Why citizens need encryption as a fundamental human right; Here’s how almost anyone can wiretap the internet; Skype, WhatsApp, and Yelp access your data hundreds of times; 20 Apps To Help Students Power Through; Thanksgiving tech support survival guide (2015 edition); 8 Gifts For Your Grandparents That They Won’t Just Toss In A Drawer; Text Fairy is the Android OCR app you’re looking for; Bing Maps update adds traffic camera video feeds; Yahoo! locked Adblock users out of their inboxes; Five free tools for building websites; Second Dell backdoor root cert found; World’s most complex cash register malware plunders millions in US; For privacy and security, change these iOS 9 settings right now; Hot or Not? Twitter Bot Judges Your Selfies; Here’s the tech you shouldn’t buy on Black Friday; Xbox One and Xbox 360 Free Games With Gold for December 2015; 7 features to look for in a home security camera.
Why citizens need encryption as a fundamental human right – Some government agencies use terrorist attacks to justify limiting encryption. TechRepublic spoke with two UN reporters who explained why encryption is critically important for all citizens.
Here’s how almost anyone can wiretap the internet: A lesson in why encryption today is more important than ever – Wiretapping isn’t as difficult as you might think. Kevin Mitnick, a former black hat hacker turned security consultant, can do it in just a few minutes. Using a test-bed setup, Mitnick demonstrates in a video first published earlier this year how to perform a man-in-the-middle attack to get access to your email, your passwords, and even your bank account by tapping into a commonly-used fiber optic connection. Anyone with basic, off-the-shelf equipment can do the same. Using a fiber optic coupler, Mitnick is able to conduct a simple wiretap without breaking into the fiber itself. From there, he’s able to demonstrate accessing emails on the wire, passwords, and other content, highlighting not only how weak our networks are by default but also how important encryption is to everyone. The attack is almost impossible to detect, but it is entirely preventable. Good encryption is the answer, said Mitnick.
Without encryption, anyone wiretapping your connection can read your emails — and worse. (Image: Kevin Mitnick/ZixCorp)
Skype, WhatsApp, and Yelp access your data hundreds of times, but nobody knows why – Skype, WhatsApp, and Yelp have accessed my contacts list data thousands and times, and none of the companies are sure why. Over three days, Skype accessed my contacts list 3,484 times. WhatsApp wasn’t much better, accessing my contacts list a total of 2,449 times. (Both figures were accurate at the time of writing.) Yelp, on the other hand, was far lower, yet still significantly higher than any other app, accessing my contacts list 165 times. Skype, WhatsApp, and Yelp all have wide access to the Android devices they’re installed on, as well as iPhones and iPads — including cameras, microphones, and more — but also crucially, contacts. Your contacts list isn’t just sensitive to you, but it’s also personal information for everyone else on that list. Uploading that data literally thousands of times in just a few days seems more than excessive.
9 ways to keep your Windows computer safe – For today’s criminals, the Internet’s where the action is. Compared to traditional muggers and burglars, cybercrooks make more money with less risk. And that means that us honest folk have to be extra cautious. Protecting yourself in cyberspace is more complex than locking your door or keeping a hand on your bag. I’m concentrating here with protecting your Windows PC.
Thanksgiving tech support survival guide (2015 edition) – Thanksgiving is a time of year which sees “the techies” and “the non-techies” come together, and chances are that you being the techie, the non-techies will spot you and hunt you down — The Walking Dead style, albeit slower thanks to the tryptophan — in search of “help”. With this in mind, I’ve put together what I call a “Turkey Day” tech support survival guide. While I’ve called it a “Turkey Day” guide — I’m certain that it will work just as well at other times of year — this seems to be the time of year when the techie’s superhero skills seem to be in greatest demand.
Here’s the tech you shouldn’t buy on Black Friday – Wait! Before you fight the crowds to plunk down your hard-earned cash, make sure that a Black Friday deal is really a deal.
20 Apps To Help Students Power Through – The second half of the semester is always the most hectic, with exams to study for, papers to write, and partying yet to be done. In order to make your life less stressful, stay healthy and help you finish with strong grades, here are some handy apps to download and sites to bookmark.
