Blog

Bitcoin now legal tender in El Salvador, first nation to adopt cryptocurrency

Posted by Dave Cahill on Jun 10, 2021 in Cryptocurrency | 0 comments

El Salvador adopts Bitcoin is its legal tender, the first nation to adopt cryptocurrency

El Salvador and other Central American nations hope to lower remittance costs and boost investment.

On Wednesday, El Salvador’s president signed into law a proposal to adopt bitcoin as legal tender, making the Central American nation the first in the world to officially use the cryptocurrency.

The new law says that companies must accept bitcoin as a form of payment, and the government will allow people to pay taxes with it as well. The exchange rate with the dollar will be set by the market, and exchanges from dollars to bitcoin won’t be subject to capital gains tax. The law was passed by a supermajority vote of the legislature, with 62 of 84 deputies assenting.

President Nayib Bukele said the new law would make it easier for Salvadorans living abroad to send remittances back to friends and family in the country. Some $6 billion in remittances flowed into the Salvadoran economy last year, accounting for nearly a quarter of the country’s gross domestic product. Around 70 percent of Salvadorans lack access to traditional banking and other financial services within the country, the president said. The 39-year-old leader hopes that sending remittances will become cheaper, too. Last year, the average fee was 3 percent per transaction. Eliminating that fee would net Salvadorans an additional $180 million.

The country has used the US dollar as its primary currency since 2001, when the government was attempting to stabilize and shore up an economy left in shambles by a bloody 12-year civil war that ended in 1992. The government switched its accounting system to dollars and stopped printing and minting its old currency, colones, though it did not remove it as legal tender. People can still spend any colones in their possession at a rate fixed to the dollar.

El Salvador’s use of the dollar as its primary currency has meant that the country has minimal control over its monetary policy; for all intents and purposes, the US Federal Reserve exerts more power. As a result, efforts by the Salvadoran government to prop up the economy in a recession must be through fiscal interventions, which require a supermajority in the legislature. Adopting bitcoin won’t change this situation, of course, since the supply of the cryptocurrency is limited by mining rates and is ultimately capped at 21 million bitcoins.

Bukele is hoping that by jumping on the bitcoin bandwagon, the country will attract investors. “#Bitcoin has a market cap of $680 billion dollars,” he wrote in a tweet. “If 1% of it is invested in El Salvador, that would increase our GDP by 25%.” That assumption, of course, is highly dependent on bitcoin’s market cap, which has fluctuated significantly over the last year as the cryptocurrency’s price has swung wildly.

Overnight, bitcoin prices are up around 7 percent, though they’re still off some 50 percent from their mid-April peak, when Tesla CEO Elon Musk criticized the cryptocurrency’s energy use and reversed course on accepting bitcoin for Tesla purchases. Musk’s decision was prompted in part by Ars’ coverage of a fossil fuel power plant in upstate New York that had been purchased by a private equity firm and tasked with mining bitcoin. Bitcoin’s energy use has skyrocketed in recent months and uses as much energy today on an annualized basis as the United Arab Emirates, or about 127 TWh per year. A single bitcoin transaction requires nearly 1,600 kWh to complete and produces an estimated 746 kg of carbon dioxide. 

That high energy use is baked into bitcoin’s design, which uses proof of work—computations of cryptographic hashes—to verify records and transactions on the blockchain. Other cryptocurrencies are either based on or planning to switch to other ways of maintaining the blockchain, including proof of stake, which requires users who validate the chain to hold a certain amount of the cryptocurrency, lowering the amount of energy use.

Read the original article courtesy of ArsTechnica.com.

Fastly internet outage: Websites and apps around the world go dark

Posted by Dave Cahill on Jun 8, 2021 in Internet, Technology | 0 comments

Massive internet outage: Websites and apps around the world go dark

Fastly glitch: Swaths of internet go down after cloud outage

Multiple websites went offline briefly across the globe Tuesday after an outage at the cloud service company Fastly, revealing how critical a handful of companies running the internet’s plumbing have become.

Dozens of sites including the New York Times, CNN, some Amazon sites, Twitch, Reddit, the Guardian, and the U.K. government’s home page, could not be reached.

In Asia, cities like Hong Kong and Singapore were also affected, with users unable to access the CNN website. In China, where most foreign media websites are blocked, there was little discussion on the outage on social media platforms such as Weibo.

