26 July 2016

Your wireless keyboard is giving up your secrets

Flaws in wireless keyboards let hackers snoop on everything you type

Many popular, low-cost wireless keyboards don't encrypt keystrokes.

By Zack Whittaker for Zero Day | July 26, 2016 -- 13:30 GMT (06:30 PDT) 

Source: ZDNet http://www.zdnet.com/article/millions-of-wireless-keyboards-at-risk-of-spying-by-hackers-in-new-attack/?ftag=TRE17cfd61&bhid=25967687726448640586564689554337

This nondescript USB dongle can be used to spy on wireless keyboards from hundreds of feet away. (Image: Bastille)

Your wireless keyboard is giving up your secrets -- literally.

With an antenna and wireless dongle worth a few bucks, and a few lines of Python code, a hacker can passively and covertly record everything you type on your wireless keyboard from hundreds of feet away. Usernames, passwords, credit card data, your manuscript or company's balance sheet -- whatever you're working on at the time.

It's an attack that can't be easily prevented, and one that almost nobody thought of -- except the security researchers who found it.

Security firm Bastille calls it "KeySniffer," a set of vulnerabilities in common, low-cost wireless keyboards that can allow a hacker to eavesdrop from a distance.

Here's how it works: a number of wireless keyboards use proprietary and largely unsecured and untested radio protocols to connect to a computer -- unlike Bluetooth, a known wireless standard that's been tried and tested over the years. These keyboards are always transmitting, making it easy to find and listen in from afar with the right equipment. But because these keystrokes aren't encrypted, a hacker can read anything on a person's display, and directly type on a victim's computer.

The attack is so easy to carry out that almost anyone can do it -- from petty thieves to state-actors.

Marc Newlin, a researcher at the company who was credited with finding the flaw said it was "pretty alarming" to discover.

"A hacker can 'sniff' all of the keystrokes, as well as inject their own keystrokes on the computer," he explained on the phone this week.

The researchers found that eight out of 12 keyboards from well-known vendors -- including HP, Kensington, and Toshiba -- are at risk of eavesdropping, but the list is far from exhaustive.

The scope of the problem is so large that the researchers fully expect that "millions" of devices are vulnerable to this new attack.

Worst of all? There's no fix.

"I think a lot of consumers reasonably expect that the wireless keyboard they're using won't put them at risk, but consumers might not have a high awareness of this risk," he said.

Ivan O'Sullivan, the company's chief research officer, admitted that the ease of this attack had him unsettled. "As a consumer, I expect that the keyboard that I buy won't transmit my keystrokes in plain-text."

"We were shocked. And consumers should be, too," he said.

This isn't the first time wireless devices have put their users at risk. Bastille was the company behind the now-infamous MouseJack flaw, which let hackers compromise a person's computer through their wireless mouse. Even as far back as 2010, it was known that some keyboards with weak encryption could be easily hacked.

Over half a decade later, Newlin said he was hopeful that his research will make more people aware, but he doesn't think this problem "will be resolved."

"Most of the vendors have not responded to our disclosure information," he said. "Many of the vendors haven't responded past an acknowledgement, or they haven't responded at all to our inquiries."

Though not all wireless keyboards are created equal and many are not vulnerable to the eavesdropping vulnerability, there is an easy fix to a simple problem.

"Get a wired keyboard," the researchers said.

20 July 2016

The procrastinator's guide to free Windows 10 upgrades

The year-long free upgrade offer for Windows 10 ends in a matter of days. If you're on the fence, it's decision time. Here's how to streamline the upgrade process to make it fast, simple, and nearly foolproof.

By Ed Bott for The Ed Bott Report | July 20, 2016 -- 17:39 GMT (10:39 PDT)

You have only a few days left to claim your free upgrade.

Time is running out.

If you have a PC that's currently running Windows 7 or Windows 8.1, you qualify for a free upgrade to Windows 10. But that offer ends in a little over a week, on July 29, 2016, which means it's decision time.

