The National Lottery was not hacked
Camelot yesterday reported that a few days prior, it had noticed unusual activity on a number of online National Lottery accounts. Roughly 26,500 of 9.5 million accounts are thought to have been compromised, with suspicious activity — in this case, personal details being changed — noted on less than 50. Since then, UK and international media have reported on this incident, with the vast majority of coverage sporting striking headlines along the lines of “National Lottery hacked.” This statement is simply untrue. The National Lottery was not hacked.
National Lottery operator Camelot says as much in its statement: “We would like to make clear that there has been no unauthorised access to core National Lottery systems or any of our databases.”
“We believe that the email address and password used on the National Lottery website may have been stolen from another website where affected players use the same details.”
This is called credential stuffing, whereby previously exposed usernames and passwords are opportunistically plugged into other websites and services, since it’s not uncommon for people to recycle user/pass combinations. If hacking is like breaking down a door, or at least picking the lock, then credential stuffing is like finding a key at the bottom of the road and trying it in every door, hoping to land on a fit. They are very, very different.
The whole situation is still alarming, of course. For one, there’s no word on where those 26,500 account details came from. A previous hack or phishing campaign, perhaps? Worst case scenario: a recent hack of a site or service that has gone, as yet, undetected. The National Crime Agency and National Cyber Security Centre are investigating, so we might learn more in due course.
Camelot’s immediate reaction has been to suspend the affected accounts and contact users about reactivating them. There’s been no financial fallout, but obviously there are some personal details attached to the accounts that may’ve been seen/scraped.
LinkedIn was hacked, Ashley Madison was hacked, TalkTalk was hacked, Tesco Bank was hacked. The National Lottery was not hacked.
Source: Camelot
Mozilla and Tor Warn of Critical Firefox Vulnerability, Urge Users to Update
Mozilla and Tor have published browser updates to patch a critical Firefox vulnerability used to deanonymize users (via ArsTechnica).
Privacy tool Tor is based on the open-source Firefox browser developed by Mozilla, which received a copy of the previously unknown JavaScript-based attack code yesterday. Mozilla said in a blog post that the vulnerability had been fixed in a just-released version of Firefox for mainstream users.
The code execution flaw was reportedly already being exploited in the wild on Windows systems, but in an advisory published later on Wednesday, Tor officials warned that Mac users were vulnerable to the same hack.
“Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available, the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately.”
The exploit is capable of sending the user’s IP and MAC address to an attacker-controlled server, and resembles “network investigative techniques” previously used by law-enforcement agencies to unmask Tor users, leading some in the developer community to speculate that the new exploit was developed by the FBI or another government agency and was somehow leaked. Mozilla security official Daniel Veditz stopped short of pointing the finger at the authorities, but underlined the perceived risks involved in attempts to sabotage online privacy.
“If this exploit was in fact developed and deployed by a government agency, the fact that it has been published and can now be used by anyone to attack Firefox users is a clear demonstration of how supposedly limited government hacking can become a threat to the broader Web.”
The Firefox attack code first circulated on Tuesday on a Tor discussion list and was quickly confirmed as a zero-day exploit – the term given to vulnerabilities that are actively used in the wild before the developer has a patch in place.
The latest Tor update that fixes the vulnerability is version 6.0.7 and can be downloaded here.
Vanilla Firefox users can download the update to their browser manually from here.
Tags: privacy, Firefox, Tor browser
Discuss this article in our forums
Plex Media Player for Mac Now a Free Download for All Users
Media management service Plex has announced that its Plex Media Player app is now free to everyone. Previously only available to Pass subscribers, the Plex app for Mac is a home theater-style media browser and player for content stored in personal media libraries.
The now full-screen desktop interface features a large array of configuration options and can search online metadata for users’ media and integrate relevant files into the library, including artwork and movie subtitles. In the latest update, it also allows users to queue up movies and music.
Maybe you pine for stuff like Plex Media Player’s silky smooth playback, complex subtitle rendering, and lightning fast seeking on your desktop. Maybe you have a lower-powered NAS server that doesn’t like to transcode. Or maybe you’d just like to rock out to some FLAC while you work. Until today, your only option was to find some place to stash a little baby Media Player window and muddle through the TV UI to queue up your background music of choice.
Well, no more: we’ve harnessed our incredibly powerful Web app and wrapped it up inside our lovely Plex Media Player shell to give you a full-fledged “desktop mode” experience right out of the box. With Plex Media Player running in a window, you can now use your mouse and keyboard as nature intended, and switching to the TV UI is as easy as going full-screen.
In addition to making Plex Media Player a free download, Plex also announced the long-awaited Plex for Kodi add-on. Kodi is a fully extensible, community driven software media center with wide support for playing a range of media content. Exclusively for Plex Pass members, the Plex add-on brings users’ Plex-processed media libraries to the Kodi interface for the first time.
Tag: Plex
Discuss this article in our forums
YouTube Adds 4K Live Streaming Support to its Content Infrastructure
YouTube has announced it now supports 4K live streaming at 60 frames per second, enabling content creators to live broadcast both 360-degree and standard video in the high resolution standard.
