Microsoft Has Your Encryption Key

Slashdot has posted this article claiming that Microsoft Has Your Windows 10 encryption key.

An anonymous reader writes with this bit of news from the Intercept. If you login to Windows 10 using your Microsoft account, your computer automatically uploads a copy of your recovery key to a Microsoft servers. From the article: “The fact that new Windows devices require users to backup their recovery key on Microsoft’s servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts – something that people never had the option to do with the Clipper chip system. But they can only delete it after they’ve already uploaded it to the cloud…..As soon as your recovery key leaves your computer, you have no way of knowing its fate. A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it. Or Microsoft itself could get hacked, or could have hired a rogue employee with access to user data. Or a law enforcement or spy agency could send Microsoft a request for all data in your account, which would legally compel them to hand over your recovery key, which they could do even if the first thing you do after setting up your computer is delete it. As Matthew Green, professor of cryptography at Johns Hopkins University puts it, ‘Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.'”

Intel Introduces Broadwell and Skylake Processors

From ZDNet:

Intel has apparently taken advantage of a quiet period for the tech industry to slip out a handful of new PC processors that don’t do anything whiz-bang enough to wait for whatever the company has in store for next month’s CES event (the rumored 10-core desktop chip and/or a preview of the Kaby Lake architecture?).

The chip giant has just dropped eight new CPUs into its lineup, comprising a mix of both desktop and mobile processors based on either Broadwell or the newer Skylake architecture. Perhaps the most noteworthy ones are the desktop CPUs, the Skylake-based Core i3-6098P and i5-6402P. That’s because the “P” suffix has indicated in the past an Intel processor that lacks the company’s integrated GPU. Intel has made great strides with its integrated graphics recently, but buyers who are definitely building a system with a discrete graphics card might not be all that interested in an integrated GPU.

OwnCloud 8.2.1

I’ve used OwnCloud on and off the last couple of years. Here are my older posts about OwnCloud. I started using OwnCloud again, just the other day out of curiosity. Two years ago, OwnCloud didn’t measure up to the competition. It wasn’t enough to get geeks like me to quit using Dropbox or Google Drive. One thing OwnCloud has going though, you own your own data. It’s very secure knowing you are the only one maintaining your own server. Fast forward two years, OwnCloud has gotten much better. The last version I used was version 6. OwnCloud is now at 8.2.1. There are now desktop clients for the PC, Mac and Linux systems. There are also apps for mobile devices: iOS, Android and Blackberry. The synching features are much better. And most of all, you can easily run your own OwnCloud server at Digital Ocean. They have a ready made image ready just for you.

Google Login With No Password

Google is currently testing a new way to login using no passwords. It sends notifications via smart phones and users can login using push notifications. This is much more secure knowing that some users use really weak passwords. Two factor authentication has been around for a while. It also speeds up logins. Essentially, every time you login to your email, it sends a push notification to your phone. You press yes and it allows you in and read your emails.

Drones That Swin

We’ve all seen it. A drone flies in the air and crashes in the water. There’s a new drone from Rutgers University that flies in the air and swims in the water. The project is funded by the Office of Naval Research. It’s called the Naviator. It’s intended use is aerial reconnaissance or for snooping underwater. It can be deployed to perform ship and bridge inspections. In an oil spill, it can go underwater and see how far the spill goes.

Hitting Backspace 28 Times

Apparently, there’s a simple way to hack a Linux distro. Just hit backspace 28 times in a row and you’re in. This applies to systems that use Grub2 boatloader, which applies to pretty much all Linux distros. On bootup, you can bypass the lock screen by hitting backspace 28 times in a row, and it will send you to the grub rescue shell. Researchers say there is a bug that creates a memory error leak, which in turn opens up a rescue shell. You’ll need physical access to the keyboard to take advantage of this bug. Ubuntu, Redhat and Debian have already release patches, so you’re out of luck.

VLC on ChromeOS

VLC is considered by many as the swiss army knife of video players is finally coming to ChromeOS users. As you may well know, you can pretty much run VLC on any platform, from the PC, to Mac and Linux and to practically every mobile device. The last frontier was ChromeOS. The VideoLan team just made the popular player available now to ChromeOS users.

Stolen APs

I have two access points stolen from one of my clients, a mid-size hotel somewhere in the Bay Area. Six days later, the thief decides to connect one of the access points to his network. Of course, the access point reconnected to my cloud controller giving me complete access to the stolen unit. Just to mess around with the dumb thief, I decided to change the Wi-Fi password of the access point. I also changed the SSID to “Stolen from xxx hotel.” I’m sure his neighbors are delighted to see such a unique SSID. And one more thing, I turned on the “locate” feature causing the access point to blink every second. I hope the thief sleeps through fine with a blinking blue light at night.