You can stop right here if you're certain you don't want the upgrade. Just say no to the upgrade prompt and the nagging will stop at the end of this mon you're reasonably certain you'll want to upgrade in the next year, you should claim your upgrade now, then roll back to your current operating system. (Details here.)

For those who are ready to make the leap before the closing bell rings, here's how to do it with the maximum safety and minimum hassle.

1. Create an image-based backup of your current Windows installation.

This step is optional but highly recommended. Everyone should have a full backup anyway, and this is as good an excuse as any to make that happen. Both operating systems that support the free Windows 10 upgrade include the Windows 7 Backup tool, which has this capability built in.


17 March 2016

Sticking with Windows 7? The forecast calls for pain

For small businesses and consumers without enterprise deployment tools, a clean install of the aging Windows 7 can take a full day. And the problem's getting worse. Here's why.

By Ed Bott for The Ed Bott Report | March 17, 2016

On Monday morning, I began installing Windows 7 Pro on a clean virtual machine.

On Tuesday morning, more than 24 hours later, the installation was still not finished.

That, in a nutshell, is the unpleasant reality that consumers and small businesses face in sticking with Windows 7 as it counts down to the end of support, 1398 days from today.

The biggest problem, of course, is that Microsoft released Windows 7 Service Pack 1 on February 22, 2011, more than five years ago. Despite occasional rumors and hopes, Microsoft has never released a Service Pack 2 or even a post-SP1 update rollup. Which means that if you try to do a clean install, as I did on Monday, this is what you see when you run Windows Update.

Yes, 216 Important updates are available, and you'd have to be crazy to connect to the Internet without installing those patches first.

But that's not the worst of it.

Just getting to that screen took more than eight hours, thanks to a bug that was documented last fall in Microsoft Knowledge Base article 3102810: Installing and searching for updates is slow and high CPU usage occurs in Windows 7 and Windows Server 2008 R2.

"Slow" does not even begin to describe the glacial pace at which Windows 7 works before even displaying the list of available updates.


Even then you have many hours of work ahead of you. When I started over, using that workaround, it still took nearly three and a half hours from the time I started the clean install until those 216 important updates were finished downloading and installing.

And then, after rebooting and checking Windows Update again, there were three more updates. And 26 more after the next restart, and two more after the next restart...

In all, I spent about eight hours to finish installing Windows 7 and something like 300 Important and Optional updates (I lost count, honestly). And each restart along the way demanded my manual intervention.


If I had to point to one feature in Windows 10 that makes it a slam-dunk upgrade over Windows 7, this is it. Updates are cumulative, which means that after a clean install you have to snag only one update (plus a handful of odds and ends, like the latest update for Adobe Flash). Not 216. Or 47. Or even 16

And you can reset a Windows 10 PC--keeping your data files while rebuilding the operating system in place with the latest version, followed by a single update.

And it's not going to get any easier between now and January 14, 2020, when the extended support phase finally ends. I wouldn't be surprised if the update count is up over 350 by then, with a clean install taking days.

Good luck with that.

04 February 2016

Why switch to Windows 10 or a Mac when you can use Linux Mint 17.3 instead?

Linux Mint 17.3 is the best Linux desktop operating system and it might be the best PC operating system, period, for you.

By Steven J. Vaughan-Nichols for Linux and Open Source | February 3, 2016

My buddy David Gewirtz recently wrote about the question of whether you should move from Windows 7 to Windows 10 or a Mac. I have another suggestion: Linux. Specifically Linux Mint 17.3, Rosa, with the Cinnamon desktop.

