Tag: Technology Tips

Netflix To Release More Parental Controls To Help Parents

If you have a Netflix account and children living at home, there’s a reason to cheer about the company’s most recent announcement.  They’re rolling out some robust new parental control features that will allow you to exert much more control over what your children are watching.

You can now set content-specific PINs to lock movies or TV shows. So for example, if you don’t want your children watching “Zombeavers” (yes, that’s a real movie, by the way), you could lock that content with a PIN.  This is in addition to the existing controls Netflix offers that allow parents to set broad PIN-based protections that block content at specified maturity levels.

Additionally, the company has stated that it will start displaying these maturity level designations at the start of each program to give parents greater awareness of what their children are watching.  The changes are slated to be rolled out over the next few months.

It’s probably not a coincidence that the rollout of these changes is slated to coincide with Disney’s planned launch of their own kid-friendly streaming service.

It’s worth noting that Netflix and Disney reached a streaming agreement back in 2012, which didn’t go into effect until 2016.  Disney has stated their intention to end the deal beginning with films released in 2019.  For their part, Netflix will retain the right to show older Disney films until the end of 2019.

Netflix has been the King of the video streaming hill for a long time, but the company is coming under increasing pressure from a growing number of competitors.  The company is fully aware that Disney already has the hearts and minds of millions of children around the world. They realize that unless they do something to bolster their parental controls feature set, they stand to lose ground to this latest entrant in the field of streaming video.

Amazon Removing Music Storage Service At End Of April

If you use Amazon’s Cloud MP3 Locker to store your music online, now is the time to start looking for a new home for it.  Last year, the company announced that they were ending the service, but didn’t provide a firm date.  April 30, 2018 will be the last day you’ll be able to access your music if you don’t take action.

Back in December, the company stopped allowing users to upload new tracks to their music storage system, which users were formerly allowed to store up to 250 songs for free.

In the company’s most recent announcement about the coming changes, they made two important clarifications.  First, there is a back-end way you can keep access to your existing music files, but it requires action on your part.  You’ll need to log in, go to your Music Settings and click the “Keep My Songs” button.  Failing to take this step will result in your music being deleted.

Second, the company stresses that these changes do not apply to music purchased through Amazon Prime, or Amazon’s digital music streaming service.  Those files will still be available, with no action needed on your part.

While it’s a sad development, it’s not surprising in the least.  Increasingly, companies that provide cloud-based storage are streamlining or scaling their services back.  Amazon isn’t the first, and they certainly won’t be the last.  Last year, both DropBox and Microsoft Onedrive (two prominent players in the cloud storage ecosystem) announced scalebacks to the amount of storage offered in their free accounts.

While it’s true that storage has become increasingly low cost, it’s also true that the growth in popularity of cloud storage has exploded. Companies offering the service have had to scale back, lest they become completely overwhelmed.

In any case, there’s still time to move or preserve your files, but you’ll want to take action sooner rather than later.

New And Potentially More Dangerous Intel Vulnerability Discovered

The “Spectre” vulnerability that impacts literally every Intel chip made over the last decade keeps finding new ways to make the news.  In this instance, researchers at Ohio State University have discovered a new variant of the vulnerability that they have dubbed “SGX Spectre.”  To understand how it’s different, a bit of explanation is in order.

SGX stands for “Software Guard eXtensions,” and is a feature only found in the latest Intel processors.  It allows applications to create “data enclaves,” which are hardware-isolated portions of a CPU’s processing memory.  The purpose of such enclaves is to give applications a secure space to run operations that deal with especially sensitive data, like passwords and encryption keys.

The original Spectre and Meltdown vulnerabilities were unable to extract any data from SGX enclaves, but SGX Spectre can. Even worse, the recent Spectre patches will do nothing to prevent it.

Intel has announced that on March 16, it will release an update for its SGX SDK that adds SGX Spectre mitigations.  App developers will need to integrate the update into their SGX-capable apps and issues an update to all users.

