Skip to content

Thousand-dollar iPhone X’s Face ID wrecked by ‘$150 3D-printed mask

Quote

Apple’s facial-recognition login system in its rather expensive iPhone X can be, it is claimed, fooled by a 3D printed mask, a couple of photos, and a blob of silicone.

Bkav Corporation, an tech security biz with offices in the US and Singapore, specializes in bypassing facial-recognition systems, and set out to do the same with Face ID when it got hold of a $999 iPhone X earlier this month. The team took less than a week to apparently crack Cupertino’s vaunted new security mechanism, demonstrating that miscreants can potentially unlock a phone with a mask of the owner’s face.

“Everything went much more easily than you expect. You can try it out with your own iPhone X, the phone shall recognize you even when you cover a half of your face,” the biz said in an advisory last updated on Saturday.

The team is still researching how to crack the system more easily and refining their methods. In the meantime the biz advises sticking to fingerprints for biometric security. ®

More Holes than Swiss Cheese

Quote

Microsoft and Adobe are getting into the holiday spirit this month by gorging users and admins with a glut of security fixes.

The November of Patch Tuesday brings fixes for more than 130 bugs between the two software giants for products including IE, Edge, Office, Flash Player and Acrobat.

Microsoft’s patch dump addresses a total 53 CVE-listed vulnerabilities, including three that already have been publicly detailed. Those include CVE-2017-11827, a memory corruption flaw in Edge and IE that lets webpages achieve remote code execution, CVE-2017-8700, a flaw in ASP.NET that lets web apps access restricted memory contents, and CVE-2017-11848, a flaw in IE that allows webpages to track users when they leave the website.

As usual, memory corruption and scripting engine flaws in IE and Edge make up the bulk of what Microsoft considers to be the highest risk flaws.

Those include a total of 17 CVE entries (CVE-2017-11837,CVE-2017-11839, CVE-2017-11841, CVE-2017-11861, CVE-2017-11862, CVE-2017-11870, CVE-2017-11836, CVE-2017-11838, CVE-2017-11840, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11871, CVE-2017-11873) described as browser scripting engine memory corruption holes that would allow attackers to execute arbitrary evil code on vulnerable PCs by crafting webpages that exploit the programming blunders.

Three other flaws, CVE-2017-11845, CVE-2017-11855, CVE-2017-11856, concern similar remote code execution holes in other components of Edge and Internet Explorer that can be exploited by malicious webpages.

….

And then there’s Adobe

Elsewhere, Adobe’s Flash Player has once again earned its moniker of The Internet’s Screen Door as the Windows, macOS and Linux versions of the browser plugin received fixes for five remote-code execution vulnerabilities.

The largest Adobe patch load, however, was reserved for Acrobat and Reader this month. The PDF readers were the subject of a whopping 62 CVE entries, most of which are remote code execution flaws triggered by opening a malformed PDF file.

Remember Shockwave Player? It got an update to fix CVE-2017-11294, a memory corruption flaw that would let a malformed Shockwave file achieve remote code execution.

Adobe also released updates for Photoshop CC, Connect, DNG Converter, InDesign, and Digital Editions, and Experience Manager

Have Smartphones Destroyed a Generation?

Quote

Around 2012, I noticed abrupt shifts in teen behaviors and emotional states. The gentle slopes of the line graphs became steep mountains and sheer cliffs, and many of the distinctive characteristics of the Millennial generation began to disappear. In all my analyses of generational data—some reaching back to the 1930s—I had never seen anything like it.


The more I pored over yearly surveys of teen attitudes and behaviors, and the more I talked with young people like Athena, the clearer it became that theirs is a generation shaped by the smartphone and by the concomitant rise of social media. I call them iGen. Born between 1995 and 2012, members of this generation are growing up with smartphones, have an Instagram account before they start high school, and do not remember a time before the internet. The Millennials grew up with the web as well, but it wasn’t ever-present in their lives, at hand at all times, day and night. iGen’s oldest members were early adolescents when the iPhone was introduced, in 2007, and high-school students when the iPad entered the scene, in 2010. A 2017 survey of more than 5,000 American teens found that three out of four owned an iPhone.


But the allure of independence, so powerful to previous generations, holds less sway over today’s teens, who are less likely to leave the house without their parents. The shift is stunning: 12th-graders in 2015 were going out less often than eighth-graders did as recently as 2009.

Today’s teens are also less likely to date. The initial stage of courtship, which Gen Xers called “liking” (as in “Ooh, he likes you!”), kids now call “talking”—an ironic choice for a generation that prefers texting to actual conversation. After two teens have “talked” for a while, they might start dating. But only about 56 percent of high-school seniors in 2015 went out on dates; for Boomers and Gen Xers, the number was about 85 percent.

The decline in dating tracks with a decline in sexual activity. The drop is the sharpest for ninth-graders, among whom the number of sexually active teens has been cut by almost 40 percent since 1991. The average teen now has had sex for the first time by the spring of 11th grade, a full year later than the average Gen Xer. Fewer teens having sex has contributed to what many see as one of the most positive youth trends in recent years: The teen birth rate hit an all-time low in 2016, down 67 percent since its modern peak, in 1991.

Even driving, a symbol of adolescent freedom inscribed in American popular culture, from Rebel Without a Cause to Ferris Bueller’s Day Off, has lost its appeal for today’s teens. Nearly all Boomer high-school students had their driver’s license by the spring of their senior year; more than one in four teens today still lack one at the end of high school.

….

If you were going to give advice for a happy adolescence based on this survey, it would be straightforward: Put down the phone, turn off the laptop, and do something—anything—that does not involve a screen.

