Security researchers have found flaws in four popular connected storage drives that they say could let hackers access a user’s private and sensitive data.
The researchers Paulos Yibelo and Daniel Eshetu said the software running on three of the devices they tested — NetGear Stora, Seagate Home and Medion LifeCloud — can allow an attacker to remotely read, change and delete data without requiring a password.
Yibelo, who shared the research with TechCrunch this week and posted
the findings Friday, said that many other devices may be at risk.
The software, Hipserv
, built by tech company Axentra, was largely to blame for three of the four flaws they found. Hipserv is Linux-based, and uses several web technologies — including PHP — to power the web interface. But the researchers found that bugs could let them read files on the drive without any authentication. It also meant they could run any
Continue reading "Buggy software in popular connected storage drives can let hackers read private data"
Virtually every modern computer processor was thrown under the bus earlier this year when researchers found a fundamental design weakness in Intel, AMD and ARM chips, making it possible to steal sensitive data from the computer’s memory.
vulnerabilities — which date back to 1995 — punched holes in the walls
that keeps apps from accessing other parts of the system’s memory that it doesn’t have permission to read. That meant a skilled attacker could figure out where sensitive data was stored, like passwords and encryption keys. While the companies mitigated some of the flaws, they acknowledged that their long term plan would require a core redesign in how their computer processors work.
Now, a team of MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) researchers say they have found a way to prevent a similar range of flaws like Meltdown and Spectre in the future.
Continue reading "MIT researchers say memory splitting breakthrough could prevent another Meltdown or Spectre"
Leave your smartwatch on the counter because Timex is back with its first automatic watch in decades. Called the Marlin, this 21-jewel timepiece that hearkens back to the days of “Takes a licking, keeps on ticking.”
The Marlins cost $249 and come in multiple styles. This particular model, in a rich burgundy, looks like something that you’d wear to a Madison Avenue cocktail party after work. Timex has also released manual wind watches for $199 featuring a truly retro design and numerals.
Timex has long been a drug store brand – a brand sold in those cases at big drug stores and aimed at impulse shoppers who needed a watch… any kind of watch. While their Indiglo line of bright, light-up quartz watches was a long-time hit, they really didn’t do much beyond making a few very basic pieces for a non-discerning audience.
Now, however, the company clearly
Continue reading "Timex builds its first automatic watch in decades"
MongoDB is a bit miffed that some cloud providers — especially in Asia — are taking its open source code and are offering a hosted commercial version of its database to their users without playing by the open source rules. To combat this, MongoDB today announced that it has issued a new software license, the Server Side Public License (SSPL), that will apply to all new releases of its MongoDB Community Server, as well as all patch fixes for prior versions.
Previously, MongoDB used the GNU
APGLv3 license, but it has now submitted the SSPL for approval from the Open Source Initiative.
For virtually all regular users who are currently using the community server, nothing changes because the changes to the license don’t apply to them. Instead, this is about what MongoDB sees as the misuse of the APGLv3 license. “MongoDB was previously licensed under the GNU AGPLv3, which meant
Continue reading "MongoDB switches up its open source license"
A new dating app for Trump supporters that wants to “make America date again” has leaked its entire database of users — on the day of its launch.
The app, called “Donald Daters,” is aimed at “American-based singles community connecting lovers, friends, and Trump supporters alike” and has already received rave reviews and coverage in Fox News
, Daily Mail
and The Hill
On its launch day alone, the app had a little over 1,600 users and counting.
We know because a security researcher found issues with the app that made it possible to download the entire user database.
, a French security researcher, shared the database with TechCrunch, which included users’ names, profile pictures, device type, their private messages — and access tokens, which can be used to take over accounts.
The data was accessible from a public and exposed Firebase data repository, which was hardcoded in
Continue reading "Donald Daters, a dating app for Trump supporters, leaked its users’ data"
Docker, the company that did more to create today’s modern containerized computing environment than any other independent company, has raised $92 million of a targeted $192 million funding round, according to a filing with the Securities and Exchange Commission.