The research team had this to say about the recent discovery:

“SgxPectre Attacks can completely compromise the confidentiality of SGX enclaves.  Because vulnerable code patterns exist…and are difficult to be eliminated, the adversary could perform SgxPectre Attacks against any enclave programs.

Because there are vulnerable code patterns inside the SDK runtime libraries, any code developed with Intel’s official SGX SDK will be impacted by the attacks.  It doesn’t matter how the enclave program is implemented.”

In addition to the discovery of SGX Spectre, the research team discovered new variations of the original security flaws, which they have dubbed MeltdownPrime and SpectrePrime, respectively.  Needless to say, more patches will be forthcoming.

Alexa Now Makes It Easy To Donate To Charity

Amazon has made a small but significant change to its Alexa service, which now makes it possible to donate to charity by issuing voice commands.

So far, there are 48 charities connected to the system, with more in the pipeline.  There are two ways you can make use of the new feature.  The first is to simply say, “Alexa, make a donation.”

Doing this will prompt Alexa to ask you which charity you want to donate to, and the dollar amount to be donated.

The second method is to say something like, “Alexa, donate $20 to the American Red Cross,” or one of the others currently tied into the donation system.  Alexa will use whatever payment information you have tied into your Amazon account (including Amazon Pay, if you use it).

This isn’t the first time Amazon has taken steps to make donations to charity easier.  Not long ago, the company collaborated with an organization called “Give Back Box,” which allows users to reuse Amazon boxes to ship donations to various charity groups.

The company’s motivations for making these changes are unclear, but it could be a bid to help their new Amazon Pay system gain more momentum.  Regardless of the reasoning, these are exciting changes indeed. Given Amazon’s global reach, it’s all but certain to be a boon to the charities tied into the program.  Even better, these changes may well prompt other tech giants to make similar moves.

If you own a business of any size and are in the habit of making donations as part of your firm’s goodwill and outreach, Amazon just made it easier to do that.  If not, then at the very least, when you opt to make a personal donation you now have a convenient way to do so.

Windows Media Player May Be Replaced By Microsoft App

A Reddit user named “Noam_ha” recently posted a screenshot displaying a popup message when users open the venerable Windows Media Player (WMP), asking users if they would instead like to open the video file with the company’s more modern Movies and TV app.

The popup message touts the Movie and TV app’s advantages, which includes better battery life if running on a phone or laptop, better compatibility with more modern video formats, a mini-view, and support for 360-degree video on Augmented Reality devices.

There are several interesting things to note here:

First, while the new popup message clearly signals Microsoft’s preferences, the reality is that in many ways, the Movie and TV app is a poor substitute for WMP.  It only has modest functionality and has a downright awful interface. Even worse, many features found in WMP (like streaming video from online repositories, queuing, and variable play speeds), are simply not present in the new app.

Second, this appears to be a recent shift inside the company, because WMP comes pre-installed on Windows 10.

On the other hand, WMP hasn’t received a significant update since the Movie and TV app was first released with the launch of Windows 7.  In that respect, at least, the writing has been on the wall for some time now.

This marks the second beloved app that Microsoft has decided to kill in recent months.  Recall that just last year, the company announced the end of Microsoft Paint, a kludgy, barely functional graphics program that was nonetheless, strangely beloved by users.  It was retired and replaced with “Paint 3D,” and now, all indications are that Windows Media Player is headed for a similar fate.

That wouldn’t necessarily be a bad thing, but given the condition of  the new Movies and TV app, the decision probably isn’t going to win Microsoft any friends.

Biometric Authentication Seeing Wide Adoption In Businesses

According to a new report published by Spiceworks, nearly 90 percent of businesses will use some type of biometric technology for authentication by the year 2020.  In fact, some 62 percent of companies already use biometrics in some form, with another 24 percent stating their intention to do so within the next two years.

