The New Screen Savers 120: Echo, Echo, Echo…

Leo Laporte and Roberto Baldwin try out the new Multi-Room Music feature on the Amazon Echo. We’ll set up several Echos in the studio to set it up and find out how it works. Anker has a new sister brand for smart-home devices called Eufy. One of their latest products is a tiny smart speaker called the Genie. We’ll see how to compares to the Echo Dot. Megan Morrone continues her #DigitalCleanse. This week is number four: Cleaning up your cloud storage. We’re going to revive an old Mac Pro (mid-2010) for our ‘Call for Help,’ and install NVIDIA’s flagship gaming GPU the GeForce GTX 1080 Ti. We’ll take a first look at Tovala’s meal kit service that cooks itself in a smart oven that can steam, bake, and broil. Jason Howell shows us some AR apps on the Asus Zenfone AR. In the ‘Mail Bag,’ we answer questions about what to do with vintage computers and tracking apps for Android.

– Apple to unveil the next iPhone September 12th at the new Apple campus.
– Juicero shuts down and won’t sell juice packs.
– In an email snafu, Essential shared driver’s licenses numbers of some customers.
– Roberto was at the Hyperloop Pod Competition where the winning pod hit over 200MPH.

Advertisements

This Android Trojan blocks victims from alerting banks

By Michael Kan | PCWorld

A new Trojan that can steal your payment data will also try to stymie you from alerting your bank.

Security vendor Symantec has noticed a “call-barring” function within newer versions of the Android.Fakebank.B malware family. By including this function, a hacker can delay the user from canceling any payment cards that have been compromised, the company said in a blog post.

Fakebank was originally detected in 2013. It pretends to be an Android app, when in reality, it will try to steal the user’s money.

The malware works by first scanning the phone for specific banking apps. When it finds them, the Trojan will prompt the user to delete them and install malicious versions of those same apps.

The newer variants of Fakebank.B, however, will do more than just collect financial login data. They will also monitor whatever phone calls are made.

If the customer service numbers of certain banks are dialed, the Trojan will cancel the call, Symantec said. Instead, users will have to use email or another phone to reach their banks.

So far, this new Trojan has only been detected in Russia and South Korea. Symantec is advising users refrain from downloading apps from less trustworthy sources, like third-party app stores.

The call-barring function shows how banking Trojans are continuing to evolve. Earlier this year, Symantec detected another kind called Android.Bankosy that can bypass voice-based two-factor authentication systems.

To do this, the Trojan will secretly activate call forwarding on the victim’s phone. All calls will then be redirected to the hacker’s own number.

This botnet has infected nearly a million devices since 2014

By | TechSpot

One of the many ways that cybercriminals earn income is through affiliate advertising programs like Google’s AdSense. Rather than generate traffic through content creation, hackers figure out ways to trick advertising platforms into thinking a partner is sending them legitimate traffic. Not knowing they’re being scammed, the advertising platform pays the partner for the referral.

Such is the case with a clickbot known as Redirector.Paco which Bitdefender Labs detailed on Monday.

According to the security firm, Redirector.Paco has been active in the wild since September 2014. On an infected system, whenever you perform a query on a popular search engine like Bing, Google or Yahoo, the search results are replaced with affiliate links which, when clicked, generate revenue for the hacker.

Bitdefender Labs says the malware is able to redirect traffic by making a few simple registry tweaks on the infected system which tells the browser to send the traffic to a different address. The malware attempts to make the search results look authentic although there are signs – like messages in the status bar referencing a proxy – that indicate something is amiss.

Lengthy load times are also an indicator of infection, Bitdefender Labs said.

The malware has infected more than 900,000 IPs worldwide, most of which are located in Algeria, Brazil, Greece, India, Italy, Malaysia, Pakistan and the US. The payload is typically injected into modified installers for trusted programs including Connectify, WinRAR, KMSPico, Start8, Stardock and YouTube Downloader.

Tech support scammers now utilizing ransomware-like lock screens to threaten people

By Justin Luna | Neowin

Some of us may be very well aware of the classic tech support scam stories, where a man randomly calls people, and informs them that they are from “Windows company” and that the call recipient’s computer has been detected full of viruses. These cold callers then use fake Blue Screen of Deaths, and make the victim think there really is something wrong with their PC.

Tactics like these can be easily terminated, with the use of a few built-in Windows tools, as well as a few keystrokes. However, scammers have been seen improving their game, and are now incorporating lock screens, in order to threaten a user even more.

