Episode 575 – Aussie Tech Heads Shownotes

posted in: Show Notes | 0

Microsoft Blocks All Windows 7 Security Updates Unless You Have Antivirus

 

Microsoft is now withholding security updates from Windows 7 users who don’t have an antivirus installed. There’s a way around this limitation, but you have to manually set a registry key.

 

This is all thanks to the patch for Meltdown and Spectre that rolled out via Windows Update. Microsoft noticed that many antivirus applications were incompatible with the update and caused blue screen errors.

 

To prevent Windows systems from becoming unstable, Microsoft decided to withhold this security patch from all Windows systems by default. Microsoft told antivirus companies that they had to set a registry key that flags their antivirus as compatible with the update. If the key is present, the patch will install. If the key isn’t, the patch won’t install—that gives antivirus companies time to update and test their software.

 

All Windows 10 users will get security updates, whether or not they have the registry key set. But Windows 7 SP1 and Windows 8.1 users still need the registry key.

 

If you have an antivirus installed, it’s probably set the registry key for you so you can receive updates. Even on Windows 10 or Windows 8.1, the built-in Windows Defender antivirus sets the key for you. So far, so good.

If you’re using an older, incompatible antivirus app that refuses to set the key, Microsoft will withhold these security updates from you to protect your system stability until you install a compatible antivirus.

 

 

Stephen Hawking died on a day that is cosmically connected to Albert Einstein and pi

 

the legendary theoretical physicist, died early Wednesday in his home in Cambridge, England, at the age of 76.

Coincidentally, Hawking died on Albert Einstein’s birthday.Einstein, another venerated theoretical physicist, also died at age 76, in 1955.

 

March 14 is also Pi Day in the US, in honour of the mathematical constant whose first digits are 3.14.

 

“My advice to other disabled people would be, concentrate on things your disability doesn’t prevent you doing well, and don’t regret the things it interferes with. Don’t be disabled in spirit, as well as physically.”

 

“My goal is simple. It is a complete understanding of the universe, why it is as it is and why it exists at all.”

 

“I have noticed that even people who claim everything is predetermined and that we can do nothing to change it, look before they cross the road.”

 

In 2009, Stephen Hawking ran an experiment that required champagne, balloons, and hors d’oeuvres, to demonstrate that backward time travel probably isn’t possible.

It was a time travelers’ party — but no one showed. And that was the point.

“I have experimental evidence that time travel is not possible,” Hawking told reporters at the Seattle Science Festival in 2012. “I gave a party for time-travelers, but I didn’t send out the invitations until after the party. I sat there a long time, but no one came.”

 

 

 

 

 

The top 20 richest tech billionaires in 2018

Jeff Bezos

Worth: US$112 billion

Overall Rank: No. 1

Amazon CEO Bezos not only nabbed the top spot on the Forbes list for the first time, but he is also the first person to top US$100 billion in the No. 1 spot.

  1. Bill Gates

Worth: US$90 billion

Overall Rank: No. 2

Gates has sold or given away much of his stake in Microsoft, and today he owns just over 1 percent of shares.

 

  1. Mark Zuckerberg

Worth: US$71 billion

Overall Rank: No. 5

  1. Larry Page

Worth: US$48.8 billion

Overall Rank: No. 12

  1. Sergey Brin

Worth: US$47.5 billion

Overall Rank: No. 13

  1. Steve Ballmer

Worth: US$38.4 billion

Overall Rank: No. 22

 

 

 

Research firm reveals critical vulnerabilities in four AMD processors

Four AMD processors have critical security vulnerabilities and manufacturer backdoors that put organizations at greater risk of cyberattacks, according to an audit from CTS Labs.

The Israel-based cybersecurity research firm said 13 security flaws and manufacturer backdoors have been discovered in AMD’s latest Epyc, Ryzen, Ryzen Pro and Ryzen Mobile processors. The vulnerabilities affect any consumer or organization purchasing AMD servers, workstations and laptops, according to CTS Labs.

 

Firmware vulnerabilities such as Masterkey, Ryzenfall and Fallout can be fixed in several months, CTS Labs said, while hardware vulnerabilities like Chimera cannot be fixed and require a workaround. That workaround could be difficult and cause undesired side effects, according to CTS Labs.

CTS Labs said it is concerned about Chimera being exploited in the wild. The research firm urges organizations to pay closer attention to the security of AMD devices before allowing them on mission-critical systems.  

 

The second vulnerability, called Fallout, allows attackers to read and write from protected memory areas. Attackers can leverage Fallout to steal network credentials protected by Windows Credential Guard, as well as bypass BIOS flashing protections that are implemented in SMM

 

Masterkey allows attackers to infiltrate the AMD Secure Processor and tamper with the company’s firmware-based security features such as Secure Encrypted Virtualization and Firmware Trusted Platform Module, CTS Labs found. This enables stealthy and persistent malware resilient against virtually all security offerings on the market today, according to CTS Labs.

 

 

 

 

Cortana vulnerability allows hackers to bypass Windows passwords

According to reports by Motherboard, a hacker could plug in a USB stick with a network adapter into the computer, then tell Cortana to launch the computer’s browser and go to an unencrypted URL (non-HTTP). This adaptor the intercepts this session to send the browser to a malicious website, downloading malware and infecting the system.

 

Hackers could also connect a targeted computer to a wi-fi network they control by simply clicking on a selected network with a mouse, even when the computer is locked.

