Contact Me By Email

Saturday, May 13, 2017

Global ransomware attack shows why Apple refused to hack terrorist's iPhone - LA Times

"Cybersecurity researchers said a malicious program that disabled computers at Britain's National Health Service, Russia's Interior Ministry and companies and homes across dozens of countries Friday originated with the National Security Agency.

Earlier this year, a hacking group calling itself Shadow Brokers published online what it described as stolen NSA documents. They were filled with information that hacking experts said could be used to secretly take over and pluck data from laptops, smartphones and even smart TVs.

Friday’s attack appeared to target computers running Microsoft Windows and took advantage of a flaw in the operating system. Microsoft released a patch for the bug in March, but users who didn’t update their systems remained susceptible to having their files locked up until they made a ransom payment to attackers.

To cybersecurity experts, Friday’s incident showed exactly why technology companies such as Microsoft, Google and Apple are so defensive about the idea of backdoors into their services and devices.

Law enforcement agencies may want a way into highly secure gadgets and apps to further their investigations — such as when the FBI pressed Apple last year to hack into the iPhone used by a gunman in the San Bernardino terror attack. But the companies have repeatedly pointed out that there’s no safe way to build an entry point just for trusted government organizations.

Though the NSA hasn’t confirmed it was hacked, the purported leak of its tools shows that even supposedly secret vulnerabilities can get into the wrong hands.

“It goes back to the mafia expression,” said John Bambenek, threat research manager at Fidelis Cybersecurity. “The only way to keep a secret is for three people to know it and two of them to be dead.”

Global ransomware attack shows why Apple refused to hack terrorist's iPhone - LA Times

How to disable Alexa calling to prevent unwanted calls - CNET

How to disable Alexa calling to prevent unwanted calls - CNET

Ransomware attack reveals breakdown in US intelligence protocols, expert says | Technology | The Guardian

Without yet knowing who or which groups are behind the attack, experts are wary of assigning motive beyond extortion.

Edward Helmore in New York

Saturday 13 May 2017 13.41 EDT Last modified on Saturday 13 May 2017 14.18 EDT

The attack that temporarily crippled the NHS in Britain and dozens of other institutions across Europe and Russia reveals the failure of the US government’s protocols for warning software developers and the private sector about system vulnerabilities, a cyber-security expert told the Guardian.

Under the vulnerability equities process (VEP) established by the US government, US intelligence agencies are supposed to collectively determine whether to disclose a vulnerability it has obtained or discovered – so the software developer has a chance to fix the problem – or withhold the information to use the flaw for offensive or defensive purposes.

“The NSA is supposed to lead the vulnerability equities process with all the other government agencies gathered round to discuss their interests in the vulnerability, and to weigh the offensive capabilities against defensive concerns for the private sector and US interests,” said Adam Segal, the director of the digital and cyberspace policy program at the Council on Foreign Relations. The EternalBlue-WanaCrypt0r attack showed that the NSA did not reveal the vulnerability it had discovered before it was stolen and apparently auctioned off, Segal said.

Ransomware attack reveals breakdown in US intelligence protocols, expert says | Technology | The Guardian

Amazon’s Echo calling doesn’t let you block people - The Verge

"Amazon seems to have made a significant oversight in bringing voice calls and messaging to its Echo speakers: there’s no way to block communication that you might not want. So long as someone has your phone number and the Alexa mobile app (which requires an Amazon account), that person can place voice calls, record voice messages, and send text messages that will reach both your Echo device and Alexa app. They’ve got a direct line to a speaker in your home.

As of now, there is no way to block contact from specific people. Nor is there any way of whitelisting only certain individuals for calling and messaging privileges; it’s all or nothing. Elise Oras contacted The Verge regarding this privacy matter. She has also published a Medium post about the issue. An Amazon spokesperson confirmed via email that a block feature "will be available in the coming weeks. We know this is important to customers, and we’re working on it." But it's not available now, even though the calling and messaging features are.

Perhaps most alarming, even if you’ve blocked someone’s phone number from your smartphone, calls to the Echo speaker will still go through. It’s easy enough to stop voice calls from ringing your iPhone, but if you’ve enabled Alexa calling, it’s currently impossible to prevent them from reaching your Echo. This is because Alexa doesn’t use your phone for voice calls. It’s merely using your phone number to identify you.

When you enable the Echo’s calling and messaging features, Amazon accesses your contacts list to determine who else has an Echo device in their home. And it skims your entire contacts database to find this information; there’s no way to limit it to a certain favorites list, for example. Amazon wants Alexa calling and messaging to gain popularity, so it’s taking a broad approach to populate that list quickly."

