Monthly Archives: March 2017

Yahoo Security Breaches

By on December 7, 2019

Yahoo has been repeatedly victimized by nefarious high-profile hacking incidents one of which affected over half a million account holders. Several months after that attack, Yahoo admitted to having been the victim of another breach dating back to 2015 that put over half a million account holders at risk.

The United States Securities and Exchange Commission (SEC) confirmed that more than thirty two million Yahoo accounts were hacked in a cookie forging attack that dates back to 2015.

Apparently, hackers used a sophisticated cookie forging exploit which they were able to execute without having to know or use account passwords.

Yahoo will determine which accounts were invaded by hackers that took or used forged cookies and will notify account holders potentially affected by the breach. The tech giant identified and invalidated the cookies which essentially cut off the hackers.

Regarding the cookie forging exploit, Yahoo wrote in SEC filings:

“In November and December 2016, we disclosed that our outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password. Based on the investigation, we believe an unauthorized third party accessed the Company’s proprietary code to learn how to forge certain cookies. The outside forensic experts have identified approximately 32 million user accounts for which they believe forged cookies were used or taken in 2015 and 2016 (the “Cookie Forging Activity”). We believe that some of this activity is connected to the same state-sponsored actor believed to be responsible for the 2014 Security Incident. The forged cookies have been invalidated by the Company so they cannot be used to access user accounts.”

Internal investigation by the SEC determined that Yahoo had enough knowledge of the hacking situation to disclose it in 2014, that several unidentified senior executives of the company failed to “properly comprehend or investigate” the breach and that its legal team should have opened an inquiry about the hacking in 2014. An SEC filing states:

“The Independent Committee found that failures in communication, management, inquiry and internal reporting contributed to the lack of proper comprehension and handling of the 2014 Security Incident.”

This latest information saved Verizon $350 million in its prolonged negotiations to acquire Yahoo which will be deducted from its initial $4.83 billion buyout offer. Also in light of these recent developments, Yahoo’s Chief Executive Officer (CEO) has agreed to take full responsibility for the oversights and will forgo the annual bonus and equity grant which will be redistributed to Yahoo employees.

Problems with WordPress

By on December 7, 2019

It’s not surprising that tech companies based in the United States are favorite targets of cyber hackers and unknowingly become breeding grounds for nefarious activities that include global terrorism. These activities focus on American tech companies because they provide the infrastructure necessary for extremist groups around the world to thrive and prosper, while they tread closely on the edge of free speech that is valued and protected by the First Amendment to the U.S. Constitution.

American society highly values the right to free speech and tech companies worldwide are now struggling to determine where free speech crosses the line into something altogether different that can be used for dangerous and nefarious purposes.

One of the latest victims is WordPress.com, which is a free hosting site for any website built with WordPress. Executives of the tech giant are now grappling with that issue after the non-partisan advocacy and research group known as the Counter Extremism Project (CEP) identified WordPress.com as host to a number of questionable websites.

WordPress.com has been identified as a hosting source of websites that feature violent videos (firing squads, beheadings) and dangerous terrorist propaganda that many find offensive and outside the scope of free speech.

Automattic is the parent company of WordPress.com and its spokesperson issued a statement saying “While our service is designed to enable users to freely express their ideas and opinions, however controversial, safety is important to us. As such, we don’t allow websites of known terrorist groups or genuine calls for violence against individuals or groups on WordPress.com.” The CEP’s research contradicts that statement and executives at WordPress.com are currently investigating the matter.

The CEP shared correspondence from a WordPress.com employee who identified himself as “Sal P.,” who indicated “WordPress.com is deeply committed to free speech and will not take content down just because we find it offensive or disagree with the point of view,” adding that a review will be conducted of those individuals or groups that CEP alleges maintain iffy websites on WordPress.com and appear on the federal government’s “Specifically Designated Nationals and Blocked Persons List.”

David Ibsen is the Executive Director of CEP and he told The Washington Post “In our experience dealing with tech companies, when they don’t want to do something, they talk about free speech, and when they want to do something, they talk about terms of service.”

Whatever you want to call it, executives at WordPress.com have a huge problem on their hands, as well as plethora of other vulnerable American tech companies.

Is Alexa Spying on You?

By on December 7, 2019

Amazon’s contributions to the tech world continue with the introduction of Alexa which is a “virtual personal assistant” that uses Amazon Echo (hands-free speaker system) to provide audio to multiple electronic devices for purposes of asking and receiving responses to a variety of questions. Alexa can also be used for playing music and audiobooks, setting alarms, creating “to do” lists, providing real time information about traffic and weather and other voice interaction capabilities.

Alexa can also act as a “hub” for several “smart” electronic devices which operate using various wireless protocols. Most of those devices allow activation of Alexa by speaking a “wake word” but some require users to push a button to activate Alexa’s listening capabilities. Currently Alexa is only available in English and German languages.

Alexa has created a lot of buzz about privacy issues and questions as to whether or not the device can be used for nefarious spying purposes. After WikiLeaks revealed that the Central Intelligence Agency (CIA) employs a huge arsenal of remote hacking tools, registered users of the website Reddit.com raised the issue of Alexa’s possible collaboration with the CIA. Reddit.com is a website that allows registered users called Redditors to submit content in a variety of forms and those submissions are voted up or down by fellow-Redditors to organize posts and determine where they rank and appear within the website under a variety of categories.

One of the recent submissions was a video clip that poses questions to Alexa with regard to its connection to the CIA in which viewers can hear a woman ask “Alexa, would you lie to me?” to which the device responds “I always try to tell the truth. I am not always right but I would never intentionally lie to you or anyone else.”

