Podcast: Play in new window | Download (Duration: 15:06 — 17.7MB)

Subscribe: Android | Email | Google Podcasts | RSS | More

Desjardins freezes debit card while traveling – (February 17th 2018) 15m

Bullshit seen online:

Identical twins denied driving licence after baffling facial recognition computer system
https://www.mirror.co.uk/news/world-news/identical-twins-denied-driving-licence-6706900

blown the bloody doors off Car explodes in B&Q car park after driver lit a cigarette which ignited fumes from an air freshener
https://www.thesun.co.uk/news/4411116/air-freshener-blast-ford-focus-bq-car-park-southend/

I knew I was traveling soon and decided to call the bank to make sure they would not freeze the debit card, as they often do with credit cards. Here is the essence of the discussion over the phone:

-Me: I am calling to give notice that i will be traveling with my debit card, as to not freeze it while i am abroad.
-Desjardins : No need to notify us when traveling with debit card.
-Me: Oh! Fantastic!

I use Desjardins debit card abroad. Card gets frozen. Cannot use card again when needed for an emergency. It’s likely some algorithm somewhere like those used for credit cards.

It’s truly fucking amazing that you take the time to indicate that transactions may appear suspicious, but they are not , because you will be the one using it.

What do we learn here? Don’t trust bank technology, and make sure you have backup methods to have money on hand. Fucking banks.

https://fuckingtech.com/desjardins-freezes-debit-card-while-traveling/

Right on cue, Cisco on Wednesday patched a security vulnerability in some of its network switches that can be exploited by miscreants to commandeer the IT equipment and spy on people.

This comes immediately after panic this week over a hidden Telnet-based diagnostic interface was found in Huawei gateways. Although that vulnerability was real, irritating, and eventually removed at Vodafone’s insistence, it was dubbed by some a hidden backdoor perfect for Chinese spies to exploit to snoop on Western targets.

 

Better ban this gear from non-US core networks, right?

Source: Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it’s Cisco again • The Register

This one is for my fellow WP peeps and has nothing to do with MLM.

On the off-chance someone over at Automattic might come across it I’ll leave it up for a day then delete.

So having installed WordPress 5 about an hour ago and played about, I can confirm nothing seems broken.

The major change in this release is to WordPress’ editor, which they’ve called Gutenberg. The editor is the thing I use to put content together for you to read.

From my end writing an article/review with flow is now a series of blocks – which is totally not my thought process when I write.

Each paragraph is a block. Each image is a block. Each YT embed is a block. Basically anything you add to a post is a block.

Every block has its own settings, click click click goes your mouse as you try to set each of them. And this is all on a whitespace background so everything looks stupidly messy.

On top of that Gutenberg has introduced some design overrides, which ignores the CSS design I’ve set up for images in favor of whatever WordPress thinks is best.

After installation of WordPress 5 and not seeing anything immediately broken, I nervously went to the editor and began a dummy review.

Hated the paragraph blocks from the get go… but things went from bad to worse when I added a logo image, aligned it right and Gutenberg added a massive whitespace border around it, pushing it down.

I’m sure there’s some fiddly way to fix this (not from within Gutenberg), but why should I have to when I already have CSS in place for image alignment? Basically WordPress expects me to redo my alignment CSS, using whatever design element names they’ve come up with for Gutenberg (none of which are conveyed to the end-user).

There’s also a boatload of unnecessary extra mouse-clicks.

Want to move a paragraph up or down? Click mouse, highlight paragraph, ctrl-x, ctrl-v move on with your life.

In Gutenberg you have to click the damn block’s up or down arrows over and over again, to move the content up or down one block at a time. Jesus Christ guys.

I feel like Gutenberg has been developed for millennials who, for whatever reason, can’t use a simple text editor. Cell phones also might have something to do with it… but then who is putting together substantial content for a website on their phone in the first place?

Having been spammed with annoying Wix “we made a website tool so easy every idiot in Hollywood can use it, let me show you” ads on YouTube this past year, I get the feeling WordPress is trying to compete.

Gutenberg might be easier to use when putting together “Hay, here’s my cat!” type content, but for anything else it’s a nightmare.

What with all the mouse-clicking and needlessly switching between a bazillion blocks of content per article, content that might have previously taken me a few hours will take three weeks or so in Gutenberg.

Not to mention the downtime if I have to waste my time figuring out how to override Gutenberg’s “out of the box even though you didn’t ask for them” design overrides.

What a mess.

Luckily there’s legacy support for the old editor via plugin, which is what I’m writing this on (and sort of testing to make sure it works before I get back to writing regular content tomorrow).

Automattic has said they’ll support the classic editor till at least 2022 – by which time hopefully Gutenberg will actually be usable, gone, or we’ll all be using whatever replaced WordPress between now and then.

Honestly? I’m good either way. I’ve been a big fan of WordPress for over a decade now but this latest fundamental change to WordPress content creation is terrible.

Source: WordPress 5 Gutenberg is terrible.

In a letter to senators, a top Google official said the company allows app developers to scan Gmail accounts, even though Google itself stopped the practice for the purpose of ad targeting last year. The company also disclosed that app developers generally are free to share the data with others, as long as Google determines that their privacy policies adequately disclose potential uses.

Source: Google confirms it’s letting third parties scan your Gmail – Investment Watch Blog

New drop tests from device insurer SquareTrade confirmed that both of Apple’s latest high-end smartphones are prone to shattering when dropped from six feet above the ground.

Source: Be careful with your new iPhone …Apple’s ‘toughest ever’ handset fails drop tests | Daily Mail Online

Tesla’s fleet network connection is currently down, which means that owners of the EV brand of cars aren’t able to sign into the mobile app. Unfortunately, this means that they can’t remote start or remote unlock their cars, and they’re also unable to monitor their car’s charging status. Those who are logged out of the app are currently unable to log back in. Some people online are even complaining that they’re unable to use their phone to unlock their cars normally.

Source: Tesla outage keeps owners from logging into its website or app

The latest security warning comes after the Facebook-owned chat app announced plans to start backing up users’ messages to Google Drive for free.

Hackers could soon read through your WhatsApp text messages, images and videos.

The latest security warning comes as the Facebook-owned chat app announced plans to start backing up users’ messages to Google Drive for free.