Xiaomi Mi Pad 2: Looks like iPad mini, runs either Android or Windows 10 – The 7.9-inch slate with 326 ppi display looks familiar on the outside. Boot it up or look at the internal components and you’ll see the difference which can be had for as little as $156.
Text Fairy is the Android OCR app you’re looking for – This app can scan text from images on your device (previously taken by your camera or from Google Drive) or scan text from photos taken immediately by the camera. The best part is the OCR of Text Fairy is really, really accurate. Top that off with the fact that Text Fairy is free (of price and ads) as well as open source ( download the source), and you have the makings for one of the best OCR apps on the Google Play Store.
7 features to look for in a home security camera – One of the greatest tools in home security is the networked security camera. They come in an array of sizes and shapes, and they have a laundry list of features that can make choosing just one rather difficult. Here is a breakdown of some of the more common security camera features you should consider before biting the bullet.
8 Gifts For Your Grandparents That They Won’t Just Toss In A Drawer – Buying tech gifts for grandparents can be tough, depending on how interested they are in technology in the first place. One of my grandmothers is using the same television she used in 1975, her cable box passing through a crazy series of converters to make it compatible. My other grandmother hits me up on FaceTime about once a week. Some grandparents read TechCrunch every day. With this guide, we’ve tried to find a balance: things that just about anyone would like, but that grandparents on either side of the tech-loving spectrum should love.
Hot or Not? Twitter Bot Judges Your Selfies – The best selfies contain women with over-saturated faces; the worst: low lighting and too many people.
Bing Maps update adds traffic camera video feeds – Microsoft has updated Bing Maps with a new traffic camera option that allows users to view video feeds from one of thousands of traffic cameras located around the globe. The idea is that seeing the actual current conditions beats out any weather and traffic report, and also gives travelers a bit of an idea of what to expect in a region. The feature allows multiple camera feeds to be monitored at once, as well. The update adds more than 35,000 traffic camera video feeds from 11 countries. The feature can be found under the “Traffic” layer on Bing Maps, with the cameras being shown as small camcorder icons on mapped roadways. Clicking one of the cameras pulls up the video feed in a window over the map.
Yahoo! locked Adblock users out of their inboxes – More and more of you are using ad blocking software, and more and more content providers are looking for ways around them. Yahoo’s latest gambit: preventing Adblock users from accessing their inboxes. It all started last week. Around the 19th, a handful of Adblock users began seeing a screen like the one embedded below when they tried to sign in to their Yahoo! Mail accounts. The query string in the address bar (launch?reason=ADBLK_TRAP) made it pretty clear what was going on.
Investigating Sleep states in Windows 10 – What exactly happens when your system takes a snooze? Gain more insight into Windows 10 energy usage by learning about each of the six power states.
Encrypted Messaging App SOMA Launches Group Voice And Video Calling – Users can now use the app to video chat with up to four friends from phones running both iOS and Android. According to the company, it is the only app to offer encrypted group video calling for free. The app already has offered messaging for up to 500 people, making it a communication tool for businesses and even a hospital. Built in the SOMA neighborhood of San Francisco, the name also is an acronym for Simple Optimized Messaging App. The encrypted messaging app launched in July, and its makers claim it is “safe enough for the CIA.” However they don’t market it to the government for one reason — not enough customers.
Five free tools for building websites – With the help of these apps, you can build a topnotch website without spending a dime. And they aren’t just free–they offer a rich assortment of features for both newbies and seasoned web builders.
Windows 10 November update was pulled for forgetting privacy settings; it’s now back – The mystery behind the removal of the Windows 10 November Update, version 1511, has been revealed. Last week Microsoft received reports that, when upgrading from the Windows 10 July release to the November update, four privacy-related settings were getting reset to their default values. Concerned that there might be a significant problem, Microsoft removed the November Update from Windows Update for existing Windows 10 users and also removed the updated Media Creation Tool used to create install media. Microsoft has now fixed the upgrade/installation process to properly preserve these settings, and the November Update has once more been made available to Windows 10 users through Windows Update. The updated Media Creation Tool has also been restored, re-enabling clean installs of version 1511.