San Francisco-based Fastly acknowledged a problem just before 6 a.m. Eastern. It said in repeated updates on its website that it was “continuing to investigate the issue.”

About an hour later, the company said: “The issue has been identified and a fix has been applied. Customers may experience increased origin load as global services return.” A number of sites that were hit early appeared to be coming back online.

Fastly said it had identified a service configuration that triggered disruptions, meaning the outage appeared to be caused internally.

Still, all major futures markets in the U.S. dipped sharply minutes after the outage hit almost exactly a month after a cyberattack that caused the operator of the largest fuel pipeline in the U.S to halt its operations.

Internet traffic measurement by Kentik show that Fastly began to recover from the outage roughly an hour after it struck at mid-morning European time – and before most Americans were awake.

“Looks like it is slowly coming back,” said Doug Madory, an internet infrastructure expert at Kentik. He said “it is serious because Fastly is one of the world’s biggest CDNs and this was a global outage.”

Fastly is a content-delivery network. It provides vital but behind-the-scenes cloud computing “edge servers” to many of the web’s popular sites. These servers store, or “cache,” content such as images and video in places around the world so they are closer to users, allowing them to fetch it more quickly and smoothly instead of having to access the site’s original server. Fastly says its services mean that a European user going to an American website can get the content from 200 to 500 milliseconds faster.

The impact of Fastly’s trouble highlights the relative fragility of the internet’s current architecture given its heavy reliance on Big Tech companies – such as Amazon’s AWS cloud services – as opposed to a more decentralized model.

“Even the biggest and most sophisticated companies experience outages. But they can also recover fairly quickly,” said Madory.

That was how the outage was percieved befo

When the outage hit, some visitors trying to access CNN.com got a message that said: “Fastly error: unknown domain: cnn.com.” Attempts to access the Financial Times website turned up a similar message while visits to the New York Times and U.K. government’s gov.uk site returned an “Error 503 Service Unavailable” message, along with the line “Varnish cache server,” which is a technology that Fastly is built on.

Down Detector, which tracks internet outages, posted reports on dozens of sites going down and said “there may be a widespread outage at Fastly.”

Read the original article courtesy of The Associated Press.

How to Protect Your Files From Ransomware

Posted by Dave Cahill on Jun 7, 2021 in Security News, Tips & Tricks | 0 comments

How to Protect Your Files From Ransomware

Ransomware is a growing threat for individual users and businesses alike—but there are ways to protect yourself.

Move over viruses, step aside worms: Ransomware has the spotlight and isn’t about to give it up. From taking down entire fuel pipelines to hijacking hospital networks, it’s the cyberattack du jour. Not only do you have the potentially disastrous consequences of being locked out of your most important files and systems, you also have to decide if you’re willing to pay cold, hard cash to get access to them again, if you even get access after paying.

That’s where the name comes from—ransomware attacks literally hold your data for ransom. There are a few variations on the theme, but it’s usually very recognizable. Malware is used to encrypt your files (in some cases even double-encrypt them) so they require a specific key to be unlocked. The damage can quickly spread across computers and networks. In some cases you might be locked out of your system completely, along with any other systems on the same network.

Ransomware isn’t particularly difficult to develop or deploy, and it’s profitable. While it started out as a problem for home users, it has now spread to become a problem for businesses, and several high-profile attacks have recently targeted government agencies and infrastructure companies. The threat is very real no matter who you are—so how do you protect against it?

Keeping ransomware off your computer isn’t actually much different from keeping any other kind of malware at bay, and very similar rules apply. A ransomware attack can’t happen without some access to your system, which is usually achieved through a rogue application—be cautious about downloading or opening any files from the web or your email if you’re not certain of their source.

Hackers now use a variety of social engineering techniques—such as spoofing an email that looks like it’s an urgent missive from your boss—to try and get you to install something you shouldn’t or to download files you think are attachments but aren’t. Think and think again before opening and running anything on your computer, especially if it arrives without warning.

Ransomware doesn’t always have to trick you into installing something: It can sometimes spread on its own by exploiting security holes in legitimate software that hasn’t been properly updated or patched. This is one of the reasons you should generally install as few software programs on your computer as possible, and stick to developers that can be trusted to keep their applications secure and provide necessary security updates in a timely manner.

