Category: iT news

Image copyright
Twitter

A UK hacker reportedly fooled top White House officials into engaging in fake email exchanges.

The self-proclaimed “email prankster” convinced a senior cyber security adviser he was the president’s son-in-law, Jared Kushner, CNN says.

He also goaded the then media chief, Anthony Scaramucci, in the guise of ex-chief of staff Reince Priebus.

Concerns about cyber security are running high amid claims hackers interfered in the US election.

The White House told CNN it was investigating the latest incident and took the issue very seriously.

The prankster posted some of the email exchanges on Twitter, where he describes himself as a “lazy anarchist”, and said he was doing it for fun. On Tuesday he promised not to target the White House again, but said “you need to tighten up IT policy”.

Here are three of the most memorable parts of the hoax:

1. Security adviser gives out personal email address

Homeland Security Adviser Tom Bossert was apparently tricked into believing Mr Kushner had invited him to a party and gave out his personal email address unsolicited.

“Tom, we are arranging a bit of a soirée towards the end of August,” the fake Mr Kushner wrote in emails shared with CNN. “It would be great if you could make it, I promise food of at least comparible [sic] quality to that which we ate in Iraq. Should be a great evening.”

Mr Bossert replied: “Thanks, Jared. With a promise like that, I can’t refuse. Also, if you ever need it, my personal email is [redacted].”

Image copyright
Reuters

The cyber security adviser has not commented publicly on the reports.

2. Scaramucci row: A Shakespearean tale of jealousy and betrayal?

A day after Mr Priebus was removed as White House chief of staff, the hacker emailed then-White House media chief Mr Scaramucci pretending to be his adversary.

The fake Mr Priebus accused Mr Scaramucci of being “breathtakingly hypocritical” and acting in a way not “even remotely classy”.

Media playback is unsupported on your device

Mr Scaramucci, appointed communications director a week earlier, had accused Mr Priebus – a Republican Party stalwart – of leaking to the press. He also phoned a reporter to unleash a profanity-filled rant against Mr Priebus, whom he called a “paranoid schizophrenic”.

Tricked by the fake emails on Saturday, the real Mr Scaramucci said: “You know what you did. We all do. Even today. But rest assured we were prepared. A Man would apologize.”

When the pretend Mr Priebus wrote back defending his work, Mr Scaramucci responded: “Read Shakespeare. Particularly Othello.”

Mr Scaramucci was sacked as President Trump’s media chief on Monday.

3. Donald Trump Jr cottons on

Eric Trump, too, was briefly hoodwinked by the prankster emailing as his older brother, Donald Trump Jr, about a long-range hunting rifle.

But Donald Jr soon realised it was a scam and replied: “I have sent this to law enforcement who will handle from here.”

Media playback is unsupported on your device

Experts told CNN the incidents showed how even the most powerful people in America remained vulnerable to phishing attacks, where hackers send fake emails to induce individuals to reveal personal information.

Concern about politicians being targeted is particularly high after the attack on the Democratic National Committee during the US presidential election.

US authorities attributed that incident to Russia and said that a significant component of the attack involved phishing.

More recently, the electoral campaign of President Emmanuel Macron in France was targeted by a similar campaign.

---

Analysis: ‘All they do is spoof the email’

Chris Baraniuk, BBC News technology reporter

If you think your email address is proof of who you are, think again. It’s long been a feature of the technology that someone can set up a mail server to send emails that look as though they have come from another person. Say “”.

But in such cases, any reply to that message will go to the real “”. The email prankster was able to receive the replies, of course, because he or she published them. How?

While we don’t know the details, it’s possible that an email address was set up at a domain name that was very similar to “whitehouse.gov”.

It’s a well-known problem, says cyber security expert Prof Alan Woodward at the University of Surrey. He points out that scammers in the UK have been known to email house buyers with an apparent message from their solicitor. It asks them to transfer payment to the scammer’s account.

“All they do is they spoof the email by changing one character,” says Prof Woodward. The recipient’s eye hastily skims over the altered or missing letter, and the message is simply taken as legitimate.

Image copyright
Cyberint

Trade on several of the dark web’s illegal markets has boomed since two major players were shut by the authorities last month, according to research carried out for the BBC.

The US and Dutch authorities forced AlphaBay and Hansa offline to prevent the sale of drugs, weapons and malware.

