Windows 10’s new Spotlight feature usually shows you neat photographs and fun facts when you first start your computer. Now, it’s started showing ads. Here’s how to turn it off.
Source: Windows 10 Is Showing Ads On Your Lockscreen, Here’s How to Turn Them Off
So not only is Windows invading your privacy with windows 10, but is progressively flaunting your non-ownership of the platform.
nodegoat is a web-based data management, analysis & visualisation environment.
Source: Battles | Public Interface | nodegoat
The minister states that he thinks (his vision is backed by a bunch of closed source software vendors [Microsoft, Oracle, SAP, KPN, CapGemini, Ordina, ATOS, CGI and IBM]) that not having to buy licenses is offset by the costs of having to manage and pay for the deployments of open source software (OSS). Which is free for closed source. Oh, no. It isn’t. He also states that customising the software costs money for development, whilst forgetting that at least OSS can be customised and closed source is vendor dependent – you try customising a Microsoft product!
Minister Blok (Wonen en Rijksdienst
It’s a simple bot that helps with court appeals — but could it replace the need for human lawyers?
Source: A 19-year-old made a free robot lawyer that has appealed $3 million in parking tickets
The issue lies in the wireless USB dongles that the keyboards and mice use to communicate over radio frequencies with the host computer. Bastille says that while communication from most keyboards to the dongle is encrypted, none of the mice it tested encrypt their wireless communication. The dongle, therefore, will accept commands from an attacker in close physical proximity the same way it would from the user.
The attacker can, therefore, transmit malicious packets that generate keystrokes rather than mouse clicks, so long as the victim’s computer is turned on, Bastille said.
“Depending on the speed of the attack and how closely the victim is paying attention, it can happen pretty quickly,” said researcher Marc Newlin, who said that an attack could simulate 1,000 words-per-minute typing and install a rootkit in 10 seconds, or eight milliseconds-per-keystroke.
Bastille founder Chris Rouland said that an attacker could exploit the vulnerability with a $15 USB dongle and 15 lines of Python code against any Windows, Mac or Linux machine and gain full control.
“At this point, they can inject malware, or compromise an air-gapped network by turning on Wi-Fi on the target,” Rouland said. “We have been working with the vendors for more than 90 days. More than half of the mice are not able to be updated and will not be patched. And likely won’t be replaced. There will be vulnerable devices everywhere.”
Do you work for a big company? Have you been having back pain? Your company probably knows about it already thanks to high-tech healthcare companies that it hired. Welcome to our brave new world of big data.
Source: Companies Are Using Big Data to Discourage Employees From Having Costly Surgery
They are using this to improve the health of their employess. Good. But also to track who is trying to get pregnant. Bad. Health information is very private for a reason. Having your employer look at it is very very bad and can lead to discrimination based on your medical history.
Here’s a clear, technical Q&A
Source: Confused as to WTF is happening with Apple, the FBI and a killer’s iPhone? Let’s fix that
It’s a good story by the reg.
The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. Google has found some mitigations that may help prevent exploitation if you are not able to immediately patch your instance of glibc. The vulnerability relies on an oversized (2048+ bytes) UDP or TCP response, which is fo
Source: Google Online Security Blog: CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow
More than two months after release, it’s still not possible to pirate Just Cause 3. The same is true for Rise of the Tomb Raider, released for PC in late January. Cracking computer games used to be measured in hours or days, but now, it’s turning into weeks and months. The nature of piracy is changing in a big way.
Source: The Anti-Piracy Tech That’s Giving Hackers Fits
Using nanostructured glass, scientists from the University’s Optoelectronics Research Centre (ORC) have developed the recording and retrieval processes of five dimensional (5D) digital data by femtosecond laser writing.
The storage allows unprecedented properties including 360 TB/disc data capacity, thermal stability up to 1,000°C and virtually unlimited lifetime at room temperature (13.8 billion years at 190°C ) opening a new era of eternal data archiving
Source: Eternal 5D data storage could record the history of humankind
The following map is a gridded cartogram visualisation of global flight tracks taken from the OpenFlights database. The map distorts the land area by the number of flights that pass a certain space
Source: Air Spaces: Where the Planes Fly – Views of the World
Fraudsters, armed with stolen social security numbers and other personal information on nearly half a million people, used malware to systematically request PINs corresponding to those taxpayers, allowing the crooks to potentially file paperwork on their behalf. The swindlers could put their own bank account details on the tax returns, thus channelling people’s rebates into the thieves’ pockets.
“Using personal data stolen elsewhere outside the IRS, identity thieves used malware in an attempt to generate E-file PINs for stolen social security numbers. An E-file PIN is used in some instances to electronically file a tax return,” the IRS said in a statement today.
“Based on our review, we identified unauthorized attempts involving approximately 464,000 unique SSNs, of which 101,000 SSNs were used to successfully access an E-file PIN.”
