There are limits to 2FA and it can be near-crippling to your digital life

Even 2FA can run up against limitations—like this Find My iPhone attack.

A video demonstration of the vulnerability here, using a temporary password. (credit: Kapil Haresh)

This piece first appeared on Medium and is republished here with the permission of the author. It reveals a limitation in the way Apple approaches 2FA, which is most likely a deliberate decision. Apple engineers probably recognize that someone who loses their phone won’t be able to wipe data if 2FA is enforced, and this story is a good reminder of the pitfalls.

As a graduate student studying cryptography, security and privacy (CrySP), software engineering and human-computer interaction, I've learned a thing or two about security. Yet a couple of days back, I watched my entire digital life get violated and nearly wiped off the face of the Earth. That sounds like a bit of an exaggeration, but honestly it pretty much felt like that.

Here’s the timeline of a cyber-attack I recently faced on Sunday, July 23, 2016 (all times are in Eastern Standard):

That’s a pretty incidence matrix

That’s a pretty incidence matrix (credit: Kapil Haresh)

3:36pm—I was scribbling out an incidence matrix for a perfect hash family table on the whiteboard, explaining how the incidence matrix should be built to my friends. Ironically, this was a cryptography assignment for multicast encryption. Everything seemed fine until a rather odd sound started playing on my iPhone. I was pretty sure it was on silent, but I was quite surprised to see that it said “Find My iPhone Alert” on the lock screen. That was odd.

Read 20 remaining paragraphs | Comments

Nach Insolvenz: Verkauf von Unister soll schnell abgewickelt werden

Je länger die Unsicherheit bei Unister anhält, desto mehr sinkt der Wert der Marken und Portale des insolventen Internetkonzerns. Der Insolvenzverwalter will Investoren deshalb möglichst schnell den Zuschlag geben. (Unister, Internet)

Je länger die Unsicherheit bei Unister anhält, desto mehr sinkt der Wert der Marken und Portale des insolventen Internetkonzerns. Der Insolvenzverwalter will Investoren deshalb möglichst schnell den Zuschlag geben. (Unister, Internet)

The basics of the thorny relationship between science and philosophy

Meaning of Science offers a quick tour of big questions about why science works.

A lot of things that try to pass themselves off as science, like homeopathy, clearly aren't scientific. But it might surprise you to know that there's no simple checklist or flow chart that lets you separate the scientific from the nice-try-but-not-quites. It's not for lack of trying; for decades, philosophers worked to figure out how a decidedly human activity could produce such reliable information, but all the big-name thinkers in the field have come up short.

Understanding why they failed is the subject of multiple graduate-level seminar classes. But if you're just interested in a brief overview, Tim Lewens can help you out.

Dr. Lewens is a philosopher of science at Cambridge University (and a Ford driver, as we discover) who's written a book called The Meaning of Science. It's meant for a general audience, yet it tackles hairy issues in the philosophy of science and throws in ruminations on the nature of humanity for free. The Meaning of Science is an odd mix that doesn't quite hang together as a coherent whole, but it's not a bad read for anyone interested in a quick-and-painless introduction to the mystery of why science works.

Read 12 remaining paragraphs | Comments

Smach Z handheld gaming PC coming to Kickstarter (again)

Smach Z handheld gaming PC coming to Kickstarter (again)

It’s been more than half a year since the team behind the Smach Z handheld gaming computer launched a Kickstarter campaign… and then canceled it two days later.

Now they’re ready to try again. This time they’ve got a prototype, outside investors, more details about the hardware they’re using, and some thoughts about stretch goals for the campaign.

For example, the Smach Z is designed to run the Linux-based SteamOS. But if the project raises enough money, the developers will consider offering Windows or Android-based models.

Continue reading Smach Z handheld gaming PC coming to Kickstarter (again) at Liliputing.

Smach Z handheld gaming PC coming to Kickstarter (again)

It’s been more than half a year since the team behind the Smach Z handheld gaming computer launched a Kickstarter campaign… and then canceled it two days later.

Now they’re ready to try again. This time they’ve got a prototype, outside investors, more details about the hardware they’re using, and some thoughts about stretch goals for the campaign.

For example, the Smach Z is designed to run the Linux-based SteamOS. But if the project raises enough money, the developers will consider offering Windows or Android-based models.

