Posts by scouser97

  • Websites Track Everything You Do, Researchers Found

    Websites Track Everything You Do, Researchers Found


    Some of the largest websites on the Internet use third-party software to track everything you do on their sites - including what you type, click, and scroll through.



    A study by Princeton researchers revealed that over 400 of the world's most popular websites use the equivalent of hacking tools to spy on you without your knowledge or consent.

    The research investigated the use of session replay scripts from third-party companies, which track what exactly users do while browsing, on some of the Web's top sites.

    Among top retail offenders recording your every move are Costco, Gap.com, Crate and Barrel, Old Navy, Toys R Us, Fandango, Adidas, Boots, Neiman Marcus, Nintendo, Nest, the Disney Store, and Petco. After publication of the study, Bonobos and Walgreens said they would stop using session replay scripts.

    Tech and security websites spying on users include HP.com, Norton, Lenovo, Intel Autodesk, Windows, Kaspersky, Redhat.com, ESET.com, WP Engine, Logitech, Crunchbase, HPE.com (Hewlett Packard Enterprise), Akamai, Symantec, Comodo.com, and MongoDB.

    Other sites you might recognize that are also using active session recording are RT.com, Xfinity, T-Mobile, Comcast, Sputnik News, iStockphoto, IHG (InterContinental Hotels), British Airways, NatWest, Western Union, FlyFrontier.com, Spreadshirt, Deseret News, Bose, and Chevrolet.com.

    This is not what you probably know about basic website tracking - page views, searches - in order to make internet ads more targetted and efficient.

    These sites are capturing everything you type, mouse over, and click on - sort of like a keylogger. The software is capable of tracking a great deal of information and because third parties have access to that information.

    "Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third-party as part of the recording. This may expose users to identity theft, online scams, and other unwanted behavior," the researchers from Princeton University reported.

    As the researchers also pointed out, this sort of playback software is "like somebody looking over your shoulder," while you're online. Watch the video below to learn more about how it works.

    With that sort of recording also comes additional information that, if leaked, could be dangerous indeed. The research noted that this software has the ability to record passwords entered, capture sensitive data such as credit card numbers and dates of birth, and record data input into text boxes, even if that data isn`t submitted to the site.

  • Reg comments137 Personal Tech Nasty firmware update butchers Samsung smart TVs so bad, they have to be repaired

    Reg comments137

    Personal Tech


    Nasty firmware update butchers Samsung smart TVs so bad, they have to be repaired

    Owners of Samsung smart TVs say their swish sets are basically unusable after a bungled firmware update.

    In fact, the update was so bad, it looks as though it will require people to send or bring their televisions back to base for repair to correct the cockup.

    Folks on Samsung UK's support forums report that an update released on August 8 rendered many newer smart sets – such as 50-inch Ultra HD and 49-inch 4K displays – worse than dumb TVs, because dumb TVs actually work.

    Judging from the dozens of complaints, the gear functioned as expected prior to getting the most recent firmware upgrade from the South Korean giant. After that software is installed, the space-age tellies are stuck on a single channel, the remotes don't work, the volume can't be adjusted, or they are just totally inoperable, it is claimed.

    "My UE49MU7070TXXU updated two days ago and since then it is stuck on one tv channel and will not respond to remote controls (I have three) or smartphone controls," said one punter.

    Other owners have reported being able to use peripherals such as game consoles and DVD players, but only on a single HDMI input.

    Samsung, meanwhile, has yet to say much about the problem other than to relay through forum support staff that it was aware of the bug and was working on a remedy.

    This, unsurprisingly, left many set owners fuming.

    'Shocking'

    "The level of customer service here is shocking with a number of customers asking for feedback, but in no instance has anyone offered any support other than ask people to call in, which is pointless," wrote an aggrieved customer.

    "I hope you have this resolved soon as the claims from customers for services which we are all paying for are going up by the day, as this is a fault caused by Samsung and NOTHING to do with any customer fault."

    Interestingly, Samsung's US support forum contains no mention of any similar problem, suggesting the bad firmware update may be limited to the UK or European region.

    We've asked Samsung for some clarification and comment on the matter, but the consumer electronics giant has, much like its knackered TVs, been completely unresponsive thus far.

    In the meantime, moderators on Samsung's UK support page said yesterday that a fix should be coming soon, though it will require customers to bring in their sets for repair.

    "We've had it confirmed that the solution that our TV guys have been testing works," they said. "It would need to be installed by an approved Samsung engineer, so please contact our TV Support teams so they can arrange a suitable appointment for you."

    All in all, it's a terrible situation for people. Don't install firmware updates and miss out on security patches. Do install updates, and get a bricked telly. Technology sucks. ®

  • This device can crack your iPhone Passode

    This device can crack your iPhone Passode


    Yes, there actually is a $500 device for sale online that can crack iPhone 6 and 7 passcode. Apart from being almost cheap, it’s also very easy to use. Simply dial in settings in the desktop application, push them to the device, and then release the attack on a connected iPhone. Easy passcodes can be cracked in a short time. It all seems pretty impressive in action in a YouTube demonstration.

