Toymaker’s website pushes ransomware that holds visitors’ files hostage

Out-of-date Web app on Maisto.com causes site to attack its visitors.

Enlarge (credit: Malwarebytes)

The website belonging to Maisto International, a popular maker of remote-controlled toy vehicles, has been caught pushing ransomware that holds visitors' files hostage until they pay a hefty fee.

Malicious files provided by the Angler exploit kit were hosted directly on the homepage of Maisto[.]com, according to antivirus provider Malwarebytes. The attack code exploits vulnerabilities in older versions of applications such as Adobe Flash, Oracle Java, Silverlight, and Internet Explorer. People who visit Maisto[.]com with machines that haven't received the latest updates are surreptitiously infected with the CryptXXX ransomware. Fortunately for victims in this case, researchers from Kaspersky Lab recently uncovered a weakness in the app that allows users to recover their files without paying the extortion demand. People infected with ransomware in other drive-by attacks haven't been so lucky.

According to Malwarebytes Senior Security Researcher Jerome Segura, the infection on the Maisto homepage was discovered by fellow researchers at website security firm Sucuri. One of the company's tools has detected the site was running an out-of-date version of the Joomla content management system, which is presumed to be the way attackers were able to load the malicious payloads on the homepage.

Read 3 remaining paragraphs | Comments

Cortana Web searches in Windows 10 will now only be able to open Edge and Bing

Cortana’s growing power means she can’t use third-party search and browsers.

Cortana at work in Windows 10. (credit: Microsoft)

Windows 10 will still let you pick a default browser that isn't Edge, and even if you use Edge or Internet Explorer, it will continue to let you pick a default search engine other than Bing. But in a change which goes into effect today, Web searches that use the Cortana-driven search box in the Windows 10 taskbar will no longer give you any choice: they will always open in Bing, and they will always use Edge to do so.

Microsoft explains that it is making this change because of the smarter capabilities that it has built in to its Cortana digital personal assistant, and the integration this requires of the browser and search engine. For example, the company says that a search for "Pizza Hut" in Cortana will, when opened up in Edge, show locations and directions and rich information. Plans are afoot to make this feature more capable and extensive; eventually you will be able to ask Cortana to "get tickets to Rihanna show," and Windows will find appropriate tickets and streamline a customer's purchase.

This integration requires a common understanding of entities and semantic information about what is being searched for, and how to present this data. Microsoft can offer that in its own platform, but has no consistent, reliable way to do this with other browsers or search engines.

Read 1 remaining paragraphs | Comments

Senators play terror card to lobby public for backdoor crypto legislation

Quest for the decryption “Golden Key” resumes. Trust us, we’ll get a court order.

(credit: Christiaan Colen)

The two US lawmakers behind legislation requiring the tech sector to build backdoors in encrypted products are playing the terrorism card. In an editorial Thursday in the Wall Street Journal, Sen. Richard Burr (R-N.C.) and Sen. Dianne Feinstein (D-Calif.) stoke fears that our personal safety is tied to their proposed legislation.

The pair cite what they called an "islamic State-inspired attack last year in Garland, Texas" and the non terror-related murder of a Louisiana pregnant woman named Brittney Mills.

"These are two of the many cases where law enforcement is unable to fully investigate terrorism or criminal activities. In fact, today the FBI is unable to gain access to data on many of the mobile devices they obtain that are password protected," the lawmakers write.

Read 6 remaining paragraphs | Comments

IDC: Detachable tablet shipments are up, but overall tablet shipments are down

IDC: Detachable tablet shipments are up, but overall tablet shipments are down

Research firm IDC says tablet makers shipped about 39.6 million units in the first quarter of 2016… which sounds like a lot of tablets until you realize that the number for the same period in 2015 was 46.4 million.

In other words, overall tablet shipments are down by nearly 15 percent.

But as expected, IDC did see growth in one area: 2-in-1 tablets, also sometimes called detachables.

Of course, not everyone agrees on the exact definitions of tablets, detachables, and other relevant terms.

Continue reading IDC: Detachable tablet shipments are up, but overall tablet shipments are down at Liliputing.

IDC: Detachable tablet shipments are up, but overall tablet shipments are down

Research firm IDC says tablet makers shipped about 39.6 million units in the first quarter of 2016… which sounds like a lot of tablets until you realize that the number for the same period in 2015 was 46.4 million.

In other words, overall tablet shipments are down by nearly 15 percent.

But as expected, IDC did see growth in one area: 2-in-1 tablets, also sometimes called detachables.

Of course, not everyone agrees on the exact definitions of tablets, detachables, and other relevant terms.

Continue reading IDC: Detachable tablet shipments are up, but overall tablet shipments are down at Liliputing.

Google Fiber hits its fifth city, with a limited deployment in Nashville

AT&T and Comcast boosted fiber deployments in advance of Google arrival.

(credit: Google Fiber)

Google Fiber is available in Nashville, Tennessee, its fifth metro area, but for now is only installed in four apartment and condominium buildings, The Tennessean reported yesterday.

"The milestone comes 15 months after Google Fiber announced Nashville as a new market," the paper said. "In the meantime, existing providers AT&T and Comcast have upped their own fiber rollout in Middle Tennessee and have begun offering the ultra-fast connection to area homes and apartments."

A Google Fiber official said it intends to "connect the lion's share of Nashville," including single-family homes, multi-dwelling units, and small businesses, but it's not clear when that will happen. A list of the four buildings where Google Fiber is already installed can be found here, along with a list of many more buildings where "fiber is coming." The four Nashville buildings where Fiber is installed have a little more than 1,110 housing units combined.

