In 2011, a bunch of the new "chip and pin" credit cards were stolen. The thieves physically modified the cards circuitry to accept any pin as valid, thereby letting them rack up almost $700,000 in fraudulent transactions.

Don't panic, because this particular hack method has already been blocked. But do think about how this was done: it was micro surgery on the cards innards. That's scary, because this particular modification was (relatively) simple and unsophisticated. What might the next one be?

It's obvious that anything physically accessible has a potential hackability. So how can we ever be secure?

Well, suppose your credit card number wasn't a number at all but was biometrics derived from your person. Suppose further that what you owe and what you own wasn't stored at a bank somewhere, but was stored in your biometrics - that is, you are your own bank account. That's somewhat possible now, though there's no way for you to control it - you wouldn't know if someone hacked you to steal your assets. But that might change eventually.

And then someone will find a way to hack that.

How a criminal ring defeated the secure chip-and-PIN credit cards

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.

This is an inexpensive ($199.00) "security" web cam for your home. I put that in quotes because it's soething that might function as that, but really is more suited to remote monitoring. However, because it records and stores 24 hours worth of video that you can review, you could possibly catch someone walking toward the camera before they picked it up and stole it.

That clip would be available to you from an iPhone or iPad app and clips can captured and emailed or posted to social media like Facebook.

If all you need is a picture, you can stop the playback and snap a screenshot. That's where this came from.

The camera has a rechargeable battery that supposedly lasts for twelve hours, so you could easily take it away from its charging base and temporarily put it somewhere that doesn't have nearby power. They didn't scrimp on the charger cord, by the way: it's a 10 foot USB cable. I tried it uncoupling it twice and found that it barely lasted 4 hours. By the way, I measured its power consumption and found it should use less than $2.00 just sitting there.

The "Day Brief" (not visible in the picture) is everything that has happened since midnight squeezed into a 30 second video. You cannot slow it down, but you can stop it. You don't need to slow it down because you can go back in time with the regular clips anyway.

Note that it is not the past twenty four hours. It's since midnight, so if you tap that at five past midnight, you'll see five minutes compressed into thirty seconds. You can still go back in time through the clips; those don't reset at midnight. But those aren't necessarily 24 hours either: the camera selects "interesting" segments from your day. According to the website, it learns what's interesting. I assumed that might mean that hours of me sitting at my computer typing would be removed, but it's more than that. For example, the camera caught me doing pushups. I actually did 30, but if I go back to that time slot, it shows me doing twelve - it filters out repetitive movement as well as non-movement.

Initially, the camera did not record sound. A reset and firmware upgrade fixed that.

Swipe right to see more controls for the camera. It's not completely clear what all of those controls actually do and (so far) there is no on-line manual to refer to. I'm sure that will change soon also.

First at top left is "Power save" on/off. I've found nothing that fully explains that yet; will update when I do. Next is the 180 rotate I mentioned above - I'm really confused by that one. It does rotate the lense, though I don't see the value. When it is sitting upright, rotating only seems to point it at the ceiling. Mounting it sideways seems to just turn the picture sideways - I don't get it.

That cloud icon with the down arrow is for updating firmware. Next to that is on/off, which obviously doesn't turn off wi-fi, just the camera recording.

The speaker icon turns the speaker on and off, but the microphone button has three settings and it's not clear to me what the other two do.

They adjust the sensitivity.

The moon turns night vision on and off. I tested night vision; it works well. The icon to its right turns the LED activity indicator off. When on, it flashes if someone is watching.

The "Add/remove camera" button (bottom left plus and minus in camera icons) is what it sounds like. You could have one of these in every location in your house. I'd like to have another one at our vacation home.

Activating the Alerts (the bell shaped icon) sends you IOS alerts when it detects activity. That could be very helpful or very annoying, though I found that even when I am at home and doing things that the camera sees, it doesn't alert constantly. When we went out for six hours, leaving the house empty, it did sent an "Activity detected" alert the moment I opened the door to walk back in. However, when reviewing the recordings the next morning, I was very surprised to see that it did not actually record me entering. That seems odd, but it has not happened again: it has always caught me coming in.

Finally there is People. That lets you change your password, logout and redirect to the support site.

Logitech Circle Camera Support

Logitech Circle Camera

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.

Anonymous asks:

Why should I trust The Cloud? There is no cloud, it's just a computer that's located somewhere else!

Well, technically that "just a computer" part may not be true. For example, if you are using a service like Gmail or Office 365, it's not just one computer that provides the service. Your data is mirrored to other computers and they might be located on the other side of the world from each other. That's true for many web sites, too, even very small ones.

Also, those computers are usually far more protected from mishap than anything you own. They'll have redundant internet access, generators for backup power and be physically protected too.

But, yeah, I get it: you don't like letting go. You'd rather have local control. I feel the same way, but in today's world, you are either going to use the cloud to some extent or be content with lesser performance and capability. That's reality.

Cloud haters: You too will be assimilated

Why you shouldn’t trust your data to “the cloud”

Hosted vs. Cloud vs. In House Applications

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.

Anonymous asks:

I fell for a Microsoft phone scam. I let them access my computer, but didn't pay any money. What should I do now?

Do you feel lucky?