But over the last week of July, other sites saw their number of listings rise by as much as 28%, the study indicates.

Sales of some goods do, however, appear to have been reduced.

“There is growing evidence that when one illegal dark web marketplace is closed, the illicit business quickly starts to be redirected to other sites which are still active,” commented Elad Ben-Meir, marketing chief at the Israeli cyber-security firm Cyberint, which carried out the research.

“However, there is also evidence that continuing crackdowns by international law enforcement operations, are having the effect of forcing illicit traders away from those sites selling firearms or child pornography.”

Media playback is unsupported on your device

The markets are given the “dark web” moniker because they cannot be accessed via a normal internet browser, and their listings are hidden from mainstream search engines.

‘Fear and uncertainty’

The closure of AlphaBay and Hansa was revealed on 20 July.

Cyberint looked at what change in activity there had been on five other leading dark web markets between 24 July and 31 July.

According to its numbers, Dream Market is now the biggest illegal store with a total of 98,844 listings at the end of the month.

The site was launched in late 2013 and is now one of the oldest dark web markets in existence.

Its number of listings rose by 3,818 over the course of the week.

While that was the biggest increase of the surveyed sites in numerical terms, it represented a relatively modest increase of 3.9%.

“There is some interesting buzz around Dream Market potentially being compromised and/or under law enforcement control, which is feeding fear and uncertainty amongst vendors and buyers,” said Mr Ben-Meir.

“That is probably why Dream Market has not grown substantially in the wake of the takedowns.”

Europol and the FBI have promised “hundreds” of follow-up investigations off the back of their initial takedowns.

Dream Market vendors are aware that Hansa was seized and covertly monitored for about a month after AlphaBay was deactivated.

That has led to unverified speculation on several online forums that Dream Market’s servers have also been hijacked.

‘Touting for business’

The next biggest site is TradeRoute, which rose from 14,914 listings to 17,816 over the period – a 16.3% gain.

It includes forged documents and black market tobacco and alcohol among its wares.

“TradeRoute is actively touting for new business with threads welcoming vendors displaced from AlphaBay,” said Cyberint’s report.

Image copyright
Cyberint

In percentage terms, Tochka can claim the biggest boost. Its listings rose by 28.1% to 2,390.

The site specialises in illegal and prescription drugs among other products.

Wall Street Market, a relatively new platform with a more polished design than is the norm for such sites, experienced a similar lift.

Its number of listings grew by 25.4% over the week to 2,216.

Gun market

Of the markets covered, only one experienced a drop-off in activity.

RsClub Market is the only one of the five sites to sell guns – its only restriction on weapons listings is that they must not offer “weapons of mass destruction”.

The site’s listing count dropped by 638 to 1,689 over the week – a 37.8% fall-off.

Image copyright
Cyberint

Cyberint suggested that this might be linked to the fact the Rand Corporation think tank and the University of Manchester had jointly published a report into the size and scope of the dark web’s illegal arms trade on 19 July. It said that 60% of the weapons put on sale had been sourced from the US, and that terrorists were among suspected buyers.

Cyberint believes those looking to buy and sell other illegal goods might now be steering clear of RsClub Market because it was likely to be a focus of follow-up investigations.

One adviser to Europol said the findings were of interest but only told half the story.

“The takedowns have certainly not discouraged the vendors but it’s still not totally clear if it has put off the buyers,” said Alan Woodward.

“The sellers believe they are relatively immune – they don’t use their real details so are hard to track down even if a site is commandeered – but the users have to give delivery addresses and the like.

“That’s why the emphasis is on taking the markets down and that’s exactly what law enforcement wants to do.”

VSCO is getting into video. Starting today, the photo filtering company is beginning to introduce video editing capabilities to its flagship app. Naturally, they’ll revolve around filters. But there’s one big downside: the video features are only being given to paying subscribers. TechCrunch first reported the update.

For now, at least, editing seems to be limited to coloring and grading an image. So you’ll be able to apply filters and tweak aspects of a video like contrast and saturation, but it sounds like you won’t be able to trim a clip or cut multiple clips together, making it a pretty basic tool.

Still, VSCO’s photo filters often make for some great looking images. And if it can recreate that with video, it may well find some fans — there are certainly editors who’d be happy to use VSCO’s photo presets in Premiere if that were an option. The tools are only available on iOS for now, but they’re supposed to launch on Android “soon.”

