Archive for the ‘In The News’ Category

TV failure

It’s 2015 and it would be nice to think that people had learned what makes a good password by now. They haven’t. And this list of the 25 most popular passwords of 2014—maybe also make that the worst—proves it.

SplashData’s annual list compiles the millions of stolen passwords made public throughout the year and assembles them in order of popularity. A glance down the list reveals that we’re all still morons, with “123456”, “password”, “12345”, “12345678” and “qwerty” making up the top five. No, really.

Now is clearly a good time to remind yourself not to be one of those morons, and start using sensible passwords, LastPass or some other system to keep your personal information safe. But anyway, enough of that, here’s the list. You’re welcome.
1. 123456 (Unchanged)

2. password (Unchanged)

3. 12345 (Up 17)

4. 12345678 (Down 1)

5. qwerty (Down 1)

6. 123456789 (Unchanged)

7. 1234 (Up 9)

8. baseball (New)

9. dragon (New)

10. football (New)

11. 1234567 (Down 4)

12. monkey (Up 5)

13. letmein (Up 1)

14. abc123 (Down 9)

15. 111111 (Down 8)

16.mustang (New)

17. access (New)

18. shadow (Unchanged)

19. master (New)

20. michael (New)

21. superman (New)

22. 696969 (New)

23. 123123 (Down 12)

24. batman (New)

25. trustno1 (Down 1)

 

Windows TV

Microsoft on Friday quietly urged its users to uninstall the most recent round of security updates, after reports emerged that it crippled their computers with the infamous “Blue Screens of Death” (BSoD), which is really a matter of shame for one of the largest technology giants.
Microsoft released security updates on its August Patch Tuesday that addressed privilege escalation vulnerabilities but an apparent font cache clearing issue caused Windows boxes to turn the colour of the screen to Blue.
The tech giant forced to make this decision after hundreds of complaints, regarding the infamous Blue Screen of Death error, were sent to the company. This was not the only update to be made last week.

The offending Microsoft patch identified as MS 14-045, one of the nine updates which fixes three security issues including one in the Windows kernel – the heart of the operating system – can cause system crashes forcing users to reboot it.

Soon after the initial release of the patch, the issue surfaced on Microsoft’s support forum with a post from a member named Xformer complaining of “Stop 0x50 errors,” aka blue screen after applying any of four updates (KB2982791 KB2970228 KB2975719 or KB2975331).
If you update your Windows with the update, a message flashed on the screen that reads: “Your PC ran into a problem and needs to restart. We’re just collecting some error info and then we’ll restart for you (0% complete).
Installation went smoothly. After rebooting everything worked fine. But when I shut down my notebook and switched it on a little later it came up with a blue screen with a Stop 0x50 in Win32k.sys. I could not even boot into safe mode as Windows failed to start no matter which mode chose“, Xformer explained on Microsoft’s support discussion forum.
The vast majority of complaints came from the users running Windows 7 PCs with the 64bit version, and as a response, Microsoft published a FAQ for the update which includes an official and detailed explanation stated:

Microsoft revised this bulletin to address known issues associated with installation of security update 2982791. Microsoft is investigating behavior associated with the installation of this update, and will update this bulletin when more information becomes available. Microsoft recommends that customers uninstall this update.

An additional precaution from the company’s side is that it has removed the download links to the 2982791 security update. How to uninstall this update, see Microsoft Knowledge Base Article 2982791.
Microsoft asserts that investigations are ongoing, following the instructions to uninstall the updates. According to the company, the issue could also be the result of three prior updates, from which #3 is the most severe:
KNOWN ISSUE 3
Microsoft is investigating behavior in which systems may crash with a 0x50 Stop error message (bugcheck) after any of the following updates are installed:
  • 2982791 MS14-045: Description of the security update for kernel-mode drivers: August 12, 2014
  • 2970228 Update to support the new currency symbol for the Russian ruble in Windows
  • 2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
  • 2975331 August 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012
This condition may be persistent and may prevent the system from starting correctly.
The uninstall instructions are long and involved in the Knowledge Base articles as mentioned above, but users are recommended to uninstall the buggy update as soon as possible.

tv - programer

A Google engineer and a member of the Google Chrome security team has shared on Twitter a new look that is being tested for the phishing and malware warnings seen by Chrome users:

new-malw-14072014

new-phish-14072014

The new alerts have been incorporated in the Canary and Developer channels, and if all goes well they will end up in Beta and, ultimately, in the Stable version.

