| Dear Internet Archive Supporter,
You’re one of the special people who keeps the Internet Archive going strong—independent and ad-free. We’re a nonprofit website that the whole world depends on. Not everyone can afford to give. But you can. And it’s been great having you with us! Will you chip in again to support a library you can trust? Everyday, I turn to my screen for information. To make decisions, I depend on the reliability of what’s on the Web. More and more, that means I depend on the Internet Archive. So do 1000 journalists. And the readers of Wikipedia. Maybe you do, too. When I started this nonprofit, people called me crazy. Collect web pages? Why? Who would want to read a book on a screen? Why collect TV–isn’t it all garbage anyway? For 21 years, the Internet Archive has been dedicated to a single mission: to give everyone access to all knowledge, forever. For free. We’re working 24/7 to back up the Web. To digitize books and music and television before they’re lost. So if climate change data or entire newspapers disappear, we can tell you with confidence: We Got This. Did you know, this year we’ve:
Keeping up with the Web is a big challenge. It’s because of your support that we’ve been able to respond to these challenges year after year. The Internet Archive has only 150 staff but runs one of the top websites in the world. Reader privacy is very important to us, so we never track you. We don’t accept ads. But we still need to pay for servers, staff and rent. The Internet Archive is a bargain, but we still need your help. If everyone reading this donated $25 now, we could end this fundraiser today. It takes less than 90 seconds. I know because I’m a donor, too. If you find our site useful, please consider contributing $25, $50, $75 or whatever you can afford to keep the Internet Archive going in 2018. I promise you, it will be money well spent. Thank you for joining me. Brewster Kahle Founder & Digital Librarian |
Mac flaw allows full admin rights without a password
Apple had not set a password for the root superuser in its macOS High Sierra desktop operating system, a flaw that grants full access to all parts of a Mac computer.
The company quickly pushed out a patch to the fix the flaw, which only affected macOS High Sierra 10.13.1.
The issue was made public by software developer Lemi Orhan Ergin, who demonstrated the flaw and reported it to Apple’s tech support account.
Even when it was not possible to enter a user name at the main macOS login screen, the flaw could be exploited via the system preferences settings.
An attacker could for instance enter root as the username in the users and groups preferences setting, leaving the password field blank, and clicking on the unlock button.
After that, it was possible for an attacker to add new accounts with full administrative rights.
Attackers with root privileges could turn off macOS security features such as FileVault disk encryption, install malware, and copy and delete data.
Security researcher Patrick Wardle noted the flaw could also be exploited remotely if the target macOS system had resource sharing services enabled.
Attempting to log in created the root account with a blank password, Wardle said. If the root account was disabled, logging in remotely re-enabled it.
As Amazon’s Australian launch looms, MSY to overhaul website and add e-commerce
MSY Technology is expected to roll out a new e-commerce website in February, overhauling its famously clunky, PDF-based site as it faces new pressure in the form of Amazon’s Australian launch.
The new website is currently in beta undergoing stress tests, according to representative of the computer retailer who took part in an ask-me-anything (AMA) post on OzBargain.com.
The company had posted two job openings earlier this year for a Magento developer and full stack developer to develop the e-commerce website.
MSY will introduce a new centralised ordering system, aimed at shortening in-store wait times for customers that have ordered online.
MSY will follow online reseller Kogan by adopting adopt ZipPay, which allows customers to pay over an agreed period of time and is interest-free for purchases up to $1000.
In response to a question about the arrival of Amazon in Australia, the representative said: “We may suffer a bit once Amazon arrives but we do have our own strategies in place for the next 12 months to grow the business.”
He added that MSY was also looking to implement a new marketing and social media strategy next year.
“There are so many things that we can do on the marketing side,” he said. “A new 12-month marketing plan has been approved, starting next year.”
He added that the company would be opening more stores within the next 12 months, but declined to reveal any specific locations.
