Today's Hard|Forum Post
Today's Hard|Forum Post

[H] Enthusiast Archives: April 2017 Archive Listing

Friday April 28, 2017

Backdoors in Millions of Smartphones

I was at the bank the other day, yeah, physically at the bank, and the banker-dude asked me if I had installed its banking application on my smartphone. I looked at him and asked, "Do I really look that stupid?" Wired has an article up today that outlines my paranoia about smartphones and security. Banking apps? No. Pay with my phone? No. Naked selfies? Maybe. The gist of this is that there are a bunch of apps that leave insecure ports on your smartphone.

News Image

To determine the full scope of the port problem, the Michigan researchers built a software tool they call OPAnalyzer (for Open Port Analyzer) that they used to scan the code of around 100,000 popular apps in the Google Play app store.

They found that 1,632 applications created open ports on smartphones, mostly intended to allow users to connect to them from PCs to send text messages, transfer files, or use the phone as a proxy to connect to the rest of the internet.

If you have the Wifi File Transfer, Virtual USB, or PhonePal apps on your phone, you might want to reevaluate your installation. If you want to read up on the paper yourself, the PDF is right here.

In this paper, we develop a tool called OPAnalyzer, which can systematically characterize open port usage in Android apps and effectively detect exploitable vulnerabilities. Using this tool on 24K popular Android apps, we are able to classify 99% of the mobile usage into 5 families, and identify some unique usage scenarios on mobile platform. From the vulnerability analysis performed, we find that such usage is generally unprotected. We are able to discover a bunch of new exploits causing vulnerabilities such as information leakage, denial of service, and privileged execution. We also propose countermeasures and improved practices to mitigate these problems in different usage scenarios. As a potential future work, we want to apply OPAnalyzer to analyze Android system applications to discover more critical vulnerabilities.

Discussion

Get Your Mullvad On

Give our brothers at Mullvad some love! The company came on yesterday as a new sponsor for HardOCP and HardForum, so if you are looking to get your VPN on, give these guys a look as its services have held up with tests by our readers. It's "Only آ€5/month." What is a آ€? We still don't know, but one آ€ is about US$1.09. And yeah, "Mullvad" is Swedish for mole. Don't feel bad, we had to look that up too.

News Image

World-class, online privacy - Mullvad is a VPN service that helps keep your online activity, identity, and location private.

Discussion

Dictionary Definition of "Sheeple"

Since [H]ardOCP is the Vatican of the PC Master Race, it has to be pointed out that Merrian-Webster thinks that Apple's brand-loyalists are "Sheeple." I am not sure why anyone would think that...You can't make this stuff up.

News Image

Discussion

More Saving. More Doing. More Exposure.

If you recall, back in 2014 Home Depot "allowed" 56 million of it customers' credit card information to be stolen. Apparently now you don't even have to "hack" into Home Depot to get some of its customers' information, Home Depot will just put it online for everyone to see. Just because you know how to use a hammer apparently does not qualify you to run an online business. Whodathunkit?

News Image

The internet address that hosted these spreadsheets آ— along with one random document containing a scanned printout of a customer’s name, address, and signature آ— was part of the HomeDepot.com domain; and all the files there were unencrypted, unprotected, discoverable by search engines (several of the email addresses listed, when typed into a Google search, surfaced the documents), and completely accessible to the open internet.

Discussion

New update options for Windows 10, version 1703

Is it me, or do you feel more stupid for reading this?

With the release of Windows 10, we simplified the servicing process by moving to cumulative updates, where each update released contains all the new fixes for that month, as well as all the older fixes from previous months. Today, most organizations deploy these cumulative updates when they are released on the second Tuesday of every month, also called "Update Tuesday." Because these updates contain new security fixes, they are considered "Security Updates" in Windows Server Update Services (WSUS) and System Center Configuration Manager.