YouTube Kids Faces Further FTC Complaints Related To Junk Food Ads Targeting Young Children – According to the new complaints, a number of big-name brand advertisers including Coca-Cola, Oreo, Kellogg, General Mills and more, have broken their pledges to not advertise their products – including Coke, Coke Zero, Pop-Tarts, pizza and Oreo cookies, for example – to young children. YouTube Kids, YouTube’s first app aimed at the preschool set, was initially thought of as a relief for parents who wanted an easier way to keep small children from stumbling upon YouTube’s more adult fare. But the app, which is effectively this generation’s version of TV in terms of its presence in the lives of children, has faced controversy and complaints from consumer advocacy groups, and even U.S. Senators, concerned about the app’s content and its advertising.
3 ways to address looming big data privacy and security issues – Big data privacy and security issues are areas to watch for two reasons: 1) there are many unanswered legal questions, and 2) the law always lags technology. Let’s first take a look at the data privacy issue from the perspective of the consumer.
For privacy and security, change these iOS 9 settings right now – Before you do anything on your new iPhone or iPad, you should lock it down. Here are the important tweaks you need to protect your privacy.
Prevent apps from uploading your data
Second Dell backdoor root cert found – A second root certificate has been found in new Dell laptops days after the first backdoor was revealed. The DSDTestProvider certificate was first discovered by Laptopmag. It is installed through Dell System Detect into the Trusted Root Certificate Store on new Windows laptops along with the private key. Dell has been contacted for comment. The Texas tech titan has called the first certificate gaffe an “unintended security vulnerability” in boilerplate media statements. Carnegie Mellon University CERT says it allows attackers to create trusted certificates and impersonate sites, launch man-in-the-middle attacks, and passive decryption.
What you need to know about Dell’s self-signed certificate blunder – Whoops, said Dell, effectively, we’re going to have to go ahead and remove this bit of software from your computer before it becomes a problem. This week Dell was discovered to have installed a piece of code by the name of “eDellRoot” on a number of Dell computers. This code is a “certificate” inserted by Dell that would allow them to access a Dell computer when it needed to be serviced – when you call tech support, for example. Unfortunate for them, this certificate also left a hole in the security of the computers in which it was installed.
World’s most complex cash register malware plunders millions in US – The world’s most complex sales till malware has been discovered … after it ripped millions of bank cards from US retailers on the eve of post-Thanksgiving shopping frenzies. The ModPOS malware has pilfered “multiple millions” of debit and credit cards from the unnamed but large retail companies incurring millions of dollars in damages. The attackers have operated in a low-key, ultra professional manner since late 2013 and has only come to light after weeks of painstaking reverse-engineering efforts by malware experts. They have kept mum, too. Cybercrime forums are entirely devoid of references to the malware.
Amazon resets some passwords, cites vague ‘issue’ as reason – Some Amazon users have received notifications stating the company has reset their accounts passwords due to a possible issue, the nature of which isn’t clear. Both Amazon.com and Amazon.co.uk users saw the message appear in the account’s message center, as well as in email. The move was one made out of an “abundance of caution,” according to the email, but the company hasn’t explicitly stated why it decided to act in such a manner.
Tor Turns To Crowdfunding To Lessen Its Dependence On Government Money – Tor, the network that facilitates hidden communications and secure Internet activity, has begun accepting donations in a move aimed at lessening its financial dependence on the U.S. Government. The organization, which The Verge reports as relying on government donations for 80-90 percent of its financial backing, kicked off its campaign with a brief profile of Laura Poitras, the filmmaker behind the documentary on the Edward Snowden-NSA leaks and a leading privacy advocate.
Apple Has Acquired Faceshift, Maker Of Motion Capture Tech Used In Star Wars – As the market for virtual reality technology continues to grow, Apple has made an interesting acquisition that could further its role in the space. TechCrunch has confirmed that Apple has snapped up Faceshift, a startup based in Zurich that has developed technology to create animated avatars and other figures that capture a person’s facial expressions in real time.