Amazon’s Echo calling doesn’t let you block people - The Verge

Friday, May 12, 2017

Asus Chromebook Flip is a small laptop with big value - CNET

Asus Chromebook Flip is a small laptop with big value - CNET

Moto G5 Plus Review

Amazon Echo Show and Alexa Calling: This changes everything

Stephen Reacts To Trump Calling Him 'A No-Talent Guy'

Cyberattacks in 12 Nations Said to Use Leaked N.S.A. Hacking Tool - The New York Times

"LONDON — An extensive cyberattack struck computers across a wide swath of Europe and Asia on Friday, and strained the public health system in Britain, where doctors were blocked from patient files and emergency rooms were forced to divert patients.

The attack involved ransomware, a kind of malware that encrypts data and locks out the user. According to security experts, it exploited a vulnerability that was discovered and developed by the National Security Agency.

The hacking tool was leaked by a group calling itself the Shadow Brokers, which has been dumping stolen N.S.A. hacking tools online beginning last year. Microsoft rolled out a patch for the vulnerability last March, but hackers took advantage of the fact that vulnerable targets — particularly hospitals — had yet to update their systems.

The malware was circulated by email; targets were sent an encrypted, compressed file that, once loaded, allowed the ransomware to infiltrate its targets.

Reuters reported that employees of Britain’s National Health Service were warned about the ransomware threat earlier on Friday.

By then, it was already too late. As the disruptions rippled through hospitals, doctors’ offices and ambulance companies across Britain on Friday, the health service declared the attack as a “major incident,” a warning that local health services could be overwhelmed by patients.

Britain’s health’s secretary, Jeremy Hunt, was briefed by cybersecurity experts, while Prime Minister Theresa May’s office said she was monitoring the situation.

Among the many other institutions that were affected were hospitals and telecommunications companies across Europe, Russia, Asia and beyond, according to MalwareHunterTeam, a security firm that tracks ransomware attacks. Spain’s Telef√≥nica and Russia’s MegaFon were among the targets.

Attacks were being reported in Britain and 11 other countries, including Turkey, Vietnam, the Philippines, Japan, with the majority of affected computers in Russia. The computers all appeared to be hit with the same ransomware, and similar ransom messages demanding about $300 to unlock their data.

The attack on the National Health Service seemed perhaps the most audacious of the attacks, because it had life-or-death implications for hospitals and ambulance services.

Tom Donnelly, a spokesman for N.H.S. Digital, the arm of the health service that handles cybersecurity, said in a phone interview that 16 organizations, including “hospitals and other kinds of clinician services,” had been hit by a cyberattack. Officials later updated that number to at least 25.

“It is still ongoing,” he said. “We were made aware of it this afternoon.”

The service’s digital arm said in a statement that the attack involved a variant of ransomware known as Wanna Decryptor.

The user is asked to pay a ransom to unlock the computer. It has become an increasingly prevalent problem. Last year, a Los Angeles hospital paid $17,000 after such an attack; earlier this year, hackers shut down the electronic key system at a hotel in Austria


Cyberattacks in 12 Nations Said to Use Leaked N.S.A. Hacking Tool - The New York Times

Tuesday, May 09, 2017

Top 5 Smartphone Cameras: The Blind Test! Great Test

Top 5 Smartphone Cameras: The Blind Test!

The Echo Show’s killer feature is next-level FaceTime - The Verge

"Earlier today, Amazon made its long-rumored screen-based Echo device official. The Echo Show is basically a cuboid Echo with a touchscreen and camera attached to it. It supports all of the far-field voice commands as the original, so you can use it to play music, control smart home gadgets, add items to a shopping list, check the weather, and do thousands of other things.

The new screen provides a way for the Show to display its answers in addition to speaking them aloud. It will display cards for the weather, products to buy on Amazon, videos on YouTube, and whatever else developers think of.

But what’s most interesting to me is its ability to be used as a calling device, or, in more traditional terms, a video phone. Along with the Echo Show, Amazon is launching a new communications platform for Alexa devices, which allows for calling and messaging between Echo units and smartphones that have the Alexa app installed. A feature called Drop In lets the devices connect instantly, without requiring someone to “answer” the call. This allows the Echo Show to be an always-ready, internet-connected video intercom that I can call from anywhere in the world using my smartphone."

The Echo Show’s killer feature is next-level FaceTime - The Verge

5 Minutes on Tech - Surface Laptop and Surface Pro 5