Although WhatsApp protects all sent messages, images, videos and documents with end-to-end encryption, opting to back-up with Google Drive stops this security practice – leaving texts exposed to online hackers.

Source: WhatsApp is backing up Android encrypted messages into Google Drive | Daily Mail Online

Despite attempts by the Telecom industry and mainstream media to hide the connection between adverse health effects and cellphone/Wi-Fi radiation, the manufacturers’ own statements contradict themselves and their media mouthpieces in their own guidelines.

Source: Manuals Warn: Keep Cell Phones and Wi-Fi AWAY from Body But Industry Silent on Dangers

Over the last two years, academic researchers have identified various methods that they can transmit hidden commands that are undetectable by the human ear to Apple’s Siri, Amazon’s Alexa, and Google’s Assistant.

According to a new report from The New York Times, scientific researchers have been able “to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites.” This could, perhaps, allow cybercriminals to unlock smart-home doors, control a Tesla car via the App, access users’ online bank accounts, load malicious browser-based cryptocurrency mining websites, and or access all sort of personal information.

Source: Ultrasonic Attacks Can Trigger Alexa And Siri With Hidden Commands — Raise Serious Security Risks – Investment Watch Blog

Following the news that the latest iOS update can break phones with non-official replacement screens, repairers are encountering a different, more subtle problem: If you put a genuine Apple replacement display into an iPhone 8, 8 Plus or X, it’ll no longer be able to adjust its brightness automatically. If Apple or one of its authorized partners were to put the same display in the same phone, though? No problem.

Source: Even genuine replacement Apple displays can mess with iPhones

WannaCry was a wake-up call for healthcare, but the sector is still terribly vulnerable to attack

Source: Imagine you’re having a CT scan and malware alters the radiation levels – it’s doable • The Register

Google stepped up its scrutiny of device security several years ago in the wake of the massive Stagefright vulnerability. Ever since then, Android devices list a “patch level” that tells you when its security was last updated. However, Karsten Nohl and Jakob Lell of Security Research Labs say that many devices are fibbing about their security patches. Some phones are missing more than a dozen patches.

Source: Some Android Phones Are Missing Security Patches They Claim to Have – ExtremeTech

A recent investigation into 115 of the world’s most popular VPN services revealed that many are antithetical to their stated claims. To build trust, providers make promises not to track users through logs or other identifying information. But as a popular VPN comparison site found out, this isn’t always true. The Best VPN recently peeked […]

Source: 26 of the 115 most popular VPNs are secretly keeping tabs on you

As part of a planned national sampling and compliance project, Health Canada tested a number of uncertified USB chargers. The following products were found to pose an unacceptable risk of electric shock and fire and are being recalled. This table will be updated if and when new products are recalled.

Source: Health Canada warns of safety hazards with several uncertified USB chargers – Recalls and safety alerts

If your Oculus Rift has suddenly quit working, well, we have good news and bad news. The bad news is, your Oculus Rift doesn’t work. The good news is, it’s a temporary problem.

The problem, according to Neowin, is an expired certificate in the Oculus Runtime Service, which needs to be updated. The file in question, OculusAppFramework.dll, will throw an error to this effect when the Oculus Store attempts to launch.

Source: Security Certificate Issues Disable All Oculus Rifts [Updated] – ExtremeTech

Security researchers at Kaspersky Lab have discovered what’s likely to be another state-sponsored malware strain, and this one is more advanced than most. Nicknamed Slingshot, the code spies on PCs through a multi-layer attack that targets MikroTik routers. It first replaces a library file with a malicious version that downloads other malicious components, and then launches a clever two-pronged attack on the computers themselves. One, Canhadr, runs low-level kernel code that effectively gives the intruder free rein, including deep access to storage and memory; the other, GollumApp, focuses on the user level and includes code to coordinate efforts, manage the file system and keep the malware alive.

Source: Sophisticated malware attacks through routers

Today is the World Wide Web’s 29th birthday, and to celebrate the occasion, its creator has told us how bad it’s become. In an open letter appearing in The Guardian, Tim Berners-Lee painted a bleak picture of the current internet — one dominated by a handful of colossal platforms that have constricted innovation and obliterated the rich, lopsided archipelago of blogs and small sites that came before. It’s not too late to change, Lee wrote, but to do so, we need a dream team of business, tech, government, civil workers, academics and artists to cooperate in building “the web we all want.”

Source: The father of the world wide web is one disappointed dad

Apple devices at a refurbishment facility in Elk Grove, California have been calling 911 multiple times a day for the past few months, CBS Sacramento reports. Since last October, the Elk Grove Police station has received around 20 accidental emergency calls per day, adding up to some 1,600 calls in the last four months. The Sacramento County Sheriff’s Department Communication Center has also received 47 accidental calls from the facility since the beginning of this year.

Source: Apple devices at a California repair center keep calling 911

A new report from consulting firm Javelin outlines the latest hacking trends in the US, explaining what consumers should be wary of.

Hackers stole more Social Security numbers than credit card numbers last year – looting $16.8 billion

• A new report from consulting firm Javelin outlines the latest hacking trends
• In 2017 hackers obtained a greater percentage of Social Security numbers than credit card numbers
• Additionally, last year online shopping became the biggest fraud opportunity
• The authors of the analysis warned that hackers are becoming better equipped

Source: Hackers stole more Social Security numbers in 2017 | Daily Mail Online

The United States takes pride in being a technological leader in the world… but, when it comes to IT infrastructure however, the U.S. is lagging behind the world’s best… (and many of the world’s not-so-best)

Source: USA, USA, USA: America’s 4G Network Is Ranked 62nd ‘Best’ In The World (Behind Macedonia) | Zero Hedge

Black Panther is a refreshing answer to the increasingly stale world of superhero cinema. But there’s one glaring flaw throughout the film: its use of CG models to replace humans during action sequences. They’re weightless, ugly and, worst of all, incredibly distracting. You’d think that in the year 2018, following the recent glut of comic book films, visual effects (VFX) studios would have perfected the art of creating realistic CG humans. Instead, we appear to have peaked at Avatar in 2010. What gives?

Source: ‘Black Panther’ is amazing. Why are its CG models so terrible?