Two dozen Disney IT workers prepare to sue over foreign replacements – At least 23 former Disney IT workers have filed complaints with the federal Equal Employment Opportunity Commission (EEOC) over the loss of their jobs to foreign replacements. This federal filing is a first step to filing a lawsuit alleging discrimination. These employees are arguing that they are victims of national origin discrimination, a complaint increasingly raised by U.S. workers who have lost their jobs to foreign workers on H-1B and other temporary visas.
HP bows out with a 9 percent drop in sales – It was an inglorious ending but not a surprising one: The former Hewlett-Packard Co. logged an 9 percent drop in sales for its last quarter before the split, perhaps a sign that it’s better off in two pieces.
Microsoft blames layoffs for drop in gender diversity – Microsoft has blamed a drop in its workforce’s gender diversity on the thousands of layoffs it made to restructure its phone hardware business.
Tango, Chat App Unicorn, Lays Off 9% Of Staff Following Failed Move Into E-Commerce – Tango, the mobile messaging unicorn that reached a billion-dollar valuation when Alibaba invested $280 million in it early last year, has laid off around 9 percent of its workforce after it shuttered a brief effort at e-commerce. The Mountain View-based company launched an in-app commerce feature powered by Alibaba and Walmart back in May of this year, initially in the U.S. market, but it has confirmed to TechCrunch that ‘Tango Shop’ was closed down last month, leading to the lay-off off around 30 employees working on it.
Games and Entertainment:
GOG.com sale slashes 50 percent off The Witcher 3: Wild Hunt’s price – One of the year’s best RPGs is now one of the year’s best sales.
Developer brings unofficial PS4 streaming to Windows – With the latest update, Xbox One owners have been able to stream their games to their Windows 10 PC. This is handy for those times when the TV is tied up by someone else. For PS4 owners, your only real option for streaming is to pick up a Vita, or use a Playstation TV and use another TV. However, one person has been perfecting a method that will allow you to stream your PS4 games to any PC in the house.
Bethesda releases Fallout 4 Beta update for PC – Last week, Bethesda promised that it would roll out updates to Fallout 4 at a more frequent rate than they have with past titles. That’s a promise that was kept. Today, the developer has released a beta for the game’s first patch on the PC. Beta update 1.2.33 will let players remap the number pad keys. In addition, Remapping Activate now works on Quick Container. The fixes this patch brings include:
‘Uncharted: Nathan Drake’ PS4 Bundle Gets Black Friday Discount – Not to be outdone by the Xbox One Black Friday deals, Sony will also be offering a discounted bundle for its PlayStation 4. Starting this Friday, Nov. 26 and lasting until Cyber Monday, Nov. 30, customers will be able to purchase the Uncharted Nathan Drake Collection PS4 Bundle for $299 ($369.99 in Canada) at select retailers. The bundle includes a 500GB PlayStation 4, and the PS3-era Uncharted titles Uncharted: Drake’s Fortune, Uncharted 2: Among Thieves, and Uncharted 3: Drake’s Deception. Each game has been optimized for the PS4, with 1080p resolution and running at 60 frames per second.
Xbox One and Xbox 360 Free Games With Gold for December 2015 – Microsoft today announced the free titles that will be available to Xbox Live Gold members in December, a list which includes a bonus Xbox 360 game. On Xbox One, The Incredible Adventures of Van Helsing will be free throughout the month of December. Starting on December 16, Thief will join it as a free download. On Xbox 360, CastleStorm will be free for the first half of the month. On December 16, it’ll be replaced by Sacred 3 and, as an extra gift for the holidays, Operation Flashpoint: Dragon Rising. The full schedule for December’s Games With Gold lineup follows below.
Off Topic (Sort of):
10 Tech Buzzwords And How To Explain Them To Your Extended Family – One of the nice things about living in the Bay Area or another technology hub is that everyone speaks the same language – there’s common jargon. As nice as going home and meeting family is, your language is going to need a bit of a readjustment. Here’s a list of some tech buzzwords that you can explain to your family when you’re not quietly moving your grandparents from Internet Explorer to Firefox.
Biowearables – Biowearables are devices that can be worn by consumers to collect data from their bodies.
