Researchers at the security software company Check Point say they’ve discovered a serious vulnerability lurking inside the routers and modems used to deliver Internet connectivity to 12 million homes and small businesses around the world, and it’s going to be a complicated matter to fix it.
Dubbed the Misfortune Cookie, the weakness is present in cable and DSL modems from well-known manufacturers like D-Link, Huawei and ZTE, and could allow a malicious hacker to hijack them and attack connected computers, phones and tablets. An attacker exploiting Misfortune Cookie could also monitor a vulnerable Internet connection, stealing passwords, business data or other information. Check Point didn’t disclose how an attack might be carried out. Spokespeople for D-Link, Huawei and ZTE had no immediate comment on the vulnerability.
In an interview with Re/code, Shahar Tal, a researcher at Israel-based Check Point, said the company traced the vulnerability to a programming error made in 2002. That error originated with Allegro Software, the Massachusetts-based developer of RomPager, which unwittingly introduced it into the widely used embedded Web server…
The list of devices affected by Misfortune Cookie includes some 200 products from more than 20 companies. All told there are more than 12 million devices with the vulnerability in use today, including some that were manufactured as recently as this year. And yet to date, no real-world attacks using Misfortune Cookie have been detected.
Reached for comment, Allegro Software downplayed the severity of the vulnerability and its responsibility for it. “It’s a 12-year-old bug that was fixed nine years ago,” said CEO Bob Van Andel. He conceded, however, that many of Allegro’s customers haven’t bothered to install the code that protects RomPager against Misfortune Cookie — nor can the company force them to do so.
So, if you suspect your router or modem has the Misfortune Cookie – Tal suggests calling the manufacturer or the company that provided the equipment. See if they’re one of the bright ones that actually keeps up with patches. Of course, if that was true you would have already received notice of the update.
I really love this stuff. I’m the only member of my extended family here in New Mexico who hasn’t ever been a pilot. But, I always wanted to be one – when I was a kid.
Thanks, Om Malik
Despite what you might think from watching “Law and Order,” it’s not only crooks who want disposable phone numbers.
There are all kinds of reasons people don’t want to give out their number, in part accounting for the popularity of cheap cellphones, often called “burners.”
But it’s not really the cellphone most people want to replace. It’s just the number.
So one startup has built its business around letting people use their cellphone with multiple “burner” phone numbers.
Ad Hoc labs, a nine-person, Los Angeles-based startup, created Burner, an iOS and Android app that lets people get one or more temporary numbers. The app is free to download, but customers pay for more than a minimal amount of use or for more than one burner number.
And it’s built a pretty good business, with Burner frequently ranking near the top of the best-grossing apps in the utilities section of Apple’s App Store…
Soon, the company is adding a few new tricks, most notably the ability to send picture and video messages. Prior versions could make calls and send text messages, but not handle multimedia messages…
Burner is also extending its usual free trial period, giving new iOS users a year of limited use. It’s not giving a ton of minutes or texts for free, but CEO Greg Cohn said it is enough for casual use and for a more serious user to see the value of the paid service.
Now – could you use something like this?
I don’t need anything like this – right now. But, there have been occasions in my past when having a disposable, untraceable phone number was handy. Sure, snoops with legal power can eventually trace when and where the number was used. They can subpoena the carrier. Useful to an extent – and slow.
This still sounds like something that would piss off the FBI, maybe lazy local police departments, maybe even the NSA. Reason enough for me to post this wee article.
The ghosts in the machine
The Koch brothers and their allies are pumping tens of millions of dollars into a data company that’s developing detailed, state-of-the-art profiles of 250 million Americans, giving the brothers’ political operation all the earmarks of a national party.
The move comes as mainstream Republicans, led by Mitch McConnell, are trying to reclaim control of the conservative movement from outside groups. The Kochs, however, are continuing to amass all of the campaign tools the Republican National Committee and other party arms use to elect a president.
The Koch network also has developed in-house expertise in polling, message-testing, fact-checking, advertising, media buying, dial groups and donor maintenance. Add mastery of election law, a corporate-minded aggressiveness and years of patient experimentation — plus seemingly limitless cash — and the Koch operation actually exceeds the RNC’s data operation in many important respects.
Billed as the biggest non-party agitprop brigade in the United States, the Koch Bros have decided decades of brainwashing about the glorious two-party system requires them – easily enough – to take over the Republican Party.