The fire engine red background, and the simplified and more direct warning text is likely to make users take the warnings more seriously than the current ones:

old-phish-14072014

The warning pages are shown when users try to visit malicious sites, a constantly updated blacklist of which is maintained by the Google Safe Browsing service.

tv-300x2241

This year has already brought Google Fiber announcements to Provo, UT and Austin, TX— and AT&T has plans to try and keep up with Google as well. Now, it looks like Los Angeles is getting involved in the fiber-based internet game with a massively ambitious project to bring fiber to all of its 3.5 million residents and businesses. According to a report from Ars Technica, the city wants all of its residents to have free access to this network, with speeds ranging from 2Mbps to 5Mbps; that free tier might possibly be subsidized by advertising. Additionally, paid tiers will offers speeds of up to one Gigabit. The city will issue an RFP (request for proposal) for this ambitious project next month, with the build-out estimated to cost somewhere between $3 billion and $5 billion.

Los Angeles, however, will not be footing the bill for this rollout. “The city is going into it and writing the agreement, basically saying, ‘we have no additional funding for this effort.’ We’re requiring the vendors that respond to pay for the city resources needed to expedite any permitting and inspection associated with laying their fiber,” said Los Angeles Information Technology Agency GM Steve Reneker. He also said it was likely that whoever wins the RFP will likely build out TV and telephone service, as well, though they won’t be required to. “I would think that’s how they’ll justify the build out, is being able to offer triple play],” Reneker said.

Additionally, Los Angeles wants the network to be open, with the vendor selling access wholesale to other providers, who would then sell to customers. “We’re not looking at trying to… be monopolistic and try to force anybody out of the market,” Reneker said. Regardless of who ends up selling the service, Google Fiber isn’t an option to win the contract in its current form — the service right now only is offered to residential customers, not businesses. Of course, Google could change its current business model if it wants to get in on this massive build-out for Los Angeles. The city plans to accept bids for three months, and then expects a lengthy six- to nine-month review and negotiation process before the job can get started.

Source: http://www.theverge.com

tv pirate

In the wake of recent revelations about NSA surveillance efforts, the co-founder of The Pirate Bay has launched a drive to crowdsource funding for a new mobile messaging app — one so secure that its creators say they couldn’t turn over people’s messages even if they wanted to. Hemlis (it means “secret” in Swedish), is being developed by Peter Sunde, one of the individuals behind The Pirate Bay, along with Linus Olsson and Leif Högberg. It’s described as an easy to use messaging app in the vein of WhatsApp or iMessage, with one important twist: it uses end-to-end encryption to ensure that nobody can monitor your messages. “No one can listen in,” the Hemlis site promises. “Not even us.”

The app won’t use advertising or sell user data, so to help bring the project to fruition the team is trying to raise $100,000 from potential users. The money will be put towards developing the apps themselves — iOS and Android are the targeted platforms — and the infrastructure needed for the system. While there’s no demonstration of a working app on the site, there are several mocked-screens that show off a bright, iOS 7-style design. In an FAQ, the group also says they believe the core app itself should be free, but users will have to pay to unlock additional features like sending images.

