Surveillance camera vulnerability could allow hackers to spy on and alter recordings

In newly published research, security firm Tenable reveals how popular video surveillance camera software could be manipulated, allowing would-be attackers the ability to view, disable or otherwise manipulate video footage. The vulnerability, which researchers fittingly dubbed “Peekaboo,” affects software created by NUUO, a surveillance system software maker with clients including hospitals, banks, and schools around […]

In newly published research, security firm Tenable reveals how popular video surveillance camera software could be manipulated, allowing would-be attackers the ability to view, disable or otherwise manipulate video footage.

The vulnerability, which researchers fittingly dubbed “Peekaboo,” affects software created by NUUO, a surveillance system software maker with clients including hospitals, banks, and schools around the globe.

The vulnerability works via a stack buffer overflow, overwhelming the targeted software and opening the door for remote code execution. That loophole means that an attacker could remotely access and take over accounts with no authorization, even taking over networked cameras connected to the target device.

“This is particularly devastating because not only is an attacker able to control the NVR [camera] but the credentials for all the cameras connected to the NVR are stored in plaintext on disk,” Tenable writes.

Tenable provides more details on potential exploits tested with one of NUUO’s NVRMini2 devices on its Github page. One exploit “grabs the credentials to the cameras that are connected to the NVR, creates a hidden admin user, and disconnects any cameras that are currently connected to the NVR.” Not great.

Tenable set its disclosure to NUUO in motion on June 1. NUUO committed to a September 13 patch date to fix the issue but the date was later pushed to September 18, when anyone with affected equipment can expect to see firmware version 3.9.0.1. Organizations that might be vulnerable can use a plugin from the researchers to determine if they’re at risk or contact the manufacturer directly. TechCrunch reached out to NUUO about its plans to push a patch and notify affected users.

What what makes matters worse with this vulnerability is that NUUO actually licenses its software out to at least 100 other brands and 2,500 camera models. Tenable estimates that the vulnerability could put hundreds of thousands of networked surveillance cameras at risk around the world and many of the groups that operate those devices might have no idea that the risk is even relevant to the systems they rely on.

Apple releases iOS 12 to the public

After twelve betas, Apple has finally seeded the final version of iOS 12 to the public. Here’s how you can download and install this update on your iPhone, iPad, or iPod touch. What’s new in iOS 12.0? Finally, iOS 12 (build number 16A366) h…

After twelve betas, Apple has finally seeded the final version of iOS 12 to the public. Here’s how you can download and install this update on your iPhone, iPad, or iPod touch. What’s new in iOS 12.0? Finally, iOS 12 (build number 16A366) has been released for 47 compatible devices. iOS 12 is an operating system that offers better performance and improves a lot upon its buggy predecessor – iOS 11. It also brings new features such as group FaceTime (to be released in a later update), Memojis, new Animojis, camera effects and more goodies for iMessage and FaceTime. Further, the digital wellbeing

The post Apple releases iOS 12 to the public appeared first on Yalu Jailbreak.

Boom’s chief test pilot on the thrill and challenge of going supersonic (again)

“There’s nothing like it out there,” says Retired Commander Bill “Doc” Shoemaker, chief test pilot for Boom Supersonic, the startup aiming to make a passenger airliner for transoceanic flights at speeds (as you might guess from the name) faster than sound. Shoemaker, a former Navy aviator, fighter pilot, and aeronautics engineer, will have the daunting privilege of being the first to fly the company’s proof of concept single-seater during tests next year.

“There’s nothing like it out there,” says Retired Commander Bill “Doc” Shoemaker, chief test pilot for Boom Supersonic, the startup aiming to make a passenger airliner for transoceanic flights at speeds (as you might guess from the name) faster than sound. Shoemaker, a former Navy aviator, fighter pilot, and aeronautics engineer, will have the daunting privilege of being the first to fly the company’s proof of concept single-seater during tests next year.

That there’s nothing like Boom is not exactly a controversial opinion — there aren’t a lot of companies out there trying to resurrect supersonic flight. The Concorde is, after all, so well known a cautionary tale of engineering ambition exceeding the constraints of reality that it verges on hackneyed. But Shoemaker isn’t a silicon valley startup commentator, he’s a test pilot, and his perspective is that of someone who has worked on and flown dozens of aircraft, including supersonic ones, over his decades-long career.

The first question I asked (though not entirely a serious one) when I had a chance to chat with Shoemaker was whether it was a bit premature to have a chief pilot at a company that doesn’t yet have a plane to fly.