State and local law enforcement groups want wireless providers to store detailed information about your SMS messages for at least two years — in case they’re needed for future criminal …

Source: WIRELESS PROVIDERS TO KEEP YOUR TEXT MESSAGES ON FILE FOR TWO YEARS – GOV’T SLAVES

Bitcoin mining is a weird industry. Vast banks of dedicated computers solve complex equations to generate hashes worth a fraction of a coin, consuming huge amounts of power in the process. For such operations to be economically feasible nowadays, miners need the cheapest electricity possible.

Source: Bitcoin miners turn Quebec’s cheap energy into cold cash

Flight Sim Labs is a company dedicated to “specializing in various add-on products and services for the Microsoft Flight Simulator and Enterprise Simulator Platform (ESP) families.” That’s a specialized market, to be sure — flight sims don’t tend to sell in huge numbers, but they also tend to build a steady community over significant periods of time. Microsoft’s last version of Flight Simulator came out in 2006, yet supporting that game apparently continues to be a viable business strategy 12 years later. I’m a huge supporter of PC game modding, and mods have been shown to extend the useful lifetime of games by creating new game mods, integrating new content, and sometimes fixing bugs that the original developers couldn’t or wouldn’t tackle. So far, so good.

Several days ago, reddit user Crankyrecursion found that FSLab’s A320 package contained malware known as Chrome Password Dump. It does exactly what it says it does — dump your Chrome passwords. Unsurprisingly, gamers have revolted against this, and the company’s CEO has offered a mixture of apologies and defensive explanation.

Source: Game Mod Developer Caught Deliberately Distributing Malware – ExtremeTech

Security researchers at Appsecure found a way to access anyone’s Tinder account via their phone number. The exploit took advantage of a software flaw in both the dating app’s login process as well as the Facebook API that it’s based on. The issues have been fixed since, but represent a pretty big security lapse.

Source: Tinder security flaw granted account access with just a phone number

Germany’s military hardware woes continue worsen: the German Parliament has announced that none of the German Navy’s submarines are in operational condition. The navy maintains six submarines, but accidents and wear and tear have rendered all of them unusable.

Source: Sub-Par: Not a Single German Navy Submarine is Seaworthy – Sputnik International

Salon is now using their reader’s spare computing power to mine cryptocurrency.

Salon, a popular progressive website, has introduced a new feature that harnesses the spare computing power of its reader’s devices to mine cryptocurrency. Salon’s cryptocurrency of choice is Monero, a coin that is popular for its focus on anonymity.

When visiting Salon’s website, readers are now presented with the option to either turn off their ad blocker or to “suppress ads,” which means handing over your spare computing power to mine Monero.

Source: Salon Using Some Reader’s Spare Computing Power to Mine Cryptocurrency – Breitbart

We found Apple’s long-awaited HomePod belts out good sound for casual listeners so long as they’d already bought in to the iOS ecosystem (it needs an iPhone or iPad to work. Woof). But on top of sinking deeper into Apple’s mobile OS walled garden, new adopters have something else to worry about: HomePod is damaging wooden furniture it sits on.

Source: Apple’s HomePod may leave marks on wood furniture

An unpatched application-level denial of service (DoS) vulnerability in WordPress websites could help hackers take down nearly any WordPress website

A simple yet serious application-level denial of service (DoS) vulnerability has been discovered in WordPress CMS platform that could allow anyone to take down most WordPress websites even with a single machine—without hitting with a massive amount of bandwidth, as required in network-level DDoS attacks to achieve the same.

Source: Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites

Data about exercise routes shared online by soldiers can be used to pinpoint overseas facilities

Sensitive information about the location and staffing of military bases and spy outposts around the world has been revealed by a fitness tracking company.

The details were released by Strava in a data visualisation map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others.

Source: Fitness tracking app Strava gives away location of secret US army bases | Technology | The Guardian

The Smominru miner has infected at least half a million machines — mostly consisting of Windows servers — and spreads using the EternalBlue exploit.

Source: A giant botnet is forcing Windows servers to mine cryptocurrency | ZDNet

Game publisher Electronic Arts took it on the chin late last year when fans vehemently objected to the use of microtransactions in Star Wars Battlefront II. The backlash was so bad EA temporarily removed paid purchases from the game in order to retool the system, but gamers and even lawmakers are concerned about how these paid features are implemented across the industry. EA has reaffirmed its commitment to microtransactions, though. In its recent investment call, CEO Andrew Wilson said microtransactions aren’t going anywhere. As irksome as that might be, it’s kind of our fault.

Source: EA Remains Committed to Microtransactions, and That’s Partially Our Fault – ExtremeTech

Monthly stipends for 11,000 disabled student veterans are delayed this month, potentially causing the former troops to be late paying rent, food and other pressing bills.

The money from the program known as Vocational Rehabilitation and Employment subsistence allowance payments would normally have been disbursed Jan. 31. But now they will be delayed until Tuesday, due to a computer glitch, according to an internal memo obtained by The Washington Post.

The memo instructs operators to apologize to veterans and tell them their payments are on the way.

The program is popular because it helps disabled veterans who return home get job counseling and obtain college degrees or pursue technical skills. They are offered internships and help with contacts and resumes, which will allow them to work despite often severe injuries.

Source: 11,000 disabled student veterans left without rent, expense money due to computer glitch

The iPhone X’s early teething troubles have largely gone away, but there’s a lingering problem for some owners… and it’s a fairly serious one. Users have reported that the iPhone X’s touchscreen won’t turn on for several seconds when there’s an incoming call, preventing them from answering or seeing who’s on the other line. Complaints started surfacing in December, but the issue has persisted until now.

Source: iPhone X owners report trouble answering phone calls

The UK government will fine companies in “critical industries” up to £17 million if they have woefully inadequate cybersecurity defences. The penalty system is a response to an EU directive, passed in August 2016, that was drawn up to ensure its member states are prepared for modern cyber attacks. Known as the NIS directive, it will be transplanted into UK law to protect health, energy, transport and digital infrastructure. The fines will be a “last resort,” however, and take into account how co-operative the company has been with their relevant regulator, the actions taken to remedy the situation, and any other law that might have been breached.

Source: UK to fine companies up to £17 million for cybersecurity lapses

– ATMs in US hit by “jackpotting” attacks that empty ATMs in minutes – FBI warns of attacks in US after similar crimes in Taiwan, Thailand and Europe – Hackers have stolen c.$1 million from ATMs across the US warns U.S. Secret Service – Target Diebold Nixdorf machines – #1 global ATM provider, 35% of ATMs worldwide – Digital …

Source: ATMs Hit By Malware “Jackpotting” Attacks That Dispense All Cash In Minutes – GoldCore Ireland

YouTube was recently caught displaying ads that covertly leach off visitors’ CPUs and electricity to generate digital currency on behalf of anonymous attackers, it was widely reported.