The new funding is a signal that while Docker
may have lost its race with Google’s Kubernetes
over whose toolkit would be the most widely adopted, the San Francisco-based company has become the champion for businesses that want to move to the modern hybrid application development and information technology operations model of programming.
To understand the importance of containers in modern programming it may help to explain what they are
. Put simply, they’re virtual application environments that don’t require an operating system to work. In the past, this type of functionality would have been created using virtual machines, which included software and an operating system.
Containers, by contrast, are more
Continue reading "Docker has raised $92 million in new funding"
FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody, has exposed millions of user records because it left several of its servers without a password.
The company builds fitness tracking software for gyms and group classes — like CrossFit and SoulCycle — that displays heart rate and other fitness metric information for interactive workouts. FitMetrix was acquired
by gym and wellness scheduling service Mindbody earlier this year for $15.3 million, according to a government filing
Last week, a security researcher found three FitMetrix unprotected servers leaking customer data.
It isn’t known how long the servers had been exposed, but the servers were indexed by Shodan, a search engine for open ports and databases, in September.
The servers included two of the same ElasticSearch instances and a storage server — all hosted on Amazon Web Service — yet none were protected by a password, allowing anyone
Continue reading "MindBody-owned FitMetrix exposed millions of user records — thanks to servers without passwords"
If you think that Flash, the once-popular web plugin, couldn’t die fast enough, even those annoying fake Flash installers riddled with malware aren’t going anywhere any time soon. In fact, they’re getting even sneakier.
New research out of Palo Alto Networks
found a recent spike of fake Flash installers not only dropping cryptocurrency mining malware on vulnerable computers — but actually installing Flash while it’s there.
The researchers said that this new technique is a way to deceive the user by tricking them into thinking that it’s a legitimate Flash installer.
Once the installer opens, it quietly implants XMRig
, an open source cryptocurrency miner that uses the computer’s processor and graphics card to start mining. All the generated funds are siphoned off to a Monero wallet — making it near impossible to trace. When the mining malware is implanted, the installer downloads a legitimate Flash installer from Adobe’s
Continue reading "A flood of fake installers will really update Flash for you – but also install cryptocurrency mining malware"
With its latest consumer hardware products, Google’s prices are undercutting Apple, Samsung, and Amazon. The search giant just unveiled its latest flagship smartphone, tablet, and smart home device and all available at prices well below their direct competitors. Where Apple and Samsung are pushing prices of its latest products even higher, Google is seemingly happy to keep prices low and this is creating a distinct advantage for the company’s products.
Google, like Amazon
and nearly Apple, is a services company that happens to sell hardware. It needs to acquire users through multiple verticals including hardware. Somewhere, deep in the Googleplex, a team of number crunchers decided it made more sense to make its hardware prices dramatically lower than competitors. If Google is taking a loss on the hardware, it is likely making it back through services.
Amazon does this with Kindle devices. Microsoft
and Sony do it with game consoles.
Continue reading "Google’s latest hardware innovation: Price"
At a special event in New York City, Google announced some of its latest, flagship hardware devices. During the hour-long press conference Google executives and product managers took the wraps off the company’s latest products and explained their features. Chief among the lot is the Pixel 3, Google’s latest flagship Android device. Like the Pixel 2 before it, the Pixel 3’s main feature is its stellar camera but there’s a lot more magic packed inside the svelte frame.
Contrary to some earlier renders, the third version of Google’s Android
flagship (spotted by 9 to 5 Google) does boast a sizable notch up top, in keeping with earlier images of the larger XL. Makes sense, after all, Google went out of its way to boast about notch functionality when it introduced Pie, the latest version of its mobile OS.
The device is available for preorder today and will start
Continue reading "Here are all the details on the new Pixel 3, Pixel Slate, Pixel Stand, and Home Hub"
“I’ve always believed the web is for everyone,” wrote Tim Berners-Lee, the well-known (and knighted) creator of the World Wide Web.
“The web has evolved into an engine of inequity and division; swayed by powerful forces who use it for their own agendas,” he added. “Today, I believe we’ve reached a critical tipping point, and that powerful change for the better is possible — and necessary.”