“There’s a good reason to have a pilot at this point,” Shoemaker said. As he delicately put it: “Among the team, the pilots are… uniquely committed to the outcome.”

Among other things, test pilots seem to have a knack for understatement. But it’s certainly true.

“You want the operator’s perspective, like how to build the cockpit, how you’ll operate the aircraft. The designer will come to me for that perspective — he’ll say, ‘how can I tweak the design to be more suitable for you?’ You want that cross-industry expertise.”

Boom is making a supersonic airliner, but it’s still mostly a paper plane, if you will. The company’s test craft, the XB-1, however, is being built and should be taking to the air about a year from now. That’s where many of the components, materials, and design choices will be flight-proven. Interestingly, however, actually flying the test craft is a rather analog affair.

“The aircraft is definitely designed around a philosophy, which ‘keep it simple.’ We’re not trying to introduce any more tech than we really need to. The flight controls are not fly-by wire, they’re mechanical,” explained Shoemaker. “It’s going to be an interesting airplane to fly. It goes from 150 knots up to Mach 2.2, and up to 45,000 feet. It’ll be a challenge because of that mechanical stuff, but with what we’re trying to do, keeping it simple makes a lot of sense.”

That’s not to say nothing has changed over the last few decades of aeronautics, a topic in which, if you’ll recall, Shoemaker has a doctorate. Although he said he considers his role as being separate from the flight test engineers who put the craft he’s flown together, he’s still an important part of the team.

He suggested a few areas where he’s seen or expects improvements to the aircraft creation and testing process.

“One is composite materials. That’s huge,” he said, referring to things like carbon fiber and more exotic weaves and alloys that combine a number of desirable characteristics. “The strength and weight improvements offer new opportunities. You know, the Concorde would contract like a foot during flight temperatures, then expand again. Composites don’t do that. All these things make the aircraft lighter, faster, and stronger.”

Second, he briefly noted, engine technology these days is “brisk,” especially combined with the materials advances.

“Last,” he said, “the Concorde design was wind tunnel based, but a lot of the work we do is computation. We can do all the testing they did for the Concorde in a couple days.”

Wind tunnels are still involved, of course, but the models are so good that it’s more for verification than testing. But it also lets designers speed through ideas, evaluating but skipping wild ones without wasting time: “You can look at all these weird corner cases, and explore those very quickly.”

Basic advances in tech mean the team can avoid quirks like the Concorde’s drooping nose, which was there so that pilots could see the runway. “You can all the mechanical complexity that comes with that,” said Shoemaker. “For us we’ll be going with a direct camera or some kind of vision system that’s integrated with all the systems.”

“The airliner itself,” he said, “will be highly augmented [compared to the test jet]. It’ll be fly by wire. Its handling qualities are really quite benign across the envelope. It’s surprising but the way the aircraft handles on one side of the speed of sound isn’t so different from how it handles on the other side.”

Ultimately Shoemaker was optimistic about the whole enterprise, both the company and the prospect of supersonic passenger flight.

“As far as an ambitious project with an ambitious goal, there’s nothing like it out there,” he said. “That’s the value and reward of working with a team this size, a team that really believes they can reinvent and do it better. And it’s well within what we can do with technology — we can do it better than Concorde did, possibly by orders of magnitude.”

As for his part, the test flights set to take place next year, he’s more than a little excited.

“It’ll be a challenge to fly for sure — but it’ll be nice to go that fast again.”

Five security settings in iOS 12 you should change right now

iOS 12, Apple’s latest mobile software for iPhone and iPad, is finally out. The new software packs in a bunch of new security and privacy features you’ve probably already heard about. Here’s what you need to do to take advantage of the new settings and lock down your device. 1. Turn on USB Restricted Mode […]

iOS 12, Apple’s latest mobile software for iPhone and iPad, is finally out. The new software packs in a bunch of new security and privacy features you’ve probably already heard about.

Here’s what you need to do to take advantage of the new settings and lock down your device.

1. Turn on USB Restricted Mode to make hacking more difficult

This difficult-to-find new feature prevents any accessories from connecting to your device — like USB cables and headphones — when your iPhone or iPad has been locked for more than an hour. That prevents police and hackers alike from using tools to bypass your lock screen passcode and get your data.

Go to Settings > Touch ID & Passcode and type in your passcode. Then, scroll down and ensure that USB Accessories are not permitted on the lock screen, so make sure the setting is Off.