Besides being careful in terms of what you do on your computer and the programs you grant access, the standard three rules of system security apply: Update, protect, and back up. All malware, including ransomware, often exploits older or unpatched software, which is why it’s vital that everything running on your computer (and yes, that includes both Windows and macOS users) is up to date with at least the latest security updates.

Those nagging operating system updates are annoying for a reason—it’s really important that you get them installed. The good news is that software updates are so vital to security that they’re mostly handled automatically and in the background by most programs. Google Chrome, for example, downloads updates on its own, and you’ll see a color-coded icon in the toolbar when an upgrade is required. (It gets closer to red as the upgrade gets more urgent.)

In terms of protection, you also need some quality security software installed on your computer, but that should be done anyway—ransomware or no ransomware. It’s a matter of debate whether the tools built into Windows and macOS are good enough on their own, but they certainly go a long way to keeping malware threats, including ransomware, at bay.

It’s also fair to say that adding third-party software on top keeps you even better protected: Leading packages from the likes of McAfee, Norton, Bitdefender, Avira, and others will keep a very close eye on everything that’s happening on your system, so it’s up to you whether you think the extra protection is worth the extra cost (and the extra software configurations you’ll have to go through).

While ransomware is typically targeted at systems and the files on them, with the right username and password bad actors can also get at your files in the cloud, encrypt those, and hold them for ransom. Make sure you use strong passwords that are different for all of your accounts (ideally through a password manager) and that you’ve turned on two-factor authentication everywhere—that means that something else (such as a code sent to or generated by your phone) is required to log in to your accounts in addition to a username and password.

The third part of keeping yourself protected against ransomware is to make sure you back up your computer and other devices regularly. An external hard drive, a cloud syncing service—they’ll all do as long as there are copies of your files out of reach of the ransomware attack.

And that last caveat is an important one. If your backup is within easy reach of the malware program that’s locking your files, then you’ll be faced with encrypted backups as well as encrypted files. Make sure at least one of your backups is only occasionally connected to your main system, or that whatever backup solution you choose has revision history, so you can go back to before the attack took place.

When it comes to cloud backup solutions, many now offer file versioning features (Dropbox Rewind, for example)—they roll back your files to a previous point in time, which can be really useful in the event of a ransomware attack, because it means you’re able to revert to the state your data was in before it got encrypted. Check with the service you’re using for details.

As with any security threat, it’s impossible to 100-percent guard yourself against ransomware, but the steps outlined here should help minimize the risk. If the worst should happen, remember that ransomware is a crime, and you can report it via the resources mentioned on the Cybersecurity & Infrastructure Security Agency website here.

Read the original article courtesy of Wired.com.

Zero-day in WordPress SMTP plugin abused to reset admin account passwords

Posted by Dave Cahill on Jun 4, 2021 in Security News, Web & Graphic Design News | 0 comments

Zero-day in WordPress SMTP plugin abused to reset admin account passwords

A Zero-day exploit patch has been released earlier this week but many WordPress sites remained unpatched —as usual.

Hackers are resetting passwords for admin accounts on WordPress sites using a zero-day vulnerability in a popular WordPress plugin installed on more than 500,000 sites.

The zero-day was used in attacks over the past weeks and was patched on Monday.

It impacts Easy WP SMTP, a plugin that lets site owners configure the SMTP settings for their website’s outgoing emails.

According to the team at Ninja Technologies Network (NinTechNet), Easy WP SMTP 1.4.2 and older versions of the plugin contain a feature that creates debug logs for all emails sent by the site, which it then stores in its installation folder.

“The plugin’s folder doesn’t have any index.html file, hence, on servers that have directory listing enabled, hackers can find and view the log,” said NinTechNet’s Jerome Bruandet. 

Bruandet says that on sites running vulnerable versions of this plugin, hackers have been carrying out automated attacks to identify the admin account and then initiate a password reset.

Since a password reset involves sending an email with the password reset link to the admin account, this email is also recorded in the Easy WP SMTP debug log.

All attackers have to do is access the debug log after the password reset, grab the reset link, and take over the site’s admin account.

“This vulnerability is currently exploited, make sure to update as soon as possible to the latest version,” Bruandet warned earlier this week on Monday.