Late last month, he published the above in a blog post
a startup that would finally execute on his vision for the information superhighway he built nearly 30 years ago. Backed with an undisclosed amount of funding from Glasswing Ventures, the startup is emerging from stealth today with a plan to decentralize the web and restore power to the people rather than the companies that have exploited user trust for their own financial gains.
Apple has doubled down on its repudiation of Bloomberg’s report last week that claimed its systems had been compromised by Chinese spies.
The blockbuster story cited more than a dozen sources claiming that China installed tiny chips on motherboards built by Supermicro, which companies across the U.S. tech industry — including Amazon and Apple — have used to power servers in their datacenters. Bloomberg’s report also claimed
that the chip can reportedly compromise data on the server, allowing China to spy on some of the world’s most powerful tech companies.
Now, in a letter to Congress
, Apple’s vice president of information security George Stathakopoulos sent the company’s strongest denial to date.
“Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” he said. “We never alerted the FBI to any security concerns like those described in the article, nor has the FBI ever contacted
Continue reading "In letter to Congress, Apple sends strongest denial over ‘spy chip’ story"
Navionics, an electronic navigational chart maker owned by tech giant Garmin,
has secured an exposed database that contained hundreds of thousands of customer records.
The MondoDB database wasn’t secured with a password, allowing anyone who knew where to look to access and download the data.
The company’s main products give boat, yacht and ship owners better access to real-time navigation charts, and boasts the “world’s largest cartography database.”
Bob Diachenko, Hacken.io’s newly appointed
director of cyber risk research, said in a blog post
that the 19 gigabyte database contained 261,259 unique records, including customer names and email addresses. The data also and information about their boat — such as latitude and longitude, boat speed and other navigational details — which Diachenko said likely updating in real-time.
After Diachenko contacted the company, Navionics shut down the server. A spokesperson did not return an email requesting comment.
It’s the latest
Continue reading "Garmin-owned navigation unit exposed thousands of boat owners’ data"
Outside the crop of construction cranes that now dot Vancouver’s bright, downtown greenways, in a suburban business park that reminds you more of dentists and tax preparers, is a small office building belonging to D-Wave
. This office, squat, angular, and sun-dappled one recent cool Autumn morning, is unique in that it contains an infinite collection of parallel universes.
Founded in 1999 by Geordie Rose, D-Wave company worked in relatively obscurity on esoteric problems associated with quantum computing. When Rose was PhD student at the University of British Columbia he turned in an assignment that outlined a quantum computing company. His entrepreneurship teacher at the time, Haig Farris, found the young physicists ideas compelling enough to give him $1,000 to buy a computer and a printer to type up a business plan.
The company consulted with academics until 2005 when Rose and his team decided to focus on building usable quantum
Continue reading "D-Wave offers the first public access to a quantum computer"
rolled out its membership-based two-day shipping service in 2005, e-commerce and customer expectations around fulfillment speed changed forever.
Today, more than 100 million people use Amazon Prime. That means, 100 million people are fully accustomed to two-day shipping and if they can’t have it, they shop elsewhere. As The Wall Street Journal’s
Christopher Mims recently put it
: “Alongside life, liberty and the pursuit of happiness, you can now add another inalienable right: two-day shipping on practically everything.”
Only recently have Amazon’s competitors begun to offer similar fast delivery options. About two years ago, Walmart launched its own free two-day delivery service
for its owned-inventory; eBay followed suit, establishing a three-day or less delivery guaranteed
option for shoppers in March 2017.
To power these Prime-like delivery options, Walmart, eBay
and the Canadian e-commerce business Shopify are relying on a little upstart.
helps businesses offer rapid delivery experiences
Continue reading "Deliverr raises $7M to help e-commerce businesses compete with Amazon Prime"
Samsung’s last quarter of business saw its slowest growth of profits in a year
thanks to weak sales of its flagship Galaxy S9 smartphone. But the company is about much more than just phones, and that’s why it is forecasting a record operating profit of nearly $15.5 billion for its upcoming Q3 results.
