Categories
bug programming

24-core CPU and I can’t type an email (part one)

When software doesn’t behave as expected, it can be really difficult to find out why. In this case, someone experienced an odd hanging problem while using GMail on his powerful computer and decides to investigate. Read on for all the gory details.

…I was just engaging in that most mundane of 21st century tasks, writing an email at 10:30 am. And suddenly gmail hung. I kept typing but for several seconds but no characters were appearing on screen. Then, suddenly gmail caught up and I resumed my very important email. Then it happened again, only this time gmail went unresponsive for even longer.

Source: 24-core CPU and I can’t type an email (part one)

Categories
privacy

Turn Off Your Fitbit, Garmin, Apple Watch GPS NOW!

IOW, location data can be mined for valuable information. The proliferation of sensors in everyday devices and the rapid adoption of IoT has put the spotlight on the problem.

This was all sparked when reports surfaced earlier this year of a fitness-tracking company, Strava, publishing maps showing where users jog, bike and exercise. Since many of its users are members of the military, their jogging routes and other exercises showed exactly where the US has service members around the world, as well as showing their running routes.

Source: Turn Off Your Fitbit, Garmin, Apple Watch GPS NOW!

Categories
security

PIN number analysis

There are many articles on how people chooses passwords. This article is purely on analyzing PIN numbers. Some observations are obvious but there are quite insightful ones too.

There are 10,000 possible combinations that the digits 0-9 can be arranged to form a 4-digit pin code. Out of these ten thousand codes, which is the least commonly used?Which of these pin codes is the least predictable?Which of these pin codes is the most predictable?

Source: PIN number analysis

Categories
Uncategorized

Review: A Counterfeit, $100 iPhone X – Motherboard

This is both wild and wow. Someone essentially built an iPhone X look-alike both in terms of hardware and software, but it is actually running Android.

Source: Review: A Counterfeit, $100 iPhone X – Motherboard

Categories
security

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M — Krebs on Security

Spear-phishing is quickly becoming the most popular technique for hacking high-value targets. The SingHealth hack was suspected to be due to spear-phishing as well. HR is obviously most at risk, as they need to review resumes which can come as PDF or Word document.

The lawsuit notes the company determined that it was likely the same group of attackers responsible for both intrusions. Verizon also told the bank that the malware the attackers used to gain their initial foothold at the bank in the 2017 breach was embedded in a booby-trapped Microsoft Word document.

Source: Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M — Krebs on Security

Categories
privacy security

SingHealth cyberattack: MAS orders financial institutions to tighten customer verification – Channel NewsAsia

Good pre-emptive measure to prevent possible misuse of information from the SingHealth hack.

“With immediate effect, all financial institutions should not rely solely on the types of information stolen (name, NRIC number, address, gender, race, and date of birth) for customer verification,” MAS said in a statement.

“Additional information must be used for verification before undertaking transactions for the customer. This may include, for instance, One-Time Password, PIN, biometrics, last transaction date or amount, etc.”

Source: SingHealth cyberattack: MAS orders financial institutions to tighten customer verification – Channel NewsAsia

Categories
privacy security

Singapore health system hit by ‘most serious breach of personal data’ in cyberattack; PM Lee’s data targeted

This is indeed the most serious cybersecurity breach in Singapore so far. 1.5 million records were exfiltrated. If this were to happen to a private company, the fine for breaching PDPA would surely be significant. While cyber attacks are not uncommon or unexpected, having it happen in a way that affects so many people will surely bring pause to many ongoing and upcoming IT projects in the pipeline.

Source: Singapore health system hit by ‘most serious breach of personal data’ in cyberattack; PM Lee’s data targeted

Categories
security

‘Suspicious’ USB fan given out at Trump-Kim summit deemed safe | ZDNet

Much ado about nothing. The context was, some journalists were highly suspicious of the USB fan that was included in the goody bag for the media during the Trump-Kim summit in Singapore, deeming it a cybersecurity risk. It’s probably good not to plug untrusted USB devices into your machine but c’mon please give the organizers more credit than this.

A University of Cambridge researcher wanted to know if the fan was bugged.

Source: ‘Suspicious’ USB fan given out at Trump-Kim summit deemed safe | ZDNet

Categories
bug

The machine Fired me

What happens when there’s things are fully automated with no manual override.
In the relentless drive towards cost-cutting and automation I won’t be surprised if we see more instances of such problems.

At least a year later, I can sit here and write about it without feeling too embarrassed. So that’s the story about the machine that fired me and no human could do anything about it.

Source: The machine Fired me

Categories
security sysadmin

WINDOWS NTFS TRICKS COLLECTION

A collection of eye-opening NTFS tricks to do things that you normally can’t.

TRICK 1: CREATE FOLDERS WITHOUT PERMISSIONS (CVE-2018-1036/NTFS EOP) On Windows you can assign “special permissions” to folders like permissions that a user is allowed to create files in a folder, …

Source: MOV AX, BX Code depilation salon: Articles, Code samples, Processor code documentation, Low-level programming, Working with debuggers WINDOWS NTFS TRICKS COLLECTION