Domino’s Easy Order Button is a ninja turtle’s dream come true – In their neverending quest to make the pizza ordering process as painless as possible, Domino’s is willing to try anything. Their latest creation lets you place a delivery order with a single button press. They call it the Easy Order Button, and it’s sort of like an Amazon Dash for Domino’s Pizza. It’s not a standalone device, however. It’s a Bluetooth peripheral, so it needs to be paired with your phone or tablet and you also need to have the Domino’s app installed. Once you’ve got that all squared away, you can tap the button to set the pizza delivery wheels in motion.
Two-thirds of the world can’t pass this basic financial literacy test. Can you? – Two-thirds of people around the world failed a short test of basic financial concepts. The five-question test—created by Standard & Poor’s, Gallup, the World Bank, and George Washington University—was posed to 150,000 people in more than 140 countries last year. It tests understanding of risk, inflation, interest, and compound interest. To pass, people had to demonstrate competency in three out of four topics. Yet just 33% of people were able to do that. See how you fare on this slightly modified version of the quiz. After each question, we’ll tell you how various countries did on it, too.
Google’s soaring piracy link-removal requests hit 65 million last month – Copyright owners and “reporting organisations” last month requested over 65 million URLs be removed from Google’s search results, up from 30 million a month just over a year ago. And those figures exclude requests concerning copyrighted content on YouTube. Piracy link takedowns in search dwarf the 1.2 million URLs Google has assessed under European privacy law since May and the few hundred URLs targeted by governments each year. The new piracy-link record was documented earlier this week by TorrentFreak, which noted the number of links targeted for removal per day has climbed from a few hundred in 2011 to two million today.
Getting started with a career in cybersecurity – With the ongoing and seemingly never-ending flood of cyberattacks, companies and governments the world over need experienced, skilled professionals to protect, defend, and strike back. But how do you get into the lucrative cybersecurity career? David Gewirtz has some advice.
Kim Dotcom slams ‘dirty ugly bully’ Uncle Sam as extradition hearing ends – The extradition hearing of rotund web baron Kim Dotcom finally ended Tuesday, having taken three times longer than expected. Tweeting on the last day of the ten-week hearing in Auckland, New Zealand, Dotcom railed: “My defense team has shown how utterly unreliable, malicious, and unethical the US case against me is. They have exposed a dirty ugly bully.” Dotcom wasn’t in court for the final day, having limped out the previous day with back pain, but despite a stream of sarcastic and mocking tweets throughout the process, the odds could not be higher for him and three colleagues of the Megaupload file storing service.
NEW Gartner Research: The Top 10 Cloud Myths – To address popular misperceptions that surround cloud, Gartner offers a top 10 list of cloud myths to clarify how the cloud actually works.
Something to think about:
12570 deaths by gun violence in the USA last year
624 people shot and killed by police (most justifiable)
And Americans are worried about terrorists?
AdNauseam – As online advertising is becoming more automatic, universal and unsanctioned, AdNauseam works to complete the cycle by automating all ad-clicks universally and blindly on behalf of the target audience. Working in coordination with your ad blocker, AdNauseam quietly clicks every blocked ad, registering a visit on the ad networks databases. As the data gathered shows an omnivorous click-stream, user profiling, targeting and surveillance becomes futile.
dNauseam is a browser extension designed to obfuscate browsing data and protect users from surveillance and tracking by advertising networks. Simultaneously, AdNauseam serves as a means of amplifying users’ discontent with advertising networks that disregard privacy and facilitate bulk surveillance agendas.
AdNauseam joins a broader class of software systems that attempt to serve ethical, political, and expressive ends. In light of the industry’s failure to achieve consensus on a Do Not Track standard, or to otherwise address the excesses of network tracking, AdNauseam allows individual users to take matters into their own hands, fighting back against unilateral surveillance. Taken in this light, the software follows an approach similar to that of TrackMeNot, employing obfuscation as a strategy to shift the balance of power between the trackers and the tracked.
TrackMeNot – TrackMeNot is a lightweight browser extension that helps protect web searchers from surveillance and data-profiling by search engines. It does so not by means of concealment or encryption (i.e. covering one’s tracks), but instead, paradoxically, by the opposite strategy: noise and obfuscation. With TrackMeNot, actual web searches, lost in a cloud of false leads, are essentially hidden in plain view. User-installed TrackMeNot works with Firefox and Chrome browsers and popular search engines (AOL, Yahoo!, Google, and Bing) and requires no 3rd-party servers or services.
