Tech Friday


  • A Dark Web database full of 1.4 billion leaked passwords is a hacker's dream:
    • Researchers at 4iQ found a 41GB file that contains 1.4 billion passwords in clear text
    • Clear text means that the passwords are not encoded or encrypted. They are in human readable form
    • It appears that the 1.4 billion records have been aggregated from various sources
    • Researchers have tested some of the passwords and have verified that they are legitimate
    • "It is an aggregated, interactive database that allows for fast (one second response) searches and new breach imports. Given the fact that people reuse passwords across their email, social media, e-commerce, banking and work accounts, hackers can automate account hijacking or account takeover." wrote 4iQ
    • The database was discovered in a community forum on the Dark Web late last year and updated credentials were still being added
    • So far, no one is sure who is responsible for the database
    • There are Bitcoin and Dogecoin wallets for donations
    • Researchers reported that the data in the database demonstrated the dangerous tendency of people to reuse simple passwords across different platforms
    • Now would be a good time to ensure that you are using strong, unique passwords on each site, and to change your passwords!
    • Enable two factor authentication (2FA) wherever possible
  • New Windows 10 features coming in 2018:
    • Since it's release on July 29th, 2015 Microsoft has been adding substantial features once or twice a year
    • The public way Windows is tested provides insight into features that we should see soon
    • The Redstone 4 (version 1803) update may be released in the March/April timeframe
    • Features may include:
      • Timeline: Imagine a browser history, but for your desktop usage. You can find files, apps and sites you've previously accessed and this capability extends to PCs, Android handsets and iPhones running Cortana
      • Cloud Clipboard: Allows users to copy content (images, links, documents, etc.) from a Windows 10 PC to devices running Android, iOS or Windows 10 with the Microsoft Swiftkey keyboard
      • Sets: Tabbed windows that allow you to group related apps, documents, files, websites, etc into separate tabs in a single desktop window
      • Windows 10 Near Share: Similar to Apple Air Drop, allows Window 10 devices in close proximity to share content via Bluetooth
      • Cortana upgrades: Simplifications to the user interface. Collections, the ability for Cortana to track what you're doing and make recommendations
      • Lockscreen personalization: The Lockscreen can display your Cortana, Calendar, Mail and Windows Spotlight images without logging in
      • Enhanced Settings app: Easy to use and controls more settings which requires less digging to control the device
      • Fewer resets: Your customized settings will not be reset after an upgrade
      • Writing and gestures: handwriting recognition is improved and you can use two-finger swipe gestures to dismiss notifications on touch screen devices
      • Start Menu app settings: Access an app's settings from Start Menu tiles
      • UI improvements: A sleeker look and feel with Microsoft's Fluent Design Acrylic effect
      • Quiet Hours updates: Easier to use and customize
      • Storage: new features to easily free up space on your device
      • Startup: a new page in the Apps section that allow syou easily enable or disable apps that launch at startup
      • Sign-in options: users can set security questions to recover their account from the Lockscreen in the event of a forgotten password
      • Privacy: The Documents, Pictures, and Videos pages have been incorporated to let you control which apps can access this content
      • Microsoft Edge: A variety of updates
      • Windows Defender: a new security feature that isolates web pages in Microsoft Edge from each other and from Windows to help protect against zero-day attacks and malware
  • Can hackers use autonomous vehicles to kill us?:
    • Researchers have demonstrated that vehicles can be hacked
    • Teslas and other autonomous vehicles are really just computers on wheels
    • Cybersecurity is notoriously hard. Attackers can take their time to find one single flaw, defenders must constantly defend against any flaw
    • A single attack can compromise all instances of a flaw. Every Tesla (or other make) could be turned into a weapon
    • Most automakers are racing to bring autonomous vehicles to market, perhaps at the expense of security
    • Imagine thousands of Teslas used like cruise missiles, crashing into things like electrical substations or chemical plants at 100+ miles per hour
    • Or thousands of Toyotas suddenly stopping at highway speed
    • At the moment, the primary defense of the automakers is security by obscurity, their systems are not well-known to hackers and terrorists
    • The use of many foreign components adds to the risk of unintentional or malicious flaws
    • There are steps that can be taken to secure autonomous vehicles but it will likely take both business and government cooperation as well as closing markets to foreign competition
    • We need to develop chips that are specialize for security