 

 

 

 

NBN to detail HFC relaunch next month

 

NBN has been working to address problems encountered by households connected via hybrid fibre-coaxial before it gives retail service providers (RSPs) the green light to resume sales of HFC services. However, the company’s chief customer officer, residential, Brad Whitcomb, says an announcement about HFC sales can be expected in April.

 

Work is underway with RSPs to ensure we are ready as an industry to restart sales of services over this network and we’ll provide more specifics around the timing of our relaunch next month,” Brad Whitcomb

 

announced in November that it would temporarily halt sales of HFC services while it worked on addressing performance problems encountered by some of its end users.

 

NBN has “completed a number of trials” since the pause was implemented

 

hese trials have been successful and we’re now applying our learnings to our growing HFC footprint.

 

 

 

 

 

Apple’s WWDC Set for June

 

Apple just announced that its 2018 Worldwide Developers Conference (WWDC) will take place from June 4 through June 8.

The conference will be held at the McEnery Convention Center in San Jose, Calif. If you’re interested in attending, you can apply for a ticket on the WWDC website now through March 22 at 10 a.m. PDT.

 

 

Tickets are issued through a random selection process, and developers will be notified of application status by March 23 at 5 p.m. PDT,” Apple wrote in a news release. Tickets are limited, and expensive: one will set you back $1,599.

 

Scholarship submissions open March 26; details on how to apply are available on the WWDC website.

 

 

 

JASON

======

https://www.theverge.com/2018/3/13/17117344/youtube-information-cues-conspiracy-theories-susan-wojcicki-sxsw

YouTube will add information from Wikipedia to videos about popular conspiracy theories to provide alternative viewpoints on controversial subjects, its CEO said today. YouTube CEO Susan Wojcicki said that these text boxes, which the company is calling “information cues,” would begin appearing on conspiracy-related videos within the next couple of weeks.

Wojcicki, who spoke Tuesday evening at a panel at the South by Southwest Interactive festival in Austin, showed examples of information cues for videos about the moon landing and chemtrails. “When there are videos that are focused around something that’s a conspiracy — and we’re using a list of well-known internet conspiracies from Wikipedia — then we will show a companion unit of information from Wikipedia showing that here is information about the event,” Wojcicki said.

The move comes after a year in which YouTube has been pilloried for hosting extremist content and driving more attention to it through algorithmic recommendations that critics say are designed to push viewers to extremes.

The information cues that Wojcicki demonstrated appeared directly below the video as a short block of text, with a link to Wikipedia for more information. Wikipedia — a crowdsourced encyclopedia written by volunteers — is an imperfect source of information, one which most college students are still forbidden from citing in their papers. But it generally provides a more neutral, empirical approach to understanding conspiracies than the more sensationalist videos that appear on YouTube.

=============

https://www.cnbc.com/2018/03/13/amazon-power-banks-recalled-for-fire-hazard.html

Amazon is recalling 260,000 AmazonBasics portable power banks that can “overheat and ignite,” according to a release by the Consumer Product Safety Commission.

Amazon has received more than 50 reports of the power banks overheating in the U.S., causing chemical burns and property damage.

“Consumers should immediately unplug and stop using the recalled power banks and contact Amazon for instructions on how to return the unit and receive a full refund,” the release says.

Amazon is contacting everyone who purchased one of the affected devices.

The recall covers six versions of the AmazonBasics portable battery: 16,100 mAh; 10,000 mAh; 5,600 mAh; 2,000 mAh with micro USB cable; 3,000 mAh; and 3,000 mAh with USB micro cable.

===========

https://tech.slashdot.org/story/18/03/13/1938202/a-chatbot-can-now-offer-you-protection-against-volatile-airline-prices

The same bot, DoNotPay, that helped users overturn parking tickets and sue Equifax for small sums of money is now offering you protection against volatile airline prices. The Verge reports:   Joshua Browder, a junior at Stanford University, designed the new service on the bot in a few months, after experiencing rapidly fluctuating airline prices when flying to California during the wildfires last year. “It annoyed me that every single flight, I could be paying sometimes double or even triple the person next to me in the same type of seat,” he told The Verge. Browder first used the service himself and then tested it among his friends in a closed beta. He claims that the average amount saved among the beta testers is $450 a year, though it’s not clear how many flights were booked and how much they cost. The service is available to the public starting today. To use it, log in with a Google account, input your phone number, birthday, and credit card information through Stripe. (Browder swears the credit card information won’t be stored.) Then the chatbot tells you you’re all set. Now, every time you buy airline tickets, whether from an airline’s site or a third party, the chatbot will help make sure you pay the lowest price for your class and seat.

https://yro.slashdot.org/story/18/03/13/1836218/privacy-busting-bugs-found-in-popular-vpn-services-hotspot-shield-zenmate-and-purevpn

A report by VpnMentor, a website which ranks VPN services, reveals several vulnerabilities in Hotspot Shield, Zenmate, and PureVPN — all of which promise to provide privacy for their users. VpnMentor says it hired a team of three external ethical hackers to find vulnerabilities in three random popular VPNs. While one hacker wants to keep his identity private, the other two are known as File Descriptor and Paulos Yibelo. ZDNet:

The research reveals bugs that can leak real-world IP addresses, which in some cases can identify individual users and determine a user’s location. In the case of Hotspot Shield, three separate bugs in how the company’s Chrome extension handles proxy auto-config scripts — used to direct traffic to the right places — leaked both IP and DNS addresses, which undermines the effectiveness of privacy and anonymity services. […] AnchorFree, which makes Hotspot Shield, fixed the bugs, and noted that its mobile and desktop apps were not affected by the bugs. The researchers also reported similar IP leaking bugs to Zenmate and PureVPN.