Episode 527 – Aussie Tech Heads Shownotes

posted in: Show Notes

 

Microsoft calls time on Windows Vista support

upport for Windows Vista support is finally coming to an end, just over a decade after it went on sale.

No more updates after April 11, 2017

Windows Vista, holds 0.78 percent of the total market share

Next up for the can is Windows 7 – but you should have until January 2020 to say goodbye.

Image result for windows vista


No updates for Windows 7/8.1 on new hardware

Users with computers that feaure the latest processors from Intel, AMD, and Qualcomm were met with error messages when using Windows Update to get patches, including:

“Unsupported Hardware. Your PC uses a processor that isn’t supported on this version of Windows and you won’t receive updates.”

“Windows could not search for new updates. An error occurred while checking for new updates for your computer. Error(s) found: Code 80240037 Windows Update encountered an unknown error.”

Microsoft earlier this month said Windows 7 and 8.1 computers with Intel’s 7th generation Core processors, and those with AMD Bristol Ridge and Qualcomm 8996 chips or later, “may no longer be able to scan or download updates through Windows Update or Microsoft Update”.

Instead, Microsoft wants users to upgrade to Windows 10 if they have the latest hardware, despite Windows 7 being supported to 2020 by Microsoft. Windows 8.1 is supported to 2023.

The company had to back down on cutting short the support period for Wndows 7 and 8.1 for users whose computers contained Intel’s 6th generation Skylake processors.

Although support for Windows 7 and 8.1 on Skylake processor PCs will continue to January 2020 and 2023 respectively, Microsoft said last year that the newer Intel Kaby Lake and AMD Bristol Ridge hardware would only be supported on Windows 10.

Image result for windows support win 7 old hardware


US man loses appeal over encrypted drives

hard drives seized during an investigation regarding child sexual abuse images.

The man, who has not been named in court documents, has been held in custody for nearly 18 months.

The man’s lawyer has argued that his client is protected by the Fifth Amendment, which protects US citizens from incriminating themselves.

A police search in 2015 at the suspect’s home recovered an Apple iPhone 5S, Mac Pro computer and two external hard drives.

Authorities allege that they found evidence suggesting that child sexual abuse images had been accessed with the devices after they were able to decrypt the Mac Pro.

Prosecutors also say that images of a six-year-old girl that “focused” on her genitals were found on his iPhone 6 Plus, which had been seized separately and which the suspect unlocked during a forensic examination.

The external hard drives remain inaccessible, however, and the suspect has been held in contempt of court – and remanded in custody – since late 2015.

External hard drive


Man dies charging iPhone while in the bath

A coroner ruled his death was accidental and plans to send a report to Apple about taking action to prevent future deaths.

believed to have plugged his charger into an extension cord from the hallway and rested it on his chest while using the phone

Such devices typically have a low voltage of 5V to 20V so “you probably wouldn’t feel it”

However, connecting a mobile phone to a charger plugged into the mains electricity supply increases the risk of harm.

“Although the cable that is plugged in to your phone is 5V, somewhere along the line it’s plugged into the electricity supply and you’re reliant on that cable and a transformer to make sure you don’t get into contact with the main voltage

heap, non-branded chargers may not offer such protection, but even with genuine chargers you are still taking an unnecessary risk.

Image result for iphone electrocution


Google Maps launches location sharing service that lets you share your location and trip progress

ability to follow friends around a map in real time.

The feature, which will be rolled out to users around the world soon in an app update, lets anyone with Google Maps share their location with a friend, regardless of whether both or either have an Android or Apple iOS phone.

To start sharing location, you open Google Maps and tap “share location”. You then select who to share it with and how long you want to share it.

The person, or people, you have selected, will see an icon of your on their map, and you see an icon on your map as well, reminding you that you are sharing.

You can turn off sharing at any time on your phone, the person you are sharing your location with can turn off sharing, and you can set the period of your sharing from 15 minutes to three days.

If you turn on sharing with an unlimited time period, Google will send you an email every few weeks to point out that someone is tracking your location at every moment.

For parents who want to make sure their kids are on the right train home from school, you can imagine this can be handy — although that is assuming the child is willing to have sharing turned on. Make them?


JASON

======

Apple denies security threat

APPLE has denied hackers have breached its security despite a ransom threat to pay up or at least 200 million iCloud accounts will be wiped.

The hacking group calling itself the Turkish Crime Family has provided video evidence of its claims to the tech site Motherboard, with a demand to Apple that it pay the ransom or face the consequences.

The hackers have listed the price of the ransom as either $A100,000 ransom in Bitcoin or US$130,000 in iTunes gift cards.

Apple today issued a statement, suggesting that the hackers could be bluffing by using email address that have previously been compromised and leaked on the dark web such as 1 billion accounts compromised in the recent Yahoo hack.

“There have not been any breaches in any of Apple’s systems including iCloud and Apple ID,” the Apple statement says.

“The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services.

“We’re actively monitoring to prevent unauthorised access to user accounts and are working with law enforcement to identify the criminals involved.

“To protect against these type of attacks, we always recommend that users always use strong passwords, not use those same passwords across sites and turn on two-factor authentication.”

While the demands seem both outlandish and alarming, Motherboard confirms it has seen screenshots of emails appearing to be communications between the hackers and Apple’s security team.

==========

S8’s Cool feature the iPhone can’t match

WHAT if we told you there was a way to carry a desktop computer in your pocket?

