Cyber Monday’s a holiday for hackers too; Your Black Friday mall brawl highlights; Even smart TVs can get ransomware infections; Encrypted Messaging App Telegram Leaks Usage Data; Think Twice Before Using This Wildly Popular Facebook App; Access all your cloud accounts from one location on Android; Cyber Monday tech deals that truly save you serious money; How to add any website to Windows 10’s Start menu; Where to place home security cameras, according to the data; How to turn on Windows 10’s Find My Device feature; It’s illegal to make private copies of music in the UK—again; Older Dell devices also affected by dangerous eDellRoot certificate; 10 Games Every Nintendo Wii U Player Needs; 10 Games All Nintendo 3DS Players Need; Lenovo patches serious flaws in PC system update tool; The biggest tech turkeys of 2015; Sony unlocks PS4’s 7th processing core.
Tis the season to be fraud-y: Cyber Monday’s a holiday for hackers too – You downloaded the app because it advertised fantastic holiday deals. Who could resist? You open it up and it looks like a copy of Amazon, but it doesn’t work very well. Frustrated, you delete it. Problem solved, right? Not so fast. The malicious app has already gotten its claws into your phone, collecting your personal information. Discovered by security researchers at zScaler, this is real. It’s one of many attempts hackers and fraudsters will make to take advantage of your zeal for deals.
Psych! This fake log-in page for eBay, found by security experts at Webroot, could have tricked you into handing over your credentials and potentially your credit card number. The Web page pictured is no longer active.
Screenshot courtesy of Webroot.
Think Twice Before Using This Wildly Popular Facebook App – It’s an old adage, sure. But on the Internet, it may as well be a scientific law: You don’t get something for nothing. I re-learned this most recently when I tried to see what my most used words on Facebook were. Billed as a “quiz” by a South Korean startup named Vonvon, this viral sensation spread across the social web like digital wildfire last week. But when I connected my account to “Most Used Words,” I did what I always do with Facebook apps: denied it access to anything beyond my public profile information. And as a result, the word cloud it returned was blank.
BlackBerry Confirms It Will Exit Pakistan After Rejecting Data Monitoring Demands – BlackBerry has confirmed that it is exiting Pakistan entirely in response to the national government’s continued demand to monitor user data on the Canadian company’s service. Back in July, the Pakistan Telecommunications Authority (PTA) said it would shutter BlackBerry Enterprise Services (known as BES) by December 1 for “security reasons.” The issue was thought to center around BlackBerry’s encryption of emails, BBM messages and other data from its users which prevented authorities from gaining the access to information that they deemed necessary for national security. BlackBerry kept silent at the time, but now the phone maker, which recently launched its first Android handset, has confirmed it will leave the country — with a population of 180 million people — after November 30 after it refused to grant Pakistani authorities access to its systems.
Your Black Friday mall brawl highlights – Technically Incorrect: As people rushed to get electronics, little seemed to have changed from previous years. There was pandemonium, and there were fights.
5 signs that awesome coupon is probably fake – Is Target offering a fabulous coupon that gives you 50 percent off your entire purchase? No, of course it isn’t. That coupon is 100 percent fake, but this hasn’t stopped thousands of people from sharing it on Facebook.
Online tracking by news organizations is excessive, say researchers – The extent to which The New York Times, The Los Angeles Times, and other news organizations employ third-party tracking may come as a surprise.
Encrypted Messaging App Telegram Leaks Usage Data – Even if an app allows encrypted communication, there are often still ways to find out about the people using it. Bearing that in mind, a researcher has found that just about anyone can snoop on the activity of Telegram users, and potentially figure out who they are talking to, by using a third party piece of software.
Pro tip: Access all your cloud accounts from one location on Android – Tired of navigating between various cloud apps on your Android device? If so, Jack Wallen shows how to centralize all your cloud accounts with the help of ES File Explorer.
Google’s Version of Facebook Instant Articles Coming Soon – The company says that the project has attracted publishers and advertisers of all kinds.
