Tech Today w/ Ken May

Archive for February 5th, 2017

The Netscape Plugins API is “an ancient plugins infrastructure inherited from the old Netscape browser on which Mozilla built Firefox, ” according to Bleeping Computer. But now an anonymous reader writes: Starting March 7, when Mozilla is scheduled to release Firefox 52, all plugins built on the old NPAPI technology will stop working in Firefox, except for Flash, which Mozilla plans to support for a few more versions. This means technologies such as Java, Silverlight, and various audio and video codecs won’t work on Firefox. These plugins once helped the web move forward, but as time advanced, the Internet’s standards groups developed standalone Web APIs and alternative technologies to support most of these features without the need of special plugins. The old NPAPI plugins will continue to work in the Firefox ESR (Extended Support Release) 52, but will eventually be deprecated in ESR 53. A series of hacks are available that will allow Firefox users to continue using old NPAPI plugins past Firefox 52, by switching the update channel from Firefox Stable to Firefox ESR. Read more of this story at Slashdot.

Categories: reader

Enlarge The developers at Denuvo have been in the news thanks to cracks  against their notoriously tough digital rights management (DRM) tools , which are normally used to lock down video games from leaking online. On Sunday, the company faced a different kind of crack—not against a high-profile video game, however, but of its depository of private web-form messages. A significant number of these appear to come from game makers, with many requesting information about applying Denuvo’s DRM to upcoming games. The first proof of this leak appears to come from imageboard site 4chan, where an anonymous user posted a link to a log file hosted at the denuvo.com domain. This 11MB file (still online as of press time) apparently contains messages submitted via Denuvo’s public contact form dating back to April 25, 2014. In fact, much of Denuvo’s web database content appears to be entirely unsecured, with root directories for “fileadmin” and “logs” sitting in the open right now. Combing the log file brings up countless spam messages, along with complaints, confused “why won’t this game work” queries from apparent pirates, and even threats (an example: “for what you did to arkham knight I will find you and I will kill you and all of your loved ones, this I promise you CEO of this SHIT drm”). But since Denuvo’s contact page does not contain a link to a private e-mail address—only a contact form and a phone number to the company’s Austrian headquarters—the form appears to also have been used by many game developers and publishers. Read 3 remaining paragraphs | Comments

Categories: reader

The state of residential solar power

Posted by kenmay on February - 5 - 2017

Don’t panic, but we will need to generate approximately 15TW of usable energy from renewable (carbon-neutral) sources by 2050 in order to stabilize the atmospheric CO 2 concentration. And purely in terms of available energy, solar power has the greatest potential for meeting this requirement. Solar is “probably the only long-term supply-side energy solution that is both large enough and acceptable enough to sustain the planet’s long term requirements,”  according to Richard Perez, senior research associate at the Atmospheric Sciences Research Center at SUNY-Albany. Perez’ analysis includes geothermal, wind, all other significant renewable sources, nuclear fission, and all forms of fossil fuels. So while wind, hydropower, and geothermal extraction may work well on a local or regional scale in certain areas, today the potential of solar exceeds any other renewable energy source by several orders of magnitude . It’s simply the only contender, besides nuclear power, for a global solution to supply civilization with the massive amount of energy it demands. Read 68 remaining paragraphs | Comments

Categories: reader

A Hacker Just Pwned Over 150,000 Printers Exposed Online

Posted by kenmay on February - 5 - 2017

Last year an attacker forced thousands of unsecured printers to spew racist and anti-semitic messages. But this year’s attack is even bigger. An anonymous reader writes: A grey-hat hacker going by the name of Stackoverflowin has pwned over 150, 000 printers that have been left accessible online. For the past 24 hours, Stackoverflowin has been running an automated script that searches for open printer ports and sends a rogue print job to the target’s device. The script targets IPP (Internet Printing Protocol) ports, LPD (Line Printer Daemon) ports, and port 9100 left open to external connections. From high-end multi-functional printers at corporate headquarters to lowly receipt printers in small town restaurants, all have been affected. The list includes brands such as Afico, Brother, Canon, Epson, HP, Lexmark, Konica Minolta, Oki, and Samsung. The printed out message included recommendations for printer owners to secure their device. The hacker said that people who reached out were very nice and thanked him. The printers apparently spew out an ASCII drawing of a robot, along with the words “stackoverflowin the hacker god has returned. your printer is part of a flaming botnet… For the love of God, please close this port.” The messages sometimes also include a link to a Twitter feed named LMAOstack. Read more of this story at Slashdot.

