Some YouTube ads forced users’ computers to mine cryptocurrency
Ads with a side of crypto mining.
YouTube’s had a lot to deal with recently following the whole Logan Paul ordeal, but now that that’s over, the video-sharing site was recently hit with another issue – mining attacks.
This week, users in France, Italy, Japan, Spain, and Taiwan reported that their antivirus programs were alerting them of unauthorized cryptocurrency mining code while watching videos on YouTube. Even when users changed browsers and visited other websites, these warnings only popped up while on YouTube.
Following these complaints, online security company Trend Micro reported that attackers had been using Google’s DoubleClick advertisement system to take control of users’ computers’ CPUs to mine cryptocurrency – specifically, a digital coin called Monero.
Hey @avast_antivirus seems that you are blocking crypto miners (#coinhive) in @YouTube #adsThank you :)https://t.co/p2JjwnQyxz
— Diego Betto (@diegobetto) January 25, 2018
The mining code was able to do its thing by injecting a JavaScript code into ads being served to viewers. In fact, 9 out of 10 reported instances reveal that the JavaScript being used was provided by Coinhive. Coinhive is an online service that allows you to mine cryptocurrency, but it’s often looked down upon as it allows you to use computers you don’t own to run its code and mine virtual currency for yourself.
Speaking to Ars Technica, security expert Troy Mursch said:
YouTube was likely targeted because users are typically on the site for an extended period of time. This is a prime target for cryptojacking malware, because the longer the users are mining for cryptocurrency the more money is made.
Thankfully, this current attack has been thwarted. According to a Google spokesperson, “the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.” There’s some confusion surrounding the time-frame Google’s talking about, however, as Trend Micro indicates that attacks have been taking place since January 18.
In any case, you should be safe to keep watching AC’s YouTube channel without any unwanted mining 👏.
YouTube TV already has 300,000 users less than a year after launch
Soar through the sky with the $26 Syma X5C RC Quadcopter
Start your new life as a pilot with the Syma X5C Quadcopter.
Note: You must choose Tenergy Corporation as the seller for the coupon code to work.
Tenergy Corporation via Amazon is offering the Syma X5C RC Quadcopter for just $26.39 when you enter promo code TWXXPSIY at checkout. The last great deal we saw on this drone was at $30.
Syma’s compact X5C drone features a 2MP HD camera which can take photos or record video of its flight. With the press of a button on the remote, it can flip 360 degrees. It’s also wind-resistant, though you can fly it indoors too if you’d like.
This drone has a 6-axis Gyro stabilization system to ensure stability while in the air. It can fly for seven minutes and has a 100 minute charge time.
Amazon rates this item with 3.9 out of 5 stars after over 4,400 reviews.
See at Amazon
HQ Trivia gets rid of $20 limit to cash out your winnings
Now, If I could just win a game.
Like a lot of my fellow HQuties reading this, I’ve still yet to win a match of HQ Trivia. The closest I’ve gotten so far is Question 6, but even so, I continue to press on until I can go from Qumero Numero Uno all the way to Question 12. However, there’s been one thing troubling me if/when I ever reach that day of nirvana – HQ Trivia’s minimum payout.
Because of how many people are playing HQ Trivia these days, winning a game typically results in your share of the prize money being $10 or less. That’s not an awful deal for spending 15 minutes on your phone, but it becomes a lot less enticing when you remember that you can’t actually deposit that money to your PayPal account until you earn $20 or more.
Thankfully, this is now changing. On the official HQ Trivia Twitter account on January 26, the following was announced:
💰 It’s payday, baby! We’ve removed the minimum balance required to cash out your HQ winnings. Put that money in the bank today!
— HQ Trivia (@hqtrivia) January 26, 2018
From here on out, you’ll be able to actually use your HQ Trivia earnings no matter how much you have. Now, if you’ll excuse me, I’ve gotta get down to the nitty gritty and practice for tonight’s game.
Loco is a blatant HQ Trivia ripoff from India
Voting machine makers are already worried about Defcon
Last year, Defcon’s Voting Village made headlines for uncovering massive security issues in America’s electronic voting machines. Unsurprisingly, voting machine makers are working to prevent a repeat performance at this year’s show.