The plugin’s developers have fixed this issue by moving the plugin’s debug log into the WordPress logs folder, where it’s better protected. The version where this bug was fixed is Easy WP SMTP 1.4.4, according to the plugin’s changelog.

This marks the second zero-day discovered in this very popular plugin. A first zero-day was discovered being abused in the wild in March 2019, when hackers used a Easy WP SMTP vulnerability to enable user registration and then created backdoor admin accounts.

The good news is that compared to March 2019, today, the WordPress CMS has received a built-in auto-update function for themes and plugins.

Added in August 2020, with the release of WordPress 5.5, if enabled, this feature will allow plugins to always run on the latest version by updating themselves, instead of waiting for an admin’s button press.

However, it is currently unclear how many WordPress sites have this feature enabled and how many of the 500,000+ WordPress sites are currently running the latest (patched) Easy WP SMTP version.

According to WordPress.org stats, the number isn’t that high, meaning that many sites remain vulnerable to attacks.

Read the original article over at ZDNet.com.

Amazon devices will soon automatically share your Internet with neighbors

Posted by Dave Cahill on Jun 2, 2021 in Security News, Technology | 0 comments

Amazon devices will soon automatically share your Internet with neighbors

Amazon ‘s experimental wireless mesh networking turns users into guinea pigs.

If you use Alexa, Echo, or many other Amazon devices, you have only 10 days until you’re opted in to an experiment that leaves your personal privacy and security hanging in the balance.

On June 8, the merchant, Web host, and entertainment behemoth will automatically enroll the devices in Amazon Sidewalk. The new wireless mesh service will share a small slice of your Internet bandwidth with neighboring Sidewalk-capable devices that don’t have connectivity. Sidewalk will also help your Amazon devices to a sliver of bandwidth from other Sidewalk users when you don’t have a connection.

By default, a variety of Amazon devices will enroll in the system come June 8. And since only a tiny fraction of people take the time to change default settings, that means millions of people will be co-opted into the program whether they know anything about it or not. The Amazon webpage linked above says Sidewalk “is currently only available in the US.” The full list of devices that can act as Sidewalk bridges is Ring Floodlight Cam (2019), Ring Spotlight Cam Wired (2019), Ring Spotlight Cam Mount (2019), Echo (3rd gen and newer), Echo Dot (3rd gen and newer), Echo Dot for Kids (3rd gen and newer), Echo Dot with Clock (3rd gen and newer), Echo Plus (all generations), Echo Show (all models and generations), Echo Spot, Echo Studio, Echo Input, and Echo Flex.

The webpage also states:

What is Amazon Sidewalk?

Amazon Sidewalk is a shared network that helps devices work better. Operated by Amazon at no charge to customers, Sidewalk can help simplify new device setup, extend the low-bandwidth working range of devices to help find pets or valuables with Tile trackers, and help devices stay online even if they are outside the range of their home wifi. In the future, Sidewalk will support a range of experiences from using Sidewalk-enabled devices, such as smart security and lighting and diagnostics for appliances and tools.

How will Amazon Sidewalk impact my personal wireless bandwidth and data usage?

The maximum bandwidth of a Sidewalk Bridge to the Sidewalk server is 80Kbps, which is about 1/40th of the bandwidth used to stream a typical high definition video. Today, when you share your Bridge’s connection with Sidewalk, total monthly data used by Sidewalk, per account, is capped at 500MB, which is equivalent to streaming about 10 minutes of high definition video.

Why should I participate in Amazon Sidewalk?

Amazon Sidewalk helps your devices get connected and stay connected. For example, if your Echo device loses its wifi connection, Sidewalk can simplify reconnecting to your router. For select Ring devices, you can continue to receive motion alerts from your Ring Security Cams and customer support can still troubleshoot problems even if your devices lose their wifi connection. Sidewalk can also extend the working range for your Sidewalk-enabled devices, such as Ring smart lights, pet locators or smart locks, so they can stay connected and continue to work over longer distances. Amazon does not charge any fees to join Sidewalk.

Amazon has published a white paper detailing the technical underpinnings and service terms that it says will protect the privacy and security of this bold undertaking. To be fair, the paper is fairly comprehensive, and so far no one has pointed out specific flaws that undermine the encryption or other safeguards being put in place. But there are enough theoretical risks to give users pause.

