Daily Archives: January 10, 2022

UK National Crime Agency finds 225 million previously unexposed passwords

Posted on by

The United Kingdom’s National Crime Agency and National Cyber Crime Unit have uncovered a colossal trove of stolen passwords.

We know this because Troy Hunt, of Have I Been Pwned (HIBP) fame, yesterday announced the agency has handed them over to his service, which lets anyone conduct a secure search of stolen passwords to check if their credentials have been exposed.

The NCA shared 585,570,857 with HIBP, and Hunt said 225,665,425 were passwords that he hasn’t seen before in the 613 million credentials HIBP already stored before the NCA handed over this new batch.

The NCA sent Hunt a statement explaining how it found the passwords:

During recent NCA operational activity, the NCCU’s Mitigation@Scale team were able to identify a huge amount of potentially compromised credentials (emails and associated passwords) in a compromised cloud storage facility. Through analysis, it became clear that these credentials were an accumulation of breached datasets known and unknown.

The fact that they had been placed on a UK business’s cloud storage facility by unknown criminal actors meant the credentials now existed in the public domain and could be accessed by other 3rd parties to commit further fraud or cyber offences.

The NCA’s statement to Hunt did not reveal the source of the password trove, or how it was discovered. Hunt did reveal the following were found among the newly compromised passwords.

  • flamingo228
  • Alexei2005
  • 91177700
  • 123Tests
  • aganesq

Today’s release brings the total Pwned Passwords count to 847,223,402, a 38 percent increase over the last release. 5,579,399,834 occurrences of a compromised password are represented across HIBP.

[…]

Source: UK National Crime Agency finds 225 million previously unexposed passwords • The Register

Yes, Norton 360 has a built in cryptominer. Deletion is not easy.

Posted on by

Norton antivirus’s inbuilt cryptominer has re-entered the public consciousness after a random Twitter bod expressed annoyance at how difficult it is to uninstall.

The addition of Ncrypt.exe, Norton 360’s signed cryptocurrency-mining binary, to installations of Norton antivirus isn’t new – but it seems to have taken the non-techie world a few months to realise what’s going on.

Back in June, NortonLifeLock, owner of the unloved PC antivirus product, declared it was offering Ethereum mining as part of its antivirus suite. NortonLifeLock’s pitch, as we reported, was that people dabbling in cryptocurrency mining probably weren’t paying attention to security – so what better way than to take up a cryptocurrency miner than installing one from a trusted consumer security brand?

In return for you installing their cryptominer on your home PC, NortonLifeLock skims off a mere 15 per cent of whatever digital currency you generate. While this compares well to the 100 per cent takings that criminals covertly deploying cryptominers help themselves to, some might say it’s a bit excessive for minimal effort on Norton’s part.

[…]

“If you have turned on Norton Crypto, but you no longer want to use the feature, you can disable it through your Norton Crypto dashboard,” says the FAQ on Norton’s website.

Uninstalling it altogether takes a bit more persistence, it appears, with users needing to disable Norton Product Tamper Protection (intended to protect the antivirus product from being disabled or deleted by malware) before going through the usual Windows uninstallation steps.

Norton isn’t alone: last year a maker of Wi-Fi routers offered to mine cryptocurrency on users’ devices if they supplied connectivity to the general public.

[…]

Source: Yes, Norton 360 has a built in cryptominer. Deletion is easy • The Register

CyberPowerPC case uses Kinetic Architecture to adjust airflow in real-time

Posted on by

[…]

Kinetic Architecture is a concept on which buildings are designed to allow parts of the structure to move. CyberPowerPC took this idea and created a KINETIC chassis with 18 individually controlled articulating vents that open and close automatically, all based on the computer’s current internal ambient temperatures.

“We are entering 2022 with some of our most sophisticated and elegant designs ever. For discriminating gamers our PC Master Builders are ready to hand-build and test new gaming PCs that are ultra-clean, streamlined, and deliver maximum performance for those who want something truly unique.”

Eric Cheung, CyberPowerPC CEO

The vents aren’t a simple case of opening and closing either and adjust based on every degree of internal temperature by opening to varying degrees. Users can customize and adjust the temperature ranges as well, and a quick button will allow you to fully open or close the vents instantly. The KINETIC chassis supports full ATX size motherboards, up to seven 120mm or five 140mm fans, and most extended length graphics cards.

Key features of the CyberPowerPC KINETIC chassis include:

  • CyberPowerPC exclusive patent pending kinetic design.
  • 18 Individually actuating vents that adjust in real time to ambient case temperatures.
  • Maximizes airflow and cooling case temps are high.
  • Reduces noise and dust when case temps are low.
  • Temperature sensor ranges can be adjusted to fit your needs.
  • Available in both black and white mid-tower options.

The CyberPowerPC KINETIC Series PC case will ship in Q3 2022 from CyberPowerPC.com and CyberPowerPC’s network of authorized retailers and distributors. The chassis is backed by a one-year warranty and lifetime technical support. The suggested MSRP is US$249.

[…]

Source: [CES 2022] CyberPowerPC case uses Kinetic Architecture to adjust airflow in real-time

France fines Meta, Google: Cookies must be as easy to reject as to accept

Posted on by

Google and Facebook have come a little unstuck in the cookie department as French watchdog Commission Nationale de l’Informatique et des Libertés (CNIL) slapped the pair with a €150m and €60m fine respectively.

