hash – Page 25 – Tech Today w/ Ken May

Dell support software gets flagged by antivirus program

Diagnostic software preinstalled on many Dell computers is now being flagged as a potentially unwanted program by antivirus program Malwarebytes following the discovery of a vulnerability that allows attackers to remotely execute malicious code on older versions. The application known as Dell System Detect failed to validate code before downloading and running it, according to a report published last month by researcher Tom Forbes. Because the program starts itself automatically, a malicious hacker could use it to infect vulnerable machines by luring users to a booby-trapped website. According to researchers with AV provider F-Secure , the malicious website need only have contained the string “dell” somewhere in its domain name to exploit the weakness. www.notreallydell.com was just one example of a site that would have worked. Dell released an update in response to Forbes’s report, but even then, users remained vulnerable. That’s because the updated program still accepted downloads from malicious sites that had a subdomain with “dell” in it, for instance, a.dell.fakesite.ownedbythebadguys.com. Read 2 remaining paragraphs | Comments

New York woman can send divorce papers via Facebook

A New York County Supreme Court judge ruled that 26-year-old nurse Ellanora Baidoo can serve divorce papers (PDF) to her soon-to-be ex-husband, Victor Sena Blood-Dzraku, via Facebook. The ruling is one of the first of its kind, and it comes at a time when even standard e-mail is still not “statutorily authorized” as a primary means of service, the judge wrote. A number of courts have allowed plaintiffs to use Facebook as supplemental means of service since at least 2013, but Baidoo has requested that the social media service be the primary and only means of telling Blood-Dzraku that she wants a divorce. The circumstances for the decision are unique, however. As the New York Daily News reported , Baidoo and Blood-Dzraku, both Ghanaian, were married in a civil service in 2009, but when Blood-Dzraku refused to marry in a traditional Ghanaian wedding ceremony, the relationship ended. The two never lived together, and Blood-Dzraku only kept in touch with Baidoo via phone and Facebook. Read 5 remaining paragraphs | Comments

Excerpt from:
New York woman can send divorce papers via Facebook

How a $3.85 latte paid for with a fake $100 bill led to counterfeit kingpin’s downfall

Four men were indicted Wednesday on federal charges as part of an international online conspiracy to make and distribute “high-quality” counterfeits of over $1.4 million sold via Tor-enabled Dark Web sites. The new criminal charges expand on a previous case filed back in December 2014 against Ryan Andrew Gustafson , a man who went by the online monikers “Jack Farrel” and “Willy Clock”—he is also named as one of the four defendants. According to court records, Gustafson was previously positively identified via facial recognition against his Texas driver’s license. Prosecutors say the 27-year-old is an American living in Kampala, Uganda, and that he is currently on trial in the East African nation on counterfeiting charges. The United States does not have an extradition treaty nor a Mutual Legal Assistance Treaty (MLAT) with Uganda, so his return home is not a sure thing. Read 23 remaining paragraphs | Comments

More:
How a $3.85 latte paid for with a fake $100 bill led to counterfeit kingpin’s downfall

TrueCrypt security audit is good news, so why all the glum faces?

The ongoing audit of the TrueCrypt whole-disk encryption tool used by millions of privacy and security enthusiasts has reached an important milestone—a detailed review of its cryptographic underpinnings that found no backdoors or fatal flaws. The 21-page Open Cryptographic review published Thursday uncovered four vulnerabilities, the most serious of which involved the use of a Windows programming interface to generate random numbers used by cryptographic keys. While that’s a flaw that cryptographers say should be fixed, there’s no immediate indication that the bug undermines the core security promise of TrueCrypt. To exploit it and the other bugs, attackers would most likely have to compromise the computer running the crypto program. None of the vulnerabilities appear to allow the leaking of plaintext or secret key material or allow attackers to use malformed inputs to subvert TrueCrypt. The report was produced by researchers from information security consultancy NCC Group . “The TL;DR is that based on this audit, TrueCrypt appears to be a relatively well-designed piece of crypto software,” Matt Green, a Johns Hopkins University professor specializing in cryptography and an audit organizer, wrote in a blog post accompanying Thursday’s report . “The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.” Read 7 remaining paragraphs | Comments

Visit site:
TrueCrypt security audit is good news, so why all the glum faces?

“Unquestionable greed,” the startup CEO who stole $765k from his friends

SAN FRANCISCO—Dressed in matching yellow scrubs from the nearby Alameda County Jail, Jon Mills looked resigned to his fate. After taking a plea deal on two felony counts of wire fraud, the young former startup CEO appeared in federal court Tuesday afternoon for sentencing. Mills had moved to California five years ago with a dream to hit it big in Silicon Valley. The company he founded, Motionloft , uses small sensors to perform analytics on in-store foot traffic. Everything worked. The company continues to succeed, and celebrity venture capitalist Mark Cuban remains its sole investor. But that success wasn’t enough. In early 2013, Mills told at least five people that if they gave him relatively small amounts of money, they would own stakes in the company. He claimed that a Cisco acquisition worth hundreds of millions of dollars was supposedly imminent, so Mills and all Motionloft shareholders others would stand to make a tidy profit. In reality, Mills knew the deal didn’t exist. Read 52 remaining paragraphs | Comments

