Blog

Ai-Powered Website Generates Realistic Human Faces On the Spot

Posted by Dave Cahill on Feb 15, 2019 in Fun Stuff, Privacy, Technology | 0 comments

Ai-Powered Website Generates Realistic Human Faces On the Spot

Written by Sergiu Gatlan / Courtesy of Bleeping Computer

A website created by Philip Wang, an Uber software engineer, and hosted at thispersondoesnotexist.com allows its visitors to generate realistic looking human faces of people that do NOT actually exist each time they hit the Refresh button. 

The websites uses artificial intelligence and machine learning and pretrained models for StyleGAN, the official TensorFlow implementation of NVIDIA Research Projects’ “A Style-Based Generator Architecture for Generative Adversarial Networks” research paper. 

As Wang said in a Facebook post:

Recently a talented group of researchers at Nvidia released the current state of the art generative adversarial network, StyleGAN, over at https://github.com/NVlabs/stylegan.
I have decided to dig into my own pockets and raise some public awareness for this technology.
Faces are most salient to our cognition, so I’ve decided to put that specific pretrained model up. Their research group have also included pretrained models for cats, cars, and bedrooms in their repository that you can immediately use.
Each time you refresh the site, the network will generate a new facial image from scratch from a 512-dimensional vector.

StyleGAN was trained by the NVIDIA Research Projects team using the CelebA-HQ and FFHQ datasets for an entire week using 8 Tesla V100 GPUs according to Rani Horev’s explanation.

While it is clear that the use of StyleGAN to achieve these results is nothing short of impressive, the fact that every generated face also has some little details that don’t line up exactly and break the overall symmetry, rendering the face even more eerily realistic looking, is even more remarkable.

If you want to see how StyleGAN operates behind the scenes to generate these fake faces of people that have never existed, watch the video below.

While thispersondoesnotexist.com showcases what one can achieve using a StyleGAN version trained to work with human faces, other people have made their own StyleGAN models and trained them to generate anything from font variations, psychedelic graffiti, and cat faces. Be warned though, those cat faces are … something else.

#LatentFonts as the next iteration of #VariableFonts? Tried #StyleGAN on a 50k fonts dataset collected by @fulhack – Now I'm stuck watching this loop pic.twitter.com/UKCexhJKiF

— Cyril Diagne (@kikko_fr) February 13, 2019

Read the original article over at BleepingComputer.com.

8 Tell-Tale Signs You’re A Geek

Posted by Dave Cahill on Feb 15, 2019 in Fun Stuff, Gaming | 0 comments

8 Tell-Tale Signs You’re A Geek

Written by Michael Poh / Courtesy of Hongkiat

Have you ever wondered what it takes to be a geek? Are geeks highly intellectual individuals who are obsessively passionate over computer technology, or elements of pop culture so much that their lifestyle revolves around this passion? Can we label anyone who is well-versed with these topics as a geek? Or is there something else more fundamental that helps make this distinction?

My guess is that it has more to do with their attitudes than what they actually do that irritate (or perhaps, intimidate) others. Despite being socially awkward, their extraordinary attitudes are somewhat of a rare find, which is a good thing as these attitudes have to lead to some of the biggest tech-news-making events of this century.

Today, we see a greater acceptance and recognition for geeks (you can thank the late Steve Jobs and Mark Zuckerberg for that). Who knows, you might even possess the very traits that they have. Check to see where you stand on the geek-o-meter.

1. Are You Incredibly Loyal To What You Love?

One thing that could potentially distinguish geeks from the rest of the people is their undying commitment to the things they love, be it gaming, high-tech gadgets or comics. They’re fanatical about the object of their obsession, always willing to put in that extra effort (sometimes to extreme lengths) to make sure they’re the first to know about the latest news or updates.

To others, it may just be a hobby or a pastime. To them though, it’s the reason they exist. It defines who they are. This is why they’re so passionate about it.

Do you have a particular obsession, the reason why you’re excited to get out of the bed every morning? If you have that something which your life revolves around, you’re closer to being a geek than you think.

2. Do You See Yourself As Distinct From The Rest?

Due to their extreme loyalty and commitment to what they love, they only seek the company of those who exhibit the same enthusiasm as they do. They tend to group together, in a small community, preferring to mingle with their peers and shunning those who are not as committed to the same passion – which would explain the social misfit-ness of geeks.