And it’s likely there’s more to come. VSCO says it’s releasing an “early access version” of the feature today, which implies that it isn’t finished yet.

Unfortunately, the feature is only being released to people who pay for VSCO’s $19.99 per year membership program, called VSCO X, which basically just gives you access to a bunch of filters you can probably buy for cheaper than $20, as well as some bonus filters that you can’t buy outright. While it’s frustrating that free users won’t be able to try out the video editing tools, keeping them exclusive to VSCO X certainly sounds like a good way to drive subscriptions.

On a somewhat related note, VSCO’s UI remains entirely unintelligible.

Google’s Daydream virtual reality platform is now rolling out on the Samsung Galaxy S8 and S8 Plus, fulfilling a promise Google made earlier this year. Google announced the news last night, although it said on Twitter that it would take time to reach all S8 and S8 Plus owners. The expansion is a major boost for the Daydream platform, which first launched last year for the Google Pixel.

Galaxy S8 and S8 Plus users could already use VR apps with Samsung and Oculus’ $129 Gear VR, but now they can also try out Google’s $79 Daydream View, which supports its own set of apps. The two options offer a fundamentally similar mobile experience, but both have some exclusive apps and games, and their hardware looks and feels very different. Earlier this year, we concluded that the Gear VR’s app ecosystem still made it a better choice than Daydream — but this update will give developers a bigger incentive to build for Google’s platform.

Until now, Daydream was accessible on the HTC-built Google Pixel, as well as phones from Huawei, Asus, ZTE, and Lenovo. But none of these manufacturers have the reach of Samsung, which meant that comparatively few people could access Daydream. Google has promised a total of 11 phones with Daydream support by the end of the year, including a flagship device from LG.

Mophie simultaneously announced and released a new battery pack today — the USB-C XXL — that features both USB-C and USB-A ports. The 19,500mAh portable battery is meant to charge larger gadgets, like Apple’s new MacBooks and the Nintendo Switch, with its 30W fast-charging. Any smaller USB-C-enabled smartphone can be charged, too, or iPhones and iPads from the USB-A port. The USB-A port handles up to 5W charging.

The USB-C port either accepts or provides a charge, so that’s how you’ll keep the XXL powered. (The pack also comes with a USB-C to USB-C cable and a USB-A to USB-C cable.) You can, of course, charge two devices at once with the battery, and add up to 16 hours of battery life to a MacBook, according to Mophie.

What’s most exciting to me is the inclusion of fabric on the battery pack. Mophie says it’s supposed to add a “premium look and feel.” I do think it classes the external battery up a bit — or at least photographs well. As is always the case with Mophie, the XXL isn’t cheap. It costs $149.95, although at least you’re getting that “premium look and feel” and a USB-C port for the cost.

Microsoft is now making two Windows Mixed Reality headsets available to anyone today. The software giant has listed Acer’s headset in its online Microsoft Store for $299, alongside the $329 HP headset. Both headsets have similar specifications, including 2.89-inch displays and six degrees of freedom tracking for Microsoft’s Windows Mixed Reality world.

Microsoft first opened preorders for its headsets back in May, allowing developers to get early access. While these headsets are still aimed at developers, anyone can purchase them from the Microsoft Store today. Both development kits use internal tracking sensors, which removes the need for external cameras or markers. The experience of the headsets is very similar to VR, regardless of the “mixed reality” branding.

Despite revealing surprisingly low minimum specs for its Windows Mixed Reality back in December, Microsoft’s listing in its online store suggests you’ll need a PC with an Nvidia GTX 980 / 1060 or higher to get a good experience. That’s far from the minimum integrated Intel HD Graphics 620 specs that were promised, but hopefully Microsoft is still tweaking its Windows Mixed Reality shell to run apps smoothly on less powerful machines. Acer, ASUS, Dell, HP, and Lenovo are all planning to release Windows Mixed Reality headsets later this year.

What Happened to Monday, an independent film that Netflix picked up at the Toronto International Film Festival last September, lands on the platform on August 18th.