NBN to pause all HFC rollouts over customer experience issues
NBN Co will pause all new orders over the hybrid fibre coaxial (HFC) network until at least June 2018 as it works to improve the quality of service for internet service providers and end users.
Currently, one million premises are “ready to connect” and 370,000 have been connected already. NBN has been adding an average of nearly 80,000 new premises each month.
NBN claimed it would still hit its target to connect eight million active end users and deliver “a fully connected continent by the year 2020”
existing (non-NBN) ADSL and HFC customers should continue to access their current (non-NBN) service while these changes are made
Microsoft Australia fines Impact Systems and other resellers over unlicensed software
Sydney reseller reached a settlement with Microsoft after admitting to installing numerous illegitimate copies of Windows 10 Professional on customers’ PCs.
Microsoft’s investigators purchased a new PC which had a counterfeit certificate of authentication attached.
Reseller said a former staff member was responsible for the infringement, having acquired 10 illegitimate software licenses unbeknownst to the rest of the company.
Agamalis said he was quite happy to support Microsoft’s investigation once the infringement was brought to his attention, and was fined for the replacement costs of the licences.
Victorian reseller Budget PC agreed to pay Microsoft $150,000 in damages for selling unauthorised copies of Windows 7 to customers. Investigators purchased a computer from Budget PC that had Windows 7 installed using a product key from the Microsoft authorised refurbisher program (MAR), as well as a tampered certificate of authenticity.
Regional Queensland reseller Be Baffled agreed to pay $50,000 in damages to Microsoft for selling leaked product keys to customers. The company and its sole director acknowledged the infringement.
customers can determine whether they have purchased genuine Microsoft software at the How to Tell website at http://www.microsoft.com/en-au/howtotell
Bitcoin crosses $10,000 milestone
Bitcoin has zoomed past US$11,000 (A$14,519) to hit a record high for the sixth day in a row after gaining more than US$1000 in just 12 hours, stoking concerns that a rapidly swelling bubble could be set to burst in spectacular fashion.
After soaring more than 1000 percent since the start of the year, bitcoin rose as much as 15 percent on Wednesday.
It caps a remarkable rise in value for the crypto-currency, which was trading below $1,000 at the start of the year.
Some experts believe the asset still has far to soar, but others say it represents a speculative bubble with nothing tangible at its core that could burst any time.
The total value of all the bitcoins in existence has now surpassed $167bn.
Bitcoins were first produced in 2009 and took a long time to become an accepted holder of monetary value that could be swapped for real-world cash.
One early transaction involved using 10,000 bitcoins to buy two pizzas.
The boom has led to a general rise in many other virtual currencies.
One, known as Ethereum, is now worth about $480, but at the start of 2017 each one was worth only about $10.
Officeworks ‘first big-box retailer’ to integrate with Google Assistant
Officially enabled in Google Home and Google Home Mini, as well as eligible Android and iOS smartphones, Officeworks tells us its customers now have another way to engage with the leading retailer, in five simple words “Ok Google, talk to Officeworks.”
Just using your voice, you can search product information and check product availability in-store, find store locations and trading hours, if you’re a Google Assistant user on the platforms mentioned above, you now have unprecedented” access to information of more than 35,000 products online and 165 stores across the country.”
Accessing Officeworks through the Google Assistant also lets you add products to your ‘shopping list’, and in a few simple steps, place an order on the Officeworks website.
This ‘smart’ condom rates your bedroom skills, penis size and even checks for STIs
A British company claims to have created the world’s first “smart” condom which rates blokes’ performances and helps detects STIs.
The i.Con Smart Condom is like a Fitbit, but for your penis. It provides all the statistics men need
Data includes duration of intercourse, calories burnt, number and speed of thrusts, girth measurements and different positions used per week, month or year.
It will also help detect sexually transmitted infections such as chlamydia and syphilis.
Of course, if your pretty proud of your results, it’s possible to kiss and tell. Users “will have the option to share their recent data with friends, or, indeed the world”.
