#after over a week of bootlooping
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
Kazakhstanâs Minister of Communications and Informatics has blocked the Tumblr site because it contained 60 sites of terrorism, extremism, and pornography in 2015.
Text
my computer is working again yay
#after over a week of bootlooping#it just... decided to boot#it may be time to replace my computer#but computers.... spensive#personal
5 notes
¡
View notes
Text
Week 5 roundup: new guidelines, remote unlocking, forced surveillance, and resetting other peopleâs passwords
Welcome to the third edition of my roundup blog posts. If youâre reading this, it means Tumblrâs text editor didnât explode this time.
Germany set to detail security measures that must be present in web browsers they are deemed âsecureâ
Image credit: Gizmodo
Modern web browsers are very capable and thus see widespread use. This means they should be secure against any attacker in the everchanging internet landscape. Because the scope of a possible attack is so wide nowadays, it is difficult to define what âsecureâ means in the context of a web browser. Regardless, Germany is set to detail guidelines that define what a browser must have in order to be deemed âsecureâ.
Germanyâs Federal Office for Information Security, or Bundesamt fĂźr Sicherheit in der Informationstechnik (BSI), first introduced these guidelines in 2017. They have published a new draft document with new guidelines. The notable guidelines include:
Mandatory support for TLS
Mandatory support for a list of trusted certificates, including extended validation (EV) certificates. These certificates must be verified against a Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP)
Indication to the user via iconography or colour to show the encryption status of network communications
Mandatory support for HTTP Strict Transport Security (HSTS) (RFC 6797), Same Origin Policy (SOP), Content Security Policy (CSP) 2.0, and Sub-resource integrity (SRI)
Mandatory signed and verifiable automatic updates of the browser and its installed extensions or plugins
The browserâs password manager, if it has one, must store user-deletable, encrypted passwords. Access to the password manager is only granted to the user after they have entered a master password
Browser cookies and history must be user-deletable
Giving organisations the option to disable or prevent the sending of browser telemetry or usage statistics, the ability to have locally locally-defined site blocklists, and the ability to regulate the browser addons or extensions installed
Mandatory inclusion of mechanism to detect harmful content or URLs
Accessible options to toggle plugins, extensions or Javascript
The browser must be executable with minimal permissions from the operating system
Mandatory sandboxing or isolation of webpages and browser components. Components may communicate with other components via an interface. Resources of the components must not be directly accessible
Browsers must be programmed in a language that support stack and heap memory protections
The browserâs vendor must move to a new browser if a security flaw is not fixed within 21 days of public disclosure
The draft document is currently going through public debate in Germany. Once this is complete, the BSI will publish the finalised document with all the guidelines.
Source: ZDNet
Zipato smart hubs had a vulnerability that allowed for the easy unlocking of connected smart locks
Image credit: TechCrunch
Smart homes with smart things in them are thought to be more secure than their tradtional counterparts. However this is not the case as some security researchers discover a security flaw with Zipato smart hubs that made it possible to remotely unlock a connected smart lock. I wrote a separate blog post about this in more detail earlier in the week.
Source: TechCrunch
Tourists in Chinaâs Xinjiang region are forced to install data-collecting malware on their smartphones
Image credit: The Guardian
China already controls and sees what its citizens can see and say both on the network level and on the personal device level. It is more difficult to exert this control to personal devices from foreign tourists. Authorities in Chinaâs Xinjiang region are flexing their powers to access these foreign devices.
A joint investigation between VICE, The New York Times, The Guardian, Sßddeutsche Zeitung and German broadcaster NDR has revealed the extent of the surveillance on foreign tourists being carried out by Xinjiang authorities.
Border authorities stop tourists and confiscate their phones. The authorities then install a pre-built malware app referred to as BXAQ or čé (FÄng cÇi). BXAQ collects data on the phone ownerâs emails, text messages, contacts. The app also seems to collect data on the phoneâs hardware specifications. Any data collected by the app is uploaded to a server.