Twitter bot uses ‘forgery algorithm’ to turn selfies into art – You probably saw the trippy pictures produced by Google’s neural networks this past summer, and maybe you even created a few yourself. There’s a new and similar tool out there, but it comes in the form an art forger. The Twitter bot, called “The Deep Forger”, will take your selfie or whatever image you provide and transform it into a work of art based on a style of its choosing.
Cyber Monday tech deals that truly save you serious money – We’ve sifted through the ads and the deals-that-aren’t-really-deals to find Cyber Monday tech sales that absolutely, positively don’t suck.
Best Buy Cyber Monday 2015 deals on laptops, tablets, desktops – The electronics retailer doesn’t have any eye-raising specials like on Black Friday, but has plenty of discounts if you’re in the market for a new PC.
It’s illegal to make private copies of music in the UK—again – The UK’s 2014 private copying exception, which allowed you to make personal copies of your own music, including format-shifted versions, has now been definitively withdrawn, according to The 1709 Blog. As a result, it is once more illegal to make personal backups of your own music, videos or e-books, rip CDs and DVDs to standalone digital files, or upload your music to the cloud. The UK’s new private copying exception had been in a state of legal limbo following a judicial review of the legislation in June, which had been sought by the British Academy of Songwriters, Composers and Authors, the Musicians’ Union, and UK Music.
How to turn on Windows 10’s Find My Device feature – The Windows 10 November update has a lot of nice little updates in it including the ability to turn on a smartphone-style Find My Device feature.
How to add any website to Windows 10’s Start menu – Chromebooks aren’t the only PCs that can treat web pages as apps. You can do it in Windows 10 too.
Where to place home security cameras, according to the data – Around 65.8 percent of burglaries in the US are residential and a well-placed camera can help identify intruders. If your security cameras are placed in the wrong areas, you may not be as protected as you think. Here are a few tips for putting your security cameras where they will do the best work.
Port Fail VPN security flaw exposes your true IP address – A serious security flaw in VPN protocols used by companies en masse exposes the real IP addresses of users.
VPN bug poses privacy threat to BitTorrent downloaders – A bug affecting some VPN services can be used to figure out a computer’s real IP addresses, including those of BitTorrent users, which could pose a huge privacy and possibly a legal risk.
Connected cars gather too much data about drivers, say motorists associations – Car drivers may imagine they have greater privacy than public transport users, but that isn’t necessarily the case in modern, connected cars, European motoring organizations warned this week. To help identify faults or plan maintenance, manufacturers are able to gather performance data from connected cars such as the total distance travelled, or the length and number of trips made. But drivers may be unaware of just how much other information such cars allow manufacturers to gather about them. A study conducted by German motorists organization ADAC for European lobby group FIA Region 1 found that in addition to trip and distance data, one recent model reported maximum engine revolutions, the status of vehicle lights — and far more besides.
Even smart TVs can get ransomware infections – It’s bad enough that some smart TVs track all your viewing by default and upload it to remote servers. Now, Symantec has figured out how to infect a TV with ransomware. That’s bad news, because if the good guys have figured out how to do it, the bad guys probably have too. The worst part? Symantec’s Candid Wueest says it really wasn’t all that hard to do, either. Smart TVs, Wueest points out, generally run one of four operating systems: Android/Android TV, Web OS 2.0, Firefox OS, or Tizen. If that’s true for your TV, there’s a very good chance that a vulnerability that affects the stock OS affects your set, too.
A children’s toy company exposed data on 4.8 million parents and 200,000 kids – An unidentified hacker was able to extract nearly 5 million credentials from the website of children’s toy manufacturer Vtech, according to an exclusive report from Motherboard. The hacker, who obtained the data through a SQL injection attack, says he has no plans to release the information. Still, it’s possible that less scrupulous actors also attempted to exploit the security flaw. That would put 4.8 million customers at risk, as well as information on 200,000 customer children whose data is also included in Vtech’s databases. Customers can see if their data is compromised at HaveIBeenPwned.com, and the site’s proprietor, Microsoft developer Troy Hunt, has further thoughts on the breach here.