Here's the thing. Some of these fakers are just looking to make a quick buck. They access your computer, pretend to find a virus and eradicate it, collect their money and that's it. Some are even more "honest" - they might actually install software that scans for viruses.

But others may have more in mind. They may search your computer for information useful to them in other contexts, like sending spam to your friends or even stealing your identity. They might even install malware on your machine. That could be something relatively innocuous like a browser toolbar or it might be something far worse like a keylogger to steal your passwords. Your machine might be zombified and used to attack bigger targets. It might be used as a repository for illegal files or as part of some other criminal enterprise. That's why I asked if you feel lucky.

The chances are that you can just download something like Malwarebytes, scan your machine and you'll be fine. However, nobody can guarantee that as there are always new things that scanners know nothing about.

If it were me, I'd wipe the machine and install from scratch. Even that might not be enough today as some systems are vulnerable to BIOS hacks. Nor is it just that machine that is at risk: it's possible that your home router could be compromised. Is that likely? No, but it is possible.

You have to decide what risk level you are willing to tolerate. One friend of ours decided to freeze her credit reports, throw out the computer and buy new after something like this happened to her. That might be extreme, but she felt that she'd rather be safe than sorry.

Do you feel lucky?

Malwarebytes

A call from the technical department of Microsoft

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.

So a recent Google blog post talked about some really bad things they found in Kaspersky Antivirus. Apparently having that software on your machine actually makes you vulnerable to drive by exploits - that is, your system can be p0wned just be visiting a website or getting an email - and not even reading it!

What's truly amazing about this is that some of the attack vectors are simple buffer overflow attacks. There's nothing new about buffer overflows; they are caused by sloppy code and the software industry has a long, tragic history of repeating that particular sloppiness again and again. It's beyond astonishing that a respected A/V vendor like Kaspersky would repeat these mistakes in their own code!

Not that other A/V vendors are any better: Google has also found problems with Sophos and ESET.

Ars Technica says that you and I don't need to worry much as this type of exploit is more likely to be launched against a bank or high value company. I'm not sure that makes me any happier.

Kaspersky: Mo Unpackers, Mo Problems.

Buffer Overflow Attacks

Security wares like Kaspersky AV can make you more vulnerable to attacks

Sophail: Applied attacks against Sophos Antivirus

Analysis and Exploitation of an ESET Vulnerability

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.

So Apple has a stringent app review process? Really?

Then how do they explain corrupted apps getting through just because they were created by a bogus version of Xcode? Where's the "stringent review" in that process? There isn't any, and Apple wan't even the one to catch the apps - that was third parties who noticed the bad apps and reported them. Apple had no clue.

So all along this "stringent review" process was nothing more than "Ayup, looks like it was compiled with Xcode, good enough". That's utterly ridiculous. That's beyond utterly ridiculous!

I certainly hope Apple learns something from this.

Apple's iOS App Store suffers first major attack

How malware finally infected Apple iOS apps: XCodeGhost

What You Need to Know About iOS Malware XcodeGhost

Infected iOS apps

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.

Anonymous asks:

How can I open eml files with Outlook?

You used to be able to double click on an eml file and have it open in Outlook. Microsoft changed this behaviour in Win 7 and now wants Windows Live Mail to open .eml files. However, many die hard Outlook users don't have Live Mail installed, so it doesn't work.

There are a number of ways to fix that and I've given links below, but all of the fixes seem to deal with Win 7 or 8. I could not find anything for Win 2008 Server, which is what this person is having trouble with. I would have thought that changing the file association would work, but he insists it does not..

I also don't understand why the fixes below mention registry changes - again, I would expect changing file associations would be enough. I don't have Outlook on my Windows 8 machine, but I was able to change eml files to open with Wordpad without resorting to registry changes.

How do I get Outlook 2007 to read .eml files and attachments?

How to open .eml files in Windows 7?

Configuring file associations in Windows 8.1

Opening eml-files with Outlook

Change which programs Windows uses by default

Changing File Type Association in Windows Server 2008

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.

Anonymous asks:

Is is safe to visit my bank or other secure sites like Gmail if I'm using unsecured wifi?

All else being equal, that's every bit as safe as it is when using a secure network. There are some gotcha's in there, but those apply no matter where you are, secure network or not.

If you are very paranoid, there are things you can do to be certain that nothing funny is going on. First, before you login, you can check that the certificate your browser accepted is correct. Exactly how you do that depends on your browser; Google for "check https certificate" if you need to.

You can also check (again, before you login) to see that you are connected to the right IP address. That's harder as many large sites like Google use multiple IP addresses and may proxy through sites that will have different IP's in different locations - so where YOU are may determine what you connect to. Still, a bit of sleuthing with "netstat" and some lookups at sites like MXToolbox can reassure you that you truly are connecting to the site you wanted. That can be a bit of work, of course.

Is any of this absolute? No, because your entire computer might already be compromised and you can't trust anything it says. However, if that's true, you are already at risk, secure wifi or not.

Do be aware that some sites may switch you to an HTTP connection after login. Not many do that now, but you should watch for that just in case.

Finally, if the site you are visiting has two factor authentication, you are even more safe and you should enable that option if it is available.

Staying safe on public Wi-Fi

-- This feed and its contents are the property of A.P. Lawrence, and use is subject to our terms. It may be used for personal consumption, but may not be distributed on a website.