Miscellaneous Tech News
-
@mlnews said in Miscellaneous Tech News:
Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail
Group breaches SMS-protected accounts. It's still testing attacks against 2fa apps.
A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones.
Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets’ accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password.
“In other words, they check victims’ usernames and passwords in realtime on their own servers, and even if 2 factor authentication such as text message, authenticator app or one-tap login are enabled they can trick targets and steal that information too,” Certfa Lab researchers wrote.
This isn't new.
-
Mass email hoax causes closures across the US and Canada
Emails threaten explosions unless people pay $20,000 in Bitcoin.
The emails warn that explosives have been planted in the recipient’s premises and that they will detonate by the end of the day unless the target pays $20,000 in bitcoin. By late Thursday afternoon, Sammy, the email security researcher who sent one of the tweets above, told Ars she and other researchers estimated more than 100,000 such emails had been received. A large percentage of the emails, she said, used unique wallet addresses and variations on the sender’s name as well as the type of explosive materials.
-
How to Make an Offline Root Certificate Authority for Windows PKI in WSL
https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/ -
@black3dynamite said in Miscellaneous Tech News:
How to Make an Offline Root Certificate Authority for Windows PKI in WSL
https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/@scottalanmiller weren't you asking about this a week or so ago?
-
@JaredBusch said in Miscellaneous Tech News:
@black3dynamite said in Miscellaneous Tech News:
How to Make an Offline Root Certificate Authority for Windows PKI in WSL
https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/@scottalanmiller weren't you asking about this a week or so ago?
I don't think so, but it did come up on a call yesterday!
-
@scottalanmiller said in Miscellaneous Tech News:
@JaredBusch said in Miscellaneous Tech News:
@black3dynamite said in Miscellaneous Tech News:
How to Make an Offline Root Certificate Authority for Windows PKI in WSL
https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/@scottalanmiller weren't you asking about this a week or so ago?
I don't think so, but it did come up on a call yesterday!
Check your Telegram with me on December 6th.
-
@JaredBusch said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@JaredBusch said in Miscellaneous Tech News:
@black3dynamite said in Miscellaneous Tech News:
How to Make an Offline Root Certificate Authority for Windows PKI in WSL
https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/@scottalanmiller weren't you asking about this a week or so ago?
I don't think so, but it did come up on a call yesterday!
Check your Telegram with me on December 6th.
Oh, asking you directly. Yes, but not on ML. But we were looking for internet at the time, we hadn't come up with using an external service, yet.
-
@JaredBusch said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@JaredBusch said in Miscellaneous Tech News:
@black3dynamite said in Miscellaneous Tech News:
How to Make an Offline Root Certificate Authority for Windows PKI in WSL
https://www.altaro.com/hyper-v/wsl-offline-root-certificate-authority-windows-pki/@scottalanmiller weren't you asking about this a week or so ago?
I don't think so, but it did come up on a call yesterday!
Check your Telegram with me on December 6th.
Same for me.
-
Apple says iOS update will avoid Qualcomm patents, China iPhone ban
Apple is appealing Qualcomm's China-wide ban on older iPhone models.
Apple's patent battle with Qualcomm in China has intensified this week, with Qualcomm seeking a broader ban and Apple claiming it has a workaround to avoid Qualcomm's patents.
-
@mlnews said in Miscellaneous Tech News:
Apple says iOS update will avoid Qualcomm patents, China iPhone ban
Apple is appealing Qualcomm's China-wide ban on older iPhone models.
Apple's patent battle with Qualcomm in China has intensified this week, with Qualcomm seeking a broader ban and Apple claiming it has a workaround to avoid Qualcomm's patents.
Does anyone know what the actual claimed infringement is?
-
I have not seen anything yet.
-
-
-
-
-
@dbeato said in Miscellaneous Tech News:
That'll probably be the death knell for Kafka. It'll encourage Amazon to fork it rather than sustain it.
-
ALthough it looks like Kafka remains under the solid Apache license. Only ADD ONs are getting a weird license.
-
-
Huawei Watch GT review: When hardware and software don’t mesh
Huawei's wearable OS could be great, but it doesn't fit this $230 smartwatch.
So what do the Huawei Watch GT and LiteOS have to offer? Essentially, the device is a simplified smartwatch that has all the hardware bells and whistles you'd expect from a a high-end Wear OS device or an Apple Watch—things like an AMOLED display, a continuous heart-rate monitor, an embedded GPS, and more. But in practice, its feature set and its real-world abilities don't exactly match its relatively high, $230 price tag.
-
Microsoft Still Can't Fix Broken Surface Update
Microsoft is reportedly replacing more Surface Pro 4 units suffering from a display issue caused by a mid-2018 firmware update.
The issue was first reported in July 2018 when the Surface Pro 4 received a firmware update supposed to bring a series of improvements. What this update did, however, was cause display issues like unresponsive touch, with lots of users confirming in a discussion thread on the Microsoft Community forums that no workaround repaired it.