Based on feedback from customers, we are making some adjustments to the updates that we are releasing for Windows 10, version 1703 (also known as the "Creators Update"). With these changes, we will routinely offer one (or sometimes more than one) additional update each month. These additional cumulative updates will contain only new non-security updates, so they will be considered "Updates" in WSUS and Configuration Manager.

News Image

Note that we may occasionally identify non-security fixes that address more critical issues that could be affecting organizations. In those rare cases, a cumulative update would be considered as "Critical Updates" in WSUS and Configuration Manager.

For those using Windows Update for Business, these new "Updates" and "Critical Updates" will not be installed on any devices that have been configured with Windows Update for Business policies.

Organizations have the flexibility to choose what to do with these new non-security cumulative updates:

  • Deploy each of them just like the updates on "Update Tuesday." This enables the organization’s PCs to get the latest fixes more quickly.

  • Deploy each of them to a subset of devices. This enables the organization to ensure that these new non-security fixes work well, prior to those same fixes being included in the next "Update Tuesday" cumulative update which will be deployed throughout the organization.

  • Selectively deploy them, based on whether they address specific issues affecting the organization, ahead of the next "Update Tuesday" cumulative update.

  • Don’t deploy them at all. There is no harm in doing this since the same fixes will be included in the next "Update Tuesday" cumulative update (along with all the new security fixes).

We believe these additional cumulative updates, and the increased flexibility that they provide to organizations, will be beneficial to organizations of all types. As always, please continue to provide feedback on other ways that we can con

Discussion

Thursday April 27, 2017

[H]ardware Round-Up

Aqua Computer and Rockit Delidding Tools tested on Core i7-7700K @ Tech Power Up

Of course, if you have access to a 3D printer and a hammer, you don't have to purchase a tool. But you can see the myriad of articles we have done on those as well down this page.

The Red Devil RX 570 vs. the EVGA GTX 1060 3GB Overclocking Showdown @ Babel Tech Reviews

Micron 5100 ECO and MAX SSD Review: High-Capacity, Affordable Datacenter Storage @ Hot Hardware

GIGABYTE XK700 XTREME Mechanical Gaming Keyboard Review @ Funky Kit

Nixeus NX-VUE27P 1440P IPS Monitor Review @ Hardware Canucks

Prey 2017 Demo to Consoles First

This does not make me feel too good about the PC version of this game, but that is just a gut reaction. Bethesda has been on a tear lately with DOOM and Fallout 4, and I would expect that Prey would be no different. However, unless you are a console peasant, you are out of luck today for a the demo.

WHAT IS PREY? Aliens have taken over the space station, and only you can stop them. Or, make that Yu. On May 5, 2017, Prey releases on Xbox One, PlayStation 4 and PC آ– and, as Morgan Yu, you’ll be mankind’s only hope to stop the Typhon threat from destroying humanity. Prey is the latest game from Arkane Studios, the team behind the multi-award-winning Dishonored series. Watch the latest trailer to get a deeper look at the Typhon aliens, Morgan’s unique powers and weapons, and the Talos I space station itself.

Discussion

Acer Predator X27 G-Sync HDR Gaming Monitor: 4K at 144Hz

I can’t seem to find any information on whether this is a TN, IPS, or VA yet, but Acer’s latest display is stuffed with killer features: 4K, 144Hz, HDR, NVIDIA G-Sync, quantum dot technology, local dimming, and more. I imagine this guy will be pretty pricey, especially after the video cards you will need to hit 144Hz at 4K in most games.

Acer's Predator X27 portrays astonishingly vibrant visuals without motion blur thanks to a high 4K (3840x2160) resolution at a 144 Hz refresh rate, a fast 4 ms response time and a 1,000 nit peak brightness. Featuring Acer HDR Ultra technology, it offers the best possible contrast quality of the high dynamic range with advanced LED local dimming in 384 individually-controlled zones that shine light only when and where it is required. It not only delivers a broader, more deeply saturated color gamut, but a luminance range several times greater than that of traditional dynamic range monitors.