Source: Crims unleashed IRS-stabbing malware in bid to rob 464,000 people
Using a combination of ultrafast chemical fixation and cryogenic storage, it is the first demonstration that near perfect, long-term structural preservation of an intact mammalian brain is achievable.
Source: The Brain Preservation Foundation – Small Mammal BPF Prize Winning Announcement
Renewal of cryogenics?
As of March 15, 2016, we will no longer be supporting the Picasa desktop application. For those who have already downloaded this—or choose to do so before this date—it will continue to work as it does today, but we will not be developing it further, and there will be no future updates. If you choose to switch to Google Photos, you can continue to upload photos and videos using the desktop uploader at photos.google.com/apps.
Source: Picasa Blog
So download and keep the installer somewhere safe!
How about this for bizarre bug of the week: the latest version of Adobe Creative Cloud deletes the first hidden directory in root directories on Macs.
That’s bad news for users of BackBlaze: the backup software stores a .bzvol folder in the top level of every drive it backs up, and uses these folders to store information about the drives. Adobe’s Creative Cloud app wipes away these directories, leaving BackBlaze’s users faced with “your drive is no longer backed up” errors.
Source: ‘Adobe Creative Cloud update ate my backup!’
Computer, smartphone and network hacking by UK intelligence agency GCHQ is legal, a security tribunal has said.
The Investigatory Powers Tribunal ruled on Friday that computer network exploitation (CNE) – which can include remotely activating microphones and cameras on electronic devices such as iPhones without the owner’s knowledge – is legal.
The case, which was heard in 2015, was the first time that GCHQ admitted to carrying out hacking in the UK and overseas. Previously, their policy had been to “neither confirm nor deny”.
[…]
During proceedings, GCHQ admitted that it carries out CNE outside the UK, and that in 2013 about a fifth of its intelligence reports contained information derived from hacking.
Source: GCHQ hacking phones and computers is legal, says top UK court
So is there any kind of warrant procedure at all before they start hacking private individual or business computers?
This has been done in the past, but the computing power required has made it impractical. A new algorithm makes it possible to do this with much less computational grunt.
The Vodafone network does not generate random TMSI numbers, which allows you to copy them and thereby listen in to other ongoing conversations. The network won’t throw off duplicates. If you have an IMSI catcher you can exploit this. It does, however, put the phone into conference call mode, which shows up on the screen. Considering your screen is mostly next to your ear, most people won’t notice.
Source: Kwetsbaarheid in Vodafone-netwerk maakt gesprekken kopieerbaar | PCM
We present an integrated tissue–organ printer (ITOP)
It can print an ear with enough structural integrity to be transplanted
It looks nice 🙂 Better than a todo list, better than a scrum board, software kept simple.
Download it here
We present a new human-computer interface that is based on decoding of attention through pupillometry. Our method builds on the recent finding that covert visual attention affects the pupillary light response: Your pupil constricts when you covertly (without looking at it) attend to a bright, compared to a dark, stimulus. In our method, participants covertly attend to one of several letters with oscillating brightness. Pupil size reflects the brightness of the selected letter, which allows us–with high accuracy and in real time–to determine which letter the participant intends to select. The performance of our method is comparable to the best covert-attention brain-computer interfaces to date, and has several advantages: no movement other than pupil-size change is required; no physical contact is required (i.e. no electrodes); it is easy to use; and it is reliable. Potential applications include: communication with totally locked-in patients, training of sustained attention, and ultra-secure password input.
The most recent finding from New Horizons show that ice bergs have broken off from the hills surrounding the Sputnik Planum, a glacier of nitrogen ice, and are floating slowly across its surface, eventually to cluster together in places like the Challenger Colles, informally named after the crew of the space shuttle Challenger, which was lost just over 30 years ago. The feature is an especially high concentration of icebergs, measuring 37 by 22 miles. The icebergs float on the nitrogen ice plain because water ice is less dense than nitrogen ice.
Source: NASA announces that Pluto has icebergs floating on glaciers of nitrogen ice
Today at the Security Analyst Summit, researchers from Kaspersky Lab Global Research & Analysis Team unveiled details on two new criminal operations that have borrowed heavily from targeted nation-state attacks, and also shared an update on a resurgent Carbanak gang, which last year, it was reported, had allegedly stolen upwards of $1 billion from more than 100 financial companies.
The heaviest hitter among the newly discovered gangs is an ongoing campaign, mostly confined to Russia, known as Metel. This gang targets machines that have access to money transactions, such as call center and support machines, and once they are compromised, the attackers use that access to automate the rollback of ATM transactions. As the attackers empty ATM after ATM—Metel was found inside 30 organizations—the balances on the stolen accounts remained untouched.
Source: Carbanak 2.0, Metel, GCMAN Borrow from APT Attacks | Threatpost | The first stop for security news
As promised, hacker publishes personal information of 20,000 FBI agents, allegedly stolen from a hacked Department of Justice computer.
Source: Hacker Publishes Personal Info of 20,000 FBI Agents | Motherboard