Older Dell devices also affected by dangerous eDellRoot certificate – After the certificate’s existence came to light earlier this week, Dell said that it started deploying the certificate through a Dell Foundation Services version released in August. This led many people to believe that only Dell devices bought since August were affected. That’s not true. Older devices that had Dell Foundation Services (DFS) installed might also have the certificate, if the tool was configured to receive automatic updates. A Dell Venue Pro 11 convertible Windows tablet in PCWorld’s possession that was bought in April was affected.
A Dark Web Vendor Is Selling Millions of Hacked Cam Girl Site Tokens – MyFreeCams (MFC), one of the most popular cam girl sites on the internet, can’t catch a break at the moment with its security. After Motherboard reported that the site deployed truly terrible password security for both its models and users, we’ve now found out that someone is advertising hacked “tokens” for MFC on the dark web. These tokens are usually purchased directly from MFC, but the hacker is claiming to sell hundreds of thousands of dollars worth at a major discount.
Lenovo patches serious flaws in PC system update tool – The vulnerabilities could allow attackers with access to limited user accounts to gain administrator privileges,
Millions of embedded devices use the same hard-coded SSH and TLS private keys – Thousands of routers, modems, IP cameras, VoIP phones and other embedded devices share the same hard-coded SSH (Secure Shell) host keys or HTTPS (HTTP Secure) server certificates, a study found. By extracting those keys, hackers can potentially launch man-in-the-middle attacks to intercept and decrypt traffic between users and millions of devices.
Judge: There’s no proof Yelp manipulates reviews – A federal judge has thrown out a lawsuit alleging Yelp manipulated reviews in an attempt to coerce businesses to buy advertisements. Lawyers representing a Yelp shareholder filed suit in August of 2014, saying that the company had misled investors with false statements about the veracity of its reviews. The complaint, which sought class action status, was filed four months after The Wall Street Journal revealed that the Federal Trade Commission had received more than 2,000 complaints about Yelp. The WSJ article roughly correlated with a significant drop in the value of Yelp stock.
VW forced to recall all 3.0L diesel cars and SUVs in California – The original recall for VW diesel cars in the US focused only on the four-cylinder versions. That recall has now officially expanded with the California Air Resources Board (CARB) forcing VW to recall all of its cars and SUVs that use the larger 3.0L diesel engine within the state.
Lenovo and Razer unite to build a new range of gaming PCs – The world’s biggest PC vendor is getting serious about gaming, and it’s recruited one of gamers’ favorite peripherals brands to help it establish its legitimacy. Lenovo and Razer today announce a major new partnership that will see them co-brand a range of Razer Edition Lenovo PCs, starting with the Y series of desktop towers that made their debut at IFA in September. The first prototype product of this collaboration is on show over at the Dreamhack Winter LAN party in Sweden today, and the two companies have ambitions to extend their relationship into joint product development as well.
Facebook Offers All Employees 4 Months of Parental Leave – All new moms, dads, and same-sex partners at Facebook will receive four months of paid parental leave.
Games and Entertainment:
10 Games All Nintendo 3DS Players Need – Make this generation’s best handheld even better with these excellent titles.
10 Games Every Nintendo Wii U Player Needs – The system with the best first-party exclusives of this console generation continues to delight with highly entertaining, original titles.
Block Star Wars spoilers with this Chrome extension – With the first Star Wars movie in a decade coming out soon, there’s one thing that we’re all trying to avoid: Spoilers. It can be easy to avoid spoilers for smaller movies and TV shows, but with a franchise as big as Star Wars, it can seem almost impossible. Thankfully, you can use technology to censor such things for you.
