My Weekly RoundUp #92
The news I read last week didn’t really impress me. Just something about Microsoft and OpenSource and, of course, Game Of Thrones!
Security lapse exposed a Chinese smart city surveillance system: thousands of facial recognition scans were matched against Chinese police records
Smart cities are designed to make life easier for their residents: better traffic management by clearing routes, making sure the public transport is running on time and having cameras keeping a watchful eye from above.https://techcrunch.com/2019/05/03/china-smart-city-exposed/
But what happens when that data leaks? One such database was open for weeks for anyone to look inside.
Security researcher John Wethington found a smart city database accessible from a web browser without a password. He passed details of the database to TechCrunch in an effort to get the data secured.
The database was an Elasticsearch database, storing gigabytes of data — including facial recognition scans on hundreds of people over several months. The data was hosted by Chinese tech giant Alibaba. The customer’s database, which Alibaba did not name, made several references to the tech giant’s artificial intelligence-powered cloud platform, City Brain, but Alibaba later denied its platform was used.
Ever app users uploaded billions of photos, unaware they were being used to build a facial recognition system
Ever claims to be a company “dedicated to helping you capture and rediscover your life’s memories.”
Signing-up for an account on your smartphone or desktop, you can grant Ever access to pictures stored in your instant messages, email archive, Dropbox, Instagram, and Facebook account. And why would you want to do that?
An NBC News investigation has uncovered that Ever isn’t being completely altruistic […] Ever decided two-and-a-half years ago to switch its business strategy – by embracing facial recognition and exploiting the 13 billion images its users had entrusted it with. But what it doesn’t seem to have done is clearly communicate that change of path with its millions of users, and given them the choice as to whether they wished to opt in or not.https://www.grahamcluley.com/ever-app-users-uploaded-billions-of-photos-unaware-they-were-being-used-to-build-a-facial-recognition-system/
The USB stick eyeDisk that uses iris recognition to unlock the drive could reveal the device’s password in plain text in a simple way
eyeDisk is a USB stick that uses iris recognition to unlock the drive, it is advertised as the “Unhackable USB Flash Drive,” instead it could reveal the device’s password in plain text.
Just analyzing the eyeDisk USB stick with the Wireshark packet analyzer
Security expert David Lodge from Pen Test Partners decided to analyze the product after he discovered it on Kickstarter.
“With eyeDisk you never need to worry about losing your USB or the vulnerability of your data stored in it. eyeDisk features AES 256-bit encryption for your iris pattern.” reads the description of the product. “We develop our own iris recognition algorithm so that no one can hack your USB drive even [if] they have your iris pattern. Your personal iris data used for identification will never be retrieved or duplicated even if your USB is lost.”
Inside a Scam Call Center
Hello YouTube, I am Malcolm Merlyn. As most of you are aware, there are a lot of different scammers out there and these include Nigerian prince email scammers, Indian tech support scammers, IRS scammers and others. They have been around for over 10 years now and they don’t seem to be going anywhere. After getting a lot of calls, sometimes very early in the morning I have decided enough is enough. If the government won’t shut down these pests then I will. I created some virtual machines and started calling scammers using a fake caller ID. The calls were quite hilarious so I started uploading them on YouTube; this was great as I was raising awareness about scams while also earning money. In total I have called scammers over ten thousand times in the past year and a half. I created a number of programs to annoy them including a call flooder that can call the scammers many times per minute which overloads their phones.https://www.youtube.com/watch?v=CGaRfN8JhnY
Microsoft: The open source company
The news from Microsoft’s Build developer conference that surprised me most was that Microsoft will ship a genuine Linux kernel—GPLed, with all patches published—with Windows. That announcement was made with the announcement of Windows Terminal, a new front-end for command-line programs on Windows that will, among other things, support tabs.https://arstechnica.com/gadgets/2019/05/microsoft-the-open-source-company/
Microsoft’s increased involvement with open source software isn’t new, as projects such as Visual Studio Code and the .NET runtime have operated as open source, community-driven projects. But this week’s announcements felt a bit different.
The Linux kernel will be powering Microsoft’s second generation Windows Subsystem for Linux (WSL). The first generation WSL contains a partial re-implementation of the Linux kernel API that uses the Windows NT kernel to perform its functionality. In choosing this approach, Microsoft avoided using any actual Linux code, and hence the company avoided the GPL license with its “viral” stipulations that would have arguably forced Microsoft to open source WSL and perhaps even parts of Windows itself.
In the second-generation WSL? It’s a full GPLed Linux kernel running in a lightweight virtual machine. This won’t be part of the base Windows installation—I’m told that developers will need to enable Developer Mode in Windows first—but it is, nonetheless, a GPL-licensed component forming part of a Windows component. Windows’ WSL feature has GPLed underpinnings, and that’s not something I would have expected to write even a year or two ago.
Introducing Windows Terminal
We are beyond excited to announce Windows Terminal! Windows Terminal is a new, modern, fast, efficient, powerful, and productive terminal application for users of command-line tools and shells like Command Prompt, PowerShell, and WSL.
The Windows Terminal uses a GPU accelerated DirectWrite/DirectX-based text rendering engine. This new text rendering engine will display text characters, glyphs, and symbols present within fonts on your PC, including CJK ideograms, emoji, powerline symbols, icons, programming ligatures, etc. This engine also renders text much faster than the previous Console’s GDI engine!
We are excited to announce that we are open sourcing not just Windows Terminal, but also the Windows Console which hosts the command-line infrastructure in Windows and provides the traditional Console UX.https://devblogs.microsoft.com/commandline/introducing-windows-terminal/
Stephen King has a few ideas of how Game of Thrones should end
Stephen King is a man who knows a thing or two about telling a good story — although apparently there are those who doubt his ability to end one — and he has a few ideas for how Game of Thrones should end it all.https://www.syfy.com/syfywire/stephen-king-on-how-game-of-thrones-should-end
That’s not us saying such blasphemy, of course, as we’re not so foolish as to cross a man sick enough to come up with such disturbing classics as The Shining, It, and pretty much every other movie that haunted our childhoods (while continuing to do so well into adulthood). That’s the King himself, admitting that some haters don’t think much of his endings… perhaps because he knows his proposed ending to Game of Thrones isn’t all that plausible, really.