Source: China tops global supercomputer speed list for 7th year (Update)
China tops global supercomputer speed list for 7th year
Reply
Monthly Archives: June 2016
Acer leaks payment cards in e-store hack
The PC maker has started writing to customers [PDF] warning that their personal records were siphoned off from its online store by crooks between May 12, 2015 and April 28, 2016.
Acer did not say how many customers had their details swiped.
The lost data includes customer names, addresses, card numbers, and three-digit security verification codes on the backs of the cards. Acer says that no passwords or social security numbers were obtained by the thieves, which will be of no comfort whatsoever to the victims.
Source: You Acer holes! PC maker leaks payment cards in e-store hack
Oh dear, why were they keeping all that information in a database anyway?!
Facebook Will Start Tracking Which Stores You Walk Into
Facebook wants to show advertisers that their ads make you visit their bricks-and-mortar stores and buy their stuff. To do this, they’ll use phones’ location services to track whether people actually walk into the stores after seeing an ad.
Source: Facebook Will Start Tracking Which Stores You Walk Into
Buy one of 70K hacked servers from $6, get control kit with it
Researchers have uncovered an underground marketplace selling information on over 70,000 compromised servers based around the globe.
Russia-based Kaspersky Lab has revealed today that the online forum, named xDedic, seems to be operated by a Russian-speaking organisation and allows hackers to pay for undetectable access to a wide range of servers, including those owned by government, corporate and academic groups in more than 170 countries. XDedic takes a 5% fee for all funds placed into its trading accounts.
Access to a compromised server can be bought for as little as $6 (approx. £4). The kit comes with relevant software to instruct on launching denial-of-service attacks and spam campaigns on the targeted network, as well as allowing criminals to illegally produce bitcoin and breach online systems, such as retail payment platforms.
With an upgrade to $7 cybercriminals can gain access to government-based servers, including systems in interior and foreign ministries, commerce departments and local councils. Paying up to $15, can allow a hacker access to high-capacity network connections, explained Costin Raiu, director of Kaspersky’s research and analysis unit
Source: Online marketplace sells hackers access to breached servers
BadTunnel Bug Hijacks All Network Traffic, for All Windows Versions
The research of Yang Yu, founder of Tencent’s Xuanwu Lab, has helped Microsoft patch a severe security issue in its implementation of the NetBIOS protocol that affected all Windows versions ever released.
Yu says an attacker could leverage this vulnerability to pass as a WPAD or ISATAP server and redirect all the victim’s network traffic through a point controlled by the attacker.
By network traffic, Yu refers to all traffic, not just Web HTTP and HTTPS. This includes OS updates, software upgrades, Certificate Revocation List updates via Microsoft’s Crypto API, and other OS maintenance operations.
Source: BadTunnel Bug Hijacks Network Traffic, Affects All Windows Versions
Happiness equation: New equation reveals how other people’s fortunes affect our happiness
A new equation, showing how our happiness depends not only on what happens to us but also how this compares to other people, has been developed by UCL researchers funded by Wellcome.
The team developed an equation to predict happiness in 2014, highlighting the importance of expectations, and the new updated equation also takes into account other people’s fortunes.
The study, published in Nature Communications, found that inequality reduced happiness on average. This was true whether people were doing better or worse than another person they had just met. The subjects played gambles to try to win money and saw whether another person won or lost the same gambles. On average, when someone won a gamble they were happier when their partner also won the same gamble compared to when their partner lost. This difference could be attributed to guilt. Similarly, when people lost a gamble they were happier when their partner also lost compared to when their partner won, a difference that could be attributed to envy.
“Our equation can predict exactly how happy people will be based not only on what happens to them but also what happens to the people around them,” explains one of the study’s co-lead authors, Dr Robb Rutledge (UCL Institute of Neurology and Max Planck UCL Centre for Computational Psychiatry and Ageing Research). “On average we are less happy if others get more or less than us, but this varies a lot from person to person. Interestingly, the equation allows us to predict how generous an individual will be in a separate scenario when they are asked how they would like to split a small amount of money with another person. Based on exactly how inequality affects their happiness, we can predict which individuals will be altruistic.”
Source: Happiness equation: New equation reveals how other people’s fortunes affect our happiness
TeLeScope can decrypt your TLS traffic realtime if on a hypervised machine (which most people are nowadays)
Bitdefender vulnerability researcher Radu Caragea presented today at the Hack In The Box Amsterdam conference a novel way to extract TLS keys from virtual machines, using an out-of-guest approach. The new technique works to detect the creation of TLS session keys in memory as the virtual machine is running.
The presentation covers a novel technique that not only works for virtualized machines but is also OS-agnostic and crypto-library-agnostic. With a minimal overhead both in terms of speed and in terms of setup, this new technique offers insight into dynamic malware analysis of infected machines.