Categories: reader

Kaspersky Lab surveyed 16, 750 people and concluded that often negative experiences on social experience overpower their positive effects — and they’re doing something about it. JustAnotherOldGuy pointed us to their latest announcement. 59% have felt unhappy when they have seen friends’ posts from a party they were not invited to, and 45% revealed that their friends’ happy holiday pictures have had a negative influence on them. Furthermore, 37% also admitted that looking at past happy posts of their own can leave them with the feeling that their own past was better than their present life. Previous research has also demonstrated peoples’ frustration with social media as 78% admitted that they have considered leaving social networks altogether. The only thing that makes people stay on social media is the fear of losing their digital memories, such as photos, and contacts with their friends. To help people decide more freely if they want to stay in social media or leave without losing their digital memories, Kaspersky Lab is developing a new app — FFForget will allow people to back up all of their memories from the social networks they use and keep them in a safe, encrypted memory container and will give people the freedom to leave any network whenever they want, without losing what belongs to them — their digital lives. The FFForget app will be released in 2017, but there’s already a web page where you can sign up for early access. Kaspersky plans to monetize this by creating both a free version of the app — limited to one social network — and a $1.99-per-month version which automatically backs up social content from Facebook, Google, Twitter, and Instagram in real-time with a fancier interface and more powerful encryption. Read more of this story at Slashdot.

Categories: reader

All of its outgoing connections are routed through Tor, and it even blocks non-anonymous connections. You can carry it around on a USB stick, and Edward Snowden uses it. But a big change is coming with Tails 3.0. BrianFagioli quotes BetaNews: Unfortunately for some users, Tails will soon not work on their computers. The upcoming version 3.0 of the operating system is dropping 32-bit processor support. While a decline in compatibility is normally a bad thing, in this case, it is good. You see, because there are so few 32-bit Tails users, the team was wasting resources by supporting them. Not to mention, 64-bit processors are more secure too… “In the beginning of 2016, only 4% of Tails users were still using a 32-bit computer. Of course, some of these computers will keep working for a while. But once the number had fallen this low, the benefits of switching Tails to 64-bit outweighed the reasons we had to keep supporting 32-bit computers, ” says the Tails team… “In the last few years, the developers who maintain Tails have spent lots of time addressing such issues. We would rather see them spend their time in ways that benefit our users on the long term, and not on problems that will vanish when Tails switches to 64-bit eventually.” Read more of this story at Slashdot.

Categories: reader

Hack knocks out a fifth of the Dark Web

Posted by kenmay on February - 5 - 2017

The Dark Web is having a rough time right now… although the victims in this case won’t earn too much sympathy. An Anonymous-linked hacker speaking to Motherboard brought down about a fifth of the Tor network’s ‘secret’ websites (over 10, 000 of them) in a claimed vigilante move. The intruder decided to attack a Dark Web hosting service, Freedom Hosting II, after discovering that it was managing child porn sites it had to be aware of — they were using gigabytes of data each when the host officially allows no more than 256MB. Each site had its usual pages replaced with a message that not only chastised FH2, but offered a data dump (minus user info) and explained the nature of the hack. Reportedly, the attack wasn’t difficult. The hacker only needed to have control over a site (new or existing) to get started. After that, it was mostly a matter of modifying a configuration file, triggering a password reset and getting root access. From early indications, the perpetrator is handling the data relatively responsibly. It’s going to a security researcher who’ll hand it over to law enforcement, which might just use it to bust the porn peddlers. Investigators may be as frustrated as they are happy, though. When the FBI infiltrated Dark Web porn sites , it used location-tracking malware to help identify individual users. Well, it probably can’t do that now — investigators might pinpoint the site operators, but the clients will have scattered to the four winds. While this is still a blow to the internet’s criminal underbelly, it’s not as big a victory as it could have been. Looks like Freedom Hosting II got pwned. They hosted close to 20% of all dark web sites (previous @OnionScan report) https://t.co/JOLXFJQXiH — Sarah Jamie Lewis (@SarahJamieLewis) February 3, 2017 Source: Motherboard , Sarah Jamie Lewis (Twitter)

Categories: reader

Gmail will stop working on Chrome for XP and Vista this year

Posted by kenmay on February - 5 - 2017

If it’s been some time since you’ve updated your Chrome browser, you might see a banner at the top of Gmail’s interface on February 8th. It’ll contain a reminder to update to Chrome version 55 from 53 and below, since the newer iteration comes with several big security updates. That banner will go away after you update — unless you’re still using Windows XP or Vista. Google stopped releasing Chrome updates for those two after version 49, since Microsoft no longer supports its older Windows platforms. So, what will happen if you don’t — or can’t — update Chrome? Well, Gmail will work like usual throughout 2017. Sometime in December, though, you’ll start being redirected to the basic HTML version of the email service and will be more vulnerable to security risks. Google says the best thing you can do is upgrade and ditch XP or Vista ASAP. Source: Google Suite Updates

Categories: reader