The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!

2017.08.08 01

The man who wrote the book on password management has a confession to make: He blew it.

Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of “NIST Special Publication 800-63. Appendix A.” The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers—and to change them regularly.

The problem is the advice ended up largely incorrect, Mr. Burr says. Change your password every 90 days? Most people make minor changes that are easy to guess, he laments. Changing Pa55word!1 to Pa55word!2 doesn’t keep the hackers at bay.

The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!

With New Digital Tools, Even Nonexperts Can Wage Cyberattacks

2017.05.15 01

SAN FRANCISCO — Hackers are discovering that it is far more profitable to hold your data hostage than it is to steal it.

A decade-old internet scourge called ransomware went mainstream on Friday when cybercriminals seized control of computers around the world, from the delivery giant FedEx in the United States to Britain’s public health system, universities in China and even Russia’s powerful Interior Ministry.

Ransomware is nothing new. For years, there have been stories of individuals or companies horrified that they have been locked out of their computers and that the only way back in is to pay a ransom to someone, somewhere who has managed to take control.

You don’t even need to have any skills to do this anymore,” said Jason Rebholz, a senior director at the Crypsis Group who has helped dozens of victims of ransomware.

Ransomware has allowed people who are not computer experts to become computer thieves. It used to be that hackers had to be a little creative and skilled to get money out of people. There were fake antivirus scams that promised to clean up your computer — for a fee.

With New Digital Tools, Even Nonexperts Can Wage Cyberattacks

All the New Features in macOS Sierra

2016-09-21-13

Apple’s just released macOS Sierra, and while it’s a minor update, it does include Siri, a universal clipboard, and a handful of other new features. Let’s take a quick look at all the new stuff.

  • Siri Lands on Your Mac
  • Siri Gives Notification Center More Purpose
  • Universal Copy-Paste Between Your Mac and iPhone, Unlock Your Mac with Your Apple Watch
  • iCloud Drive Expands to Include Your Desktop and Documents
  • Photos on Mac Gets All the New Features of Photos on iOS
  • Optimized Storage Clears Up Disc Space
  • Apple Music Gets a Little Easier to Use
  • Nearly Every App Gets Tabs
  • Safari Adds Picture-in-Picture Mode

All the New Features in macOS Sierra

Dark Sky, the Up-to-the-Minute Weather App, Now Works In Your Browser

2016-09-21-11

Web: Dark Sky is one of the coolest weather apps, providing minute-by-minute weather tracking. Up until now, it’s only been available on iOS or Android phones, but now everyone can finally use it on the web.

The website lets you explore the weather around you in a bit more detail than you can find on your phone. You can look ahead at your forecast to see tons of details about the weather in the near future like temperature, humidity, wind, pressure, and more. The company has also added some interesting interactive weather maps to the web version, so you can explore the temperature, precipitation radar, and even the ozone across the world.

Dark Sky, the Up-to-the-Minute Weather App, Now Works In Your Browser

Steam Blows Off Aggrieved Indie Dev

2016-09-21-05Independent video game developer Digital Homicide Studios on Monday posted a response to its ban from Valve Corporation’s digital distribution platform Steam.

Valve banned the development studio this weekend, after Digital Homicide reportedly initiated legal action against 100 users who had posted negative reviews of its games.

Digital Homicide resorted to lawsuits after Steam failed to resolve abuse issues that had arisen concerning those users of the Steam community, according to the Digital Homicide post. The game developer further accused Valve of ignoring threats posted on Steam’s forums.

Valve has delisted all of Digital Homicide’s games from Steam — including Paranormal Psychosis, Gnarltoof’s Revenge and Krog Wars.

Valve claimed Digital Homicide had been hostile to Steam customers, noting that the lawsuit against Steam users demands approximately $18 million in damages.

The digital distribution platform apparently is sticking with its customers, even if not directly defending their alleged actions.

In its lawsuit, Digital Homicide claims that the defendants’ actions resulted in lost business, among other negative consequences.

User reviews have become a staple of e-commerce in recent years, and that typically means accepting the good with the bad. The question in this case appears to be whether the defendants’ actions constituted cyberbullying or other illegal forms of online harassment.

Steam Blows Off Aggrieved Indie Dev

This USB Stick Will Instantly Destroy Your Computer

2016-09-21-01

The USB Killer exploits a vulnerability manufacturers haven’t bothered fixing.

Whatever you do, don’t mistake this USB stick for the one holding your Powerpoint.