Wireless technologies like Wi-Fi and Bluetooth have a history of being insecure. Remember WEP, the encryption scheme that protected Wi-Fi traffic from being monitored by nearby parties? It was widely used for four years before researchers exposed flaws that made decrypting data relatively easy for attackers. WPA, the technology that replaced WEP, is much more robust, but it also has a checkered history.

Bluetooth has had its share of similar vulnerabilities over the years, too, either in the Bluetooth standard or in the way it’s implemented in various products.

If industry-standard wireless technologies have such a poor track record, why are we to believe a proprietary wireless scheme will have one that’s any better?

The omnipotent juggernaut

Next, consider the wealth of intimate details Amazon devices are privy to. They see who knocks on our doors, and in some homes they peer into our living rooms. They hear the conversations we’re having with friends and family. They control locks and other security systems in our home.

Extending the reach of all this encrypted data to the sidewalk and living rooms of neighbors requires a level of confidence that’s not warranted for a technology that has never seen widespread testing.

Last, let’s not forget who’s providing this new way for everyone to share and share alike. As independent privacy researcher Ashkan Soltani puts it: “In addition to capturing everyone’s shopping habits (from amazon.com) and their internet activity (as AWS is one of the most dominant web hosting services)… now they are also effectively becoming a global ISP with a flick of a switch, all without even having to lay a single foot of fiber.”

Amazon’s decision to make Sidewalk an opt-out service rather than an opt-in one is also telling. The company knows the only chance of the service gaining critical mass is to turn it on by default, so that’s what it’s doing. Fortunately, turning Sidewalk off is relatively painless. It involves:

1. Opening the Alexa app
2. Opening More and selecting Settings
3. Selecting Account Settings
4. Selecting Amazon Sidewalk
5. Turning Amazon Sidewalk Off

No doubt, the benefits of Sidewalk for some people will outweigh the risks. But for the many, if not the vast majority of users, there’s little upside and plenty of downside. Amazon representatives didn’t respond to a request for comment.

Read the original article over at ArsTechnica.com.

Deepfake maps could really mess with your sense of the world

Posted by Dave Cahill on Jun 1, 2021 in Technology | 0 comments

Deepfake maps could really mess with your sense of the world

Deepfake Researchers applied AI techniques to make portions of Seattle look more like Beijing.

Satellite images showing the expansion of large detention camps in Xinjiang, China, between 2016 and 2018 provided some of the strongest evidence of a government crackdown on more than a million Muslims, triggering international condemnation and sanctions.

Other aerial images—of nuclear installations in Iran and missile sites in North Korea, for example—have had a similar impact on world events. Now, image-manipulation tools made possible by artificial intelligence may make it harder to accept such images at face value.

In a paper published online last month, University of Washington professor Bo Zhao employed AI techniques similar to those used to create so-called deepfakes to alter satellite images of several cities. Zhao and colleagues swapped features between images of Seattle and Beijing to show buildings where there are none in Seattle and to remove structures and replace them with greenery in Beijing.

Zhao used an algorithm called CycleGAN to manipulate satellite photos. The algorithm, developed by researchers at UC Berkeley, has been widely used for all sorts of image trickery. It trains an artificial neural network to recognize the key characteristics of certain images, such as a style of painting or the features on a particular type of map. Another algorithm then helps refine the performance of the first by trying to detect when an image has been manipulated.

As with deepfake video clips that purport to show people in compromising situations, such imagery could mislead governments or spread on social media, sowing misinformation or doubt about real visual information.

“I absolutely think this is a big problem that may not impact the average citizen tomorrow but will play a much larger role behind the scenes in the next decade,” says Grant McKenzie, an assistant professor of spatial data science at McGill University in Canada, who was not involved with the work.

“Imagine a world where a state government, or other actor, can realistically manipulate images to show either nothing there or a different layout,” McKenzie says. “I am not entirely sure what can be done to stop it at this point.”

A few crudely manipulated satellite images have already spread virally on social media, including a photograph purporting to show India lit up during the Hindu festival of Diwali that was apparently touched up by hand. It may be just a matter of time before far more sophisticated “deepfake” satellite images are used to, for instance, hide weapons installations or wrongly justify military action.

