No Netcast This Past Weekend
I was out of town and unable to do a Netcast this past weekend… prepare for one coming this coming weekend… in the meantime, I did post a new Chromest Netcast on YouTube at:
Dr. Bill | The Computer Curmudgeon
Join Dr. Bill as he examines the wild and wacky world of the web, computers, and all things geeky! Hot Tech Tips, Tech News, and Geek Culture are examined… with plenty of good humor as well!
I was out of town and unable to do a Netcast this past weekend… prepare for one coming this coming weekend… in the meantime, I did post a new Chromest Netcast on YouTube at:
Podcast: Play in new window | Download (255.1MB) | Embed
Subscribe: RSS
A guy runs the Half-Life video game on his LG G Watch! Chrysler recalls 1.4M vehicles for a bug fix, Smartwatches could become a new frontier for cyber attackers, Beat Down Boogie’s Mario Warfare! GSotW: Cr OS Linux, GSotW: Vanilla ChromeOS for USB
Links that pertain to this Netcast:
International Association of Internet Broadcasters
|
|
||
Download M4V | Download WebM | Download MP3 | Download Ogg |
Podcast: Play in new window | Download (Duration: 20:30 — 18.8MB) | Embed
Subscribe: RSS
A guy runs the Half-Life video game on his LG G Watch! Chrysler recalls 1.4M vehicles for a bug fix, Smartwatches could become a new frontier for cyber attackers, Beat Down Boogie’s Mario Warfare! GSotW: Cr OS Linux, GSotW: Vanilla ChromeOS for USB
Links that pertain to this Netcast:
International Association of Internet Broadcasters
|
|
||
Download M4V | Download WebM | Download MP3 | Download Ogg |
ChromeOS Built by Hexxen!
“What’s vanilla?
Vanilla builds are bleeding edge. They give you the opportunity to see and use the latest and greatest that Chromium OS has to offer. Requires only a 4GB USB drive (download size is around 250MB)
ChromiumOS is a lightweight, lightning-fast operating system for your netbook, laptop or even desktop. With the familiar environment of Chromium/Chrome, the entire web is at your fingertips in seconds. HTML5 is fully supported, allowing you to enjoy the very best that the web has to offer.”
You know I like Chrome! How about a Linux Distro that is based around Chrome?
“Cr OS Linux (pronounced like Cros Linux) is the free OS built around the revolutionary Chromium browser – a foundation for Google Chrome. We call it the chrome plated OS, because it is stable and shiny.
This open source project provides a lightweight Linux distribution similar to Google Chrome OS for the best web browsing experience on any x86 PC, netbook or notebook.
Download Cr OS Linux Live DVD or USB Disk Image for free and give it a try!
Featured software in the latest Cr OS Linux:
Beat Down Boogie is a troupe of COSplayer-to-the-max actors and filmmakers. They say of themselves:
“Before we were BDB, we were just a few guys making short films together. We made flicks about killer toasters, evil snowmen, and the epic struggle between ninjas and pirates.
One day we decided to make feature films. We learned a lot about filmmaking, but we weren’t happy with the traditional distribution system. Nobody cared what the audience wanted to see. Everything had to be tailored for investors, middlemen, and distributors. Those guys determined what the audience was allowed to see.
We didn’t like that. Making films for the approval of industry suits wasn’t fun. We wanted to be connected to the audience. We wanted the fun back.
We decided to return to our roots – guerrilla filmmaking. During our time spent on feature films, some amazing and affordable cameras came out. We grabbed some 7d’s and started goofing around. Before we knew it we were shooting Modern War Gear Solid.
The decision to leave traditional filmmaking has been rewarding. Our Beat Down Boogie videos have been enjoyed by millions!”
Check out Mario Warfare! (My brother-in-law was a dead soldier in this one!) It was also shot where I used to work, at the Center for Creative Leadership in Greensboro, NC!
By the way, there’s eight parts to this series, catch it all on YouTube!
I’m going to have to be careful with my new LG Watch!
Smartwatches Could Become New Frontier for Cyber Attackers
Dark Reading – By: Jai Vijayan – “Watches with network and communication functionality are opening up a new frontier for cyber attackers thanks to a largely cavalier attitude towards security by manufacturers, a new study by HP warns.
HP assessed the available security features on 10 smartwatches along with their Android and iOS cloud and mobile application components and found every single device to have significant vulnerabilities such as insufficient authentication and lack of data encryption.
As part of the study, HP looked at smartwatch management capabilities, network communications, their mobile and cloud interfaces and other potentially vulnerable components.
All of the watches that HP evaluated collected personal data in the form of names, addresses, birth dates, weight, gender and heart rate. Yet not one of them had adequate controls in place for ensuring the privacy and security of the collected data either while on the device or in transit.
For instance, every smartwatch that HP tested was paired with a mobile interface that lacked two-factor authentication. None of the interfaces had the ability to lock out accounts after multiple failed login attempts. A significant 40 percent of the tested products used weak cyphers at the transport layer while a full 70 percent had firmware related insecurities.
‘We found that smartwatch communications are easily intercepted in 90 percent of cases, and 70 percent of watch firmware is transmitted without encryption,’ says Daniel Miessler, lead researcher for the study at HP. ‘These statistics reveal areas of security risk and are extremely worrisome, as smartwatches are likely to become a key access control point as adoption expands,’ Miessler said in emailed comments to Dark Reading.
Current use cases for smartwatches extend beyond the usual activity and health monitoring applications to areas like messaging, monitoring and schedule checking. Because the smartwatch depends on an intermediary mobile device to pass information from and to the watch, the security of the gateway device becomes an important factor was well, HP noted in its report.
‘The combination of account enumeration, weak passwords, and lack of account lockout means 30 percent of watches and their applications were vulnerable to account harvesting, allowing attackers to guess login credentials and gain access to user accounts,’ HP said.
Though smartwatch adoption is largely consumer driven, the security concerns associated with their use extend to enterprises as well. Given the amount of network connectivity, the attack surface areas present, and the highly adaptive nature of the Internet of Things in general, it’s important for enterprises to consider IoT and wearables to be untrusted, unless fully tested, analyzed, and secured, Miessler said.
‘Wearables and other IoT related devices should always be segmented from the internal network,’ he said.
The increasingly sophisticated recording capabilities of smartwatches and other wearables pose another near-term problem for enterprises, Miessler said. Wearbles, for instance, make it easier for users to surreptitiously record documents and events without being noticed.’ For enterprises that may be discussing very sensitive information, or presenting that information in cubes or meeting rooms, the potential for data loss via this method increases significantly,’ Miessler said.
Mitigating the threat posed by smartwatches and other IoT devices starts with an awareness of the risks they pose, he said. It starts with knowing what type of sensors the watches have, and whether the devices can capture audio, video and data, he noted. Administrators also need to be aware of data are entered into these ecosystems, and where that data is sent, Miessler added.
‘From there, it will be a matter of creating policies for managing IoT and wearables within the enterprise, whether that’s creating isolated segments on the LAN, determining what types of devices and capabilities are allowed in sensitive corporate areas,’ and similar measures, he said.”
How would YOU like it if your car turned on you? What if someone could take it over? Sounds like a Mission Impossible movie, but it is real!
After Jeep Hack, Chrysler Recalls 1.4M Vehicles for Bug Fix
Wired – By: Andy Greenberg – “Welcome to the age of hackable automobiles, when two security researchers can cause a 1.4 million product recall.
On Friday, Chrysler announced that it’s issuing a formal recall for 1.4 million vehicles that may be affected by a hackable software vulnerability in Chrysler’s Uconnect dashboard computers. The vulnerability was first demonstrated to WIRED by security researchers Charlie Miller and Chris Valasek earlier this month when they wirelessly hacked a Jeep I was driving, taking over dashboard functions, steering, transmission and brakes. The recall doesn’t actually require Chrysler owners to bring their cars, trucks and SUVs to a dealer. Instead, they’ll be sent a USB drive with a software update they can install through the port on their vehicle’s dashboard.
Chrysler says it’s also taken steps to block the digital attack Miller and Valasek demonstrated with ‘network-level security measures’—presumably security tools that detect and block the attack on Sprint’s network, the cellular carrier that connect Chrysler’s vehicles to the Internet.
Miller, one of the two researchers who developed the Uconnect-hacking technique, said he was happy to see the company respond. ‘I was surprised they hadn’t before and I’m glad they did,’ he told WIRED in a phone call. He particularly praised the move to work with Sprint to prevent attacks through its network.
‘Blocking the Sprint network is a huge thing,’ Miller adds. ‘The biggest problem before was that cars would never get fixed or fixed way down the road. Assuming that they did [the Sprint network fix] correctly…you don’t have to worry about that tail-end of cars that won’t get fixed.’
Valasek wrote on Twitter that he’d tested the attack again and found that Sprint’s network does now appear to be blocking the Jeep attack:
‘Looks like I can’t get to @0xcharlie’s Jeep from my house via my phone. Good job FCA/Sprint!’
Chrysler had already issued a patch in a software update for its vehicles last week, but announced it with a vague press release on its website only. A recall, by contrast, means all affected customers will be notified about the security vulnerability and urged to patch their software. ‘The recall aligns with an ongoing software distribution that insulates connected vehicles from remote manipulation, which, if unauthorized, constitutes criminal action,’ writes a Chrysler spokesperson in an email.
In its press statement about the recall, Chrysler offered the following list of vehicles that may be affected:
That list of potentially vulnerable cars is slightly longer than the one Chrysler gave WIRED on Monday, which excluded the the Chrysler 200 and 300, and the Dodge Charger and Challenger. The 1.4 million number it’s targeting with the recall is also far larger than the 471,000 vehicles Miller and Valasek had estimated to possess the vulnerable Uconnect computers.
In its statement, Chrysler also said that to its knowledge the hacking technique Miller and Valasek had developed had never been used outside of the WIRED demonstration. It also pointed out that hacking its vehicles wasn’t easy. That’s true: Miller and Valasek had worked on their Jeep hacking exploit for over a year. ‘The software manipulation addressed by this recall required unique and extensive technical knowledge, prolonged physical access to a subject vehicle and extended periods of time to write code,’ reads Chrysler’s statement.
In one less credible part of the statement, however, Chrysler also claims that ‘no defect has been found,’ and that ‘[Fiat Chrysler Automobiles] is conducting this campaign out of an abundance of caution.’
Given that Miller and Valasek were able to hack the Jeep I was driving on a highway from a laptop 10 miles away, that ‘no defect’ claim doesn’t hold up. ‘No defect was found (other than the remote vulnerability that can result in full physical control),’ wrote Valasek on his twitter feed.
Careful Chrysler owners don’t need to depend on that network protection or wait for a USB drive to be mailed to them to patch their Uconnect computers. They can download the patch to a computer right now, put it on a USB drive, and install it on the dashboard. Start here to get that software fix.
One recall won’t change the fact that cars, SUVs and trucks are increasingly connected to the Internet and vulnerable to hacker attacks like the one Valasek and Miller have demonstrated. Congress has taken note of the rising threat of car hacking, too, with two senators introducing a bill earlier this week to set minimum cybersecurity standards for automobiles.
That bill would require cars to be designed with certain security principles, such as isolating physical components from Internet connections and including features that detect and block attacks. But for now, Miller says that a recall is a strong first step for Chrysler. ‘What I really want is for them to design secure cars and include detection mechanisms,’ Miller says. ‘They can’t do that in three days. This is the most we could hope for.'”
I just got the LG Smartwatch, and this guy hacks a video game to run on it! Cool!
Podcast: Play in new window | Download (210.6MB) | Embed
Subscribe: RSS
New ‘M2′ Slingbox drops mobile app fees, Looney Tunes’ Chuck Jones, Ant-Man started Friday, average of 40 minutes on YouTube per viewing session, Adobe secures Flash, with help from Google, close-up images of Pluto, GSotW: Kodi, Japanese Ant-Man Trailer!
Links that pertain to this Netcast:
International Association of Internet Broadcasters
Kodi – A Media Center for your Home!
|
|
||
Download M4V | Download WebM | Download MP3 | Download Ogg |