Discussion

Nintendo Manages to Move 2.47M Switch Consoles in One Month

Nintendo’s latest effort is an easy target for ridicule, as there was seemingly wave after wave of problems ranging from bent units to connectivity issues, but from a sales perspective, it appears to be a raging success. The company forecasted 2M units shipped, but that number has turned out to be considerably greater. Is this just the new car smell, or does Nintendo have a real hit here?

News Image

Nintendo Switch is off to a strong start, with more than 2.74m consoles shipped during its first month of release. The company had previously made a fairly conservative estimate of 2m Switch consoles shipped within the same timeframe - an estimate that it has definitely been beating. Perhaps more impressive is the attach rate of Nintendo Switch hardware to copies of Zelda: Breath of the Wild. 2.76m Switch copies of the game have been sold - more than the number of Switch units currently out in the wild. (There are a couple of possible reasons for this - people buying Zelda while Switch itself is out of stock, or picking up copies of the special edition to keep/sell on eBay.)

Discussion

US Marines to Storm Beaches with Machine Gun-Toting Robots, Transforming Boats

There’s some cool stuff going down at Camp Pendleton (Oceanside, CA). The Navy and Marine Corps are testing a whole bunch of new technologies for storming the beaches: these include miniature tank-like robots that will charge through the sands for advance assaults, quadcopters and other drone stuffs, and even speedboats that can transform into submarines. Thanks to Kyle for this one.

For the past two weeks, the Navy and Marine Corps have been quietly testing about 50 new fascinating technologies out at Camp Pendleton, at the Ship-to-Shore Maneuver Exploration and Experimentation Advanced Naval Technology Exercise 2017, in California. The exercise is investigating how the military can leverage the latest technological advances for ship-to-the-shore, or the space between the Naval ship and the beach where they could potentially land. Sailors and Marines have been experimenting with the technology and evaluating the wide range of sea, air and land innovations in a variety of realistic scenarios.

Discussion

A Look at the First Boring Machine for Elon Musk’s Boring Company

Nothing glamorous here, but it is interesting to see that Musk’s idea of burrowing underground is truly materializing and not turning into fluff. A SpaceX employee has posted a photo of one of the boring machines, but I guess he got heat for it since he just made his Instagram private. I hear Elon’s next venture will be anti-succubus technology.

News Image

The Boring Company has by far the punniest name, however, and now it also has some branded hardware آ— an industrial tunnel boring machine emblazoned with the company’s non-nonsense logo. A SpaceX engineer posted to his Instagram page an image of The Boring Company’s big tubular tunnel digger and the cylindrical beast makes it very clear that Musk is serious about his plan to wind networks of tunnels under dense urban development to help alleviate traffic and also give Hyperloop transit systems somewhere to run.

Discussion

Apple Investigating Wireless Charging via Wi-Fi Routers

Sadly, this patent merely "covers the theory" so it is hard to say if Apple can make this a reality, but it sure would be convenient if you could charge your electronics using just your Wi-Fi router. Such routers would rely on "dual polarization and dual frequency antennas" to extend charging range, so you could theoretically keep something charged regardless of where you walked in your house. We haven’t even mastered long-range internet via Wi-Fi yet, so I am not going to be optimistic here.

News Image

Apple's invention deviates from contemporary technology in that incorporated wireless circuitry and supporting components handle both communications and power delivery. Current iterations, like Apple Watch's inductive charging hardware, are dedicated to power transfer only, and are limited to very short distances. Apple proposes a variety of techniques to extend that range. Along with dual mode circuitry, the claims recited in today's patent mention dual-polarization, dual-frequency patch antennas consistent with beam forming layouts. Patch antennas typically consist of a flat, rectangular resonating element placed over a larger metal ground plane structure. The flat antenna arrangement is ideal for mounting on flat surfaces, hence the term "patch."

Discussion