The Xinjiang region of China is home to a large Muslim population. Chinese authorities are undergoing a mass surveillance program of the region and its people. BXAQ seems to be also searching and flagging any data or information related to Islam. Some of these include an al-Qaida produced magazine and information on the Islamic month of Ramadan. Other seemingly unrelated things BXAQ flags are information on the Dalai Lama and a Japanese metal band.
For iOS devices, the device is plugged into a reader that performs the same scanning procedures as BXAQ. Android devices support third-party app sideloading so the BXAQ app is installed directly on the device and is uninstalled afterwards. In some reare cases, authorities did not uninstall BXAQ before return the phone to its owner. The APK file for the Android BXAQ app was obtained by VICE and uploaded to their GitHub account.
It is not clear where the collected data is sent to or how long it is stored before being deleted. The joint investigation also notes there is no evidence of surveillance of tourists after they have their phones returned to them.
Source: VICE, The New York TImes, The Guardian
7-Eleven Japan discontinues new mobile payment app within days after launch
Image credit: Google Play
7-Eleven Japan recently launched a new mobile payment app. Usage of the app was discontinued within days because it allowed users to reset the passwords of other user accounts. I wrote a separate blog post about this in more detail.
Source: Android Police, ZDNet
In other news
Google releases the monthly Android security patch for July. Some critical vulnerabilities with the kernel, WLAN host and driver, and audio were fixed, with Android version 7.0 Nougat and newer affected.
Dating app fined for misleading users about privacy and leaking their nudes. The app leaked userâs photos for a year and did not make any changes despite being notified of the leak by several news sites when first discovered. The photos were found on an unprotected server.
Decade-old âHeavenâs Gateâ technique is still being incorporated into modern malware. Heavenâs Gate works to allow 32-bit applications running on 64-bit machines to execute 64-bit code. 64-bit operating systems have a subsystem to run 32-bit applications and by escaping this, the malware application was able to evade antivirus detection. This vulnerability is patched in modern OSes like Windows 10, but Heavenâs Gate malware applications still target legacy OSes.
U.S. Customs and Border Protection suspends a subcontractor after collected information was transferred to its network that was attacked. Photos of travellers and car registration plates were transferred. Attackers stole government agency contracts, budget spreadsheets and slideshow presentations.
MacOS malware masquerading as an installer for Adobe Flash is appearing in Google search results. The malware installs mallicious applications and browser extensions.
Phishing site mimics the site used to obtain the Instagram âverifiedâ checkmark. The site was discovered by some security researchers.
Google security researcher discovers an iMessage vulnerability that soft-bricks iPhones. The vulnerability caused the Springboard, the launcher app that handled the homescreen on iPhones, to crash and launch itself infinitely mimicing the behaviour of a bootloop. All solutions to recover from this require the affected user to wipe their device.
OpenID Foundation says âSign In with Appleâ is not OpenID complient and insecure. The new service announced by Apple at WWDC 2019 is built on top of the OpenID connect platform but is not compliant with all the standards set by the foundation.
Attack steals money from banks in Bangladesh, India, Sri Lanka and Kyrgyzstan. One affected bank in Bangladesh had over $3m USD stolen.
UK forensics firm paid ransom to attackers. The ransomware caused police to suspend all operations with the firm.
--
Hero image credit: Getty Images via The New York Times
0 notes
Text
Irate customers sue Google over Pixelâs allegedly awful microphones
Enlarge / The Google Pixel and Pixel XL (credit: Ron Amadeo)
The same San Francisco law firm that recently settled arbitration claims against LG over the "bootloop" issue has now filed a new proposed class-action lawsuit against Google. This time, the firm is alleging manufacturing defects in the microphone on Pixel and Pixel XL handsets.
The firm's clientsâPatricia Weeks of Florida and Waleed Anbar of Californiaâsay that they both purchased Pixel phones in 2016. However, months after their purchases, they both said that they experienced a defective microphone. The case, Weeks v. Google, was filed Tuesday in federal court in San Jose, California.
