Wednesday, May 04, 2016

Simple exploits use images to attack websites

Source: http://www.engadget.com/2016/05/04/imagemagick-web-exploits/

Would-be hackers don't always have to jump through hoops to bring down a website. Researchers have discovered relatively simple exploits in ImageMagick, a common package for processing pictures on the web, that let attackers run any code they like on a targeted server. If someone uploads a maliciously coded image and ImageMagick handles it, they could theoretically compromise both the site and anyone who visits it. That's particularly dangerous for forums and social networks, where user uploads are par for the course -- a vengeful member could wreck the site for everyone.

Thankfully, there are fixes. The ImageMagick team is closing the security holes within the next few days, and it's possible to thwart at least some attacks by either verifying the integrity of images or using a policy file to disable the susceptible features. The concerns are that these safeguards won't cover everything, or that website owners won't rush to shore up their defenses. It could be a while before you can assume that your favorite social sites are protected.

Via: Ars Technica

Source: ImageTragick, ImageMagick

Read More...

Tuesday, May 03, 2016

Hacker who stole from banks ordered to pay $7 million

Source: http://www.engadget.com/2016/05/02/russian-hacker-gozi-virus/

A hacker whose creation stole bank account details from over a million computers across the globe has been ordered to pay $6.9 million. Nikita Kuzmin from Russia is one of the three architects of the Gozi virus, which infects computers through PDF files. People unwittingly install it on their machines by downloading a PDF file they receive that's relevant to their interests. Authorities first identified Gozi back in 2007, but by the time they did, Kuzmin and his cohorts had already siphoned millions of dollars from people's accounts.

The feds' computer experts identified a server that contains 10,000 bank account details pilfered from 5,200 computers, 160 of which belongs to NASA. Besides stealing money himself, Kuzmin also rented out the Gozi virus to other hackers for $500 a week. He earned $250,000 from that particular venture. However, Kuzmin helped authorities out with other investigations while he was in jail for 37 months back in 2011. While the DOJ didn't release the details of how he contributed, it's clear whatever he did worked: he didn't get additional jail time.

Source: Department of Justice, Bloomberg, Reuters

Read More...

HP's new Pavilion PCs include a 15-inch hybrid laptop

Source: http://www.engadget.com/2016/05/03/hp-2016-pavilion-pcs/

Spring is well underway, and that can only mean one thing for HP: time to unveil a wave of new home PCs. The company has trotted out a host of new Pavilion PCs that pack both obligatory upgrades -- thinner, faster and new colors -- as well as a few welcome improvements. The highlight by far is the Pavilion x360 line of convertible laptops, which gets a larger 15.6-inch model (above) on top of the existing 11.6- and 13.3-inch versions. Yes, HP's most affordable hybrid is now big enough to replace larger portables. You'll also find slimmer designs for the two smaller versions, optional keyboard backlights on the two larger systems and your pick of current Intel chips ranging from a Celeron to a Core i7. When the Pavilion x360 updates arrive from May 15th through May 29th, prices will start at a frugal $380 for the 11.6-inch PC, $480 for a 13.3-inch version and a not-too-shabby $580 for the 15.6-inch model.

There's more to the refresh than that, of course. The more conventional Pavilion line is slimming down at the 14- and 15.6-inch sizes, and the larger systems (including the 17.3-incher) can carry the latest Intel Core i7 or AMD A12 processors, up to 16GB of RAM and storage that can include both a 128GB SSD and a 2TB hard drive. Systems start showing up as soon as May 18th, with prices starting at $540 for a 14-incher, $580 for the 15.6-inch Pavilion and $900 for the 17.3-inch behemoth.

On the desktop side of things? Some Pavilion All-in-Ones now carry a "micro edge" display that cuts the border thickness by 75 percent, and there's an optional RealSense camera for both gesture commands and signing in with face detection. A new Pavilion Desktop, meanwhile, is 30 percent smaller than its ancestor while sporting up to a Core i7 or AMD A12, 16GB of RAM, 3TB of storage and budget GeForce GTX 750i or Radeon R7 graphics. The all-in-ones first show up between July 3rd and July 10th with prices starting at $700 for a 23.8-inch display and $1,000 for 27 inches. The Pavillion Desktop hits on June 26th for $450, and it'll be joined at the same time by a 32-inch quad HD Pavilion Display that sells for $400.

Source: HP

Read More...

Thursday, April 21, 2016

Opera is the first big web browser with a built-in VPN

Source: http://www.engadget.com/2016/04/21/opera-browser-vpn/

If you've wanted to use a virtual private network to improve your web privacy or (let's be honest) dodge content restrictions, you've usually had to either install a third-party client or use a relatively niche browser with the feature built-in. As of today, though, you have a more mainstream option: Opera has released a developer version of its desktop web browser with native VPN support. You only have to flick a virtual switch to get a 256-bit encrypted connection that hides your connection details and prevents sites or governments from blocking content they don't want you to see.

The preview version only gives you three simulated locations for the VPN (Canada, Germany and the US), so this won't give you access to a whole lot until the finished browser is ready. However, the VPN is free. If all you want is to access a forbidden streaming service or make it harder for snoops to monitor your traffic, this might be your easiest and most affordable solution.

Source: Opera

Read More...

Monday, April 18, 2016

Flexible lens sheets could change way cameras see

Source: http://www.engadget.com/2016/04/18/flexible-lens-sheets-could-change-way-cameras-see/

Cameras are already embedded in a lot of devices, but what you could wrap them around things like a "skin?" That's the premise of "flexible sheet cameras" developed by scientists at Columbia University. Rather than having just a single sensor, the devices use an array of lenses that change properties when the material is bent. The research could lead to credit card-sized, large-format cameras that you zoom by bending, or turn objects like cars or lamp posts into 360-degree VR cameras.

In order to create a wraparound camera, the team first considered attaching tiny lenses to single pixel-sized sensors, a tact that's been tried before on curved surfaces. However, they realized that when bent, such an array would have gaps between sensors that would produce artifacts in the final image. Instead, they created flexible silicon sheets with embedded lenses that distort and change their focal lengths when bent. The resulting prototype has no blank spots, even with significant curvature, so it can capture images with no aliasing.

The team flexed the prototype sheet -- with a 33x33 lens array -- in a predictable way, allowing them to produce clean (though low resolution) images. However, if the amount of deformation isn't known, the system produces random and irregular images. For instance, they created a simulated camera based on a larger, more flexible sheet that produces a hilariously distorted image (above) when when draped on an object.

However, the goal is to eventually measure the amount of deformation with built-in stress sensors, then calculate the sheet's geometry to produce a clean image. While the current prototype is very low-res, it proves that the concept is viable, so the team plans to "develop a high resolution version of the lens array and couple it with a large format image sensor." Eventually, the sheet camera could result in sensitive large format cameras that produce very high dynamic range images. If you want to be more futuristic, the tech could even turn household objects and wearables into giant image sensors. Invisibility cloaks for all?

Via: Digital Trends

Source: Columbia University

Read More...