Gabrielle Lim, a researcher at Harvard Kennedy School’s Shorenstein Center who focuses on media manipulation, says maps can be used to mislead without AI. She points to images circulated online suggesting that Alexandria Ocasio-Cortez was not where she claimed to be during the Capitol insurrection on January 6, as well as Chinese passports showing a disputed region of the South China Sea as part of China. “No fancy technology, but it can achieve similar objectives,” Lim says.

Manipulated aerial imagery could also have commercial significance, given that such images are hugely valuable for digital mapping, tracking weather systems, and guiding investments.

US intelligence has acknowledged that manipulated satellite imagery is a growing threat. “Adversaries may use fake or manipulated information to impact our understanding of the world,” says a spokesperson for the National Geospatial-Intelligence Agency, part of the Pentagon that oversees the collection, analysis, and distribution of geospatial information.

The spokesperson says forensic analysis can help identify forged images but acknowledges that the rise of automated fakes may require new approaches. Software may be able to identify telltale signs of manipulation, such as visual artifacts or changes to the data in a file. But AI can learn to remove such signals, creating a cat-and-mouse game between fakers and fake-spotters.

“The importance of knowing, validating, and trusting our sources is only increasing, and technology has a large role in helping to achieve that,” the spokesperson says.

Spotting images manipulated with AI has become a major area of academic, industry, and government research. Big tech companies such as Facebook, which are concerned about spreading misinformation, are backing efforts to automate the identification of deepfake videos.

Zhao at the University of Washington plans to explore ways to automatically identify deepfake satellite images. He says that studying how landscapes change over time could help flag suspect features. “Temporal-spatial patterns will be really important,” he says.

However, Zhao notes that even if the government has the technology needed to spot such fakes, the public might be caught unawares. “If there is a satellite image which is widely spread in social media, that could be a problem,” he says.

Read the original article over at ArsTechnica.com.

FBI to share compromised passwords with Have I Been Pwned

Posted by Dave Cahill on May 28, 2021 in Security News, Technology | 0 comments

FBI to share compromised passwords with Have I Been Pwned

The FBI will soon begin to share compromised passwords with Have I Been Pwned’s ‘Password Pwned’ service that were discovered during law enforcement investigations.

The Have I Been Pwned data breach notification site includes a service called Pwned Passwords that allows users to search for known compromised passwords.

Using this service, a visitor can input a password and see how many times that password has been found in a breach. For example, if we enter the password ‘password,’ the service states that it has been seen 3,861,493 times in data breaches.

Today, Have I Been Pwned creator Troy Hunt announced that the FBI would soon be feeding compromised passwords found during law enforcement investigations into the Pwned Password service.

By providing this feed, the FBI will allow administrators and users to check for passwords that are known to be used for malicious purposes. Admins can then change the passwords before they are used in credential stuffing attacks and network breaches.

“We are excited to be partnering with HIBP on this important project to protect victims of online credential theft. It is another example of how important public/private partnerships are in the fight against cybercrime,” – Bryan A. Vorndran, Assistant Director, Cyber Division, FBI.

The FBI will share the passwords as SHA-1 and NTLM hash pairs that can then be searched using the service or downloaded as part of Pwned Password’s offline list of passwords.

Password Pwned allows users to download the compromised passwords as lists of SHA-1 or NTLM hashed passwords that can be used offline by Windows administrators to check if they are being used on their network.

You can download these lists with the hashes sorted alphabetically or by their prevalence. For example, the list below shows the NTLM hash ’32ED87BDB5FDC5E9CBA88547376818D4′ being used over 24 million times.

It is not surprising that this NTLM hash is for the password ‘123456‘.

To help facilitate this new partnership, Hunt has made Password Pwned open source via the .NET Foundation and is asking other developers to help create a ‘Password Ingestion’ API.

The FBI and other law enforcement agencies can use this API to feed compromised passwords into the Password Pwned database.

Read the original article over at BleepingComputer.com.

Download Everything Google Knows About You with Google Takeout

Posted by Dave Cahill on May 20, 2021 in Google, Privacy | 0 comments

Download Everything Google Knows About You with Google Takeout

If you ask any privacy evangelist in the world, they will tell you that Google knows more about you than your friends.