The least-known vehicle for the Kochs is a for-profit company known as i360, started by a former adviser to John McCain’s presidential campaign after McCain lost to Barack Obama in 2008. Subsequently, it merged with a Koch-funded data nonprofit. The Koch-affiliated Freedom Partners, formed in late 2011, eventually became an investor, officials confirmed to POLITICO.
Spending more than $50 million in cash over the past four years, i360 links voter information with consumer data purchased from credit bureaus and other vendors. Information from social networks is blended in, along with any interaction the voter may have had with affiliated campaigns and advocacy groups. Then come estimated income, recent addresses, how often a person has voted, and even the brand of car they drive. Another i360 service slices and dices information about TV viewing to help campaigns target ads more precisely and cost efficiently.
GOP campaigns can get less-expensive data through the RNC, but happily pay i360 for its superior profiles. Midterm clients included several of the GOP’s marquee Senate and gubernatorial victors, including Sens.-elect Tom Cotton of Arkansas and Joni Ernst of Iowa, and Gov.-elect Larry Hogan in Maryland…
Palmer said i360 embeds experiments “into absolutely everything that we do.” In Colorado, for instance, Americans for Prosperity — the most muscular part of the Koch network — worked with i360 to isolate 297,000 voters who were not likely to vote in 2014, but were likely to oppose the policies of Democratic Sen. Mark Udall, who wound up being defeated by GOP Rep. Cory Gardner.
Among the 297,000 voters, some got no contact at all from AFP. About 60,000 voters were broken into six “treatment groups”: One group got a knock on the door, plus a volunteer phone call and a mail piece. Another got door plus mail. Another got door only, and so forth. Within those groups, the messages varied. Now, as part of its midterm after-action review, i360 is figuring out which approach was most efficient in turning out a reluctant voter.
RTFA for all the delightful details. You, too, will be a datapoint if the Koch Bros think they can find an issue or two to twist your “independent” choice for elective office over these next two years.
After decades of brainwashing that advertising is really helping you find what you need for a better life, the Koch Bros and the Republican Party may just convince Americans that being a lemming in a cute little white suit is better than all those other sizes, shapes and colors. Or thinking for yourself.
Some day in the not-to-distant future we might look back at this Koch Bros venture and reflect that history’s next Joseph Goebbels turned out to be a Geek.
Mission accomplished! A group of rocket enthusiasts launched a porta-potty into the sky Saturday in southwestern Michigan. It made an arc and almost landed on a spectator’s pickup truck, 2,000 feet away.
A group of Michiana Rocketry club members planned the project for more than two years. The club is trying to increase awareness of rocketry as a hobby and prove it’s possible to turn a porta-potty into a rocket and launch it successfully.
…liftoff occurred in a soybean field near Three Oaks in Berrien County. About 30 people worked on the rocket, from engineers to sales people who lined up sponsors.
Rocket enthusiast Bob Bycraft says it was carefully planned. He says it wasn’t “barnyard engineering.
“It is an epidemic. Or, at least, it’s very common,” New York-based spine surgeon Kenneth Hansraj told The Washington Post last week. He was referring to something that is being called “text neck,” a purported condition of the spine related to the posture of bending forward to look at a phone…
…It was an interesting account of the suggestions of one private-practice neurosurgeon. But the post and the illustration spread widely around the Internet, and the stakes elevated quickly.
In the past week, the study and the diagram have been published by hundreds of outlets, including The Chicago Tribune, Slate, NPR, Business Insider, The Sydney Morning Herald, NBC News, The Globe and Mail, Today, Time, Yahoo, Shape, BuzzFeed, The Huffington Post, and many others. New York’s headline, for example, was “Look at How Texting Is Warping Your Spine.” At several publications, the story was the most popular post on the site. With claims of epidemic and implications of serious spinal damage, the story has elevated to something that maybe warrants a closer look.
Hunching over isn’t ideal, and it’s worth thinking about sitting or standing up straight when possible. But our necks are made to bend forward, and it’s not something that’s new to humans. Texting invokes the same posture as holding a book.
Or a baby.
Or a rock…
The reality is that an axial load, one applied from the top down onto the spine, at the weights in question is not dangerous. “People can carry a lot more than 60 pounds on top of their head if it’s actually an axial load,” neurosurgeon Ian Dorward said, noting that people have evolved to have their heads flexed in a variety of different angles and postures without issue…
For most people, though, the point remains that good posture is generally good when possible, but texting is not an imminent threat to spinal health.
RTFA for all the details of an unnecessary flap over a non-problem.