Viewers with screens equipped to take advantage of the resolution shouldn’t have to wait long to tune in to regularly streamed 4K broadcasts. YouTube said the first event to be live streamed in 4K will be the Game Awards, which takes place today at 9pm EST (6pm PST).
For creators this means the ability to take advantage of an incredibly clear picture for recorded and now streaming video. It’s the kind of thing that can help to push their hardware (and their talent) to create the most beautiful or just plain crazy-looking images and videos possible. And with 360 4K live streams, the sky is (literally) the limit. Get ready for 360 concert and event streams that look sharper, cleaner, and brighter than ever before.
4K video uploading has been supported on YouTube since 2010, but the high resolution content has only gained steam more recently as the technology gradually approaches the mainstream. Today’s upgrade to the Google-owned service also potentially opens the door to 4K live streamed events like sports and concerts being included in YouTube’s forthcoming “Unplugged” web-based TV streaming service, which is close to being finalized.
Unplugged is said to include a “skinny bundle” of channels from the four major U.S. networks, along with a few popular cable channels priced at around $35 per month. YouTube has been in talks with major media companies like 21st Century Fox and Disney, and signed up CBS to be included in the subscription package in October.
Last month also saw Google debut the Chromecast Ultra, a 4K version of its popular streaming device. Set to be released this December, the Ultra can stream 4K content from YouTube, Netflix, and Vudu, and 4K movies from Google Play Movies.
The latest announcement offers another sign that Google is pulling ahead of Apple in the race to offer a high-resolution streaming television service. Apple’s plans to offer a TV package subscription service of any sort have stalled in recent years because of its “hard-nosed” negotiation tactics with content providers and an inability to allay fears about the interruption of traditional revenue streams.
As for 4K, the latest Apple TV does not support the UltraHD resolution and iTunes has yet to offer the content.
Related Roundups: Apple TV, tvOS 10
Tags: Google, YouTube, 4K
Buyer’s Guide: Apple TV (Caution)
Discuss this article in our forums
Apple Pay Launches in Spain
Apple Pay today launched in Spain, marking the 13th country where the mobile wallet service is available for Apple customers. The news follows a report published yesterday by Spanish website Applesfera that said Apple Pay would launch in the country on December 1.
Today, Apple Pay’s availability in Spain began through a partnership with Amex and Banco de Santander.
At participating retailers, Apple Pay allows customers to pay for meals, clothes, groceries, and other items through a simple one-tap payment solution that uses existing NFC technology, and the service has slowly been adding additional retail partners since its launch in 2014. Apple Pay is also available within some apps, and is now available on the web in iOS 10 and macOS Sierra.
After today, Apple Pay is now available in the U.S., UK, China, Australia, Canada, Switzerland, France, Hong Kong, Russia, Singapore, Spain, Japan, and New Zealand. Most recently, Apple Pay launched in Japan with the support of the country’s widely adopted FeliCa payments standard, meaning only iPhone 7, iPhone 7 Plus, and Apple Watch Series 2 models that are sold in the country can be used for Apple Pay transactions there.
Related Roundup: Apple Pay
Tag: Spain
Discuss this article in our forums
Samsung works with Australian carriers to block the Note 7
Note 7 will be cut off from accessing mobile networks in Australia.
At this point, I thought we were done with the Note 7 saga. Turns out that isn’t the case, as Samsung is now announcing that it is working with Australian carriers to disable services for Note 7 units in the country. Samsung did the same with New Zealand carriers last month, so it isn’t surprising to see the company resort to the same measures in other regions as it tries to get back the few units still out in the wild.
According to the official statement, network access for the Note 7 will be cut off on December 15:
Samsung Electronics Australia is working with local telecommunications operators to discontinue Australian network services for Galaxy Note 7 devices that are still being used in Australia.
The network discontinuation will commence from December 15 and is part of Samsung’s ongoing safety measures to recover all affected Galaxy Note 7 devices.
Galaxy Note 7 customers in Australia have responded well to the recent recall, with only a small number of affected devices still in customers’ hands.
Note 7 customers in the country will be able to exchange their devices for either a Galaxy S7 or an S7 edge, with Samsung refunding the difference in retail price. The comany is incentivizing the exchange even further by providing AU$250 worth of credit to those returning their Note 7 units. If you’re still holding on to your Note 7, it’s about time you returned it.
Samsung Galaxy Note 7
- Galaxy Note 7 fires, recall and cancellation: Everything you need to know
- Survey results: Samsung users stay loyal after Note 7 recall
- Samsung Galaxy Note 7 review
- The latest Galaxy Note 7 news
- Join the Note 7 discussion in the forums!
Android 7.0 Nougat is now making its way to the Xperia XZ
Nougat goodness is coming to the Xperia XZ.
After rolling out Nougat to the Xperia X Performance yesterday, Sony is now making the update available on the Xperia XZ. The update brings build number 39.2.A.0.327, and is rolling out initially to the unlocked variant (F8331) as well as the dual-SIM model (F8332).
