TweakTown NewsRefine News by Category:
While the LED light turns off when deactivated through the linked application, researchers have discovered that Google's Nest Cam doesn't fully deactivate, stating that it continues to function in a lower power state.
Expanding on these findings, The BBC says that the tested device "continued to draw a current of 340 mA" even when switched completely off, compared to a draw of 370 mA when turned on and operational.
While this draws concerns of 'Big Brother' Google or hackers being able to watch you at any time, Nest released a statement claiming that "when Nest Cam is turned off from the user interface (UI), it does not fully power down, as we expect the camera to be turned on again at any point in time." Further reassuring customers, they also said "when Nest Cam is turned off, it completely stops transmitting video to the cloud, meaning it no longer observes its surroundings."
After users had their Amazon account passwords force-reset by the company itself, it has become apparent that a leak was possibly afoot.
In an email to customers, Amazon stated that it "recently discovered that your password may have been improperly stored on your device or transmitted to Amazon in a way that could potentially expose it to a third party." While this email assured users that the issue was fixed "to prevent this exposure," Amazon also made sure to point out that no third party will have had access to your private password information.
ZDNet reported that these warning emails were coming from both Amazon.com and Amazon.co.uk. While Amazon.com had implemented two-factor authentication for users recently, it's UK counterpart has not yet installed this safety mechanism.
With China joining the rest of the world in moving away from hard currency towards various card options, Trend Micro says that cyber criminals are beginning to run rampant, stepping up their efforts in card fraud.
As part of a new study, Trend Micro pinpoints that the strong Chinese cyber criminal market has shown particular interest in gathering card payment information online. Trend Micro Forward-Looking Threat Research Team member, Lion Gu, wrote this lengthy report and referred to the growth in the market as an obvious fraud issue. With more users comes more risk of crime, it's not exactly rocket science.
What isn't obviously is exactly how this crime will come about. It's not just dodgy online stores that are being used, some machines are being modified to illegally store and send information, says Gu. Due to the machines passing through many hands and it being sometimes hard to track exactly who has touched them and when, there's a large possibility that criminals are placing these information capture facilities on products at some stage through the supply line, without the end-user or buying business being aware.
British police have arrested two young people believed to be spearheading a website named reFUD.me, a company which offered services to malware makers, assisting them to navigate past anti-virus programs.
The two 22 year-olds arrested allegedly kicked off their project in Feburary 2015, advertising themselves through various online malicious forums. Providing support to surpass between 30 and 40 anti-virus programs, the offered service utilized Cryptex Reborn packaging to bypass any new issues that arose during its time of operation.
reFUD.me charged license fees to many of its users, asking for $20-90 per month while offering updates when new issues were to arise.
Described as an "unintended security vulnerability," Dell has admitted that a root certificate preinstalled on some of its models exists and promises to remove it.
A Dell spokesperson explained that "to address this, we are providing our customers with instructions to permanently remove the certificate from their systems via direct email, on our support site, and technical support," further commenting that the computer giant does not install malware on user systems pre-delivery.
While Dell claims no responsibility for this flaw, a security blogger by the name of Hanno Bock disagrees. He says that this root certificate is not only shipped within these pre-built machines, but it's under the name 'eDellRoot' and is linked to 'Dell Foundation Services' drivers.
If it's on the internet, you can hack it. This is something that the FBI's chief security information officer, Arlette Hart, agrees with and discussed in length at the recent Structure cloud industry summit on Wednesday.
Talking about levels of enterprise and risk, Hart stated that accepting a risk doesn't mean it's going to happen," expanding "it means if the thing happens, you accepted the risk and will take the steps to mitigate that risk." Hart explained that while cloud data and technology is an extremely useful advancement, it can also be used for damaging purposes, saying "when the sword cuts, it cuts both ways."
While not directly answering any questions on 'the right to be forgotten', Hart also discussed that cloud-related risks are all part of business and an necessary evil to subject yourself to.
After news coming to light of the terrorist organisation ISIS using the PlayStation Network in order to coordinate attacks, security experts claim this group has now moved to Telegram in order to evade security organizations.
Utilizing an app made by Russian developers in order to evade their own Government, the messages still are much safer, says Cryptographer Matthew Green from Johns Hopkips. Professor Green Tweeted that this application's "crypto is like being stabbed in the eye with a fork."
While this app has not yet been formally announced as cracked, a researcher by the name of Thaddeus Grugq stated in a blog that he "wouldn't trust the encryption protection in Telegram against a nation state adversary."
Hacktivist collective Anonymous has reportedly declared war against the terrorist group ISIS, vowing revenge against the Islamic State following the recent terror attacks in Paris.
On the Saturday following the brutal attacks that saw more than 129 people murdered, ISIS took responsibility for the wave of terror that swept over the city of Paris. President François Hollande then confirmed the Islamic State's involvement. The terrorist group boasted that this wast just "the first of the storm" and called Paris a "capital of prostitution and obscenity."
Anonymous has now stood up to promise retribution, and has already begun wreaking havoc across the Islamic State's online network as part of the #OpParis campaign. "These attacks cannot be left unpunished. That's why Anonymous worldwide will track you," a recent Anonymous video proclaimed. "Yes, we are going to track you down, like we have since the Charlie Hebdo attacks. Wait, then, for a massive response from Anonymous. Know that we will find you, and we will hold nothing back."
An anonymous hacker group has remotely jailbroken a new iPhone running iOS 9.1, winning themselves a cool $1 million from startup Zerodium (self-described as a "premium exploit acquisition platform"). The winnings are pending final verification of the exploit, but results at this stage look good.
To put the difficulty of this feat in context: a chain of zero-day bugs needed to be found, the hack needed to be remote (much more difficult -- Chinese hacking team Pangu already hacked the new iPhone, but couldn't do it remotely) and made through Safari, Chrome, or a text or multimedia message, and full system access needed to be obtained. An iPhone has not been remotely jailbroken for over a year, since iOS 7. Zerodium says Apple will likely patch these bugs "in a few weeks to a few months".
T-Mobile has just announced that it has been hacked, with up to 15 million people affected. The hack hit Experian, which T-Mobile uses to process its credit applications.
The names, addresses, birth dates and social security numbers of 15 million customers were hacked, with the encrypted data including social security numbers and drivers license numbers. Experian says that the encryption protecting those precious bits and bytes of data was also compromised.
The hack took place between September 1, 2013 and September 16, 2015 - which means that anyone who had a credit check for a new line of service or a new smartphone could be affected. T-Mobile CEO John Legere has said that he's "incredibly angry" about the attack, and that the company would be going through a "thorough review" of their relationship with Experian. Legere reiterated that its payment systems and network were not attacked, with the blame placed on Experian.
T-Mobile and Experian will now be offering free credit monitoring and identity protection services for the next two years, which is a decent consolation prize.