When they approached Google's customer service, they were told that Google would not refund them or offer a replacement.
Read 5 remaining paragraphs | Comments
Irate customers sue Google over Pixelâs allegedly awful microphones published first on https://medium.com/@CPUCHamp
0 notes
Text
Wow. Long time no post.
So, Iâve been gone for awhile. Basically what happened was I had a really crappy phone that didnât have enough space for anything, it could only hold maybe 25 pictures. So, for over a year, I used an old for my social media and photos. But that was an LG. And it got the bootloop about a year ago and my actual phone couldnât handle anything so I had no choice but to vanish for awhile. And my laptop is a POS so that wouldnât have worked, either.
But, now I have a new phone and now Iâm back!
A lot has changed. Obviously, I changed my username and my theme. Instead of being depressed and suicidal, I now want my blog to be more encouraging. And hereâs why.
Back in June, I almost died. My gallbladder decided it wanted to become septic and try to kill me, so I had to have emergency surgery. The surgeon told me afterwards that if I had waited any longer to go in, I wouldnât be here. And I felt nothing. So, my loved ones started to try and convince me to seek help.
I went to a small clinic in the state I live in. I got meds and they made me worse so I ended up in the psych ward after attempting to drive my car into a wall. I got different medication. Then a different one and, a week after being on that one, I was placed on the highest dose. That numbed me out to everything, so I was lowered down .5 mg and placed on an additional medication.
Now, Iâm functioning better than I ever have. Iâm growing and maturing and learning about myself, the people around me, and Iâm enjoying more moments in life. I donât actively want to die anymore.
I know not a lot of people look at my blog, but Iâm hoping with putting more positive content and encouraging posts, that maybe someday Iâll be able to reach someone who really needs what Iâm posting.
I chose the new username because those who struggle with mental illness and addiction are a Phoenix. They struggle and struggle and struggle through everyday and each new day, theyâre reborn. Each new day is a new chance and a new opportunity. At least, thatâs what I believe.
0 notes
Link
(adsbygoogle = window.adsbygoogle || []).push({});
Seeing consumers launch class action lawsuits against giant companies is a relatively common thing, and today, Google is in the crosshairs. Google has been hit with a class action complaint alleging that it didnât honor warranties for the original Pixel and Pixel XL when it became clear that the phones suffered from microphone defects. The complaint was filed by Girard Gibbs LLP in San Jose, the same law firm that recently handled the class action lawsuit surrounding the bootloop issue some LG phones experienced.
Girard Gibbs filed the complaint on behalf of two plaintiffs, Patricia Weeks and Waleed Anbar, along with âall others similarly situated.â Ars Technica made the complaint publicly accessible over on DocumentCloud, and notes that both of these plaintiffs purchased Pixel devices in 2016, only to encounter defective microphones a few months later.
When they brought the problem to Googleâs attention, the company didnât offer to replace or refund the devices, which this complaint alleges was a breach of Googleâs own warranty. In fairness, Anbar wasnât within his one-year warranty period when he reported the problem to Google, having purchased the phone in December 2016 and reporting the issue in January of this year. Weeks still was, however, as she reported the issue just three months after she purchased the phone.
Itâs worth pointing out that these werenât exactly isolated cases. A sizable number of Pixel and Pixel XL users began to report microphone issues after both phones launched in October 2016. In fact, a lengthy thread over on the Pixel support forums has more than 800 replies about this very problem, so it seems that itâs at least fairly widespread.
Google, for its part, wonât comment on pending litigation against it, but in a statement to Ars, it directs anyone who is experiencing issues and owns a device thatâs out-of-warranty to check out its help center to find out what they can do. Weâll see how this one turns out for Google, but if it was refusing warranty replacements for defective phones, this may end up being a cut and dry case. Stay tuned.
(adsbygoogle = window.adsbygoogle || []).push({}); http://ift.tt/2BmHz34 February 10, 2018 at 12:33AM
0 notes