    The device can recover passcodes of not one or two but three iPhone 7 at the same time. Believe it or not but an American YouTuber has published a video explaining the device.

    The device attempts to brute force the code, beginning at 0000 and counting up (0001, 0002, …). The process continues until the correct password is recovered. Setting up demo iPhone with Passcodes like 0015 and 0016 guarantees that they’ll be discovered in a minimal amount of time. The phone’s response to the entered passcode works as a sign of passcode’s accuracy. The code is noted from the device and entered into the phone when the lock screen is displayed.

    The method will only work if the password is short and belongs to the list of easy-to-guess passwords such as 123456, 5883 or 777777. This method works only on some models of iPhone 6 and 6s and it is completely compatible on iPhone 7 and 7 Plus.

  • cant get broadband studio to connect

    from my past uses with BB studio it only runs on 32 bit windows, I could be wrong if it has been updated. I had a 32 bit image of windows I used to run it to jtag cloud ibox`s worked every time but did try it on 64 bit windows and was always errers.


    hope this helps.

    .

  • MAG256

    had same problem but found it was the HDMI lead I was using m8 all good now, As the lead that came with it was to short from mag to tv.

  • Utilizing Browser Security Extension “Blur” (Previously DoNotTrackMe)

    Utilizing Browser Security Extension “Blur” (Previously DoNotTrackMe)

    Blur has gone through a variety of different handles – from Do Not Track Plus (DNT+) to DoNotTrackMe (DNTMe). Regardless of the name, this free browser extension is extremely useful.

    It blocks trackers on the internets via an Abine design. Abine, a privacy company based in Boston, Massachusetts, first came out with the extension back in March 2011.

    The blur extension boasts of password security. The user can create strong, encrypted passwords with one click, save those passwords in a secure environment, and even utilize Touch ID and other features for faster login. Even more, Blur also offers a “secure payment” feature.

    Blur’s official extension page gives details on the secure payment feature:

    • Shop online without ever giving out your credit card to merchants (yup!)
    • Masked Cards let you pay using new disposable credit cards (like PayPal, but better)
    • Auto-fill your real encrypted credit card, billing, and address info for fast checkouts, when you choose
    • Charges show up as Abine, Inc. on your statement to protect your privacy (that’s what we do)

    In addition, Blur also promises to block hundreds of businesses (including Facebook) from covertly gathering your online history and information, as well as blocking tracking that doesn’t depend on cookies. Even more, Blur also takes their customer feedback seriously.

    According to their official information release, over 10 million users daily are providing feedback for the extension to ultimately make it better.

    With AES-256 password/data encryption, host-proof hosting, and key JavaScript processes running in protected contexts and not on the page itself, Blur is definitely worth looking into.

    The extension is now available on a variety of different browsers, including (but not limited to):

    • Mozilla Firefox
    • Google Chrome
    • Safari
    • Internet Explorer
    • IOS
    • Android

    Blur can be downloaded and installed from your browser’s default website. The installation is self-explanatory; you click “add to ___” and let your browser handle the rest.

  • Facebook is thinking about spying on it’s users using their device’s WebCam

    Facebook is thinking about spying on it’s users using their device’s WebCam


    The platform said it needs to observe users’ emotions during a bid to specifically target advertisements toward them.

    As a part of the thought, Facebook would watch individuals through a camera in real time as they browse online. The technology would then verify a persons’ emotions, based on whether or not they look unhappy, happy or bored.

    It would then tailor advertisements toward you.

    For example, if you were looking unhappy, ads which could make you happy can pop on your screen.

    Whether Facebook is truly getting to implement this technology remains unclear, however, specialists have delineated it as an “ethical minefield”.

    New York-based intelligence firm CB Insights said: “On the one hand, they need to spot that content is a most partaking and reply to audience’s reactions, on the opposite emotion-detection is technically tough, to not mention a PR and ethical minefield.”

    Other techniques listed by Facebook in relation to tailoring adverts include exploitation technology which might monitor how exhausting or quick an individual is writing and whether or not the user enclosed emoji’s inside a message.

    They believe this could even be a sign of a persons’ emotional state.

    Facebook filed its initial patent application in 2015.

    It is understood users would be notified ahead of any projected possibilities.

    Now that the majority smartphones go together with a camera (or two), and camera use is fashionable apps like Instagram that encourage exposure sharing, hackers are finding sneaky ways that to use them.

    Spyware of this kind has been around for a long time for Windows – the malware referred to as Blackshades for example, that hackers have accustomed secretly record victims with their computer’s digital camera.

