The game’s packaging also features a “1080p HD video output” logo on the back of the box.

wps_clip_image-10514

World of Warcraft loses another 800,000 players in 3 months – In the last 3 months alone, another 800,000 players have walked away and stopped paying their $15 a month subscription. Losing $12 million worth of subscribers is enough to make any company take notice, but Blizzard isn’t worried. WoW still counts 6.8 million players on its servers and is planning to release new expansion Warlords of Draenor before the end of the year

wps_clip_image-31169

Sony declares end-of-life for PlayStation Mobile on Android – Perhaps it was something inevitable but a rather sad note nonetheless. Sony is pulling the plug on the PlayStation Mobile app for Android, which will completely cut off Android users running the latest versions of the mobile platform. This will ostracize even owners of its “PlayStation Certified” Xperia handsets, in favor of focusing more on Sony’s actual gaming handhelds.

wps_clip_image-192

Off Topic (Sort of):

Notes From Crazytown, Day One: The Business Of Fear – Can your computer be hacked? Yep. Can your phone be hacked? Yep. Have your passwords been harvested? Very possibly. (The NYT just reported that one Russian group has more than a billion, though it’s unclear how many are salted and hashed.) So how worried should you be, exactly? Good luck getting a real answer to that. Almost nobody has a strong incentive to give you one. You probably want a thoughtful, rational, dispassionate analysis of the security threats that you–or anybody–may face; but a fundamental problem with the security industry is that hardly anybody has any reason to provide that.

Explore an underwater statue grave with Google Maps – The Cancun Underwater Museum is the location of the collection of humanoid sculptures you’re about to see. Collected by the Catlin Seaview Survey and uploaded straight to Google Maps, this exploration is free for any user to take part in, be it with your desktop computer through a web browser or on your smartphone. At this time Google Cardboard integration is unknown.

wps_clip_image-13131

We need to start talking about digital overload for our children – If you were born before 1985, then you are one of the last people in history who remembers life without the Internet. You’re carrying around memories that future generations simply won’t be able to grasp. You will remember absence in a way your children won’t be able to – unless you engineer the experience for them. Yes, this means wrestling shiny things from their desperate grip.

(The comments, following this newspaper story, illustrate how divided we are over this issue.)

7 Amazing Comet Close-Ups From the Rosetta Spacecraft – Following a decade-long meandering multi-loop de loop through the solar system, the European Space Agency’s (ESA) Rosetta spacecraft has finally reached its primary target: Comet 67P/Churyumov-Gerasimenko. What the comet lacks in a stylish name, it makes up for in historical prominence as it is the very first comet to get up close and personal with a manmade spacecraft.

wps_clip_image-27903

San Jose Police Department says FAA can’t regulate its drone use – Newly published documents show that the San Jose Police Department (SJPD), which publicly acknowledged Tuesday that it should have “done a better job of communicating” its drone acquisition, does not believe that it even needs federal authorization in order to fly a drone. The Federal Aviation Administration thinks otherwise.

Could drones get X-ray vision through Wi-Fi? – Researchers have developed mobile robots that can use Wi-Fi signals to effectively “see through” walls. It’s raising the possibility of flying drones using the technology to see inside buildings. Led by Yasamin Mostofi, a professor of electrical and computer engineering, the group at the University of California, Santa Barbara (UCSB) has shown how the radio signals sent and received by a pair of wheeled robots can provide information about what lies behind concrete walls even when the objects do not move.

Something to think about:

“The proposition that the people are the best keepers of their own liberties is not true. They are the worst conceivable, they are no keepers at all; they can neither judge, act, think, or will, as a political body.”

-     John Adams

Today’s Free Downloads:

Right Click Enhancer – A control panel for your right click menu on windows. Add most used applications and folder shortcuts in your right click menu. Manage these right click shortcuts by creating right click sub menus and putting them into these sub menus.

Easily remove or disable right click menu entries added by other applications. Save valuable time by using right click tweaks that provides easy to use quick operations directly in your right click.

Save time in copy paste operations by adding new folder shortcuts in send to menu. Add new file types into New menu to ease the operation of creating new files. Add templates files to new menu so you can get preformatted files upon creating new files and start working on it in less time.

wps_clip_image-5143

Graphic taken from a personal system.

RAMDisk - RAMDisk is Freeware (up to 4GB disk size). It creates a virtual RAM drive, or block of memory, which your computer treats as if it were a disk drive. By storing files and programs into memory, you can speed up internet load times and disk-to-disk activities, accelerate databases and reduce compile times. Save and load features allow RAMDisk to appear as persistent storage, even through reboots.

wps_clip_image-2471

Graphic taken from a personal system.

If you’re an old DOS veteran you’ll remember RAM drive (RAM Disk) – especially early gamers.   Be right back

In Pursuit of Freedom – The Pushback Continues:

Edward Snowden’s not a one-off: US.gov hunts new secret doc leaker – It appears former NSA contractor Edward Snowden is not the only leaker of secret US documents around, as the US government searches for another whistleblower in the aftermath of another leak of classified information.

CNN reports that leaked documents related to a terrorist watch list and published by The Intercept (a site founded by Snowden confidante journalist Glenn Greenwald) didn’t even exist before Snowden quit his job as a NSA contractor in Hawaii and high-tailed it from the US.

That means the former sysadmin couldn’t have siphoned off this particular piece of secret information and that some other unknown source must be behind the leak.

The Intercept’s article, published on Tuesday, covers the growth in US government’s Terrorist Screening Database, a watchlist of “known or suspected terrorists” that lists 680,000 people, many of whom have no known affiliation with a terrorist group. The article cites documents compiled by the National Counterterrorism Center in August 2013 – three months after Snowden left the US in May 2013.

