Two keyless entry door locks vulnerable to unauthenticated requests
A vulnerability found in two keyless entry door locks enables local attackers to lock and unlock doors as well as create their own RFID badges by sending unauthenticated requests to affected devices.
The exploit was discovered by Secureworks researchers Mike Kelly and John Mocuta and is caused by incorrect access control vulnerabilities in AMAG Technologies Symmetry Edge Network Door Controllers
Researchers reverse engineered the basic structure of the network communication and found an attacker with network access to bypass physical controls and gain access to a secured physical area, thus changing the scope of affected resources.
The attacker could also inject fake card values, which can then be used to physically bypass the door since the primary function of a door controller is to help control access, researchers said in the advisory.
AMAG would notify its clients prior to the public disclosure of the vulnerability.
CatchDeal, Techrific and BexecTech admit to passing off refurbished tablets, phones as new
Three online electronics resellers have admitted to passing off refurbished products and selling them to Australian customers labelled as new.
One admitted to misleading customers by telling them it wasn’t bound by the Australian consumer law because it is incorporated overseas.
n one case, a customer spent $608 on an iPhone 6 that was labelled new, only to have the device fail within three days. After taking the phone to an Apple store for repair, the customer learnt it had been sold in the US two years prior.
In another case, a customer bought a Samsung Galaxy S5 for $449 which was advertised as being in a “sealed box”. Three months after the purchase, the phone’s screen began to fail, and after taking it to a Samsung repairer, found out that it was a refurbished model that had already suffered water damage.
BexecTech and Techrific have both agreed to contact and offer to redress affected customers, as well as clarify when products are refurbished or are not Australian market versions, implement an Australian consumer law compliance program and notify customers about its court-enforceable undertakings.
Kogan unveils Medibank-backed health insurance brand Kogan Health
Medibank will underwrite the insurance policies for Kogan Health, with branding, marketing and customer acquisition to be handled by Kogan, which will earn commissions on sales.
Medibank chief customer officer David Koczkar said: “Kogan.com has been very good at creating a sharp, low-fuss online experience for value-conscious customers.
“So this partnership is a great match and we’ll be able to do something different and attractive for Kogan Health customers.”
The health insurance brand is expected to launch in the first half of 2018.
Kogan generated revenues of $289.5 million for the 12 months to 30 June 2017, growing 37.1 percent on FY2016, and a net profit of $7.2 million, an 800 percent increase on last year’s $800,000
Apple in talks to buy music identification app Shazam: report
Users of Apple’s iPhone with the Shazam app installed can say: “Hey Siri, what’s that song?” and the app will identify it. But Shazam has other features, such as the ability to identify television shows, that do not yet work with Siri.
Tech news website TechCrunch reported the talks earlier, writing that Apple could pay about US$400 million for Shazam and that a deal could be signed as early as next week.
An acquisition of Shazam could help bolster Apple’s music efforts by making it easier for users to find songs and add them to playlists in its Apple Music service. As of mid-2017, Apple Music had 27 million subscribers, behind rival music streaming service Spotify’s 60 million users.
Jony Ive returns to helm of Apple’s design teams
Apple chief design officer Jony Ive is returning to day-to-day management of the company’s design teams after handing off managerial duties two years ago to focus on other projects, Apple told Reuters on Friday.
In 2015, Ive was named chief design officer, reporting directly to chief executive Tim Cook.
He then handed off some administrative duties to Apple design executives Alan Dye and Richard Howarth to focus on broader efforts such as Apple’s retail stores and new “spaceship” campus in Cupertino, Apple Park.
Dye and Howarth will now report to Ive once again.
Fears over Bitcoin bubble as it crosses US$17,000
Proponents say bitcoin is a good medium of exchange and a way to store value, much like a precious metal. They also argue it is preferable to traditional currencies because it is not subject to central bank manipulation.
The supply of bitcoin will eventually be capped at 21 million, and some 16.7 million have already been released.
But critics say the price run-up is a bubble that has been driven mostly by speculation, leaving bitcoin vulnerable to a sharp reversal. JPMorgan Chase & Co chief executive Jamie Dimon famously called bitcoin a fraud in September.
Firefighters slam YouTube prankster who ‘cemented’ a microwave oven to his head
https://www.youtube.com/watch?time_continue=4&v=iY8gvu6h2Hc
2-year-old put his head in a plastic bag in the microwave before seven bags of Polyfilla were poured into the oven by his friends Thursday. He quickly became trapped, according to the report.
His friends spent 90 minutes trying to free Swingler before calling an ambulance crew. When the paramedics were unable to help, West Midlands Fire Service was called.
JASON
=====
THE PRICE of broadband is set to fall next year after NBN Co revealed plans to cut the cost of its highest speed services yesterday to win more customers and improve its damaged reputation.
But experts warned there were no guarantees the discounts would be passed on to consumers, or that the new packages would improve the network’s reliability, as it claimed.
NBN Co chief executive Bill Morrow said the company was negotiating with internet providers to drop the wholesale price of some of its plans, and include additional “capacity” to prevent slowdowns during peak times.
Mr Morrow said the discounts were designed to encourage more users to adopt higher speed plans as more than 80 per cent of NBN users adopted services offering 25 megabits per second or less, which was often no better than the technology they had used previously.