After all, Google knows and tracks a lot about you — from your daily schedule in Google Calendar and your files and folders in Google Drive to emails in Gmail and web searches on Google as well as your browsing history from Chrome and location history from Google Maps.

Does it sound daunting? In this case, you may be thinking of checking your data stored by Google. Fortunately, Google allows you to download everything stored in your account with Google, thanks to its data archival tool named “Google Takeout”.

Though it’s most helpful when you’re looking to quit Google and take account data with you, it’s handy for checking your data stored with Google.

What does Google Know About You?

Using Google Takeout, you can get to know your data stored with Google Apps. Although it shows all services regardless of you using or not using a service, you can get hints about your data for some services.

What’s the trick? Some services show optional buttons for choosing the data to include in the data archive.

For instance:

• Calendar shows All calendars included
• Chrome shows All Chrome data included
• Drive shows All Drive data included
• Fit shows All Fit data included
• Google Photos shows All photo albums included, and so on.

If you click one of these buttons, you can see a glimpse of your data relevant to the given app or service — All Drive data included shows folders in your Drive.

And surprisingly, Google Takeout allows downloading all your data stored at the company’s servers. That is, the downloadable archive includes your emails in Gmail, your files and folders in Google Drive, your photos and videos in Google Photos, etc.

That is why it may take 2-3 days to create your first data archive.

How to Download your Google Data?

Google Takeout lets you download an archive of all your data Google knows about you. You may get surprised by the amount and intensity of information the search giant may know about you.

The reason being we readily use its apps and services all day.

That said, let’s check how to download data from Google:

1. Open takeout.google.com in a web browser > log in if required.
2. Under Select data to include, choose the services of whose data you want to download and click Next step. You can also click optional detail buttons to choose specific items for each service as it’s explained above.
3. Under Choose file type, frequency & destination, you need to choose a delivery method, frequency of delivery, and the file type and size.
4. Under Delivery method, you can opt to get a download link via email or store the data archive to Box, Dropbox, Google Drive, or OneDrive.
5. Under Frequency, you can opt to export the data once or schedule a regular export every two months for one year to the select destination.
6. Under File type & size, pick a file type for your exports from tgz and zip archive formats and the maximum size of a single archive file. That is, if you select 2 GB, exports larger than 2 GB will be split into multiple files.
7. Finally, click on Create export. The export process may take anywhere from a couple of hours to days; you’ll get an email once it gets completed.

That is all about checking and downloading your data stored with Google Apps. You must try it once to understand the breadth and depth of your data known and stored by the search giant. I was also amazed to see my own data.

Also, you can back up your data using Google Takeout though I will not suggest choosing to put the archive to cloud storage services like Dropbox or OneDrive.

Instead, you should opt to receive a link via email, download the archive, encrypt it using a strong password, then upload it to cloud storage as a backup.

Read the original article over at Hongkiat.com.

Windows 10 has a built-in ransomware block, you just need to enable it

Posted by Dave Cahill on May 18, 2021 in Security News, Virus Alert Information | 0 comments

Windows 10 has a built-in ransomware block, you just need to enable it

Turns out there is a mechanism in Windows Defender that can protect your files from ransomware.

Windows 10 comes with its own baked-in antivirus solution called Windows Defender, and it is enabled by default when setting up a new PC. At the very least, that affords you some basic protection against the many malware threats out in the wild. But did you know there is an added optional layer that can keep your pictures, videos, work documents, and other files safe in the event of a ransomware infection? The caveat is that you have to manually enable ransomware protection in Windows 10.

Or more specifically, a feature called ‘Controlled folder access’.

A big hat-tip to Forbes for pointing this out, because this is not something I was aware existed. To enable it, type ‘Ransomware protection’ in the Windows search bar, or take the long way by navigating to Settings > Update & Security, click on Open Windows Security, click on Virus & threat protection, then scroll down and click on Manage ransomware protection.

The Controlled folder access toggle is set to ‘off’ by default (or at it least it was on my PCs). Turning it on designates specific folders that only trusted apps have permission to access, and you can add folders beyond the ones that are selected by default. There’s also a section to grant specific apps permission to access your protected folders, if need be.