In any case, they are stringent when it comes to accepting people as their kind. It’s evident from the way geeks talk; you see that they speak in their own language (real or made-up), using their own terms, acronyms, and lingo. It’s highly probable that only a fellow geek would understand what they are talking about.

It’s not likely that any Tom, Dick, and Sally can just join the club by waltzing in, as even within the community itself exists a unique culture of their own. In a way, it’s like the fraternities where they have their own initiation before new members can be welcomed into the group. You need to show them that you think at the same (high) level as them; you can’t feign being a geek.

3. Do You Tend to Be ‘Ethnocentric’?

I guess one inevitable side effect of seeing themselves as vastly different from others is that they are less able to see things from an outsider’s point-of-view. Having a lot of pride in their level of understanding of a subject, at times, geeks also expect others to comprehend what they mean without a need for explanation.

Terms like ‘pwned’ or ‘respawn’ (if they’re gamer geeks) will elicit responses like shrugs or raised eyebrows, long “uhhhh”s or “What a weirdo!” expressions. You can’t expect geeks to change, so when a non-geek doesn’t, the incompatibility sticks and geeks shy away from making new friends of the non-geek nature.

From the outside, they are viewed as socially awkward because it’s easier to put a blame on a minority group than it is the general public. This would further push them into seclusion, preferring to instead talk and communicate with their own kind, rather than in real-life relationships.

4. Do you Lose Yourself Easily In Your Obsession?

With them passionate over what they love to do, it’s not surprising to find themselves achieving ‘flow‘, the state of mind when they feel fully engaged in what they do and consequently lose track of time. This would explain why geeks who are into gaming could spend hours and hours without stopping for food while trying to complete their games.

Eventually, that feeling of euphoria from the flow becomes an addiction to them; that’s how gamers get addicted.

5. Do You Have An Insatiable Need to Know Everything?

As I mentioned earlier, the life of a geek revolves around what they love. With that, they have the constant desire to have that sense of power and control over what they’re good at and love doing.

They never stop exploring and always keep themselves updated about the things they are obsessed with: reading everything about the latest high-tech gadgets, attending every cosplay event and conference in town, etc.

They just want to be the first to be there, the first to hear about unconfirmed rumors and of course, the first to break the news to everyone. Put simply, it’s extreme fandom at its best, almost a cult-like zeal.

6. Do You Take Pride In Your Expertise?

They’re the experts on the field. From time to time, they might talk to ‘outsiders’ about their obsession when others asked about it during the course of everyday conversations. Although they might openly resent it when others don’t get their ideas or jargon, deep inside, the geeks take delight in the fact that they’ve established themselves to be an expert.

Given the amount of time and effort that geeks are willing to devote themselves to the object of obsession, it’s quite understandable to be proud of themselves. After all, it is very much their life goal.

7. Do you Have a Niche Within Your Passion?

Even when they’re geeks for a particular field, chances are that they have developed a preference within their passion. Take for instance the case of the stereotypical computer geeks. Sure, they may be crazy over computer technology and the latest technology trends in computing, but they often focus on a particular brand or system.

It’s like going to the second layer of fanaticism, where you delve deeper to find one niche. It’s why we always hear of the battle between supporters of different operating systems like Android vs iOS.

8. Are You Willing to Stick to it Til the End?

Being a fan to a specific OS, comic superhero, cosplay costume, sci-fi movie, programming language, and others is one thing, while sticking to it no matter what happens is another. Geeks do both. This is what makes them so different, so special and perhaps so intimidating to ‘outsiders’.

They are willing to stand up for what they believe in, even when times are really bad. It’s not really about the objective assessment of the object they love; it is more than that. It involves emotions when it comes to their fandom.

One is not a geek if he or she is knowledgeable about the subject but lacks the passion about it. A real geek is totally into it, intellectually and emotionally. This idea explains why geeks will stay true and loyal to their idolized OS or superhero till the end; they have grown emotionally (or even spiritually) attached to them. To speak ill of their passion is to speak ill of them.

Read the original article over at Hongkiat.com.

