Hello Kitty Hacked

Yet another kid-oriented brand has been breached. Hello Kitty is the victim of a cyberattack. Sanriotown.com, the online community where kids interact with the ever-popular Hello Kitty brand through blogs, games, quiz centers and more, suffered a database breach, according to Internet security research Chris Vickery.

Vickery is the same researcher who recently discovered the MacKeeper software breach. That security event leaked over 13 million credentials. The Hello Kitty breach is less severe, possibly compromising about 3.3 million user accounts.

“The alleged security breach of the SanrioTown site is currently under investigation,” the company said in a published statement. “Information will be made available once confirmed.”

Another Lesson Learned

This is another example. Every single time you enter information into a field on a Web page and click submit, that data is transmitted and stored, and could be exposed at some point in the future.

VTech Hacked

Chinese electronic toy maker VTech was hacked in November, revealing the profiles of 6.4 million kids around the world, along with 4.9 million parent accounts. The database of the company’s Learning Lodge app store, which allows customers to download apps, e-books and learning games, was breached on November 14 HKT (Hong Kong Time).

VTech makes a wide variety of children’s toys, including the VTech Tote ‘n Go Laptop, pictured above. The company’s customer database holds a slew of user profile information. The personal identifiers mentioned in the company’s report include names, e-mail addresses, passwords, secret questions and answers for password retrieval, IP addresses, mailing addresses and download histories. The database also contains kids’ information, including names, genders and birth dates.

 

Share This:

Facebook’s Messenger Gets Photo Magic

Facebook is apparently trying to make it easier to send photos starting with this year’s holiday season. Holidays are normally a picture-taking frenzy so this is a good time for a new service like this to be launched.

Facebook is now offering a feature call “Photo Magic” that will automatically address a message so it can be sent quickly to Facebook friends identified in a picture. The option relies on the same image-recognition technology that attaches people’s names to Facebook posts.

With this twist, Facebook is deploying the technology in its Messenger application to make it more convenient to distribute pictures to a few friends and family members.

Facebook will highlight Photo Magic in a Messenger update that will start rolling out this Thursday to users of Apple’s iPhones and smartphones running on Google’s Android software. It will still be up to each individual to decide whether they want to activate Photo Magic. After the feature is turned on, it can still be switched off at any time.

More Messenger Adoption?

Messenger currently has more than 700 million users, about half the size of the audience on Facebook’s social network.

Facebook is counting on Photo Magic to foster more allegiance to its Messenger app as it competes against other competing services such as Snapchat that have become particularly popular among teenagers and young adults.

If Photo Magic is turned on, it will apparently prompt you figure out if any of the people in a picture belong to the smartphone owner’s circle of Facebook friends. If some are found, Photo Magic creates a messaging thread that allows a user to send the picture to all the identified parties with two clicks.

Additional Messenger Features 

As part of the Messenger upgrade, Facebook is also including an option that will allow users to change the colors of their exchanges with different friends, and switch the formal name of a recipient to a nickname, such as “mom” or “dad.” Until now, Messenger’s address book mirrored the names listed on people’s Facebook profiles.

Share This:

Apple Updates It’s iOS

Last week Apple released a new version of its iOS. Although it is primarily a maintenance release of the mobile operating system, the upgrade includes some improvements for music and news enthusiasts.

The release, iOS 9.2, improved Apple Music, the company’s streaming music service, in a number of ways.

For example, users can create new playlists when adding a song to a playlist.

Also when adding a song to a playlist, the most recently changed playlist will appear at the top of the display stack.

Downloading albums or playlists from a personal library in Apple’s cloud is easier, too, the company said. All you need to do is tap the new iCloud download button.

There is also a new download indicator that appears by tracks displayed in My Music and playlists will make identifying those songs easier.

The update has made browsing the Apple Music catalog for classical music friendlier, too, with the display of works, composers and performers.

Better News, Mail, Books

Improvements also have been made to Apple’s News, Mail and iBooks.

In News, Apple added a Top Stories section that lets followers stay up to date on the important news of the day. That feature, though, is limited to U.S., UK and Australian users.

A Mail Drop feature allows email attachments to be as large as 5 MB in size.

In addition, 3D Touch, added to iBooks, allows you to pop and peek at pages from the table of contents, notes and bookmarks, or from search results inside a book.

You can now multitask while listening to audio books, too. As you listen, you can browse your library, read other books, or explore the iBooks Store.

For shutterbugs who don’t use their iPhone for all their photographic needs, Apple added support for the USB Camera Adapter to import photos and videos from external cameras and camcorders.

30 Security Fixes

The updated also contained some 30 security fixes.

