Tuesday, June 23, 2015
Privacy advocates claim always-listening component was involuntarily activated within Chromium, potentially exposing private conversations
Privacy campaigners and open source developers are up in arms over the secret installing of Google software which is capable of listening in on conversations held in front of a computer.
First spotted by open source developers, the Chromium browser – the open source basis for Google’s Chrome – began remotely installing audio-snooping code that was capable of listening to users.
It was designed to support Chrome’s new “OK, Google” hotword detection – which makes the computer respond when you talk to it – but was installed, and, some users have claimed, it is activated on computers without their permission.
“Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room,” said Rick Falkvinge, the Pirate party founder, in a blog post. “Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by … an unknown and unverifiable set of conditions.”
The feature is installed by default as part of Google’s Chrome browser. But open source advocates are up in arms about it also being installed with the open source variant Chromium, because the listening code is considered to be “black box”, not part of the open source audit process.
“We don’t know and can’t know what this black box does,” said Falkvinge.
Google responded to complaints via its developer boards. It said: “While we do download the hotword module on startup, we do not activate it unless you opt in to hotwording.”
However, reports from developers indicate otherwise.
After having identified Chromium as the culprit, developer Ofer Zelig said in a blog post: “While I was working I thought ‘I’m noticing that an LED goes on and off, on the corner of my eyesight [webcam]’. And after a few times when it just seemed weird, I sat to watch for it and saw it happening. Every few seconds or so.”
Google also blamed the Linux distribution Debian for downloading the non-open source component with Chromium automatically, rather than Google Chrome.
“The key here is that Chromium is not a Google product. We do not directly distribute it, or make any guarantees with respect to compliance with various open source policies,” Google developer mgiuca said.
Falkvinge countered Google’s explanations saying: “The default install will still wiretap your room without your consent, unless you opt out, and more importantly, know that you need to opt out, which is nowhere a reasonable requirement.” He says a hardware switch to disable the microphone and camera built into most computers is needed.
Voice search functions have become an accepted feature of modern smartphones, but their movement into the home through the smart TV, and now browser, have caused concerns over the possibility of being listened to within the home.
While most services require a user to opt in, privacy advocates have questioned whether their use, which requires sending voice recordings over the internet to company servers for processing, risks unintentionally exposing private conversations held within the home.
Thursday, June 18, 2015
Some Apple Macs have a particularly terrible flaw that lets hackers sneak in and remain undetected, a security researcher has found.
It means a hacker could -- from far away -- force a Mac into a coma. Personal, corporate or government Macs could be spied on in a way that even the best security checks wouldn't discover -- until it's way too late.
"This is scary," said Sarah Edwards, a forensic analyst at the SANS Institute who specializes in reviewing computers for evidence of hacks. "I would never see this. There could be funky stuff going on in the computer system, and I would never know why."
What makes this one so bad? It's a computer bug that runs especially deep in the machine.
All computers have some kind of basic input/output system (BIOS), the core program that brings a machine to life. It's the kind of thing you should never tamper with. And it should obviously remain heavily guarded.
But Macs purchased one year ago or before, apparently, leave a door open.
When a Mac goes into sleep mode and wakes back up, it allows direct access to the BIOS. It's a weird quirk that lets someone tamper with the code there. That's what was discovered recently by Pedro Vilaça, a curious independent computer security researcher in Portugal.
He revealed this vulnerability publicly in a blog post last Friday. He told CNNMoney he alerted Apple directly soon thereafter.
Apple (AAPL, Tech30) did not respond to questions about this flaw -- nor would it say when it plans to release an update to fix it.
Several cybersecurity experts confirmed to CNNMoney that this is a real problem, and they plan to research further in the next few weeks.
This isn't an easy hack. An attacker first needs administrative access to a machine. But what this means is that if a Mac gets hacked with a low-level computer virus, it can bury so deep you'll never find it.
That's the real problem here. It gives hackers more time to plot a massive bank heist or a huge corporate takedown, like the Sony Pictures hack.
So, who's in real danger? High-value targets: think company executives, bankers, politicians, the wealthy, journalists, or anyone else worth spying on for a long period of time.
The average Mac user doesn't have to worry about this one, because they're actually susceptible to cheaper, easier hacks -- that are easier to spot and fix. So says Katie Moussouris, an executive at HackerOne, which helps companies fix dangerous computer bugs.
Tod Beardsley, a security research manager at cybersecurity firm Rapid7, stressed that most Mac users aren't likely to get hacked because of this bug. He said the flaw is "certainly surprising ... but the bar of difficulty is pretty high."
This is the second major flaw in Apple devices discovered in the last week. Recently, people discovered that you can crash someone's iPhone simply by sending it a text message.
Vilaça decided not to name this bug. But every major computer flaw nowadays deserves a name. Given that it involves a poisonous kiss that wakes a sleeping Mac, Moussouris suggests this one: Prince Harming.
Original Source: http://money.cnn.com/2015/06/03/technology/mac-bug/
Thursday, June 11, 2015
We clean all virus, spyware and malware infestations. If you have a computer virus infestation, we have the solution; unlike other companies, we protect your data. We can even completely reload your operating system without losing any data. Too many times we have seen other computer repair companies format hard drives to clean them. This is just unacceptable. We remove viruses with painstaking care, and with over 50 years of combined experience in our shop we do it right. Any virus, any computer; we clean it, and we clean it right.
Viruses on your computer come in every shape, size and form. We see viruses coming from a range of sources pretending to be the FBI, NAS and even the United States Department of Justice. You guessed it, click on the link and your computer has just become infected. A virus will not come with a STOP WARNING sign; they are meant to instill fear and trigger an immediate reaction – clicking on the “fatal” link. Common viruses that our team at CPS has come across include the Trojan virus, Win32worm, Adware-mywebserach, Rogue virus, Internet Security Pro 2013 and Security Shield to name only a few.
If you come across a link that looks suspicious, in an email or on the Internet avoid clicking on the link. Once the link is clicked your computer becomes susceptible to the virus and it is easily spread throughout your computer and contacts. The team at CPS can perform a virus removal if you do find your computer infected - no appointment necessary.
CPS removes viruses throughout Brighton, Howell, Pinckney, South Lyon, Fowlerville, Wixom and the entire surrounding Livingston County Area. If you have a virus, spyware or malware infestation it is not a problem for CPS. We are located in Brighton, MI to serve you.