Dunkin’ Donuts Issues Alert for Credential Stuffing Attack, Passwords Reset

Posted by Dave Cahill on Feb 13, 2019 in River Net News | 0 comments

Dunkin’ Donuts Issues Alert for Credential Stuffing Attack, Passwords Reset

Written by Lawrence Abrams / Courtesy of Bleeping Computer

Dunkin’ Donuts has issued a security notification alerting users of their DD Perks reward program that their accounts may have been involved in a credential stuffing attack. This attack may have allowed third-parties to gain access to some of their account information

A credential stuffing attack is when attackers compile username and passwords that were leaked from previous security breaches and use those credentials to try and gain access to the accounts at other sites.

In a security notification released on February 8th, 2019, Dunkin’ Donuts states that their internal systems did not suffer a data breach, but that users of their DD Perks reward program were targeted by a credential stuffing attack. This attack could have allowed third-parties to gain access to the user accounts and see information that was stored within them.

This notification went on to state that Dunkin’ learned about the attack on January 10th, 2019 when one of their security vendors detected attempts by a third-party to gain access to customer’s DD Perks accounts.

“Beginning on or around January 10, 2019, we learned from one of our security vendors that a third-party may have attempted to log in to your DD Perks account. We believe that these third-parties obtained usernames and passwords from security breaches of other companies. These individuals then used the usernames and passwords to try to break into various online accounts across the Internet. Our security vendor was successful in stopping most of these attempts, but it is possible that these third-parties may have succeeded in logging in to your DD Perks account if you used your DD Perks username and password for accounts unrelated to Dunkin’.”

If an attacker was able to gain access to a DD Perks account, they would have been able to access the account holder’s first and last names, their email address, and the 16-digit DD Perks account number and QR code.

While Dunkin’ does not indicate that store payment information was accessed, they did state that any stored value was transferred to a new account number associated with that login name. 

For those affected, Dunkin’ forced a password reset for all DD Perks accounts that may have been affected.  This would have also caused all DD Perks users to be logged out and have to log back in when they access the account through the web or via the Dunkin’ mobile app.

Unfortunately, credential attacks like this are becoming all-too-frequent due to the increasing amount of data breaches that leak account information such as usernames and passwords. To prevent these types of attacks from affecting you, it is important to utilize passwords managers to create unique and strong passwords at every site an account is created.

Dunkin’ config for credential stuffing tool discovered

Andy Norton, the Director of Threat Intelligence for security firm LastLine, told BleepingComputer that a Dunkin’ configuration for the credential stuffing tool called SNIPR was being marketed on online criminal forums.

SNIPR is tool that makes it easy for attackers to perform credential stuffing attacks by loading configuration files for various sites.

“You can see here from Feb. 8th someone has built a “Config,” which means emulated the login process for Dunkin’ Donuts, so that they can run credential lists at the site, looking for valid logins,,” Norton told BleepingComputer via email. “All organizations should implement 2- factor authentication to protect their customers from these credential stuffing attacks, and in order to save themselves from financial loss, reputation damage or customer churn.”

Update 2/12/19 8:30 PM EST: Article updated to include information from LastLine.

Read the original article over at BleepingComputer.com.

Wells Fargo Hit By Nationwide Outage, ATMs and Online Banking Down

Posted by Dave Cahill on Feb 8, 2019 in Internet, Security News, Technology | 0 comments

Wells Fargo Hit By Nationwide Outage, ATMs and Online Banking Down

Written by Sergiu Gatlan / Courtesy of Bleeping Computer

Wells Fargo customers from all over the U.S. have been reporting that multiple services offered by the multinational financial services company’s banking branch, with credit cards, ATMs, money transfers, and the online banking system all being down for most clients.

The issues are the direct consequence “of a fire at a server farm located in Shoreview, Minnesota. As a result of the fire the servers had to be shut down,” reported KULR-TV Montana citing a bank employee.

Another employee disclosed on Reddit, seven hours ago, that “Fire suppression went off in one of their main Data Centres from some utility work this morning. No power to any of the network or compute equipment and some failovers did not work as expected. […] for those interested the last I heard (15-20 min ago) was that everything minus core network gear was manually being unplugged from any PDUs to help the control the initial power-on. No ETA on when that will be finished, let alone when things will be back up.” (h/t Bill Curnow)

Wells Fargo & Company issued the following statement:

We’re experiencing system issues due to a power shutdown at one of our facilities, initiated after smoke was detected following routine maintenance. We’re working to restore services as soon as possible. We apologize for the inconvenience.