TrackMeNot runs in Firefox and Chrome as a low-priority background process that periodically issues randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and Bing. It hides users’ actual search trails in a cloud of ‘ghost’ queries, significantly increasing the difficulty of aggregating such data into accurate or identifying user profiles. TMN serves as a means of amplifying users’ discontent with advertising networks that not only disregard privacy, but also facilitate the bulk surveillance agendas of corporate and government agencies, as documented recently in disclosures by Edward Snowden and others. To better simulate user behavior TrackMeNot uses a dynamic query mechanism to ‘evolve’ each client (uniquely) over time, parsing the results of its searches for ‘logical’ future query terms with which to replace those already used.
In Pursuit of Freedom – The Pushback Continues:
The Encryption Debate Isn’t Taking A Thanksgiving Break – Lawmakers and Congressional staffers may be trickling out of their Hill offices and to the airports, the encryption debate is not taking a holiday this week.
Following media reports that the terrorists responsible for the Paris attacks communicated via encrypted messaging platforms, both opponents and proponents of backdoors for law enforcement are speaking up. Yesterday Senator Ron Wyden published a blistering Medium post, where he outlined the risks of providing backdoors to encrypted communications:
“I am standing up against these dangerous proposals to ensure we act based on the facts, not fear, in the days ahead,” Wyden wrote. “Some are calling for the United States to weaken Americans’ cybersecurity by undermining strong encryption with backdoors for the government. But security experts have shown again and again that weakening encryption will make it easier for foreign hackers, criminals and spies to break into Americans’ bank accounts, health records and phones, without preventing terrorists from “going dark.”
But proponents of backdoors aren’t taking a vacation either. Today lobbying groups representing both district attorneys and police officers throughout the country released a letter calling for legislation that would enable law enforcement to be able to access encrypted communications when they obtain a proper warrant.
Cyber-terror: How real is the threat? Squirrels are more of a danger – The UK Chancellor George Osborne last week announced that the British government plans to double cybersecurity spending and establish a single National Cyber Centre.
Cybersecurity spending will rise to £1.9bn ($2.87bn) at a time of budget cuts to police and other government departments. More details are expected to come in the Autumn Statement to Parliament on Wednesday.
Speaking at GCHQ last week, Osborne claimed that the extra spending is justified in large part because cyber-jihadists are trying to take down critical infrastructure – power stations, air traffic control systems and more. Daesh, aka the Islamic State, is plotting deadly attacks on computer systems – and is close to achieving the capability, the Chancellor alleged [speech transcript here, press statement here].
“I have made a provision to almost double our investment to protect Britain from cyber attack and develop our sovereign capabilities in cyberspace, totaling £1.9 billion over five years,” Osborne said.
“If you add the spending on core cyber security capabilities government protecting our own networks and ensuring safe and secure online services, the government’s total cyber spending will be more than £3.2 billion.”
Some of the money will go into an Institute of Coding as well as fighting cybercrime. But a major focus of the spending will come in further boosting the capabilities of GCHQ to tackle Daesh killers. Neither Russian nor China (the UK’s most capable cyber-espionage adversaries) merited a mention in the Chancellor’s speech.
Daesh, by contrast, were mentioned eight times. As well as talking about the use of the “internet for hideous propaganda purposes, for radicalization [and] for operational planning,” Osborne claimed the medieval terror mob posed a growing cyber threat.
But what are the capabilities of the self-styled Cyber Caliphate? Russia is now the chief suspect in the most serious network assault ever attributed to the Cyber Caliphate group, the hack on French TV station TV5 Monde back in April. Jihadist propaganda was posted on the station’s website by miscreants who claimed they were affiliated with the Islamic State. The TV network was knocked off air for about 18 hours.
Pretty much everyone took it at face value that the Cyber Caliphate was behind the attack, and it wasn’t until weeks later, once the dust had settled, that experts published evidence that undermined the Daesh-involvement hypothesis and fingered Russians as the likely culprit.