source: techradar.com

 

Over the last decade we’ve seen things people wouldn’t believe. Samsungs on fire over our shoulder. We watched Windows Phones glitter in the dark near Bill Gates. 

Many of those moments are already lost in time, like tears in the rain. But some other awful things endure, and it’s time they got in the sea.

When it comes to naming the tech trends we’d like to see the back of, we’re spoilt for choice: hardware you can’t upgrade, surveillance tech you can’t evade, streaming service exclusives and Windows Flipping Updates. But despite their obvious irritations, they aren’t the worst. Far from it. These are the ones we love to hate, the tech trends we’d like to see the back of in the 2020s. 

Style over substance

You know who we’re going to pick on here. The 2010s were the decade when Apple’s designers ruled the school at the expense of practicality, when 'it just works' became 'it doesn’t work, but it looks brilliant'.

Remember the MacBook Pro keyboard that couldn’t handle people typing on it? The Mac Pro that didn’t so much put form over function as throw function in the bin, set the bin on fire and push the bin off a cliff? The MacBook with a single USB port that meant you couldn’t charge it and use an external device at the same time?

And don’t get us started on the iPhone headphone jack, the location of the charging point on the second-generation Magic Mouse or the clown car of remotes that ships with the Apple TV.

The good news is that Apple appears to have belatedly realised this, so for example the new 16-inch MacBook Pro has a proper keyboard again.

Here’s to more slightly duller but more user-friendly design decisions this decade.

Subscriptions for everything

You’re in a cafe. You ask for a coffee, but the barista won’t take your money. They want your bank details, because you can’t just buy coffee any more. You need to sign up to the Vibrate My Eyeballs Mega Super Deal Member Plan. You get seven days free and you can cancel at any time but if you forget it’s $79.99 a month.

That’s pretty much where tech is now.

The slow march of subscriptions didn’t stop with TV and movies. Today you don’t just need six different streaming subs to cover the programmes you want to watch and the songs you want to stream. You need your photo storage sub and your online gaming sub and your Creative Cloud sub and the Patreons you support and the sub that unlocks the filters in your photo app and your wireless security camera sub and the eighty-six different subs you’ve had to take out because nobody lets you just buy an app any more and you look at the graph in your online banking app and you ask yourself, hey! How did I get here?

And the short answer is: cheapskates, mainly. Cheapskates who wouldn’t pay for stuff even when it was reasonably priced, so the people who make stuff started to see too many ribs poking through their T-shirts and decided the only way they’d actually get to eat was to make the entrance fee zero and then hit everybody with a sub to actually make things work.

And that’s fine, and it’s fair, and it’s OK until the day when that check doesn’t clear or the client doesn’t pay and your bank account is full of cobwebs and your email app has 17 messages telling you there appears to be a problem with your payment method and nothing works anymore.

 source: usatoday.com

Hackers are breaking into home security cameras, and the process isn't always as difficult as you may think. 

This week, there were reports of hackers gaining access to Ring security cameras in Tennessee, Mississippi, Florida and Texas. And cybersecurity experts say incidents like these aren't very complex to execute because people often use passwords that are easily guessed.

"The easiest way for a hacker to gain access to something is to guess the username and password of the device's administrative account," said Brian Vecci, chief technology officer at the data protection company Varonis. "That's the most common way to get hacked."

He said bad actors are trolling through the internet, reading about devices that are exposed and keying in default usernames and simple passwords to see if they can gain access to real accounts. 

If it works, and you're the unsuspecting subject, they can watch you and your family during your most intimate moments. Hacker can, and have, also talk through the camera's speaker, startling kids and harassing parents. 

Yikes! Family says Ring camera in 8-year-old daughter's room accessed by hacker

Hackers hover near online shopping carts, too.It's called e-skimming

Home security cameras are also getting broken into because, like everything else that connects to the internet, they are inherently open to outside forces.

In order to monitor what's happening in your home remotely, security cameras have to be connected to the internet, Vecci said. And the moment you connect a device to the internet "hypothetically someone can get access to it."

What's even scarier is once a camera is compromised, hackers can make "lateral movements" onto other connected devices in your home.

So they could, in theory, disable your alarm system, unlock your front door if you have a smart lock, torment your household by blasting music and more, said Renaud Deraison, co-founder of the cybersecurity company Tenable.

"They can decrease your quality of life by hacking the tech that is supposed to improve your quality of life," Deraison said. 

Still, there are things you can do to help decrease the likelihood that someone will gain access to your home's security camera. Here's what you should do:

 

1. Go with a big-name vendor

When choosing a specific brand, choose a familiar company that treats security more responsibility. Large manufacturers with household names are held to higher scrutiny than a "no-name company," Deraison said. Nest, Samsung, Panasonic, Ring and Arlo are popular choices.