The widespread banking services outage suffered by Wells Fargo was also acknowledged in a tweet:

We apologize to our customers who may be experiencing an issue with our online banking and mobile app. Thanks for your patience while we research this issue. If you are impacted, please check back here for updates.

— Wells Fargo (@Ask_WellsFargo) February 7, 2019

Wells Fargo’s apologetic tweet was met with protests from the bank’s costumers who denounced the lack of communication:

Following the initial tweet and statement acknowledging the issues affecting its systems on a nationwide basis, Wells Fargo said that its team is working on fixing the “intermittent” issues and restoring services:

We’re experiencing a systems issue that is causing intermittent outages, and we’re working to restore services as soon as possible. We apologize for the inconvenience.

— Wells Fargo (@Ask_WellsFargo) February 7, 2019

The last update issued by the company was another tweet, five hours ago, mirroring the statement published on the website word for word:

We’re experiencing system issues due to a power shutdown at one of our facilities, initiated after smoke was detected following routine maintenance. We’re working to restore services as soon as possible. We apologize for the inconvenience.

— Wells Fargo (@Ask_WellsFargo) February 7, 2019

Wells Fargo also reported experiencing issues with its online banking and mobile app on February 1 and February 2, however, just as it happened this time, customers said that the problems were more widespread, also impacting the company’s website and debit cards.

Update February 8, 07:35 EST:

Wells Fargo issued another statement on Twitter reassuring customers that the outage was “not due to any cybersecurity event.”

We want our customers to know that this is a contained issue affecting one of our facilities, and not due to any cybersecurity event. We apologize for the inconvenience caused by these system issues, and any Wells Fargo fees incurred as a result of these issues will be reversed.

— Wells Fargo (@WellsFargo) February 8, 2019

Read the original article over at BleepingComputer.com.

GTA V Cheat Maker Has to Pay $150,000 in Copyright Damages

Posted by Dave Cahill on Feb 7, 2019 in Gaming, Technology | 0 comments

GTA V Cheat Maker Has to Pay $150,000 in Copyright Damages

Written by Ernesto / Courtesy of Torrent Freak

Rockstar Games’ parent company Take-Two Interactive has won a default judgment against the developer of the GTA V cheat “Elusive”. The Florida-based man is ordered to pay the game company $150,000, which is the maximum amount of copyright infringement damages. According to the court, the cheat caused irreparable harm.

Over the past two years, there’s been a wave of copyright infringement lawsuits against alleged cheaters or cheat makers.

Take-Two Interactive Software, the company behind ‘Grand Theft Auto V’ (GTA V), is one of the major players involved. The company has filed several lawsuits in the US and abroad, targeting alleged cheaters.

Last August the company filed a case against Florida resident Jhonny Perez, accusing him of copyright infringement by creating and distributing a cheating tool. The software, known as “Elusive,” could be used to cheat and grief, interfering with the gameplay of others.

The “Elusive” cheat was previously sold online at prices ranging from $10 to $30, depending on the package. Before filing the lawsuit, Take-Two attempted to find out exactly how much money was made in the process, but Perez failed to hand over detailed financial records.

Initially, the game company was open to negotiating a settlement but, due to the lack of response, it saw no other option than to take the cheat maker to court. Perez, however, did not respond to the complaint which prompted Take-Two to file for a default judgment.

According to the company, it’s clear that the cheat maker is guilty of both direct and contributory copyright infringement. As such, it asked the New York federal court for the maximum statutory damages amount of $150,000, plus $69,686 in attorney’s fees.

Take-Two argued that these damages are warranted because the cheating activity resulted in severe losses. According to an estimate provided by the company, the harm is at least $500,000. In addition, the maximum in damages should also act as a deterrent against other cheat developers.

This week the court ordered on the motion for default judgment, siding with the game company.

“Take-Two has been irreparably harmed by Mr. Perez’s infringing conduct and will continue to be harmed unless enjoined,” US District Court Judge Kevin Castel writes in his order.

“Mr. Perez’s Elusive program creates new features and elements in Grand Theft Auto which can be used to harm legitimate players, causing Take-Two to lose control over its carefully balanced plan for how its video game is designed to be played,” he writes.

In addition, the Judge notes that the cheat discouraged users from future purchases and gameplay and that the unlimited currency cheat undermined Take-Two’s pricing and sales of legitimate virtual currency.

The Court, therefore, finds the cheat maker guilty of both willful direct and willful contributory copyright infringement, as well as breaching Take-Two’s user agreement.