In a similar way to other health monitoring devices, it will use nanochip and bluetooth technology to relay the data to a smartphone app.
Over 96,000 people have already pre-ordered the product which will be released later this year for about $100.
JASON
—–
House hunters willing to pay a premium for better NBN connections
PROSPECTIVE home buyers and those looking to rent properties are increasingly concerned with the type of internet connection the house has, with some willing to pay a premium for NBN fibre to the home.
One of the criticisms of the multi technology mix employed by the NBN rollout is the fact that it is creating — at least in the short term — a digital divide depending on what access technology your home uses to connect to the network.
As a result, those seeking to rent or buy real estate, particularly among the younger generation, are seeking out suburbs and homes catered to by the best technology.
“A very, very common question is, ‘Is the home NBN connected?’” says Sydney real estate agent Joe Recep.
“And the next question is: ‘Is it connected to fibre-to-the-premise or is it fibre-to-the-node?’”
He said the question around the type of internet connection has become a top concern for buyers among traditional queries about the nearest bus stop and what school zone the property falls into.
“A lot of people do work from home nowadays, so it really is an essential rather than just a want,” he told news.com.au.
Mr Recep works for real estate company N G Farah in south-east Sydney, and says homes already connected to the NBN sell much quicker than those still waiting for the rollout.
In December last year, a web designer made a Chrome browser plug-in that automatically check NBN availability on listings appearing on realestate.com.au, Domain and AllHomes, which proved to be very popular after he posted it online.
Younger people are particularly keen to hunt out the properties lucky enough to be serviced by a full fibre connection.
Real estate company Cribz — an online property service designed to assist young people with their home search — recently polled its users and found renters are willing to pay about $30 extra per month for a home with the superior fibre-to-the-premise (FTTP) NBN connection.
“We’ve found that fast internet is becoming an evermore important utility for young people who want to spend their spare time streaming Netflix and services like Spotify,” said Cribz CEO Peter Esho.
Quality of internet ranked fourth for millennials when it came to house hunting, the company said.
The device to fix your 16GB or 32GB iPhone storage woes
APPLE’s latest range of iPhones have really stepped up the amount of storage capacity on its devices, offering welcome relief to users.
But if you’re still battling away with a 16GB iPhone 6, or perhaps a 32GB iPhone 7, you’ll know the frustration of opening up the camera app to be told your device is too full to be able to take a photo.
Unlike Android phones, Apple doesn’t give you the option to use a microSD card to increase storage space. So if like me, you have found yourself having to delete podcast episodes or old photos just so you can download a new app, there is a better way.
There are a bunch of external microSD devices which cater to storage-hungry iPhone users. If you want to offload photos and videos or carry around a large library of music and movies for your iOS device, card readers that plugs into your iPhone’s lightning port might be the way to go.
For instance, the Leef iAcess microSD reader for iOS costs about $A65 online and is marketed as “the easiest way to infinite memory”. The adaptor wraps around the back of the device to make it as unobtrusive as possible. There are plenty of similar products on the market that are worth checking out.
But if you don’t want something awkwardly sticking out of your iPhone, you might want to consider a wireless media hub, which relies on a Wi-Fi connection to provide essentially the same thing.
For example, the 1TB Western Digital MyPassport Wireless can be found online for a bit over $220. It’s about the size of a small square book and among other things can back up your iPhone or iPad and can connect to your device to let you access external media. It’s not the cheapest solution but less expensive than buying a new iPhone.
RECKLESS Pokemon Go players may have racked up as much as $A9.6 billion nationwide in costs related to car crashes, injuries and deaths last year, according to researchers.
The mobile game’s geeky devotees have made headlines for causing traffic injuries and fatalities, with players either ploughing into pedestrians while driving, or getting hit themselves while chasing Pokemon Go’s virtual creatures into the street.