Source: TeLeScope unveiled at Hack In the Box | Bitdefender Labs
Citigroup Is Suing AT&T For Using the Word ‘Thanks’ Because Citi Trademarked Thankyou
Back in 2010, the US Patent and Trademark Office granted Citigroup a trademark for “thankyou,” which the company uses for credit card services. Today the company is suing AT&T over its own use of the terms “thanks” and “thanks AT&T.” Check the date, because this isn’t April Fool’s.
Source: Citigroup Is Suing AT&T For Using the Word ‘Thanks’ Because Citi Trademarked It
Uhm… some dick in a patent office decided to trademark a well known phrase because they dropped the space – and now they are using it as ammunition to go after people using a well used word? There is something rotten in the state of trademark.
Gawker Ordered To Pay Hulk Hogan $115 Million In Sex Tape Lawsuit – wait, how much?
In a closely watched trial by the media community, shortly after 7pm on Friday night, and less than six hours after starting deliberations, the jury sided with ex-pro wrestler Hulk Hogan and awarded him $115 million in his sex tape lawsuit against Gawker Media. The trial lasted two weeks. The award consists of $55 million for economic injuries, and $60 million for emotional distress. It may also mean the end of Gawker.
Source: Gawker Ordered To Pay Hulk Hogan $115 Million In Sex Tape Lawsuit
How on earth did they come up with this astronomical figure? There is no way the Hulk could have sold it himself for anything like $55m and the distress charges are crazy!
Have Your iPhone 6 Repaired, Only To Get It Bricked By Apple
In case you had a problem with the fingerprint sensor or some other small defect on your iPhone 6 and had it repaired by a non-official (read: cheaper) shop, you may be in for a nasty surprise: error 53. What happens is that during an OS update or re-install the software checks the internal hardware and if it detects a non-Apple component, it will display an error 53 and brick your phone. Any photos or other data held on the handset is lost – and irretrievable.
Source: Have Your iPhone 6 Repaired, Only To Get It Bricked By Apple – Slashdot
Wow, how evil is that?! Is it even legal? I mean, you bought the device, how do they justify sabotaging someone else’s property?
Hundreds of VerticalScope forums hacked, leaking 45 million user accounts
the database shows email addresses, passwords that were hashed and salted passwords with MD5 (an algorithm that nowadays is easy to crack), as well as a user’s IP address (which in some cases can determine location), and the site that the record was taken from.
Source: Exclusive: Hundreds of forums hacked, leaking millions of users’ data
You can search the database on leakedsource
Chinese loan sharks seek salacious selfies as collateral
The selfies are accepted as collateral for loans up to 15,000 yuan – about US$2,200 – on a whopping 30 per cent rate of interest per week. That may, however, have to do with translation: China Daily says the interest rate is 30 per cent per year.
As well as the selfies, borrowers had to provide other forms of identity such as their student cards, and contact details for family members.
With the issue going public, PDO reports that lenders have been sending messages via Tencent’s QQ telling readers they’re no longer accepting nude photos.
Source: Chinese loan sharks seek salacious selfies as collateral
Microsoft’s paid $60 per LinkedIn user – and it’s a bargain, because we’re mugs
Until we price our personal data we’ll keep on being fleeced
Source: Microsoft’s paid $60 per LinkedIn user – and it’s a bargain, because we’re mugs
Time to get my data off LinkedIn and move it back to my own website with a referral!
Tesla Suspension Breakage: It’s Not The Crime, It’s The Coverup – Slashdot
You find a fault in a Tesla. You ask for repairs. Tesla comes back offering 50% of the repair price, but only if you promise to not tell anyone about the problem you found!
This offer, to repair a defective part in exchange for a non-disclosure agreement, is unheard of in the auto industry. More troublingly, it represents a potential assault by Tesla Motors on the right of vehicle owners to report defects to the National Highway Traffic Safety Administration’s complaint database, the auto safety regulators sole means of discovering defects independent of the automakers they regulate.
Source: Tesla Suspension Breakage: It’s Not The Crime, It’s The Coverup – Slashdot
Ouch!
Automatic robotic clothes and laundry folding machine
Spend more time with your loved ones and hand over your laundry folding to FoldiMate, the robotic laundry folding machine. Reserve yours today!
Source: Automatic robotic clothes and laundry folding machine
Let’s hope it gets made! Waiting for 2017 to come along 🙂
Lexus Owners Experiencing A Nationwide Blackout Of Nav Systems
Across the nation, and also on Twitter, Lexus owners say the navigation systems in their luxury cars suddenly stopped working today for some as-of-yet unknown reason.
Source: Lexus Owners Experiencing A Nationwide Blackout Of Nav Systems
It seems a software update was the cause – QA testing fail!
Humanity will only buy 47 smartphones per SECOND in 2016
Last year we bought 44 per second, but growth has slowed so its frowning time […] Prognostication-producers Gartner reckon the disappointing start to 2016 will continue for smartphone makers, with the year to end a mere seven per cent ahead of 2015.
