Tag: Technology News

MyFitnessPal User Information Data Breach Affects 150 Million

Another week, another high-profile data breach.  This time, it’s Under Armour in the hot seat.  Under Armour acquired the MyFitnessPal app back in February 2015, and the company recently announced that their new acquisition was hacked in late February 2018.

So far, the company is taking all steps we’ve come to see as usual in these circumstances.  They’ve notified their user base about the scope and scale of the attack, which impacted a hefty 150 million users.  In conjunction with the announcement of the event itself, they assured their users that the theft of data was limited to user names, email addresses and encrypted passwords.

Although the stolen passwords are encrypted with bcrypt (which is a highly secure solution), the company is still recommending that all of the app’s users change their passwords immediately, just to be safe.  Under Armour also assures its MyFitnessPal users that no credit card information was exposed.

In a departure from the routine we’ve come to expect in situations like these, the company is also warning users to be aware that since their emails were stolen, they may be subject to phishing scams in an attempt to get more of their personal information.

That announcement, in part, reads as follows:

“Please note that the email from MyFitnessPal about this issue does not ask you to click on any links or contain attachments and does not request your personal data.  If the email you received about this issue prompts you to click on a link, suggests you download an attachment, or asks you for information, the email was not sent by MyFitnessPal and may be an attempt to steal your personal data.  Avoid clicking on links or downloading attachments from such suspicious emails.”

While Under Armour’s handling of the incident has been solid so far, one has to wonder how many more of these incidents we’ll see before companies start taking data security more seriously.

Huge Spike in Malware With Mining Capabilities

There’s a new type of hacking attack to be concerned with, and it’s growing by leaps and bounds.  Called “Crypto-Jacking,” it’s a process by which malicious code is placed on websites. When the sites are visited, the code secretly siphons off a portion of the affected user’s PC, laptop, or smartphone’s processing power and uses it to mine for various cryptocurrencies  so that the hackers can profit from it.

Kevin Haley, the Director of Symantec’s Security Response Team, had this to say about the issue:

“Cryptojacking just came out of nowhere.  I think what we’re going to learn in the year to come is when people see the opportunity to take money, they’re going to come up with some really wild ways to do that.”

Based on the statistics the company has been collecting, cryptojacking increased a whopping 8500 percent in the fourth quarter of 2017 alone. As the prices of various cryptocurrencies continue to rise, we can expect to see even more of this because it provides the hackers with a hands-free method of gaining tremendous profits with almost no risk or exposure.

Mike Fey, the President and COO of Symantec adds, “Cryptojacking is a rising threat to cyber and personal security.  The massive profit incentive puts people, devices and organizations at risk of unauthorized coin miners siphoning resources from their systems, further motivating criminals to infiltrate everything from home PCs to giant data centers.”

Perhaps the most insidious aspect of this new attack vector is how easy it is to pull off.  Even a low-skill hacker with a very limited toolset can manage to insert the handful of lines of code needed to begin siphoning resources.

Unlike most other forms of attack, however, no company data is directly at risk.  What you can expect to see though, are serious performance hit as more of your equipment becomes infected.  It’s not a happy situation given the importance of speed in today’s fast-paced business environment.

Having Chrome Issues Since The Latest Windows 10 Update?

Microsoft has been having some “issues” of late.  It’s April Windows 10 rollout had to be delayed on account of some mysterious BSOD (“Blue Screen of Death”) issues. This month’s rollout is plagued by similar problems, trading the BSOD issues for problems with both “Hey Cortana” and Google’s Chrome browser.

The problem is that when you try to navigate the web using Chrome with the latest Windows 10 update, the entire system will inexplicably hang.  The company is hoping to have a fix ready for release in time for the next “Patch Tuesday” on May 8, but in the meantime, offered the following suggestions to users who are impacted by this issue:

  • If you’re on a laptop, sometimes (but not always) opening and closing the lid will revive the system.
  • Failing that, or if you’re not on a laptop, try using the keyboard combination: Win + Ctrl + Shift + B. This activates the “wake screen” sequence.
  • If you’re on a tablet, press the volume up and volume down buttons at the same time, three times within two seconds. If you hear a short beep, then you know Windows is responsive, and it will attempt to refresh the screen.

If none of the above works for you, then your only other option is to simply reboot the system, which is beyond annoying.  Fortunately, however, it’s only temporary. The company is currently working on a fix (although whether it’s ready by Patch Tuesday remains to be seen).

While this is by no means the kiss of death, it is troubling that the last two updates have had major issues.  Unless the issue is identified and remedied, the company could be facing larger and more pervasive problems in the months ahead.

Firefox To Start Showing Ads On Tab Page

Before Google released its Chrome browser, Firefox felt pretty good about their arrangement.  They got a handsome reward in exchange for making Google.com their default search engine.  It was a win-win.

These days though, Firefox’s position is a bit more precious.  The Google deal is still the main source of the company’s income, but they’re also in direct competition with Chrome.  If Google one day decides to pull the plug on the deal, the company could find itself in dire straits indeed.

That’s why they’ve been casting about for some means of expanding and diversifying their revenue, and the strategy they’ve hit on is advertising.