Judge Castel ordered Perez to may the maximum statutory damages of $150,000 and an additional $66,868 in attorney’s fees. To our knowledge, this is the highest damages amount that has ever been awarded in a game cheating case.

In addition to the monetary damages, the Court also issued a permanent injunction prohibiting the cheat maker from continuing infringing activities moving forward.

Elusive hasn’t been available for sale since last year. It was taken offline after Perez was contacted by Take-Two.

“After discussions with Take-Two Interactive, we are immediately ceasing all maintenance, development, and distribution of our cheat menu services,” a public announcement read at the time.

At the time, the cheat maker informed its users that it would donate the proceeds to a charity which Take-Two could pick. However, the default judgment makes it clear that this money should go directly to the game company instead.

…

A copy of the order granting Take-Two’s default judgment against Mr. Perez is available here (pdf).

Windows 10 Update Continues Having Issues After DNS Fixes

Posted by Dave Cahill on Feb 5, 2019 in Windows | 0 comments

Windows 10 Update Continues Having Issues After DNS Fixes

Written by Lawrence Abrams / Courtesy of Bleeping Computer

Windows 10 users continue to have problems performing Windows Update even after Microsoft reportedly has fixed the problem that users were having last week.

Last week we reported that users were complaining that they when they tried to perform a Windows Update, they were greeted with the message “We couldn’t connect to the update service. We’ll try again later, or you can check now. If it still doesn’t work, make sure you’re connected to the Internet.”

It was discovered that you could bypass this error and get Windows Update working again by changing your DNS servers to another service like Google’s 8.8.8.8 or Cloudflare’s 1.1.1.1.

Since changing the DNS servers was able to get Windows Update working again implied that this could be an issue with the ISP’s DNS services. Strangely, though, this issue affected ISPs throughout the world including BT in the UK, Comcast in the United States, and other ISPs in Japan, and elsewhere.

As it affected so many different Internet service providers throughout the world, it is possible that Microsoft pushed out a bad DNS record that got cached in various ISPs DNS servers for too long. Unfortunately, these are all guesses at this point.

Soon after, a source familiar with the matter told BleepingComputer that the issue was on Microsoft’s end and had since been resolved.

Unfortunately, this is not the case, and users are still reporting on Reddit, in our article, and elsewhere that they are unable to connect to Windows Update and continue to receive the error as shown above.

Microsoft has also updated their Windows 10 and Windows Server 2019 update history to include some very basic information about this issue.

“We are aware of a service side issue where some customers are still unable to connect or download updates from the Windows Update service,” stated Microsoft’s support article. “We are actively investigating this issue. Thank you for your patience.”

The recommended fix is to still change your computer’s DNS servers to either 8.8.8.8 or 1.1.1.1 as described in our original article. Strangely for some even after changing their DNS to a different server they are still unable to perform an update on their normal ethernet adapter, but could via WiFi. Others have reported that switching the DNS doesn’t help them at all.

Unfortunately, Microsoft is not offering any other information at this point and when I reached out to them, was just referred to their support article. I have requested more information, and if I receive any, will be sure to update this article.

Read the original article over at BleepingComputer.com.

New Scam Holds YouTube Channels for Ransom

Posted by Dave Cahill on Feb 2, 2019 in Google, Internet | 0 comments

New Scam Holds YouTube Channels for Ransom

Written by Lawrence Abrams / Courtesy of Bleeping Computer

Scammers are abusing the YouTube policy violation system by filing fake copyright infringements against content creators until their channel is close to being suspended. These scammers then hold the channel ransom by telling YouTubers to send them a payment or they will file another copyright infringement to have the channel suspended.

YouTube has a policy infringement system where users can report a video that they feel breaks policies such as sexual content or nudity, hateful content, violent or graphic content, or copyright infringement.  When a video receives a policy violation report, it will be reviewed if it’s deemed to be a violation, YouTube will issue a strike against the video owner’s account and remove the video.

If a YouTube account receives three strikes in a period of three months, their account will be terminated. Unfortunately, with these violations it is common for YouTube to treat the channel owners as guilty until proved innocent. 

Scammers know this and are now utilizing this system in order to extort money from content creators on YouTube, which is what a content creator named Logan, or ObbyRaidz, recently discovered.