Amazon’s Giant Mystery Box Is Back
Nerds went into a tizzy earlier this year when a giant Amazon box was spotted on the back of a flatbed truck. Turned out the box held a Nissan car that was being delivered as part of an advertising deal the car maker did with Amazon.
Guess what? The big box is back. This morning, a Re/code editor spotted the box shown in the photo above on the back of a truck in the SoMa neighborhood of San Francisco. On first look, it didn’t appear big enough to fit a car. I contacted Amazon to get some more information.
An Amazon rep said it is not part of an advertising campaign like last time, but it is part of a “new program” that the company will unveil next week. Fifteen of these boxes are scattered around the U.S., he said.
“We’re excited to be making 15 special deliveries next week as part of the holiday season,” the spokesperson said in an email. “Stay tuned.”
Geeks especially enjoy whimsy in place of advertising dollar$ spent on traditional agitprop.
This can’t be about their new diapers – they debuted yesterday. The same day this article was posted over at Re/Code. So, I’ll be one of the geeks patrolling the Web and watching for news about the Big Box.
I have a thing about Amazon boxes, anyway. I haven’t succeeded, yet – haven’t gotten past the mystery of customer service representatives whose English is a second language. But, since I’m prepaying for a truly cheapo cremation when I shuffle off this mortal coil – I want the absolute minimum which includes my body traveling into the fires of redemption in a cardboard box instead of something really expensive – I’m trying to get a properly sized Amazon Prime box. Appropriately labeled as such.
As a geek who’s been online since 1983 and a devotee of online commerce, I think it would be the best way for me to prep for redistribution of my elemental molecules.
Twitter, hungry for new data to fuel its targeted advertising, will start looking at what other apps its users have downloaded.
Starting Wednesday, the company will begin collecting data on which other apps its users have on their iOS and Android smartphones. The data, Twitter says, will help it deliver better “tailored content” to its users. That’s sure to include ads, but maybe also better recommendations about whom to follow when users sign up, or more relevant first tweets in the feed, which could help Twitter hook people early.
It’s strictly a list of the apps users have installed, Twitter says, not data pertaining to what people do inside those apps. So Twitter would know if you have a ride-hailing app, but it wouldn’t see your rides taken with the app.
Well, this week, anyway.
…Twitter’s move stands to raise privacy concerns at least among some people, perhaps depending on which other apps are on their phones.
Twitter’s data collection will start automatically, unless users have already turned on the built in “limit ad tracking” or “opt out of interest-based ads” option on iOS or Android phones, respectively. Twitter users will be notified of the data collection, but they can turn it off at any time from within their app’s settings, Twitter says. If users turn it off, the data is removed from Twitter’s servers…the company says.
Is the NSA buying stock in Twitter, yet?
Thanks, Walt Mossberg
In the 1960s science fiction film Fantastic Voyage, audiences thrilled to the idea of shrinking a submarine and the people inside it to microscopic dimensions and injecting it into a person’s bloodstream. At the time it was just fantasy and as fantastic an idea as its title suggested. Today, however, micro-miniature travelers in your body have come one step closer to reality. Researchers from the Max Planck Institute have been experimenting with real micro-sized robots that literally swim through your bodily fluids and could be used to deliver drugs or other medical relief in a highly-targeted way…
The microrobots being designed by the team literally are swimmers; they are scallop-like devices designed to paddle through non-Newtonian fluids like blood and plasma (even water behaves in this way at a microscopic level). This means that, unlike swimming in water at a macro-level, these microbots need to move through fluid that has a changing viscosity depending on how much force is exerted upon it.
To do this, the microbots need a method of propulsion that can fit in their tiny bodies as well as take advantage of the non-Newtonian fluid in which they are moving. Importantly, the team is using a reciprocal method of movement to propel their microscallops; but generally this doesn’t work in such fluids, which is why organisms that move around in a biological system use non-reciprocating devices like flagella or cilia to get about.
However these robotic microswimmers actually take advantage of this property and use a scallop swimming motion to move around. The researchers call this process “modulation of the fluid viscosity upon varying the shear rate.” In simple terms, the micro scallops open and close their “shells” to compress the fluid and force it out behind them, which then propels them along.
The fact that the microrobot scallop has no motor to drag around contributes to its exceptionally small size – around 800 microns. This makes it miniscule enough to make its way through your bloodstream, around your lymphatic system, or across the slippery goo on the surface of your eyeballs…
The first and most obvious use would be delivery of medication. The authors are otherwise laid back about suggestions for the future. They’re confident today’s medical researchers are technically hip enough that there will be more potential uses for these microbots than any one team might ever invent.