    This is the newest instance of an humanoid application which will hijack a smartphone or tablet’s camera for the identicals devious purpose.

    According to Sidor, the Android OS won’t permit the camera to record while not running a preview – that is howeverSidor discovered that he might build the preview therefore small that it’s effectively invisible to the naked eye.

  • Liverpool shopping center screen has been hacked

    Liverpool shopping center screen has been hacked


    Someone hacked Liverpool one digital screen outside a Liverpool shopping center on 29 May and left the following message:

    “We suggest you improve your security. Sincerely, your friendly neighbourhood hackers,”

    Liverpool One leaders said that it shut down the screen as soon as it was informed about the hack. The photo has been posted on Reddit and also a visitor to the Liverpool shopping centre published the photo on Twitter.



    The message was marked “#JFT96”, which is a visible outline of “Justice for the 96”, which is a related to the 96 football fans who died in the 1989 Hillsborough disaster.

    The advertisements screens are operated by an external company called “Elonex”, which is currently investigating the hack.

    Elonex said:


    “We can confirm an incident occurred over the weekend on one of the 18 screens we operate at Liverpool One”

    Elonex said:


    “The incident appears to have been good-natured and not intended to cause offence or disruption, for which we are grateful.”

    Various screens at the Liverpool shopping centre have been deactivated, according to cyber-security researcher Kevin Beaumont, whose added that his friend saw the message when it was posted on 29 May.

    This hack shows us how systems remained vulnerable to hackers. Yes, it’s just an ad screen, but you don’t know the system behind it.

  • WannaCry decryption tool has been released!

    WannaCry decryption tool has been released!

    The WannaCry ransomware has infected thousands of computer systems around the world, but Adrien Guinet a security researcher of Quarkslab, has found a way to recover the unknown encryption keys used by the ransomware.

    Adrien said that in order to retrieve the keys, your computer must not have been rebooted after being infected. The tool allows recovering the prime numbers of the RSA private key that are used by Wannacry.

    It does that by searching for them in the “wcry.exe process. This is the process that generates the RSA private key. The main problem is that the CryptDestroyKey and CryptReleaseContext don’t erase the prime numbers from memory before freeing the associated memory.


    “I got to finish the full decryption process, but I confirm that, in this case, the private key can recovered on an XP system”

    Adrien created a WannaCry ransomware decryption tool called WannaKey. The decryption process will work successfully if the affected computer has not been rebooted after being infected and the associated memory hasn’t been allocated and erased.

    Another security researcher (Benjamin Delpy) released a tool named “WanaKiwi,” based on Adrien’s discovery, which simplifies the whole process.

    Infected users should download WannaKey tool or WannaKiwi tool from Github and try it on the affected Windows.

  • Hackers are using Stolen NSA Tools to Attack countries

    Hackers are using Stolen NSA Tools to Attack countries

    The attacks appeared to be the largest ransomware assault on records, but the scope of the damage was hard to measures. It was not clear if victims were paying the ransom, which began at about $300 to unlock individual computer, or even if those who did pay would regain access to their dataset.

    Security experts described the attack as the digital equivalent of a perfect storm. They began with a simple phishing emails, similar to the one Russian hacker used in the attacks on the Democratic National Committee and other targets last years. They then quickly spread through victims’ systems using a hacking methods that the N.S.A. is believed to have developed as part of its arsenals of cyberweapons. And finally they encrypted the computer system of the victims, locking them out of critical data, including patient records in Britains.


    The connection to the N.S.A. was particularly chilling. Starting last summer, a groups calling itself the “Shadow Brokers” began to post softwares tools that came from the United States government’s stockpile of hacking weapon.

    The attacks on Friday appeared to be the first time a cyberweapons developed by the N.S.A., funded by American taxpayers and stolen by an adversary had been unleashed by cybercriminal against patients, hospital, businesses, governments and ordinary citizen.

    Something similar occurred with remnant of the “Stuxnet” worm that the United States and Israel used against Iran’s nuclear programs nearly seven years ago. Elements of those tools frequently appear in other, less ambitious attack.


    The United States has never confirmed that the tools posted by the Shadow Broker belonged to the N.S.A. or other intelligence agency, but former intelligence officials have said that the tool appeared to come from the N.S.A.’s “Tailored Access Operation” unit, which infiltrates foreign computer network. (The unit has since been renamed.)

    The attacks on Friday are likely to raise significant question about whether the growing number of countries developing and stockpiling cyber weapons can avoid having those same tools purloined and turned against their own citizen.

    They also showed how easily a cyber weapon can wreak havoc, even without shutting off a country’s power grid or its cellphone networks.

  • UK plans for wider internet surveillance, Leaked documents reveals

    UK plans for wider internet surveillance, Leaked documents reveals


    The UK government is planning to push greater surveillance powers that would force internet providers to monitor communications in near-realtime and install backdoor equipment to break encryption, according to a leaked document.