The official trailer was released today. It outlines the story of seven sisters (named for the days of the week) who — in a near-future dystopian society with a strict one-child policy — are forced to share one identity. The sisters are played by Noomi Rapace, best known for starring in the original Swedish adaptations of Stieg Larsson’s Millennium series. (Only The Girl with the Dragon Tattoo received an English-language remake.) More recently, she played Dr. Elizabeth Shaw in Ridley Scott’s Prometheus and Alien: Covenant.

Willem Defoe co-stars as the sisters’ grandfather, who raises them and teaches them how to hide from the government, and Glenn Close plays the authoritarian responsible for the population control policy.

The film was directed by Tommy Wirkola, best known for 2013’s unwatchable Hansel and Gretel: Witch Hunters and a 2009 Norwegian film about Nazi zombies. He worked from a script written by Alex Cross screenwriter Kerry Williamson and Opposite Day screenwriter Max Botkin.

This isn’t exactly fresh material for dystopian fiction. What Happened to Monday seems to borrow from Orson Scott Card’s Ender’s Game and Margaret Patterson’s Shadow Children series to name just a couple. But it looks fine, as a late-summer, late-afternoon thing to watch on Netflix.

Lenovo’s beefed-up version of the Moto E4, the Moto E4 Plus, will be available on Verizon starting August 3rd, but it’s also coming unlocked simultaneously to Best Buy, Amazon, and a couple other online retailers. Then, on August 11th, it will hit Sprint and Ting, then finally Republic Wireless on August 14th. The unlocked price is $179.99.

The Plus is following in the footsteps of its little $129.99 sibling, the E4, offering compatibility with all the major (and non-major, by extension) carriers in the US. The Plus bumps the display size from 5 inches to 5.5 inches, and nearly doubles the battery capacity — 5,000mAh instead of the 2,800mAh — that’s offered by the E4.

The E4 Plus will also be available as an Amazon Prime Exclusive Phone, where you can look at ads on your lock screen in exchange for a nice discount on the price: the E4 is $99 with ads, and the E4 Plus should get a similar or greater discount.

In addition to that huge battery, the phone comes with a 13-megapixel camera, Android 7.1, a sad 2GB of RAM, and a Snapdragon 427. (The version released in India seems to have more RAM and a different processor.) Also, there are only 1280 x 720 pixels to stretch across that 5.5-inch screen. This phone is only aspirational in battery size, but that might be enough for some people.

Google has launched a new feature for image search called badges that will categorize the content behind selected images. For example, if a picture is pulled from a recipe or from a video, the badge will identify it as such.

The new feature, which is available on the mobile web and in the Google app for Android devices, will also label GIFs. That should help save some time when you’re looking for the perfect response to whatever stupid thing your friend said. Google hasn’t said when the feature will be available on its iOS app, but it shouldn’t be too long before it shows up.

Amazon is expanding what Fire TV users can do with their Echo devices. Starting today, you’ll be able to control your Fire TV from your Amazon Echo device. The company announced that it’s officially rolling out the ability to pair Echo devices with Fire TVs, so users can tell Alexa to “show me an action movie,” or “open Hulu.” Alexa can launch apps, play shows or movies by title / actor / genre, and control video playback. This functionality was first announced last month with a limited rollout, but today it’s available for Fire TV owners in the US. All generations of the streaming hardware are supported.

Alexa can also control TVs with Amazon’s software built in, like the Element 4K Fire TV Edition. People who own that or future Fire TV Edition smart TVs get the ability to control TV settings like volume and input switching. If connected to an HD antenna, users can also change the channel and pause and resume live TV. They can launch the channel guide, too. Amazon says the update will be available to Fire TV Edition TVs “in the coming week.”

You can link your Fire TV to your Echo device through your phone’s Alexa app. It’ll work similarly to Amazon’s Alexa Voice Remote for the Fire TV, just without the actual remote. The update is compatible with all generations of Fire TV and Fire TV Stick in the US.

Amazon also says users will soon be able to view live video feeds from Alexa-compatible smart home cameras on their Fire TV as well. This makes sense, especially if you don’t feel like checking your phone to see who’s at the front door, or if you want to check in on your kids while watching TV in another room.

Generally, all this Fire TV functionality is a long time coming. It’s sort of shocking that we couldn’t control our Fire TV products from Echo devices before now. I’m sure people will use it frequently. Of course, Google already lets its users control their Chromecast through the Google Home, so now Amazon matches that virtual assistant’s level.