Most White House email domains could be vulnerable to phishing

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

We can likely all agree that governmental cyber security is an important issue. While the Attorney General has created a task force to deal with election hacking, there have been plenty of digital security fails in the past year. And the FCC doesn't…
Engadget RSS Feed
Cash For Apps: Make money with android app

Casey Neistat says YouTube is vulnerable to Twitch

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

It’s loaded Vergecast this week. Nilay, Paul, and Dieter welcome back Silicon Valley editor Casey Newton to break down the Cambridge Analytica scandal at Facebook, after talking through predictions for next week’s Apple event.

But first, another Casey makes his debut on The Vergecast — Casey Neistat! Nilay talks one-on-one with Casey about a multitude of topics, including Beme, his view of YouTube, Twitch, and other platforms, sponsorship, and what he’s up to next. It’s exactly what you’d expect from Neistat, honest and direct.

02:36 – What to expect from Apple’s education event

20:56 – Casey Neistat interview

52:07 – Paul’s weekly segment “Swag for Me? Swag for you too

H…

Continue reading…

The Verge – All Posts

Cash For Apps: Make money with android app

New Analysis Claims Your Smart TV Might Be Vulnerable to Hacks

Thanks to their innovative combination of large displays and all-inclusive, Wi-Fi connected interfaces, Smart TVs have exploded in popularity among consumers, as their prices continue to normalize with the rest of the market.

However despite their perceived benefits, which include on-demand access to a wide range of internet connected services like Netflix, Hulu and more, a recent analysis of the market’s biggest Smart TV offerings has unsettlingly revealed how they might be vulnerable to hackers.

In fact, as conveyed in an exclusive, USA Today report published this morning, your Smart TV is “probably monitoring more of your viewing than you realize.”

That’s in part because they boast a technology dubbed Automatic Content Recognition, which is designed to monitor what you watch “in an attempt to do a better job than Nielsen at measuring viewership.”

Privacy and Security Concerns

Essentially, “several problems” were discovered during an analysis of Smart TV offerings from five of the market’s biggest vendors — Samsung, Sony, LG, TCL and Vizio, according to Consumer Reports, who not only said the units it tested were capable of tracking what you watch, but certain models from Samsung and TCL were found to have “failed basic security tests.”

In fact, the agency appears to boast the ease of which they were able to “take over complete remote control of the [Samsung & TCL/Roku] TVs” and carry out a variety of tasks including changing the channel, tweaking with the volume, installing apps and even downloading a range of  “objectionable content” from the web.

“What we found most disturbing about this, was the relative simplicity of” [how easy it was to hack in], said Consumer Reports’ senior director of content, Glenn Derene.

Derene added that it’s particularly “frightening” that some unknown, remote actor could do things like start typing into the search bar, launch or install apps, disable the TV’s Wi-Fi connectivity, and even use the hack to “harass and frighten someone.”

“Basic security practices were not being followed,” Derene concluded, noting how his firm was able to hack the TCL/Roku device using the manufacturer’s own feature which gives users the option to use devices like their smartphone as a remote to control Roku from afar.

Other Key Findings and Conclusions

In addition to the security risks, Consumer Reports found that the Smart TVs it tested “asked for permission to collect viewing data and other information” — and it wasn’t particularly easy for users to discern what information they were agreeing to share.

There was even a “tendency to request oversharing,” the agency said, pointing to the TVs apparent disposition to monitoring everything its watcher did — regardless of whether they were streaming a show on Netflix or merely playing a DVD.

Moreover, while most consumers might be aware (to a certain extent) that they’re being tracked by Internet-streaming services like Netflix and Hulu (who gather info so as to recommend the best new shows), “It’s just not the expectation of consumers that their TV will be tracking everything they watch, particularly if they’re not streaming.”

Samsung and TCL Respond

Both Samsung and TCL-owned Roku have since responded to Consumer Reports’ findings, with both firm’s reportedly indicating they “would take a closer look at the issues and address them,” USA Today said.

As of Wednesday morning, however, TCL appeared to push back on the findings, suggesting in a blog post published to its website that the agency simply “got it wrong,” and “there is no security risk” associated with its products, as they previously indicated.

“We take the security of our platform and the privacy of our users very seriously,” Roku vice president, Gary Ellison, said.

How to Fix These Issues?

Consumer Reports provides a few, hit-or-miss solutions which may help users avoid these complications with their Smart TV.

Since they’re equipped with the Automatic Content Recognition feature, which allow these Smart TVs to closely monitor what you watch and share that information, Consumer Reports recommends simply turning the feature off via your device’s settings menu.

Other interesting options include turning off your Wi-Fi box while you watch TV… though even Consumer Reports admitted that “doesn’t make sense” since the whole point of owning a Smart TV is that you’re able to connect to the web, right?

Alternatively, they suggest reverting to the use of a “dumb TV” to stream your content the old fashioned way (via set-top box) — though there’s no guarantee that will even help. They found that Roku’s streaming box, which utilizes the same operating system as Roku-branded TVs, was also vulnerable.