They include patching an iBook vulnerability that allowed a maliciously crafted iBook file to expose user information and fixing a Siri bug that allowed a person with physical access to an iOS device to use Siri to read notifications of content not set to be displayed at the lock screen.

I believe that taking the time to update your smartphone with the latest OS is always a good idea so be sure to check this one out.

Share This:

Understanding Windows 10 Updates

If you are confused about how updates work in Windows 10 you are not alone. This is because starting with Windows 10 Microsoft has changed what was once a fairly straightforward procedure into a sometimes complicated process that varies according to whether you have Windows 10 Home or Windows 10 Pro. As a result, there have been lots of misperceptions about how Windows 10 Update works, and how to best use it.

Unlike previous versions of Windows, Windows 10 doesn’t give you the option to review pending updates and choose not to install them (although, as you’ll see later in this article, there are a few exceptions). Instead, the updates automatically install on a schedule of Microsoft’s choosing. When updates are available, Windows 10 automatically downloads them, schedules a time to restart your PC, and then installs the update on that schedule.

windows update basic
Windows 10 automatically downloads updates and schedules a time to restart your PC and install them.

The difference between an update and an upgrade

Is a Windows update the same thing as a Windows upgrade? The two words sound pretty much identical, but in the Windows 10 world there’s a difference.

In Microsoft terminology, updates fix security issues, squash bugs and make relatively significant changes to Windows, typically under the hood. They’re delivered on Patch Tuesday, the second Tuesday of every month, and then on an as-needed basis.

Upgrades, on the other hand, “install the latest new features, experiences and capabilities” of Windows 10, according to Microsoft. Typically, there are at most two to three upgrades a year. The first upgrade to Windows 10 was in November 2015.

Windows 10 updates and how to defer them

While it may sound at first like Microsoft has completely taken control of the update process, you do have some options. To see whether any updates have been downloaded and scheduled to be installed, click the Start button and select Settings / Update & Security / Windows Update. You’ll see any updates that have been downloaded and the time they’re scheduled to install. If a restart is needed (which is not always the case), you can change the time by selecting “Select a restart time” and choosing a day and time. Or you can install the updates immediately by clicking “Restart Now.”

That being said, there is a workaround to the must-always-update-immediately rule — assuming you have Windows Pro. In that case, you can defer updates and have them installed later on rather than immediately.

To do it, click the Start button and select Settings / Update & Security / Windows Update / Advanced options and check the box next to “Defer upgrades.” When you do that, updates won’t automatically download and install — at least not immediately. According to Microsoft, the updates will eventually automatically install after “several months,” although it doesn’t say how many months that means.

Keep in mind that you are unable to defer security updates. Those install immediately whether you choose to defer updates or not.

Share This:

Surface Pro 4 Free Docking Spacer

One of the minor mysteries of the Surface Pro 4’s launch appears to have been solved: yes, you can now find a Surface Pro 4 spacer online.

surface pro 3 dock

What’s a spacer? Well, it’s been the answer to this question: If I own a Surface Pro 3 and a SP3 dock, and I wanted to buy a Surface Pro 4, would I be able to fit the SP4 inside my SP3 dock? Or would I really have to buy a new $200 Surface Pro 4 docking station, as well?

The answer to this question, has so far, been “No…but.” Although the Surface Pro 4 is nearly physically identical to the Surface Pro 3, a slight difference in the thickness of the SP4 means that the tablet doesn’t quite align with the SP3 dock’s connectors. As a solution, Microsoft originally said it would supply a free “spacer” to prop up the tablet and ensure a proper fit. Unfortunately, Microsoft apparently forgot to brief the employees at its Microsoft Stores, who had no idea what I was talking about when I asked about the spacer offer in the months following the launch.

You’ll need to visit Microsoft’s Surface Online Support Center and click the “Replace an Accessory” button. Register your Surface Pro 4 tablet if you haven’t already. You should then see the option to have Microsoft ship you the free spacer. (Microsoft will reportedly charge $6 for shipping.) For some reason the serial number attached to our Surface Pro 4 wasn’t recognized as a valid serial number, probably because it was a review unit.

surface pro 4 dock

Why this matters: As productive as Microsoft’s Surface tablets are, they become that much more useful with a Surface dock. The Surface Pro 4 dock offers four USB 3.0 ports and two miniDisplayPort connectors, an upgrade over the single miniDisplayPort connector and three USB 3.0 ports that the SP3’s dock offers. But the SP4 dock has also been plagued with a number of negative reviews, and who wants to spend an extra $200 if they don’t have to? A free spacer for the SP3 dock seems like a cheap, safe solution.

 

Share This:

Cortana Arrives on iOS

Siri has competition from Cortana now for your personal assistance attention. One of the things I miss most from my Windows Phone is Cortana. Now she has arrived on your iPhone.