2. Make sure automatic iOS updates are turned on

Every time your iPhone or iPad updates, it comes with a slew of security patches to prevent crashes or data theft. Yet, how often do you update your phone? Most don’t bother unless it’s a major update. Now, iOS 12 will update your device behind the scenes, saving you downtime. Just make sure you switch it on.

Go to Settings > General > Software Update and turn on automatic updates.

3. Set a stronger device passcode

iOS has gotten better in recent years with passcodes. For years, it was a four-digit code by default, and now it’s six-digits. That makes it far more difficult to run through every combination — known as brute-forcing.

But did you know that you can set a number-only code of any length? Eight-digits, twelve — even more — and it keeps the number keypad on the lock screen so you don’t have to fiddle around with the keyboard.

Go to Settings > Touch ID & Passcode and enter your passcode. Then, go to Change password and, from the options, set a Custom Numeric Code.

4. Now, switch on two-factor authentication

Two-factor is one of the best ways to keep your account safe. If someone steals your password, they still need your phone to break into your account. For years, two-factor has been cumbersome and annoying. Now, iOS 12 has a new feature that auto-fills the code, so it takes the frustration step out of the equation — so you have no excuse.

You may be asked to switch on two-factor when you set up your phone. You can also go to Settings and tap your name, then go to Password & Security. Just tap Turn on Two-Factor Authentication and follow the prompts.

5. While you’re here… change your reused passwords

iOS 12’s password manager has a new feature: password auditing. If it finds you’ve used the same password on multiple sites, it will warn you and advise you to change those passwords. It prevents password reuse attacks (known as “credential stuffing“) that hackers use to break into multiple sites and services using the same username and password.

Go to Settings > Passwords & Accounts > Website & App Passwords and enter your passcode. You’ll see a small warning symbol next to each account that recognizes a reused password. One tap of the Change Password on Website button and you’re done.

Bluehost vs. HostGator: Which Web Hosting Service Is Best for You?

bluehost-vs-hostgator

If you want to either launch a new website or migrate your existing site to a new provider, you will see two names pop up everywhere: Bluehost HostGator They are two of the largest web hosting providers in the world. Between them, they provide the backend to tens of millions of sites. But which one should you use? A lot depends on the service you need. So, keep reading as we compare Bluehost and HostGator and establish a winner. Bluehost vs. HostGator: Ease of Use As more and more people attempt to create their own website, a service’s ease-of-use is…

Read the full article: Bluehost vs. HostGator: Which Web Hosting Service Is Best for You?

If you want to either launch a new website or migrate your existing site to a new provider, you will see two names pop up everywhere:

They are two of the largest web hosting providers in the world. Between them, they provide the backend to tens of millions of sites.

But which one should you use? A lot depends on the service you need. So, keep reading as we compare Bluehost and HostGator and establish a winner.

Bluehost vs. HostGator: Ease of Use

As more and more people attempt to create their own website, a service’s ease-of-use is an increasingly important feature to consider. Beginners need to be able to get their site online with the minimum of fuss.

Both Bluehost and HostGator use cPanel. cPanel is a widely-used Linux-based platform that offers a range of administrative tools through a graphical interface. While HostGator’s cPanel screen is fairly standard, Bluehost has shifted some menus around to customize its version.

The two hosting companies provide access to the MOJO Marketplace. You can use the marketplace to install WordPress, Weebly, Joomla, Drupal, and many more site-building tools.

Bluehost and HostGator also offer site migration services. Using their migration services means you don’t have to fiddle with FTP and other complicated web hosting practices, saving you both stress and time. HostGator is free if you migrate within the first 30 days, Bluehost charges a surprisingly high $149.

Bluehost vs. HostGator: Server Uptime

If you already run a successful site, one of the most important things to research about your new host is its uptime stats. Downtime leads to lost business opportunities and lost revenue.

Don’t believe us? To use an extreme example, for every five minutes that Amazon is offline, it loses $330,000. Your site might not be on the same scale as Amazon, but uptime definitely matters.

HostGator’s Service Level Agreement (SLA) says you’re entitled to 99.99 percent uptime per year. Bluehost has a projected uptime of 99.982 percent per year; that equates to 1.6 hours of downtime every 12 months.

At the time of writing, the most recent uptime reports (for July 2018) showed HostGator had an uptime of 99.98 percent (with a total downtime of eight minutes). Bluehost had 99.97 percent uptime and 13 minutes of downtime.

Remember, these are company-wide averages. The uptime will vary from plan to plan. The more expensive plans typically offer more reliable uptime.