Don’t worry, you’re not about to be buried under a mountain of annoying ads, but with the release of Firefox 60, any time you open a new tab, you’ll see a listing of recommended links based on your browsing history.

Anytime the conversation turns to “recommended links” it naturally brings privacy concerns to the fore.  After all, the only way Firefox can make sensible recommendations you’re likely to be interested in is to track your browsing habits.

Here though, the company has an innovative approach, because all the tracking happens on the client side, so Firefox doesn’t actually store anything. Although they will track how many of the “recommended links” you visit, so they can cull the list and remove any of the ones you don’t bother with, so they don’t keep reappearing.

On balance, it’s a good, even-handed approach that should solve the company’s revenue problems, while treading lightly on the good graces of their user base.

Like it or not, ads are an unavoidable consequence of the internet as it exists today.  At the very least though, Firefox deserves credit for not making excessive use of them, and for respecting the privacy of its users by coming up with a non-intrusive method of deciding what links to display.

Lego and Alexa Team Up For Storytelling Through Device

In terms of toys, what could possibly be better than LEGOS?  How about LEGOS, combined with Alexa?  That’s the latest idea from Amazon, who has paired the unlikely duo in a newly announced service called “LEGO Duplo Stories.”  The new service (“skill,” in the parlance of Alexa) will be available on any device that offers Alexa support including Echo Dot and Amazon Echo. It provides a selection of stories with audio prompts that guide children in the construction of something with their LEGO Duplos that ties in with the story being told.

The stories are quite inventive, and change based on the responses of the children listening and interacting.  For example, one story involves going on vacation via plane, and based on what the children say they want to pack, the vacation destination will be either to a warm or a cool place, with various build instructions being introduced along the way.

According to the company, the goal is to use these interactive stories as a means of developing color recognition, social, and cognitive skills.

It’s an innovative approach, and an excellent use for a technology that is becoming increasingly common in American homes.  To access the stories, simply say “Alexa, open LEGO Duplo Stories,” then follow the prompts to begin the interactive experience.

Currently, the stories span ten different themes and work in tandem with existing Duplo sets.  It should be noted that you can still interact with the skill even if you don’t own a set of LEGOS, or don’t have all the required pieces (although obviously this will make it even more interactive).

James Poulter, the Head of emerging Platforms and Partnerships at LEGO, had this to say about the new offering: “Voice is such a powerful tool for play as it is one of the most human ways of interacting.  Long before we can type, read or control a device, we listen and speak.”

An exciting development, and it is available right now.

Hulu To Soon Offer Episode Downloading and Offline Streaming

Hulu recently announced that it would join both Netflix and Amazon Prime in allowing its users to download content to watch offline, but in Hulu’s case, it comes with a twist.

If you subscribe to the $7.99 a month tier, in addition to downloading the content you want to watch, you’ll also be downloading the advertising associated with that content.  It’s an important distinction because Hulu is structured quite differently from Netflix and Amazon Prime.

Much of Hulu’s programming is available on regular network television, and often airs the same day it does on the regular networks.  Consequently, ads on Hulu tend to command more of a premium than ads on the other two companies.

Combine that with the fact that Hulu gets most of its revenue from advertising, and you begin to see the appeal and the necessity of such a strategy from Hulu’s perspective.  Netflix and Amazon prime both have a deep bench of their own, unique programming which acts as a draw. However, Hulu is currently dependent on content licensed from others, which is why ad revenue is of utmost importance to them.

It should be noted that if you subscribe to the company’s $11.99/month plan, you can download ad-free content.

Either way, the ability to watch content offline is a big deal. This is especially important to frequent travelers who often find themselves in places with patchy internet service, or no connectivity at all.  In those cases, having access to offline content can be a real godsend that can mean the difference between a tolerable trip and a miserable one.

Kudos to Hulu for joining the ranks of Amazon and Netflix, and although there have been a few grumblings about having to endure ads, it really is a small price to pay for the flexibility and convenience.

Fitbit and Google Partnership May Raise Privacy Concerns

Depending on which side of the privacy debate you’re on, you’re either going to love or hate this announcement:

“Fitbit intends to use Google’s new Cloud Healthcare API to help the company integrate further into the healthcare system, such as by connecting user data with electronic medical records.”

Rarely has a single sentence been so fraught with risk, while simultaneously promising such great opportunity.

On the plus side, the potential for innovation is virtually unlimited, and this new partnership will no doubt be a boon for the still-struggling wearables market. There are also potential increases in health care delivery efficiency, but the privacy concerns surrounding the issue are very real.

One has to only think back to the recent Allscripts fiasco, in which some 1,500 healthcare providers found themselves impacted by a nasty ransomware attack.

Google already collects copious amounts of data on its users, and with Fitbit angling to tap into healthcare records, the amount of private and personally identifiable information collected on users is bound to grow exponentially.

In addition to that, depending on exactly what data Fitbit attempts to link, it could very well make them a “business associate” from a HIPAA perspective. This can expose one or both companies to increased liabilities and vastly stricter standards on how the data can be used, and the steps that must be taken to safeguard it.

