Day: December 9, 2017

Top-selling handgun safe can be remotely opened in seconds—no PIN needed

Enlarge (credit: Two Sixes Labs ) One of Amazon’s top-selling electronic gun safes contains a critical vulnerability that allows it to be opened by virtually anyone, even when they don’t know the password. The Vaultek VT20i handgun safe, ranked fourth in Amazon’s gun safes and cabinets category , allows owners to electronically open the door using a Bluetooth-enabled smartphone app. The remote unlock feature is supposed to work only when someone knows the four- to eight-digit personal identification number used to lock the device. But it turns out that this PIN safeguard can be bypassed using a standard computer and a small amount of programming know-how. As the video demonstration below shows, researchers with security firm Two Six Labs were able to open a VT20i safe in a matter of seconds by using their MacBook Pro to send specially designed Bluetooth data while it was in range. The feat required no knowledge of the unlock PIN or any advanced scanning of the vulnerable safe. The hack works reliably even when the PIN is changed. All that’s required to make it work is that the safe have Bluetooth connectivity turned on. Read 11 remaining paragraphs | Comments

Follow this link:
Top-selling handgun safe can be remotely opened in seconds—no PIN needed

Toys R Us is bankrupt, but top execs are cleared to receive $16 million in bonuses

A Justice department attorney representing the people owed money by Toys R Us doesn’t believe the bankrupt corporation should pay lavish bonuses to the same executives who drove the toy store chain into the ground. From Judy Robbins filing: “It defies logic and wisdom, not to mention the Bankruptcy Code, that a bankrupt company would now propose further multi-million dollar bonuses for the senior leadership of a company that began the year with employee layoffs and concludes it in the midst of the holiday season in bankruptcy. Apparently, this Christmas, Toys “R” Us intends to deliver not only ‘children their biggest smiles of the year’ but the insiders, too.” Nevertheless U.S. Bankruptcy Court Judge Keith Phillips approved the payouts. From CW39 : Because Toys “R” Us filed for bankruptcy in September, it must now must get court approval for many of its basic business decisions. These new bonuses will be in addition to another $8.2 million in retention bonuses paid to some of these same executives before Toys “R” Us filed for bankruptcy. They would be required to return the retention payments should they quit the company within a year of receiving them.

Visit link:
Toys R Us is bankrupt, but top execs are cleared to receive $16 million in bonuses

Steam no longer accepts bitcoin for game purchases

Have you been stockpiling bitcoin to go on a Steam shopping spree ? You’ll need to change your plans. Valve has stopped accepting bitcoin due to a combination of high transaction costs (up from 20 cents in the beginning to $20) and “volatility” in the cryptocurrency’s value. While the virtual cash has never been especially stable, its worth has taken a roller coaster ride over the past few months. Its value has been skyrocketing lately (one bitcoin is worth $13, 300 US as of this writing), but it has also crashed hard — Valve cited a 25 percent drop “over a period of days” as an example. That fluctuation creates a huge problem if you make a purchase and it doesn’t complete before the usual bitcoin price guarantee elapses, as you may have to pay an outstanding balance and a second transaction fee. Valve isn’t completely ruling out a return to bitcoin in the future, although it’s clear that won’t happen unless bitcoin settles down. There’s no mention of opening the door to Ethereum and other digital currencies, either. And no matter what, this underscores a very real problem for cryptocurrency no matter the format. Retailers need predictable costs and payments to run their businesses, and they may be loathe to support technology like bitcoin if it leads to unpaid debts and unhappy customers. Via: Polygon Source: Steam Blog