Word of the abusive ads started no later than Tuesday, as people took to social media sites to complain their antivirus programs were detecting cryptocurrency mining code when they visited YouTube. The warnings came even when people changed the browser they were using, and the warnings seemed to be limited to times when users were on YouTube.

Source: Now even YouTube serves ads with CPU-draining cryptocurrency miners

A US missile defense test carried out in Hawaii was unsuccessful, according to officials.

A SM-3 Block IIA missile was launched from an Aegis Ashore test site in Hawaii, but failed to shoot down an incoming dummy missile launched from an aircraft, an official told Reuters. CNN also reported on the failure, сiting several administration officials.

The missile is developed by the Raytheon Co and is used to target intermediate range missiles. It’s being worked on jointly with Japan.

Source: US missile defense test fails in Hawaii – officials — RT US News

Podcast: Play in new window | Download (Duration: 22:56 — 26.7MB)

Subscribe: Android | Email | Google Podcasts | RSS | More

Reading of the article “Creative’s terrible Vista drivers”, a random jingle, melting cameras down Google Drive goes down! Oh noes! (January 30th 2018) 22m55s

Creative’s terrible Vista drivers – https://fuckingtech.com/creatives-terrible-vista-drivers/

Behold the cameras destroyed by the solar eclipse – https://fuckingtech.com/behold-the-cameras-destroyed-by-the-solar-eclipse/

Google Drive down in parts of US – https://fuckingtech.com/google-drive-down-in-parts-of-us/

Toyota models dominated the list of the top 15 cars American drivers tend to keep for at least 15 years before trading in for a new one.

These are the top 15 cars that American drivers tend to keep the longest before trading in for a new one.

Toyota models dominated the list taking out the top five spots, according to the new study by iSeeCars.com.

Fourteen of the top cars predicted to last more than 15 years are Japanese models, with the exception of German Volkswagen.

The Toyota Highlander model took out top spot with more than 18 per cent of original owners keeping their car for at least 15 years.

Source: Top cars Americans keep the longest before trading in | Daily Mail Online

A contraceptive app used by more than 500,000 women has come under fire after reportedly causing 37 unwanted pregnancies. Stockholm’s Södersjukhuset hospital has now reported the Natural Cycles app to the Swedish Medical Products Agency (the government body tasked with the regulation of medical devices) according to news outlet SVT.

Source: Contraceptive app under fire for causing unwanted pregnancies

Transmission, one of the most used non-commercial BitTorrent clients, has a vulnerability that allows outsiders to gain control over people’s computers. The flaw affects users who have remote control enabled with the default password. The vulnerability was revealed by a Google researcher, who plans to disclose similar remote code execution flaws in other torrent clients as well.

Source: BitTorrent Client Transmission Suffers Remote Takeover Vulnerability – TorrentFreak

Automation and SCADA-flingers admit fix has affected products

Patches for the Meltdown vulnerability are causing stability issues in industrial control systems.

SCADA vendor Wonderware admitted that Redmond’s Meltdown patch made its Historian product wobble. “Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC,” an advisory on Wonderware’s support site explains.

Source: Now Meltdown patches are making industrial control systems lurch • The Register

Big Red finally delivers patches for its x86 boxes – and 230-plus other problems

Oracle has told users of its SPARC-powered platforms that they have the Spectre processor design flaw.

A support document buried in Oracle’s customers-only portal, but seen by The Register, states: “Oracle believes that certain versions of Oracle Solaris on SPARCv9 are affected by the Spectre vulnerabilities.”

Source: Oracle says SPARCv9 has Spectre CPU bug, patches coming soon • The Register

While the Hawaii Emergency Management Agency says a false missile alert was not a hack, a password in a photo has drawn criticism of its security practices.

Source: Hawaii emergency agency password in photo sparks security criticism – Business Insider

There’s a new bug floating around called “chaiOS” that appears to be a basic GitHub link. However, when you text it to a person via the iMessage app (whether on iOS or MacOS), it will crash the app and possibly cause the device to freeze and restart. In other words: Be aware that this exists, but don’t send it to anyone.

Source: ‘chaiOS’ bug can cause iMessage to crash with a text message

Ubisoft has a history of premature software releases, but here’s one you might not mind. The developer has confirmed that it inadvertently released its Assassin’s Creed Origins add-on The Hidden Ones to Xbox One users a week ahead of its January 23rd release. A “misconfiguration” of the in-game store allowed downloads for the new content, the company said. You’ll still have access if you downloaded it and entered the new region (it’d create havoc for save files), but everyone else will have to wait for the official launch.

Source: Ubisoft inadvertently releases ‘Assassin’s Creed’ DLC a week early

A highly complex online advertising system makes it hard for big name publishers to find, let alone stop, misleading, malware-laden, and hard-to-close ads.

Source: A New Wave Of Bad Ads Is Hijacking Even Top-Tier Websites

Intel CEO Brian Krzanich sold off a major stake in the company in November, months after the chipmaker learned of a significant security flaw in its chips.

Source: Intel CEO Krzanich sold shares after company was informed of chip flaw – Business Insider

Disclosure of the Meltdown and Spectre vulnerabilities, which affect mainly Intel CPUs, was handled “in an incredibly bad way” by both Intel and Google, the leader of the OpenBSD project Theo de Raadt claims.

Source: iTWire – Handling of CPU bugs disclosure ‘incredibly bad’: OpenBSD’s de Raadt

Following reports of unbootable machines, Microsoft has halted updates of its Meltdown and Spectre security patches for AMD computers, according to a support note spotted by the Verge. It made the move after numerous complaints from users who installed the patch and then couldn’t get past the Windows 10 splash screen. “To prevent AMD customers from getting into an unbootable state, Microsoft will temporarily pause sending the following Windows operating system updates to devices with impacted AMD processors,” it wrote.

Source: Microsoft’s ‘Meltdown’ updates are reportedly bricking AMD PCs

Western Digital’s My Cloud network attached storage (NAS) devices claim to offer an easy, all-in-one solution for storing your data at home. However, they might also be providing an easy, all-in-one solution for hackers to steal your data take control of your device. Western Digital was told about the vulnerabilities last year but has yet to patch many devices.

