Tag: Technology Tips

Traditional Hard Drive Technology Is Evolving

Rumors of the death of HDD technology have been greatly exaggerated.  The advancement of solid state technology and its increasing rate of adoption has been largely responsible for this, but don’t count old school HDDs out just yet.  They still have many important advantages, and recent breakthroughs should add further to the longevity of the tech.

Right now, the biggest advantage that HDDs have over their solid-state counterparts is sheer size.  While it would be prohibitively expensive to purchase 20+ Terabytes of solid-state storage, getting that amount (or more) of HDD storage is a trivial undertaking, a fact that it’s impossible to discount.

Even more exciting though, consider the recent breakthrough in 3D nano-magnets.  These were invented at the University of Cambridge, and stand to completely change the game. They allow data to be stored and processed in three-dimensional space, which will not only increase HDD storage space exponentially, but should see similar gains in terms of speed of access.

Another exciting recent breakthrough is a new magnetic system that turns heat into motion, which could be used to power miniaturized IoT sensors and actuators.  Such a system could also be applied to HDD technology by using the heat to power lasers, which would write data using the heat from the system itself, leading to an incredible boost in operating efficiency.

Finally, consider the invention coming out of the Imperial College of London.  Researchers there have figured out a way to write magnetic patterns onto nano-wires, which the research team claims could mimic the function of the human brain.  While this technology is still in its infancy, imagine the possibilities of having a computer, or even parts of a computer (like your HDD) powered by something that mimics the function of the human brain, and the dazzling possibilities that open up.

All that to say, while HDD tech might be a little long in the tooth, it’s not dead yet.  Not by a longshot.

40 Percent Of All Login Attempts Are From Bots

Here’s a statistic that is as disturbing as it is frustrating.  According to the latest “State of the Internet/Security” report for the fourth quarter of 2017, as published by Akamai, bot-traffic accounts for a staggering 43 percent of all login attempts.  As bad as that figure is on its face, it’s far worse for companies in the hospitality industry, where the figure is an almost unbelievable 82 percent.

The reason?  Hackers are increasingly using bots to perform “credential stuffing” attacks.

Although human traffic still dominates the web, bot traffic is rapidly catching up.  According to Akamai’s estimates, not counting streaming video, bot traffic accounts for 30 percent of the total, and that figure increases every year.  In fact, even though bot traffic is still a minority in absolute terms, some industries already see more bot traffic than human traffic.

TicketMaster is a great example of this.  The web’s premier site for purchasing concert tickets online is almost unusable by humans these days, because virtually all of their traffic is bot-driven, with bots often being used to buy every available ticket the moment they become available, so they can be resold later at a hefty premium.

Akamai’s Martin McKeay had this to say about the report: “Increased automation and data mining have caused a massive flood of bot traffic to impact websites and internet services.  Although most of that traffic is useful for internet businesses, cyber-criminals are looking to manipulate the powerful volume of bots for nefarious gains. Enterprises need to watch who is accessing their sites to differentiate actual humans from both legitimate and malicious bots.  Not all web traffic and not all bots are created equal.”

These are wise words, and it bears some consideration.  How much of the traffic coming to your business website on any given day is human?

Known Bug On Macs May Be Causing Lost Data

Do you own a Mac?  Do you use APFS “sparse disk images?”  If so, be aware that under certain conditions, your trusty computer may allow you to copy important data into the void where it will be lost forever, without giving you a heads up first.

This unusual error was recently discovered by Mike Bombich, the creator of Carbon Copy Cloner, which is a popular Mac backup application.  According to Mr. Bombich, the bug is only likely to impact a small percentage of users, but if you’re one of the unlucky few who lose important data, that’s going to be small consolation.

Here’s how the bug works, and where it can get you into trouble:

Let’s say you’ve created a 100 GB APFS-formatted sparse image whose data is stored on a remote network share.

Time passes, and you copy 90 GB worth of data to the remote network share, which leaves just 10 GB for use by your sparse image, but therein lies the problem.  The sparse image still thinks it’s got the full amount of space to play with.

At this point, if you copy a 20 GB file, the copy function will appear to succeed.  In the short run, you’ll still be able to access and open the file until you reboot your machine.  After restarting, 10 GB of the 20 GB file copy vanishes, and the file becomes corrupt and unusable.

Details of the bug have been forwarded to Apple, and the company is in the process of reviewing them.  At this point, no ETA has been given on when a fix might be made available.  Until it is, be very careful when using sparse images, because the system will let you copy your files right into oblivion.

New Apple Update Available for Character Bug Solution

Recently, another “exotic character” bug was found in iOS.  If someone sends this particular character (a special character that’s part of the Indian language pack) to your phone via any messaging app, it will not only crash your phone, but cause a variety of messaging apps to stop functioning.

When the bug was initially reported, Apple treated it as a somewhat low priority item and announced their plan to fix it with the release of iOS 11.3 later this spring.  The company’s loyal user base, however, had other ideas.  Faced with a growing chorus of demands for a more immediate fix, Apple has incorporated it into the 11.2.6 release which is now available.

