Tool Easily Breaks Into Locked PCs

Proving once again that you can do a lot of damage with a little investment and a lot of ingenuity, security researcher Samy Kamkar recently managed to take down a locked, password-protected computer armed with only a US$5 Raspberry Pi.

The low-tech cookie-siphoning intrusion is one of Kamkar’s simplest hacks ever. He previously has unlocked car doors, garages, wireless remote cameras and other devices, with MacGyver-like precision.

Kamkar’s latest hack, PoisonTap, uses a Raspberry Pi Zero, a micro SD card, and a micro USB cable or other device that emulates USB, including USB Armory or LAN Turtle.

Windows, OS X and Linux recognize PoisonTap as an Ethernet device, load it as a low-priority network device, and perform a DHCP request across it, even if the computer is locked or password-protected, Kamkar explained.

PoisonTap provides the computer with an IP address. However, the DHCP response tells the machine that the IPv4 space is part of PoisonTap’s local network, rather than a small subnet, he said.

If a Web browser is running in the background, one of

Whats Happen on News Propaganda

A few years back, when it was one company, HP made a huge mistake that cost a number of people their jobs and forced the replacement of many of its board members. The company suffered through some nasty litigation and several top executives almost landed in jail.

The mistake was tied back to something the board authorized, which at the time was called “pretexting.” It also went by the more common term “identity theft.” It is my belief that the board wouldn’t have authorized the effort if it had been told that what the teams planned to do was steal the identities of reporters.

Given how risk-averse boards were, and still are, HP’s directors simply would not have been willing to take the risk, in my view, and much of HP’s pain in the last decade could have been avoided.

Given that Russia is the source for much of it, I now wonder if our use of the term “fake news” as a label — as opposed to the older and more relevant term — isn’t doing us

Tech Effort to Get Money

One year after a powerhouse group of technology executives and venture capital icons met to form the Breakthrough Energy Coalition, the group, led by Microsoft founder Bill Gates, has launched a US$1 billion investment fund to support clean energy startups around the world.

The Breakthrough Energy Fund, chaired by Gates, is designed to jumpstart an entire new generation of entrepreneurs developing radical new approaches to providing reliable and low-cost energy, with zero carbon emissions as the end goal.

Institutional partners, including the University of California, will help generate research ideas. Strategic partners, including Southern Co. and others, will help the group with regulatory issues, and figure out which companies have the most promise.

In addition to Gates, co-chair of the Bill and Melinda Gates Foundation, the Breakthrough Energy Coalition’s board members include John Arnold, co-chair of the Laura and John Arnold Foundation; John Doerr, chair of Kleiner, Perkins, Caufield & Byers; and Vinod Khosla, founder of Khosla Ventures.

Star Power

Other leading members include Jack Ma, executive chairman of Alibaba Group; Mukesh Ambani, chairman and

Robust Sales

Amazon Echo and Google Home were among the most buzzed-about items on Cyber Monday, according to Adobe Digital Insights spokesperson Melissa Chanslor.

In fact, Amazon on Tuesday reported a record-breaking Cyber Monday, with sales of the Echo family of devices up seven times compared with Cyber Monday 2015.

The company sold millions of Alexa-related devices over the Thanksgiving weekend, with the Echo Dot, the Amazon Fire TV Stick with Alexa Voice Remote, the Fire tablet and the Amazon Echo ranking as the best-selling products from any manufacturer across the site, said Dave Limp, senior vice president, Amazon devices and services.

Amazon sold more than 5.1 million Echo devices in the U.S. since the product was launched in 2014, according to a Consumer Intelligence Research Partners report released earlier this month. Approximately 2 million of the estimated 5.1 million devices sold in the first nine months of 2016 alone, with awareness of the device on the rise.

More than 40 percent of Echo users streamed music on the device, and one-third used it to ask Alexa questions, the report shows.

A touchscreen would be a strong addition to the Echo, which operates mainly through voice controls, noted Rob Enderle, principal analyst at the Enderle Group .

