FedEx customer data left online for anyone to rifle through

Company stored customer passports, driver licenses, and more in public Amazon bucket.

Enlarge / A redacted copy of data FedEx employees left on a publicly accessible Amazon bucket. (credit: Kromtech Security Center)

Passports, driver licenses, and other sensitive documentation for thousands of FedEx customers were left online, possibly for years, in a blunder that left the information available to identity thieves and other malicious actors, researchers said Thursday.

In all, Kromtech Security Center said, researchers found 119,000 scanned documents stored in a publicly available Amazon S3 bucket. The photo ID scans were accompanied by completed US Postal Service forms that included names, home addresses, and phone numbers of people who requested to have mail delivered by an authorized agent.

"Citizens from all over the world left their scanned IDs—Mexico, Canada, EU countries, Saudi Arabia, Kuwait, Japan, Malaysia, China, Australia—to name a few," Kromtech researchers wrote.

Read 4 remaining paragraphs | Comments

Pirates Crack Microsoft’s UWP Protection, Five Layers of DRM Defeated

Video games pirates have reason to celebrate today after scene cracking group CODEX defeated Microsoft’s Universal Windows Platform system on Zoo Tycoon Ultimate Animal Collection. While the game it was protecting isn’t exactly a fan favorite, it was reportedly protected by five layers of DRM within the UWP package, including the Denuvo-like Arxan anti-tamper technology.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

As the image on the right shows, Microsoft’s Universal Windows Platform (UWP) is a system that enables software developers to create applications that can run across many devices.

“The Universal Windows Platform (UWP) is the app platform for Windows 10. You can develop apps for UWP with just one API set, one app package, and one store to reach all Windows 10 devices – PC, tablet, phone, Xbox, HoloLens, Surface Hub and more,” Microsoft explains.

While the benefits of such a system are immediately apparent, critics say that UWP gives Microsoft an awful lot of control, not least since UWP software must be distributed via the Windows Store with Microsoft taking a cut.

Or that was the plan, at least.

Last evening it became clear that the UWP system, previously believed to be uncrackable, had fallen to pirates. After being released on October 31, 2017, the somewhat underwhelming Zoo Tycoon Ultimate Animal Collection became the first victim at the hands of popular scene group, CODEX.

“This is the first scene release of a UWP (Universal Windows Platform) game. Therefore we would like to point out that it will of course only work on Windows 10. This particular game requires Windows 10 version 1607 or newer,” the group said in its release notes.

CODEX release notes

CODEX says it’s important that the game isn’t allowed to communicate with the Internet so the group advises users to block the game’s executable in their firewall.

While that’s not a particularly unusual instruction, CODEX did reveal that various layers of protection had to be bypassed to make the game work. They’re listed by the group as MSStore, UWP, EAppX, XBLive, and Arxan, the latter being an anti-tamper system.

“It’s the equivalent of Denuvo (without the DRM License part),” cracker Voksi previously explained. “It’s still bloats the executable with useless virtual machines that only slow down your game.”

Arxan features

Arxan’s marketing comes off as extremely confident but may need amending in light of yesterday’s developments.

“Arxan uses code protection against reverse-engineering, key and data protection to secure servers and fortification of game logic to stop the bad guys from tampering. Sorry hackers, game over,” the company’s marketing reads.

What is unclear at this stage is whether Zoo Tycoon Ultimate Animal Collection represents a typical UWP release or if some particular flaw allowed CODEX to take it apart. The possibility of additional releases is certainly a tantalizing one for pirates but how long they will have to wait is unknown.

Whatever the outcome, Arxan calling “game over” is perhaps a little premature under the circumstances but in this continuing arms race, they probably have another version of their anti-tamper tech up their sleeves…..

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Microsoft offers $200 off Surface Pro to celebrate its fifth anniversary

Special pricing available over the weekend.

Enlarge / Surface Pro with a Cobalt Blue Type Cover.

Microsoft's first x86 PC, then known as the Surface with Windows 8 Pro, hit the market five years ago. The first version was a little strange—a bit too big for a tablet, a bit too small for a laptop—but with its third iteration, the Surface Pro 3, Microsoft's hardware hit its stride. From its first version, the device was an x86 tablet with an integrated kickstand and a detachable keyboard, but the third version changed the screen resolution to 12 inches with a 3:2 aspect ratio (up from 10.6 inches and 16:9) and used a kickstand that could be set to any position from about 20 degrees to 150 degrees.

This third version of Surface Pro spawned a number of copycats from companies like Samsung, Dell, and HP, and arguably it made Microsoft's concept—the laptop-like tablet—a permanent fixture of the PC landscape.

To celebrate this fifth anniversary, Microsoft is offering $200 off two configurations of the current model Surface Pro. The Core i5 with 128GB SSD and 4GB RAM is available for $799, and the Core i5 with 256GB SSD and 8GB RAM is $1,099.

