Will We Control Computers With Our Brains Soon?

 Will We Control Computers With Our Brains Soon?

Over the years, Facebook has made several high-profile acquisitions, with one of their most recent being the acquisition of Oculus Rift for a staggering two billion dollars.  Now, rumors are swirling that the company is on track to buy another innovative startup, CTRL-Labs. They are the makers of an innovative device worn at the wrist that uses brain waves to allow users to control electronic devices. Estimates are that the social media giant will pay between $500 million and a cool one billion dollars to acquire the company, which is one of a number of startups creating BMIs, (Brain Machine Interfaces). What’s interesting about the offering by CTRL-Labs is that their product is worn on the wrist, while most of their competitors rely on devices worn on the head. In a few cases, they require chips to be physically implanted in the brains of those who want to use their tech. In this regard, what CTRL-Labs is offering borrows from two different technologies that have been featured on TED talks in recent years:  Pranav Mistry’s “Sixth Sense” technology (which translates gestures into commands that a computer can understand) and the Emotive headset, which scans your brain for changes and translates those signals into commands. Honestly the industry is still too small and the technologies are too unrefined to know for certain whose products will wind up being adopted as the de facto standard.  However, the fact that Facebook is placing a large bet on the industry is a powerful indication that these types of technologies (whatever form they ultimately take) are the future. It’s a long-term bet, to be...
Vimeo Could Have Collected Biometric Data Without Consent

Vimeo Could Have Collected Biometric Data Without Consent

The popular video site Vimeo now finds itself in hot water and are facing a lawsuit for allegedly violating the Illinois Biometrics Information Privacy Act.  The act requires all private companies collecting biometric information to maintain a publicly available, written policy that explains their practices concerning this type of information.  It also includes guidelines relating to the retention and destruction of such information. According to the lawsuit filed: “Vimeo is actively collecting, storing and using–without providing notice, obtaining informed written consent or publishing data retention policies–the biometrics of thousands of unwitting individuals throughout the country whose faces appear in photographs and/or videos uploaded to the Magisto “smart video editor” application in Illinois. Each face template that Vimeo extracts is unique to a particular individual in the same way that a fingerprint or voiceprint uniquely identifies one and only one person.” The lawsuit is being brought forth by Illinois resident Bradley Acaley, who downloaded the Magisto app in 2017.  He purchased an annual subscription for $120, uploaded several photos and videos of himself and then could no longer access them after his subscription ended. A Vimeo spokesperson had this to say about the recent filing: “The lawsuit is based upon a fundamental misunderstanding of how the Magisto video creation app works.  To help customers create better videos faster, Magisto uses machine learning technology to help identify objects within video frames.  Determining whether an area represents a human face or a volleyball does not equate to “facial recognition,” and Magisto neither collects nor retains any facial information capable of recognizing an individual.  We look forward to having an opportunity to clear this...
Google Adds Several New Password Features To Help Users

Google Adds Several New Password Features To Help Users

Google is taking additional steps to provide a safer and more secure environment for their massive user base.  Chrome is the most widely used browser in the world. In recent months, Google has made moves to provide better password security. Most recently, they released a Chrome Extension called Password Checkup that scans all of your stored login credentials to see if they’ve been found in data breaches. If they have been breached, it prompts you to change them. As good and helpful as that is, the company has taken an additional step and has now integrated the Password Checkup tool directly into Google’s Password Manager. Here’s how it works: Open your Google Password Manager, which you can access via https://passwords.google.com. When the page displays, you’ll see a new link labelled “Check Passwords.” Click that. Google will then proceed to check your stored login credentials to see: If any of your passwords have been exposed via a third-party data breach If the password in question is being reused among multiple sites Assess the relative strength of all of your stored passwords. Once this check is complete, it will display the results in different categories that show you exactly which passwords are at risk, and why they were flagged.  From there, you’ll be able to change any problematic passwords and re-run the check to give yourself a clean bill of health. This is a fantastic move, but the company isn’t stopping there.  Ultimately, the company plans to have Chrome automatically alert you when your saved passwords were discovered in a breach and allow you to act immediately to change them and...
Browser Update Warnings May Actually Be Malicious Hackers

Browser Update Warnings May Actually Be Malicious Hackers

Researchers at FireEye have recently unearthed a particularly nasty new campaign that is both multi-faceted and dangerous. At the heart of the attack are hacked websites which display seemingly innocuous popup message informing the site visitor that their browser is out of date. It will helpfully provide a one-touch solution to the non-existen21t problem via a button that promises to download the latest version of the browser in question. Naturally, it does no such thing.  Instead, it uses a series of JavaScripts to gather information about the target computer and send the details back to the command and control server. The server then responds to the findings reported by the initial script by uploading the initial payload.  This varies based on the details gleaned, but generally includes some type of banking trojan malware and a backdoor such as Dridex, NetSupport Manager RAT, or similar.  If the initial scan reveals that the target computer is part of a corporate network, then an additional payload is also injected onto the target machine, but we’ll get to that in a moment. The first part of the payload will busily ferret out login credentials and other sensitive information, exfiltrating any files of value back to the command and control server. Only when this operation has been completed and if the computer is part of a corporate network will the second stage we referenced earlier trigger, which is a strain of ransomware, normally BitPaymer or DoppelPaymer. The ransomware spreads through the network as far as it is able, encrypting files network wide. These two ransomware strains are known for their hefty ransom demands, which often...
Hackers Now Can Access Data In Secure PDF Files

Hackers Now Can Access Data In Secure PDF Files

A team of six researchers from Ruhr-University Bouchum and Munster University, in Germany have discovered a critical flaw in the way that popular PDF viewers display data. This makes it possible for an attacker to exfiltrate data from encrypted PDF files.   The researchers tested twenty-seven different desktop and web-based PDF viewer apps ranging from the ubiquitous Adobe Reader, to Foxit, and even the viewers built into both Chrome and Firefox. They found that every single one of them were vulnerable to the new attacks they engineered. The researchers developed two major lines of attacks with a few variants based on each type. They had this to say about their findings: “Our attacks allow the recovery of the entire plaintext of encrypted documents by using exfiltration channels, which are based on standard-compliant PDF properties…our evaluation shows that among 27 widely used PDF viewers, all of them are vulnerable to at least one of these attacks. These alarming results naturally raise the question of the root causes for practical decryption exfiltration attacks.  We identified two of them. First, many data formats allow to encrypt only parts of the content.  This encryption flexibility is difficult to handle and allows an attacker to include their own content, which can lead to exfiltration channels. Second, when it comes to encryption, AES-CBC–or encryption without integrity protection in general–is still widely supported.  Even the latest PDF 2.0 specification released in 2017 still relies on it.  This must be fixed in future PDF specifications.” This is an alarming discovery although these attacks have not yet been seen in the wild. Now that the word is out,...