Continue reading Smach Z handheld gaming PC coming to Kickstarter (again) at Liliputing.

iPhone: Whatsapp vergisst nicht gut genug

Gelöscht ist gelöscht – das gilt auf dem Computer selten. Und auch bei Whatsapp auf dem iPhone lassen sich gelöschte Chatverläufe wiederherstellen. Es gibt aber einige Möglichkeiten, sich zu schützen. (Whatsapp, iPhone)

Gelöscht ist gelöscht - das gilt auf dem Computer selten. Und auch bei Whatsapp auf dem iPhone lassen sich gelöschte Chatverläufe wiederherstellen. Es gibt aber einige Möglichkeiten, sich zu schützen. (Whatsapp, iPhone)

uTorrent Quietly Ditches Rating and Comment Features

Without alerting its users, the team behind the popular BitTorrent client uTorrent has removed the software’s widely used comment and rating functionality. It’s unclear why the functionality was stripped, but it’s possible that spam issues or legal concerns played a role.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

utorrent-logo-newWith more than 150 million active users a month, uTorrent remains the leading torrent client, by far.

Despite its popularity, the introduction of new features has stalled in recent years. In fact, some of the more prominent changes date back five years, when uTorrent launched its long awaited 3.0 version.

Among other things, this release introduced a commenting and rating feature. This allowed users to rate the quality of torrents and discuss their contents from within the application.

Both the comments and ratings were shared via trackers, which means that they were not centrally stored but distributed among peers, just like the download itself.

“µTorrent 3.0 adds an extension message for distributing comments within the swarm. All clients that support this extension message store all comments they have seen, per torrent,” uTorrent’s engineering team informed TorrentFreak at the time.

A handy addition, which was appreciated and used by millions of users in recent years. However, out of nowhere, the uTorrent team has decided to ditch the feature in their latest versions.


uTorrent comments and ratings

utorrent

While it’s up to uTorrent’s parent company BitTorrent Inc. to decide what to do with their client, it’s at least a bit odd that users haven’t been informed about the change. There is no mention in the release log of the stable version either.

The only reference we could find was listed in the release log for the beta version a few weeks ago.

Hoping to find out more about the motivation to retire the feature we contacted BitTorrent Inc a few days ago, but thus far without response. The company doesn’t seem very keen to speak about uTorrent, as our inquiries about the hacked forum also remained unanswered.


Disable Rating

disablerating

The above leaves us with no other option than to speculate about the mysterious removal. Perhaps BitTorrent Inc. decided that the feature was no longer relevant, or maybe the system was flooded by spam comments?

On the other hand, perhaps there’s a legal reason why the company doesn’t want users to rate and discuss potentially infringing content from within the client?

Without an official comment from BitTorrent we’ll never know what the true reason is. It’s clear, however, that users who want to comment can no longer do so from the uTorrent application itself.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Windows 10: Hintertür ermöglicht weiter kostenfreies Upgrade

Am Angebot für das kostenfreie Windows 10-Upgrade sind Nutzer in den vergangenen Monaten kaum vorbeigekommen. Auch nach dem Ende der offiziellen Frist ist ein Upgrade über einen bestimmten Weg immer noch möglich. (Windows 10, Microsoft)

Am Angebot für das kostenfreie Windows 10-Upgrade sind Nutzer in den vergangenen Monaten kaum vorbeigekommen. Auch nach dem Ende der offiziellen Frist ist ein Upgrade über einen bestimmten Weg immer noch möglich. (Windows 10, Microsoft)

Buyin: Telekom-Manager von chinesischem Unternehmen bestochen

Ein Manager der Telekom hat gegen Bestechungsgeld interne Geheimnisse an das Unternehmen ZTE verraten. Die Staatsanwaltschaft hat Ermittlungen aufgenommen und kritisiert die Telekom, weil die Justiz erst spät informiert wurde. (Telekom, Internet)

Ein Manager der Telekom hat gegen Bestechungsgeld interne Geheimnisse an das Unternehmen ZTE verraten. Die Staatsanwaltschaft hat Ermittlungen aufgenommen und kritisiert die Telekom, weil die Justiz erst spät informiert wurde. (Telekom, Internet)

Routerfreiheit: Was beim Umstieg auf das eigene Kabelmodem zu beachten ist

Nach dem Wegfall des Routerzwangs haben die Kabelnetzbetreiber unterschiedliche Verfahren für die Aktivierung eigener Endgeräte entwickelt. Golem.de erläutert, wie die Nutzer an ihre Zugangsdaten gelangen und welche unangenehmen Überraschungen sie erleben können. (Router, DSL)

Nach dem Wegfall des Routerzwangs haben die Kabelnetzbetreiber unterschiedliche Verfahren für die Aktivierung eigener Endgeräte entwickelt. Golem.de erläutert, wie die Nutzer an ihre Zugangsdaten gelangen und welche unangenehmen Überraschungen sie erleben können. (Router, DSL)