According to Voting Village organizers, they’re having a tough time getting their hands on machines for white-hat hackers to test at the next Defcon event in Las Vegas (held in August). That’s because voting machine makers are scrambling to get the machines off eBay and keep them out of the hands of the “good guy” hackers.
Village co-organizer Harri Hursti told attendees at the Shmoocon hacking conference this month they were having a hard time preparing for this year’s show, in part because voting machine manufacturers sent threatening letters to eBay resellers. The intimidating missives told auctioneers that selling the machines is illegal — which is false.
Electronic voting machine manufacturers — and anyone with a stake in keeping their flaws secret — have oodles of reasons to prevent Defcon’s Voting Village from having a repeat performance of last year’s (perfectly legal) mass hacking of e-vote boxes.
Voting machine hacking at Defcon isn’t new; the conference has been joyfully cracking voting machines since 2004. The problems with voting machine security, and the industry’s unwillingness to acknowledge the problems discovered at Defcon, have ensured the voting machine hacking challenge has been coming back year after year.
In fact, the machines are so badly maintained, notoriously backdoored, and easily hacked that even Defcon hackers massively stress out in forums and chat spaces about their own local and federal voting process.
As you’d expect, e-vote machine hacking was more popular than ever last year at Defcon.
Voting machines displayed at Defcon’s Voting Village in Las Vegas, Nevada on July 29, 2017.
But 2017’s e-vote hackfest was markedly different because it was officially the first time a large-scale hack of voting machines had occurred (openly, anyway) because the act of hacking them is considered illegal. Not at Defcon’s 2017’s mass e-vote hack-a-palooza: That was thanks to the hard work of law professor Andrea Matwyshyn. She cleared the way for scores of hackers to legally throw everything they had at voting machines for all to see.
Voting machine makers with anything to hide couldn’t have been happy about that. If you remember the headlines after last year’s Defcon, the results that came out of the Voting Village were beyond problematic. Shocking, even.
Defcon’s hackers breached every single voting machine in the Village. Some in minutes; many in under an hour and a half. E-vote machines were popped by hackers without insider knowledge, and by hackers who didn’t even specialize in voting machines.
One attendee remarked on Twitter, “Horrifyingly, some were hacked wirelessly (ie no physical access). Many hadn’t had OS or basic software patches in over a decade.” They added, “Others had been sold off after use, but hadn’t been wiped; still had voter data on them. Didn’t hear of any with any credible audit trail.”
A hacker tries to access and alter data from an electronic poll book at Defcon’s Voting Village in Las Vegas, Nevada on July 29, 2017.
A journalist at the event tweeted: “One of the Express epollbooks at the Defcon voting machine hacking village had 600,000 voter reg records on it from Shelby County, TN.” Voting Village hackers also discovered that all Sequoia brand voting machines shared a common, hard-coded password.
Before the 2016 presidential election in the US, a study released by the Brennan Center called “America’s Voting Machines at Risk” stated forty-three states were using machines that were over a decade old in 2016. The report’s author Larry Norden said before the election “In 14 states, machines will be 15 or more years old.”
What’s worse, he added that “nearly every state is using some machines that are no longer manufactured and many election officials struggle to find replacement parts.” Before millions of electronic votes were cast for the next US president, Norden told press that “everything from software support, replacement parts and screen calibration were at risk.”
So it’s no wonder voting machine makers are keen to get their gear off eBay and keep it out of the hands of white-hat hackers equally keen to expose their collective security failings.
The Defcon Voting Village crew seems to be taking it as you’d expect — like a challenge. Harri Hursti is definitely having trouble, but said they scored at least one machine from “an e-cycling company [that] had bought 1,300 voting machines, which it acquired when the ceiling of the warehouse in which they were being stored collapsed.”
Hursti told press, “We found the company had already sold 400 of the machines, in some cases back to counties for voting duties.”
So, you know. This is fine.