She flipped off President Trump — and got fired from her government contracting job

She should of been given a hero’s welcome, but instead she got the boot from here job at Akima.

In about Akima

Akima ensures non-discrimination in all programs and activities in accordance with Title VI of the Civil Rights Act of 1964

More Bullshit. This company which is now essentially another I.T. Beltway Bandit is a disgrace. They stood up for money over common sense, money over fair employee treatment and justice, and money over decency. Too bad my tax dollars funds their ilk.

And hypocrisy and favoritism do not escape them either.

She identifies herself as an Akima employee on her LinkedIn account but makes no mention of the middle-finger photo there.

Wait. It gets even more obscene.

Because Briskman was in charge of the firm’s social-media presence during her six-month tenure there, she recently flagged something that did link her company to some pretty ugly stuff.

As she was monitoring Facebook this summer, she found a public comment by a senior director at the company in an otherwise civil discussion by one of his employees about the Black Lives Matter movement.

“You’re a f—— Libtard a——,” the director injected, using his profile that clearly and repeatedly identifies himself as an employee of the firm.

In fact, the person he aimed that comment at was so offended by the intrusion into the conversation and the coarse nature of it that he challenged the director on representing Akima that way.

So Briskman flagged the exchange to senior management.

Did the man, a middle-aged executive who had been with the company for seven years, get the old “Section 4.3” boot?

Nope. He cleaned up the comment, spit-shined his public profile and kept on trucking at work.

But the single mother of two teens who made an impulsive gesture while on her bike on her day off?

Adios, amiga.

Source: WP Article

According to their code of conduct

While using social media sites and other social networking tools we must keep the best interests of the Company in mind. Employees are prohibited from posting illegal or prohibited materials on Company social media sites, including but not limited to materials that are harassing or discriminatory. Confidential information must be protected and never disclosed in an unauthorized manner, including posted to any unauthorized site.

Well she was not at work and not using company’ assets. She was on her day off. She was exercising her 1st amendment rights. Or does one surrender their 1st amendment rights to work for Akima?

Russian Influence Reached 126 Million Through Facebook Alone

Quote

Russian agents intending to sow discord among American citizens disseminated inflammatory posts that reached 126 million users on Facebook, published more than 131,000 messages on Twitter and uploaded over 1,000 videos to Google’s YouTube service, according to copies of prepared remarks from the companies that were obtained by The New York Times.

The new information goes far beyond what the companies have revealed in the past and underline the breadth of the Kremlin’s efforts to lever open divisions in the United States using American technology platforms, especially Facebook. Multiple investigations of Russian meddling have loomed over the first 10 months of the Trump presidency, with one leading to the indictments of Paul Manafort, the former Trump campaign chief, and others on Monday.

For Facebook, Google and Twitter, the discovery of Russian influence by way of their sites has been a rude awakening. The companies had long positioned themselves as spreading information and connecting people for positive ends. Now the companies must grapple with how Russian agents used their technologies exactly as they were meant to be used — but for malevolent purposes.

Rude Awaking? Bullshit. For whom? Connecting people for positive good? More bullshit! It is about hoovering up personal user data and selling it! Come on, wake up!

Just say no to Social Media. Just say no to Google. Demand privacy.

Updating Things: IETF bods suggest standard

Quote

A trio of ARM engineers have devoted some of their free time* to working up an architecture to address the problem of delivering software updates to internet-connected things.

Repeated IoT breaches – whether it’s cameras, light bulbs, toys or various kinds of sex toys – have made it painfully clear that too many Things aren’t updated, and/or can’t be.

A step in the right direction.

Facebook, Twitter, Skype & the rest of Garbage

I have to love this quote

When it comes to technology and social media is of course the man behind the entire investigation, Robert Mueller, who doesn’t give one iota of a shit about the swirling social media yelling that passes for modern political debate.

Love it! Supermarket checkout tabloid rags, but not political debate.

Now here’s a shock (not) from the same article

126 million Facebook users, rather than just 10 million, may have seen content produced and circulated by Russian operatives during the 2016 White House race, it emerged on Monday. And Twitter now says 2,752 accounts accounts were run by Russian agents, rather than the 201 figure it previously estimate

Disconnect from social media and join the real world.

Source: Quote

Equifax – the Disaster Continues

So I called Equifax this am after logging into the Trust-ID site and seeing that after two weeks, the account was still stuck in Enrollment Processing. Awful. I was connected to poorly trained agents in the Philippines. They could not understand the issue. When I asked to speak to a supervisor I was simply put on hold. I called back and the same issue. Next I tried to speak to an agent in the US. I was told to redial the number. Oh great, routed back to Philippines. When I finally tried for a fourth time and demanded to speak to someone in the US, I was on hold for 10 minutes (after being promised 2 minutes) and I finally gave up.

Clearly by outsourcing this they are still more concerned about making money than helping customers protect their private information

Equifax needs to be completely wound down. It is dysfunctional from the top down.

Microsoft silently fixes security holes in Windows 10 – Leaves Win 7, 8 out in the cold

Quote

Microsoft is silently patching security bugs in Windows 10, and not immediately rolling out the same updates to Windows 7 and 8, potentially leaving hundreds of millions of computers at risk of attack.

Flaws and other programming blunders that are exploitable by hackers and malware are being quietly cleaned up and fixed in the big Windows 10 releases – such as the Anniversary Update and the Creator’s Update. But this vital repair work is only slowly, if at all, filtering back down to Windows 7 and Windows 8 in the form of monthly software updates.

Windows 8.1 is supposed to receive monthly security fixes until January 10, 2023, and for Windows 7, January 14, 2020

Read: We want you all on Windows 10 Spyware Platform so can farm all your information and target you with adverts.