Those interested in funding the project early will be able to get a headstart, however. Donations from $5 and up provide customers with multiple codes for the full, unlocked version of the app — one for themselves, and others to share with friends. The Hemlis team states that if they don’t hit their goal all money will be returned, but they seem to be off to a quick start already: as of this writing, Hemlis has already raised over $18,500.

tv crime2

Microsoft Windows contains vulnerability (CVE-2013-3660) that could allow an local attacker to gain elevated privileges on a targeted system. The vulnerability classified as critical has been found in Microsoft Windows XP/Vista/7/2000/Server 2003/2008. This affects the function win32k!EPATHOBJ::pprFlattenRec of the component Kernel. The vulnerability is due to improper handling of certain objects in kernel memory by the affected software. A local attacker with access to a targeted system could exploit this vulnerability by running a malicious program that is designed to cause the Windows kernel to perform improper memory operations on certain objects. If successful, the attacker could execute arbitrary code on the system with the privileges of the kernel, resulting in a complete system compromise. Proof of concept code that exploits this vulnerability is publicly available.

CVE: CVE-2013-3660
Remote: No
Local: Yes
Updated: Jul 02 2013 08:21AM
Credit: Tavis Ormandy
Vulnerable: Microsoft Windows XP Professional SP3
Microsoft Windows XP Professional SP2
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Home SP3
Microsoft Windows XP Home SP2
Microsoft Windows Vista SP2
Microsoft Windows Server 2008 Enterprise Edition SP2
Microsoft Windows Server 2008 Datacenter Edition SP2
Microsoft Windows Server 2008 R2 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows 8 0
Microsoft Windows 7 Professional 0
Microsoft Windows 7 for 32-bit Systems SP1

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

http://cvedetails.com/cve/CVE-2013-3660

 

Drones Are Here!

Posted: 12/06/2013 in Geek Stuff, In The News

tv-300x2241droneNo, this isn’t a scene still from the new remake of “*batteries not included.” On Monday London’s “Yo! Sushi” restaurant showcased the “itray,” a flying service device propelled by miniature, remote-controlled helicopter blades.

Caintech.co.uk

Wireless data transmission has just got faster after a team of German researchers achieved a record 40 Gbps transmission rate. This is the biggest wireless transmission rate ever demonstrated and it matches the data transmission speed for fiber optic.

The project was conducted by a joint team of German scientists from applied physics and technology institutes. The researchers achieved the 40 Gbps wireless data transmission record rate at a frequency of 240 GHz over a one-kilometer distance.

The 240 GHz transceiver chip, measuring only 1.5 x 4 mm.

This speed means that data off a complete DVD can be transmitted in less than a second. For comparison, some of the fastest Wi-Fi connectivity solutions on the market at the moment have a top data transmission speed of 300 Mbps.

The team developed a 240 GHz transmitter and receiver chip that only measures 4×1.5mm and is based on semi-conductor technology which uses high carrier mobility transistors. This technology makes it possible to use frequencies up to 300 GHz with receivers and transmitters that are actually compact and integrated circuits.

German scientists say that in this high frequency range, the atmosphere shows low attenuation and this actually enables directional broadband radio links. This makes the entire wireless data transmission system easier to set up and the signal more resistant to bad weather conditions, they said.

The project may also mark another first in the field of data transmission: having radio links transmit glass fiber data rates. The glass fiber signal would be fed into a radio link without any transcoding and then be transmitted and redirected to glass fiber.

Scientists say the 40Gbps transmission rate may be only the beginning, as higher frequency data rates are likely to be achieved over the following years. In the near future, this radio link system can be used to provide broadband Internet connections to rural areas and other places that are difficult to access by traditional optical fiber networks.

tv-IE9

THE UK GOVERNMENT has shown it’s at the forefront of modern technology and online services with its latest form for claiming benefits online.

Those who want to claim Attendance Allowance, Disability Living Allowance or Overseas State Pension can simply visit the Gov.UK website, where they are then pointed to the Department of Work and Pensions (DWP) website to fill out a form online.

So far, so impressive, in that the government is allowing citizens to apply for benefits over the web, rather than having to fill out forms and send them in via the post or visit offices in person.

