My Computer Security students have heard about the
dangers of default passwords repeatedly!
MacOS High
Sierra Users: Change Root Password Now
A newly-discovered flaw in macOS
High Sierra — Apple’s latest iteration of its operating
system — allows anyone with local (and, apparently in some cases,
remote) access to the machine to log in as the all-powerful “root”
user without supplying a password. Fortunately, there is a simple
fix for this until Apple patches this inexplicable bug: Change the
root account’s password now.
No doubt they’ll have some explaining to do.
HP
stealthily installs new spyware called HP Touchpoint Analytics Client
Hard to imagine in this age of privacy scandals,
but HP is installing a telemetry client on its customers’ computers
— and it isn’t offering any warning, or asking permission, before
delivering the payload.
… Martin Brinkmann on ghacks has a detailed
accounting of the spyware and how to remove it. He gives
step-by-step instructions for disabling the HP Touchpoint Analytics
Client in your Services listing, as well as deleting the HP
Touchpoint Manager.
What were they thinking?
...If the camera is always on… Sit like a
gunslinger in the old west, with your back to the wall.
Snoopers
beware: Google's AI can now spot shoulder-surfers peeking at your
screen
Google researchers have developed a privacy
application that can instantly detect when a stranger glances at your
screen over your shoulder.
… The pair haven't released a paper that
explains technology, but a video demonstration suggests they've
installed a lightweight machine-learning model on a Pixel smartphone
that uses its front-facing camera for rapid gaze detection.
When the user holds a phone up to chat or view a
private video, say, on a train or other crowded place, the algorithm
will detect when someone else from behind begins looking at the
screen too. The video shows that the algorithm can detect a
stranger's gaze within milliseconds.
Another camera capture.
Facebook’s
New Captcha Test: 'Upload A Clear Photo of Your Face'
Facebook may soon ask you to "upload a photo
of yourself that clearly shows your face," to prove you're not a
bot.
The company is using a new kind of captcha to
verify whether a user is a real person. According to a screenshot of
the identity test shared on Twitter on Tuesday and verified by
Facebook, the prompt says: “Please upload a photo of yourself that
clearly shows your face. We’ll
check it [Against
what? Bob] and then permanently delete it from our
servers.”
Because the FBI will start talking about the
impossibility of investigating terrorists is they can’t break
encryption.
Kendall Howell reports:
The spread of commercially available encryption products has made it harder for law enforcement officials to access to information that relates to criminal and national security investigations. In October, FBI Director Christopher Wray said that in an 11-month period, the FBI had been unable to extract data from more than 6,900 devices; that is over half of the devices it had attempted to unlock. It’s a “huge, huge problem,” Wray said. One might think that a way around this problem is for the government to order the user to produce the password to the device. But such an order might face a big hurdle: the Fifth Amendment. A handful of cases have emerged in recent years on the applicability of the Fifth Amendment to demands for passwords to encrypted devices. The protections afforded by the amendment depend on, among other things, whether the password involves biometric verification via a unique physical feature, or the more typical string of characters (passcode). As we will see, the government has a bit more leeway under the Fifth Amendment to insist on the decryption of personal computing devices using biometric passwords that—as in the new iPhone X—are increasingly prevalent.
Read more on Lawfare.
Amazing that no one objected.
Judge
delays Waymo trial after Uber withholds alleged evidence
… Jacobs testified at Tuesday's hearing that
Uber deliberately used messaging technology to avoid leaving a paper
trail, including apps that automatically delete correspondence. He
said that a special team at Uber was tasked with gathering code and
trade secrets from competing businesses. According to the 37-page
letter from his lawyer, that team also worked “to evade, impede,
obstruct, influence several ongoing lawsuits against Uber,” several
reports said.
The letter that prompted the judge to delay the
trial was brought to the court's attention by the Department of
Justice. Federal prosecutors are using the same document to
investigate Uber's alleged efforts to steal trade secrets from
competitors, according to the Associated Press.
Another company’s ill advised actions. Perhaps
they should hire a real lawyer?
Epic
Games is suing a 14 year old for making a cheat tutorial and his
brilliant mother is PISSED
… A 14 year old boy named Caleb “Sky Orbit”
Rogers made a video in which he demonstrated the use of one of these
hacks. In response, the company sent Youtube a heavy-handed
copyright takedown, claiming that capturing incidental footage of
gameplay was a copyright violation, and that demonstrating the
functionality of one of these aftermarket add-ons is also a copyright
violation.
Then Caleb Rogers correctly asserted that there
was no copyright infringement here. Videos that capture small
snippets of a videogame do not violate that game creator's
copyrights, because they are fair use: they take a small part of the
work (not the core of the work), for a critical purpose, without
creating a substitute market for the work. No one who watches a 14
year old's screen capture of a videogame will decide that it's as
much fun as playing the game.
When Caleb Rogers filed a put-back notice with
Youtube that reinstated his video, Epic responded by filing a lawsuit
against him, repeating the incorrect claim that Rogers' video was a
copyright infringing derivative work, and claiming that Rogers had
formed, and then breached, a contract with Epic by playing their game
and then talking about how to cheat in it.
In response, Rogers' mother, Lauren Rogers, has
filed an outstanding memo with the court explaining some of the
problems with Epic's suit. She points out that Epic claims that her
minor child is incapable of forming a contract, so he can't have
breached a contract by violating the game's EULA. She adds that Epic
published news releases that identified her minor child by name,
breaching child protection law. She says that Epic is just wrong
when they claim that Caleb was selling the cheat software. Finally,
she says that it's impossible that a cheat program deprived the
company of income from its free-to-play game, because the game was
free-to-play.
Every now and then, a straight line comes along
that requires nothing additional from me. (Please tell me this is
“Fake News’ or an April Fools gag.)
Jasper Hamill reports:
A British company has released the first pictures of a ‘smart condom’ which collects very intimate data about the sex life of anyone brave enough to wear it. The device is called the i.Con and can detect STIs as well as sending data about a sex session straight to the wearer’s smartphone. British Condoms said its ‘revolutionary wearable tech for the bedroom’ measures the number of calories burned during intercourse, the speed of a man’s thrusts, how long he lasts and even what positions are used.
Read more on Metro.
And I guess I should say thank you to the reader
who sent in this item. Let’s see how long it takes before we get a
report of a privacy or data security breach involving this latest
entry into IoT.
I’m learning about “music listening” from my
niece and nephew who both want immediate access to anything they
listen to.
Are
you an audiophile? If so, you can find hundreds of websites that
provide audiophiles with ways to listen to, discover, and buy music.
But with so many out there, what are the essential sites you should
bookmark?
As is our wont here at MakeUseOf, we have
uncovered the biggest sites for music fans in several categories.
Whether you want to buy an album, stream endless songs, discover new
music, or just learn more about it, these pages have what you’re
looking for…
No comments:
Post a Comment