Miscellaneous Tech News

mlnews

Google+ bug exposes non-public profile data for 52 million users

Goof let developers see names, email addresses, and more, even when set to be nonpublic.

Two months after disclosing an error that exposed the private profile data of almost 500,000 Google+ users, Google on Monday revealed a new leak that affects more than 52 million people. The programming interface bug allowed developers to access names, ages, email addresses, occupations, and a wealth of other personal details even when they were set to be nonpublic.

mlnews

Amazon Web Services aims to colonize your network with Outpost

Amazon aims to sink itself deeper into enterprises with new tools.

Amazon Outposts, a service scheduled to become available in the second half of 2019, will allow customers to provision physical racks of Amazon Web Services (AWS) servers and have them shipped to their own data centers. The racks will be configured with the same servers that Amazon runs in its AWS data centers; once installed, the racks will connect back to the AWS mothership over the Internet and then can be configured with storage services and virtual machines through Amazon's AWS Management Console. And just as with services hosted in Amazon's own data centers, customers won't own these racks—they'll rent them. The costs and connectivity requirements associated with Outpost have yet to be determined.

mlnews

Samsung teases new Notebook 9 Pen with 15-hour battery life before CES 2019

The 13- and 15-inch convertibles also sport a familiar blue-and-gold color scheme.

Samsung announced two new versions of the Notebook 9 Pen—a 13-inch and a 15-inch model—that it will show off at CES in January and release sometime in 2019. At first glance, not much seems to have changed in the new convertibles, but upon closer inspection, Samsung has made some changes that will (hopefully) make the new devices worth their inevitably high price tags.

Dashrender

Haven't we had 15+ hr battery life for a few years now? Not that I have any units in-house that get that.

mlnews

A look at the Apple Watch’s ECG, from someone who needs it

Early impressions about the heart monitoring recently added to the Apple Watch.

When Apple introduced the fourth iteration of its smartwatch, the big new selling point wasn't a feature we typically associate with a watch or any sort of smart device. Instead, the company added a feature that had only recently arrived in the form of specialized consumer devices: an electrocardiograph (ECG), a device made for monitoring the heart's electrical activity.

mlnews

T-Mobile lied to the FCC about its 4G coverage, small carriers say

FCC filing: T-Mobile claimed to cover areas where it hadn't installed 4G cells.

T-Mobile claimed—under penalty of perjury—to have coverage in areas where it hadn't yet installed 4G equipment, the Rural Wireless Association (RWA) said in an FCC filing Monday. The same group previously reported to the FCC that Verizon lied about its 4G coverage, leading to the FCC starting an investigation and announcing that at least one carrier exaggerated its 4G coverage.

Dashrender

@mlnews said in Miscellaneous Tech News:

T-Mobile lied to the FCC about its 4G coverage, small carriers say

FCC filing: T-Mobile claimed to cover areas where it hadn't installed 4G cells.

T-Mobile claimed—under penalty of perjury—to have coverage in areas where it hadn't yet installed 4G equipment, the Rural Wireless Association (RWA) said in an FCC filing Monday. The same group previously reported to the FCC that Verizon lied about its 4G coverage, leading to the FCC starting an investigation and announcing that at least one carrier exaggerated its 4G coverage.

Can we say - duh?

scottalanmiller

@Dashrender said in Miscellaneous Tech News:

Haven't we had 15+ hr battery life for a few years now? Not that I have any units in-house that get that.

I've not seen one yet, but likely.

travisdh1

@Dashrender said in Miscellaneous Tech News:

@mlnews said in Miscellaneous Tech News:

T-Mobile lied to the FCC about its 4G coverage, small carriers say

FCC filing: T-Mobile claimed to cover areas where it hadn't installed 4G cells.

T-Mobile claimed—under penalty of perjury—to have coverage in areas where it hadn't yet installed 4G equipment, the Rural Wireless Association (RWA) said in an FCC filing Monday. The same group previously reported to the FCC that Verizon lied about its 4G coverage, leading to the FCC starting an investigation and announcing that at least one carrier exaggerated its 4G coverage.

Can we say - duh?

Yeah, isn't that every carrier in the US?

scottalanmiller

@travisdh1 said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

@mlnews said in Miscellaneous Tech News:

T-Mobile lied to the FCC about its 4G coverage, small carriers say

FCC filing: T-Mobile claimed to cover areas where it hadn't installed 4G cells.

T-Mobile claimed—under penalty of perjury—to have coverage in areas where it hadn't yet installed 4G equipment, the Rural Wireless Association (RWA) said in an FCC filing Monday. The same group previously reported to the FCC that Verizon lied about its 4G coverage, leading to the FCC starting an investigation and announcing that at least one carrier exaggerated its 4G coverage.