Read 2 remaining paragraphs | Comments

Quartalsbericht: Amazons Gewinn steigt stark an

Amazon erwirtschaftet wieder einen hohen Gewinn. Dabei wuchsen die Lieferausgaben um 42 Prozent auf 3,28 Milliarden US-Dollar. Der Cloud-Bereich Amazon Web Services (AWS) konnte den Umsatz um 64 Prozent auf 2,57 Milliarden US-Dollar steigern. (Amazon, …

Amazon erwirtschaftet wieder einen hohen Gewinn. Dabei wuchsen die Lieferausgaben um 42 Prozent auf 3,28 Milliarden US-Dollar. Der Cloud-Bereich Amazon Web Services (AWS) konnte den Umsatz um 64 Prozent auf 2,57 Milliarden US-Dollar steigern. (Amazon, Web Service)

Hacking Slack accounts: As easy as searching GitHub

Bot tokens leaked on public sites expose firms’ most sensitive business secrets.

A surprisingly large number of developers are posting their Slack login credentials to GitHub and other public websites, a practice that in many cases allows anyone to surreptitiously eavesdrop on their conversations and download proprietary data exchanged over the chat service.

According to a blog post published Thursday, company researchers recently estimated that about 1,500 access tokens were publicly available, some belonging to people who worked for Fortune 500 companies, payment providers, Internet service providers, and health care providers. The researchers privately reported their findings to Slack, and the chat service said it regularly monitors public sites for posts that publish the sensitive tokens.

Still, a current search on GitHub returned more than 7,400 pages containing "xoxp." That's the prefix contained in tokens that in many cases allow automated scripts to access a Slack account, even when it's protected by two-factor authentication. A separate search uncovered more than 4,100 Slack tokens with the prefix "xoxb." Not all results contained the remainder of the token that's required for logging in, but many appeared to do just that. By including valid tokens in code that's made available to the world, developers make it possible for unscrupulous people to access the private conversations between the developers and the companies they work for and to download files and private Web links they exchange.

Read 6 remaining paragraphs | Comments

Report: Google is building a hardware division led by former Motorola president

New division sucks up Nexus, Chromebooks, Chromecast, OnHub, ATAP, and Glass.

Enlarge / Our Alphabet org chart. Welcome the new hardware division. (credit: Ron Amadeo)

Google is building a hardware division. That's according to a report from Re/code, which says that Google is forming a new division with former Motorola President Rick Osterloh at the helm.

Motorola was the old "Google hardware division" that Google decided it didn't want. Osterloh originally joined Google via the company's Motorola purchase in 2011 and was named CEO of Motorola after Dennis Woodside left. Google sold Motorola to Lenovo in 2014, and Osterloh left Motorola last month after some Lenovo "reorganization" at Motorola. Google has now snapped him up. Osterloh becomes a senior vice president at Google, which puts the hardware group on equal footing with Android, Ads, Search, and YouTube.

According to the report, the Google Hardware Division will absorb most of the hardware projects inside Google. There's the good stuff from the Chrome/Android division like Nexus devices, Chromecasts, and Chromebooks, along with Google and Alphabet's struggling hardware projects that haven't had much of a home—OnHub, ATAP (the Advanced Technology and Projects group), and Google Glass. OnHub was born in Alphabet's "Access" division that also houses Google Fiber. OnHub is a router that promises to someday become a smart home device, but so far it hasn't materialized. ATAP has yet to ship an actual piece of hardware and recently had its leader—former DARPA head Regina Dugan—leave for Facebook. Google Glass failed rather spectacularly in the public and later become a forgotten-about group under Tony Fadell's leadership, but not part of Nest. Re/code notes that there's also apparently a new "living room" group in the hardware division.

Read 1 remaining paragraphs | Comments

ASRock DeskMini is a tiny desktop with an upgradeable CPU

ASRock DeskMini is a tiny desktop with an upgradeable CPU

Earlier this year a few companies started showing off motherboards based on Intel’s new mini STX standard. Now ASRock has launched a tiny desktop with a mini STX board… making the new ASRock DeskMini one of the smallest computers with a a socket that lets you swap out one CPU for another.

The mini STX platform features an LGA 1151 socket which should support the next few generations of Intel processors.

Continue reading ASRock DeskMini is a tiny desktop with an upgradeable CPU at Liliputing.

ASRock DeskMini is a tiny desktop with an upgradeable CPU

Earlier this year a few companies started showing off motherboards based on Intel’s new mini STX standard. Now ASRock has launched a tiny desktop with a mini STX board… making the new ASRock DeskMini one of the smallest computers with a a socket that lets you swap out one CPU for another.

The mini STX platform features an LGA 1151 socket which should support the next few generations of Intel processors.

Continue reading ASRock DeskMini is a tiny desktop with an upgradeable CPU at Liliputing.

FCC proposes new price regulations for cable—but not for home Internet

New “special access” rules would put cable and phone companies on equal ground.

(credit: Getty Images | Martin Hospach)

The Federal Communications Commission today proposed new price regulations for so-called “business data services,” potentially bringing Comcast and other cable companies under a type of regulatory regime that already applied to phone companies such as AT&T and Verizon.

The price rules won’t extend to home Internet or the typical broadband service that companies buy to get their employees online. Instead, this form of data connectivity—also called “special access”—is sometimes thought of as the Internet equivalent of a barrel of oil.

Even if you don’t know what a barrel of oil costs, its price affects how much you pay for gas. Similarly, special access prices can affect what ordinary consumers pay for mobile broadband. Wireless carriers buy special access to supply bandwidth for their cellular data networks, so the prices charged can indirectly affect the monthly bills paid by smartphone users.

Read 18 remaining paragraphs | Comments