Jump to content



Member Since 25 Feb 2004
Offline Last Active Yesterday, 07:12 PM

Topics I've Started

New tool safely checks your passwords against a half-billion pwned passwords

Yesterday, 07:05 PM

A new system that securely checks whether your passwords have been made public in known data breaches has been integrated into the widely used password manager, 1Password. This new tool lets customers find out if their passwords have been leaked without ever transmitting full credentials to a server.
Security researcher Troy Hunt this week announced his new version of "Pwned Passwords," a search tool and list of more than 500 million passwords that have been leaked in data breaches. Users can access it online and developers can connect applications to it via an API.
Within a day, the company AgileBits had integrated Hunt's new tool into the 1Password password manager. AgileBits' announcement describes how it works:

Troy's new service allows us to check your passwords while keeping them safe and secure. They're never sent to us or his service.
First, 1Password hashes your password using SHA-1. But sending that full SHA-1 hash to the server would provide too much information and could allow someone to reconstruct your original password. Instead, Troy's new service only requires the first five characters of the 40-character hash.
To complete the process, the server sends back a list of leaked password hashes that start with those same five characters. 1Password then compares this list locally to see if it contains the full hash of your password. If there is a match then we know this password is known and should be changed.

Customers with 1Password.com accounts can already use the tool in a Web browser. You'll need to input "Shift-Control-Option-C (or Shift+Ctrl+Alt+C on Windows) to unlock the proof of concept." After that, a "Check Password" button will appear next to your passwords.

Read full article @ https://arstechnica....wned-passwords/

Amazon Prime Subscription Increases to $12.99 a Month

20 January 2018 - 12:43 AM

Amazon Prime is getting more expensive for monthly subscribers.

Amazon today raised the price of Prime from $10.99 a month to $12.99. The price of a yearly subscription is still $99, so no change there. Meanwhile, Prime Student now costs $6.49 a month, up from $5.49. The price of an annual Prime Student subscription is remaining the same at $49.

Prime offers free, two-day shipping on Amazon.com purchases; unlimited access to Prime Video, Prime Music, and Prime Reading; unlimited photo storage via Prime Photos; discounts on games; early access to Amazon's Lightning Deals; and special discounts at Whole Foods.

The online retail giant is likely trying to push users to its annual Prime plan, which has always been a better deal for those planning to stick with the service for a while.

Now, a monthly subscription makes even less sense financially. If you're on the monthly plan and wind up sticking with Prime for a year, you'll pay almost $156.

Amazon is notifying affected Prime subscribers about this change via email.

"Prime provides a unique combination of shipping, shopping, and entertainment benefits, and we continue to invest in making Prime even more valuable for our members," Amazon wrote in the message. The company went on to say that it now offers 100 million items with two-day Prime shipping, and same- and one-day deliveries in more than 8,000 cities and towns.

Read full article @ https://www.pcmag.co...o-12-99-a-month

YouTube Is Demonetizing Small Channels, And That's A Good Thing

19 January 2018 - 02:59 AM

YouTube has announced changes to its monetization program, telling content creators with small channels that they'll no longer be able to monetize unless they can grow their subscriber base to above 1,000 subscribers, with 4,000 hours of view time in the past 12 months.


This is a new benchmark, the previous being a set 10,000 lifetime views in order to join the YouTube Partner Program and begin monetizing content.


This has thrown the YouTube community into a tizzy, with accusations of favoritism flying. Partly this is YouTube's fault, of course. In a blog post, the company states that this is a new measure to ensure that content is up to YouTube's community standards, and many have pointed out that very large channels are often just as much to blame for questionable content as their smaller, if more numerous, counterparts. Look no further than Logan Paul's 'suicide forest' video for a pretty stellar example of this kind of abuse. Or much of Logan Paul's other content, for that matter.


But I simply cannot find a spark to light my own inner outrage torch, or any reason to jump on this anti-YouTube bandwagon, pitchfork at the ready. There are many wonderful reasons to shake your fist at YouTube, from its misfiring algorithms to Content ID to the very existence of Logan Paul, but this is not one of them.
Let's break the issue down:

  • I have a very small YouTube channel (just under 4,000 subscribers) that I consider more of a hobby at this point than a serious attempt at making money. In fact, I make so little money from it that I barely even notice. If I had just a quarter of the subscribers (or less) than I have now I imagine income would be negligible at best. It's not unreasonable to suggest that prior to making money off one's videos, a content creator should have a more substantial subscriber base, if only because this hardly affects these channels to begin with.
  • Perhaps someday I will decide I want to make more money on YouTube, at which point I will want to work harder at it and grow the channel into something that can sustain itself. That won't be easy, but YouTube's new rules aren't the issue. The issue is growing a sizable enough subscriber base to make actual money in the first place. That means numbers exponentially higher than 1,000 subs and 4,000 viewing hours in a year.
  • Nor does this policy prevent small channels from growing. In fact, I'd suggest that when you're just starting out you avoid monetizing videos entirely. You won't make any real money off of ads anyways, and having ad-free content will ingratiate you with potential viewers. This way, you can grow your channel and your popularity and eventually get on the Partner Program. Many content creators with Patreon followings, such as Jim Sterling, hbomberguy and Colin Moriarty, don't need to monetize their videos to begin with.
  • And finally, it's important to remind everyone that there was already a benchmark to begin with: 10,000 channel views. If you think about it, that penalizes even smaller channels. But thinking about it in terms of "penalty" or "favoritism" is wrong to begin with. This is a benchmark content creators need to pass in order to be taken seriously enough to begin making money off their content. Besides, this ensures that content creators are still making videos. Rather than a one-time 10,000 view benchmark, channels need to continue to hold a subscriber base and regularly get views in order to remain in the Partner Program, which just makes sense.

