Google Labs has produced some amazing ideas. Some of them have found their way to the market, and many others have not. The one thing they have in common, though, is that they’re all intriguing and exciting. That’s especially true of Google’s latest offering, Google Pixel Buds. If you’ve ever read “The Hitchhiker’s Guide To The Galaxy,” then you know the term “Bable Fish.” If you grew up watching Star Trek, then you know all about the Universal Translator. Well, Google has built the version 1.0 of that very device. The new earbuds are able to translate forty different languages in something close to real time. Close enough, in any case, to be useful in day to day conversation. Obviously there are some glitches and limitations at this point, just as there were in the first smartphones and computers, but the fact that this new technology exists at all, in any form, is nothing short of amazing. The potential applications are limitless, and the number will only grow as the technology matures. We can see the possibility of seamless global communications that cut across language barriers. It boggles the mind. If you do business with vendors all over the globe, imagine how much simpler this is going to make your life. As mentioned, it’s a given that early adopters will face certain limitations and no doubt chafe under the shortcomings of the early versions of the device, but that’s been true of just about every invention we’ve ever seen enter the marketplace. Consider speech-to-text technology, for example. The early versions were quite buggy and you could count yourself lucky if they successfully interpreted 40 percent of your words, translating them into text. These days, that percentage is closer to 98. The best way to help this new product succeed is to jump in and start using it, bugs, flaws, shortcomings and all. Kudos to Google Labs!
0 Comments
Security researchers have found a new critical security flaw dubbed "Krack" (Key Reinstallation Attacks) that affects literally every WiFi router and smart phone in use today. The reason? The security flaw resides in the WiFi standard itself, rather than in a third-party product. In addition to being vast in scope and scale, Krack is a particularly nasty, versatile flaw, allowing hackers to intercept credit card numbers, passwords, photos and a whole host of sensitive personal information. It works like this: A hacker finds a vulnerable WPA2 network, and then makes an exact copy of it, including impersonating the MAC address. This clone then serves as a "man in the middle" allowing the hacker who controls it to intercept everything passing through it. WPA2 encryption requires a unique key to encrypt each block of plain text, but because Krack attacks make a copy that's indistinguishable from the original, they're able to use the same encryption key. As bad as that is, it gets worse for Android and Linux users. Thanks to a bug in the WPA2 standard, these devices don't force the client to demand a unique encryption key with each use. Instead, they allow the key to be "zeroed out," literally creating an encryption key containing all zeroes, which interferes with a key part of the handshake process. In addition to that, hackers can deploy specialized scripts that can cause the connection to bypass HTTPS, which leaves passwords and other normally protected data exposed. If there's a silver lining, it is that the attack can't be used to target routers directly, but honestly, that's not much of a silver lining, because the potential damage this new vector could cause is virtually without limit. Unfortunately, until a patch is released, there's not much you can do, short of turning off WiFi altogether. This may work for smartphone users, but it is simply impractical for routers. There's some good news, though. The fix should be relatively easy to implement, although no ETA has been given at this point. Equifax's problems just keep getting worse. Not long ago, the company suffered a major data breach that ultimately resulted in the CEO stepping down and a painful congressional grilling. Initial estimates placed the number of impacted users at some 143 million, but as the investigation has continued, it turns out that the numbers are even higher than initially feared. Based on the forensic teams final report, as many as 145.5 million users were impacted. In our modern society, there are many who would argue that your credit score is as important, if not more important than your social security number. To arrive at your score, the Big Three credit reporting agencies necessarily have to collect a large amount of sensitive information about people, so when they suffer from a breach, it's bad, and in Equifax's case, it just keeps getting worse. Based on the latest information, the compromised data included names, social security numbers, birthdays, and addresses. If that wasn't bad enough, some 200,000 customers saw their credit card information exposed, along with an unknown number of electronic documents containing Personally Identifiable Information (PII). To put these numbers in full