The Epilepsy Foundation filed criminal complaints this month following an attack on its Twitter account that could have harmed people with epilepsy.
Mason faces a five-year prison sentence for trying to vote while ineligible.
Gomez got an emotional reaction out of Swift while playing her new music for her best friend and her family.
The NSA leaker violated secrecy contracts by discussing his classified work without approval, a federal judge said.
One of the more satisfying sights in the original Star Wars trilogy was watching Imperial TIE fighters get blown to smithereens by the Rebellion. But this awesome stained glass TIE fighter lamp is one that I’d never want to see in pieces.
This beautiful work of Star Wars fan art was handmade by Russian glass studio V&G Fantasy. It looks just like the TIE fighters flown by the empire, with those iconic flat wings, and round cockpit at its center. The pendant-style ceiling lamp is made from glass steel, and copper, and looks like it’s ready to do battle with some X-Wing lamps if they existed. I particularly love the blue glow that emanates from its interior. All it needs is some kind of laser cannons and it would be perfect. Maybe you could rig some laser pointers up to it for added effect.
The finished piece measures about 18.8″ x 10″ x 8.8″, and is designed to run on a 220-volt power source, so you might need to buy a converter if you plan on using it here in the States. All this awesomeness doesn’t come cheap though, with this one-of-a-kind TIE fighter lamp selling for $750 over on Etsy. Of course, if you work for the Empire, you probably have a pretty good sized expense account for this kind of thing.
Parents buy their children GPS-enabled smartwatches to keep track of them, but security flaws mean they’re not the only ones who can.
This year alone, researchers have found several vulnerabilities in a number of child-tracking smartwatches. But new findings out today show that nearly all were harboring a far greater, more damaging flaw in a common shared cloud platform used to power millions of cellular-enabled smartwatches.
The cloud platform is developed by Chinese white-label electronics maker Thinkrace, one of the largest manufacturers of location-tracking devices. The platform works as a backend system for Thinkrace-made devices, storing and retrieving locations and other device data. Not only does Thinkrace sell its own child-tracking watches to parents who want to keep tabs on their children, the electronics maker also sells its tracking devices to third-party businesses, which then repackage and relabel the devices with their own branding to be sold on to consumers.
All of the devices made or resold use the same cloud platform, guaranteeing that any white-label device made by Thinkrace and sold by one of its customers is vulnerable.
Ken Munro, founder of Pen Test Partners, shared the findings exclusively with TechCrunch. Their research found at least 47 million vulnerable devices.
“It’s only the tip of the iceberg,” he told TechCrunch.
Munro and his team found that Thinkrace made more than 360 devices, mostly watches and other trackers. Because of relabeling and reselling, many Thinkrace devices are branded differently
“Often the brand owner doesn’t even realize the devices they are selling are on a Thinkrace platform,” said Munro.
Each tracking device sold interacts with the cloud platform either directly or via an endpoint hosted on a web domain operated by the reseller. The researchers traced the commands all the way back to Thinkrace’s cloud platform, which the researchers described as a common point of failure.
The researchers said that most of the commands that control the devices do not require authorization and the commands are well documented, allowing anyone with basic knowledge to gain access and track a device. And because there is no randomization of account numbers, the researchers found they could access devices in bulk simply by increasing each account number by one.
The flaws aren’t just putting children at risk, but also others who use the devices.
In one case, Thinkrace provided 10,000 smartwatches to athletes participating in the Special Olympics. But the vulnerabilities meant that every athlete could have their location monitored, the researchers said.
One device maker bought the rights to resell one of Thinkrace’s smartwatches. Like many other resellers, this brand owner allowed parents to track the whereabouts of their children and raise an alarm if they leave a geographical area set by the parent.
The researchers said they could track the location of any child wearing one of these watches by enumerating easy-to-guess account numbers.
The smartwatch also allows parents and children to talk to each other, just like a walkie-talkie. But the researchers found that the voice messages were recorded and stored in the insecure cloud, allowing anyone to download files.
A recording of a child’s voice from a vulnerable server of a smartwatch reseller. (We’ve removed the audio to protect the child’s privacy.)
TechCrunch listened to several recordings picked at random and could hear children talking to their parents through the app.
The researchers likened the findings to CloudPets, an internet-connected teddy bear-like toy, which, in 2017, left their cloud servers unprotected, exposing two million child voice recordings.
Some five million children and parents use the smartwatch sold by the reseller.
The researchers disclosed the vulnerabilities to several white-label electronics makers in 2015 and 2017, including Thinkrace.
Some of the resellers fixed their vulnerable endpoints. In some cases, the fixes put in place to protect vulnerable endpoints later became undone. But many companies simply ignored the warnings, prompting the researchers to go public with their findings.
Rick Tang, a spokesperson for Thinkrace, did not respond to a request for comment.
Munro said that while the vulnerabilities are not believed to have been widely exploited, device makers like Thinkrace “need to get better” at building more secure systems. Until then, Munro said owners should stop using these devices.
Toyota has revealed the new 2020 Highlander, pairing more memorable design with the promise of greater driving refinement while still seating up to eight inside. Set to arrive in dealerships this month in gas form, the 2020 Highlander Hybrid will follow on early in the new year for those who prefer some electrification in their SUV. Now in its fourth-generation, … Continue reading
This morning we’re taking a look at the latest in a series of Steam’s best-of game release lists for the month of November. These releases are compiled in the first week or two of the month after they’re captured. The Top Steam Releases for November 2019 include some obvious entries from big-name game titles, but also has its fair share … Continue reading
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
