Slashdot has posted this article claiming that Microsoft Has Your Windows 10 encryption key.
An anonymous reader writes with this bit of news from the Intercept. If you login to Windows 10 using your Microsoft account, your computer automatically uploads a copy of your recovery key to a Microsoft servers. From the article: “The fact that new Windows devices require users to backup their recovery key on Microsoft’s servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts – something that people never had the option to do with the Clipper chip system. But they can only delete it after they’ve already uploaded it to the cloud…..As soon as your recovery key leaves your computer, you have no way of knowing its fate. A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it. Or Microsoft itself could get hacked, or could have hired a rogue employee with access to user data. Or a law enforcement or spy agency could send Microsoft a request for all data in your account, which would legally compel them to hand over your recovery key, which they could do even if the first thing you do after setting up your computer is delete it. As Matthew Green, professor of cryptography at Johns Hopkins University puts it, ‘Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.'”
I save you the trouble. Here’s the list:
- Amazon Prime
- Hulu Plus
- Google Play
- Cinema Now
- Blockbuster On Demand
If you like to read PCMag’s article, here it is.
I’ve used OwnCloud on and off the last couple of years. Here are my older posts about OwnCloud. I started using OwnCloud again, just the other day out of curiosity. Two years ago, OwnCloud didn’t measure up to the competition. It wasn’t enough to get geeks like me to quit using Dropbox or Google Drive. One thing OwnCloud has going though, you own your own data. It’s very secure knowing you are the only one maintaining your own server. Fast forward two years, OwnCloud has gotten much better. The last version I used was version 6. OwnCloud is now at 8.2.1. There are now desktop clients for the PC, Mac and Linux systems. There are also apps for mobile devices: iOS, Android and Blackberry. The synching features are much better. And most of all, you can easily run your own OwnCloud server at Digital Ocean. They have a ready made image ready just for you.
Google is currently testing a new way to login using no passwords. It sends notifications via smart phones and users can login using push notifications. This is much more secure knowing that some users use really weak passwords. Two factor authentication has been around for a while. It also speeds up logins. Essentially, every time you login to your email, it sends a push notification to your phone. You press yes and it allows you in and read your emails.
We’ve all seen it. A drone flies in the air and crashes in the water. There’s a new drone from Rutgers University that flies in the air and swims in the water. The project is funded by the Office of Naval Research. It’s called the Naviator. It’s intended use is aerial reconnaissance or for snooping underwater. It can be deployed to perform ship and bridge inspections. In an oil spill, it can go underwater and see how far the spill goes.
The first website ever created by British scientist, Sir Tim Berners-Lee, celebrated its birthday two days ago. The site is 25 years old. The website was launched on December 20, 1990. The original server is maintained by CERN (European Organization for Nuclear Research). Here’s an article about restoring the first web site.
Apparently, there’s a simple way to hack a Linux distro. Just hit backspace 28 times in a row and you’re in. This applies to systems that use Grub2 boatloader, which applies to pretty much all Linux distros. On bootup, you can bypass the lock screen by hitting backspace 28 times in a row, and it will send you to the grub rescue shell. Researchers say there is a bug that creates a memory error leak, which in turn opens up a rescue shell. You’ll need physical access to the keyboard to take advantage of this bug. Ubuntu, Redhat and Debian have already release patches, so you’re out of luck.
VLC is considered by many as the swiss army knife of video players is finally coming to ChromeOS users. As you may well know, you can pretty much run VLC on any platform, from the PC, to Mac and Linux and to practically every mobile device. The last frontier was ChromeOS. The VideoLan team just made the popular player available now to ChromeOS users.
I have two access points stolen from one of my clients, a mid-size hotel somewhere in the Bay Area. Six days later, the thief decides to connect one of the access points to his network. Of course, the access point reconnected to my cloud controller giving me complete access to the stolen unit. Just to mess around with the dumb thief, I decided to change the Wi-Fi password of the access point. I also changed the SSID to “Stolen from xxx hotel.” I’m sure his neighbors are delighted to see such a unique SSID. And one more thing, I turned on the “locate” feature causing the access point to blink every second. I hope the thief sleeps through fine with a blinking blue light at night.