In a study entitled “Death By Pokemon Go,” Purdue University researchers estimated that players across the country caused anywhere between $A2.6 billion and $A9.6 billion in traffic-related damages, including lost potential income from persons injured and killed.
The study cautioned that those numbers are “speculative,” but added that, “However measured, the costs are significant.”
Researchers extrapolated their nationwide estimate from police records of car accidents collected in Tippecanoe County, Indiana during a nearly five-month stretch that followed the game’s July 2016 launch.
During that period, Pokemon Go accounted for 134 additional accidents in Tippecanoe County alone, including 31 injuries, two deaths and vehicular damages of almost $A656,000, according to the study.
That marked a “disproportionate increase” versus the months that preceded Pokemon Go’s launch, the researchers noted. Including the cost of the two lives lost, the countrywide tab may have exceeded $A33 million, they estimated.
By cross-referencing the locations of the accidents with the locations of PokéStops — in-game checkpoints that players flock to — the researchers said they found credible evidence that Pokemon Go players were responsible.
In the game, players are encouraged to roam their neighbourhoods by foot to find digital creatures that they can add to their collections. The more they walk, the more they can catch.
Many players, however, jumped into cars to take their games on the road in hopes of increasing their odds of catching a rare Pokemon or padding their stats.
The Australian Competition and Consumer Commission has been slammed by telecommunications industry insiders over its almost 7-month delay to implement NBN speed test monitoring, as well as the “inadequate” methodology it has chosen for the tests.
The ACCC speed test announcement was first revealed by the regulator in April, with it saying then that after appointing a testing provider, it would “commence the program in May 2017, and will provide comparative information for consumers during the second half of the year”.
As of Wednesday, the ACCC had not yet appointed a broadband monitoring program provider, nor had it commenced the program or released comparative provider information for consumers.
It comes as Australian internet service providers come under increasing pressure to meet their NBN download speed promises, and as both Telstra and Optus promise to compensate users who did not get the speeds they were promised after the watchdog took action against them.
A new strain of cryptomining scripts that work through browsers continue their activity through a pop-under window even after a user shuts their browser, researchers have found.
Many websites have been outed for embedding such scripts in order to use the CPU and GPU power of users to mine for cryptocurrencies.
Security company Malwarebytes said in a blog post that the new technique had been spotted in tests that it had carried out using Google’s Chrome browser running on Windows.
Researcher Jérôme Segura said he had observed the following:
“A user visits a website, which silently loads cryptomining code; CPU activity rises but is not maxed out; the user leaves the site and closes the Chrome window; CPU activity remains higher than normal as cryptomining continues.”
He said that although the visible browser windows were closed, there was a hidden window that remained open.
“This is due to a pop-under which is sized to fit right under the taskbar and hides behind the clock,” he added.
Segura said that more technical users would be able to spot the presence of the pop-under window by running Windows Task Manager and terminating any browser processes that were still running.
===
https://www.itwire.com/security/80987-pentagon,-nsa-data-leaked-through-aws-bucket.html
A security company has found data belonging to the US Army Intelligence and Security Command in a publicly accessible Amazon Web Services S3 repository.
INSCOM is a joint US Army and NSA Defence Department command that collects intelligence for US military and political leaders.
But UpGuard, the company that made the discovery, said that most of the data could not be accessed without connecting to Pentagon systems.
The discovery was made on 27 September by UpGuard Cyber Risk Research director Chris Vickery who has made several such findings. There were 47 files and folders in the main directory, three of which could be downloaded.
UpGuard said the biggest of the files was an Oracle Virtual Appliance file that had a virtual hard drive and Linux-based operating system which could be browsed in their functional states.
The metadata of files indicated that many of them were marked Top Secret and NOFORN – the latter meaning that they should not be shared with non-Americans.
There were also indications in the metadata that “the box was worked on in some capacity by a now-defunct third-party defence contractor named Invertix”, UpGuard said.