Images: Steve Marcus / Reuters (Voting machine display, poll book hacking, I voted)
Google Bulletin is powered by your hyperlocal news updates
Google has been toying with the idea of hyperlocal news for a while now. It tested Google Now cards back in 2013 that could display information as close as your neighborhood, for example. The company’s latest take, Bulletin, is in testing as an app to create and instantly publish those hyperlocal stories from your phone. Currently only in early access in Nashville and Oakland, Bulletin encourages local journalists and everyday folk to capture a video, take a snapshot and build a story around events wherever they happen.
Google confirmed the project to Slate on Friday. “This is very much in the testing phase and aimed at hyperlocal stories and events for people to share, and for local media to take advantage of,” a Google spokesperson explained to Slate. “People everywhere want to know what is going on in their own backyard at a very local level, ranging from local bookstore readings to high school sporting events to information about local street closures.”
It’s not hard to see a tool like Bulletin as a boon to local reporters and news outlets looking for stories closer to home. While fake news might may be a concern for Google overall, this project seems focused on events and happenings rather than hard news stories. Either way it pans out, putting power like this in the hands of the people just might make a lot of sense for regional communities looking to share what’s going on in their own neck of the woods.
Via: Slate
Source: Google
Apple details the energy use of its always-on HomePod speaker
Now that the HomePod is nearly here, Apple is dribbling out details of what its first smart speaker will do… including, apparently, that it’s a power miser. The company has posted environmental data showing that the HomePod uses no more than 9.25W of power when playing music at 50 percent volume. As MacRumors noted, that’s less than the consumption of a typical LED light bulb (such as the 10W of a Philips Hue A19). You’re going to use more power if you crank it up, of course, but you probably won’t cringe at your electricity bill if you stream music all day.
And importantly, the speaker should consume little power when it’s silent. Apple said that the speaker draws a maximum of 1.76W in idle mode, or about 50 percent less than the latest Energy Star specs require. The trick, Apple says, is the combination of “optimized power management features,” such as dropping into low-power mode after 8 minutes of inactivity, and a high-efficiency power supply.
How well does this stack up to the competition? That’s difficult to say, but there are some ballpark figures to work with. E Source observed that the original Google Home speaker used around 2W while idle and 3W while playing at high volume, while the initial Amazon Echo used 2.8W at idle and 7W at high volume. The idle power draw is slightly better, then, but it’s hard to compare power use — the HomePod is clearly aimed more at premium connected speakers (like the Sonos Play:3 or Google Home Max) than the basic output of the Echo or Home. The one certainty is that Apple isn’t using so much more electricity that you’ll pay dearly for sweeter tunes… beyond the outlay for the speaker itself, of course.
Via: MacRumors
Source: Apple (PDF)
Facebook takes on Twitch and YouTube in game streaming push
Last year Facebook launched a Creator app for video hosts to create more video content for the social network. Now it’s doubling down on the concept, this time for those who make gaming videos. It’s a pretty clear bid to compete with YouTube, Twitch and Mixer for the attention of gaming fans who love watching other people play video games.
Facebook points to the success of gaming creators like StoneMountain64 (above), who has more than 1 million followers watching his Facebook Live streams of PUBG and Fortnite. The social network now allows creators in the program to stream in 1080p at 60 frames per second, the holy grail of gaming resolution.
The company also wants to add monetization systems for those in the creators program, likely through payments during live streams. On Saturday the 27th at 5:15 PM Pacific, Facebook will host an event on Daybreak’s H1Z1 Facebook page to bring dozens of these creators into the new program. The group includes livestreamers like Misses Mae, Doom49 and The Warp Zone. You’ll also see more of the creators at April’s PAX East conference.
Source: Facebook
Hawaii senator wants feds to handle future nuclear attack warnings
On January 13th, a statewide alert warned Hawaiians about an incoming nuclear attack — which turned out to be a mistake caused by human error. Whoops! The resulting finger-pointing revealed serious shortcomings about the state government’s disaster response, including the governor’s difficulty logging in to his Twitter account to tweet out an all-clear. But US senator Brian Schatz of Hawaii doesn’t think fixes are enough: He wants to take the responsibility for nuclear warnings away from local and state governments and give it to the feds alone.