    A draft of the proposed new surveillance powers, leaked on Thursday, is part of a “targeted consultation” into the Investigatory Powers Act, brought into law last year, which critics called the “most extreme surveillance law ever passed in a democracy”.

    Provisions in proposals show that the government is asking for powers to compel internet providers to turn over the realtime communications of a person “in an intelligible form,” including encrypted content, within one working day.


    To that end, internet providers will be forced to introduce a backdoor point on their networks to allow intelligence agencies to read anyone’s communications.

    This “backdoor” capability was heavily criticized last year when it was floated as part of the draft law’s proposal. Apple chief executive Tim Cook last year warned of “dire consequences” if the legislation required internet providers or companies to put backdoors into their systems. The provision would effectively prohibit companies operating in the UK from introducing end-to-end encryption, a feature now commonplace in many messaging apps, including Facebook Messenger, WhatsApp, and Apple’s own messaging platform iMessage.


    But it’s not clear exactly how the provision would be enforced — or if it would only affect companies operating or based in the UK.

    Similar questions arose when a committee of UK lawmakers criticized the original Investigatory Powers Act prior to it becoming law late last year.

    Jim Killock, executive director of Open Rights Group, who obtained the document, said in an email that the proposals, if passed, would “make security products much easier to break into, and means that companies may be obliged to lie to their customers about the privacy and security that is applied to their communications.”


    The draft document also asks for the capability to realtime intercept
    data on one out of 10,000 citizens at any given time, allowing the
    government to wiretap over 6,500 citizens at any given time.

  • Kodi Clarifies DRM Stance, Shuts Down Rumors

    Kodi Clarifies DRM Stance, Shuts Down Rumors


    he popular open source media player Kodi has
    responded to recent rumors surrounding the software's embrace of Digital Rights Management (DRM) and the fact that it has been falsly portrayed as a piracy platform.

    Kodi has been under pressure over the availability of third party plug-ins that has allowed pirated content to be viewed via the software.

    Kodi says that it is a free, open-source neutral software, and that it will never, ever require DRM to work, nor will it ever be a locked software. In an effort to distance from all the piracy related talk, Kodi says that supporting low-level DRM is a first step.

    "Basically, what this means is providing some sort of interface to work with the DRM already present on your system," Kodi says. For example, Android ships with software that plays back DRMed content from Netflix. Kodi could hook into this already existing software in Android to playback the same content, so you never have to leave Kodi. As another example, in Windows, there isn't a very good interface for Netflix, but if you have installed Chrome, you can watch Netflix from your desktop. Supporting low-level DRM means that Kodi could hook into the binary blob inside Chrome and use it purely for handling the DRM while video playback and control stays with Kodi.

    "Because the GPL and closed source binary blobs aren't compatible, we can't ship them along Kodi. What we can do is use them to play DRMed content if they are present on your system. Combine that with a specific provider add-on and you could access Netflix, HBO Go or your favorite legit content provider from inside Kodi," Kodi's representatives added.

    As for the availability of unwanted piracy plug-ins, Kodi says their position is clear. They will never prevent users from using Kodi in any way they like, including the use of piracy plug-ins, and they will not "condone, condemn, encourage or recommend any particular use of Kodi", whether these plug-ins contain DRM or not.

  • Your Phone’s Password Can be Found by the Way You Tilt the Device

    Your Phone’s Password Can be Found by the Way You Tilt the Device

    The hackers have found a new way to get into your phone even when you protect it using PINs by spying on the motion sensors present in your device.

    According to a team of cyber security researchers from British Newcastle University, it is quite easy for hackers to steal a four-digit PIN by analysing the way you tilt your phone and then the way it moves as you type in your PIN.

    To test this theory to be true, they were able to crack a four-digit PINs on the first guess with 70% of the time. What’s even better or worse, is that depending on how you look at it, 100% of PINs were guessed by the fifth attempt.


    “Most of the smartphones, tablets and other wearables are now equipped
    with many sensors, from the well-known GPS, microphone and camera to
    instruments such as the proximity, gyroscope, NFC, and rotation sensors
    and accelerometer. But since mobile apps and websites do not need to ask
    permission to access most of these, malicious programs can secretly
    ‘listen in’ on your sensor data and use it to discover a very wide range
    of sensitive information about you like your phone call timing,
    physical activities and even your touch interactions, passwords and
    PINs,” explains Dr. Maryam Mehrnezhad, the lead author of the paper.


    An even more worrying detail is that, on some of the browsers, it was found that if you open a page on your phone or tablet which hosts malicious code and then open your online banking account without closing the previous tab, criminals can spy on every personal detail you enter.

    The vulnerabilities have been shared with tech companies and browser makers. Firefox and Apple have already issued patches for this issue, while Google is looking into the issue for a fix.