More:
Steam no longer accepts bitcoin for game purchases

AMD Quietly Made Some Radeon RX 560 Graphics Cards Worse

Brad Chacos: When the Radeon RX 560 launched in April it was the only RX 500-series card with a meaningful under-the-hood tech boost compared to the RX 400-series. The graphics processor in the older RX 460 cards packed 14 compute units and 896 stream processors; the upgraded Radeon RX 560 bumped that to 16 CUs and 1, 024 SPs. Now, some — but not all — of the Radeon RX 560s you’ll find online have specs that match the older 460 cards, and sometimes run at lower clock speeds to boot. AMD’s Radeon RX 560 page was also quietly altered to include the new configurations at some point, Heise.de discovered. The last snapshot of the page by the Internet Archive’s Wayback Machine occurred on July 7 and only lists the full-fat 16 CU version of the card, so the introduction of the nerfed 896 SP model likely occurred some time after that. Sifting through all of the available Radeon RX 560s on Newegg this morning reveals a fairly even split between the two configurations, all of which are being sold under the same RX 560 name. In a statement, AMD acknowledged the existence of 14 Compute Unit (896 stream processors) and 16 Compute Unit (1024 stream processor) versions of the Radeon RX 560. “We introduced the 14CU version this summer to provide AIBs and the market with more RX 500 series options. It’s come to our attention that on certain AIB and etail websites there’s no clear delineation between the two variants. We’re taking immediate steps to remedy this: we’re working with all AIB and channel partners to make sure the product descriptions and names clarify the CU count, so that gamers and consumers know exactly what they’re buying. We apologize for the confusion this may have caused.” Read more of this story at Slashdot.

Read the article:
AMD Quietly Made Some Radeon RX 560 Graphics Cards Worse

Uber paid off a 20-year-old Florida man to destroy hacked data

More details are coming to light about Uber’s huge data breach . Reuters is reporting that a 20-year-old Florida man was behind the 2016 extortion-oriented cyberattack and was paid through the firm’s bug bounty program. We know that the individual, whose identity Uber refuses to disclose, received $100, 000 for destroying the info, which exposed the personal data of roughly 57 million customers and drivers. The ride-hailing firm then kept quiet about the breach for more than a year. You can bet Congress and the five sates investigating Uber will be paying close attention to any new nuggets of info. Bug bounties (where compensation is offered to hackers who find vulnerabilities) are commonplace within tech circles — everyone from Apple to Samsung utilizes them. And, while highly-publicized rewards of up to $200, 000 are the norm, it’s rare that the largest sum is dispensed to any one person. Making Uber’s $100, 000 silent payout an all-time record for HackerOne, the firm that hosts Uber’s bug bounty program, according to a former exec who spoke to Reuters . The Florida hacker, described in the report as “living with his mom, ” reportedly paid a second individual for help accessing GitHub’s resources to procure credentials for Uber data stored elsewhere. Upon divulging the breach last month, the company fired chief security officer Joe Sullivan and one of his deputies, senior lawyer Craig Clark, for covering up the breach. But Reuters sources claim the coverup went straight to the top of the food chain to former CEO Travis Kalanick . Both Uber and Kalanick refused to comment. Source: Reuters

See the original post:
Uber paid off a 20-year-old Florida man to destroy hacked data

A mysterious Thai singer performing in an oyster costume is the top YouTube video for 2017

With nearly 183 million views since June, this Thai music video is the top globally trending video of 2017, according to YouTube. It’s called “Until we become dust” and it’s performed by a singer in a full silver and white costume whose head is elaborately masked in oyster shells and pearls. The mysteriously-garbed musician is competing in a strange Thai TV singing show called ” The Mask Singer .” Here are the show’s rules : The contestants are broken up into four groups, each group containing 8 masked celebrities. Each episode consists of two pairs of battling contestants, up until the final for each group, where the contestants perform a duet before battling it out. The winner reveals their identity in the last episode of each season… The contestants are prompted to sing a song of their choice and design a unique costume with a team of designers. Each costume covers the entirety of the contestant’s body… The identity of each contestant is kept confidential. When they arrive at the studio, staff members bring them cloaks to conceal their identity. Before filming the show, each contestant has to sign a contract ensuring they keep their identity a secret. During rehearsals, their voices are modified. The staff members who are authorized to know contestants’ identity such as makeup artists, costume designers, the director, and studio staff, have signed contracts to keep it confidential. When editing the footage and audio, they lock the doors to stop anyone from looking through. Later, according to CNBC , the masked celebrity was revealed to be singer Pandavaram Prasarnmitr of the Thai rock band, Cocktail. Here’s one of their music videos where you can see what he looks like without oyster shells on his face: https://youtu.be/UsnIyScLe-s

See more here:
A mysterious Thai singer performing in an oyster costume is the top YouTube video for 2017