“There

The President Elects

Fact-checking President-elect Donald Trump can be a chore, even for people paid to do it. The Washington Post wants to make it less so, with add-ons to the popular Chrome and Firefox browsers.

The browser extension, RealDonaldContext, is available from the Chrome Web Store or the Mozilla Foundation.

After installation, any time you click on a tweet on the @realdonaldtrump account, any fact-checking the Post may have done also will be displayed.

The fact-checking includes adding context. For instance, Trump posted this tweet on Dec. 12:

If you view that tweet with the Post extension active, you’ll see this displayed:

“There’s important context missing.”Trump originally pledged to hold a press conference on Dec. 15 to explain how he would avoid conflicts of interest as president. That was canceled before it happened. There remain questions about how Trump will ensure that his presidential decisions don’t unduly benefit his corporate interests, even if he’s not the titular head of the Trump Organization.”

At the end of the Post‘s comments is a link to a relevant story in the newspaper about the subject in the tweet.

In addition to adding context to what can be misleading information in Trump’s tweets, the Post applet offers some kibbitzing.

Major Data Breach Deja Vu

Yahoo on Wednesday revealed that Net bandits stole data associated with 1 billion of its user accounts — one of the largest data breaches in Internet history.

The theft, which occurred in August 2013, is distinct from the theft disclosed earlier this fall, in which 500 million accounts were compromised, Yahoo CISO Bob Lord explained.

Stolen information may include names, email addresses, telephone numbers, dates of birth, hashed passwords using MD5 encryption — and in some cases, encrypted or unencrypted security questions and answers, according to Lord.

An unauthorized third party accessed the code Yahoo uses to create cookies, he noted. Access to that code allowed attackers to compromise accounts with forged cookies.

In response to this latest discovery, Yahoo is taking steps to secure the accounts of affected users and invalidate forged cookies, said Lord, as well as to harden its systems against similar attacks.

More Data NickedThis latest breach at Yahoo appears worse than the previous one not only because is it bigger, but also because more-sensitive information was stolen.

“More information was released than just usernames and passwords,” explained Rami Essaid CEO of Distil Networks.

“The bad guys are getting a more holistic look at these users,” he told TechNewsWorld.

The weakly

How Gooligan Works

Gooligan-infected apps send data about infected devices to the campaign’s command and control server, then download a rootkit such as Vroot or Towelroot.

That raises the question of why Google hasn’t done anything to prevent the risky activity.

“Support is expensive, and, when you’re Google or any other vendor,” said Michael Jude, a program manager at Stratecast/Frost & Sullivan.

“You have to plan allocation of resources for these things, since there are always user problems,” he told TechNewsWorld.

Once the device is rooted, Gooligan downloads a new malicious module that lets it

  • steal a user’s Gmail account and authentication token information, which bypasses Google’s two-factor authentication and other security mechanisms;
  • install apps from Google Play and rate them to raise their reputation; and
  • install adware to generate revenue.

The malware also fakes device information such as IMEI and IMSI, so it can download an app twice but make it appear that the downloads are on different devices, thus doubling the potential revenue from the apps.

Apps infected by Gooligan include “Perfect Cleaner,” “WiFi Enhancer,” “Memory Booster,” “Battery Monitor” and “Weather.”

 

Protecting the User

Google has removed from Google Play apps associated with the Ghost Push family, and apps that benefited from installs delivered by the malware, Google’s Ludwig noted.

It also has

Lets Call for Public Systems

The San Francisco Municipal Transportation Authority, or SF MTA, was hacked on Friday.

“You Hacked, All Data Encrypted,” was the message reportedly displayed on computer screens at the authority’s stations throughout the city. “Contact for Key ([email protected])ID:681 , Enter.”

Fare payment machines at underground stations were out of order, resulting in free rides on the subway and light rail system known locally as “SF Muni.”

Some SF MTA employees’ email systems did not work, The San Francisco Examiner reported.

The MTA locked its subway fare gates in an open position to enable free riding, according to the paper.