In a video, Logan has stated that his YouTube channel had been striked twice for fake copyright infringement violations and that a scammer is trying to extort him by saying that they will issue a third strike if Logan does not send them money via PayPal or Bitcoin. The scammer goes on to say that if Logan makes the payment, they will contact YouTube and remove the previous strikes they had placed on the channel.

The message that Logan received was from someone named VengefulFlame who stated that Logan needs to send them $150 via PayPal or $75 in bitcoin or the scammer will issue a third strike.

After repeatedly trying to get YouTube to respond and help him and unsuccessful appeals to remove the strikes, Logan went to Twitter where he asked other YouTubers and his followers to try and spread the word. It turns out, that this scammer was monitoring him on Twitter as well because Logan received another message from VengefulFlame stating that they saw Logan’s tweet and that the deal with off.

VengefulFlame further stated that they would now try and get his Twitter account suspended as well.

It turns out, that Logan was not the only person VengefulFlame was extorting. Another YouTuber named Kenzo was also striked by the same person as shown below.

When Kenzo received his extortion message, though, his ransom payments were at a higher amounts of $200 in bitcoin or $300 in Paypal. This increase in price could be because Kenzo has substantially more subscribers than Logan.

VengefulFlame found on Twitter

Some of Kenzo’s followers have stated that a Twitter account named VengefulFlame, who also uses the same avatar as the one who contacted Logan and Kenzo, is behind these extortion attempts.

Proof that this is their twitter @TwitterSupport can anything be done? pic.twitter.com/NVoE269kd5

— Connor – iMakeMcVids (@iMakeMcVidz) January 30, 2019

BleepingComputer had contacted this account via Twitter and when questioned about his familiarity with Kenzo he told us he was only familiar with Logan, or ObbyRaidz. 

“We are only familiar with the YouTuber ObbyRaidz. By familiar, we mean we have HAD contact with him in the past at length.”

When we attempted to further question them regarding the messages they sent to Logan and these extortion attempts, they refused to respond further.

YouTube removes strikes

In the end, YouTube removed the strikes for these fake violations from both Logan’s and Kenzo’s account and terminated the account of the user who submitted them.  

Appreciate you bringing this to our attention – both strikes are resolved and the videos reinstated. Upon review, these takedown notices were abusive, we have zero tolerance for the submission of fraudulent legal requests, so we also terminated the channels that submitted these.

— Team YouTube (@TeamYouTube) January 30, 2019

Ultimately, this shows that YouTube’s violation system is broken. It is far to easy to file a violation and Google typically takes the side of the reporter rather than the content creator, which is why this system is ripe for abuse.

When we contacted YouTube regarding how content creators can receive help in situations like this and what they plan on doing to prevent this type of abuse, we were provided this statement:

“We have zero tolerance for fraudulent actors who try to abuse copyright systems. We responded to reports of these issues and resolved fraudulent strikes well before media ever reached out to us. You can refer to our tweets here and here for a statement on this matter. Creators can always reach out to us on Twitter through @teamyoutube for support. “

Read the original article over at BleepingComputer.com.

Google takes aim at imposter websites with new Chrome warning

Posted by Dave Cahill on Feb 1, 2019 in Google, Security News | 0 comments

Google takes aim at imposter websites with new Chrome warning

Because most people don’t notice when they’re at the wrong website.

Written by Laura Hautala / Courtesy of Cnet

It’s hard to be sure where you are on the internet these days. Carefully checking the URL is one approach to avoiding danger. Trouble is, many fraudulent websites use tricks to make their URLs look like the real deal.

Now, Google wants to call them out.

To do that, the company is developing a new warning in its Chrome browser that appears when you’re visiting a site that’s mimicking a well-known web page. The warning could ask you, for example, if you actually meant to go to “paypal.com” when you were headed to a lookalike scam site called “paypa1.com” instead.

The warning is intended to take the pressure off you to notice when something’s wrong with the URL. That’s important because most people don’t notice when they’re headed off to a scam site, Google Chrome engineer Emily Stark said in a talk on Tuesday at the Enigma Conference, a security and privacy event.

“What people are seeing in the URL bar really just isn’t helpful to them as a security mechanism,” Stark said.

The warning could help make it harder to carry out on one of the most pervasive and effective hacking attacks out there — phishing. If users heed Chrome warnings, it could save them from entering usernames, passwords or credit card information into websites controlled by criminals. It could also keep them from downloading malicious software at scam websites that could do things like encrypt their data and demand a ransom.

