Ms. Smith

Author Archives: Ms. Smith

Hackers trick iris scanner to unlock Samsung Galaxy S8

When it comes to security and the iris recognition technology used in its flagship Galaxy S8 smartphone, Samsung touted, “The patterns in your irises are unique to you and are virtually impossible to replicate, meaning iris authentication is one of the safest ways to keep your phone locked and the contents private.”But the Chaos Computer Club (CCC) made a mockery of Samsung’s “virtually impossible to replicate” claims, easily defeating the iris recognition system used in the new Galaxy S8 with nothing more than a camera, a printer and a contact lens.Not only can the iris authentication system be broken to unlock an S8, the same trick could allow an attacker to access the victim’s mobile wallet. Just last week, Samsung Pay tweeted a short iris scan video ad along with, “Every eye is unique. Now you can use yours to make purchases with Samsung Pay.”To read this article in full or to leave a comment, please click here

Hackers trick iris scanner to unlock Samsung Galaxy S8

When it comes to security and the iris recognition technology used in its flagship Galaxy S8 smartphone, Samsung touted, “The patterns in your irises are unique to you and are virtually impossible to replicate, meaning iris authentication is one of the safest ways to keep your phone locked and the contents private.”But the Chaos Computer Club (CCC) made a mockery of Samsung’s “virtually impossible to replicate” claims, easily defeating the iris recognition system used in the new Galaxy S8 with nothing more than a camera, a printer and a contact lens.Not only can the iris authentication system be broken to unlock an S8, the same trick could allow an attacker to access the victim’s mobile wallet. Just last week, Samsung Pay tweeted a short iris scan video ad along with, “Every eye is unique. Now you can use yours to make purchases with Samsung Pay.”To read this article in full or to leave a comment, please click here

Netgear added data collection ‘feature’ to NightHawk R7000 routers; disable it

Netgear makes some popular routers, but do you really want the company behind your model of router to collect data such as your IP address and MAC address? If the answer is no, then you need to disable the ‘analytics’ data collection.Netgear’s NightHawk R7000 router, dubbed as “best-selling” and “top-rated” router on Amazon, is now collecting users’ data. Not just Wi-Fi information, but also information about connected devices, MAC address and IP. The data collection was enabled in the latest firmware update.A Slashdot user spotted the change after Netgear updated its data collection policy. A support article – “What router analytics data is collected and how is the data being used by Netgear? – states:To read this article in full or to leave a comment, please click here

Netgear NightHawk R7000 routers now collect user data

Netgear makes some popular routers, but do you really want the company behind your model of router to collect data such as your IP address and MAC address? If the answer is no, then you need to disable the "analytics" data collection.Netgear’s NightHawk R7000 router, dubbed as “best-selling” and “top-rated” router on Amazon, is now collecting users’ data. Not just Wi-Fi information, but also information about connected devices, MAC address and IP. The data collection was enabled in the latest firmware update.A Slashdot user spotted the change after Netgear updated its data collection policy. A support article—“What router analytics data is collected and how is the data being used by Netgear?—states:To read this article in full or to leave a comment, please click here

Netgear NightHawk R7000 routers now collect user data

Netgear makes some popular routers, but do you really want the company behind your model of router to collect data such as your IP address and MAC address? If the answer is no, then you need to disable the "analytics" data collection.Netgear’s NightHawk R7000 router, dubbed as “best-selling” and “top-rated” router on Amazon, is now collecting users’ data. Not just Wi-Fi information, but also information about connected devices, MAC address and IP. The data collection was enabled in the latest firmware update.A Slashdot user spotted the change after Netgear updated its data collection policy. A support article—“What router analytics data is collected and how is the data being used by Netgear?—states:To read this article in full or to leave a comment, please click here

EternalRocks network worm uses 7 NSA hacking tools

While you won’t be forgetting the WannaCry ransomware attack, it is likely you will be hearing a lot more about the alleged NSA-linked EternalBlue exploit and DoublePulsar backdoor as it seems a wide range of bad guys have them in their toyboxes. At least one person is leveraging seven leaked NSA hacking tools for a new EternalRocks network worm.EternalBlue and DoublePulsarMalwarebytes believes WannaCry did not spread by a malicious spam email campaign, but by an scanning operation that searched for vulnerable public facing SMB ports, then used EternalBlue to get on the network and DoublePulsar to install the ransomware.To read this article in full or to leave a comment, please click here