Ransomware ranks as one of the biggest and fastest growing malware threats, with a massive 62 percent spike in attacks in 2020 compared to the year before, according to data outlined in SonicWall’s 2021 Cyber Threat Report. According to the report, “the effects of a global pandemic, combined with record highs in the price of cryptocurrency” drove ransomware to new heights, and it’s not showing any signs of slowing down.

There were more than 304 million ransomware attacks last year. Not all of them successfully extorted money from victims, but according to Coveware, a ransomware remediation service, the average ransomware payment grew to over $220,000 in the fourth quarter of last year.

Of course, those are mainly businesses forking over that kind of money to attackers who are holding their data hostage. Small businesses in particular are disproportionately targeted, but facilitators of ransomware do also go after individuals.

As to the ransomware protection in Windows 10, it does actually work. The PC Security Channel on YouTube posted a video several weeks ago showing the mechanism in action. After installing a “pretty deadly ransomware” strain on a test system, the Controlled folder access feature prevented the designated folders from being altered, while non-protected folders ended up encrypted.

So there you have it, Windows 10 can add a layer of protection to specific folders, if you want it to. You should also routinely back up any important data, and as always, following smart computing habits (like not clicking on links in unsolicited emails) to tip the odds in your favor.

We tried this ourselves, and it blocked us from running a game—FIFA 21. That’s because by default, the My Documents folder is protected. However, this is easy enough to get around. When you click the ‘Add an allowed app’ button, there’s an option to view which ones were recently blocked, to make it quick and easy to grant access. Alternatively, you could remove My Documents from the list of protected folders.

Read the original article over at PCGamer.com.

Someone managed to jailbreak an AirTag already

Posted by Dave Cahill on May 11, 2021 in Mac / Apple | 0 comments

Someone managed to jailbreak an AirTag already

AirTag Jailbreak: That didn’t take long.

Apple recently announced a tracking device that it calls the AirTag, a new competitor in the “smart label” product category.

The AirTag is a round button about the size of a key fob that you can attach to a suitcase, laptop or, indeed, to your keys, to help you find said item if you misplace it.

If you remember those whistle-and-they-bleep-back-at-you keyrings that were all the rage for a while in the 1990s, well, this is the 21st century version of one of those.

Unlike their last-millennium sonic counterparts, however, modern tracking tags come with loads more functionality, and therefore present a correspondingly greater privacy risk.

Armed with wireless connectivity in the form of Bluetooth and NFC, modern tags don’t just respond neutrally with a beep-beep-beep when you send them an audio signal and they’re within range.

Products like the AirTag also announce themselves with regular Bluetooth beaconing transmissions, just like your phone does when it’s in discoverable mode.

To stop your tags being used as a permanent tracking tool for anyone who’s stalking you, the Bluetooth identifier swaps itself around every few minutes, like the Bluetooth beacons used in the Apple-and-Google privacy-preserving “exposure notification” interface that was introduced for coronavirus infection tracking.

If someone else swipes an NFC-enabled phone near an AirTag, it presents them with a supposedly anonymous URL pointing to the Apple server found.apple.com, where they can report the misplaced item.

(We don’t have an AirTag to practise with, but apparently you can choose to reveal personal information such a phone number via the tracking URL, but we assume that nothing about your identity is revealed by default, so that lost items can be reported anonymously.)

Jailbroken

Little more than a week after going on sale, Apple’s AirTag item track has already been jailbroken.

First spotted by The 8-Bit. German researcher ‘stacksmashing’ has been able to hack their way into an AirTag’s software, changing how it behaves when put into Lost Mode.

German security researcher and YouTube content creator that goes by the name Stack Smashing tweeted today that they were successful in “breaking into the microcontroller of the AirTag.” They were then able to re-flash the microcontroller that enabled them to modify elements of the software.

With the new software in place the hacked AirTag presents a custom URL when scanned in Lost Mode. Normally, scanning a lost AirTag would redirect users to Apple’s website but this particular one doesn’t. And that could open the door for all kinds of weird, wonderful, and perhaps dangerous things in the future.

And confirmed that we can re-flash the microcontroller! Woohoo.

— stacksmashing (@ghidraninja) May 8, 2021

It isn’t clear yet what else, if anything, a jailbroken AirTag could be forced to do or whether Apple could plug this hole via a software update in a similar method to how AirPods receive updates. Tim will tell.

Read the original article over at imore.com.