2. Upgrade to a cloud-based system 

Store your footage in a cloud. Tech companies that offer cloud-based storage systems can install software updates to patch vulnerabilities soon after they're discovered, Deriason said. 

Earlier this week, Tenable researchers said they discovered "seven severe vulnerabilities" in Amazon's Blink XT2 camera systems. Amazon patched the problem with a firmware update. 

3. Create complex passwords

"Don't use a default user name and password" that comes with your device, Vecci said. "Change your passwords to something long and difficult to break. Don't use last names, birthdays or addresses." Experts recommend a combination of upper and lower case letters, numbers and symbols. 

4. Use two-factor authentication

Two-factor is favored by security pros because you have to log in twice to get into your account. Hackers will try you once, and if not successful, move on to other prey. If you've ever had a six-digit verification code sent to your smartphone in order to log in to an online account, you're familiar with two-factor authentication. It basically sends you a notification when someone new tries to log on to your network. And they can't get in without access to your phone or email address.

5. Update your devices regularly

Surveillance camera vendors often expect users to update the devices manually, experts said. So every few months, you should check to see if yours has an available update. Set up manual security updates, if that's an option. 

"If you don't update your device, you end up with old software that’s not undergoing rigorous testing," Deraison said. "All of it together, you have a recipe for something that’s fairly insecure. You're risking a personal leak that could be devastating."

 source: threatpost.com

 The malware affected 100 different online publishers.

A malicious web redirect campaign affecting iPhone users has impacted more than 100 publisher websites, including online newspapers and international weekly news magazines.

According to The Media Trust’s Digital Security & Operations (DSO) team, iPhone users visiting any of the impacted websites were redirected in a recent malvertising campaign via a multistage process, to eventually land on a fraudulent popup masquerading as a grocery store reward ad. Along the way, the “Krampus-3PC” malware proceeded to harvest user session and cookie information from users, thus giving attackers the ability to log into users’ various online accounts

Adding insult to injury, if visitors click on the grocery store ad, they are also redirected to a phishing page that prompted them to enter their personal information.

“The malware was able to retrieve not only whatever information users entered but also their phone numbers, which were later used for phishing texts, and cookie IDs,” explained DSO, in a report [PDF] issued on Wednesday. “The cookie ID enabled Krampus-3PC to hijack the browser, and – if the user had other sites like their bank or favorite online retailer open on their device – gain access to the user’s account. Access to a session cookie would enable the malvertiser to log in as that user at a later time.”

The attackers – who are of unknown origin, according to The Media Trust – first placed an ad to be distributed via the Adtechstack adtech provider. They then used the platform’s API to insert rogue code.

“Because they are running an ad on the platform, they have access to the platform’s tools. The platform takes the ad from the malicious advertiser, and the ad platform sold it to the publisher not knowing it was malicious,” Mike Bittner, director of digital security at The Media Trust, told Threatpost.

 source: nytimes.com

A high-profile inspector general report has served as fodder for arguments about President Trump. But its findings about surveillance are important beyond partisan politics.

When a long-awaited inspector general report about the F.B.I.’s Russia investigation became public this week, partisans across the political spectrum mined it to argue about whether President Trump falsely smeared the F.B.I. or was its victim. But the report was also important for reasons that had nothing to do with Mr. Trump.

At more than 400 pages, the study amounted to the most searching look ever at the government’s secretive system for carrying out national-security surveillance on American soil. And what the report showed was not pretty.

The Justice Department’s independent inspector general, Michael E. Horowitz, and his team uncovered a staggeringly dysfunctional and error-ridden process in how the F.B.I. went about obtaining and renewing court permission under the Foreign Intelligence Surveillance Act, or FISA, to wiretap Carter Page, a former Trump campaign adviser.

“The litany of problems with the Carter Page surveillance applications demonstrates how the secrecy shrouding the government’s one-sided FISA approval process breeds abuse,” said Hina Shamsi, the director of the American Civil Liberties Union’s National Security Project. “The concerns the inspector general identifies apply to intrusive investigations of others, including especially Muslims, and far better safeguards against abuse are necessary.”

Congress enacted FISA in 1978 to regulate domestic surveillance for national-security investigations — monitoring suspected spies and terrorists, as opposed to ordinary criminals. Investigators must persuade a judge on a special court that a target is probably an agent of a foreign power. In 2018, there were 1,833 targets of such orders, including 232 Americans.

Most of those targets never learn that their privacy has been invaded, but some are sent to prison on the basis of evidence derived from the surveillance. And unlike in ordinary criminal wiretap cases, defendants are not permitted to see what investigators told the court about them to obtain permission to eavesdrop on their calls and emails.