See the original post:
“Unquestionable greed,” the startup CEO who stole $765k from his friends

Google kills 200 ad-injecting Chrome extensions, says many are malware

Google is cracking down on ad-injecting extensions for its Chrome browser after finding that almost 200 of them exposed millions of users to deceptive practices or malicious software. More than a third of Chrome extensions that inject ads were recently classified as malware in a study Google researchers carried out with colleagues from the University of California at Berkeley. The Researchers uncovered 192 deceptive Chrome extensions that affected 14 million users. Google officials have since killed those extensions and incorporated new techniques to catch any new or updated extensions that carry out similar abuses. The study also found widespread use of ad injectors for multiple browsers on both Windows and OS X computers. More than five percent of people visiting Google sites have at least one ad injector installed Within that group, half have at least two injectors installed, and nearly one-third have at least four installed. Google officials don’t bar such ad injectors outright, but they do place restrictions on them. Terms of service for Chrome extensions , for instance, require that the ad-injecting behavior be clearly disclosed. Customers of DoubleClick and other Google-operated ads services must also comply with policies barring unwanted software . Read 2 remaining paragraphs | Comments

California governor mandates 25 percent water use reduction

Today, California Governor Jerry Brown issued an executive order that is intended to spur water savings. The order comes as the state enters another year of extreme drought caused by lack of winter rain and snowfall. The state receives almost all of its precipitation in the winter and relies on that to fill reservoirs and deposit snow in the Sierra Nevada mountains. But this year, there was no precipitation for the entire month of January, leaving snowpack at many locations well below average —and completely absent in many areas. The new order focuses on conservation, with mandatory water reductions in cities and towns that will cut use by 25 percent. Many of the additional steps are obvious and probably should have been done before a crisis hit: remove 50 million square feet of lawns, have places like school campuses, golf courses, and cemeteries limit water use, and ban any installation of new irrigation systems that don’t use efficient drip irrigation. Standards for toilet and faucet water use will also be updated. Read 1 remaining paragraphs | Comments

Original post:
California governor mandates 25 percent water use reduction

10% of Americans have a smartphone but no other Internet at home

One out of 10 Americans owns a smartphone but has no other Internet service at home, with the poor far more likely to find themselves in this situation than those who are well off, according to a Pew Research Center report released today . “10 percent of Americans own a smartphone but do not have broadband at home, and 15 percent own a smartphone but say that they have a limited number of options for going online other than their cell phone,” Pew Senior Researcher Aaron Smith wrote. “Those with relatively low income and educational attainment levels, younger adults, and non-whites are especially likely to be ‘smartphone-dependent.’” Pew said that 7 percent of Americans are in both categories—a smartphone is their only option for using the Internet at home, and they have few easily available options for going online when away from home. Pew refers to these Americans as “smartphone-dependent.” Read 9 remaining paragraphs | Comments

Continue Reading:
10% of Americans have a smartphone but no other Internet at home

New ARM-powered chip aims for battery life measured in decades

The number of things getting plugged into the “Internet of Things” has already reached the point of satire . But there’s a new, extremely low power technology that’s being prepared for market that could put computing power and network access into a whole new class of sensors, wearables, and practically disposable devices. That’s because it can run off a battery charge for over over 10 years. Atmel, the San Jose-based microcontroller maker, today released samples of a new type of ultra-low power, ARM based microcontroller that could radically extend the battery life of small low-power intelligent devices. The new SAM L21 32-bit ARM family of microcontroller (MCUs) consume less than 35 milliamps of power per megahertz of processing speed while active, and less than 200 nanoamps of power overall when in deep sleep mode—with varying states in between. The chip is so low power that it can be powered off energy capture from the body, as Andreas Eieland, Atmel’s Director of Product Marketing for low-power products, demonstrated at CES earlier this year. Read 7 remaining paragraphs | Comments

Continued here:
New ARM-powered chip aims for battery life measured in decades

“Copyright troll” Perfect 10 hit with $5.6M in fees after failed Usenet assault

One of the original “copyright trolls,” a porn company called Perfect 10, has been slapped with a massive $5.6 million fee award that could finally shut down the decade-old lawsuit factory. Perfect 10’s model has been to sue third-party providers for carrying images of its porn. It hasn’t been afraid to go after big targets, either—Perfect 10 even sued Google over its image search, resulting in an appeals court case that made crystal clear that such searches are fair use . Despite that ruling, Perfect 10 went ahead and sued Microsoft on similar grounds three months later. The company also sued Giganews, a Usenet provider, in April 2011. Perfect 10 pursued claims for both indirect and direct copyright infringement, stating that Giganews employees directly uploaded infringing images onto its network. Giganews ultimately prevailed on all grounds; now, Perfect 10 has been required to pay its substantial legal bill as well. Read 10 remaining paragraphs | Comments