So you thought the facial recognition technology built into your laptop would keep your business and personal information safe? Bwa-ha-ha! Today, the Black Hat DC 2009 security conference found out that, as Vietnam-based security researcher Nguyen Minh Duc puts it, Your Face is NOT Your Password.
Nguyen's paper reveals (PDF link) that it's relatively simple to hack facial recognition systems included in webcam-equipped laptops from Lenovo (Veriface III), ASUS (SmartLogon v1.0.0.0005), and Toshiba (Face Recognition 184.108.40.206). Methods used included using photographs in place of live faces (Facebook, anyone?) and performing brute-force attacks by changing lighting and photo angles in a digitized face until the system permits access.
Are you counting on facial-recogntion technology to keep your stuff safe? Is your company? Join us after the jump for your chance to sound off on this latest "unbreakable," but now broken, access-control technology.
It is a disgrace that humans haven’t still got the hang of setting passwords. It seems as though that most internet users have inextricably tethered themselves to a promise of not setting strong-enough passwords, which may force hackers to reconsider their choice of profession for its grueling nature. As you devour more of this story, you will begin to envy hackers for having it stroll-in-the-park easy.
A new study has revealed – rather reiterated - that internet users nonchalantly continue to set unimaginative, fatuous passwords. The study appraised 28,000 passwords that were recently stolen from a U.S website.
Sixteen percent of the users had set their first name as their password. Around fourteen percent chose easiest to recall key combinations, including “1234” and “12345678”. Other users, who apparently don’t rate their mathematical ability highly, chose to steer clear of numbers and settled for passwords such as “AZERTY” and “QWERTY”.
Five percent of the passwords were found to be inspired by popular things and celebrities, including names of movies, TV shows and actors. The strongest password in this category was found to be “Ironman” as it sounds impenetrable.
Three percent of the people reckon passwords are another medium of expression. How else would you explain passwords like “Iloveyou” and “Ihateyou?”
If Dead Rising taught us anything, it’s that donning goofy apparel is par for the course during a potential zombpocalypse. So, of course, as mindless slaves to our media (though not quite “zombies”), we’re thrilled that it’s finally kosher to sport a pair of multi-colored shades while doing our civic, undead-slaughtering duties.
Oh, we guess you also get “true 3D” out of the whole deal or whatever, but it’s not like anyone else benefits from your newfound sight beyond sight. Only you, you self-serving greed-pig.
So here. Here are your dumb means to achieve your selfish ends. After all, it’s not like we’re bitter because the hack won’t work on our PC. No. You’re just a terrible person. Never forget that.
He revealed that he successfully gained access to the account of a female Twitter staffer named “Crystal.” He had serendipitously stumbled upon her account and had no idea that she was a Twitter staff member with administrative control. He then proceeded to hack her account using a dictionary attack.
The program didn’t have to break a sweat as she was using the password “happiness.” Her flimsy password coupled with Twitter’s primeval security, which allows rapid-fire log-in attempts, led to several high profile Twitter accounts, including the ones belonging to President-elect Barack Obama and Fox News, being compromised.
So you thought you were safe inside your precious little calendar, eh? Well think again!
It looks like hackers have found a way to break into your Gmail account, all by preying on your Google Calendar. The attack comes in the form of a simple calendar email notification telling you that your account will be deleted unless you submit your Google username, password and date of birth. Generally, the emails come from a “customerserviceXXXX@gmal.com” (where the X’s represent a random number) address, so be sure and keep your eyes out.
Luckily, the fix for this is entirely on your end. Just be sure and watch whom you’re getting your email from. Major companies generally won’t ask you for your information and anyone that does so, has deplorable intentions.
Everyone’s favorite (according to sales numbers, at least) smartphone, the iPhone has finally been hacked to run Linux.
The 2.6 kernel only features a bootloader, so if you decide to rock Linux on your iPhone (there are instructions on the Linux on the iPhone blog) you’ll be met with a console that requires a USB connection to access. They’ve also been unable to use the touchscreen, sound, accelerometer and networking functionality of the iPhone.
While admittedly this isn’t a super impressive showing, it’s a great start for the Linux iPhone community. The building blocks have been placed, folks.
If you’re interested in how the whole process plays out, be sure to peep the video!
If you’re a Gmail user and you’ve got a domain that’s registered through GoDaddy, you’ve been put in danger – from yourself.
A new security flaw in Gmail has caused a new exploit to run wild. The exploit essentially makes you to create a filter all on your own, allowing unwanted eyes to get access of your Gmail account.
In a nutshell, the exploit steals a cookie from you. Once this cookie has been swiped some malicious code creates a hidden iframe with a url that contains the variables required for Gmail to create a filter for your account. Once this is done, the hacker has free reign over your personal emails and whatever else you might associate with your Gmail account.
While this is clearly the shorthand version, be sure to check out the full rundown. If you’re one of the many that uses both Gmail and GoDaddy, we’d suggest that you take some time to check it out.
We love to have tons of cool electronics hooked up to the big living room TV -- who doesn’t? But, if you’re like us, your significant other is less keen on seeing all that awesome black plastic and shiny metal, and you probably did the same thing we did: Went out and bought an overpriced, crappy piece of mass-produced furniture that has doors. Doors! And what do those doors do? They create hot pockets of electronics-killing heat that will shorten the life of our precious gear. All to keep the wife happy.
Fear not, heat haters. We put the Maximum PC brain trust to work in assembling a quick, quiet, and easy cooling solution for, well, just about any cabinet you’re willing to cut a hole in. We tested our solution with two of the hottest pieces of hardware we could find: an Xbox 360 and an AppleTV. With both boxed turned on, and with the door closed, the internal temperature of the cabinet quickly hit 130F. But after we mounted our heat-triggered fan, we saw the internal temperatures hovering a scant degree or two above room temperature. Want to find out how we did it? Hit the jump!
We at Maximum PC remember a time, long ago, when having a dual-monitor setup was enough to establish some pretty serious nerd cred. These days, however, everyone and their grandma are playing World of Warcraft and checking their email at the same time on their two screens. So what’s a guy got to do to stand out from the pack? Here’s one idea: run two computers in tandem.
Synergy is a free, open source program that allows you two control two or more computers with a single keyboard and mouse. The linked computers behave as though they were simply different monitors in a traditional multi-monitor, single-computer setup. That is to say, if you drag the mouse off the left side of the right monitor, it appears on the left monitor, directing all keystrokes to that box. More impressively, Synergy synchronizes the two computers’ clipboards and even their screensavers.