This technique can be attributed to the infamous ransomware, where a malicious program encrypts a user’s computer files, and sets a PC to be stuck on a lock screen prompting them to pay up.

As for this one, the scammers trick the victims into thinking that their Windows’ license has expired, and then removes any ability for the user to control their computer. “This is not a fake browser pop up that can easily be terminated by killing the application or restarting the PC. No, this is essentially a piece of malware that starts automatically, and typical Alt+F4 or Windows key tricks will not get rid of it,” according to Jérôme Segura of Malwarebytes Labs.

There is an entire ecosystem on how these malware are being distributed, one of which includes bundling them into Pay Per Install applications. “What you thought was a PC optimizer or Flash Player update turns out to be a bunch of useless toolbars and, in some cases, one of these lockers,” said Segura.

A security researcher, @TheWack0lian has shared a sample on how the new tech support scam tactic works. Through a genuine-looking Microsoft program, which installs without any particular incident, the malware waits for the user to restart their system. Upon rebooting, a user will be welcomed by what looks like Windows configuring updates, though this is already the malware kicking in.

Once its “process” is done, it displays an error screen saying that the user’s Windows license is expired. It even takes the time to display the user’s current license key and computer name, to make it look more legitimate.

Now, to be able to unlock the system, the only choice a user has is to dial the number flashed on the screen, leading them into the said cold tech support scammers who are eager to steal victims’ personal information, as well as their credit card number. Calling the number, it was discovered by the researchers that there is a hidden functionality to the locker. Pressing Ctrl+Shift+T will display an installer for TeamViewer, a remote access computer program. However, the scammer refused to proceed with unlocking the computer unless a payment of $250 is made.

Fortunately, the researchers were able to find a way to bypass the lock screen. Victims of the said issue can press Ctrl+Shift and then the S key. Alternatively, a user can enter either “h7c9-7c67-jb” or “g6r-qrp6-h2” or “yt-mq-6w” into the “Product Key” field to be able to unlock the PC. This however, might only work for some versions of the rogue program.

With these kinds of programs rapidly evolving right before our eyes, it is very alarming to see how much these kinds of malware can take many innocent and susceptible people hostage, and play on their fears in addition to stealing money from them.

It always pays to be wary of where we always go on the internet, as well as what links we click on. Also, a good security software is always handy, to be able to block out the malware that can possibly not only ruin our computers, but also possibly a part of our lives.

Facebook pays $10,000 to 10-year-old for finding Instagram flaw that allowed comments to be deleted

By | TechSpot

You have to be at least 13 years old to have an account on Instagram, but this didn’t stop one 10-year-old Finnish boy from exposing a vulnerability in the Facebook-owned photo-sharing application and winning $10,000 for his work.

Helsinki-based Jani (his parents didn’t reveal his last name) discovered that he could erase any written content on Instagram by altering code on its servers. Facebook told Forbes that he verified this by deleting a comment the company posted on a test account.

The Facebook spokesperson added that the problem came from a private application program interface not properly checking that the person deleting the comment was the same one who posted it.

“I tested whether the comments section of Instagram can handle harmful code. Turns out it can’t. I noticed that I can delete other people’s comments from there,” Jani told Helskini-based newspaper Iltalehti. “I could have deleted anyone’s – like Justin Bieber’s for example.”

Facebook’s bug bounty program rewards people who identify and report security issues. In the five years since it launched, it has paid $4.3 million to more than 800 researchers for over 2400 submissions. Instagram was added to the program in 2014.

Payouts vary based on the level of risk a bug poses. Considering the average reward last year was only $1780, Jani’s $10,000 shows that Facebook regarded it as a fairly high-level threat.

Jani, who learned his skills by watching YouTube instructional videos, is now the youngest person to receive a reward from the program, beating the record set by a 13-year-old back in 2013. He said he plans to buy a football and new bicycle with some of the money.

Google kills the Chrome app launcher on Windows, Mac, and Linux | PCWorld

By   | PCWorld

Google’s attempted invasion of the Windows desktop is now officially over. The Chrome-maker recently announced that the Chrome app launcher will be removed from Windows, Mac, and Linux in July, though it’ll stick around in Chrome OS. Google says it’s dumping the app launcher in the name of streamlining the browser after discovering that most Chrome users “prefer to launch their apps from within Chrome.”

The app launcher was one of three Chrome browser features that appeared to be specifically designed to turn Chrome into a “platform within a platform” on Windows. In addition to the app launcher—which sat in the taskbar and allowed users to fire up Chrome apps just like a normal desktop program, miming Windows Start menu functionality—Google killed Chrome’s notification center in October. That feature was replaced with native web push notifications, a standardized feature that sites can use across all browsers.