‘Dead or Alive Xtreme 3’ Bikini Malfunctions Are Too Hot for America – Dead or Alive is a frenetic fighting game series much like Street Fighter, but it’s also the birthplace of some particularly buxom women, which is why publisher Koei Tecmo also makes Dead or Alive Xtreme, a spinoff that shines a spotlight on its female characters. Instead of pummeling each other with punches and kicks, in Dead or Alive Xtreme, players engage in poolside activities and other mini-games with the bikini-clad Dead or Alive women. It’s meant to be simple, titillating fun, and for some players, a reason to ogle the characters. For the first time, the latest version of the game won’t be published in North America and Europe.
Decide ‘Who Must Die’ in This Live Action Investigation Simulation – Ready for a harrowing imaginary scenario? You’re a doctor who’s been given the extremely difficult task of determining who, among three unique patients, is infected with a peculiar virus. The fate of humanity rests in your hands as you analyze the patients in your care for specific symptoms and subject them to various experiments. You could make the guard perform the experiments required for the good of humanity if it’s too disturbing for you, but in the end you’re the one tasked with making the choice that’s also the title of the game: Who Must Die?
You’ll keep an eye on your patients using these eerie screens. Image: Antoine Gargasson.
Sony unlocks PS4’s 7th processing core – Microsoft had closed the performance gap to Sony, but with this core unlock the PS4 is sure to pull further ahead of the Xbox One again. The impact of this change won’t be seen immediately, but games in development for Sony’s console right now should be able to take advantage of the extra performance this will offer. The end result seems inevitable: the PS4 will increase the performance gap to its rival.
Off Topic (Sort of):
Mark Zuckerberg and Bill Gates Join Forces To Invest in Clean Energy Technology – The founders of Facebook and Microsoft are teaming up to solve climate change. Mark Zuckerberg announced today that he and his wife, Priscilla Chan, have launched the Breakthrough Energy Coalition with Bill Gates to invest in zero-carbon energy technology around the world. The organization’s membership roster includes some of the most prolific names in technology, including Richard Branson, Jeff Bezos, Jack Ma, and Masayoshi Son. The news was timed to coincide with the U.N. Climate Control Conference, which will take place in Paris this week. During the event, Gates and U.S. President Barack Obama are expected to unveil a significant new initiative called Mission Innovation, which will work with governments to double public investments in energy research over the next five years.
10 Things I Learned From My 3D Printer: An Early Adopter’s Diary – How can I possibly describe what it’s like using a 3D printer for a year? It’s not easy. It’s sort of like asking someone why they like sunsets or the opera. Instead, let me describe the 10 things I learned over the last year—and what you can expect to go through yourself after you open the box of what I call “the best Christmas present ever.”
A piece of SpaceX’s Falcon 9 rocket is sitting on a beach in England – A piece of SpaceX’s Falcon 9 rocket has apparently been recovered in the UK, nearly five months after the spacecraft exploded in mid-flight. As the BBC reports, a 32-foot-long part of the rocket was found floating near the Isles of Scilly, an archipelago off Great Britain’s southwest coast. The coast guard pulled it ashore with the help of local boaters, and it’s now under guard on a beach.
(Tresco Island / Twitter)
The biggest tech turkeys of 2015 – The year’s most notable embarrassments in technology run the gamut from the industry’s inability to secure our personal data to the blunders of Airbnb, Twitter and Tinder.
“Enough shovels to go around”: Ars looks back at the lies of the Cold War – In the 1950s and 1960s, the US government went through the motions of trying to prepare the American public for nuclear war. The Federal Civil Defense Administration (which would later become the Office of Civil Defense within the Department of Defense, and then eventually the Federal Emergency Management Agency) produced an array of educational films to educate people on how to evacuate cities—and what to do if there was no time for evacuation because of a surprise attack. These films tried to make planning and practicing for attacks a routine part of being a homeowner. FCDA even published specifications for building home fallout shelters—specifications that would raise their head again in the 1980s.
Amazon Shows Off New Prime Air Drone With Hybrid Design – Amazon delivered a lovely update on its ‘Prime Air’ project today — almost exactly two years after it showed the first iteration of its drone. You know, the flying delivery drone that some thought was a massive joke meant for April 1st. Included are some high-res shots and two new videos.