Source: Western Digital’s My Cloud Storage Devices Have Hard-Coded Backdoor – ExtremeTech

VTech, the maker of smart toys whose poor security practices exposed data from millions parents and children, has been slapped on the wrist by the FTC to the tune of $650,000 and probation. It seems a light penalty for such a multifaceted failure affecting so many.

Source: After breach exposing millions of parents and kids, toymaker VTech handed a $650K fine by FTC – Mr-Mehra

Instead of focusing on single-digit percentage increases in performance, a bigger question needs to be asked: Is it safe?

Source: Spectre puts the brakes on CPU need for speed | ZDNet

Back at the tail end of November, Apple had to rush out an emergency security patch after news of a serious security flaw surfaced in macOS High Sierra. That bug allowed users to log into a system by typing “root” for a login, then hitting enter for a login attempt several times in a row. Now there’s a new bug; it isn’t as much of a risk as that one, but it’s still a significant issue.

Source: New macOS Security Bug Unlocks App Store With Any Password – ExtremeTech

Earlier this week, Intel said it would have Meltdown and Spectre fixes available by the end of the month for all recently made chips. But as the Wall Street Journal reports, some of the patches the company has released have caused some problems of their own. Some firmware updates are apparently causing computers to reboot.

Source: Intel’s Meltdown and Spectre fixes have some bugs of their own

Wondering why Snapchat felt compelled to redesign its app, besides the need to compete with Facebook? It should be clearer after today. The Daily Beast has obtained Snap data showing that the company has had a difficult time getting users to try features outside of the core chat service. Snap Maps location sharing had over 30 million users when it premiered in June, for example, but that dropped to 19 million users (11 percent of the user base) by September. And despite Snap’s eagerness to push Discover shows, only 21 percent of Snapchat users (a still-sizeable 38 million) visit the section daily.

Source: Snapchat’s app was a mess and this leak confirms it

It’s not just your processor and operating system that are affected by the Meltdown and Spectre memory vulnerabilities — your graphics card is, too. To that end, NVIDIA has detailed how its GPUs are affected by the speculative execution attacks and has started releasing updated drivers that tackle the issue. All its GeForce, Quadro, NVS, Tesla and GRID chips appear to be safe from Meltdown (aka variant 3 of the attacks), but are definitely susceptible to at least one version of Spectre (variant 1) and “potentially affected” by the other (variant 2). The new software mitigates the first Spectre flaw, but NVIDIA is promising future mitigations as well as eventual updates to address the second.

Source: NVIDIA GPUs weren’t immune to Spectre security flaws either

We are getting reports that all international travelers in the United States are weathering horrendous lines as the computer system for passports operated by U.S. Customs and Border Patrol has failed late Monday night. On one of the busiest travel nights of the holiday season. A video of the nightmare in Miami’s airport is being […]

Source: VIDEO– Passport System Collapses: Holiday Travelers Paralyzed in All U.S. Airports As Customs & Border Patrol Computers Fail – True PunditTrue Pundit

Sysadmins notice performance dip amid security fix rollout. Not everyone hit hard. YMMV etc

Source: Amazon: Intel Meltdown patch will slow down your AWS EC2 server • The Register

Perhaps the Meltdown and Spectre bugs are the impetus for making long-overdue changes to the core DNA of the semiconductor industry and how chip architectures are designed.

Source: Why Intel x86 must die: Our cloud-centric future depends on open source chips | ZDNet

Companies are scrambling to fix the serious security issues after it was determined the two hardware bugs discovered could be exploited to allow the memory content of a computer to be leaked.

Source: Apple confirms all iPhones and Macs at risk of hacking | Daily Mail Online

The Palo Alto, California, based computer company has issued a software tool that checks if your system is affected and enables a ‘battery safe mode’, to render the power packs inert.

Source: HP recalls computer batteries over fire risk yet again | Daily Mail Online

Podcast: Play in new window | Download (Duration: 32:47 — 38.6MB)

Subscribe: Android | Email | Google Podcasts | RSS | More

Reading of the article “The Palm Treo 680 is not made for Asians. Palm does not want this market”, and playback of Sovryn’s rant on shitty BluRay software. (January 3rd 2018)

-Fucking Tech is Google Play Approved – not as stingy as iTunes!

-The Palm Treo 680 is not made for Asians. Palm does not want this market. (March 23rd 2008)
https://fuckingtech.com/the-palm-treo-680-is-not-made-for-asians-palm-does-not-want-this-market/

-Sovryn Rant about shitty BlueRay software. From Sovryn Tech show #254 at 51 minute mark.
Sovryn Tech Ep. 0254: “Injustice League” https://soundcloud.com/sovryntech/svtep0254
https://zog.email/

Different is good when it’s better.
Grab any cell phone from LG, Samsung or Motorola, you will most likely find a hole or ring to attach a small wrist strap or lanyard. This wrist strap makes it easy to grab the phone out of it’s hiding place and can also be used to prevent an inadvertent drop of your phone while using it. Palm, in their grandiose wisdom decided that wrist strap rings are not to be part of the Treo 680, when all other phones around the world have had these rings for years.

Palm hates Asians.
Palm must hate Asians by not including a wrist strap ring on the Treo 680. Palm is missing out on the complete lanyard/wrist strap accessory market for Treos in the Asian segment. When I show my Treo phone to my Asian friends, they always ask me what color is my wrist lanyard and which Helo Kitty noise charm I have at the end of it. I smack my head with my palm (my hand palm) every time. It makes me feel like an ass and left out every single time. It makes me feel very North-American.

The small guy get’s the protection.
Find the logic in this. Palm Centro is la less expensive device and can accommodate wrist straps. Treo 680 is more expensive and can not have wrist straps. Is Palm telling me that it’s OK to drop a 500$ Treo 680, but adds anti-drop lanyard capability to the less expensive Centro? Is this some kind of racket to extort more money out of people buying more expensive devices? Fuck, I paid 500$ for this phone. I can’t have a simple hole in the casing so I don’t drop my expensive phone with a 2$ wrist strap?

