Miscellaneous Tech News
-
Trusted platform module security defeated in 30 minutes, no soldering required
Sometimes, locking down a laptop with the latest defenses isn't enough.
Let’s say you’re a large company that has just shipped an employee a brand-new replacement laptop. And let’s say it comes preconfigured to use all the latest best security practices, including full-disk encryption using a trusted platform module, password-protected BIOS settings, UEFI SecureBoot, and virtually all other recommendations from the National Security Agency and NIST for locking down federal computer systems. And let’s say an attacker manages to intercept the machine. Can the attacker use it to hack your network? -
@mlnews said in Miscellaneous Tech News:
Trusted platform module security defeated in 30 minutes, no soldering required
Sometimes, locking down a laptop with the latest defenses isn't enough.
Let’s say you’re a large company that has just shipped an employee a brand-new replacement laptop. And let’s say it comes preconfigured to use all the latest best security practices, including full-disk encryption using a trusted platform module, password-protected BIOS settings, UEFI SecureBoot, and virtually all other recommendations from the National Security Agency and NIST for locking down federal computer systems. And let’s say an attacker manages to intercept the machine. Can the attacker use it to hack your network?tl:dr = SPI bus communicates in clear text. Use a BitLocker PIN/Password.
Hopefully this being in the media will change that.
-
-
Google+ class action starts paying out $2.15 for G+ privacy violations
Google exposed the private data of 52 million users in 2018 and got sued.
Who remembers the sudden and dramatic death of Google+? Google's Facebook competitor and "social backbone" was effectively dead inside the company around 2014, but Google let the failed service hang around for years in maintenance mode while the company spun off standalone products. In 2018, The Wall Street Journal reported that Google+ had exposed the private data of "hundreds of thousands of users" for years, that Google knew about the problem, and that the company opted not to disclose the data leak for fear of regulatory scrutiny. In the wake of the report, Google was forced to acknowledge the data leak, and the company admitted that the "private" data of 500,000 accounts actually wasn't private. Since nobody worked on Google+ anymore, Google's "fix" for the bug was to close Google+ entirely. Then the lawsuits started. -
@mlnews said in Miscellaneous Tech News:
Google+ class action starts paying out $2.15 for G+ privacy violations
Google exposed the private data of 52 million users in 2018 and got sued.
Who remembers the sudden and dramatic death of Google+? Google's Facebook competitor and "social backbone" was effectively dead inside the company around 2014, but Google let the failed service hang around for years in maintenance mode while the company spun off standalone products. In 2018, The Wall Street Journal reported that Google+ had exposed the private data of "hundreds of thousands of users" for years, that Google knew about the problem, and that the company opted not to disclose the data leak for fear of regulatory scrutiny. In the wake of the report, Google was forced to acknowledge the data leak, and the company admitted that the "private" data of 500,000 accounts actually wasn't private. Since nobody worked on Google+ anymore, Google's "fix" for the bug was to close Google+ entirely. Then the lawsuits started.And, let's hope, that there is some regulatory scrutiny over this!
-
Spotify calls off plans to support AirPlay 2, frustrating iPhone users
It's not a surprise to iOS users, but it's still a disappointment.
iPhone users have been asking for Spotify to add AirPlay 2 support for ages, but yesterday Spotify told users they shouldn't expect the feature to be added any time soon. AirPlay 2 was added to iOS more than three years ago, and users have been asking for Spotify to support it for many months. It offers lower latency, multi-room support, and Siri integration. Apple provides ways for developers to connect experiences to it, and sometimes works directly with prominent app developers who are seeking to implement it. Many other major audio apps on the iPhone support it. AirPlay 2 has become available in several non-Apple products too, like recent TVs from manufactures such as Samsung and LG. -
New “Glowworm attack” recovers audio from devices’ power LEDs
A new class of passive TEMPEST attack converts LED output into intelligible audio.
Researchers at Ben-Gurion University of the Negev have demonstrated a novel way to spy on electronic conversations. A new paper released today outlines a novel passive form of the TEMPEST attack called Glowworm, which converts minute fluctuations in the intensity of power LEDs on speakers and USB hubs back into the audio signals that caused those fluctuations. The Cyber@BGU team—consisting of Ben Nassi, Yaron Pirutin, Tomer Gator, Boris Zadov, and Professor Yuval Elovici—analyzed a broad array of widely used consumer devices including smart speakers, simple PC speakers, and USB hubs. The team found that the devices' power indicator LEDs were generally influenced perceptibly by audio signals fed through the attached speakers. -
Today’s Firefox 91 release adds new site-wide cookie-clearing action
New features build on Total Cookie Protection, simplifying privacy management.