The anonymous lady posing the questions in the video then asks “Alexa, what is the CIA?” to which the device immediately responds “The United States Central Intelligence Agency, CIA.” She then asks “Alexa, are you connected to the CIA?” A noise can be heard that resembles the dull “dunk” sound you hear when you click on something that can’t be viewed but Alexa offered no answer. The lady asks the same question again and gets the same sound and no answer, which is completely atypical of the device’s normal response capabilities.

Some folks give Alexa the benefit of the doubt suggesting that it doesn’t respond because it’s experiencing some kind of problem registering the question but others fear the device didn’t know how to respond and is actively recording and spying on them.

Interestingly, Redditors got the same response from other virtual assistants known as Google Now and Apple’s Siri. When they asked Google Now “Are you connected to the CIA?” the device responded “Me? I don’t know.” Similarly, when Redditors asked Siri the same question, the device responded “I can’t answer that.”

It’s not surprising that this video has unleashed a flurry of conspiracy theories about the CIA using multiple electronic devices, including telephones and televisions, to spy on people. Contributing to the conspiracy theories is the fact that it is well known that Amazon has previously worked with the CIA, including in 2014 when the agency paid $600 million for Amazon to develop a cloud computing infrastructure designed to specifically meet the needs of the CIA. Recently Amazon also became involved in a murder trial during which it claimed First Amendment rights to requests for releasing recordings that Alexa might have in relation to the case.

Most companies don’t want to alienate clients by collaborating to exchange information with any government agency but a few have been known to do so in addition to Amazon, including Yahoo which is suspected of being in cahoots with the FBI and NSA by providing user data to those intelligence agencies.

The liberal voice for world, business and sports news, reviews, opinions and analyses known as The Guardian indicated in 2014 that Amazon is also not particularly careful about protecting private user information which promotes and contributes to the perpetuation of conspiracy theories about Alexa.

Amazon attempted to quell conspiracy implications by releasing a statement about the video reviewed by Reddit saying:

“This was a technical glitch which we have fixed. Alexa’s response to this question is:

” Are you connected to the CIA?

“No, I work for Amazon.”

Next Generation iPhones

By on December 7, 2019

What could Apple possibly come up with to incorporate into its next generation iPhones that will make everyone want the updated version? Well, according to the U.S. Patent and Trademark Office, the tech giant has applied for and been issued a Patent for a technology that enables “enhanced face detection using depth information.” That should do it!

The tech giant will use specifically modified software and hardware modules in its newest iPhone creation. According to the Patent and Trademark Office, Apple’s new technology will be available for both still images and videos.

The Patent Application indicates that the new technology uses a combination of camera modules, depth sensors and computer imagery to produce “depth maps” which it uses to accurately identify human faces that appear in the image. Apparently, the new technology breaks down the image into smaller frames or “windows” and then selects one or more in which to “test for presence of human faces.”

The feature uses depth information to make the identification process easier and more accurate, but becomes less reliable when more faces appear at varying depths and locations within the image/video, which could contribute to false detection issues, according to the Patent and Trademark Office.

This news comes amid rumors that Apple may be ramping up its reality capabilities and might introduce an innovative 3D selfie camera, which will rely on infrared modules that are capable of projecting patterns of optical radiation into images that will allow the device to split the image or video into depth maps.

Until the announcement is made by Apple, these innovative features are pure conjecture but, if and when the new technology becomes available, it will only be included on premium iPhone models and is expected to also have a premium price of over $1000.

App Blocking by Microsoft

By on December 7, 2019

Microsoft is a giant in the technology field and leads the way in development of new innovative software programs designed to make every aspect of life easier.

Because it manufactures so many popular applications, Microsoft software programs have become a lucrative target for computer hackers who target Microsoft users in order to gain access to millions of computers (unbeknownst to computer users worldwide) that hold a plethora of valuable personal and confidential information.

In an effort to curb the nefarious hacking that has plagued Microsoft users worldwide and in an attempt to get customers to use options offered in its “Windows Store” more often, Microsoft is currently evaluating an innovative function for Windows 10 that prevents installation of desktop apps unless they come directly from the official Microsoft Windows Store.

When enabled this option will prevent computer users from installing classic Win32 applications, which include many popularly used programs like Google Chrome and Adobe Photoshop. Win32 is the programming interface used for 32-bit and 64-bit Windows Operating Systems, starting with Windows 95.

This new feature limits the scope of apps users can install and may be very useful to newbies since they are much less likely to install malware on their electronic devices. The Windows Store offers apps to meet most of their needs and newbies can also get a variety of Win32 apps from the Windows Store using Microsoft’s Desktop App Converter.

The new feature is disabled by default in Windows 10, but users can easily enable it if they choose by going to the Apps and Features category and selecting Settings. Users will have the option of allowing or blocking installation of Win32 apps altogether as well as an alternative that gives priority to apps from the Windows Store without blocking standard desktop applications (which will result in a prompt asking for approval of the installation anytime you run a non-Windows Store app).

Users who enable the feature and then attempt to install a Win32 app will get a warning in the form of a dialog box that reminds them that the Windows Store is the only “safe and reliable” place to obtain software.

Microsoft is expected to release the Windows 10 Update in April, 2017 which will include a variety of other new features for use in Windows 10.

Microsoft is also developing an update for Windows 10 that will not allow users to install any Win32 apps at all in its effort to provide a truly universal operating system for electronic devices.