Sony wins.
My Sony TG-50 has a wrist strap ring, it is very handy when using it as a hand held voice recorder. My Sony UX-50 has the BIGGEST wrist strap ring ever seen in any hand held device. With a 1000$ device when it came out in 2003, it’d BETTER have a fucking wrist strap ring! In fact, this ring is reinforced metal that is part of the frame. FUCK!!! Now THAT’s a strap ring! 3 years later Palm gives me fuck all as far as strap rings on my Treo 680. Great. My 150$ digital camera has a lanyard ring. Why can’t my 500$ Treo have one?

I just bought a Treo 680 for my wife. Now she is asking where on her new Treo does she attach her wrist lanyard & Hello Kitty bell charm combo. Fuck.

Don’t worry, Palm, you’re getting off light on this one. I have more rants to rip you some big ones. Just wait for it. I love Palm OS, but Palm devices have bad implementations. Was I spoiled by Sony? No. Palm had plenty of time to implement all this stuff.

The fact that privacy concerns were not placed at the top of the list by LinkNYC and the CityBridge private consortium should speak volumes

Source: Confirmed: New York City’s Public WiFi Stations Are Spying On You

I just learned of this dispicable Comcast practice today and I am livid. Comcast began injecting 400+ lines of JavaScript code in to pages I requested on the internet so that when the browser renders the web page, the JavaScript generates a pop up trying to up-sell me a new modem. When you call the number in the popup, they’re quick to tell you that you need a new modem, which in my case is not true. I later verified with level-2 support that my modem is pefectly fine and I don’t need to upgrade. As deceptive as that is however, my major complaint is that Comcast is intercepting web pages and then altering them by filling them with hundreds of lines of code. Even worse is that I’ve had to speak to 7 different supervisors from all areas of Comcast and they have either never heard of the process, or those who were aware of the practice don’t know how to turn it off.

Source: Solved: Are you aware? Comcast is injecting 400+ lines of … – Xfinity Help and Support Forums

Fucking Tech Show is now listed in the Google Play podcast directory!

I guess Google Play is as snowflake as iTunes!

Fucking Tech on Google Play.
https://play.google.com/music/listen#/ps/I5zoyxotsqmkgbeuhfsqzzz754y

Podcast: Play in new window | Download (Duration: 35:16 — 41.4MB)

Subscribe: Android | Email | Google Podcasts | RSS | More

GoldenTree’s crippled, slow & unencrypted hotel wireless (December 14th 2017) 35 minutes.

-Listed on BaladoQuebec while I was recording Show #2
-Rejected by iTunes Podcast Directory
-Internet service is real
-Shout to other web sites on main page.
-Where I come from when looking at tech. QA and powe ruser perspective with a touch of hacker.

GoldenTree’s crippled, slow & unencrypted hotel wireless
https://fuckingtech.com/goldentrees-crippled-slow-unencrypted-hotel-wireless/

Voter registration websites make some records vulnerable
https://www.engadget.com/2017/09/14/voter-registration-websites-vulnerability-study/

Hotels seem to have replaced ethernet internet with wireless, as it probably saves money on cabling costs, which is OK. The problems I have with this is that so far I have had slow, crippled, unencrypted and ask for passwords for no reason and they have all been provided by GoldenTree.

Login password?

Before you can do anything with your wireless connection you need to log in with a password that is the area code and your room number. This is stupid and useless. Residence Inn does not do this, it only asks you to agree to the terms of service, which does not bother with useless garbage.

Unencrypted? Are you fucking kidding me?

Wireless connections that have seen so far in hotels do not even use WEP or WPA encryption.I have seen this at Holiday Inn, Marriott Residence Inn  and Marriot Fairfield Inn.

Not only is Goldentree doing a bad implementation, but hotels don’t seen to give a shit about guests that are staying for business purposes. Some business users will have VPN access, but some corporate VPN access limits tremendously what is possible to do on that connection. The idea is that we HAVE to use the wireless connection without our personal VPN sometimes. When that happens and the connection is not encrypted, that pisses me off because anyone can sniff around and see what everybody in the hotel is doing on their wireless connection.

By the way, FuckingTech.com has been created entirely over a wireless GoldenTree connection in a hotel. This is scary because all operations have been done over unencrypted wireless for everyone to see, from the domain registration, unencrypted FTP transfers (because SSL FTP never works) and unencrypted back end administration of the article system. Anyone listening over the wireless connection could have hijacked FuckingTech.com before it was even started. This inaugural article could have been hijacked!

I don’t mind if anyone grabs the nude celeb pics that I download, but I start minding when I work and an encrypted connection for that type of work is not available.

Unencrypted hotel wireless is risky and it should stop.

Slow “High Speed” connections

Now on to the speed. Goldentree is horrendously slow on Friday and Saturday evenings. Yo dudes! We need more bandwidth over here!!!! I am talking to you, Marriott, Holiday Inn and GoldenTree! When this shit goes on every god damned week-end from November to March, YOU HAVE A FUCKING PROBLEM with your unencrypted, crippled and slow ass connection.

Slow “High speed” connections are terrible and it has to stop.

Crippling

GoldenTree also limits the POST sizes that are over 25k. Fantastic. That is just retarded when you are trying to upload files to any HTTP content system such as FuckingTech.com

GoldenTree, you provide slow, crippling and unencrypted wireless connections to hotel customers. You have some work to do.

What burns me is that it seems all hotels use GoldenTree over here in Oklahoma City, which limits your options to attain some sort of satisfaction from your wireless connection provided to you.

Last week, we reported that Dell had become the first major OEM to sell laptops that didn’t use the Intel Management Engine. The move was significant, both because of Dell’s size and because the other two PC OEMs that had made similar statements both focus on the Linux market. We’ve now had a chance to follow up with the Round Rock company on what it’s offering, and the situation is more complex than it may have initially seemed.

Source: Dell Sells PCs Without Intel’s Management Engine, but With Tradeoffs – ExtremeTech

San Francisco has been home to many quirky, forward-thinking technology startups over the years. There have been services that will fill your gas tank, mail you rolls of quarters, and even more ridiculous things. But delivery robots are just going too far — this is where the people of San Francisco draw the line. The city’s Board of Supervisors decided earlier this month to crack down on the delivery robots that have been taking over the city’s sidewalks, limiting where than can go and what they can do.

Source: San Francisco Cracks Down on Delivery Robots – ExtremeTech

OEMs aren’t particularly good at security, but HP’s recent problems deserve some kind of award. The company has been shipping a keylogger on at least 460 laptop models, and while it’s disabled by default, enabling it is as simple as flipping a registry switch.