The agency was hit by a ransomware attack that disrupted some of its internal computer systems, including email, according to spokesperson Kristen Holland.

The attack didn’t affect transit service or buses, she noted. Neither customer privacy nor transaction information were compromised, and the situation was contained.

All About the DoughA person at the email address provided by the hacker, who identified himself as “Andy Saolis” to the Examiner, demanded 100 bitcoins — equal to about US$73,000 — to release data captured from the MTA.

The MTA payment system was inaccessible over the weekend, according to the Examiner, and employees were concerned that the personal data of

Fleet to Gather Maps Data

Apple has assembled a group of robotics and data-collection experts who will use unmanned aerial vehicles — that is, drones — to obtain data for updates to its Maps app, Bloomberg reported Thursday.

Apple, Google and others in the cartography space currently collect a lot of their data using motor vehicles equipped with high-tech gear.

“That’s a very expensive and time-consuming process,” said Sam Abuelsamid, a senior research analyst at Navigant Research.

“Doing it with drones provides the potential to gather the same kind of data in a much more cost-effective manner and do it more rapidly,” he told TechNewsWorld.

“Drones allow them to cover more territory faster,” observed Tim Bajarin, president of Creative Strategies.

“It is the most obvious way to help keep road data up to speed at all times,” he told TechNewsWorld.

Drone AloneHowever, drones are no substitute for a fleet of ground vehicles, maintained Tsou, a professor in the geography department at San Diego State University.

“I don’t think drones can replace the ground vehicles since there are many limitations of UAVs,” he told TechNewsWorld. “The viewpoint of drones is very different from a car. For car navigation purposes, the car view is more important than an airplane view.”

There

Apple airPods is great thing to enjoy listen music

Apple’s new wireless AirPods are finally available.

The company on Tuesday began taking orders for AirPods at its online store, and said it would start delivering the US$159 earphones to customers, Apple Stores, resellers and carriers next week.

At the iPhone 7 launch in September, Apple Senior Vice President of Worldwide Marketing Phil Schiller said the AirPods would be available in October, but the company missed that target time frame due to unexplained delays.

Missing the deadline for release of any hot product is bad news for a company, but what made the AirPods miss worse was that the they were supposed to offset some of the sting consumers felt over Apple’s decision to omit the traditional headphone jack in the iPhone 7.

“Someone clearly dropped the ball, because without something like this with the iPhone 7 the attached sales for the earbuds were stalled, and it made it harder to sell iPhone 7s,” noted Rob Enderle, principal analyst at the Enderle Group.

“Both products should have shown up at the same time,” he told TechNewsWorld.

 

Missed Opportunity

However, the absence of AirPods doesn’t seem to have affected iPhone 7 sales that much.

“Sales of the iPhone 7 seem to be doing well,” said Ross Rubin, principal

Project Evo Ups the PC Game

Microsoft and Intel on Wednesday announced Project Evo, their highly anticipated collaboration to create the next generation of personal computers. The project aims to expand on new advances in artificial intelligence, mixed reality, advanced security and gaming,

Terry Myerson, executive vice president of the Windows and Devices Group at Microsoft, unveiled some of Project Evo’s ambitious plans at the Windows Hardware Engineering Community (WinHEC) event in Shenzhen, China.

Through the collaboration, the companies will push the boundaries of a personal computer’s capabilities in the near future, he said. Technologies under development include far-field speech and wake-on-voice enabled through Cortana, biometrics and voice authentication in Windows Hello, spacial audio, and HDR support for gaming.

Project Evo — particularly its expanded use of Cortana — invites comparisons to the digital assistant tools found in Amazon Echo and Google Home, standalone speakers that use Amazon Alexa and Google Assistant respectively. Though their capabilities differ, each uses voice communications to interact with the automated home.

However, Project Evo seems geared toward making the personal computer into a much more sophisticated device — one that can be accessed and operated in ways never before seen.

Home Hub Connection?Essentially, users will be able to wake up a PC,