Microsoft’s digital personal assistant, Cortana, received an intelligence boost this summer with the release of the Windows 10 operating system. Now Microsoft is expanding its intelligent-assistant ambitions even further by bringing Cortana to select iOS, Android and Cyanogen mobile devices.

Two months before the late-July release of Windows 10, Microsoft had already pledged to bring Cortana to iOS and Android devices as a more limited-capability phone companion app. Cortana for Android was released in beta in August, while the iOS version became available to beta testers in November.

The Cortana app is available today in both the U.S. and China for Android devices running 4.1.2 and up, and for iPhone with iOS 8 and up. Users in the U.S. with One Plus One phones powered by the Android-based Cyanogen OS will be able to access Cortana later this month via a 12.1.1 over-the-air update.

Among the tasks that Cortana will be able to handle on Android, iOS and Cyanogen devices are location-based reminders that, for instance, can give you a nudge to buy a wine gift when you’re close to a package store. It can also pop up missed-call alerts to your Windows 10 PC while sending callers automated texts to let them know you’ll call back later, or it help you track flights, packages, stocks and scores on your PC or phone.

 

Share This:

Patch Tuesday Is Here

Yesterday Microsoft issued three new security advisories and a dozen new patches in the their monthly round of security updates. Surprisingly one of the advisories was apparently the result of a security fumble by Microsoft’s own internal IT team, the inadvertent disclosure of the private encryption keys for a wildcard SSL/TLS certificate.

The certificate, which was used for Microsoft’s xboxlive.com domain, has been revoked on Microsoft’s Certificate Trust list, but it could potentially be used to attack systems that haven’t been updated in man-in-the-middle attacks that “spoof” the Xbox Live network. Microsoft isn’t saying how the certificate was “inadvertently disclosed,” but it’s likely that the “wildcard” certificate was accidentally shared with a partner. It’s unlikely that the certificate will be used for an attack now that it’s been revoked, but systems that don’t regularly get their certificate trust lists updated might still be vulnerable.

System administrators have a bigger headache to deal with: an update issued yesterday for Microsoft Windows DNS that patches a remote code execution vulnerability. Rated “critical” by Microsoft, the bug in DNS affects Windows Server 2008 and later. It could allow an attacker to send a “specially-crafted” Domain Name Service request to a Windows DNS server that can run commands on the server with the permissions of the Local System account—giving the attackers a wide range of access to the server that could easily be escalated.

The DNS fix is one of eight critical fixes included in this “Patch Tuesday” including huge roll-up patches for Internet Explorer, Edge, Jscript, and VBScript—all of which fix holes that could potentially be used for remote code execution by malicious websites. There’s also a remote code execution fix for a graphics component used by Skype, Lync, Office, Silverlight, Windows itself and the .NET framework that could be exploited by a malicious document or Web page, and a totally separate remote execution bug in Silverlight and Office themselves. And there’s a patch for the Uniscribe text API that fixes a vulnerability that would allow malicious fonts to execute code.

Share This:

Get Control of Your iPhone’s Photos

If you use an iphone and feel like your photos are “out of control” here are a couple of tips that just might help you get all of your photos organized and cleaned up. The more photos you take the more frustrating it can be to get a handle on separating unwanted photos from those magnificent ones taken or even just finding a photo you just know you captured.

First, here is how to erase multiple images at once using the iPhone’s Photos app:

  1. Launch the Photos app.
  2. Tap the “Select” button in the upper right corner of the screen.
  3. Choose the photos you want to get rid of. You can do this by tapping each individual photo or by tapping one photo and then dragging your finger over the other images you’d like to delete to select pictures more quickly.
  4. Once you’ve selected all of the files that should be disposed of, tap the trash can icon at the bottom of the screen.

Sometimes after you delete an image, it might still appear on another Apple device if you have My Photo Stream turned on. This is a feature that syncs images across all of your Apple devices. If you want to delete images from all of the Apple gadgets you own, navigate to Photos > Albums > My Photo Stream and repeat the steps listed above.

Getting Your Photos Clean with the Cleen App

In can indeed be difficult to decide which photos to part with. Cleen Books is an app designed to help you separate the photos you should trash from the ones worth holding on to. Here’s how to use it:

  1. Launch the App Store on your iPhone.
  2. Search for Cleen.
  3. Tap the “Get” button to install the app. You may be required to enter your AppleID password.
  4. Launch Cleen once it’s been installed and grant the app permission to view your photos.
  5. The app will then display the most recent photos you’ve taken on your iPhone. If you want to erase the photo, swipe down. Swiping up will favorite the photo, and swiping left skips it completely. This allows you to sort and rate the images on your phone so that you can remember to keep the important ones and erase the insignificant snaps.