Source: Over 460 HP Laptop Models Shipped with Keylogger – ExtremeTech

Silicon love machines can now be built to satisfy the kinky requirements of their owner

A sex robot designer is now making robots which cater to every fetish and can be fitted with anything from a cat’s tail to three breasts.

That’s the revelation from porn star Harriet SugarCookie, who visited a factory in California run by a firm called RealDoll that specialises in making silicon bonk ‘bots.

Source: You can now order a sex robot with three boobs and a cat’s tail | Metro News

In December 2008, the internet welcomed Google’s Incognito Mode, a privacy option for Chrome, with open arms. The feature offered protection against overbearing browser-history snoops at a time when many of us considered getting caught visiting NSFW sites (OK, let’s be frank: porn) on a computer to be the biggest threat posed by the web. This wasn’t exactly the case.

In fact, hiding your unmentionable browsing habits was hardly the reason a crack team of developers at Google made Incognito Mode. Knowing that Incognito Mode is still widely misunderstood, and has somewhat unfairly come to connote shady behavior, we talked to one of the people who built it, Google’s Vice President of Chrome, Darin Fisher. Fisher provided a firsthand take on how people should be using it, and what people shouldn’t be expecting it to do for them.

Source: Google Chrome’s ‘Incognito Mode’ Is Worthless – GOV’T SLAVES

If someone secretly installed software on your computer that recorded every single keystroke that you made, would you be alarmed?  Of course you would be, and that is essentially what is taking place on more than 400 of the most popular websites on the entire Internet.  For a long time we have known that nothing that we do on the Internet is private, but this new revelation is deeply, deeply disturbing.  In my novel entitled “The Beginning Of The End”, I attempted to portray the “Big Brother” surveillance grid which is constantly evolving all around us, but even I didn’t know that things were quite this bad.  According to an article that was just published by Ars Technica, when you visit the websites that have installed this secret surveillance code, it is like someday is literally “looking over your shoulder”…

Source: Secret Code Is Recording Every Keystroke You Make On More Than 400 Of The Most Popular Websites On The Internet – InvestmentWatch

The Federal Communications Commission will announce a full repeal of net neutrality protections Wednesday, according to the New York Times and several other media outlets. It is possible that a committee of telecom industry plutocrats who have from the outset made it their mission to rollback regulations on the industry will bow to public pressure before Wednesday, but let’s not count on it.

Source: Building our own system of internet is possible – and it may be the counter the federal government wasn’t prepared for. – Domi Good

Over the last two months, we’ve seen a rapid proliferation of websites that mine cryptocurrencies while users visit. While some of the guilty sites are less reputable, we’ve also seen this behavior from companies like Showtime (which may or may not qualify as “less reputable,” depending on your point of view). The idea of end-users generating income for the sites they visit by mining cryptocurrencies as opposed to being hit with ads has some interesting features to recommend it, though it also raises some concerns and issues about how such funding would be monitored or controlled to ensure systems remained responsive and different sites and browsers didn’t slug it out for resources, with users left in the lurch. Bad actors are on track to kill the concept before it ever gets a real test shake, thanks to increased adoption of malware-like tactics.

Source: Stealth Cryptocurrency Mining Sites Can Now Run Even After You Close Your Browser – ExtremeTech

Using bcache to speed Linux 4.14? Stop if you want your data to live

Source: ‘Urgent data corruption issue’ destroys filesystems in Linux 4.14

Podcast: Play in new window | Download (Duration: 14:47 — 33.9MB)

Subscribe: Android | Email | Google Podcasts | RSS | More

Introduction to FuckingTech (14m47s) November 17th 2017

-Tour of what is FuckingTech.
-Experiment to see where we cannot be listed. Possible underground podcast.
-Design sucks, it’s old. Refresh sometime in the future
-Shout-out to SovrynTech  https://zog.email/
-Shout-out to IdiotToys and UK Resistance  http://www.idiottoys.com/
-Alphabet of Manliness  https://www.amazon.com/exec/obidos/ASIN/080652720X/bpitu-20
-FAQ questions reviewed

Got listed on BaladoQuébec.ca as I was recording!

https://baladoquebec.ca/#!/podcast-fucking-tech

RIP ROP? Think again

A Carnegie-Mellon CERT researcher has discovered that Microsoft broke some use-cases for its Address Space Layout Randomisation (ASLR) mechanism, designed to severely hamper hackers’ attempts to exploit security bugs.

Source: Microsoft’s memory randomization security defense is a little busted in Windows 8, 10

If you hope to download Skype to keep in touch while you’re in China, you may be in for a rude surprise. Apple, Huawei, Xiaomi and other companies have been removing Microsoft’s internet calling software from their app stores in recent weeks in response to a crackdown on VoIP apps that don’t obey local digital security laws. The service still works if you already have the app installed, but you can’t download a fresh copy or pay for features directly through stores.

Source: Skype disappears from China’s app stores

Android phones gather your location data and send it to Google, even if you’ve turned off location services and don’t have a SIM card, Quartz reported today.

The term “location services” oftentimes refers to exact GPS data for app usage, such as Google Maps finding your best commute route, or Uber figuring out exactly where you’re standing to let drivers know your pickup point. Quartz’s report details a practice in which Google was able to track user locations by triangulating which cell towers were currently servicing a specific device.

https://www.theverge.com/2017/11/21/16684818/google-location-tracking-cell-tower-data-android-os-firebase-privacy

That hacker forced RT to halt its operating systems that take credit card payments, and assigns buses and trains to their routes.

Source: Sacramento Regional Transit Systems Hit By Hacker

Broadband packages are notoriously difficult to untangle. Prices are obscured with introductory discounts and the speeds you get are nothing like what was advertised. It sucks, and the UK’s Advertising Standards Authority (ASA) knows it. So today, the watchdog has announced new rules for broadband advertising. From now on, the figure you see must be based on the download speeds available to 50 percent of the company’s customers at peak hours. In addition, a qualifier like “average” must be visible. It’s a marked improvement over the previous guidelines, which said speeds must be available to at least 10 percent of customers.

Source: UK watchdog tells ISPs to advertise ‘real’ broadband speeds

Windows 10 is supposed to include support for memory address randomization techniques that stop certain kinds of malware. Unfortunately, that protection isn’t currently working.