As noted by Xperia Blog, the Nougat update should be making its way to other Xperia XZ variants shortly. The update itself brings multi-window mode, improvements to Stamina battery-saver mode, enhancements to the camera, and more.
Android Nougat
- Android 7.0 Nougat: Everything you need to know
- Will my phone get Android Nougat?
- Google Pixel + Pixel XL review
- All Android Nougat news
- How to manually update your Nexus or Pixel
- Join the Discussion
Fitbit is on the verge of buying Pebble for $40 million
The Information has reported that smartwatch and fitness tracking specialist Fitbit is in the midst of a $40 million takeover of smartwatch maker Pebble. If the deal goes through, then Fitbit is said to receive all of Pebble’s intellectual property and wearable expertise, which will go some way to expanding Fitbit’s range of products.
- Pebble 2016 line-up: Pebble Core, Pebble 2 and Pebble Time 2 explained
It’s claimed Pebble has been in financial difficulty lately, amassing high debt following poor sales, and the majority of Fitbit’s $40 million bid will be used to clear it.
The first Pebble smartwatch launched on Kickstarter in 2012 where it raised nearly $10 million, the most money raised for any Kickstarter project at the time. Since then the company has released new versions of the smartwatch which again have raised an impressive amount of money on Kickstarter, but increasing competition from the likes of Apple and Samsung has led to poor sales since.
The company was forced to lay off a quarter of its workforce in March and reached out to investors and debt funding companies to help it stay afloat. It’s now apparent that regardless of this help, Pebble isn’t able to run as a successful business.
- Which Fitbit is right for me?
What may be some crushing news for Pebble though, is that it’s had two previous takeover bids, one from Citizen in 2015 for $740 million and one for $70 million from Intel earlier this year.
Neither company has commented on the takeover just yet and we don’t know when things will be finalised. We’ll be sure to update this story as and when we know more.
B&O Play H9s will deliver smooth, Scandinavian sound to your ears, with no external noise
Purveyor of fine Scandinavian audio products B&O Play has just released its new flagship pair of headphones, the Beoplay H9. They’re a wireless on-ear design, available in black and argilla grey finishes, so they’ll keep you looking good no matter where you wear them.
The headline feature though is active noise cancellation. This tech sees several tiny microphones places on both sides of the earcup to capture any external noise, reverse it and send it back out to leave you with just your music entering your lugholes. B&O Play says all you’re left with is signature Bang & Olufsen sound: “well-rounded, clean and authentic”.
During listening sessions you can use an intuitive touch interface on the right earpiece to change tracks and volume, turn noise cancellation on or off and also answer calls. With winter fast approaching, you’re likely to start wearing gloves when out and about, fortunately for you, the interface responds to gestures while wearing gloves too.
You can also use the companion Beoplay app for iOS, Android and Apple Watch to adjust the sound profile of the headphones to suit your tastes. Preset modes include Commute, Clear, Workout and Podcast. From the app you can also monitor the battery level of the H9 headphones, carry out functions such as changing track, volume and noise cancellation and perform software updates for the headphones.
B&O Play says a three hour charge will reward you with 14 hours of playback with noise cancellation turned on, but if you do happen to run out of juice, and don’t have a spare battery to swap out, you can connect an audio cord to listen to them in a wired state.
The B&O Play Beoplay H9 headphones are available now for £449 and come supplied with a carry bag, charging cable and audio cable.
Fujifilm’s new X-A10 is a compact selfie-shooter
Fujifilm has taken the wraps off its new X-A10 compact mirrorless camera complete with a newly-developed 16.3-megapixel APS-C sensor. It arrives as an entry-level model, but Fujifilm says the new sensor, combined with its image processing technology will let you shoot “premium quality images in any conditions”.
- Fujifilm X-A3: Selfie-focused compact camera ups the resolution ante
There’s a native ISO range of 200-6400, 49-zone autofocus to help keep your pictures crystal clear and six film simulation modes that provide welcome effects to your images.
But you’re not limited to shooting just landscapes, objects and portraits, oh no. The X-A10 comes with Fuji’s 180-degree slide and tilt screen, that turns it into a super selfie snapper.
The slide mechanism lets you move the screen out a bit so none of it is blocked by the camera and Fujifilm has fitted a shutter that sits naturally under your index finger to minimise camera shake.
When you do rotate the screen by 180-degrees, the camera automatically enables its Eye Detection autofocus function that tracks your eyes to ensure your photos are pin-sharp.
The X-A10 has received some other features from Fuji’s selfie-focused cameras, such as a longlife battery, good for a claimed 410 frames and a minimum working distance of 7cm from the front edge of the lens for close up macro photography.
The X-A10 has other built-in features such as a “super intelligent flash” which can control light output depending on the shooting conditions, full HD recording, panorama and time lapse shooting modes and Wi-Fi for connecting a smartphone. And of course, everything is housed within a body that is distinctly Fuji. You only need to take one look to appreciate the sweet, retro looks.
If that’s enough selfie goodness to take your fancy, you can pick up an X-A10 for £499.
AIVAnet 