The particulars break down like this:

  • 57 percent of companies using biometric authentication use fingerprint scanners
  • 14 percent use facial recognition
  • Five percent make use of hand geometry recognition
  • Three percent use iris scanners
  • Two percent use voice recognition
  • Two percent use palm-vein recognition

There are only a handful of companies that provide biometric solutions. Of those, Apple dominates the space, providing 34 percent of fingerprint scanning solutions and 14 percent of facial recognition solutions.

The rest of the market breaks out as follows:

  • Lenovo Fingerprint Manager is used by 13 percent of companies that utilize biometrics
  • Samsung fingerprint readers are used by 13 percent
  • Microsoft’s Windows Hello (face login) is used by 13 percent
  • Android’s Face Unlock is used by seven percent

As widespread as biometric adoption has been, only 10 percent of CIOs felt that biometric solutions were secure enough to be the sole means of authentication.  IT security professionals have reached largely the same conclusion, with just 23 percent of them thinking that biometrics could replace traditional text-based passwords within the next two years.

The two biggest hurdles they see are the relative lack of transparency provided by biometric solutions providers about flaws and vulnerabilities discovered in their systems, and the lack of transparency around the biometric data collected by vendors.

Peter Tsai, a senior technology analyst at Spiceworks had this to say about the report: “Many IT professionals aren’t convinced biometrics can serve as a secure and reliable replacement for the standard username and password combo.  Unless technology vendors can address the security issues and privacy concerns associated with biometrics, the technology will likely be used side-by-side in the workplace with traditional passwords or as a secondary authentication factor for the foreseeable future.”

21 Percent Of Internet Traffic Riddled With Bad Bots

How much of your website’s traffic is driven by bots?  The answer may surprise you.  Overall, bots account for nearly half of all web traffic. The “good” bots account for 20.4 percent, and “bad” bots account for 21.8 percent.

Hackers, scammers and fraudsters commonly use bad bots to scrape content, test stolen account credentials, issue spam, conduct digital ad fraud by generating bogus clicks, conduct brute force attacks, and mine data from competitors.

Distil Networks keeps tabs on bad bot activities in their annual “Bad Bot Report”. This year’s analysis reveals that gambling websites and commercial airline companies suffer a disproportionate percentage of bad bot attacks, with 53.1 percent of gambling traffic coming from bad bots, and 43.9 percent of airline traffic coming from bad bots.

83.2 percent of bad bot attacks are initiated via Chrome, FireFox, Internet Explorer, and Safari web browsers.  10.4 percent come from mobile browsers, with Android, Opera, and Safari Mobile being the most commonly used.

82.7 percent of bad bot traffic originates in data centers, which is up from 60.1 percent in 2016, indicating that hackers are coming to increasingly centralize and scale their efforts.

Tiffany Olson Jones, the CEO of Distil Networks had this to say about the recently published report:

“This year, bots took over public conversation as the FBI continues its investigation into Russia’s involvement in the 2016 US presidential election and new legislation made way for stricter regulations.  Yet as awareness grows, bot traffic and sophistication continue to escalate at an alarming rate.  Despite bad bot awareness being at an all-time high, this year’s Bad Bot Report illustrates that no industry is immune to automated threats and constant vigilance is required in order to thwart attacks of this kind.”

While the total number of bad bot attacks continues to increase, the landscape is shifting.  For the first time since the Bad Bot report has been published, Russia topped the list as the most blocked country, with 20.7 percent of companies issuing country-specific IP block requests, while China, which topped last year’s list, fell to sixth place, with 8.3 percent.

This is a problem that’s not going to go away.  Continued vigilance is a must.

Beware Fake Craigslist Email Could Contain Ransomware

If you post ads on Craigslist for short term employment, be aware that there’s a new malspam campaign that aims to distribute Sigma ransomware on the computers of unwary users.

By all outward appearances, the emails seem to come from Craigslist in response to ads posted in Craigslist’s “Gigs” section for short term employment.  The emails will generally express interest in whatever job the user has posted and include a protected Word or RTF document which recipients will assume are resumes.

If the recipient enters the password to unlock the document, they’ll then be presented with a screen that asks them to enable the content in the document.  Unfortunately, this is the step that dooms the user. The file isn’t a resume at all, but merely a delivery vehicle.