Beyond those two features, Google also created a modern UI version of the browser for Windows 8 that essentially put Chrome OS inside Windows. Microsoft’s decision to do away with Windows 8’s ill-advised dual UI for a more traditional desktop in Windows 10 killed Google’s attempt at “Chrome OS for Windows.”

The impact on you at home: If you’re one of the few fans of Chrome’s app launcher, Google may still provide a way for you to launch Chrome apps from the taskbar. Right now, you can create a desktop shortcut for Chrome apps by typing chrome://apps into the Omnibox, right-clicking an app, and then selecting Create shortcuts. The shortcut can then be dragged from the desktop onto the taskbar. We’re confirming with Google that this functionality will remain once the app launcher goes away and will update this story should the company respond.

Following a public outcry, Amazon will reinstate encryption on its Fire devices this spring

By | TechSpot

There are rare occasions when a consumer outcry can cause a company to reverse an unpopular decision it has made, and it seems Amazon is the latest firm to bow to public pressure. Only one day after an update removed local encryption in its Fire range of products, Amazon has decided to restore the feature.

Amazon said it removed the encryption, which it referred to as “enterprise features,” because customers weren’t using it. One of the features in question allowed owners to encrypt their device with a pin which, if entered incorrectly 30 times in a row, deleted all the data stored on it.

Fire OS 5 was originally released in the fall of last year, but the issue came to light earlier this month when Amazon released an over-the-air update for its older Fire devices to upgrade from OS 4.

The e-commerce giant’s move was particularly surprising when you consider that Amazon is one of the big tech companies filing a court brief supporting Apple in its battle with the Department of Justice. The outcome of the San Bernardino shooter iPhone case could have a profound effect on how firms implement encryption in their products, and whether they should include a backdoor to grant authorities access.

As you would expect, Amazon’s decision wasn’t well received, and the company decided that returning the encryption features would be in everyone’s best interests.

“We will return the option for full disk encryption with a Fire OS update coming this spring,” a spokesperson said. Amazon didn’t state what prompted the company to change its mind, but the amount of negative publicity it received, coupled with the attention from the Apple case, doubtlessly played a big part.

Mozilla retires Firefox’s sponsored tiles, hunts for new revenue streams

By | Ars Technica

Way back in 2014, Firefox rolled out an unpopular feature to its nightly builds: sponsored tiles on its “new tab” page. The feature, which was opt-in by default, showed ads that were based on your browsing history. Eventually, after a very long beta testing period, the sponsored tiles were loosed upon all 500 million-or-so Firefox users in May this year.

Now, just a few months later, the feature is being retired. Sponsored tiles will continue to appear for the next few months while Mozilla “fulfils its commitments” (i.e. clears out ad inventory), but then they’ll be gone entirely. Writing on the official Mozilla blog, vice president Darren Herman explains that, “advertising in Firefox could be a great business, but it isn’t the right business for us at this time because we want to focus on core experiences for our users.”

Later in the blog post, which was probably published on Friday afternoon in an attempt to dodge the news cycle, Herman repeats the refrain that we’ve heard many times over the last few years: “We believe that the advertising ecosystem needs to do better … Mozilla will continue to explore ways to bring a better balance to the advertising ecosystem for everyone’s benefit, and to build successful products that respect user privacy and deliver experiences based upon transparency, choice and control.”

In the meantime, Herman says that Mozilla wants to “reimagine content experiences and content discovery in our products.” As for what these reimaginations might look like though, we have no idea. Firefox did recently launch on iOS, however, so that’s something. Instead of sponsored tiles, maybe the new tab page will somehow suggest new sites for you to visit, based on your browsing history and category selections? Kind of like a mini in-browser Reddit?.

Firefox’s targeted sponsored tiles always seemed a little out of place for a browser that is essentially predicated on free, libertarian ideals. You can’t exactly blame Mozilla for trying, though. Since its inception, Mozilla has been entirely reliant on revenues from search engines. For years, Google paid Mozilla hundreds of millions of dollars to be Firefox’s default search engine. In recent years, Mozilla has diversified its search engine defaults—Yahoo is now the default in the US, Yandex in Russia, and Baidu in China—but according to its 2014 financial report, 98 percent of its revenue still came from these search engine deals. If something dramatic causes those deals to fall through, Mozilla does ideally need another way of making money.

