Top Stories for the Week of January 26, 2016

  • From Category5 Technology TV S09E18
  • January 26, 2016
The weekly tech news from Category5 TV is provided free of charge. If you enjoy what we do, please consider becoming a Patron so we can continue offering more great content.
Support This Free Content

Here are the stories we're following for the week of Tuesday January 26, 2016


Some Vtech Learning Lodge applications are back online following November's hack attack which exposed millions of children's personal information.

Some Vtech Learning Lodge applications are back online following November's hack attack which exposed millions of children's personal information.

Children's toy firm Vtech has reopened "key functions" of its Learning Lodge gateway for the first time since it was hacked in November 2015.

The online service is a portal for customers to download games, e-books and other content on to Vtech devices.

They can now register, manage their accounts and use the app store, but some products, including the Power Xtra Laptop and InnoTV, remain offline.

Almost 6.4 million children's details were exposed by the hacker.

Other products which remain offline include the Secret Safe Diary Selfie, Snuggle and Sleep Musical Sheep and MobiGo Touch Learning System.

Allan Wong is Vtech's chairmain and group chief executive, and he said in a statement, "After the cyber-attack, we have focused on further strengthening security around user registration information and other services within Learning Lodge"

Mr. Wong goes on to warn customers that they need to update their Learning Lodge password as soon as possible.

Vtech has now confirmed that the data accessed by the hacker included children's names, dates of birth and gender as well as the "name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history" of the account holder.

Source: www.bbc.com

Sent to us by: Roy W. Nash


Nest's thermostats have been leaking users' zip codes, raising real concerns over Internet of Things developers and how they're approaching security.

Nest's thermostats have been leaking users' zip codes, raising real concerns over Internet of Things developers and how they're approaching security.

Nest Labs hoped to spark an Internet of Things revolution with the introduction of the Nest Learning Thermostat. After all, many homeowners had never encountered a thermostat that was so adept at maintaining heat/cooling levels using a bevy of sensors and software magic while shutting off when you left the room and turning back on when you returned.

While no one expects that a Nest thermostat should be locked down as securely as say, a smartphone, you would at least assume that it wouldn’t leak out personal information of homeowners. However, two researchers from Princeton’s Center for Information Technology Policy (CITP) — Ph.D. student Sarthak Grover and fellow Roya Ensafi — discovered that Nest thermostats were actually putting out the home zip code (and as a result, the closest weather station) of its users.

Nest acknowledged that this was a bug in its thermostat software and was not an intentional act. Google quickly issued a fix.

While something as innocuous as a zip code is relatively harmless in the grand scheme of things, lax programming could lead to even more serious privacy leaks.

The Internet of Things represents just another attack vector for malicious parties to track your every move, even when you think that you’re safe and secure in your own home. It’s up to tech companies to secure customer data and from the looks of things, they still have a long way to go.

Source: hothardware.com

Sent to us by: sr_wences


It has been found that media devices sold to several government offices have hidden backdoor with sniffing functions.

It has been found that media devices sold to several government offices have hidden backdoor with sniffing functions.

A company that supplies audio-visual and building control equipment to the US Army, the White House, and other security-conscious organizations built a deliberately concealed backdoor into dozens of its products that could possibly be used to hack or spy on users, security researchers said.

Members of Austria-based security firm SEC Consult said they discovered the backdoor after analyzing the AMX NX-1200, a programmable device used to control AV and building systems. The researchers first became suspicious after encountering a function called "setUpSubtleUserAccount" that added an highly privileged account with a hard-coded password to the list of users authorized to log in. Unlike most other accounts, this one had the ability to capture data packets flowing between the device and the network it's connected to.

The researcher said, "Someone with knowledge of the backdoor could completely reconfigure and take over the device and due to the highest privileges also start sniffing attacks within the network segment"

The tell-tale function not only equips the account with packet-sniffing capabilities, it also contains code that prevents it from displaying when a list of valid usernames is enumerated.

When SEC Consult informed AMX officials of the backdoor last March, the equipment maker responded seven months later with an update that it claimed fixed the problem. In fact, according to SEC Consult, the update merely changed the username assigned to the backdoor from BlackWidow to 1MB@tMaN. The backdoor account and the capabilities built into it remained.

AMX has since released a statement claiming the accounts were used for diagnostics and maintenance for customer support of technical issues.

Source: arstechnica.com

Sent to us by: Roy W. Nash


Google is to pay £130m in back taxes in Britain.

Google is to pay £130m in back taxes in Britain.

Google has agreed to pay £130m in back taxes after an "open audit" of its accounts by the UK tax authorities.

The payment covers money owed since 2005 and follows a six year inquiry by Her Majesty's Revenue and Customs.

Google is one of several multinational companies to be have been accused of avoiding tax, in spite of making billions of pounds of sales in Britain.

Senior figures at the US search giant said it would follow new rules which would see it pay more taxes in future.

Source: www.bbc.com

Sent to us by: Roy W. Nash


An independent Half-Life game has been approved by Valve and is coming soon, written by a guy who quit his job to create the game.

A new fan-made Half-Life game is due to be released on Steam in February.

A new fan-made Half-Life game is due to be released on Steam next month.

Prospekt is made by 25-year-old indie developer Richard Seabrook, who over two years ago decided to quit his job and make the game as a job application.

Valve, the company behind Half-Life, have given Seabrook approval to use graphics and assets from Half-Life 2 and while the game is not an official Half-Life title it has been approved by the company.

Source: www.bbc.com

Sent to us by: Roy W. Nash


Remember that dad whose son ran up an Xbox bill for more than $8,000? We have an update for you tonight.

Remember that dad whose son ran up an Xbox bill for more than $8,000? We have an update for you tonight.

Two weeks ago we reported a story about a Pembroke, Ontario father whose 17 year old son ran up an Xbox bill totaling over $8,000, and now, Microsoft has given him a refund for the full amount.

Lance Perkins said he was stunned to discover the charges on his credit card bill in December, and criticized the company for what he called a misleading business scheme.

Perkins complained to Microsoft and the company agreed to look into the charges.
He says Microsoft initially told him it couldn't refund the money. But when the company learned Perkins' son was a minor, it agreed to refund the full amount of $8,206.43.

In a statement, Microsoft responded by saying, "Microsoft may occasionally choose to provide a one-time refund in cases of minors making purchases without parental permission."

They also made it clear that these refunds are for a very small number of users in exceptional cases, and they will only be granted once in a lifetime.

Perkins is surprised at Microsoft's response, and hopes his story helps protect other parents and warn them how online gaming bills can add up.

Source: www.ctvnews.ca


Discussion

Twitter Posts

Login to Category5

Error message here!

Hide Error message here!

Forgot your password?

Register on Category5

Error message here!

Error message here!

Hide Error message here!

Lost your password? Please enter your email address. You will receive a link to create a new password.

Error message here!

Back to log-in

Close