Can we say - duh?

Yeah, isn't that every carrier in the US?

The US system favours companies lying about things

Dashrender

@scottalanmiller said in Miscellaneous Tech News:

@travisdh1 said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

@mlnews said in Miscellaneous Tech News:

T-Mobile lied to the FCC about its 4G coverage, small carriers say

FCC filing: T-Mobile claimed to cover areas where it hadn't installed 4G cells.

T-Mobile claimed—under penalty of perjury—to have coverage in areas where it hadn't yet installed 4G equipment, the Rural Wireless Association (RWA) said in an FCC filing Monday. The same group previously reported to the FCC that Verizon lied about its 4G coverage, leading to the FCC starting an investigation and announcing that at least one carrier exaggerated its 4G coverage.

Can we say - duh?

Yeah, isn't that every carrier in the US?

The US system favours companies lying about things

I don't understand this - though I do agree with Travis - all companies lie abut their coverage!

scottalanmiller

@Dashrender said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@travisdh1 said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

@mlnews said in Miscellaneous Tech News:

T-Mobile lied to the FCC about its 4G coverage, small carriers say

FCC filing: T-Mobile claimed to cover areas where it hadn't installed 4G cells.

T-Mobile claimed—under penalty of perjury—to have coverage in areas where it hadn't yet installed 4G equipment, the Rural Wireless Association (RWA) said in an FCC filing Monday. The same group previously reported to the FCC that Verizon lied about its 4G coverage, leading to the FCC starting an investigation and announcing that at least one carrier exaggerated its 4G coverage.

Can we say - duh?

Yeah, isn't that every carrier in the US?

The US system favours companies lying about things

I don't understand this - though I do agree with Travis - all companies lie abut their coverage!

They lie because in the US there are big benefits to lying and few penalties. Our laws favour companies that take advantage of corporate protections.

mlnews

Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail

Group breaches SMS-protected accounts. It's still testing attacks against 2fa apps.

A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones.

Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets’ accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password.

“In other words, they check victims’ usernames and passwords in realtime on their own servers, and even if 2 factor authentication such as text message, authenticator app or one-tap login are enabled they can trick targets and steal that information too,” Certfa Lab researchers wrote.

Dashrender

@mlnews said in Miscellaneous Tech News:

Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail

Group breaches SMS-protected accounts. It's still testing attacks against 2fa apps.

A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones.

Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets’ accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password.

“In other words, they check victims’ usernames and passwords in realtime on their own servers, and even if 2 factor authentication such as text message, authenticator app or one-tap login are enabled they can trick targets and steal that information too,” Certfa Lab researchers wrote.

This isn't new.

mlnews

Mass email hoax causes closures across the US and Canada

Emails threaten explosions unless people pay $20,000 in Bitcoin.

The emails warn that explosives have been planted in the recipient’s premises and that they will detonate by the end of the day unless the target pays $20,000 in bitcoin. By late Thursday afternoon, Sammy, the email security researcher who sent one of the tweets above, told Ars she and other researchers estimated more than 100,000 such emails had been received. A large percentage of the emails, she said, used unique wallet addresses and variations on the sender’s name as well as the type of explosive materials.

black3dynamite

How to Make an Offline Root Certificate Authority for Windows PKI in WSL
https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/

JaredBusch

@black3dynamite said in Miscellaneous Tech News:

How to Make an Offline Root Certificate Authority for Windows PKI in WSL
https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/

@scottalanmiller weren't you asking about this a week or so ago?

scottalanmiller

@JaredBusch said in Miscellaneous Tech News:

@black3dynamite said in Miscellaneous Tech News:

How to Make an Offline Root Certificate Authority for Windows PKI in WSL
https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/

@scottalanmiller weren't you asking about this a week or so ago?

I don't think so, but it did come up on a call yesterday!

JaredBusch

@scottalanmiller said in Miscellaneous Tech News:

@JaredBusch said in Miscellaneous Tech News:

@black3dynamite said in Miscellaneous Tech News:

How to Make an Offline Root Certificate Authority for Windows PKI in WSL
https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/

@scottalanmiller weren't you asking about this a week or so ago?

I don't think so, but it did come up on a call yesterday!

Check your Telegram with me on December 6th.

scottalanmiller

@JaredBusch said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@JaredBusch said in Miscellaneous Tech News:

@black3dynamite said in Miscellaneous Tech News:

How to Make an Offline Root Certificate Authority for Windows PKI in WSL
https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/

@scottalanmiller weren't you asking about this a week or so ago?

I don't think so, but it did come up on a call yesterday!

Check your Telegram with me on December 6th.

Oh, asking you directly. Yes, but not on ML. But we were looking for internet at the time, we hadn't come up with using an external service, yet.