The Korean firm said in a filing
that it expects to revenue jump five percent year-on-year to hit 65 trillion KRW ($57.5 billion) with an operating profit of 17.5 trillion KRW ($15.5 billion), which represents a 20 percent annual jump and an 18 percent increase on the previous quarter.
Samsung’s pre-earnings filings are brief and don’t contain detailed information about the performance of its business units, thus we can’t assess demand for its high-end phones — which include the Note 9
— in the quarter that Apple unveiled its newest iPhones
. But the clues suggest
Continue reading "Samsung forecasts record $15.5B profit thanks to chips not smartphones"
Of all the things to add to the blockchain, wine makes a lot of sense. Given the need for provenance for every grape and barrel, it’s clear that the ancient industry could use a way to track ingredients from farm to glass. VinX
, an Israeli company founded by Jacob Ner-david, is ready to give it a try.
According to a release, the plan is to create a “token-based digital wine futures platform based on the Bordeaux futures model” that lets you track wine from end to end “at a cost bearable to the industry.”
Investment banker Gil Picovsky joined Ner-david to build out the service.
“I was relating to Gil my frustrations with the way most wine is sold, and I had some early thoughts around using blockchain and tokens to radically remake the wine industry,” said Ner-david. “Together Gil and I developed the core concepts of VinX,
Continue reading "Overstock’s investment arm funded blockchain for wine"
has become a standard for managing large software projects in many companies. Many of those same companies also use GitHub
as their source code repository and, unsurprisingly, there has long been an official way to integrate the two. That old way, however, was often slow, limited in its capabilities and unable to cope with the large code bases that many enterprises now manage on GitHub
Almost as if to prove that GitHub remains committed to an open ecosystem, even after the Microsoft
acquisition, the company today announced a new and improved integration between the two products.
“Working with Atlassian on the Jira integration was really important for us,” GitHub’s director of ecosystem engineering Kyle Daigle told me ahead of the announcement. “Because we want to make sure that our developer customers are getting the best experience of our open platform that they can have, regardless of what tools
Continue reading "GitHub gets a new and improved Jira Software Cloud integration"
Ready for information about what may be one of the largest corporate espionage programs from a nation-state? The Chinese government managed to gain access to the servers of more than 30 U.S. companies, including Apple, according to an explosive report from Bloomberg published today
Bloomberg reports that U.S-based server motherboard specialist Supermicro was compromised in China where government-affiliated groups are alleged to have infiltrated its supply chain to attach tiny chips, some merely the size of a pencil tip, to motherboards which ended up in servers deployed in the U.S.
The goal, Bloomberg said, was to gain an entry point within company systems to potentially grab IP or confidential information. While the micro-servers themselves were limited in terms of direct capabilities, they represented a “stealth doorway” that could allow China-based operatives to remotely alter how a device functioned to potentially access information.
Once aware of the program,
Continue reading "China reportedly infiltrated Apple and other US companies using ‘spy’ chips on servers"
The Wi-Fi Alliance
, the working group that has long offered such euphonious, IEEE-defined
names for Wi-Fi protocols such as 802.11ab and 802.11n, has finally decided enough was enough with the numbers and letters and such. Their decision? The next Wi-Fi version will be Wi-Fi 6 — and sucks to your ass-mar if you don’t like it.
“For nearly two decades, Wi-Fi users have had to sort through technical naming conventions to determine if their devices support the latest Wi-Fi,” said Wi-Fi Alliance
CEO Edgar Figueroa in a release. “Wi-Fi Alliance is excited to introduce Wi-Fi 6, and present a new naming scheme to help industry and Wi-Fi users easily understand the Wi-Fi generation supported by their device or connection.”
Wi-Fi 6 is actually 802.11ax, an improvement on 802.11ac. The ostensible data rate for Wi-Fi 6 is, according to Wikipedia, “37% higher than IEEE 802.
Continue reading "The new version of Wi-Fi is called Wi-Fi 6 because rules don’t matter"