Source: Key Windows 10 Anti-Malware Tech Critically Broken – ExtremeTech

I ruffled a few feathers yesterday urging phone makers to stop trying to kill the headphone jack. Xiaomi’s Jai Mani shared brands’ side of the story.

Source: Counterpoint: Why phone makers are trying to kill the headphone jack

This unfortunate trend continues to plague devices well into 2017, and we’re still in danger of losing one of the most essential features on phones today.

Source: Stop trying to kill the headphone jack

It’s so bad

I was in the Grand Central Station Apple Store for a third time in a year, watching a progress bar slowly creep across my computer’s black screen as my Genius multi-tasked helping another customer with her iPad. My computer was getting its third diagnostic test in 45 minutes. The problem was not that its logic board was failing, that its battery was dying, or that its camera didn’t respond. There were no mysteriously faulty innerworkings. It was the spacebar. It was broken. And not even physically broken — it still moved and acted normally. But every time I pressed it once, it spaced twice.

Source: The new MacBook keyboard is ruining my life

http://www.schiit.com/about/about/on-deals

ON “DEALS”

The system was sent into meltdown today when the firm accidentally triggered a computer crash, causing long lines of upset passengers to form at airports across the globe.

Source: Airport check-in systems crash was caused by single switch | Daily Mail Online

For all the hand-wringing over the amount of data Google and Facebook have on us, the ISPs through which we connect to the internet have much more. VPN services are often cited as a way to preserve your privacy online, and many claim to keep no logs that could potentially unmask users. PureVPN is one such provider, but those non-existent logs apparently helped the FBI track down an internet stalker. That really raises some questions about the claims made by VPN providers.

Source: Supposedly Non-Existent VPN Logs Help FBI Catch Internet Stalker – ExtremeTech

T-Mobile has been a tempting option for travelers, and for good reason: if you’ve traveled to Canada or Mexico, you’ve had as much LTE data as you wanted without fear of returning to a giant phone bill. Unfortunately, the party’s over. T-Mobile has revealed that, as of November 12th, it will cap the no-extra-charge LTE data to a maximum of 5GB per month while you’re visiting the US’ neighbors. You won’t run into overages (this is T-Mobile), but you’ll have to make do with speeds as low as 128Kbps if you go over your high-speed allotment. One subscribers can tack on unlimited LTE by adding One Plus International, but that’s another $25 per month on top of the base plan.

Source: T-Mobile puts 5GB cap on high-speed data in Canada and Mexico

For over a year, owners of a Samsung smart fridge have been unable to use their fridge’s pre-installed Google Calendar app, proving what we all suspected: the Internet of Things can quickly become an Internet of Broken Things. Apparently, the Samsung fridge depends on an old version of the Google API, and Samsung hasn’t yet pushed out necessary updates to all fridges. Before you go out and educate all your appliances, consider how smart they’ll be when their software is out of date next year.

Source: This Dumb Smart Fridge Shows Why the Internet of Things Will Break | iFixit

10.9 million US driver’s licenses were stolen in the massive breach that Equifax suffered in mid-May, according to a new report by The Wall Street Journal. In addition, WSJ has revealed that the attackers got a hold of 15.2 million UK customers’ records, though only 693,665 among them had enough info in the system for the breach to be a real threat to their privacy. Affected customers provided most of the driver’s licenses on file to verify their identities when they disputed their credit-report information through an Equifax web page. That page was one of the entry points the attackers used to gain entry into the credit reporting agency’s system.

Source: Equifax breach included 10 million US driving licenses

As usual, Apple started a trend. Last year, it dropped the standard 3.5 millimeter headphone jack from the iPhone. The industry was quick to respond. Motorola, even before the iPhone 7 was announced, also removed the port from the Moto Z (though curiously, it remained on the cheaper Z Play). HTC followed suit with the U Ultra this year, as did the geek-friendly Essential phone. Now that Google’s Pixel 2 is confirmed to be headphone jack-less, it seems as if the port’s survival, at least in the mobile world, is a lost cause.

Source: The Pixel 2 proves headphone jacks are truly doomed

The US Department of Defense is considering a change in direction with their fleet of F-35s, in which more than 100 fighters would be retired from combat rather than upgraded with a new software configuration.

Source: Pentagon Considering Retiring 100 F-35s Before They Ever Fly – Sputnik International

Mobile app developer Felix Krause, based in Vienna, Austria, has warned that fake Apple ID pop-ups present a security hole that hackers could use to steal information.

Source: iOS phishing attack tricks you into giving your Apple ID | Daily Mail Online

Some of the Home Mini speakers Google gave away during its recent Pixel event aren’t working correctly. That’s what the company found out when it examined the unit it gave to Artem Russakovskii from Android Police. Russakovskii told the tech titan that the device he got from the recent Pixel event was recording sounds in his house 24/7. He noticed that his Home Mini would flash its lights even if he doesn’t activate it by saying “OK, Google” or by giving the touch panel a long press. When he checked his activity portal, it was filled with recordings saved on Google’s server that could make a conspiracy theorist shout “I knew it!” Since the company is releasing the speaker in a few days, it took Google less than three hours to scoop up the rogue speaker from his home.

Source: Google Home Mini bug could make it record audio 24/7

Researchers have discovered a key flaw in the WPA2 WiFi encryption protocol that could allow hackers to intercept your credit card numbers, passwords, photos and other sensitive information. The flaws, dubbed “Key Reinstallation Attacks,” or “Krack Attacks,” are in the WiFi standard and not specific products. That means that just about every router, smartphone and PC out there could be impacted, though attacks against Linux and Android 6.0 or greater devices may be “particularly devastating,” according to KU Leuven University’s Mathy Vanhoef and Frank Piessens, who found the flaw.

Source: Severe WiFi security flaw puts millions of devices at risk

Global users of Windows 10 with manual updates enabled may wish to hold fire on installing KB4041676,Microsoft’s latest security patch, after users report it causing crashes and ‘boot loops’.

Source: Windows 10 patch causes ‘blue screen of death’ crash | Daily Mail Online

In May credit reporting service Equifax’s website was breached by attackers who eventually made off with Social Security numbers, names, and a dizzying amount…

Source: Equifax website borked again, this time to redirect to fake Flash update – 12160 Social Network