If you’re set up to automatically receive OS updates, there’s nothing for you to do, and if you haven’t already encountered this issue, you never will.  If, on the other hand, you are in the habit of manually applying OS updates, this is one you won’t want to miss.  While the chances of someone sending this exotic character to you are quite low, there’s nothing to be gained by exposing yourself to needless risk.

Long time users of Apple’s products will recognize a trend here.  This is hardly the first time an exotic character or other unusual event has caused iOS to crash.  Just last month, there was a similar (though less serious) issue with another special character.  Last year, it was discovered that a properly formatted URL could crash any system running iOS.  Not long after that discovery was made, a five second video went viral that, if watched on a device running iOS, would crash it.

In any case, the user base spoke and Apple listened.  Grab the latest update and you won’t have anything to worry about.  At least until the next unusual crash bug is discovered.

Sim Cards Can Now Be Built Into Processors

SIM cards have long been a source of frustration for equipment manufacturers.  With the relentless drive to produce smaller and smaller devices, the SIM card is a hurdle to be overcome.  It’s relatively large, and when you account for the necessary housing, it becomes quite the design challenge.

That challenge seems to have been met, however.  ARM, a prominent chip design firm, has recently announced the development of the iSIM.  The iSIM is built into the processor, and according to the company, only takes up a fraction of a millimeter squared.  To put that figure into context, today’s SIM cards measure 12.3 x 8.8mm, so ARM’s new design represents significant space savings indeed.

There’s a catch, though.  Although the new design is ready, and is already in the hands of ARM’s business partners for evaluation, there’s no guarantee that cell phone providers will accept the new technology and incorporate them into the next generation of phones.

ARM doesn’t think this will be an issue, although phones weren’t at the forefront of the company’s mind when they developed the iSIM.  Their main goal was to build the integrated SIMs to help power the next generation of tiny IoT devices, but this, ARM contends, is the very reason why phone carriers will welcome the new technology with open arms.  After all, more devices connected to their respective networks means more opportunities to profit.

In any case, time will tell the tale.  ARM is expecting that their business partners will readily embrace the new technology, and we should begin seeing products on the market utilizing the iSIM by the end of this year.  This will be a fascinating innovation to watch. If it succeeds the way ARM hopes,, it will lead to the creation of a whole new generation of even smaller devices.

Android Ransomware Infections Declined in 2017

Android users have a reason to cheer.  According to the latest report by ESET, the number of ransomware attacks targeting Android devices declined in 2017.  The decline represents a bit of an anomaly, given that in 2017, the most common type of malware attack (by a wide margin) was ransomware.  Given that security researchers can’t name a particular reason for the decline, it’s important not to read too much into the data.  Whether there are declining figures or not, ransomware attacks still played a prominent role in last year’s threat landscape across a whole spectrum of devices.  This year is shaping up to be no different.

Where Android-based ransomware attacks were concerned, several old standbys were still seeing frequent use, including both Charger and SimpleLocker. The most prominent new player in 2017 was DoubleLocker, which was first seen in the wild last October.  It is unique in that it was the first Android malware to take advantage of a vulnerability in the Accessibility service to gain admin rights and infect users.

Interestingly, Android-based banking Trojans have been abusing the Accessibility service for literally years.  It’s not immediately clear why hackers didn’t begin using it as an attack vector where ransomware was concerned until the appearance of DoubleLocker.  Now that it’s on the scene, we can expect to see an increasing number of similar attacks.

In any case, given the fact that ransomware is poised to dominate the threat landscape in 2018, all users would do well to stay on their guard.  The slight decline in ransomware attacks against Android users, (while a welcome sight), is probably going to be short-lived.  If there’s one thing you can be sure of, it is that 2018 will be another record-breaking year where hacking attacks are concerned.

5G Cellular Service Is Beginning To Roll Out

AT&T has big plans for their future and yours.  If they’re your carrier of choice, and if you live in the cities of Dallas, Atlanta, or Waco, then you stand to be on the cutting edge of the changes the company has in store. Those locations have been selected to be the first to receive AT&T’s 5G network upgrade.

Often, whenever a new technology is touted, you hear the phrase “this changes everything” associated with it. However, after listening to an AT&T spokesman talk at length about the capabilities of the new 5G network, the phrase is much more than just hot air and wishful thinking.  From the sounds of it, it really does change everything.

Here’s what a company official had to say on the matter:

“We are working with our vendors on an aggressive schedule to help ensure customers can enjoy 5G when we launch the network this year.  We will add more 5G-capable mobile devices and smartphones in early 2019 and beyond.

After significantly contributing to the first phase of 5G standards, conducting multi-city trials, and literally transforming our network for the future, we’re planning to be the first carrier to deliver standards-based mobile 5G–and do it much sooner than most people thought possible.

What this means for our customers in these cities is that they will be the very first to access this next generation of wireless services.  The experience we’ve gained by leading the industry transformation to network virtualization and software control will help our customers to get the most out of 5G.  Ultimately, this means new experiences with augmented reality and virtual reality (AR/VR), future autonomous cars and delivery drones.