Siri Can Help Too

If you want to keep your recent photos and jump to images taken at a specific date or location, try asking Siri. With iOS 9, you can ask Siri things such as “Show me photos from 2012″ to quickly navigate to older images.

Share This:

Smartphones Devouring Our TV Time

The recent announcement from CBS that there will finally be a new “Star Trek” TV series but unlike any major network television series before it – it will boldly launch and live exclusively on a streaming service, in this case CBS All Access.  At first I am sure many fans of the 50 year old franchise were probably left scratching their heads about this decision. However CBS is only reacting to something we all know is happening on the TV landscape. Network TV (ABC, CBS, NBC, FOX, PBS) as we have know is in the final throws of dominance and will more then likely fade away completely in the next decade or two.

You can see by the following from Nielson that CBS is on the right track with their most watched TV series of all time and what to do with it going forward.

Our Smartphones Are Eating Our TV Time

The use of Internet-ready devices like smartphones appears to have seriously cut into American’s traditional TV-watching time, new Nielsen data shows, potentially undercutting the notion that mobile devices merely serve as “second screens” while people are plopped in front of the set.

Data provided to The Associated Press shows that the number of 18-to-34-year-olds who used a smartphone, tablet or TV-connected device like a streaming box rose 26 percent in May compared to a year earlier, to an average of 8.5 million people per minute.

By contrast, the numbers of those in the same age group who watched TV, listened to radio or used a computer fell 8 percent over the same period to 16.6 million people per minute.

Nielsen’s inaugural “Comparable Metrics” report for the first time presents data on average use per minute, making it possible to directly compare the time people are spending on their various devices.

The audience for TV viewing alone fell by 10 percent, to 8.4 million people a minute in the 18-to-34-year-old category. That fall-off in the younger audience highly coveted by advertisers confirms a trend in other Nielsen data that found traditional TV viewing peaked in the 2009-2010 season.

“It’s pretty clear the increased use of mobile devices is having some effect on the system as a whole,” said Glenn Enoch, Nielsen’s senior vice president of audience insights. The new Nielsen data doesn’t break out time spent specifically on streaming TV, since that usage is likely spread across TV-connected devices, phones, tablets and PCs.

Since Nielsen inaugurated its tracking service in 1949, average daily TV viewing has marched steadily upward, from 4 hours and 35 minutes a day to a peak of 8 hours and 55 minutes in 2009-2010. That increase coincided with growing numbers of TV sets sold and the proliferation of programming on cable channels.

But viewership has been edging down ever since. From late September until mid-November this year, daily TV watching accounted for only 8 hours and 13 minutes, Nielsen said.

A Logical Choice

This information from Neilson as well as the overall downward trend of conventional TV viewership for services like Netflix, Hulu and Amazon Prime are indeed proof that it is most logical that the Star Trek franchise will live long and prosper only by embracing new technology which that goodness it appears to be doing.

Share This:

Beware New Pony Ransomware

A new wave of crypto ransomware is hitting Windows users courtesy of some poorly secured websites. Those websites are infected with Angler, the off-the-shelf, hack-by-numbers exploit kit that saves professional criminals the hassle of developing their own attack.

The latest round is especially nasty because before encryption, the drive-by attacks first use malware known as Pony to harvest any login credentials stored on the infected computer.

The Details of Pony

The campaign is carried out by installing a cocktail of malware on the compromised PC. The first payload consists of the notorious data thief Pony, which systematically harvests all usable usernames and passwords from the infected system and sends them to a series of Control & Command servers controlled by the attackers.

The purpose of this action is to abuse legitimate access credentials to web servers and CMS systems used by websites and to inject the malicious script in these websites so that the campaign achieves the largest possible distribution.

In the second phase, the drive-by campaigns unfolds via the victim being moved from the legitimate website, which has been compromised, to a heap of dedicated domains which drop the infamous Angler exploit kit.

The Angler exploit kit will then scan for vulnerabilities in popular third-party software and in insecure Microsoft Windows processes, if the system hasn’t been updated.

Once the security holes are identified, Angler will exploit them and force-feed CryptoWall 4.0 into the victim’s system.

To consider just how insidious attacks like these are, consider this: earlier this week it was  reported that the Reader’s Digest website was actively infected by Angler. A reader promptly replied that someone in his organization had visited the site in early November, four weeks before the article was published and was infected by CryptoWall after reading an article. The target’s only mistake, it seems, was failing to update one of several apps.

Crypto ransomware came to the world’s attention in the second half of 2013 with malware calling itself CryptoLocker. Since then, there have been a dozen or so copycat titles and a steady stream of refinements to further befuddle targets. People should be sure to keep operating systems, browsers, and browser plugins updated with the latest security patches and strongly consider uninstalling Flash and Java.

Share This:

1 2