However, it seems that many of those claimants could fall at the first hurdle due to some rather outdated stipulations about the computer systems supported by the DWP.

“This service doesn’t work with some modern browsers and operating systems,” the DWP notes. “We are considering how best to provide this service in future. You may want to claim in another way.”

That is putting it mildly. Normally, we’d take the time to go through these system requirements and highlight only the most interesting points, but in this case we’ve decided to make an exception and post them here in their full glory, as we couldn’t word them better than the DWP.

“The service does not work properly with Macs or other Unix-based systems even though you may be able to input information.

“You are likely to have problems if you use Internet Explorer 7, 8, 9 and 10, Windows Vista or a smartphone. Clearing temporary internet files may help but you may wish to claim in another way.

“There is also a high risk that if you use browsers not listed below, including Chrome, Safari or Firefox, the service will not display all the questions you need to answer. This is likely to prevent you from successfully completing or submitting the form. You may wish to claim in another way.”

And now on to the much more restricted list of what your computer needs to be running if you actually want to claim a benefit online.

“The service was designed to work with the following operating systems and browsers. Many of these are no longer available:

  • Microsoft Windows 98: Internet Explorer versions 5.0.1, 5.5 and 6.0, Netscape 7.2
  • Microsoft Windows ME: Internet Explorer version 5.5 and 6.0, Netscape 7.2
  • Microsoft Windows 2000: Internet Explorer version 5.0.1, 5.5 and 6.0, Netscape 7.2, Firefox 1.0.3, Mozilla 1.7.7
  • Microsoft Windows XP: Internet Explorer 6.0, Netscape 7.2, Firefox 1.0.3, Mozilla 1.7.7.”

For the few of you out there wanting to claim benefits online who manage to dig out some old Windows machine from a basement or loft running an old enough version of IE or Firefox, there are further obstacles to getting any money out of the government.

“This service is not available on Monday, Wednesday and Friday mornings from 1.00am to 1.30am because of essential maintenance work. We apologise for any inconvenience,” warns the DWP.

Perhaps that’s when their hamsters change shifts – you know, the ones that run inside wheels keeping government IT systems up and running.

We often speculate here at The INQUIRER that the government favours proprietary systems, and doesn’t do enough to open up bid tenders to smaller suppliers and open source outfits. On the basis of the above evidence, we’re concerned that the government is taking its mission to extremes.

tv-pure google

An “inside source” has told Digital Trends that Google and WhatsApp are close to making a deal. The source says that Google want to buy the very successful WhatsApp multi-platform messaging service but the WhatsApp team are “playing hardball” and trying to squeeze more cash out of the Mountain View search giant.

WhatsApp is available for all the major, and minor, mobile platforms including Android, iOS, Windows Phone and BlackBerry. If Google could acquire it then build it into its existing services to unify its messaging options it could achieve a big user boost. WhatsApp is extremely popular; it’s the most popular mobile app in over 100 countries and on New Year’s Eve 2012 a record 18 billion WhatsApp messages were sent and received by users.

Will Google make it free but ad sponsored?

WhatsApp’s monetization scheme is different to Google’s ads and sponsored search approach. The popular messaging app is currently supported by a $0.99 yearly fee and also generates revenue through partnerships with mobile telcos who offer WhatsApp usage add-ons to mobile tariffs. It will be interesting to see if a Google acquisition would change this model drastically.

Facebook has recently initiated a push into mobile with Facebook Home. Mr Zuckerberg also realises the importance of messaging to engage users and the Chat Heads application is probably the most important part of the launcher/suite after the Facebook Cover Feed home screen itself. Incidentally both Facebook and Google have reportedly approached WhatsApp before, late in 2012.

Google has been rumoured to be getting ready to launch a messaging service called Babel to tie together all its communications services into a unified hub. Could a WhatsApp acquisition and integration be an almost off-the-peg solution with the advantage of a huge existing user base? We should find out more about these plans by the time Google I/O takes place in May or earlier if the deal is sealed.