- Webteam - bizit.rs

FW: Hackers can eavesdrop on mobile calls with $7, 000 worth of equipment | Ars Technica
by Dejan Ristanovic 13 Aug '20

13 Aug '20

Možda zanimljivo... https://arstechnica.com/information-technology/2020/08/your-mobile-calls-ma… Doduše, prema mom shvatanju, to je za one koji koriste VoLTE. Korisnici VIP-a to mogu da koriste, dakle u opasnosti su, ali Telenor je bezbedan jer tamo je to dozvoljeno samo skupljim paketima... Dok ovo uključeno, ne radi internet tokom poziva. Zvuk je kao bolji, veza se uspostavlja trenutno itd, ali džaba... Hackers can eavesdrop on mobile calls with $7,000 worth of equipment VoLTE calls were supposed to be more secure. A fatal flaw can unravel that promise. <https://arstechnica.com/author/dan-goodin/> Dan Goodin - 8/13/2020, 1:55 PM <https://cdn.arstechnica.net/wp-content/uploads/2020/08/revolte-800x340.jpg> <https://cdn.arstechnica.net/wp-content/uploads/2020/08/revolte.jpg> Enlarge <https://revolte-attack.net> Rupprecht et al. The emergence of mobile voice calls over the standard known as Long Term Evolution has been a boon for millions of cell phone users around the world. VoLTE, short for Voice over LTE, provides up to three times the capacity of the earlier 3G standard, resulting in high-definition sound quality that’s a huge improvement over earlier generations. VoLTE also uses the same IP standard used to send data over the Internet, so it has the ability to work with a wider range of devices. VoLTE does all of this while also providing a layer of security not available in predecessor cellular technologies. Now, researchers have demonstrated a weakness that allows attackers with modest resources to eavesdrop on calls. Their technique, dubbed ReVoLTE, uses a software-defined radio to pull the signal a carrier’s base station transmits to a phone of an attacker’s choosing, as long as the attacker is connected to the same cell tower (typically, within a few hundred meters to few kilometers) and knows the phone number. Because of an error in the way many carriers implement VoLTE, the attack converts cryptographically scrambled data into unencrypted sound. The result is a threat to the privacy of a growing segment of cell phone users. The cost: about $7,000. So much for more secure “Data confidentiality is one of the central LTE security aims and a fundamental requirement for trust in our communication infrastructure,” the researchers, from Ruhr University Bochum and New York University, wrote in a <https://revolte-attack.net/media/revolte_camera_ready.pdf> paper presented Wednesday at the <https://www.usenix.org/conference/usenixsecurity20> 29th USENIX Security Symposium. “We introduced the ReVoLTE attack, which enables an adversary to eavesdrop and recover encrypted VoLTE calls based on an implementation flaw of the LTE protocol.” VoLTE encrypts call data as it passes between a phone and a base station. The base station then decrypts the traffic to allow it to be passed to any circuit-switched portion of a cellular network. The base station on the other end will then encrypt the call as it’s transmitted to the other party. The implementation error ReVoLTE exploits is the tendency for base stations to use some of the same cryptographic material to encrypt two or more calls when they’re made in close succession. The attack seizes on this error by capturing the encrypted radio traffic of a target’s call, which the researchers call the target or first call. When the first call ends, the attacker quickly initiates what the researchers call a keystream call with the target and simultaneously sniffs the encrypted traffic and records the unencrypted sound, commonly known as plaintext. The researchers described it this way: The attack consists of two main phases: the recording phase in which the adversary records the target call of the victim, and the call phase with a subsequent call with the victim. For the first phase, the adversary must be capable of sniffing radiolayer transmissions in downlink direction, which is possible with affordable hardware for less than $1,400 [1]. Furthermore, the adversary can decode recorded traffic up to the encryption data (PDCP) when she has learned the radio configuration of the targeted eNodeB. However, our attacker model does not require the possession of any valid key material of the victim. The second phase requires a Commercial Off-TheShelf (COTS) phone and knowledge of the victim’s phone number along with his/her current position (i.e., radio cell). The attacker then compares the encrypted and plaintext traffic from the second call to deduce the cryptographic bits used to encrypt the call. Once in possession of this so-called “ <https://en.wikipedia.org/wiki/Keystream> keystream, the