Tech Today w/ Ken May

Featured entries

A legal advocacy group has sued the San Diego Police Department (SDPD) and the city of San Diego in an attempt to force the release of public records relating to stingrays, also known as cell-site simulators. Stingrays are often used covertly by local and federal law enforcement to locate target cellphones and their respective owners. However, stingrays also sweep up cell data of innocent people nearby who have no idea that such collection is taking place. Stingrays can be used to intercept voice calls and text messages as well. Earlier this week, a local judge in Arizona ruled that a local reporter could not receive similar stingray documents from the Tucson Police Department because disclosure “would give criminals a road map for how to defeat the device, which is used not only by Tucson but other local and national police agencies.” Read 5 remaining paragraphs | Comments

An update to Elcomsoft ‘s Phone Breaker software now makes it easier for good or bad guys to bypass Apple’s vaunted new two-factor authentication to steal your iCloud stuff. As before, the hackers would need some information to start with — either your Apple ID/password plus a two-factor code, or a digital token stolen from, say, your laptop. That would give them access to your account anyway, but here’s the kicker: The Phone Breaker app can then create a digital token granting intruders permanent access without a two-step code until you change the password. It also allows someone to view all your iCloud files at a glance, making it easier to pick and choose which to steal. The tool is used legitimately by law enforcement to access lawbreakers’ phones, but was also recently implicated in a celebrity phone hack. Filed under: Software , Apple Comments Via: Macworld Source: Elcomsoft

Trailrunner7 writes that researchers at Palo Alto Networks have found a backdoor in Android devices sold by Coolpad. “A popular Android smartphone sold primarily in China and Taiwan but also available worldwide, contains a backdoor from the manufacturer that is being used to push pop-up advertisements and install apps without users’ consent. The Coolpad devices, however, are ripe for much more malicious abuse, researchers at Palo Alto Networks said today, especially after the discovery of a vulnerability in the backend management interface that exposed the backdoor’s control system. Ryan Olson, intelligence director at Palo Alto, said the CoolReaper backdoor not only connects to a number of command and control servers, but is also capable of downloading, installing and activating any Android application without the user’s permission. It also sends phony over-the-air updates to devices that instead install applications without notifying the user. The backdoor can also be used to dial phone numbers, send SMS and MMS messages, and upload device and usage information to Coolpad.” Read more of this story at Slashdot.

Facebook likes to experiment with little projects that could, someday, be as popular as Poking and Graph Search . One such project is enabling selected users to sell their unwanted items on the social network, in a move that’ll surely strike terror into the hearts of the folks over at Craigslist and eBay . New Zealand-based developer Indy Griffiths took to Twitter to reveal that he’d been given the option to sell an item to a group, with the button nestled next to the write post button. From there, users are required to fill in a form, providing a price, description, pictures and delivery options. Then the site pretties up the listing and makes it available for all others to see, like, comment and even purchase. Since this is just an experiment, only a few users will be able to try it out, and the site has already posted (and subsequently taken down) a support page saying that it’s not responsible for any of these transactions. Still, if Facebook’s not planning to fleece its users with extortionate sales fees, then it might just replace all those other sales-based sites and services in our hearts. Filed under: Internet , Facebook Comments Via: The Next Web Source: Indy Griffiths (Twitter) , Facebook Help

Over 9,000 PCs In Australia Infected By TorrentLocker Ransomware

Posted by kenmay on December - 18 - 2014

First time accepted submitter River Tam writes Cybercriminals behind the TorrenLocker malware may have earned as much as $585, 000 over several months from 39, 000 PC infections worldwide, of which over 9, 000 were from Australia. If you’re a Windows user in Australia who’s had their files encrypted by hackers after visiting a bogus Australia Post website, chances are you were infected by TorrentLocker and may have contributed to the tens of thousands of dollars likely to have come from Australia due to this digital shakedown racket. Read more of this story at Slashdot.

Vast Humble Comics Bundle

Posted by kenmay on December - 18 - 2014

The latest Humble Bundle features an indescribably vast array of comics from Mega, including work from Mark Waid, Darick Robertson, Garth Ennis, Gail Simone, Kevin Smith, Alex Ross, J. Michael Straczynski, David Mack, Howard Chaykin, Bill Willingham, Sean Phillips, Tim Seeley, Chuck Dixon, Andy Diggle, Duane Swierczynski, Joshua Hale Fialkov and others. Read the rest

Purch, Inc. announced  on Wednesday that it had purchased AnandTech.com, ending the site’s 17-year run as an independent publication. Purch also owns a number of other long-running technology sites, including LaptopMag (founded as Laptop Magazine in 1991), Tom’s Hardware (founded 1996), and a handful of other offshoot tech publications. Purch says the acquisition will help it “dominate the tech expert and enthusiast market.” Anand Shimpi, founder and original editor-in-chief of the site, left his post for Apple in late August. Shimpi says he is “happy to see [AnandTech] end up with a partner committed to taking good care of the brand and its readers.” Current Editor-In-Chief Ryan Smith says the site has “grown by leaps and bounds over the past several years” but that it was “nearing what’s possible as an independent company.” Smith goes on to say that Purch values AnandTech’s exhaustive hardware testing and reviews, and that Purch would enable the site to grow “without compromising the quality that made us who we are today.” Under Smith, AnandTech has continued to run reviews of individual PC components and, less frequently, complete consumer products like laptops, phones, and operating systems. While the site misses Shimpi’s voice and expertise (and that of former mobile editor Brian Klug, who also left for Apple this year), its coverage and testing procedures continue to be deep and thorough, and they will hopefully remain that way post-acquisition. Read 1 remaining paragraphs | Comments

Report: North Korea May Be Behind Sony Pictures Hack After All

Posted by kenmay on December - 18 - 2014

Despite the FBI saying just a few days ago that there was “no attribution to North Korea at this point, ” ABC News is reporting that federal cyber-security sources “close to the investigation” have indeed confirmed that the FBI does have reason to believe that North Korea may be involved in some capacity after all. Read more…

Unknown attackers used a spearphishing campaign to compromise sensitive systems operated by the Internet Corporation for Assigned Names and Numbers (ICANN), a coup that allowed them to take control of employee e-mail accounts and access personal information of people doing business with the group. ICANN, which oversees the Internet’s address system, said in a release published Tuesday that the breach also gave attackers administrative access to all files stored in its centralized zone data system , as well as the names, postal addresses, e-mail addresses, fax and phone numbers, user names, and cryptographically hashed passwords of account holders who used the system. Domain registries use the database to help manage the current allocation of hundreds of new generic top level domains (gTLDs) currently underway. Attackers also gained unauthorized access to the content management systems of several ICANN blogs. “We believe a ‘spear phishing’ attack was initiated in late November 2014,” Tuesday’s press release stated. “It involved email messages that were crafted to appear to come from our own domain being sent to members of our staff. The attack resulted in the compromise of the email credentials of several ICANN staff members.” Read 4 remaining paragraphs | Comments

​Tor Is Still Safe

Posted by kenmay on December - 17 - 2014

Tor is having a bit of a crisis, as it’s become increasingly clear that the wildly popular network isn’t the internet invisibility cloak it was once thought to be. Don’t panic. It’s not perfect, but it’s still the best we’ve got. Read more…