Ultimately, YouTube needs to do better in so many ways it's hard to list them all. The company needs to:

  • Improve its system of demonetizing videos that don't adhere to community guidelines. The current automated system paints with a broad (if irregular) brush. More human beings need to be involved in this process.
  • Content ID, copyright strikes, and so forth are all too easily abused. Meanwhile, actual plagiarism and content theft occurs all the time that isn't caught in the Content ID net.
  • Videos like Logan Paul's 'suicide forest' should never make it to the #1 Trending spot to begin with, and YouTube needs to react more swiftly to obvious abuses like this especially from its biggest stars.
  • Even many top YouTubers complain that YouTube is terrible in its communication with content creators. YouTube needs to find ways to better communicate with all content creators, large and small.

And the list goes on.

Read full article @ https://www.forbes.c...g/#2a791d1253d8

A weird glitch is making Google hardware devices get stuck in sleep mode and then overl...

17 January 2018 - 05:09 AM

Several of Google's hardware devices, including the popular Chromecast video streaming dongle and the new top-of-the-line smart speaker, appear to suffer from a glitch that can temporarily freeze a consumer's home wireless network.

Numerous owners of the devices have recently reported experiencing WiFi network issues, and several tech blogs say Google is to blame.

On Tuesday, a maker of networking products by the name of TP-Link wrote in a blog post that its routers have been affected by Google devices that use the Google "casting" feature.  The company said a glitch caused a WiFi network to become temporarily unresponsive or disconnect from other devices that were connected to the network.

WiFi routers from other companies, including Linksys, Asus, Netgear, and Synology are also reportedly affected.

It's not clear whether the problem stems from a flaw in Google's hardware, or whether it's the result of a broader software issue.

But the news represents the latest blow to Google's efforts to enter the hardware market, where it has limited experience and competes against longtime gadget makers like Samsung and Apple. In October, Google was forced to disable a button on the Home Mini smart speaker before the product even shipped due to a privacy problem.
Google "casting" devices come out of sleep mode and cause disruptions

According to TP-Link's blog post on the WiFi issue, the problems began in October 2017.

The company explained that under normal circumstances, Google's casting devices are designed to wake from a sleep state every so often to communicate with a WiFi router with small bits of data, called "packets."

The problem is that some of Google's devices were malfunctioning and wouldn't rise out sleep mode for longer periods of time. When they did awake from their slumber, they flooded a WiFi router with huge amounts of data packets at a "very high speed," which would overwhelm certain routers and cause the disruptions. The amount of data that would be sent to a WiFi router depended on how long a Google casting device was in sleep mode.

Read full article @ http://www.businessi...networks-2018-1

Windows Meltdown-Spectre Fix: How To Check If Your Av Is Blocking Microsoft Patch

06 January 2018 - 08:23 PM

 Antivirus firms are gradually adding support for Microsoft's Windows patch for the Meltdown and Spectre attack methods that affect most modern CPUs.

As Microsoft warned this week, it's not delivering its January 3 Windows security updates to customers if they're running third-party antivirus, unless the AV is confirmed to be compatible with it.

Microsoft's testing found some antivirus products were producing errors by making unsupported calls into Windows kernel memory, resulting in blue screen of death (BSOD) errors.

Third-party Windows antivirus products need to support Microsoft's security update and set a Windows registry key for customers to receive the update via Windows Update.

To make matters more confusing, only some antivirus vendors are actually doing both, while others require admins to set the registry key themselves, using Microsoft's instructions. Additionally, some antivirus companies haven't completed compatibility testing.

Microsoft hasn't said which antivirus products are compatible beyond its own Windows Defender and Microsoft Security Essentials. However, security researcher Kevin Beaumont has created a public spreadsheet that may help IT admins prepare for installing Microsoft's mitigations for the attack techniques that affect CPUs from Intel, AMD and Arm, albeit to differing degrees.

Attached File  windowspatchav.png   236.43KB   18 downloads

Third-party Windows antivirus products need to support Microsoft's security update and set a Windows registry key for customers to receive the update via Windows Update.

Trend Micro says its products Trend Micro OfficeScan, Worry-Free Business Security, and Deep Security are affected by Microsoft's new requirement for vendors to verify compatibility with the patch. While the company has completed testing and confirmed compatibility, customers who rely on Windows Update currently need to set the registry key themselves.

It hasn't completed compatibility testing for all its products yet because Microsoft released the patch earlier than expected, according to Trend Micro. The company had been targeting the expected Patch Tuesday on January 9 rather than January 3. As such, the company is currently working on setting the registry in its products.

Others that have confirmed compatibility but haven't set the registry key in their products include CrowdStrike, Endgame, McAfee, and SentinelOne. Microsoft offers separate instructions for setting the registry key on Windows Server and Windows clients.

Antivirus firms that have confirmed compatibility and set the registry keys in their products include Avast, Avira, EMSI, ESET, F-Secure, Kaspersky, and Malwarebytes.

Symantec is also in this second group but some customers have reported that the Symantec Endpoint Protection (SEP) tray icon is reporting "multiple problems" after applying Microsoft's update and Symantec's updated Erasure engine.

"On January 4, 2018, Symantec released an updated Eraser engine to ensure compatibility with the Microsoft out-of-band update that had been released the previous day. While this engine update resolves the compatibility issues it was meant to address, some environments have reported issues with the SEP system tray icon after applying both updates," Symantec says in a support note.

Applying operating system updates and dealing with antivirus compatibility issues are only half the solution.

Read full article @ http://www.zdnet.com...icrosoft-patch/