Any city, county or state can participate in a program that lets them send these alerts, but it doesn’t make them experts, Schatz said in Congressional testimony at a hearing about the failure. So he proposed legislation with several other senators that would put the responsibility solely with the federal government.
“States are the laboratories for democracy, they should not be the laboratory for missile alerts,” Schatz said. “A missile attack is federal. A missile attack is not a local responsibility. Confirmation and notification of something like a missile attack should reside with the agency that knows first and knows for sure. In other words, the people who know should be the people who tell us.”
Specifically, the DoD and DHS should have the authority to send alerts, Schatz concluded. Also at the hearing, an FCC official described the agency’s investigation, which faulted inefficient safeguards and process controls for the false alert. The Hawaii Emergency Management Agency is currently working to add safeguards to prevent such a mistake from happening again by requiring two people to confirm a live alert before it goes off, according to CNET.
Via: CNET
Source: Big Island Video News
SpaceX’s Falcon Heavy launch is reportedly set for February 6th
It looks as though it’s finally happening. SpaceX’s Falcon Heavy rocket may have a launch date, according to Chris G. of NASASpaceflight.com. The rocket will launch no earlier than February 6th, with a window of 1:30 PM ET to 4:30 PM ET. There’s a backup window on February 7th, just in case. We’ve reached out to SpaceX for confirmation.
Guys… are you ready!? #FalconHeavy LAUNCH DATE!
February 6th, with a backup on the 7th.
Launch time is 13:30-16:30 EST (18:30-21:30 UTC)#ItsHappening
— Chris G – NSF (@ChrisG_NSF) January 26, 2018
This has been a long road for the Falcon Heavy, but SpaceX appears to be moving swiftly, following the successful static fire test earlier this week. It’s worth mentioning that this launch date is not set in stone; there’s a Falcon 9 launch that must happen next week to clear the way for the Falcon Heavy. Still, it’s exciting to have an actual date after so much waiting.
Source: Twitter
Washington state bill would make hard-to-repair electronics illegal
A number of states are considering right to repair bills, legislation which if passed would make it easier for individuals and repair shops to replace or repair electronics parts. Repair.org reports that 17 states have already introduced bills this year and while most aim to make repair parts and manuals accessible, Washington’s proposed legislation would straight up ban electronics that prevent easy repair. “Original manufacturers of digital electronic products sold on or after January 1, 2019, in Washington state are prohibited from designing or manufacturing digital electronic products in such a way as to prevent reasonable diagnostic or repair functions by an independent repair provider,” says the bill. “Preventing reasonable diagnostic or repair functions includes permanently affixing a battery in a manner that makes it difficult or impossible to remove.”
Motherboard reports that the bill is cosponsored by a dozen representatives, a group that includes both Democrats and Republicans, and was recently moved out of committee, meaning it’s closer to a vote than similar bills in other states. “With Apple phones in particular, they glue the battery in the case, so for me, that sounds like a purposeful attempt to make it so you couldn’t repair the phone,” Jeff Morris, the representative who introduced the bill, told Motherboard. “It helps accelerate the path of those devices to the waste stream. So we’re trying to keep the philosophy our state is behind, which is recycle, repair, reuse.”
Naturally, tech groups have jumped to make their opposition clear. In a letter to Morris, groups such as the Consumer Technology Association, the Telecommunications Industry Association and the Computer Technology Industry Association said the bill was “unwarranted” and added, “With access to technical information, criminals can more easily circumvent security protections, harming not only the product owner but also everyone who shares their network.”
The bill is still in its early stages, so there’s no guarantee it will pass. Also, the January 2019 cutoff that it currently sets for manufacturers to abide by the proposed legislation is very soon, which could cause some pushback, and not just from the tech industry. However, it’s an interesting addition to the pile of right to repair bills under consideration across the country and if it does pass, it stands to help consumers, third-party repair shops and even the environment.
Via: Motherboard
Source: Washington State Legislature (1), (2)
AIVAnet 