Microsoft - We're Listening

Microsoft is still planning a cheaper, disc-less next-gen Xbox.
They wanted to assure everyone that it will still include its always-on microphone.


Thousands of cell phone bills exposed by Sprint contractor.
Once again, open buckets. We. Will. Not. Learn.


Severe auth bypass and priv-esc vulns disclosed in OpenBSD


Mozilla is making great progress on their speech to text offering.
We need this so badly....

Two Malicious Python Packages Steal SSH and GPG Keys Exists in the Python Package Index for a Year

Instagram to collect ages in leap for youth safety, alcohol ads

They deny there's anything remotely invasive or creepy about this, and that no one would lie to them anyway.

Must-have portable apps

Very effective when the system won't let you install software.

Major US data center provider hit by ransomware  

CyrusOne, a major data center.

Search engine that cryptographically protects your privacy?

Why do privacy-concerned search engines require a cookie to save your preferences? Well, we know why, but irony. Sometimes they give you a custom url that preserves your settings.

The Entire Multiverse Has Blown Up

Microsoft just signed on with Oracle's OpenJDK; the official open source Java. They want to be good citizens within this group.

Ok, we need to look this gift horse in the mouth. First a linux subsystem under Windows. Now open source Java?  Santa, the Easter Bunny, and Jesus will be by your house after work, with your one million dollar Publishers Clearing House check.



So about those DNA genetic makeup services... Why shouldn't you use them?
Well, firstly, there's the sharing with the letter agencies. Second, insurance will want to get their hands on the data. Third, you'll only be disappointed when you find out one of your parents was a donkey in stone age Scotland.

Then there's this: GEDmatch is a service that matches your profile to other profiles that have been uploaded. The only problem is that there are way too many ways to get into the site. GEDmatch was apparently secured by the aforementioned donkey (before he graduated from Security School).

Just Don't Do It.




What is web.com? The company that owns Network Solutions and register.com.
And they just disclosed a small security breach.  Someone got into their network and accessed millions of records in late August.

Stolen were names, addresses, phone numbers, email addresses, and information about services offered to customers. And shoe sizes.

The good news is that no credit card information was compromised.
Why?
They encrypt the credit card information before it goes into their databases, per PCI (Payment Card Industry) standards.
Why not encrypt everything?
Because they're stupid.

Affected customers are being notified.
Customers are urged to go to web.com's headquarters and hang around, insisting to talk to the CEO and generally being a pest.




Who's in your firmware?
And why should you care?
This video gives you some idea of the problems and the soon-to-be problems.



11 best CAD software(s) for linux
Never let anyone tell you there's a shortage of linux offerings.




McAfee has been observing a new phishing campaign against O365, using a fake voicemail message. The victim gets an email that they missed a call and please login to their account to check their voicemail. When the attached HTML file is loaded, it redirects to the phishing site. Users login and POOF - the phishers have their credentials. Surprisingly, McAfee products will recognize this.



Last but not least, Kortrijk, a vacation spot in Belgium, uses a mobile phone provider's data to count the people in the town and where they come from. Even better, city officials will try to cross-reference this with credit and debit card databases. The city pays Proximus 40,000 EuroYens a year for this data.

Enough, I say. Time to anonymize services. This whole tracking thing has gotten way out of hand.

Linux Azure?

Per Microsoft: Azure Sphere OS, a linux-based IoT platform, will be available in February 2020.   Obviously this is an attempt to undermine linux


An Australian consumer watchdog sues Google over location data use.
Somebody needs to.


Q. What happens when your IoT device needs updating?
A. Nothing.


If you've got an iPhone 5, you better update it by November 3, or you'll lose your net access.  I don't like iDevices, but isn't that a little old?

Speaking of Apple, Airpods Pro will scan your ears to tell you if they fit correctly.  And if they're giving off enough superiority spray.


A religious website exposed user data for at least 6-7 months.  Oh God.


Mozilla acknowledged an issue in Firefox 70.0  with pages that use dynamic JavaScript. It affects at very least YouTube and Facebook.   And the problem is?


HAPPY BIRTHDAY, Internet  50 years young


A hacker security researcher managed to get access to all Xiaimo pet feeders around the world. She found 10,950 devices whose API allowed it to locate the rest of them.  Unrelated news: a pet obesity epidemic is upon us.


A persistent android dropper called Xhelper has infected 45,000 devices in the past 6 months. It plays ads incessantly, and if you try to uninstall, it reinstalls itself.





Have you ever spellchecked a tech blog? I have a very serious headache.