Bluehost vs. HostGator: Website Speed

Closely tied to uptime is your website’s speed. Like with uptime, a slow site can cause visitors to hit the back button before they’ve had a chance to see what you’re offering.

A recent study showed HostGator had a maximum response time of 3.2 seconds and a minimum response time of 258.07 milliseconds. In contrast, Bluehost had a maximum response time of 2.6 seconds and a minimum time of 915.53 milliseconds.

Despite Bluehost’s lower maximum time, the results revealed Bluehost’s response time increased as traffic increased. HostGator had no such correlation. Worryingly, with just 10 concurrent users, the response time on Bluehost went as high as 3500ms. At 20 users, it jumped to 1060ms.

HostGator’s servers also returned the first byte of data faster than Bluehost, taking 0.377 seconds compared to Bluehost’s 0.401 seconds. The speed it takes to load the first byte of data is unaffected by other things that can cause a page to load slowly (like plugins and media files). This result is entirely determined by a company’s servers.

Bluehost vs. HostGator: Security Features

HostGator and Bluehost provide some basic security features to protect you against hackers and cybercriminals. The protections are very similar.

Regardless of which web hosting provider you choose, you will get a free SSL certificate. HostGator also offers free weekly offsite backups of all your content.

Both companies provide access to SiteLock. It will check for spam, validate your business information, monitor search engine blacklists to avoid an unexpected quarantining, and check for malware.

The two services also both have built-in DDoS protection. Bluehost doesn’t go into much detail about its protections, but HostGator uses a custom firewall and mod security rule sets to protect its users. Each individual datacenter can also enable flood protection on an individual basis if an attack is suspected.

Bluehost vs. HostGator: Plans and Costs

Okay, so how do the Bluehost and HostGator compare in terms of cost? As you would expect, both companies offer a diverse range of plans for everyone from hobbyists to large organizations.

If you’re looking for an entry-level shared web hosting plan, Bluehost and HostGator each provide three choices. The plans offer cheaper rates if you sign up for more months.

Without considering the sign-up discounts, which both companies frequently offer and can be worth 50 percent or more, the cheapest Bluehost plan is $7.99 per month, and the most affordable HostGator plan is $6.95 per month.

For that price, HostGator gives you unlimited storage and unlimited email space, while Bluehost only offers 50GB of SSD storage and 100MB per account of email space. Both entry-level plans only allow one domain.

Note: Check out our guide if you’re not sure how to set up your email on Bluehost.

Moving up, the mid-level shared hosting plans on Bluehost, and HostGator cost $10.99 and $9.95 per month respectively. The top shared hosting plans are $14.99 and $14.95.

At the other end of the scale, HostGator’s top-end dedicated server hosting plan costs $289.99 per month. The money will buy you 8GB of RAM, a four-core CPU, 240GB of disk space, and 3TB of bandwidth.

Bluehost’s competing product is $209.99 per month. You’ll get a four-core, eight thread, 3.3GHz CPU, 1TB of storage, and 15TB of bandwidth.

Bluehost vs. HostGator: Customer Support

Things will go wrong occasionally. It’s one of the inevitabilities of running a website. And when things do go wrong, you need someone to fix them ASAP.

Therefore, the level of support offered by your web hosting company is important.

We’re pleased to report that both Bluehost and HostGator offer excellent customer support. There’s little to choose between them. Each company provides 24/7 support in the form of live chat, email tickets, and telephone reps.

If anything, Bluehost’s support services are slightly more intuitive and thus easier to use.

Bluehost vs. HostGator: The Winner Is…

Look, there’s very little separating the two platforms. We can honestly recommend both Bluehost and HostGator as excellent options if you’re looking for a professional-quality web hosting provider.

But if we had to pick a winner of the Bluehost vs. HostGator faceoff?

HostGator. Its servers are a bit faster, it suffers slightly less downtime, and its plans—at least at the entry-level—are a fraction cheaper.

To Bluehost’s credit, we think it’s support services are more organized than HostGator’s. Bluehost’s user interface is also cleaner and more professional. WordPress also recommends Bluehost.

If you’d like to sign up for a web hosting plan with Bluehost, you’re in luck: Get up to 63% off using this special discount link!

Read the full article: Bluehost vs. HostGator: Which Web Hosting Service Is Best for You?