Yes, I'm serious. I use all the above desktops -- yes I'm a Windows 7 and 10 user as well as a Linux guy -- and for people I think Mint 17.3 makes a great desktop.
I've been using Mint as my main Linux desktop for years now. Unlike some desktops I could name -- cough, Windows 8, cough -- Linux Mint has never had a flop. Every year that goes by, this operating system keeps getting better. The other desktops? Not so much.
Let's take a closer look.at Windows 7 vs. Linux Mint 17.3
UI Differences
There's really not much. While it's even easier for a Windows XP user to move to Mint than a Windows 7 user, any Windows user won't have any trouble picking up Linux Mint with Cinnamon. There's a Start Menu and settings are easy to find.

03 February 2016

Microsoft as the Godfather, with an offer you can't refuse

From now on, Windows 10 will start to install automatically on your computer

MICROSOFT has stepped up its next-generation operating system to a "recommended" update for all Windows 7 and Windows 8.1 users. The 3GB installer file will now download automatically to your machine.


As promised, Microsoft has upgraded its Windows 10 operating system from an "optional" to a "recommended" update for all Windows 7 and Windows 8.1 users.

The Redmond technology firm first announced the change, which rolled out across Windows Update this week, back in October.

Microsoft is getting increasingly aggressive with its plans to get users to upgrade.

Terry Myerson, Executive Vice President of Windows and Devices Group, posted in the company blog: "As we shared in late October on the Windows Blog, we are committed to making it easy for our Windows 7 and Windows 8.1 customers to upgrade to Windows 10.

"We updated the upgrade experience today to help our customers, who previously reserved their upgrade, schedule a time for their upgrade to take place"

So what does the change to an "recommended" update really mean?

Depending on your Windows Update settings, this change could cause the Windows 10 upgrade process to automatically start on your device.

Microsoft will start to download the 3GB installer to your PC with your input, so that it's ready for whenever you chose to commit to Windows 10.

This is a hefty sized file, and could cause issues with users who have a download limit attached to thier monthly broadband contract.

Fortunately, before the upgrade completely changes the operating system on your machine, you will asked to choose whether or not to continue. 

And if you do upgrade from an older version of Windows to Windows 10 – intentionally or accidentally – there is a months grace when you can rollback to your previous OS without hassle.
"If you’re already running Windows 10 – thank you!" Mr Myerson published.

19 January 2016

New zero-day flaw affects millions of Linux servers, Android devices

The flaw is said to affect "tens of millions" of Linux PCs and servers, and most modern devices running the latest Android KitKat 4.4 software and later.

By Zack Whittaker | January 19, 2016 | ZDNet

A new, previously undiscovered flaw that allows an attacker to escalate local user privileges to the highest "root" level is said to hit "tens of millions" of Linux PCs and servers.

Because some of the code is shared, the zero-day flaw also affects more than two-thirds of all Android devices.

Israeli security firm Perception Point disclosed the flaw in a blog post Tuesday, but it wasn't immediately clear if the bug had been privately reported to Google, which develops the Android software.

Perception Point did not immediately return a request for comment.

The flaw, said to date back to 2012, affects Linux kernel versions 3.8 and higher, which extends to devices running Android KitKat 4.4 and higher.


03 December 2015

Tired of those "Update to Windows 10" pop-ups? Try this.

How to Get Rid of Windows 10 Upgrade Notification in Windows 7 & 8

Written by Christian Cawley
June 15, 2015

Windows 10 is coming, and don’t you know it!? If it isn’t in your email inbox (thanks Microsoft), in your news feed, a reminder on Twitter and Facebook or on the news, it’s there, on your desktop.

Microsoft’s popup reminder about Windows 10 is an aggressive marketing campaign that has the signs of a malware infection, and while the get Windows 10 message is not a virus it is certainly annoying.

So much so that it inspired one developer to release a tool to remove Windows 10 upgrade notifications.

Why Is Windows 10 Being Pushed So Hard?

Before we take a look at how you can get rid of the Windows 10 notification, let’s take a step back for a moment. Windows 10 is coming, that much we know. But why is Microsoft promoting its future operating system so heavily to its existing users?

Read the rest of the article...