Scammy websites use a number of tricks to look legitimate in that URL field at the top of your web browser. They might use a slight misspelling, or swap out the number one for a lowercase letter L to look like a legitimate website. The latter is called a homograph attack, and it’s powerful because it usually involves characters that the untrained eye will miss. 

The new warning, which is still being tested, alerts users to the fact that they aren’t heading to a popular website or a website they’ve engaged with in the past. If the user wants to keep going in that direction, they can click “ignore.” Stark said her team wanted to throw up a flag for users without overselling the danger.

“We designed this warning to be informational rather than scary,” she said.

The talk follows comments Chrome security experts made in September about security problems involving URLs. At the time, Google said its engineers were researching how to make changes to the way Chrome handles URLs in order to improve safety. 

On Tuesday, Stark said changes Google and other software developers propose should be “incremental.” Still, no idea is too crazy to at least consider, she said.

“Website identity is so, so broken that all ideas should be on the table,” Stark said.

Read the original article over at Cnet.com.

How to Access Windows 10 Boot Options Menu (6 Ways)

Posted by Dave Cahill on Jan 31, 2019 in Tips & Tricks, Windows | 0 comments

How to Access Windows 10 Boot Options Menu (6 Ways)

Written by Karrar Haider / Courtesy of Hongkiat

Windows 10 offers a lot of interesting features, and the advanced boot options to troubleshoot many of the Windows 10 problems, is one of them. You can reset your PC, restore it to a previous state, boot to a different operating system, use “Startup Repair” to fix startup issues and boot Windows 10 in safe mode to troubleshoot problems.

There are many ways to access Windows 10 boot options with each having its own use case, and in this post, we will show you 5 different ways to access Windows 10 advanced boot options. Let’s take a look at these options.

If you can access Desktop

If Windows is working fine and you can access the desktop, then you can use the below-mentioned methods to access Windows 10 boot options.

I – Hold the Shift key and restart

This is the easiest way to access Windows 10 boot options.

1. All you need to do is hold down the Shift key on your keyboard and restart the PC.
2. Open up the Start menu and click on “Power” button to open power options.
3. Now press and hold the Shift key and click on “Restart”.
4. Windows will automatically start in advanced boot options after a short delay.

This trick can work from anywhere, whether you click on “Restart” from the start menu, “Shutdown” dialog or the start screen. You just need to make sure you hold the Shift key while doing so. Do keep in mind that this method doesn’t work with the virtual keyboard. If your physical keyboard isn’t working, then this method will not work either.

II – Access Windows 10 boot options from Windows settings

If you can’t use the Shift + Restart option, then don’t worry. You can also boot Windows 10 in advanced startup options from its settings.

1. Launch Windows 10 “Settings” from the Start menu and click on “Update & Security” at the bottom of the window.
2. Here move to the “Recovery” option and click on “Restart now” under “Advanced startup” option. Your PC will now restart into advanced boot options.

III – Use Command Prompt to access Windows 10 boot options

If you are interested, you can also use a quick Command Prompt command to access the advanced boot options.

1. Right-click on the Windows 10 Start menu and select “Command Prompt (Admin)” from the menu.
2. In the Command Prompt window, type shutdown.exe /r /o and hit “Enter”.
   

You will see a prompt saying you are being signed out, just close it and Windows 10 will reboot to boot options. However, unlike the above methods where Windows restarts immediately, there will be a tiny delay before the Windows restart.

And if can’t access Desktop

If you are unable to reach the desktop and the Windows keep crashing or restarting, then follow the below methods to access Windows 10 boot options and fix the problem.

I – Force Windows to start in advanced boot options

By default, Windows is set to restart in advanced boot options, if it fails to start up. If any startup error is causing your Windows to crash, then it may automatically launch the boot options for you. However, it is not compulsory and Windows may get stuck in a boot cycle.

In such situation, you can force Windows to crash and open boot options. To do so,

1. Start the Windows and as soon as you see Windows logo; press and hold the power button to force shutdown it.
2. You can also pull out the power supply (or battery) to force shutdown it.
3. Repeat this 2-4 times and Windows will open up boot options for you.

For me, 2 times was enough to open up the boot options, your mileage may vary.

