Today In The News, MS Teams Hacked, IT Admin Gets 7 Years

Daily News For:
05-20-2022
Bitcoin (BTC USD) Mining Is Back in China Despite Government Ban | Bloomberg

US accounted for 37.84% of global hashrate, a measure of computing power used to extract the digital currency, between September 2021 to January. China has reemerged as the second-largest locale despite a government ban on mining last year. The country has seen a sudden surge in activity through “covert mining operations” and has “re-emerged’s as a major mining hub” Russia accounted for 4.66% and has seen mining operations relegated elsewhere.

Apple sued after loud Amber Alert on AirPods said to damage Texas boy’s hearing

Apple Inc has been sued by the family of a Texas child who allegedly suffered permanent hearing loss from an Amber Alert on the company’s AirPod wireless earbuds. The family says the AirPods were defective because they play alerts at dangerous volume, regardless of the volume set by the user. Apple did not immediately respond to a request for comment. The lawsuit was filed in San Jose, California, federal court in California on Monday in federal court. It says the boy, identified as B.G., suffered from dizziness and needs to wear a hearing aid.

Microsoft Teams, Windows 11 hacked on first day of Pwn2Own

During Pwn2Own Vancouver 2022, contestants won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft’s Windows 11 operating system and the Teams communication platform. The first to fall was Microsoft Teams in the enterprise communications category after Hector Peralta exploited an improper configuration flaw. The STAR Labs team earned $150,000 for successfully demonstrating their Microsoft Teams zero-days. The top award for hacking a Tesla Model 3 is now $600,000 (plus the car itself).


Hacker shows how to unlock, start and drive off with someone else’s Tesla

Hack could allow thieves to drive off with Tesla Model 3 and Y cars. Hack involves redirecting communications between a car owner’s mobile phone, or key fob, and the car. The hack isn’t specific to Tesla, but it’s the result of his tinkering with the keyless entry system. There’s no evidence that thieves have used the hack to improperly access Tesla vehicles. To fix it, the carmaker would need to alter its hardware and change its system, researcher says.

IT admin gets 7 years for wiping his company’s servers to prove a point

An indignant IT admin, seemingly aiming to prove the lax security his employer had hitherto ignored, proceeded to delete a bunch of vital financial databases, and has subsequently been given seven years in prison as a result. It’s what’s known in the IT trade as ‘cutting your nose off to spite your face,’ or inadvisably hulking out on a server you’re known to have access to and have already complained about

About

Today In Tech is a daily blog post and news letter aimed to provide a quick summary of the daily news around the tech world. Want to see something new or more content? Let me know! hello@nonstopdev.com

Stop Using DuckDuckGo

I was told recently that someone had their VanillaGift.com VISA gift card number stolen online when trying to use it. This is a typical one you find in a Walgreens or other drug store that comes preloaded and if you remember how much is on it, you can use it like a normal credit card.

Tracing back their steps, they were trying to buy some furniture online. They were ready to use it but wanted to check the balance to make sure it was activated. They opened Chrome on their laptop, typed VanillaGift.com and hit enter. A list of results popped up, clicked it and entered the details to get an error. When they tried the process an hour later, they found their whole balance was gone.

It took about a whole 3 minutes to figure out what happened and this serves as a word of warning why Search Engines are not something to easily replace.

Marketing does a good job at pitching “privacy” when pitching new products as a differentiator to the competition. They focus on how their product doesn’t track, doesn’t sell data, doesn’t personalize, yada yada yada.. to keep your information safe and provide a more default experience to everyone.

Normally, yes. This is a feature you should look at when buying something maybe like a video camera from your house or a voice assistant. This is NOT something you should use to make your decision for a central point of your life like the default search engine in your browser.

This is NOT something you should use to make your decision for a central point of your life like the default search engine in your browser.

What happened was this marketing game that wannabe Google type search engines play. They want your browser so they make it easy to see a commercial, go into your settings and boom, your home page is now the new search engine.

The problem is not all search engines act the same. The results are differnet, but how they interact with the browser is different. When you enable something like DuckDuckGo, you are not just changing your search results that most people think happens. You are changing the default behavior that a lot of people are used to where they use the default behavior of where you enter a search term or URL. When this changes without you knowing, you are at risk in a big way.

Standard Google Homepage in Chrome

You can see above, Google allows you to type in terms or URL. If you enter VanillaGift.com as a lot of people are used to, it would bring you to VanillaGift.com, the legit website for the VISA gift card.

If you follow the “protect your privacy” marketing and move to DuckDuckGo using the standard Google search engine settings, the same home page format looks very similar (see below). The problem here is that the DuckDuckGo search box no longer routes you to the URL you enter.

Standard DuckDuckGo Search

In the same example, if you enter VanillaGift.com, you are not brought to the website you entered. You are brought to their search page for “VanillaGift.com”. DuckDuck go isn’t incentivized to route you right to the URL and would rather show you ads for revenue since they are not making money off data.

The problem is showing you ads on their website or ranking a website up from a bad actor is pretty common. There is plenty of URLs of websites that are not legit and because they don’t tailor search results, malicious websites can easily make it to the front page and even easier: place ads and capture enough victims to make it worth while.

All in all, the focus on privacy and being more aware is something we all need to do more of but if you are like most people who use Gmail, iPhones, Facebook, and every other website that tracks you, stick to Google and let them provide the level of protection and filtering that most people need since the majority of websites you visit are perfectly fine in their search results and can avoid a similar hearbreaking experience.

At the time of writing, the ad for the impostor site is no longer in the list of ads and seems like there is no ads being displayed. Simply entering VanillaGift.com into DDG does return the main links with no ads however, there are multiple URLs on the home page that imitate the original website looking to capture the victims gift card information.