EternalRocks network worm uses 7 NSA hacking tools

While you won’t be forgetting the WannaCry ransomware attack, it is likely you will be hearing a lot more about the alleged NSA-linked EternalBlue exploit and DoublePulsar backdoor as it seems a wide range of bad guys have them in their toyboxes. At least one person is leveraging seven leaked NSA hacking tools for a new EternalRocks network worm.EternalBlue and DoublePulsarMalwarebytes believes WannaCry did not spread by a malicious spam email campaign, but by an scanning operation that searched for vulnerable public facing SMB ports, then used EternalBlue to get on the network and DoublePulsar to install the ransomware.To read this article in full or to leave a comment, please click here

Sixth grader weaponizes smart teddy bear, hacks security audience’s Bluetooth

If yet another cybersecurity expert wanted to warn the general public about the risks associated with the internet-of-things (IoT), it is as likely as not that the warning would go in one ear and out the other. But when a sixth grader hacks an audience of security experts and “weaponizes” his smart teddy bear, it might just snag the attention of parents who have disregarded warnings about the dangers and bought internet-connected toys for their kids anyway.At the International One Conference in the Netherlands on Tuesday, 11-year-old Reuben Paul set out to ensure that “the Internet of Things does not end up becoming the Internet of Threats.” Judging by security experts’ awed reactions on Twitter, Paul made a lasting impression.To read this article in full or to leave a comment, please click here

Sixth grader weaponizes smart teddy bear, hacks security audience’s Bluetooth

If yet another cybersecurity expert wanted to warn the general public about the risks associated with the internet-of-things (IoT), it is as likely as not that the warning would go in one ear and out the other. But when a sixth grader hacks an audience of security experts and “weaponizes” his smart teddy bear, it might just snag the attention of parents who have disregarded warnings about the dangers and bought internet-connected toys for their kids anyway.At the International One Conference in the Netherlands on Tuesday, 11-year-old Reuben Paul set out to ensure that “the Internet of Things does not end up becoming the Internet of Threats.” Judging by security experts’ awed reactions on Twitter, Paul made a lasting impression.To read this article in full or to leave a comment, please click here

Sixth-grader weaponizes smart teddy bear, hacks security audience’s Bluetooth

If yet another cybersecurity expert wanted to warn the general public about the risks associated with the Internet of Things (IoT), it is likely the warning would go in one ear and out the other. But when a sixth-grader hacks an audience of security experts and “weaponizes” his smart teddy bear, it might just snag the attention of parents who have disregarded warnings about the dangers and bought internet-connected toys for their kids anyway.At the International One Conference in the Netherlands on Tuesday, 11-year-old Reuben Paul set out to ensure that “the Internet of Things does not end up becoming the Internet of Threats.” Judging by security experts’ awed reactions on Twitter, Paul made a lasting impression.To read this article in full or to leave a comment, please click here

Sixth-grader weaponizes smart teddy bear, hacks security audience’s Bluetooth

If yet another cybersecurity expert wanted to warn the general public about the risks associated with the Internet of Things (IoT), it is likely the warning would go in one ear and out the other. But when a sixth-grader hacks an audience of security experts and “weaponizes” his smart teddy bear, it might just snag the attention of parents who have disregarded warnings about the dangers and bought internet-connected toys for their kids anyway.At the International One Conference in the Netherlands on Tuesday, 11-year-old Reuben Paul set out to ensure that “the Internet of Things does not end up becoming the Internet of Threats.” Judging by security experts’ awed reactions on Twitter, Paul made a lasting impression.To read this article in full or to leave a comment, please click here

Shadow Brokers announce monthly data dump service

The Shadow Brokers are back once again, offering buyers not just exploits, but also “compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs.”Seemingly capitalizing on the success of WannaCry ransomware, which used EternalBlue and DoublePulsar – tools developed by the NSA’s Equation Group – the Shadow Brokers want to sell new exploits every month to people who pay a membership fee.The hacking group dubbed its new monthly subscription model “TheShadowBrokers Data Dump of the Month;” the service kicks off in June. The Shadow Brokers claim not to care what Data Dump of the Month service members do with the exploits. The group teased:To read this article in full or to leave a comment, please click here

Shadow Brokers announce monthly data dump service

The Shadow Brokers are back once again, offering buyers not just exploits, but also “compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs.”Seemingly capitalizing on the success of WannaCry ransomware, which used EternalBlue and DoublePulsar – tools developed by the NSA’s Equation Group – the Shadow Brokers want to sell new exploits every month to people who pay a membership fee.The hacking group dubbed its new monthly subscription model “TheShadowBrokers Data Dump of the Month;” the service kicks off in June. The Shadow Brokers claim not to care what Data Dump of the Month service members do with the exploits. The group teased:To read this article in full or to leave a comment, please click here