If it’s accurate, that would translate to 1.5 billion units for the year – a little over 47 units per second, up from 44 units per second for 2015 (1.4 billion devices).
Source: Humanity will only buy 47 smartphones per SECOND in 2016
Again – there is something seriously wrong with people frowning about these figures because growth is low (*cough 7.5%!*). Total business size is absolutely stupendous!
Boffins shake up smartphone with motion-sensor as microphone
because nobody regards the vibration sensor as sensitive, smartphones typically leave it with wide-open permissions.
What Nirupam Roy and Romit Roy Choudhury did was to hack an Android phone so its vibration sensor acted as a microphone. Well: a vibration sensor is half-way to being a microphone anyhow, in terms of its basic function.
As they note in this paper, “any vibrating object should respond to air vibrations”. What makes a microphone different is that the diaphragm is very light, and therefore responds well to quiet sounds and high frequencies. The vibration sensor, on the other hand, doesn’t respond much to either.
As the pair says in their paper, “VibraPhone is attempting a different problem altogether – instead of learning a motion signature, it attempts to reconstruct the inherent speech content from the low bandwidth, highly distorted output of the vibra-motor.”
Source: Boffins shake up smartphone with motion-sensor as microphone
Google – Voice & Audio Activity
This page lets you view, listen to and delete all of your Google Audio history. To delete all, find the 3 dots -> delete options -> advanced
Source: Google – Voice & Audio Activity
The law is nuts: Tinder to stop facilitating under 18s dating due to legal worries
Tinder is discontinuing use of the app for everyone under the age of 18 starting next week, according to a statement from Tinder VP of Communications Rosette..
Source: Tinder discontinues service for users under 18
If you are held responsible for what happens during human interaction because you facilitate the meeting of the humans, there is something very wrong with the law.
Unintended consequences of AI: Amazon Echo seems to condition kids to be rude
Alexa will put up with just about anything. She has a remarkable tolerance for annoying behavior, and she certainly doesn’t care if you forget your please and thank yous.
But while artificial intelligence technology can blow past such indignities, parents are still irked by their kids’ poor manners when interacting with Alexa, the assistant that lives inside the Amazon Echo.
“I’ve found my kids pushing the virtual assistant further than they would push a human,” says Avi Greengart, a tech analyst and father of five who lives in Teaneck, New Jersey. “[Alexa] never says ‘That was rude’ or ‘I’m tired of you asking me the same question over and over again.’”
[…]
The syntax is generally simple and straightforward, but it doesn’t exactly reward niceties like “please.” Adding to this, extraneous words can often trip up the speaker’s artificial intelligence. When it comes to chatting with Alexa, it pays to be direct—curt even. “If it’s not natural language, one of the first things you cut away is the little courtesies,” says Dennis Mortensen, who founded a calendar-scheduling startup called x.ai.
[…]
this is a box you speak to as if it were a person who does not require social graces.”
It’s this combination that worries Hunter Walk, a tech investor in San Francisco. In a blog post, he described the Amazon Echo as “magical” while expressing fears it’s “turning our daughter into a raging asshole.”
Source: Parents are worried the Amazon Echo is conditioning their kids to be rude
Unintended consequences of AI!
Apple services down for 8 hours, no explanation given
Apple’s U.S. web page showed all applications had resumed as of 11:55 p.m.
“There are no reported issues at this time,” the company said a few minutes later on its web page.
The iPhone maker said services related to iCloud and the Photos application have also resumed.
The issues appear to have started just before 4 p.m., according to a timeline provided on the tech giant’s support page.
Source: Apple Offers No Explanation for Outage, but Says All Services Back to Normal – NBC News
Isn’t the cloud great sometimes?
WebGazer.js: Democratizing Webcam Eye Tracking on the Browser
WebGazer.js is an eye tracking library that uses common webcams to infer the eye-gaze locations of web visitors on a page in real time. The eye tracking model it contains self-calibrates by watching web visitors interact with the web page and trains a mapping between the features of the eye and positions on the screen. WebGazer.js is written entirely in JavaScript and with only a few lines of code can be integrated in any website that wishes to better understand their visitors and transform their user experience. WebGazer.js runs entirely in the client browser, so no video data needs to be sent to a server. WebGazer.js runs only if the user consents in giving access to their webcam.
Source: WebGazer.js: Democratizing Webcam Eye Tracking on the Browser
Microsoft removes the X to close the Windows 10 update after they decided the closing X meant yes, do it now
Recently, Microsoft’s policy had been to throw up a dialogue box asking you whether you wanted to install Windows 10.
If you clicked the red “X” to close the box – the tried-and-tested way to make dialogue boxes vanish without agreeing to do anything – Microsoft began taking that as permission for the upgrade to go ahead.
Now Microsoft is changing gears.
It has eliminated the option to re-schedule a chosen upgrade time once you’ve confirmed it while also removing the red “X” close option from the screen.