Read 1 remaining paragraphs | Comments

Deals of the Day (2-15-2018)

What better way to celebrate the founding fathers than by scoring a good deal on a laptop? It’s never made a lot of sense to me that Presidents Day is a holiday that’s become associated with sales. But that’s not stopping stores including Best Buy, Del…

What better way to celebrate the founding fathers than by scoring a good deal on a laptop? It’s never made a lot of sense to me that Presidents Day is a holiday that’s become associated with sales. But that’s not stopping stores including Best Buy, Dell, and Lenovo from running sales over this long weekend. […]

Deals of the Day (2-15-2018) is a post from: Liliputing

Imaging at 1,000fps with a single pixel

Fast flashy LEDs and custom hardware use patterns to image object.

Enlarge / No, not those ghosts. (credit: Eli Christman)

For the longest time, imaging was probably the most boring subject imaginable. Unless you were excited about comparing various mass-produced, brand-name lenses, there wasn't much to talk about. That changed briefly with the invention of the laser, but the actual imaging technology was still... yeah, boring.

In the last decade or so, though, things really have changed, in part because of new ways of thinking about what an image actually is. Among the many fascinating variations on traditional imaging is something called ghost imaging. The idea of ghost imaging was to use the quantum nature of light to image an object by detecting photons that had never actually encountered the object. This is a mind-blowing idea that has now been developed to the point where it might actually be practical in some circumstances—especially when you can acquire about 1,000 ghost images per second.

Am I seeing ghosts, or using ghosts to see?

The original idea behind ghost imaging made use of something called quantum entanglement. Imagine that I have a single photon that I slice into two photons. Because the Universe doesn't create or destroy things like energy, momentum, or angular momentum, the energy contained in the two photons has to sum to the value of the energy contained by the first photon.

Read 18 remaining paragraphs | Comments

Florence’s love story mixes the best of comics, video games, and animation

Gentle interactivity helps enhance a short but sweet love story.

The modern video game industry is overloaded with the equivalent of the epic novel—dense, intensely challenging games that can take dozens or hundreds of hours of dedication to truly absorb. That's not even counting competitive online games that functionally never end thanks to regular infusions of new content—the video game equivalent of an epic fantasy series or serialized comic book.

But every so often, it's nice to take a break with a game that manages to tell a memorable story in a much more compact form. That's why I was enamored with Florence, a tidy interactive experience released by Annapurna Interactive and Australian development house Mountains earlier this week. The $3 iOS app is a slice-of-life tale that you can run through in about half an hour, but it has a gentle beauty that will stick with you for much longer.

The basic plot of Florence doesn't seem especially exciting when written out directly. Florence, a lonely office drone in a city office building, meets street musician Krish by happenstance when she crashes her bike one day. The pair quickly move from awkward courtship to cohabitation, exploring the city together and generally being happy and cute as they go through everyday life.

Read 11 remaining paragraphs | Comments

Ajit Pai faces investigation into moves that benefit Sinclair Broadcasting

IG examines whether Pai “improperly coordinated with Sinclair” on rule changes.

Enlarge / FCC Chairman Ajit Pai with his oversized coffee mug in November 2017. (credit: Getty Images | Bloomberg)

Federal Communications Commission Chairman Ajit Pai is under investigation by the agency's independent watchdog over decisions that benefit Sinclair Broadcasting. FCC Inspector General (IG) David Hunt agreed to conduct the investigation after it was requested in November 2017 by two Democratic lawmakers.

"For months I have been trying to get to the bottom of the allegations about Chairman Pai's relationship with Sinclair Broadcasting," Rep. Frank Pallone, Jr. (D-N.J.), said in a statement today. "I am grateful to the FCC's inspector general that he has decided to take up this important investigation."

The investigation was reported today by The New York Times.

Read 18 remaining paragraphs | Comments

Clever new cylinder control gives big MPG boost—and it’s ready to roll

Delphi and Tula have taken cylinder deactivation to the next level.

John F. Martin for Delphi

The gasoline internal combustion engine has been in service for well over a century at this point. After all that time, you would think we would have perfected it by now. It's as simple as suck-squeeze-bang-blow, right? But recently we've seen a number of new technological advances that each offer significant gains to efficiency—probably a good thing considering how long it is going to take to move to an all-electric light vehicle fleet.

The latest one I'm enthusiastic about was cooked up by Delphi and Tula. Called Dynamic Skip Fire, the new tech should work with most any gasoline engine, boosting fuel efficiency by up to 15 percent.

Read 9 remaining paragraphs | Comments

Microsoft introduces “Ultimate Performance” power scheme for Windows 10

Windows 10 includes power management tools that let you prioritize peak performance or lower power consumption (and longer battery life) depending on your needs. Out of the box most laptops ship with Windows configured so that you’ll get the best possi…

Windows 10 includes power management tools that let you prioritize peak performance or lower power consumption (and longer battery life) depending on your needs. Out of the box most laptops ship with Windows configured so that you’ll get the best possible performance when plugged in, for example, but when you’re running on battery power the […]

Microsoft introduces “Ultimate Performance” power scheme for Windows 10 is a post from: Liliputing