In order for these new experiences to become reality, you need mobile 5G powered by SDN and edge computing.  We’re making the cloud smarter, faster, and local.”

By all accounts, there are exciting times ahead.  If you’ve been thinking about switching to AT&T, this might be a good reason to do so.

RottenSys Malware Has Infected 5M Android Devices Since 2016

There’s a new threat on the horizon, according to security researchers from Check Point.  A group of hackers in China are busy building a massive botnet that so far, totals almost five million Android smartphones.  The hackers are quietly taking control of these devices using a strain of malware known as “RottenSys.”

While the malware is flexible and can be adapted to any number of purposes, in its present incarnation, it’s being used to display copious numbers of advertisements. This generates a healthy revenue stream for the hackers, but that could be just the beginning.  The researchers have found evidence that the hackers are gearing up for a campaign that could be much more far-reaching and damaging.  According to Check Point: “This botnet will have extensive capabilities, including silently installing additional apps and UI automation.”

RottenSys is fairly new to the malware ecosystem, first appearing in September 2016. So far, the hackers have spent most of their time simply spreading their creation to more devices.  At current count, the number of infected Android phones stands at 4,964,460, and it grows by the day.

It wasn’t until last month that RottenSys got an update that gave its owners the ability to take direct control of all the devices.  Prior to that, they were happy to simply rake in ad revenue, which is estimated to exceed $350,000 a month.

Currently, the malware hasn’t spread beyond the confines of China, but that could easily change as the hackers seek to add an increasing number of devices to their already massive botnet.

What makes RottenSys notable is the fact that it has managed to spread to so many devices in such a short period of time.  As it turns out, the secret to the hackers’ success has to do with the code it’s built around, which includes both “Small”, (an open source virtualization framework) and “MarsDaemon”, which is a library that keeps apps “undead,” which ensures that the malware’s processes continue to operate even after users close them. This ensures that the ad-injection capacity cannot be disabled.

Only time will tell what the hackers have planned, but it can’t be anything good. They’ll have a formidable botnet to do damage with. Stay tuned.

Remote Desktop Flaw Affects Every Windows Version

Researchers at Preempt Security recently discovered a critical flaw in Microsoft’s Credential Security Support Provider protocol (CredSSP for short) that impacts every version of Windows in existence. It could allow a hacker to remotely exploit Windows Remote Desktop to execute malicious code and steal any data stored on the machine.

The flaw, logged as CVE-2018-0886 would allow a hacker to execute a man in the middle attack, (provided that they had Wi-Fi or physical access to the machine) and steal authentication data via a Remote Procedure Call attack.

Yaron Zinar, a lead researcher at Preempt, had this to say about the flaw:

“An attacker which has stolen a session from a user with sufficient privileges could run different commands with local admin privileges.  This is especially critical in case of domain controllers, where most Remote Procedure Calls (DCE/RPC) are enabled by default.  This could leave enterprises vulnerable to a variety of threats from attackers including lateral movement and infection on critical servers or domain controllers.”

This is a big deal because Windows Desktop is hands-down the most popular means of performing remote logins. In addition, business of all shapes and sizes make regular use of RDP for a variety of purposes, making them vulnerable until the flaw is patched.

Microsoft released a fix for the issue as part of their March 2018 Patch Tuesday, but security professionals close to the issue warned that simply applying the patch is not enough to provide protection.  You’ll also need to instruct your staff to make a few configuration changes (explained in the documentation surrounding the issue), including limiting your use of privileged accounts as much as possible and use non-privileged accounts whenever possible.

The March 2018 patch release was a hefty one, and included patches for a number of products including Core ChakraCore, PowerShell, Microsoft Office, Windows (OS), and both the Edge browser and Internet Explorer.

Another Google Service Is Going Away

If you are a fan of, and regularly use Goo.gl (the URL shortener service), brace for impact.  The company has announced that as of March 30, 2019, the service will be shut down for good.  Long before then, beginning April 18th of this year, only existing users will be able to shorten links via goo.gl.  No new signups will be allowed.

The company had this to say about the recent announcement:

“The URL Shortener has been a great tool that we’ve been proud to have built.  As we look towards the future, we’re excited about the possibilities of Firebase Dynamic Links, particularly when it comes to dynamic platform detection and links that survive the app installation process….FDLs are smart URLs that allow you to send existing and potential users to any location within an iOS, Android or web app.”

Fortunately, we’re not actually losing a service as much as we’re seeing one swapped out for something better and arguably next generation.  It is worth mentioning that Google does not have any plans to auto-migrate goo.gl links to Firebase Dynamic Links.  If you opt to use the new system, you’ll have to export your short links and then import them manually into Firebase.

Given this, it’s expected that at least some percentage of goo.gl users will simply opt to shift to other URL shortening services such as Bit.ly or Ow.ly.

Although Google is not ending support for the service to make life more difficult for hackers and spammers, that’s one of the unintended consequences of the move. Both spammers and malware authors regularly make use of goo.gl.  Sadly, legions of Marketing departments and other legitimate users do too, and many aren’t thrilled that although Google is offering an ostensibly better and more robust alternative, they’re not offering any means of auto-migration to the new platform.