When plugged into any device, The USB Killer, released earlier this summer, rapidly draws power from the hardware, then returns that power in an overloading burst. According to the makers, this “instantly and permanently disables unprotected hardware.” Potential targets include not just PCs, but TVs, copy machines—anything with a USB port.

The device, marketed as a testing tool for administrators looking to protect their systems, sells for 49.95 Euros, or around $56 dollars. Demand has apparently been high, with the manufacturers reporting backorders.

Despite the obvious nefarious potential for the tool, its public release at least appears well-intentioned. The USB Killer was developed by a security hardware team based in Hong Kong, who first publicized the vulnerability it targets over a year ago, and developed an early prototype.

But the team was deeply frustrated to see manufacturers take little action on closing the vulnerability. According to the team, Apple is to date the only manufacturer that protects their devices against this so-called USB surge attack.

This USB Stick Will Instantly Destroy Your Computer

Cub Linux Is a Worthy Chromixium Offspring

2016-09-10-01Cub Linux, an improved rebranding of the innovative Chromixium Linux distro, combines the look, feel and functionality of Google’s Chrome OS with traditional Linux performance.

Cub Linux provides a complete Chromebook experience on the hardware of your choice. The innovation is quite impressive. Cub Linux also runs software from the Ubuntu distro ecosystem.

When I reviewed the Linux hybrid Ubuntu-based Chromixium distribution in May of last year, I liked it so much that I continued using it on some of my aging hardware. I found that it ran super-fast on my new gear, and I now run the new Cub Linux version on that same gear.

Chromixium’s success apparently hit too close to the real deal for Google. Google’s Trademark Enforcement Team politely invited sole developer Rich Jack to change the product’s name to avoid suggesting an affiliation with the Chrome project. So the former Chromixium community rebranded the distro as “Cub” Linux — Chromixium + Ubuntu = Cub.

Cub Linux 1.0, released on July 1, is a replacement for the former Chromixium 1.0. It does not disappoint. In fact, performance-wise, it picks up where Chromixium left off. It has some new features and system updates. Cub has expanded into a 64-bit version.

Cub Linux Is a Worthy Chromixium Offspring

This $35 Computer Just Passed a Major Sales Milestone

Raspberry Pi Computer Manufacturing

Makers planned to sell 10,000 but sold 10 million instead.

The Raspberry Pi is quite a phenomenon in the computing world—a stripped-down computer that doesn’t even come with a case, let alone software, but that costs just $35 and has proven a hit with kids and other tinkerers.

Such a hit, in fact, that the U.K.-based Raspberry Pi Foundation has now sold 10 million of the things.

As Raspberry Pi founder Eben Upton noted in a Thursday blog post, the original idea was just to get more people applying to study computer science at the University of Cambridge.

To celebrate the 10-million-sold milestone, the foundation announced a £99 ($132) starter kit that comes with some of the add-ons that people tend to buy for the core product—am HDMI cable, a mouse and keyboard, a power supply, an SD card for the free downloadable Linux operating system, and a case. Oh, and an educational book aimed at helping younger users get started.

This $35 Computer Just Passed a Major Sales Milestone

A $50 device and an app can easily steal your PC’s log-in

2016-09-09-07

You’d think protecting your computer with a strong password can keep it safe, but apparently, all it takes to steal your log-in credentials is a $50 piece of hardware and an app. According to R5 Industries principal security engineer Rob Fuller, he was able to pilfer usernames and passwords from locked computers using a USB device loaded with a hacking app called Responder. The stolen passwords are encoded, sure, but once they’re in another person’s possession, they can be cracked. One of the small, Linux-powered computers he used (USB Armory) costs $155, but the other (Hak5 Turtle) costs only $50. Computers share log-in credentials with them, because they recognize the devices as trusted Ethernet adapters.

Fuller said the combination worked on all versions of Windows and even on El Capitan, though he still needs to check whether his Mac experiment was a fluke. He also said that the hack was so easy to pull off, he “tested it so many ways to confirm” since he had such a hard time believing it was possible.

A $50 device and an app can easily steal your PC’s log-in

Improving the deduplication flow when uploading to Google Drive

2016-09-07-07

A common use case for Google Drive users is to download a file from their Drive to modify it locally, and then to re-upload the new version. In the past, this would result in duplicate files (the original and the new one), and users would have trouble finding the latest version. That’s why we’re introducing a change in Drive to deduplicate files which were uploaded in this way.

Once launched, when users upload files that have the same filename as an existing file, they’ll be deduplicated, and the old file will be in revision history. This is so that if any mistakes are made, users can get back to the previous version. Similarly, uploaded folders will be merged with folders of the same name.

Improving the deduplication flow when uploading to Google Drive