Watch cars levitate — there’s a down-to-earth explanation – In China, cars roll up to a junction, lift off the ground and spin bizarrely. A weird magnetic field? Or something more prosaic?
Something to think about:
“I’ve missed more than 9000 shots in my career. I’ve lost almost 300 games. 26 times I’ve been trusted to take the game winning shot and missed. I’ve failed over and over and over again in my life. And that is why I succeed.”
– Michael Jordan
Plants vs. Zombies™ 2 – Play the sequel to the hit action-strategy adventure with over 30 Game of the Year awards. Meet, greet and defeat legions of zombies from the dawn of time to the end of days. Amass an army of powerful plants, supercharge them with Plant Food and power up your defenses with amazing ways to protect your brain.
This app offers in-app purchases. You may restrict in-app purchasing using your device settings.
100 Million Downloads – This app has received more than 100 million overall downloads.
Winner: Best Mobile Game at E3 – Game Informer
Winner: Best Mobile Game 2013 – Mashable
Winner: Game of the Year 2013 – Slide to Play
In Pursuit of Freedom – The Pushback Continues:
NSA will stop collecting bulk phone data by the end of the day – At 11:59PM ET tonight, the NSA will shut down its systems that collect bulk phone call data from Americans across the US. The move comes as planned, precisely six months after the USA Freedom Act was signed into law.
The legislation called for the NSA to cease collection of bulk phone records, which includes metadata like phone numbers and the duration of calls. Congress provided six months for the surveillance agency to transition its systems, and now the deadline is up. Phone companies like Verizon and AT&T will now hold onto that data, and the NSA will have to apply for permission from a special court to obtain those records on a case-by-case basis. The law also increases transparency — the government will need to provide annual records revealing how many requests for data it makes.
The end of bulk phone metadata collection by the NSA comes two and a half years after security contractor Edward Snowden revealed the agency’s massive surveillance programs. While many, including President Obama, hailed passage of the USA Freedom Act as the first major step towards limiting surveillance powers since the attacks of September 11th, 2001, others noted that the law did not go far enough. The bill passed in the Senate by a 67 to 32 vote, with at least four opponents voting against the legislation specifically because it did not do enough to limit the NSA.
Could the Third Amendment be used to fight the surveillance state? – The Third Amendment to the United States Constitution is just 32 words: “No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law.”
Amongst very nerdy constitutional law circles, the Third Amendment is practically a joke. It’s never been the primary basis of a Supreme Court decision, and it only turns up rarely in legal cases. The reality is that the federal government isn’t going to be sending American soldiers to individual homes anytime soon. Even The Onion tackled the issue in 2007: “Third Amendment Rights Group Celebrates Another Successful Year.”
But in a recent op-ed in the Los Angeles Times, one California state lawmaker, Assemblyman Mike Gatto, has proposed a novel legal theory that could allow this amendment to fuel a major legal challenge to the American surveillance state:
UK ISP boss points out massive technical flaws in Investigatory Powers Bill – The head of the UK ISP Andrews & Arnold, Adrian Kennard, has pointed out a number of major technical issues with the proposed Investigatory Powers Bill (aka the Snooper’s Charter). Kennard and other representatives of the UK Internet Service Provider’s Association (ISPA) met with the Home Office on Tuesday, where they presented a number of ethical, technical, and privacy related issues with the incoming new law. These issues, plus some of the Home Office’s responses, can be found in written evidence (PDF) penned by Kennard.
Kennard’s key point is that the Internet Connection Records, which lie at the heart of the UK government’s proposals, are largely meaningless for most modern online services. He recounts that, in the Home Office briefing this week, the example of a girl going missing was used once more to illustrate why the authorities want to be able to see which services she accessed just before disappearing, in the same way that they can track her phone calls. But Kennard and the other ISPA members pointed out this example betrayed a lack of understanding of how the Internet works today: