Sure ... it's the filesharing that takes up all the bandwidth

Subject: General Tech | December 8, 2015 - 12:43 PM |
Tagged: bandwidth, streaming, fud

The next time you hear someone harping about how the tubes are clogged with filesharing, either legal or illegal, as the reason why your internet is slow or dropping out you should reference this chart.  According to Sandvine, who would tend to know this sort of thing, just over 65% of all traffic is media streaming.  Chances are that the vast majority of that traffic is legal, coming from Netflix, YouTube, Spotify and the wide variety of other online content providers.  Indeed, chances are you pay to use that service so when your connection degrades and you contact your ISP about it make sure to have this handy as a reference. 

If those companies want to charge you for a service they should actually provide it and not try to blame their lack of infrastructure or insight on something else.  Unfortunately they will probably ignore the data and the only result of knowing this will be a sharp increase in your blood pressure.  Still, knowing is half the battle so head to re/code for a look at the charts they have compiled into this article.

sandvine-year-end-2015.png

"Here’s the latest breakdown from broadband services company Sandvine of “fixed access” — for the purposes of this piece, read it as “home broadband” — Internet usage during peak evening hours. That big red bar in the middle is the one to focus on."

Here is some more Tech News from around the web:

Tech Talk

Source: re/code

Should you fear SilverPush?

Subject: General Tech | November 20, 2015 - 02:22 PM |
Tagged: security, silverpush, fud

SilverPush has been around for a while but was recently reverse-engineered so that it could be investigated by anyone with an interest in their phones security.  It is software that is often bundled in advertisements or streamed media that takes advantage of your phones the far greater range of audio sensitivity and the fact that you can communicate information via audio signals.  This could allow an app to communicate with your phone without your knowledge, to collect data from your phone or even to provide contextual ads on your phone.

However as you can see from the list of apps which The Register links to, there is not much likelihood that you have an app which has SilverPush enabled installed on your phone and that is the real key.  If you do not have an app which is listening for audio signals on those frequencies then you will not suffer the effects of SilverPush.  The moral of the story is that your phones security starts with you, if you download random free apps and allow them full access to your phone then you should not be surprised by this sort of thing.

silverpush_crop.png

"SilverPush's software kit can be baked into apps, and is designed to pick up near-ultrasonic sounds embedded in, say, a TV, radio or web browser advert. These signals, in the range of 18kHz to 19.95kHz, are too high pitched for most humans to hear, but can be decoded by software."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

'Learn to trust us, because we're not about to stop.'

Subject: Editorial, General Tech | September 29, 2015 - 03:30 PM |
Tagged: trust, security, rant, microsoft, metadata, fud

Privacy of any nature when you utilize a device connected to the internet is quickly becoming a joke and not a very funny one. Just to name a few, Apple tracks your devices, Google scans every email you send, Lenovo actually has two programs to track your usage and of course there is Windows 10 and the data it collects and sends.  Thankfully in some of these cases the programs which track and send your data can be disabled but the fact of the matter is that they are turned on by default.

The Inquirer hits the nail on the head "Money is simply a by-product of data." a fact which online sites such as Amazon and Facebook have known for a while and which software and hardware providers are now figuring out.  In some cases an informed choice to share personal data is made, but this is not always true. When you share to Facebook or post your Fitbit results to the web you should be aware you are giving companies valuable data, the real question is about the data and metadata you are sharing of which you are unaware of.

im_from_the_government_im_here_to_help.jpg

Should you receive compensation for the data you provide to these companies?  Should you always be able to opt out of sharing and still retain use of a particular service?  Perhaps the cost of utilizing that service is sharing your data instead of money?   There are a lot of questions and even a lot of different uses for this data but there is certainly no one single answer to those questions. 

Microsoft have been collecting data from BSoD's for decades and Windows users have all benefited from it even though there is no opt out for sending that data.  On the other hand is there a debt incurred towards Lenovo or other companies when you purchase a machine from them?  Does the collection of patterns of usage benefit Lenovo users in a similar way to the data generated by a Windows BSoD or does the risk of this monitoring software being corrupted by others for nefarious purposes outweigh any possible benefits?

3adb62458565e775daf44731fabf2b92.jpg

Of course this is only the tip of the iceberg, the Internet of Things is poised to become a nightmare for those who value their security, there are numerous exploits to track your cellphone that have nothing to do with your provider and that is only the tip of the iceberg.  Just read through the Security tag here on PCPer for more examples if you have a strong stomach.

Please, take some time to think about how much you value your privacy and what data you are willing to share in exchange for products and services.  Integrate that concern into your purchasing decisions, social media and internet usage.  Hashtags are nice, but nothing speaks as loudly as your money; never forget that.

"MICROSOFT HAS SPOKEN out about its oft-criticised privacy policies, particularly those in the newly released Windows 10, which have provoked a spike in Bacofoil sales over its data collection policies."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

Bad Lenovo! Don't do anything even slightly fishy for a while

Subject: General Tech | September 25, 2015 - 02:33 PM |
Tagged: Lenovo, fud

Lenovo Customer Feedback Program 64 is nowhere near the level of SuperFish when it comes creepy behaviour but it certainly shows a lack of insight from the popular company.  With SuperFish so recently in the headlines and peoples memory it would perhaps have been beneficial for Lenovo to abandon any and all data collection from their users but it would seem that is not the case.  Thankfully this particular one appears in your Programs and can be removed via the Control Panel but you can bet that it will immediately create negative feedback for the company.   The Inquirer covers the details here, apparently it was collecting data about Win10 compatibility and user feedback but no matter if it is innocuous or not, there will be fallout.

index.jpg

"SOFTWARE INCLUDED ON LENOVO hardware has been found to be suspicious-looking, and this is not the first time that the company has been caught out like this."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

The Intel SMM bug is bad, but not that bad

Subject: General Tech | August 7, 2015 - 01:31 PM |
Tagged: fud, security, Intel, amd, x86, SMM

The SSM security hole that Christopher Domas has demonstrated (pdf)  is worrying but don't panic, it requires your system to be compromised before you are vulnerable.  That said, once you have access to the SMM you can do anything you feel like to the computer up to and including ensuring you can reinfect the machine even after a complete format or UEFI update.  The flaw was proven on Intel x86 machines but is likely to apply to AMD processors as well as they were using the same architecture around the turn of the millennium and thankfully the issue has been mitigated in recent processors.  Intel will be releasing patches for effected CPUs, although not all the processors can be patched and we have yet to hear from AMD.  You can get an over view of the issue by following the link at Slashdot and speculate on if this flaw was a mistake or inserted there on purpose in our comment section.

logo.png

"Security researcher Christopher Domas has demonstrated a method of installing a rootkit in a PC's firmware that exploits a feature built into every x86 chip manufactured since 1997. The rootkit infects the processor's System Management Mode, and could be used to wipe the UEFI or even to re-infect the OS after a clean install. Protection features like Secure Boot wouldnt help, because they too rely on the SMM to be secure."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

Who gets Windows 10 love and who doesn't

Subject: General Tech | June 23, 2015 - 03:44 PM |
Tagged: windows 10, microsoft, fud

The Inquirer was nice enough to compile a list of requirements to get a free upgrade to Windows 10, based on the rather confusing information which is being provided by Microsoft.  Windows XP and Vista users as well as any and all Enterprise customers will have to pay; prices are expected to be similar to previous releases.  If you run Win7 then you have until 27 July 2016 to click that little upgrade icon to reserve your copy for installation once the new OS is released.  If you are running Win8 then you must upgrade to Win8.1, from there you are qualified.  If you ran the beta, as in you were a member of the Windows Insiders Programme, it depends on your current Windows license, the fact that you tested will not grant you a free copy of Windows 10.  If you pirated or have lost your key then you are SOL, as are those running Linux as The Inquirer amusingly points out.

images.png

"MICROSOFT has been a little less than helpful in clarifying the terms of the free Windows 10 upgrade offer, and The INQUIRER is here to help."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Hold the phones there Hola, you are making a profit off of my bandwidth?

Subject: General Tech | June 11, 2015 - 01:18 PM |
Tagged: security, vpn, hola, fud

If you are using the free VPN service from Hola you really need to find a different solution.  Not only has it been plagued with security vulnerabilities, some of which they have addressed and some of which even they admit still exist, you will also unwittingly be providing exit nodes and bandwidth for anonymous surfers.  To add insult to injury, those users pay $20/GB to Hola for use of your bandwidth and you will never see a penny of that.  Hola's ILuminati service allows you to surf the net anonymously by directing their traffic over anyone using the free VPN, or as they refer to it an unblocking service, so not only is your bandwidth being used, you have no idea what traffic is actually exiting through your VPN. 

That is pretty much the exact opposite of a private network and depending on what is being done and how well the traffic is monitored you could well find yourself embroiled in an investigation you had no idea you were opening yourself up to.  Check out  more on this story at The Register.

original.jpg

"Embattled "free" VPN provider Hola is facing criticism over its practice of turning its users into exit nodes in a paid-for anonymisation service which can easily be used for nefarious activities. Hola's software is also claimed to include "unpatchable" vulnerabilities allowing takeover of user machines."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

SIM card maker Gemalto apparently now holds the world's record for fastest security audit?

Subject: General Tech | February 26, 2015 - 01:02 PM |
Tagged: Gemalto, SIM, encryption, fud, security

In just under a week SIM card maker Gemalto claims to have done a complete security audit of their systems in 85 different countries and reports that "its office networks were compromised, the servers holding the SIM card encryption keys weren't."  This is a  record worthy of Guinness as most security audits take months or years to complete and the findings tend to discuss probabilities, not absolute certainties.  As you might expect The Register and security experts everywhere are doubtful of the claims from a company that did not even know if was compromised less than a week ago that the UK based GCHQ and USA based NSA are unable to compromise your SIM cards encryption when they have the keys in hand.  It has not been a good week for anyone who thinks about security.

17225.jpg

"Six days ago Gemalto, the world's largest SIM card manufacturer, was told that back in 2010 it had been ransacked by NSA and GCHQ hackers. Today the company gave itself the all-clear: no encryption keys, used to secure phone calls from eavesdroppers, were stolen, it claims."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Roll over Superfish, PrivDog is just as bad but doesn't come directly from Comodo

Subject: General Tech | February 25, 2015 - 12:36 PM |
Tagged: SSL, security, PrivDog, idiots, fud, Comodo

This has been a bad week for the secure socket layer and the news just keeps getting worse.  Comodo provides around one out of every three SSL certs currently in use as they have, until now, had a stirling reputation and were a trusted provider.  It turns out that this reputation may not be deserved seeing as how their Internet Security 2014 product ships with an application called Adtrustmedia PrivDog, which is enabled by default.  Not only does this app install a custom root CA certificate which intercepts connections to websites to be able to insert customized ads like SuperFish does it can also turn invalid HTTPS certificates into valid ones.  That means that an attacker can use PrivDog to spoof your banks SSL cert, redirect you to a fake page and grab your credentials, while all the time your browser reports a valid and secure connection to the site. 

The only good news from The Register's article is that this specific vulnerability is only present in PrivDog versions 3.0.96.0 and 3.0.97.0 and so has limited distribution.  The fact that this indicates the entire SSL certificate model is broken and even those who create the certs to assure your security feel that inserting a man in the middle attack into their software does not contravene their entire reason for existing is incredibly depressing.

Update: The Register's article was originally based on research from Hanno Bock who referred to PrivDog as being distributed by Comodo. Comodo does not distribute the standalone desktop version of PrivDog only the browser extension application which was never vulnerable to the TLS interception.

picarddoublefacepalm.jpg

"The US Department of Homeland Security's cyber-cops have slapped down PrivDog, an SSL tampering tool backed by, er, SSL certificate flogger Comodo.

Comodo, a global SSL authority, boasts a third of the HTTPS cert market, and is already in hot water for shipping PrivDog."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Your aggregate battery consumption isn't Li-On about your location

Subject: General Tech | February 24, 2015 - 12:56 PM |
Tagged: fud, security, smartphone

Tracking your smartphones location via aggregate battery usage is not the most efficient or accurate method but it can be done and Samsung (and others) have not provided a switch which makes that particular data private.  Researchers have shown that by tracking the battery drain of the 3G cellular radio on the battery one can determine distance from the cellular base station the phone is connected to and a coarse location based on interference environmental factors such as buildings which partially block the signal.  It is only a very coarse locator but does give better information than just the base station the phone is connected to and as we are creatures of habit it allows tracking normal patterns of movement.  This is nowhere near as accurate as GPS tracking and does require a bit of work to pull off but as battery usage and levels are sent by the phone in the clear with no method of preventing that it should cause some privacy concerns for users.  You can read the research paper (in PDF) by following the link from The Inquirer.

index.jpg

"SCIENTISTS have warned of a new smartphone risk after discovering that battery power can be used to track a person's movements."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer