Monday, October 31, 2016

CYBER WARS - Protecting Consumer Data

"FCC chief outlines new plans to protect consumer data online" PBS NewsHour 10/27/2016

Excerpt

SUMMARY:  There are new rules for broadband providers when it comes to collecting and sharing consumer data.  On Thursday, the Federal Communications Commission voted for the first time to create protections on the transmission of personal information for broadband providers.  Hari Sreenivasan speaks with Tom Wheeler, chairman of the FCC.

HARI SREENIVASAN (NewsHour):  New rules for broadband providers when it comes to collecting and sharing customer data.

The Federal Communications Commission voted for the first time today to create protections on the transmission of personal information from broadband providers.

Tom Wheeler is the chairman of the FCC.  And he joins me now.

What is a provider going to have to do under these new rules?

TOM WHEELER, Chairman, Federal Communications Commission:  Well, the key thing is that it is the consumers' information.  It's not the network's information.

And the consumer now has the choice to say how they want that information to be used and if they want it to be used.  So, there are really three key things.  One, there has to be transparency, that the consumers have to be told, here's what we're doing with your information.  Two, they have to have choice.  So, do you want to opt in or opt out of this kind of service?

And, three, that data, when it's stored someplace, has to be stored securely and consumers have to know if there is some kind of data breach.

HARI SREENIVASAN:  So, you have also expanded the definition of what is sensitive data.  And some businesses have pushed back, saying, the browsing history, the app usage, Internet companies like Facebook and Google, they already have all that, and you're placing undue burdens on companies like Verizon, AT&T, et cetera.

TOM WHEELER:  But what we're talking about is not the fact that you may go to a dozen sites that each will get a little bit of information.

We're talking about the network that takes you to every site and knows everything you're doing.  And that's the big difference.  You hire the network to deliver you to those sites.  You don't hire the network to take your information without your permission and turn around and resell it.

Monday, October 3, 2016

ART - From the Techie Side

RIZE Spinning Ferrofluid Sculpture


Estimated availability Feb 2017 from Ferroflow Store

Tuesday, September 13, 2016

COMPUTERS - Before Apple or IBM


Osborne 1



My very first computer:
  • Tandy (Radio Shack) TRS-80 Model 1 (aka 'Trash 80')
  • 64k memory
  • 80x25 Mono Monitor (no graphics)
  • 2 x 8" 180kb Single-Sided Floppy Drives
  • 1200 baud Modem
  • Cassette Player for loading OS and software, and transferring to floppy
  • TRSDOS, NewDos/80

Monday, August 22, 2016

CYBER WAR - NSA Code Breach

"Analyzing the NSA code breach in the context of recent cybersecurity events" PBS NewsHour 8/17/2016

Excerpt

SUMMARY:  On Saturday, programming code for National Security Agency hacking tools was shared online.  The content appears to be legitimate, but it is not clear if it was intentionally hacked or accidentally leaked.  Hari Sreenivasan speaks with The Washington Post's Ellen Nakashima and Paul Vixie of Farsight Security about where this development fits in the context of other recent cybersecurity breaches.

HARI SREENIVASAN (NewsHour):  The National Security Agency's primary mission is to spy on the electronic communications of countries and people overseas.

Over the weekend, though, sophisticated code the NSA developed to penetrate computer security systems was posted online.  This serious breach comes amid the ongoing revelations of the hacking of the Democratic National Committee and other organizations, allegedly by groups linked to Russian intelligence.

For more on this, we turn to The Washington Post national security correspondent Ellen Nakashima, and Paul Vixie.  He designed and built some of the software that is the backbone of the Internet today.  He is now chairman and CEO of Farsight Security, a computer security firm.

Ellen Nakashima, what happened this weekend?  What got released?

ELLEN NAKASHIMA, The Washington Post:  Over the weekend, apparently on Saturday, mysteriously, a cache of NSA hacking tools was released online through file-sharing sites such as BitTorrent and Dropbox.

It really wasn't noticed until about Monday, when the computer security community started commenting on it and questions arose as to whether or not the NSA had been hacked.

HARI SREENIVASAN:  So, Paul Vixie, if these lock picks, these digital tools to try break into different systems out are out in the open now, these are the tools that the American government was using, what is the consequence, if it is in the public sphere?

PAUL VIXIE, Farsight Security:  Well, I think, every day, everybody is trying to hack everybody.  So, this is not huge news.

What's big news about it is that these tools were built by the U.S. government.  Some of the lock picks, as you call them, are now obsolete.  They are relying on vulnerabilities that have since been closed, because the files are about 3 years old.

But at least one of them is active against a very current piece of equipment from CiscoAnd it is going to lead to a lot of break-ins while the patches are prepared and shipped and then applied.

Friday, July 29, 2016

PC GAMES - Hacker Evolution series

Ever wanted to see what it's like (or be) a Hacker?  Then you should get Hacker Evolution, a single-player simulation game from Exosyphen Studios.  Available on Steam.

From their site, About the Game:

Stock exchanges.  Central banks.  Satellite uplinks.  Transoceanic fiber optics links.  All mysteriously succumbing to an unexpected “evolution” of the web.  When the world’s critical services start to collapse, you know this is more then a simple event.  Who or what is behind it?  Only an experienced and dedicated hacker, with know-how gained as an international cyber-intelligence agent, can root out the cause and bring it down. 
The creators of Digital Hazard and BS Hacker bring you to new levels of hacking simulation, with unparalleled graphics and a pulse-pounding sound track.  Hack into computers, look for exploits and information, and steal money to buy hardware upgrades as you attempt to assemble the pieces of an international puzzle.  Your virtual operating system environment is packed with the features to immerse you in the role of world-class hacker.

Hacker Evolution is a totally unique experience, challenging the evolved gamer's intelligence, attention and focus to create a captivating mind game.  Solve puzzles, examine code and bits of information, and evade the system’s trace to reach your objectives.

Here's a screenshot of the screen:

There are 3 releases of the series available now (in order):
  1. Hacker Evolution (original)
  2. Hacker Evolution Untold
  3. Hacker Evolution Duality
And an upcoming release, Hacker Evolution IMMERSION (on Steam's Early Access)

There is a nice "Hacker Evolution Tips and PrimerHacker Evolution Tips and Primer" in Steam Discussions.

Also "Hacker Evolution - Complete Walkthrough



Monday, May 2, 2016

BACKDOORS - From Cisco

"Cisco Finds Backdoor Installed on 12 Million PCs" by Eduard Kovacs, Computer Help Forums 4/28/2016

UPDATED:  Cisco’s Talos security intelligence and research group has come across a piece of software that installed backdoors on 12 million computers around the world.

The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC.  The firm, previously known as Eorezo Group and apparently linked to another company called Wizzlabs, has been targeted by French authorities over its questionable practices regarding the installation of unwanted software and harvesting of users’ personal details.

Cisco started analyzing Tuto4PC’s OneSoftPerDay application after its systems detected an increase in “Generic Trojans” (i.e. threats not associate with any known family).  An investigation uncovered roughly 7,000 unique samples with names containing the string “Wizz,” including “Wizzupdater.exe,” “Wizzremote.exe” and “WizzInstaller.exe.” The string also showed up in some of the domains the samples had been communicating with.

Researchers determined that the application, installed with administrator rights, was capable not only of downloading and installing other software, such as a known scareware called System Healer, but also of harvesting personal information.  Furthermore, experts found that the software is designed to detect the presence of sandboxes, antiviruses, security tools, forensic software and remote access doors.

These “features” have led Cisco Talos to classify the Tuto4PC software as a “full backdoor capable of a multitude of undesirable functions on the victim machine.”

According to Tuto4PC’s website, the company offers hundreds of tutorials that users can access for free by installing a piece of software that displays ads.  However, based on Cisco’s research, it appears the company is doing more than just displaying ads.

Tuto4PC said its network consisted of nearly 12 million PCs in 2014, which could explain why Cisco’s systems detected the backdoor on 12 million devices.  An analysis of a sample set revealed infections in the United States, Australia, Japan, Spain, the UK, France and New Zealand.

“Based on the overall research, we feel that there is an obvious case for this software to be classified as a backdoor.  At minimum it is a potentially unwanted program (PUP).  There is a very good argument that it meets and exceeds the definition of a backdoor,” Cisco Talos researchers said in a blog post.

“The creation of a legitimate business, multiple subsidiaries, domains, software and being a publicly listed company do not stop this adware juggernaut from slowing down their attempts to push their backdoors out to the public,” they added.

In response to Cisco’s blog post, Tuto4PC Group CEO Franck Rosset clarified that its antivirus bypass technology is not used for malicious purposes — he says it’s designed to make it easier for users to install its applications, which have been blocked by antiviruses.  The company has provided the following statement to SecurityWeek:

  • “The Talos blogpost is inaccurate in describing Tuto4PC as a shady malware distribution enterprise.  We are currently working with our lawyers in order to evaluate the action we can take against Talos’ inexact (negative) presentation of our business.
  • We are a listed company on the French stock exchange.  Since 2004, our business model is to create widgets, tutorials etc, for free download on download websites.  The download of our programs is for free subject to agreement for accepting advertising from an adware attached in the download.
  • Contrary to Talos’ wrongful allegations, our business has been approved by French regulators and we have never been indicted or sued for any malware distribution!!!!
  • We have a technology subsidiary (Cloud 4PC) with some developments in cybersecurity.  Due to some undue blocking by antiviruses that recently blocked Tuto4PC adware (some of them have also an adware business model), we are using a bypass technology so that people can easily download our programs (and adware).  Although the bypass software is extremely efficient, it has no other purpose or use that helping the Tuto4PC adware download.
  • There is no malware activity and Talos cannot prove or show any malware use of the program — with more than 10 million installed, if there was to be any malware activity, obviously there should be some user complaints.
  • As you can see, we are a French company — very easy to reach, we are not hiding in some rogue country — we do not understand why Talos has not contacted us prior to their post.
  • In any case, our subsidiary Cloud 4PC is going to launch soon “AV Booster,” an antivirus booster that will help stop any real malware that use bypass techniques like the ones we developed."

FBI NEWS - Ransomware

"Incidents of Ransomware on the Rise" FBI News 4/29/2016


Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.

The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation.

And, of course, home computers are just as susceptible to ransomware, and the loss of access to personal and often irreplaceable items—including family photos, videos, and other data—can be devastating for individuals as well.

Ransomware has been around for a few years, but during 2015, law enforcement saw an increase in these types of cyber attacks, particularly against organizations because the payoffs are higher.  And if the first three months of this year are any indication, the number of ransomware incidents—and the ensuing damage they cause—will grow even more in 2016 if individuals and organizations don’t prepare for these attacks in advance.

In a ransomware attack, victims—upon seeing an e-mail addressed to them—will open it and may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code.  Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.

One the infection is present, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached to.  Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key.  These messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity this virtual currency provides.

Ransomware attacks are not only proliferating, they’re becoming more sophisticated.  Several years ago, ransomware was normally delivered through spam e-mails, but because e-mail systems got better at filtering out spam, cyber criminals turned to spear phishing e-mails targeting specific individuals.

And in newly identified instances of ransomware, some cyber criminals aren’t using e-mails at all.  According to FBI Cyber Division Assistant Director James Trainor, “These criminals have evolved over time and now bypass the need for an individual to click on a link.  They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.”

The FBI doesn’t support paying a ransom in response to a ransomware attack.  Said Trainor, “Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom.  Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity.  And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”

So what does the FBI recommend?  As ransomware techniques and malware continue to evolve—and because it’s difficult to detect a ransomware compromise before it’s too late—organizations in particular should focus on two main areas:

  • Prevention efforts—both in both in terms of awareness training for employees and robust technical prevention controls; and
  • The creation of a solid business continuity plan in the event of a ransomware attack.  (See "Tips for Dealing with the Ransomware Threat" below)

“There’s no one method or tool that will completely protect you or your organization from a ransomware attack,” said Trainor.  “But contingency and remediation planning is crucial to business recovery and continuity—and these plans should be tested regularly.” In the meantime, according to Trainor, the FBI will continue working with its local, federal, international, and private sector partners to combat ransomware and other cyber threats.

If you think you or your organization have been the victim of ransomware, contact your local FBI field office and report the incident to the Bureau’s Internet Crime Complaint Center.


Tips for Dealing with the Ransomware Threat

While the below tips are primarily aimed at organizations and their employees, some are also applicable to individual users.

Prevention Efforts

- Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.

- Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).

- Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.

- Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.

- Configure access controls, including file, directory, and network share permissions appropriately.  If users only need read specific information, they don’t need write-access to those files or directories.

- Disable macro scripts from office files transmitted over e-mail.

- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).

Business Continuity Efforts

- Back up data regularly and verify the integrity of those backups regularly.

- Secure your backups.  Make sure they aren’t connected to the computers and networks they are backing up.

More info

Friday, April 29, 2016

SECURITY - eMail Domains

I just have to comment on paying attention to the domains you receive eMail from.

I got an eMail reminding me 'to confirm your account' on a site I never heard of.

The domain was "@zainiraq.net"

IRAQ.net!

Ya, like that's a safe site, .....NOT.

You need to pay close attention to eMail domains when the eMail looks suspicious or from a site you never heard of.

Suspicious eMail may even claim to be from a site you do deal with.  I and an eMail that claimed to be from AARP but the text didn't look right, it was from a domain ending in ".top"

If you get eMail that does look like it's from a site you deal with but has a link to update you account info, DO NOT use the link in the eMail.  If you deal with the site, you should have it bookmarked in your browser, use that to access the site.  Also, many sites will have a Support contact, you should copy the eMail and Headers, and paste that into their message system so they know someone is trying to spoof them.

All suspicious eMail domains should be added to your SPAM filter.  In my case, my eMail provider has a very good system for that.  Then your eMail client should also have a way to filter eMail domains.

Monday, April 25, 2016

NEWSHOUR BOOKSHELF - "The Third Wave"

"This online pioneer sees a future where everything is internet" PBS NewsHour 4/21/2016

Excerpt

SUMMARY:  In the 30 years since Steve Case co-founded AOL, the global tech landscape has seen immense growth and change.  What new developments wait in the near future, and what does the rapidly expanding online world mean for human life? Case explores those issues in his new book, “The Third Wave.” Case joins Judy Woodruff to discuss his vision of the future.

JUDY WOODRUFF (NewsHour):  Back in 1985, when Steve Case co-founded America Online, only 3 percent of Americans were actually online.  Fast-forward some 30 years, and we can see the global change brought about by the Internet and an ever-growing array of devices and social media.

So, what is next?

Well, we get a glimpse from Steve Case himself.  He is the author of a new book, “The Third Wave: An Entrepreneur’s Vision of the Future.”

Steve Case, it is good to see you.

STEVE CASE, Author, “The Third Wave”:  It’s good to see you again.

JUDY WOODRUFF:  So you borrowed that term the third wave from the futurist Alvin Toffler.

STEVE CASE:  Yes.

When I was in college in the 1980, I read Toffler “Third Wave.” It completely mesmerized me inspired me.  I spent the last almost four decades pursuing some of the ideas he talked about.

So, when I was writing a book, I wanted to pay respect to him.  I open the book with talking about my experience reading Toffler.  And I hope others will similarly be inspired by my book, and because the future once again is going to change, and the path forward is going to be different than what we saw in the last two waves.  And that’s what I was trying to lay out in this book.

JUDY WOODRUFF:  So, in a thumbnail, first wave was the creation of the Internet, which you were involved in.  Second wave was building on that, you describe, social media devices and so forth.

What is the next wave?

STEVE CASE:  It’s really integrating the Internet seamlessly throughout our lives.

And there is a lot of things that haven’t changed that much in the first wave or the second wave.  How we learn, our kids learn is about the same.  How we stay healthy is about the same.  How we manage energy is about the same.  Even how we think about food is about the same.

And work itself is starting to change in the third wave because of the freelance economy, what some call the gig economy.  So, I think it’s important for everybody, not just businesspeople or technologists, to understand what is happening next.  And that is what I try to lay out in this book with sort of a — a little bit of a road map forward and a little bit of a playbook in terms of how you can think about orchestrating your career and your life, and how you think about maybe your kids and even your grandkids.  What world are they going to be inheriting?

PRIVACY - Blocking Ad-Block Software in EU

"Blocking Ad-Blockers May Be Illegal in the EU Thanks to the Cookie Law" posted by Rich-M on CHF 4/23/2016

NOTE:  You must be a member to post on CHF (Computer Help Forums)

A letter from the President of the European Commission may spark an ongoing war between privacy advocates and online publishers that use anti-ad-blocking filters on their sites.

Alexander Hanff, CEO of Think Privacy Inc., has penned a letter to Jean-Claude Juncker, EC's president, this past winter, asking for clarification regarding the language of the e-Privacy Directive's Cookie Law.

Mr. Hanff wanted to know if the cookie law is referring strictly to browser cookies or the general notion of gathering "any information stored on such equipment [is] part of the privacy sphere of the users requiring protection."

Scanning for ad-blockers breaks the EU's e-Privacy Directive

The response of the European Commission was clear, and that any type of server or client-side scripts that attempt to access or collect information stored on the user's devices fall under the e-Privacy's umbrella, meaning that publishers need to ask for permission before gathering any type of data, not just about cookies.

Under Mr. Hanff's expert opinion, this also includes ad-blocking blocking technologies that prevent users from viewing a website's content if they have an ad-blocker installed in their browser.

In order to work, those websites need to run JavaScript code in the users' browsers.  These scripts gather information about the users' local configuration, an action which falls under the Commission's interpretation of scanning and collecting private user data, hence must be prompted and asked for permission.

Based on this response, to comply with this new interpretation of the cookie law, Internet publishers must ask you if they can scan your browser for ad-blocking software, and then prompt you to disable the ad-blocker if you agree.

The problem of server-side scripts

Mr. Hanff's says that his original letter only included the question of client-side scripts that scanned for ad-blockers, but he points out that the answers received from the European Commission include references and legal opinions that cover server-side scripts as well.

Under this latter category, any analytics service could potentially be affected.  Mr. Hanff has answered Softpedia's inquiry, and he argues that this is true.  Any analytics service, that employ client or server-side scripts, should also ask for permission.  Until now, only analytics services that deployed client-side cookies were affected by the EU Cookie Law.  This means that analytics services, commercial or deployed in-house, relying on server-side scripts are also impacted and may need to ask for permission.

This is just one of the questions we can raise from this letter.  Of course, the ramifications of this response might need to be debated by people with actual in-depth knowledge of EU law, and not us.

What is certain is that Mr. Hanff has pledged to use the answer he received from the European Commission to start legal actions against any publisher that blocks users with ad-blockers installed to access their websites.

Below are tweets from Mr. Hanff on this matter, along with images of the answer he received from the European Commission.

Read more here

Wednesday, March 23, 2016

SECURITY - ESET Smart Security

Due to the proliferation of ransomware, as a previous article points out, I have decided that I (and everyone else) need better protection.  I have been using ESET NOD32 AntiVirus for years and is excellent for what it does do.

Better protection is provided by ESET Smart Security.  The following screenshots show some of the features:

  • This is the ESET home dialog on my system.


  • This is the Setup dialog; the top 2 setting categories are like those found in ESET NOD32 AV, the "Network protection" and "Security tools" have the enhanced protection features.



  • The "Network protection" settings dialog show the enhancements.  "Personal firewall" is just like ESET NOD32 AV, replaces your Windows Firewall.  "Network attack protection" and "Botnet protection" are the enhanced features, including ransomware protection.  Note the "Recently blocked application or device" under "Troubleshooting wizard."



  • "Parental control" is a feature found in ESET NOD32 AV.  But note the "Banking & Payment protection" and "Anti-Theft" features (more below).



Banking & Payment protection:

This is one of the best features.  You add the domains for all banking and payment sites (PayPal, banks, credit card, etc) you use and select [Secured browser] and ESET Smart Security provides enhanced protections for those sites in a separate browser window.

CAUTION:  My default browser is Firefox and the ESET Secure Browser Window asked me to if I wanted to save the bank's password even though I have Firefox set to NOT remember passwords.


Anti-Theft:

This feature enables Anti-Theft protection for your devices.  It is, of course, more applicable for mobile/portable devices (touch-pads, smart phones, etc), it is not necessary for non-portable desktop systems.


I highly recommend ESET products, especially ESET Smart Security.

Monday, March 7, 2016

DATA SECURITY - Ransom of LA Hospital

"Ransomware attack takes down LA hospital for hours" PBS NewsHour 2/29/2016

This highlights the need to use good Anti-Virus utility AND do an image backup of your entire system AFTER running a virus scan (the only backup you can use to recover your entire system) .  I do my backup monthly using O&O DiskImage to a USB External Drive that I disconnect after backup.

Excerpt

SUMMARY:  One of the greatest threats to private cybersecurity today is ransomware -- a cyberattack that blocks access to a computer until the hacker is paid a ransom.  The problem recently took on new urgency when a hospital in Los Angeles had its entire network shut down for hours, putting hundreds at risk; another high-profile breach hit L.A.’s health department last week.  William Brangham reports.

GWEN IFILL (NewsHour):  But, first, a look at what’s become the latest threat to our cyber-security.

The problem took on new urgency recently when a hospital in Los Angeles had its entire computer network, including all its digital medical records, locked up by hackers.  They demanded a ransom before they’d release the computers.  It was the second such attack this month.  L.A.’s Health Department was hit last week.

These types of computer attacks, which usually target individual computer users, are on the rise.

The “NewsHour's” William Brangham reported on this threat last year, and now he brings us an update.

WILLIAM BRANGHAM (NewsHour):  Inna Simone is retired.  She’s a mother and grandmother from Russia who now lives outside of Boston.  In the fall of 2014, her home computer started acting strangely.

INNA SIMONE, Retiree:  My computer was working terribly.  It was not working.  I mean, it was so slow.

WILLIAM BRANGHAM:  A few days later, while searching through her computer files, Inna saw dozens of these messages — they were all the same.  They read: “Your files are encrypted.  To get the key to decrypt them, you have to pay $500.”

Her exact deadline, December 2 at 12:48 p.m., was just a few days away.

All her files were locked , tax returns, financial papers, letters, even the precious photos of her granddaughter Zoe.  Inna couldn’t open any of them.

INNA SIMONE:  It says, “If you won’t pay, your fine will double.  If you won’t pay by then, all your files will be deleted and you will lose them forever and never will get back.”

WILLIAM BRANGHAM:  Inna Simone, like thousands of others, had been victimized by what’s known as a ransomware attack.  Hackers — who law enforcement believe come mainly from Eastern Europe or Russia — manage to implant malicious software onto your computer, usually when you mistakenly open an infected e-mail attachment, or visit a compromised Web site.

That software then allows the hackers to lock up your files, or your entire computer, until you pay them a ransom to give it back.

Justin Cappos is a computer security expert at New York University.

JUSTIN CAPPOS, New York University:  It will actually lock you out of the files, the data on your computer.

So, you’d be able to use the computer but those files have been encrypted by the attacker with a key that only they possess.  It’s frustrating because you know the data is there.  You know the files are there.  You know your photos and everything is there and could be accessible to you.  But you have no way of being able to get at it because of this encryption that the attackers are using.

WILLIAM BRANGHAM:  This is exactly what happened at Hollywood Presbyterian Hospital in Los Angeles.  According to officials, about a month ago, their computerized medical records were locked up by one of these malicious programs, and a hacker demanded $17,000 in ransom to unlock them.

During this time, medical staff were forced to use paper and pen for their record-keeping, but they say no patient files were compromised.  The hospital decided to pay the ransom.  Their computers were unlocked, and the FBI is now investigating.

Sunday, February 28, 2016

UTILITIES - Hardware Monitor Update


I have posted about Hardware Monitor (HWMonitor) from CPUID before (a long while back), but it has been updated.

Reminder, HWMonitor works using the monitoring functions of your motherboard and BIOS, so the features you see in screenshot are dependent on your motherboard.

I am running HWMonitor Pro v1.23.0 now on my Win7 Pro 64bit rig:


The newest additions are the Clocks and Utilizations sections for the CPU, and note that my Smart-UPS (connected via USB) is also displayed.

This screenshot is scrolled down, the top sections contain the temp/voltages/fan-speed info for my motherboard.

The only difference between the free version HWMonitor and for-fee HWMonitor Pro is pro allows you to record graphs of the values while you monitor.

Thursday, February 4, 2016

PC GAMING - Fallout 4

I just realized I posted about the 'Song From Fallout Fan Word' which is Fallout 4 but have not posted in general about Fallout 4.

Here's my take on Fallout 4: OUTSTANDING

I've been playing for over 320 game-days, several new-games since 11/11/2015.  The game takes place in the "Commonwealth" aka Greater Boston area.



Review from IGN:

Excerpt

Most of the way this huge roleplaying-shooter game works is carried over from its excellent predecessors, Fallout 3 and Fallout: New Vegas.  It is the Skyrim to Fallout 3’s Oblivion, if you will – it iterates on the previous game’s already amazing systems, and it’s similarly dense with locations to explore, genuinely creepy monsters to fight, and superbly engrossing post-nuclear atmosphere that blends unsettling gore and death with dark comedy.  After more than 55 hours played I may have seen an ending, yet I feel like I’ve only begun to explore its extraordinary world; from the look of it, I’ll easily be able to spend another 100 happy hours here and still see new and exciting things.

A story that begins as a basic search for your lost family evolves into something much more complex and morally nuanced.  Like in Fallout: New Vegas, we’re drawn into a struggle between several groups competing for control of the region, and deciding which of their imperfect post-apocalyptic philosophies to align with made me pause to consider how I wanted events to play out.  Even the highly questionable Institute has a tempting reason to side with them, and turning away from them in my playthrough wasn’t as clear-cut a choice as I’d expected.  I was impressed by the sympathy shown toward the villains, too - even the most irredeemable murderer is explored and given a trace of humanity.

There was a BIG problem.  The initial version downloaded from Steam has a restrictive screen resolution, would not display in my native 1280x1024.  Note I said "was."  Found fixes for this problem via Google, see below.

Also, there's no "Data" option in the Launch Dialog, so you cannot easily add MODS, but this is a minor problem for me.

The biggest feature of Fallout 4 that I really like is crafting.  With the proper Perks, you can craft/upgrade any weapon or armor you have, as long as you have the proper Crafting Items.  There's even an Crafting Item List online.

Fallout 4 is a big improvement of the Fallout series.


How to correct display resolution:

1)   Find C:\Users\[name]\Documents\My Games\Fallout4\ Fallout4Prefs.ini and edit the following entries to read...

  • bTopMostWindow=0
  • bMaximizeWindow=0
  • bBorderless=1
  • bFull Screen=1
  • iSize H=1024
  • iSize W=1280

2)   Get “Fallout 4 1280x1024 HUD Fixes” MOD and copy contents to your game folder, example C:\Steam\SteamApps\common\Fallout 4\Data\  (note that this MOD has no .esp file, it modifies scripts)  From MOD readme.....

   1.   Copy Data folder contents into your Fallout 4 Data directory

   2.   Edit \My Documents\My games\Fallout 4\Fallout4.ini

   - Find sResourceDataDirsFinal=STRINGS\,
   - Change it to:  sResourceDataDirsFinal=STRINGS\, INTERFACE\

   - ADD under [Interface] section

  • fLockPositionY=100.0000
  • fUIPowerArmorGeometry_TranslateZ=-18.5000
  • fUIPowerArmorGeometry_TranslateY=460.0000

How to skip intro when loading game.

First go to C:\Users\[name]\Documents\My Games\Fallout4\ and open up Fallout4.ini and under [General] ADD:

  • SIntroSequence=1
  • fChancesToPlayAlternateIntro=0
  • uMainMenuDelayBeforeAllowSkip=1

Now you should have no more pesky long intro video, key [Space] to get the game Load Menu.

Thursday, January 28, 2016

"Google artificial intelligence beats champion at world’s most complicated board game" by Nsikan Akpan, PBS NewsHour 1/27/2016

Excerpt

An artificial intelligence program developed by researchers at Google can beat a human at the board game GO, which some consider to be the most complicated board game in existence.  And this AI program — dubbed AlphaGo — didn’t defeat any ol’ human, but the European Go champion Fan Hui in a tournament last October by five games to nilThe findings, published today in the journal Nature, represent a major coup for machine learning algorithms.