As soon as the content is enabled, the ransomware will be installed, the user’s files will be encrypted, and then will “helpfully” post a message explaining that the files have been encrypted, and explaining that to get access to them again, they’ll have to pay a $400 fee, which rises to $800 if the user waits longer than seven days to request the decryption key.

Unfortunately, there’s no known way to decrypt Sigma-encrypted files other than paying the ransom.

This is a new twist on a very old game. Even worse, it’s enjoying a relatively high success rate because people who post ads for short term employment on Craigslist expect to get responses from people they don’t know. They expect that those people will be sending resumes for review.

The “tell” is that when a potential employee sends you a resume, it’s almost certainly not going to be password protected.  In this case, your best bet would be to reply to the sending and ask them to send you a non-protected resume if they’re genuinely interested in the job.

Attacks on Health Organizations Increasing At Alarming Rate

It used to be the case that credit card companies and retail outlets were the primary targets of hackers around the world.  Make no mistake, they still get attacked with regularity, but the hackers have found a new and even more lucrative target:  Health Organizations.

According to a new report jointly produced by the Ponemon Institute and Merlin International, the medical/healthcare industry suffered nearly a quarter (23 percent) of all the data breaches that occurred in 2017.  It gets worse.  Those breaches exposed PHI and PII of more than five million individuals.

The reason for the shift away from credit card data to medical records comes down to profits.  PHI and PII can often be sold on the Dark Web for ten times the amount that credit card information will bring.  The hackers are simply obeying the laws of economics and going where the money is.

Brian Wells, the Director of Healthcare Strategy at Merlin International had this to say about the report:

“In an increasingly connected, digitally centric world, hackers have more opportunities and incentive than ever to target healthcare data, and the problem will only increase in scope over time.

Healthcare organizations must get even more serious about cyber security to protect themselves and their patients from losing access or control of the proprietary and personal information and systems the industry depends on to provide essential care.”

Worst of all, a shocking percentage of medical/healthcare companies don’t seem to be serious about cyber security at all.  Although the average cost of a medical data breach is approximately four million dollars, a staggering 49 percent of companies in the industry don’t have an incident response plan of any kind.  There’s no process in place to properly respond to an attack, or to mitigate the fallout if a breach occurs.  These companies are sitting ducks.

New Chips Support Increased Network Speeds To 400Gbps

Marvell Semiconductor has a new product out, and it’s a game changer.  Their new “Alaska” chip (the Alaska C 88×7120) is the first on the market to support the new 802.3 standard.  The 802.3cd is on tap to eventually replace current Ethernet ports running at 25Gbps to 100Gbps with ports that will run at 50Gbps, 200 Gbps, and 400 Gbps.

The future is now.

Granted, the Alaska chips aren’t for sale just yet, but they are sampling to customers (“Sampling” in the chip world is akin to beta testing in software).  The chip supports sixteen 50 Gbps ports, four 200 Gbps ports, and two 400 Gbps ports, which will quadruple network output.  Even better, the new chips support both copper and fiber-optic wiring, as well as SerDes (long-reach serialization/deserialization) on system and line side interfaces, allowing OEMs to use the chips for wide-area interfaces.

Also of interest, the new chips use PAM4 (pulse-amplitude modulation), which is a four-level signaling scheme that’s designed to replace NRZ (non-return to zero) binary modulation, and even better, the new PAM4 protocol will be backwards compatible with NRZ hardware.

The port density on the new chip has been optimized to enable both Quad Small Form Factor Pluggable – Double Density and Octal Small Form Factor Pluggable port types for 500 GbE, 200 GbE, and 400 GbE deployments.

If all of those technical details make your head spin, not to worry.  The short of it is that once these chips go mainstream, network output is going to increase dramatically, which means that network speeds are about to get even faster.

Unless you run or manage a huge data center, you’ll probably never have direct contact with these chips. However, as big data centers begin deploying them, you’ll absolutely see the benefits.