Reporters dox WannaCry ransomware kill switch guy

It is sickening when people prove “no good deed goes unpunished” to be true. I’m looking at you, British tabloids, because it was mean, stupid and very irresponsible to dox the guy who discovered the first WannaCry ransomware kill switch and thereby stopped thousands of old Windows machines from becoming infected.He goes by MalwareTech on Twitter and has an avatar of a cat wearing sunglasses. If he wanted to use his real name and picture, then he would have. Clearly, he values privacy and tries to maintain at least some degree of anonymity.Yet after being hailed as a hero for discovering a kill switch as WannaCry ransomware swept across globe, shady journalists doxed him. They dug into everything they could find online about MalwareTech, including trying to pry information from his friends.To read this article in full or to leave a comment, please click here

Reporters dox WannaCry ransomware kill switch guy

It is sickening when people prove “no good deed goes unpunished” to be true. I’m looking at you, British tabloids, because it was mean, stupid and very irresponsible to dox the guy who discovered the first WannaCry ransomware kill switch and thereby stopped thousands of old Windows machines from becoming infected.He goes by MalwareTech on Twitter and has an avatar of a cat wearing sunglasses. If he wanted to use his real name and picture, then he would have. Clearly, he values privacy and tries to maintain at least some degree of anonymity.Yet after being hailed as a hero for discovering a kill switch as WannaCry ransomware swept across globe, shady journalists doxed him. They dug into everything they could find online about MalwareTech, including trying to pry information from his friends.To read this article in full or to leave a comment, please click here

New WannaCry ransomware variants: Patch old PCs now to avoid becoming a victim

Monday is going to suck for some folks, those who run old, unsupported Windows systems which are vulnerable to WannaCry ransomware, if they didn’t put in some weekend time applying security updates.In response to the massive global ransomware attack on Friday, Microsoft took the “highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.” Europol chief Rob Wainwright told the BBC, “Companies need to make sure they have updated their systems and ‘patched where they should’ before staff arrived for work on Monday morning.”To read this article in full or to leave a comment, please click here

New WannaCry ransomware variants: Patch old PCs now to avoid becoming a victim

Monday is going to suck for some folks, those who run old, unsupported Windows systems which are vulnerable to WannaCry ransomware, if they didn’t put in some weekend time applying security updates.In response to the massive global ransomware attack on Friday, Microsoft took the “highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.” Europol chief Rob Wainwright told the BBC, “Companies need to make sure they have updated their systems and ‘patched where they should’ before staff arrived for work on Monday morning.”To read this article in full or to leave a comment, please click here

Trump to FBI Director James Comey: You’re fired!

As shocking as it is, President Donald Trump fired FBI Director James Comey yesterday, despite the agency investigating possible collusion with Russia to interfere with the 2016 presidential election.Trump’s letter to Comey stated: “While I greatly appreciate you informing me, on three separate occasions, that I am not under investigation, I nevertheless concur with the judgement of the Department of Justice that you are not able to effectively lead the Bureau.”Trump said new leadership was needed to restore “public trust and confidence” in the FBI.To read this article in full or to leave a comment, please click here

Trump to FBI Director James Comey: You’re fired!

As shocking as it is, President Donald Trump fired FBI Director James Comey yesterday, despite the agency investigating possible collusion with Russia to interfere with the 2016 presidential election.Trump’s letter to Comey stated: “While I greatly appreciate you informing me, on three separate occasions, that I am not under investigation, I nevertheless concur with the judgement of the Department of Justice that you are not able to effectively lead the Bureau.”Trump said new leadership was needed to restore “public trust and confidence” in the FBI.To read this article in full or to leave a comment, please click here

FCC should produce logs to prove ‘multiple DDoS attacks’ stopped net neutrality comments

After John Oliver urged viewers of HBO’s Last Week Tonight to fight for net neutrality (again), even simplified the process for leaving comments by having a new URL, gofccyourself.com, redirect to the point where a person needs only to click “Express” to leave a comment, people were not able to submit comments because the site turned to molasses.The FCC blamed (pdf) the problem on “multiple” DDoS attacks. “These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.”To read this article in full or to leave a comment, please click here