The leaked database is shared with local law enforcement agencies, private contractors, and foreign governments. These are secret documents and less sensitive than the “top secret” files spirited away by Snowden.

Cyber defender Brandis is proving unfit for purpose – I used to think that cybergeddon, the much-hyped digital Pearl Harbor, was just hawkish scaremongering. Now I’m not so sure. The evidence that we’re in the midst of a cyber cold war is mounting daily — as is the evidence that one of Australia’s key defenders isn’t fit for purpose.

As industrial control system (ICS) hackers told me two years ago, while the SCADA systems that control everything from power stations and oil refineries to chocolate factories and hotel air conditioning have shockingly bad security, you need to know how the systems are set up. Knowing how to hack controller number 75454 is useless, unless you know what controller 75454 actually does, and how it interacts with the rest of the system.

But since then we’ve learned a lot about the scale and scope of cyber espionage and weapons development. Stuxnet and Flame, the worms that got so much attention back then, just hint at what must be a massive stockpile of cyber weapons.

Last November, when Kaspersky Lab founder Eugene Kaspersky was on his global cyber scare tour, his comments about the scale of espionage led me to believe that the operating manual for controller 75454 was probably scooped up long ago — along with the address of the kindergarten where the operator’s children spend their days, oh so vulnerable.

And just days ago, we learned that a Russian crime gang has stockpiled 1.2 billion usernames and passwords. “The group includes fewer than a dozen men in their 20s,” reported The New York Times. So given that, plus what we know via Mr Snowden’s work, imagine what a few thousand well-funded military or defence-contractor hackers could get up to. Or rather, have already gotten up to.

I’m guessing that a variety of nation-states have already gathered plenty of SCADA plans and logins, have already conducted plenty of drills, have already calculated how well it’d work given certain levels of failure, and have already turned it all into operating procedures. On a planet whose ape-creatures set up systems for launching thousands of thermonuclear warheads at each other on a few minutes’ notice, what’s turning off a few power stations or crashing a few oil trains into each other? SCADAgeddon will have been automated.

When the siren sounds, gentlemen, insert your keys and select “Shut down Belgium”. In brief, we’re screwed.

Which brings me to the glory that was Wednesday evening’s television appearance by Australia’s favourite Attorney-General, Senator George Brandis QC. Watch it. His brandisplaining of metadata collection in the context of the proposed mandatory data retention regime is hilarious — web surfing, the “electronic address” of a website, “computer terminals”, it’s all there.

Wikimedia Attacks Europe’s Right To Be Forgotten Ruling As Threat To Its Mission – The Wikimedia Foundation, the not-for-profit organization behind Wikipedia, has strongly condemned the recent right to be forgotten (rtbf) ruling in Europe, warning the requirement to allow private individuals to request the de-indexing of links from search results associated with their name is going to have “critical repercussions” for its online crowdsourced encyclopedia.

The Foundation also stated its intention to oppose what it dubbed the “censorship of truthful information” stemming from the European Court of Justice ruling — on the grounds that it threatens the organization’s mission to provide ‘free access to the sum of all human knowledge’. It said it will therefore be posting notices about indefinite removals of links to Wikipedia articles when it is made aware of them.

Speaking at a press conference in London this morning, at which the Foundation was also launching its first Transparency Report, Wikipedia founder Jimmy Wales, Wikimedia CEO Lila Tretikov and the Foundation’s General Counsel Geoff Brigham lined up to condemn the rtbf as compromising humans rights and freedom of expression.

CIA infosec guru: US govt must buy all zero-days and set them free – Black Hat 2014 Computer security luminary Dan Geer has proposed a radical shakeup of the software industry in hope of avoiding total disaster online.

Geer played a crucial role in the development of the X Window System and the Kerberos authentication protocol, and is now the chief security officer of the CIA’s VC fund In-Q-Tel.

And during the opening keynote of the Black Hat USA hacking conference in Las Vegas on Wednesday, he presented a ten-point plan for solving many of the problems found online. Without serious and drastic action, the technology industry will be destroyed by inaction, he suggested.

“We have to do something,” Geer told the audience of 5,000 attendees. “It’s as Einstein said about repeating the same action again and again and expecting the same result. We have to do something different.”

One of his more radical suggestions was restructuring the way the software industry handles liability. There are only two industries that have no liability problems he said – religion and software – and this needs to change for the coding community.

His proposed solution was offering two different business models. Software firms could carry on selling code, but if the programs are faulty then the companies must pay out when things go wrong. Alternatively, they can publish the source code of software, allow the user to shut down functions they don’t want, and enjoy freedom from being sued.

“Software houses will yell bloody murder and pay any lobbyist they can to scream that this will end computing as we know it,” he said. “I would respond ‘Yes please, that was exactly the idea’.”

About these ads

2 Comments

Filed under Free Software Downloads, Internet Security Alerts, Latest Tech News

2 responses to “Tech Thoughts Daily Net News – August 7, 2014

  1. Dave B.

    RE: massive Russian hacker database; This whole thing is fishy (phishy?)
    Hold Security now has a pay service ($120) to determine if you’re affected by this breach, basically attempting to profit from data “stolen” from the original thieves. That makes the firm no better than the crooks IMHO. And the page used to see if you’ve been affected requires you to enter your passwords, right after a notice that says it will never ask for your passwords. Also there are some pretty bad grammar and punctuation errors on the page. Somethings not right…

    • Hey Dave,

      Yep, totally agree. There’s too many unknowns in all of this. But, as per the usual – the tech press spins conjecture (pure BS in any language), as if it was the reality. I suspect that this “crisis”, like so many in recent months, will just fade away under pressure from the next misunderstood and overblown “crisis.”

      Have a great weekend.

      Best,

      Bill