Mozilla's Firefox 91, released this morning, includes a new privacy management feature called Enhanced Cookie Clearing. The new feature allows users to manage all cookies and locally stored data generated by a particular website—regardless of whether they're cookies tagged to that site's domain or cookies placed from that site but belonging to a third-party domain, eg Facebook or Google. -
Google may cut pay of staff who work from home
Google employees in the US who opt to work from home permanently may get a pay cut.
The technology giant has developed a pay calculator that lets employees see the effects of working remotely or moving offices. Some remote employees, especially those with a long commute, could have their pay cut without changing address. Google has no plans at this time to implement the policy in the UK. Employees in many businesses have proved that working from home permanently is viable during the Covid pandemic. Many companies are looking ahead to how employees will work as the pandemic recedes, even as the US continues to battle the Delta variant of the disease. -
@mlnews said in Miscellaneous Tech News:
Google may cut pay of staff who work from home
Google employees in the US who opt to work from home permanently may get a pay cut.
The technology giant has developed a pay calculator that lets employees see the effects of working remotely or moving offices. Some remote employees, especially those with a long commute, could have their pay cut without changing address. Google has no plans at this time to implement the policy in the UK. Employees in many businesses have proved that working from home permanently is viable during the Covid pandemic. Many companies are looking ahead to how employees will work as the pandemic recedes, even as the US continues to battle the Delta variant of the disease.Google confirming they are a horrible company to work for. What does the area you live in have to do with the amount of value you bring to the company?
-
Accenture downplays ransomware attack as LockBit gang leaks corporate data
Fortune 500 company Accenture has fell victim to a ransomware attack but said today the incident did not impact its operations and has already restored affected systems from backups.
News of the attack became public earlier this morning when the company’s name was listed on the dark web blog of the LockBit ransomware cartel. The LockBit gang claimed it gained access to the company’s network and was preparing to leak files stolen from Accenture’s servers at 17:30:00 GMT. In an emailed statement, Accenture not only confirmed the attack but also greatly played down its impact. -
@mlnews said in Miscellaneous Tech News:
Accenture downplays ransomware attack as LockBit gang leaks corporate data
Fortune 500 company Accenture has fell victim to a ransomware attack but said today the incident did not impact its operations and has already restored affected systems from backups.
News of the attack became public earlier this morning when the company’s name was listed on the dark web blog of the LockBit ransomware cartel. The LockBit gang claimed it gained access to the company’s network and was preparing to leak files stolen from Accenture’s servers at 17:30:00 GMT. In an emailed statement, Accenture not only confirmed the attack but also greatly played down its impact. -
-
-
@scottalanmiller said in Miscellaneous Tech News:
That news is just now being reported? I'd be surprised if the ransomware gangs took an entire day to start using the exploits.
-
SynAck ransomware gang releases decryption keys for old victims
The El_Cometa ransomware gang, formerly known as SynAck, has released today master decryption keys for the victims they infected between July 2017 and early 2021.
The keys have been verified as authentic by Michael Gillespie, a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service. Gillespie told The Record he was able to use the leaked decryption utilities and private keys to decrypt files from old SynAck attacks. The Record will not be making these keys generally available as the decryption process can be somewhat complicated for non-technical users, and former SynAck victims who may try to decrypt older data might end up damaging files even further. Instead, Gillespie said that Emsisoft would be developing its own decryption utility that will be safer and easier to use, which they will be releasing within the next few days. -
-
Samsung has its own AI-designed chip. Soon, others will too
Semiconductor software-design maker Synopsys is adding AI to its arsenal.
Samsung is using artificial intelligence to automate the insanely complex and subtle process of designing cutting-edge computer chips. The South Korean giant is one of the first chipmakers to use AI to create its chips. Samsung is using AI features in new software from Synopsys, a leading chip design software firm used by many companies. “What you’re seeing here is the first of a real commercial processor design with AI,” says Aart de Geus, the chairman and co-CEO of Synopsys. Others, including Google and Nvidia, have talked about designing chips with AI. But Synopsys’ tool, called DSO.ai, may prove the most far-reaching because Synopsys works with dozens of companies. The tool has the potential to accelerate semiconductor development and unlock novel chip designs, according to industry watchers. -
The little-known human stories behind emoji designs
You may not think much about the emoji you use to text every day but there are compelling human stories behind them.
"My father's music is message music, to uplift the world from its slumbering mentality," says reggae musician Andrew Tosh, speaking from his home in Kingston, Jamaica. His father, Peter Tosh, was one of the three founding members of the 1960s band The Wailers, along with Bob Marley and Bunny Wailer. Peter Tosh's story doesn't end happily; he was murdered in a horrific attack in the 1980s, but he left both a musical and a political legacy. And if you open your emoji keyboard and search for "levitating", you will find a tiny picture of a man dressed in a dapper black suit, hat and shades. That is Peter Tosh. -