“In a nutshell, by publishing this work as peer-reviewed research, we at Nature want to stimulate the debate about transparency in artificial intelligence,” senior editor Tanguy Chouard said at a press briefing yesterday.  “And this paper seems like the best occasion for this, as it goes- should I say, right at the heart of the mystery of what intelligence is.”

Known as wéiqí in Chinese and baduk in Korean, GO originated in China over 2,500 years ago.  The board consist of a 19 by 19 grid of intersecting lines.  Two players take turns placing black and white marbles on individual intersection points.  Once place, the stones can’t be moved, but they can be captured by completely surrounding an opponent’s marble.  The ultimate objective is control more than 50 percent of the board, but since the board is so intricate, there are numerous possibilities for moves.

“So Go is probably the most complex game ever devised by man.  It has 10^170 (that's 10 followed by 170 zeros) possible board configurations, which is more than the numbers of atoms in the universe,” said study author and AlphaGo co-developer Demis Hassabis of Google DeepMind.

Thursday, January 21, 2016

SPAM - More Than Ever

Ever since the expansion, and loosening of controls, of domain-names (especially in Europe) I've notice an vast proliferation of SPAM.

Example domains:
  • @bborc.top
  • @caorc.top
  • @eeaorc.top
  • @faorc.top
  • @paorc.top
What I noticed (as shown in example above) is these sites only change the characters between "@" and 'dot-whatever' sometimes changing only one character.


REF:  The Spmhaus Project


ALSO:  Google's Fighting Spam

Sunday, January 17, 2016

Saturday, January 16, 2016

PC GAMING - Tomb Raider 2013

Now that my PC Desktop rig is powerful enough I installed "Tomb Raider 2013" (Steam) and WOW what a game.

This is the first time I've seen a console game that was very well ported to PC.  With really usable PC controls.

The graphics are outstanding, the story line very consistent, and the 'puzzles' neat.

"Tomb Raider" is addictive.  Hail Lara Croft, ultimate survivor.

Down side, check-point saves and saves at campfires.



Monday, January 4, 2016

CYBER WARS - The New Law

"Will a new cybersecurity law make us safer?" PBS NewsHour 12/29/2015

Excerpt

SUMMARY:  Folded into the massive spending and tax cut bill was a significant and controversial new law on cybersecurity.  The act encourages private companies to share data about hacks with the government, but it's raising questions among security advocates and privacy groups alike.  Jeffrey Brown talks to James Lewis of the Center for Strategic and International Studies and Elissa Shevinsky of JeKuDo.

GWEN IFILL (NewsHour):  Before the president and Congress left town for the holidays, they managed to enact a massive 2,000-page package of spending and tax cuts.  Typically, these laws draw attention only for the chaos they create, like shutting down the government.

But there’s a lot more deep inside, in this case, a significant and controversial new law governing cyber-security and Internet data.  The new law encourages private companies to share data about cyber-hacks with the government.  It protects companies from liability, and it also allows data to shared with other companies and with the Department of Homeland Security.

Lawmakers from both parties said it was a good deal.

SEN. DIANNE FEINSTEIN, D-Calif.:  If someone sees a particular virus or harmful cyber-signature, they should tell others, so they can protect themselves.  That’s what this bill does.

REP. DEVIN NUNES, R-Calif.:  We believe that sharing is an area where you really can’t do any harm.  It doesn’t hurt anybody to have a way to talk.  But, right now, they can’t even talk.

SEN. SUSAN COLLINS, R-Maine:  Does it make sense that we require one case of measles to be reported to a federal government agency, but not a cyber-attack?

GWEN IFILL:  But there are some security advocates and privacy groups who say the law manages to go too far and not quite far enough.

Jeffrey Brown has that debate.

JEFFREY BROWN (NewsHour):  To understand more, we’re joined by James Lewis, senior fellow for the Center for Strategic and International Studies, and Elissa Shevinsky, founder of JeKuDo, a tech start-up designed to provide private communications to customers.