Right now, those details are very much in the air, and the issue could go either way. But there are some legal experts who believe that Google and Fitbit will be able to skirt the issue sufficiently so that they will not gain the “business associate” classification.

For Fitbit’s part, the company had this to say: “We have a longstanding commitment to privacy and data, and our data practices will continue to be governed by the Fitbit Privacy Policy.  We are not sharing our user data with Google, we are partnering with Google to host Fitbit user data, similar to other cloud/hosting service providers.  We take our obligation to safeguard users’ personal information very seriously and are committed to protecting the privacy and security of our users, while being transparent about our data practices.”

Comforting words, but they have done little to allay the concerns of privacy advocates, who see any number of negative outcomes associated with the new partnership.  This is a debate that will no doubt be continuing for quite some time to come.

High Speed Wireless Coming To Laptops Next Year

If you’re in the market for a new laptop but can milk a little more life out of the one you’ve got, 2019 will be the year to buy.  The reason?  5G.  AT&T is slated to become the first carrier to offer 5G network connectivity to small segments of its customer base this year (starting in Atlanta, Dallas, and Waco, and then slowly spreading to other areas).

While they’ll be the first, it’s not hard to imagine that their competitors will be hot on their heels, and all the major PC and laptop manufacturers are keenly aware of this.  That’s why Microsoft, Lenovo, HP, Dell, and Intel have all announced that the first 5G-enabled PCs will become available sometime in mid to late 2019, in a bid to take advantage of the awesome new capabilities that 5G promises to make a reality.

While Intel missed the 4G opportunity, the company has every intention of being front and center in the 5G revolution.

In fact, the company had this to say when it made its announcement earlier this week:

“Intel is investing deeply across its wireless portfolio and partners to bring 5G-connected mobile PCs to market, with benefits for users like high quality video on-the-go, high-end gaming, and seamless connections as users traverse WiFi and Cellular networks.”

All true, and a widespread 5G network would truly be a game changer.  The problem though, is that 5G has a bit of an image problem.  It has long been considered the Holy Grail of wireless networking, and Intel and other companies have been hyping its many advantages for years.

The difference of course is that now, companies have the technical capabilities to make it all real, and have firm timetables in place for a rollout, neither of which were true in the past. Even so, 5G now has to swim against a bit of a tide of its own making as it draws closer to becoming reality.

Intel Releases New Patch For Spectre Chip Issue

By now, you’ve probably heard more than you ever wanted to hear about the critical Intel security flaw known as “Spectre.”  The flaw is massive in scope and scale, impacting every chip that Intel has released over the past decade, and if exploited, would allow a hacker to take complete control over the vulnerable system.  Needless to say, once discovered, the company got to work right away on a fix for the issue.

Unfortunately, there were problems.  Whatever form the fix ultimately took, it was going to mean a performance hit to any machine receiving the update.  Early estimates were that performance could be degraded by between 17 and 24 percent.

As it turns out, things were worse than expected.  Intel’s first attempt at patching the issue can only be described as a catastrophic failure, causing updated systems to spontaneously reboot multiple times a day and ruining performance.  The problem got so bad that the company formally recommended not installing the patch and waiting for a better one to be developed.

That better patch is now available, and has been extensively tested to avoid the problems that plagued the release of the first patch.  If you’re running a machine that uses Intel’s sixth, seventh, or eighth generation processor (Kaby Lake, Coffee Lake, or Skylake), or if you’re using a machine running an X-series processor, you should have already received the update via OEM firmware push.  If not, now is the time to grab it.

While it’s true that we’ve seen worse bugs and flaws than Spectre, this is as bad as anything we’ve seen recently. Given how many Intel-based machines there are out there in the wild, the problem posed by Spectre couldn’t get much bigger.  Don’t leave yourself vulnerable.  Get the update today.

Mi-Cam Baby Monitor Video Feeds Vulnerable To Hacking

Do you have a Mi-Cam in your home?  Even if you don’t have kids, you may have one. They’re a highly popular, inexpensive means of keeping tabs on the comings and goings inside your home when you’re not around.

As with so many such devices these days, users have the option of installing either an Android or iOS app on their phones so they can peek in remotely, any time they like, and therein lies the problem.

It’s no secret that the IoT is filled with “smart” devices that don’t live up to their name when it comes to security, and the Mi-Cam is no exception.  Security researchers have discovered that the communications between the company’s cloud servers where the video feeds live and the smartphones of the product’s user based are not secure.

So far, six different vulnerabilities have been identified, all of them critical. Any one of them would allow a hacker to hijack the window into your video feed and use that to scroll through literally every video feed on the company’s cloud, regardless of who owns it.  All told, that’s more than fifty thousand video feeds, accessible from a single point of entry.

It gets worse.  The attack is trivial to perform, because no SSL certificate is needed.  All that’s required is a copy of either the Android or iOS mobile app.

The manufacturer of the Mi-Cam has been notified of these critical security flaws, but as of now, none have been addressed. The company has not released any information about when they might be.  In light of that, if you have one, your best bet is to simply stop using it until the company can at least employ some rudimentary security protocols.