context, Equifax maintains files on more than 800 million people around the world, along with more than 90 million businesses, so the breach, while catastrophic in size, wasn't nearly as bad as it could have been. That's a small consolation to the millions who have been impacted, but it's important to understand that as bad as the breach was, it was quite far from the worst case scenario. In the aftermath of the breach, the company has come under fire by the US Government, which has charged that the company actually stands to profit from it by selling a credit monitoring service after giving impacted consumers one year free. In light of the recent congressional hearings on the matter, the future of that program is unclear, but this breach, and its root cause (an unpatched Apache Struts 2 vulnerability) serves to underscore how easy it is for even big multinational companies to fall victim to a determined hacker. Late last year, Yahoo announced that it was the victim of the largest data breach in history. It impacted, by their initial estimates, fully one third of their user base, some one billion users. As it turns out, Yahoo’s estimates were wildly inaccurate. Literally every person who had a Yahoo account in 2013 was impacted, making the total in the neighborhood of three billion accounts (yes, that’s billion, with a “B”). If you’re a Yahoo user, and have had your account since 2013 or before, then your account was impacted, regardless of if you received a notification from the company. You may be tempted to simply delete your account, especially if it’s one you no longer use on a regular basis, but don’t. Yahoo’s policy is to recycle defunct accounts after thirty days, meaning your account can be hijacked by anyone if you delete it. The best bet is to change your password immediately and enable two-factor authentication to provide an added layer of protection. Also, if you’re in the habit of using the same password across multiple websites, be sure to change any that share your Yahoo.com account’s password. One of the first things a hacker will try is to use compromised credentials on other accounts. If you don’t take immediate action, you’re essentially handing the hackers the keys to your digital kingdom and opening yourself up to identity theft, compromised bank accounts and credit cards and more. In fact, this would be a great time to simply get out of the habit of using the same password across multiple web properties. It’s a bad habit, and if it’s one you’ve developed, then it’s time to make a change. True, it’s not as convenient, and having to remember multiple passwords can sometimes be annoying, but isn’t your digital security worth it? And the best way to maintain different passwords for each site is to use a password manager. I recommend LastPass. Click the link for a free month of premium. For a time, it seemed we had reached the high-water mark where Locky Ransomware was concerned. After the big, global attack earlier this year, interest in that particular strain of ransomware seemed to wane as hackers went off in search of the “next new thing” to deploy against the unwitting public. Unfortunately, rumors of Locky’s death may have been highly exaggerated. A massive new email campaign is underway, using Amazon as a cover, and the infected emails come bearing Locky as a “gift” to anyone who opens them and downloads the attachment. While no one knows who is behind the Locky software itself, this new email campaign is being run through a large botnet-for-hire called Necurs, which is currently made up of more than five million devices from all over the world. These devices have been sending out a million emails an hour that appear to come from Amazon and contain downloadable attachments with their malicious payload. The hackers are being quite savvy about the operation too, timing the sending of their emails so that they arrive during normal working hours, which makes them seem more legitimate. As ever, anyone unfortunate enough to download the attachment contained in one of these emails will soon find all the files on their system encrypted, and get a notification that they must pay a ransom in BitCoin if they want the unlock code to get their files back. It gets even worse, though. This latest attack does more than just install Locky. It also installs a program called “FakeGlobe,” which appears to be another variant of ransomware that’s designed to trigger after files are unlocked. So, even if you pay the ransom, you may find yourself immediately facing newly encrypted files and having to pay a second one. As ever, the keys to avoiding scams like these are vigilance, employee/family education and a robust backup and file recovery plan, in the event that someone in your organization or household does open one of these emails. And be sure to contact PC Tech for Hire for assistance in establishing your plan. |
Ronnie MorganHi! I'm Ronnie, your PC Tech for Hire for the Montgomery, AL area! Let me know if you need my 25+ years of experience to help you with your computer needs. Archives
January 2018
Categories
All
|