“Without affordable higher speed plans, many end-users aren’t seeing the true potential of the NBN access network. Customer satisfaction levels fall if expectations of the ‘NBN experience’ aren’t met,” he said.
“We also recognise that we need to do something dramatic and quickly to encourage retailers to get end-users on to higher speed plans, as growth during peak hours continues to develop on the network.”
The 12-month discounts, available after March next year, will see the wholesale price of a 50mbps plan cut by 27 per cent, to $45, and the price of a 100mbps plan cut by 10 per cent, to $65.
Mr Morrow said NBN Co would also drop the price for additional bandwidth.
RESEARCHERS may have discovered a solution to one of life’s most annoying first-world problems — the dreaded cracked phone screen.
But walking around with a smashed screen or being in constant fear of getting one may soon be a thing of the past, with research from the Australian National University (ANU) heading the development of shatter-proof glass for mobile phones.
Aluminosilicate is the glass that is used to make smartphone screens and while it is a common component in many phones, lead researcher Charles Le Losq said not a lot was actually known about it on a microscopic level.
By adding in different elements to the structure of the glass, such as sodium and potassium, a new atomic structure was able to be set into the pane.
These alterations could be developed to make the glass more resistant to breaking and more flexible.
“We inferred that we could use this knowledge to search for new properties and make glass harder,” Dr Le Losq told the ABC.
“This will require further work of course and will also require some collaboration with the industry. Now we can build on this but we’re talking time frames of maybe five to 10 years.”
By aggregating the data from over 250 separate breaches, cybercriminals have created an easily accessed and usable treasure trove with 1.4 billion clear text login credentials, according to security researchers 4iQ.
If you’re in the habit of reusing your credentials then this aggregated, interactive database which lets criminals query and receive responses in under a second should have you worried.
This isn’t the first time criminals have pulled together data from multiple breaches, but it’s there largest collection known and a step forward insofar as the database is organised hierarchically and is fully searchable.
If a threat actor wants to target a specific person then they can search for an email address and then grab a password, or set of passwords, that has been been used before to try and exploit other accounts.
Amongst the nuggets, a search for “admin,” “administrator” and “root,” returned 226,631 passwords used by administrators in seconds.
The data dump is a massive 41GB and 4iQ says 14 per cent of the passwords in the dump were previously un-decrypted with another 318 million previously unpublished user accounts in the data dump.
The challenge for most of us isn’t following good password hygiene today by not reusing passwords, employing a good password management tool and using two-factor authentication where we can.
The real problem is old accounts we’ve forgotten about and the sheer volume of sites we’ve created a username/password for. Chances are we have all reused passwords and going back to fix all those is quite difficult.
Angelina Arora was sitting in her local fish and chip shop looking at all the discarded fish waste. Piles of crab shells, prawn tails and fish heads. Kilos and kilos of it, all destined for the bin.
There had to be a better way, the 15-year-old budding young scientist thought.
So she got a few kilograms of discarded shells, took them to her Sydney Girls High School science lab, and started experimenting.
Eventually, she managed to find a way to turn them into a strong, light and biodegradable plastic.
The year 10 schoolgirl hopes one day to see it used in plastic bags at supermarkets around Australia.
“The dream is to basically have every single plastic in the world made out of my plastic,” she said.
In 2016 Angelina won first prize in chemistry for her age bracket at the NSW Young Scientist Awards for another plastic, this one made with cornstarch.
The cornstarch plastic broke down as soon as it was exposed to water – which made it very biodegradable, but also completely impractical.
However, the win did lead to an introduction to several scientists at CSIRO, who have remained her mentors on the current project.
Prawn shells contain a special hard but flexible protein called chitin (pronounced ky-ten). With the scientists’ guidance, and a litre of hydrochloric acid, Angelina managed to extract the chitin from the shells.
She then combined it with an extremely sticky protein she extracted from the silk of silkworms.
“It’s the same protein that spiders use to make webs. It’s very sticky. When you mix it with chitin it produces a fabric that is flexible and strong and exhibits all the properties you want in plastic,” she said.
AT&T Inc has started trials in Georgia state and a non-U.S. location to deliver high-speed internet over power lines, the No. 2 wireless carrier said on Wednesday, marking its latest push to offer faster broadband service to more customers.
AT&T aims to eventually deliver speeds faster than the 1 gigabit per second consumers can currently get through fiber internet service using high-frequency airwaves that travel along power lines. While the Georgia trial is in a rural area, the service could potentially be deployed in suburbs and cities, the company said in a statement.
“We think this product is eventually one that could actually serve anywhere near a power line,” said Marachel Knight, AT&T’s senior vice president of wireless network architecture and design, in an interview. She added that AT&T chose an international trial location in part because the market opportunity extends beyond the United States.
AT&T said it had no timeline for commercial deployment and that it would look to expand trials as it develops the technology.
“Potentially, it can be a really big deal,” said Roger Entner, an analyst at Recon Analytics. “You need the power company to play ball with you. That’s the downside.”
AT&T and Verizon Communications Inc, the largest U.S. wireless carrier, have also been testing 5G internet services in which the last leg of the connection is delivered via a radio signal to homes using high-frequency airwaves known as millimeter wave spectrum.
Verizon said in November it would launch the faster broadband service in three to five U.S. markets in 2018.