Interestingly, today’s findings come exactly a year after TV maker, Vizio, agreed to a $ 2.2 million deal that settled allegations from the Federal Trade Commission and the Office of the New Jersey Attorney General which concerned the company’s excessive collection of its users’ viewing data without their consent.

iDrop News

Lenovo’s fingerprint manager left passwords vulnerable

A slew of Lenovo devices have left users' systems vulnerable to a breach. Fingerprint Manager Pro software installed on any of some three dozen ThinkPad, ThinkCentre or ThinkStation devices apparently features weak encryption that allows someone to b…
Engadget RSS Feed

AMD chips vulnerable to both variants of Spectre security flaw, firmware updates coming this week

Though AMD’s initial response to Spectre security flaw was positive as the company said the impact is ‘near zero’, today it confirmed that the processors are vulnerable to both variants of the Spectre security flaw. The company further added that it is rolling out firmware updates available for Ryzen and EPYC owners this week. AMD will be rolling out the patches to suppliers who will be pushing them to the users. The company didn’t mention anything about the performance impact. AMD says that Google Project Zero Variant 1 (Bounds Check Bypass or Spectre could be contained with an operating system patch. It is been working with Microsoft to roll out the patches for the majority of AMD systems and is also closely following up to correct the issue that paused the distribution of patches for some older AMD processors. Linux vendors are also rolling out patches across AMD products. The variant two; Branch Target Injection or Spectre is also applicable to AMD processors. While it is hard for the variant two to exploit AMD processors, the company said that it is working to further mitigate the threat. It also mentioned that patches and firmware updates to older processors will be rolled out over the coming …
Fone Arena

Your data in Western Digital cloud storage devices may still be vulnerable

Western Digital’s cloud storage devices are still vulnerable to security flaws despite patches issued to fix the bugs, the company has said in a blog post. According to the firm, future updates are being planned to patch the affected products, although it’s unclear how many problems are still outstanding.

Vulnerabilities were found in 12 of WD’s devices and first outlined in a blog post by security firm GulfTech. GulfTech noted that a number of WD devices allow remote backdoor admin access through the username “mydlinkBRionyg” and password “abc12345cba”. Gulftech also outlines a file upload flaw within the devices that would allow potential hackers to gain remote access. In addition to this, the devices are also susceptible to command…

Continue reading…

The Verge – All Posts

US to Reverse Offshore Drilling Regulations, Leaving the Environment Vulnerable

Oil Drilling

7 years ago, the BP oil rig Deepwater Horizon exploded, killing 11 crew members and releasing millions of barrels of oil into the Gulf of Mexico. It was the largest oil spill in U.S. history.

In 2016, the Obama administration released the final set of rules and regulations on offshore oil drilling in an attempt to prevent an event like the Deepwater Horizon disaster from happening again. Now, the Trump administration is trying to reverse those restrictions, as reported by The New York Times.

The Interior Department’s Bureau of Safety and Environmental Enforcement (BSEE) — which was established in response to the 2010 oil spill — is now leading the charge on rolling back the Obama-era regulations. In a proposal drafted by the BSEE, the organization claims the current restrictions place “unnecessary burdens” on the drilling industry.

Fireboat crews attempting to extinguish the Deepwater Horizon oil rig. Image Credit: U.S. Coast Guard
Fireboat crews attempting to extinguish the Deepwater Horizon oil rig. Image Credit: U.S. Coast Guard

“By reducing the regulatory burden on industry, we are encouraging increased domestic oil and gas production while maintaining a high bar for safety and environmental sustainability,” Scott A. Angelle, director of the BSEE, said in a statement. Angelle went on to state that the current regulations were put in place based on the prior assumption that “only more rules” would make operations safer. Instead, Angelle suggests that it’s “not an either / or” situation and that the U.S. can simultaneously “increase domestic energy production and increase safety and environmental protection.”

Another Policy Reversal

While some groups like the National Ocean Industries Association (NOIA) support the move, saying they welcome the opportunity to “comment on this important regulation” and other policies currently in place, other organizations are against the reversal, claiming it will only invite disaster.

“Rolling back drilling safety standards while expanding offshore leasing is a recipe for disaster,” Miyoko Sakashita, director of the oceans program at the Center for Biological Diversity, said in a statement as reported by The New York Times. “By tossing aside the lessons from the Deepwater Horizon oil spill, Trump is putting our coasts and wildlife at risk of more deadly oil spills. Reversing offshore safety rules isn’t just deregulation, it’s willful ignorance.”

U.S. Coast Guard collecting oil using a skimming boom. Image Credit: U.S. Department of Defense
U.S. Coast Guard collecting oil using a skimming boom. Image Credit: U.S. Department of Defense

The Deepwater Horizon incident wasn’t the first of its kind. Nearly two years prior, in September 2008, BP suffered a similar accident in the Caucasus country of Azerbaijan that resulted in a blowout. In both cases, a “bad cement job” was said to be a key factor. To Sakashita’s point, both accidents occurred before proper regulations were created, and now serve as proof of what could happen if the current rules are removed.

Director Sakashita’s statement can also be applied to other reversals made by the Trump administration this year, such as the decision to continue the Keystone XL pipeline project after President Obama had halted it. Months after reversing the decision, the pipeline leaked 210,000 gallons of oil, but that didn’t stop the approval of the pipeline’s expansion.

We’ll have to wait and see if the BSEE can deliver on their claim of increasing energy production while offering better protection to both employees and the environment. As the world shifts towards clean energy, the BSEE’s reversal may only be beneficial to the drilling and oil industries for a couple of years: a couple of weeks ago, the World Bank announced it would stop offering financial support for oil and gas exploration after 2019.

The post US to Reverse Offshore Drilling Regulations, Leaving the Environment Vulnerable appeared first on Futurism.

Futurism

Amazon Echo and Google Home were vulnerable to Bluetooth exploit

Back in September, Bluetooth-connected device owners got a little scare when security firm Armis disclosed a new hack exploit known as BlueBorne. In theory, bad actors could target smartphones, tablets and such using specific vectors in Bluetooth con…
Engadget RSS Feed