The CNIL kicked off its investigations after receiving complaints regarding the way cookies can be refused on facebook.com, youtube.com and google.fr. The crux of the matter is that while there is a button to permit immediate acceptance of cookies, there is not the equivalent to refuse them as easily. “Several clicks are required to refuse all cookies, against a single one to accept them,” explained the CNIL.

“The restricted committee,” it went on, “considered that this process affects the freedom of consent: since, on the internet, the user expects to be able to quickly consult a website, the fact that they cannot refuse the cookies as easily as they can accept them influences their choice in favor of consent. This constitutes an infringement of Article 82 of the French Data Protection Act.”

[…]

Source: France fines Meta, Google: Cookies must be easier to reject • The Register

Scientists Figured Out Which Animals Were in a Zoo Just by Taking DNA From the Air

Posted on by

Researchers were able to identify 74 species of animals by looking for DNA in air samples collected at two zoos. The experiment shows that free-floating DNA could be used to track wild animals, including endangered or invasive species, without needing to observe them directly.

Environmental DNA (eDNA) has shaken up how animal populations can be monitored, managed, and conserved. Instead of having to find physical evidence of animals—scales, fur, feces, or sightings—researchers can rely on the microscopic bits of genetic material that fall off creatures as they move around their environment. Merely taking a soil or water sample can give researchers a sense of an entire ecosystem.

But researchers have wondered whether air could provide the same level of information as soil and water. Last year, a UK-based team detected naked mole rat DNA by sampling air from the rodents’ burrows in a lab setting. (They also detected human DNA, presumably from the researchers who worked in the lab.) But proving the method’s success in open air was a different beast. To test the technique further, two research teams used a setting that included unmistakeable subjects: zoos in England and Denmark. Their two papers are published today in Current Biology.

[…]

To run their experiment, the scientists used a fan with a filter, drawing in air from within and around the zoo. The team then used polymerase chain reaction (PCR)—the same tech used in many covid-19 tests—to amplify the genetic information on the filter, essentially creating many copies of the genetic material they found. They were able to identify 25 species in the UK and 49 species in Denmark. In the UK study, eight of the identified species were animals native to the area rather than zoo inhabitants, while six non-zoo animals were detected in the Denmark study.

Elizabeth Clare, a scientist, kneels while holding a filter for sampling air for environmental DNA.
Elizabeth Clare, author of one of the studies, samples air for environmental DNA.Photo: Elizabeth Clare
[…]

The closer to extinction a species creeps, the harder it is for it to be monitored. eDNA methods make that conservation work easier. It means keeping track of the last vaquitas and perhaps settling the debate over the fate of the ivory-billed woodpecker.

Airborne DNA still requires more research, but Clare noted how quickly waterborne DNA became a widely used method in conservation. Perhaps the latest innovation in DNA surveys will happen sooner than we think.

Source: Scientists Figured Out Which Animals Were in a Zoo Just by Taking DNA From the Air

Snap suing to trademark the word “spectacles” for its smart glasses that no one has ever used or knows much about

Posted on by

Snap is suing the US Patent and Trademark Office (USPTO) for rejecting its application to trademark the word “spectacles” for its digital eyewear camera device. But the USPTO has maintained that “spectacles” is a generic term for smart glasses and that Snap’s version “has not acquired distinctiveness,” as required for a trademark.

In its complaint filed Wednesday in US District Court in California, Snap claims that the Spectacles name “evokes an incongruity between an 18th century term for corrective eyewear and Snap’s high-tech 21st century smart glasses. SPECTACLES also is suggestive of the camera’s purpose, to capture and share unusual, notable, or entertaining scenes (i.e., “spectacles”) and while also encouraging users to make ‘spectacles’ of themselves.”

Snap first introduced its camera-equipped Spectacles in 2016 (“a wearable digital video camera housed in a pair of fashionable sunglasses,” according to its complaint), which can take photos and videos while the user wears them and connects with the Snap smartphone app. Despite selling them both online and in pop-up vending machines around the world, the first iteration of Spectacles mostly flopped with consumers. In its 2017 third-quarter earnings report, Snap said it had lost nearly $40 million on some 300,000 unsold Spectacles.

In May 2021, Snap CEO Evan Spiegel showed off an augmented reality version of the Spectacles, which so far are available only to a small group of creators and reviewers chosen by the company. The AR Spectacles aren’t yet available for purchase by the general public.

Snap’s new complaint posits that there’s been enough media coverage of Spectacles, bolstered by some industry awards and its own marketing including social media, to support its claim that consumers associate the word “spectacles” with the Snap brand. Snap first filed a trademark application for Spectacles in September 2016, “for use in connection with wearable computer hardware” and other related uses “among consumer electronics devices and displays.”

During several rounds of back-and-forth with the company since then, the USPTO has maintained that the word “spectacles” appeared to be “generic in connection with the identified goods,” i.e. the camera glasses. Snap continued to appeal the agency’s decision.

In a November 2021 opinion, the USPTO’s Trademark Trial and Appeal Board (pdf) upheld the decision, reiterating that the word “spectacles” was a generic term that applied to all smart glasses, not just Snap’s version. Despite the publicity Snap claimed its Spectacles had received from its marketing and social media, the board noted in its opinion that Spectacles’ “social media accounts have an underwhelming number of followers, and the number of followers is surprisingly small,” which didn’t support the company’s argument that there had been a high enough level of consumer exposure to Snap’s Spectacles to claim that consumers associated the word with Snap’s brand.

[…]

Source: Snap suing to trademark the word “spectacles” for its smart glasses