Keylogger Found On Nearly 5,500 WordPress Sites

An anonymous reader writes: Nearly 5, 500 WordPress sites are infected with a malicious script that logs keystrokes and sometimes loads an in-browser cryptocurrency miner. The malicious script is being loaded from the “cloudflare.solutions” domain, which is not affiliated with Cloudflare in any way, and logs anything that users type inside form fields as soon as the user switches away from an input field. The script is included on both the sites’ frontends and backends, meaning it can steal both admin account credentials and credit card data from WP sites running e-commerce stores. According to site source code search engine PublicWWW, there are 5, 496 sites running this keylogger. The attacker has been active since April. Read more of this story at Slashdot.

More here:
Keylogger Found On Nearly 5,500 WordPress Sites

Cryptocurrency mining marketplace loses $64 million to hackers

A cryptocurrency marketplace called NiceHash has suffered a security breach that left its bitcoin wallet tens of millions of dollars lighter. Slovenia-based NiceHash connects miners, or people selling their hashing/computer power, with people willing to pay for that power. Andrej P. Škraba, the marketplace’s head of marketing, told Reuters that the company was targeted by “a highly professional attack” that involved “sophisticated social engineering.” He also revealed that the infiltrators got away with 4, 700 bitcoins — or around $64 million. Before Škraba talked to Reuters , NiceHash posted an announcement on Reddit and on its website that it’s pausing all operations for the next 24 hour to investigate the incident. The post said the company’s payment system was compromised, and that it’s working with authorities on top of conducting its own investigation. Unfortunately, Škraba didn’t reveal more details than that, but it’s advising users to change their passwords on NiceHash and other services — a great advice now that bitcoin looks more alluring to hackers than ever. It has soared past $15, 000 in value, just hours after it broke past the $14, 000 mark. Authorities in some countries are cracking down on cryptocurrency, however, in hopes of gaining greater control over the virtual currency. Source: Reuters , Reddit

View the original here:
Cryptocurrency mining marketplace loses $64 million to hackers

John Scalzi’s ‘Old Man’s War’ sci-fi series is headed to Netflix

Award-winning science fiction author John Scalzi famously chose military SF for his Old Man’s War series because it was a marketable sub-genre . Lucky for us that he did, as the eventual six-book series has been a critical and commercial success. According to a report from Deadline , Netflix has just acquired the first novel with intentions to make it into a film. In the Old Man’s War universe, set hundreds of years from now, older people are given a loaded choice. Either age and die on Earth or get healthy young bodies that are conscripted into the military to fight space aliens. Protagonist John Perry makes the obvious choice and becomes a high-octane space marine who ends up being pretty good at leading troops into battle. Of course, all is not as it seems, and Perry begins to piece together what’s really going on. The engaging story will likely make a good movie, provided it’s done right (looking at you, Ender’s Game ). The film is being produced by John Shestak Productions ( Air Force One , Dan in Real Life ) and Madhouse Entertainment . Source: Deadline

See more here:
John Scalzi’s ‘Old Man’s War’ sci-fi series is headed to Netflix

Almost All Bronze Age Artifacts Were Made From Meteorite Iron

dryriver shares a report from Science Alert: According to a new study, it’s possible that all iron-based weapons and tools of the Bronze Age were forged using metal salvaged from meteorites. The finding has given experts a better insight into how these tools were created before humans worked out how to produce iron from its ore. While previous studies had found specific Bronze Age objects to be made from meteoric metal — like one of the daggers buried with King Tutankhamun — this latest research answers the question of just how widespread the practice was. Albert Jambon, from the National Centre for Scientific Research (CNRS) in France, studied museum artifacts from Egypt, Turkey, Syria, and China, analyzing them using an X-Ray Fluorescence Spectrometer to discover they all shared the same off-world origins. “The present results complementing high quality analyses from the literature suggest that most or all irons from the Bronze Age are derived from meteoritic iron, ” writes Jambon in his published paper. “The next step will be to determine where and when terrestrial iron smelting appeared for the first time.” Read more of this story at Slashdot.

More here:
Almost All Bronze Age Artifacts Were Made From Meteorite Iron