If you think this sounds like nonsense, you are in for a very big surprise when Samsung unveils its Galaxy S8 at its flagship event next week.

A leak has confirmed the forthcoming smartphone will connect to a small dock capable of turning the Galaxy S8 into a full-fledged Android-based desktop computer.

Similar to Microsoft’s Continuum for Windows Mobile, Samsung’s ‘Desktop Experience’ feature will offer users the ability to use their S8 as a computer, without the need of mirroring.

The dock, known as the Samsung DeX Station, was kept under wraps until trusted leaker Roland Quandt shared a picture of the product on Twitter and specs on German website WinFuture.

The product comes shaped like a doughnut and is opened into the docking port, which allows the Galaxy S8 to enter a desktop mode.

Of all the specs, the most impressive is the integration of an active cooling fan designed to keep the S8’s temperature down when handling PC workloads.

This is obviously a much needed feature given the exploding battery saga that caused a global recall of the Note 7 last year.

Other specs include the ability to connect the Galaxy S8 to an external display monitors with resolutions up to 4K (30fps), a 100Mbps Ethernet socket and two USB 2.0 ports.

Impressively, the dock also supports Adaptive Fast Charging that works as soon as the smartphone is plugged.

According to the leak, the product is tipped cost around $A200.

Trump shuts down teen’s kitten website

IN AN effort to practise her coding, a 17-year-old girl from San Francisco designed a silly website about kittens. The online world is filled to the brim with content about cats, so it seemed like a harmless and inconsequential exercise, right?

Well evidently US president Donald Trump disagrees.

Lucy is the young girl behind the website called kittenfeed.com but despite its modest traffic, it has attracted the ire of her commander in chief.

That’s because the only thing the website offered visitors was the ability to virtually scratch at photos of Mr Trump’s head using the paws of a kitten.

The teenager built the website in February for a laugh while applying for web developer jobs, she said. It was originally called trumpscratch.com but a few weeks ago she received a cease and desist letter from The Trump Organisation, according to Observer which claims to have seen the letter.

The document informed Lucy that her website infringed on the “internationally known and famous” Trump trademark.

But even the name change to kittenfeed.com has not been sufficient to appease Mr Trump’s lawyers and Lucy has reportedly been sent a second threatening letter because the site harboured a link that took users to an Amazon page where they could buy an anti-Trump T-shirt.

Lucy — like many others on social media since the story broke — has been left bewildered by the actions of the Trump Organisation.

“I really just want people to be aware that this is a president who’s clearly more concerned about what people think of him than doing things of substance,” she told Hollywood Reporter.

Why Australia Post ransomwared its own staff but stopped after the pilot.

When Australia Post employees stopped responding to internal phishing campaigns designed to test staff security awareness, the organisation’s infosec team knew they had to shake things up.

Eight months ago, when the team sent out one of their bi-monthly phishing drives, more than half of those who fell for the fake email said they weren’t at all stressed about the fallout.

A further 43 percent of that same group said they were confident they’d never fall for a phish – but still did – while a growing number of others said they knew they were being phished, but decided to click on the dodgy link anyway “for the lulz”.

And all of those who clicked on the link, which took staff to training materials on how to spot phishing, abandoned the training in under 30 seconds.

Clearly staff were becoming desensitised to the tests, which meant AusPost had to think up new, more engaging ways they could emphasise the risk.

The infosec team decided to create their own fake ransomware to get staff’s attention and drive home the real, tangible risks that can eventuate if staff are not careful about what they click on.

The custom-built ransomware application used low-level keyboard hooks to capture the keys users would press to try and exit the program, and lock them into the ransomware screen.

The warning screen itself was designed to be intimidating, coloured in black and red with a skull and crossbones, and Russian translation. It ran for 18 seconds before taking users to training material.

“We figured [18 seconds] was the sweet spot: it’s enough time for people to realise what was going on, read the message that we presented to them, and then think ‘oh crap. I’m in trouble now’,” Fuzy said.

https://www.itnews.com.au/news/why-australia-post-ransomwared-its-own-staff-454987

Lastpass patches creds-stealing bugs in browser plugins

Google security researcher finds three in a row.

Popular password manager Lastpass has plugged bugs in its browser extensions for Google Chrome and Mozilla Firefox that allow attackers to steal passwords and execute arbitrary code.

The vulnerabilities were discovered by Google’s Project X security researcher Tavis Ormandy, who reported them to Lastpass.

He originally discovered a remote code execution and password stealing flaw in the version 4.1.42 browser extension for Chrome and Firefox and reported it to Lastpass, with a proof of concept exploit that comprised two lines of Javascript.

The flaw requires the Lastpass binary component plugin, which is installed by default for the Lastpass browser extensions in Microsoft’s Internet Explorer and Mozilla Firefox, but not in Google Chrome.

Lastpass patched that vulnerability, but soon after, Ormandy reported that he had found two further bugs.

One that allows password stealing was reported in 2015, and received an incomplete fix. Ormandy said exploiting that bug was “not trivial because of the weird context”.

A second extension bug could be exploited to open non-websafe browser links, and allow malicious sites to read user credentials silently.

The flaws were fixed in less than 24 hours, and Ormandy commended Lastpass for being quick to act. The company said there was no indication that the vulnerabilties are being exploited in the wild.

 

Leave a Reply