You can try Siri Shortcuts today in these iOS 12-ready apps

With today’s release of iOS 12, Apple is also rolling out a new feature called Siri Shortcuts, which allows users to create their own voice commands to take actions in apps. For example, you could create a shortcuts for ordering your morning coffee, playing your favorite music, getting your daily schedule, and much more. In […]

With today’s release of iOS 12, Apple is also rolling out a new feature called Siri Shortcuts, which allows users to create their own voice commands to take actions in apps. For example, you could create a shortcuts for ordering your morning coffee, playing your favorite music, getting your daily schedule, and much more. In preparation for the iOS 12 launch, a number of app developers have already added support for Siri Shortcuts – sometimes even through a dedicated button in their app – in order to help nudge users towards adoption.

You can configure Siri Shortcuts in iOS Settings or create more complex voice commands using Apple’s new Shortcuts app, also out today. But these are things that will appeal more to power users – at least for the time being.

Mainstream users, meanwhile, will likely come across Siri Shortcuts for the first time when using their favorite iOS apps.

With iOS 12, app developers can integrate an “Add to Siri” button right in their app’s interface for common tasks that their app can perform – like playing a favorite playlist, for instance.

When a user taps this button, they’ll be directed to a screen where they can record their own custom voice command to launch whatever task or action the developer is suggesting.

In time, a number of apps will roll out this functionality.

But if you’re keen to play with it today, on day one, here are some of the early adopters of this feature.

Pandora

A new playlist isn’t the only update Pandora is rolling out today – it’s also one of the first apps to launch a Siri Shortcuts button. With the app’s iOS 12-optimized update, users can head to the Settings in the Pandora app and tap “Add to Siri.” They can then choose a specific station, album, or playlist and record a custom phrase to say the next time they want to hear it.

Streaks

Habit-tracker Streaks is also among the first to include an “Add to Siri” button. When tapped, users can record custom phrases to complete their tasks. That way you can say things in a more natural style – like, “Hey Siri, I drank my water,” or “I ate healthy today.”

PCalc

Always an early adopter, the popular calculator app has added a Siri Shortcut button that will let you record voice commands for any common activity in the app, like converting currencies, setting the clipboard, opening conversions, and more.

CARROT Weather

The funny and sarcastic weather application CARROT Weather added support for Siri Shortcuts so you can ask for a short-term or long-term forecast for your location or any other location you’ve saved in the app.

The Weather Channel

If you prefer a more traditional weather app, The Weather Channel is also out with Siri Shortcuts support today, too, so you can check your forecast with a voice command.

Things

To do list app Things represents a good use case for Siri Shortcuts, as you can create voice commands for common actions you take in the app, then have them also appear on your Lock screen. For instance, you could ask Siri to “Show Today” or “Add To-Do.” You can even record shortcuts for things you add to your to-do list app a lot, like lists of movies you want to see or errands you need to run.

When you say “Hey Siri, add an errand,” Things will launch a new to-do with everything filled in, including the tags, so all you have to do is enter the title and save.

There are also ready-made to-do’s available for things that are always the same, like a packing list or a favorite recipe. And using the new Shortcuts app, you can combine multiple shortcuts from different apps into one workflow.

 

Sky Guide

Longtime favorite app Sky Guide, a map to the night sky, now lets you ask questions about the stars using your voice. With Siri Shortcuts, you can say “Hey Siri, what start is that?” (or something else you choose) after pointing your phone at a bright star, planet, or satellite.

Citymapper

The handy transit navigation app has also just rolled out support for Siri Shortcuts with an option that will let you say things like “Hey Siri, check my commute,” to have Siri read out info on disruptions, departures and your expected ETA. You can also ask it to route your way home, check departures, and more.

Google News

An unexpected addition, all things considered – but this top news application is already live with Siri Shortcuts support, allowing readers to use voice command to navigate to their favorite news sources and other frequent destinations.

TripIt

The top-rated travel planner is ready to support Siri Shortcuts today, allowing you to configure custom voice commands for common travel tasks like getting your flight details or asking about your other travel plans.

Trello

This top organizer app lets you use Siri Shortcuts to create custom phrases to open up specific cards or boards you’ve created, with its iOS 12-ready update.

Monster Job Search

This job search app will save you from repeatedly typing in the same queries, by allowing you to create a Siri Shortcut for your favorite searches instead.

Bear

This focused and elegant note-taking app will now let you create notes with the sound of your voice – just head to Settings, Siri & Search, All Shortcuts to start building your own custom commands.

Ulysses

Writing editor Ulysses lets you use Shortcuts to open sheets and groups, create new sheets, and more.