Speaking of which, just like Wikipedia, Mozilla’s annual donation drive is currently live: when you open up Firefox, you’ll be greeted with a screen that asks you for a donation. If you want to donate money, but the plea doesn’t appear in your browser, you can donate directly on the Mozilla website.

Microsoft, global law enforcement agencies disrupt Dorkbot botnet

By | Techspot

Microsoft, in cooperation with a number of law enforcement agencies around the world, managed to disrupt a botnet that’s infected over a million PCs across more than 190 countries.

First discovered in April 2011, Dorkbot is an IRC-based botnet that has been commercialized by its creator and is readily available for purchase on underground online forums as NgrBot. The malware relies on USB drives, social networks, IM clients, spam and drive-by downloads for distribution.

It’s most often used to steal login credentials for many of today’s top sites and services including AOL, eBay, Facebook, Gmail, Godaddy, Netflix, PayPal, Steam, Twitter, Yahoo and YouTube.

Over the past six months, Microsoft said it detected Dorkbot on roughly 100,000 systems each month with the majority of infections spotted internationally.

Microsoft said it worked with CERT Polska, ESET, the Canadian Radio-television and Telecommunications Commission, the Department of Homeland Security’s United States Computer Emergency Readiness Team, Europol, the Federal Bureau of Investigation, Interpol and the Royal Canadian Mounted Police to disrupt the botnet.

Details on exactly what actions were taken to disrupt Dorkbot weren’t mentioned.

The US Computer Emergency Readiness Team (CERT) advises those that have been infected to use and maintain anti-virus software, change passwords, keep operating system and application software up-to-date, use anti-malware tools and disable Windows Autorun.

Security vulnerabilities found in support software from Lenovo, Toshiba, and Dell

By | PCWorld

The number of vulnerabilities discovered in technical support applications installed on PCs by manufacturers keeps piling up. New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.The most serious flaws appear to be in Lenovo Solution Center and could allow a malicious Web page to execute code on Lenovo Windows-based computers with system privileges.The flaws were discovered by a hacker who uses the online aliases slipstream and RoL and who released a proof-of-concept exploit for them last week. This prompted the CERT Coordination Center at Carnegie Mellon University to publish a security advisory.

One of the issues is caused by the LSCTaskService, which is created by the Lenovo Solution Center and runs with SYSTEM privileges. This service opens an HTTP daemon on port 55555 that can receive commands. One of those commands is called RunInstaller and executes files placed in the %APPDATA%\LSC\Local Store folder.

Any local user can write to this directory, regardless of their privilege, but the files are executed as the SYSTEM account. This means that a restricted user can exploit the logic flaw to gain full system access.

Furthermore, there is a directory traversal flaw that can be exploited to trick the Lenovo Solution Center to execute code from arbitrary locations, so an attacker doesn’t even need to place files in the aforementioned Local Store folder.

Finally, the LSCTaskService is vulnerable to cross-site request forgery (CSRF), an attack method through which a malicious website can relay rogue requests through the user’s browser. This means that, in order to exploit the previous two flaws, an attacker doesn’t even need to have local access to the system where the Lenovo Solution Center is installed and can simply trick the user to visit a specially crafted Web page.

In a security advisory on its website, Lenovo said that it is currently investigating the vulnerability report and will provide a fix as soon as possible. Until then, concerned users can uninstall the Lenovo Solution Center in order to mitigate the risk, the company said.

Slipstream also published proof-of-concept exploits for two other, lower-impact, vulnerabilities—one in the Toshiba Service Station and one in Dell System Detect (DSD), a tool that users are prompted to install when they click the “Detect Product” button on Dell’s support website.

The Toshiba Service Station application creates a service called TMachInfo that runs as SYSTEM and receives commands via UDP port 1233 on the local host. One of those commands is called Reg.Read and can be used to read most of the Windows registry with system privileges, according to the hacker.

“I have no idea what to do with it, but someone else might,” slipstream wrote in the exploit comments.

The flaw in DSD apparently stems from the way Dell attempted to fix a previous vulnerability. According to slipstream, the company implemented RSA-1024 signatures to authenticate commands, but put them in a place on its website where attackers can obtain them.

These can be used as a crude bypass method for Windows’ User Account Control (UAC). In this context, the bypass means that “if DSD isn’t elevated, we annoy the user with elevation requests until they click yes,” the hacker said.

This is not the first time when vulnerabilities have been found in support tools installed on Lenovo or Dell computers.

Toshiba and Dell did not immediately respond to a request for comment.