II – Use Windows 10 recovery drive

A Windows recovery drive can troubleshoot many Windows problems in case Windows is not starting. If a force shutdown didn’t help open up boot options, then this will definitely work for you.

If you haven’t created a recovery driver for your PC already, then you can easily create one right now. All you need is a USB drive and a PC running Windows 10.

1. Use any Windows 10 PC, whether your own or friend’s; there is no licensing issue.
2. Follow the instructions provided by Microsoft to create a recovery drive.
3. Now attach the recovery drive to your faulty PC and restart it from this drive.
4. You will be asked to choose a keyboard layout. Choose the appropriate one (U.S in most cases) and the boot options will open up.

III – Use Windows 10 installation drive/disc

You can also use a Windows 10 Installation drive/ disc to access boot options. If you installed Windows 10 using a USB drive or disc,

1. You can boot from that USB/disc and click on the “Repair” option to access Windows 10 boot options.
2. This is also a good option if you don’t have access to another Windows 10 PC to create a recovery drive.
3. You can download Windows installer using any other PC and use it to create an installation drive.

Exit Windows 10 boot options

The aforementioned options should be enough to access Windows 10 boot options and let you troubleshoot whatever the problem is. When you are done, click on the “Continue” button to exit boot options and launch Windows 10.

If you have multiple operating systems, then the default operating system will launch. In that case, select “Launch Another Operating System” option and then select Windows 10 to launch it.

To summerize

Holding Shift key and restarting the PC is definitely the easiest option to access Windows 10 boot options. However, if Windows is acting up and you are unable to boot properly, then a recovery or installation drive will help. If you know any other ways to access Windows 10 advanced boot options, let us know in the comments.

Read the original article over at Hongkiat.com.

Disable FaceTime Now! Bug Lets Callers Snoop On You Without Permission

Posted by Dave Cahill on Jan 29, 2019 in Mac / Apple, Privacy | 0 comments

Disable FaceTime Now! Bug Lets Callers Snoop On You Without Permission

Written by Lawrence Abrams / Courtesy of Bleeping Computer

A serious Apple iOS bug has been discovered that allows FaceTime users to access the microphone and front facing camera of who they are calling even if the person does not answer the call.

To use this bug, a caller would FaceTime another person who has an iOS device and before the recipient answers, add themselves as an additional contact to Group FaceTime. This will cause the microphone of the person you are calling to turn on and allow the caller to listen to what is happening in the room. Even worse, if the person that is being called presses the power button to mute the FaceTime call, the front facing camera would turn on as well.

What this means, is if someone is calling you on FaceTime, they could be listening and seeing what you are doing without you even knowing.

BleepingComputer has tested and confirmed that this bug works in iOS 12.1.2 and we were able to hear and see the person. When testing it against an Apple Watch, though, we were not able to get the audio portion of the bug to work.

While it is not known who first discovered this bug, numerous people have been posting about it on social media and making video demonstrations as shown below.

Now you can answer for yourself on FaceTime even if they don’t answer?#Apple explain this.. pic.twitter.com/gr8llRKZxJ

— Benji Mobb™ (@BmManski) January 28, 2019

When 9to5Mac first reported on the bug, they were only able to get the microphone snooping working. Later, BuzzFeed reported that they could also access the front facing camera and that Apple stated that they are “aware of this issue and we have identified a fix that will be released in a software update later this week.”

Natalie Silvanovich, a Google Project Zero security researcher who has discovered numerous FaceTime issues in the past, has a theory as to how this could be happening.

Theory: FaceTime stores call participants in a list that doesn't allow duplicates, and uses the indexes for signalling. When the caller is added a second time, the entry at index 1 is set to answered, with the expectation that it is the caller …https://t.co/7OsIYABLsb

— Natalie Silvanovich (@natashenka) January 29, 2019

For those who are rightfully concerned about this bug, my suggestion is that you disable FaceTime immediately until Apple releases a patch. Otherwise, people can not only listen in on what you are doing, but in some cases also see what you are doing. This could allow people to take compromising videos and audio without your knowledge.

To disable FaceTime you can follow these steps:

1. Go into Settings
2. Tap FaceTime
3. Now toggle the FaceTime switch so that it is disabled and your screens looks like the following.

Now that FaceTime is disabled, callers will be unable to utilize this bug to listen and watch you without your permission through FaceTime.

Read the original article over at BleepingComputer.com.