attacker uses it to recover the plaintext of the target call. “The ReVoLTE attacks exploit the reuse of the same keystream for two subsequent calls within one radio connection,” the researchers wrote in a <https://revolte-attack.net/> post explaining the attack. “This weakness is caused by an implementation flaw of the base station (eNodeB).” The figure below depicts the steps involved, and the video below the figure shows ReVoLTE in action: <https://cdn.arstechnica.net/wp-content/uploads/2020/08/revolte-diagram.jpg> <https://cdn.arstechnica.net/wp-content/uploads/2020/08/revolte-diagram.jpg> Enlarge Rupprecht et al. Demonstration of the ReVoLTE attack in a commercial LTE network. Limited, but practical in the real world ReVoLTE has its limitations. Matt Green, a Johns Hopkins University professor who specializes in cryptography, <https://blog.cryptographyengineering.com/2020/08/12/attack-of-the-week-voic…> explained that real-world constraints—including the specific codecs in use, vagaries in the way encoded audio is transcoded, and compression of packet headers—can make it difficult to obtain the full digital plaintext of a call. Without the plaintext, the decryption attack won't work. He also said that keystream calls must be made within about 10 seconds of the target call ending. Additionally, the amount of the target call that can be decrypted depends on how long the keystream call lasts. A keystream call that lasts only 30 seconds will provide only enough keystream material to recover 30 seconds of the target call. ReVoLTE also won’t work when base stations follow the LTE standard that dictates against the reuse of keystreams. And as already mentioned, the attacker has to be in radio range of the same cell tower as the target. Despite the limitations, the researchers were able to recover 89 percent of the conversations they eavesdropped on, an accomplishment that demonstrates that ReVoLTE is effective in real-world settings, as long as base stations incorrectly implement LTE. The equipment required includes (1) commercial off-the-shelf phones that connect to cellular networks and record traffic and (2) commercially available <https://www.softwareradiosystems.com/products/> Airscope software radio to perform real-time decoding of LTE downlink traffic. “An adversary needs to invest less than $7,000 to create a setup with the same functionality and, eventually, the ability to decrypt downlink traffic,” the researchers wrote. “While our downlink ReVoLTE is already feasible, a more sophisticated adversary can improve the attack’s efficiency by extending the setup with an uplink sniffer, e. g., the <https://www.sanjole.com/brochures-2/WaveJudge4900A-LTEHandout-Feb11-2012.pdf> WaveJudge5000 by SanJole where we can exploit the same attack vector, and access both directions simultaneously.” Am I vulnerable? In initial tests, the researchers found that 12 of 15 randomly selected base stations in Germany reused keystreams, making all VoLTE calls transmitted through them vulnerable. After reporting their findings to the industry group <https://www.gsma.com/security/gsma-coordinated-vulnerability-disclosure-pro…> Global System for Mobile Applications, a retest found that the affected German carriers had fixed their base stations. With more than 120 providers around the world and over 1,200 different device types supporting VoLTE, it will likely take more time for the eavesdropping weakness to be fully eradicated. “However, we need to consider a large number of providers worldwide and their large deployments,” the researchers wrote. “It is thus crucial to raise awareness about the vulnerability.” The researchers have released an <https://github.com/RUB-SysSec/mobile_sentinel> Android app that will test if a network connection is vulnerable. The app requires a rooted device that supports VoLTE and runs a Qualcomm chipset. Unfortunately, those requirements will make it hard for most people to use the app. I emailed AT&T, Verizon and Sprint/T-Mobile to ask if any of their base stations are vulnerable to ReVoLTE. So far none of them has responded. This post will be updated if replies come later. “Utterly devastating” ReVoLTE builds off of a <https://www.cs.ubbcluj.ro/~forest/rdsos/articole/security/krack-lte4g.pdf> seminal research paper published in 2018 by computer scientists at the University of California at Los Angeles. They found that LTE data was often encrypted in a way that used the same keystream more than once. By using what's known as an <https://en.wikipedia.org/wiki/Exclusive_or> XOR operation on the encrypted data and the corresponding plaintext traffic, the researchers could generate keystream. With that in hand, it was trivial to decrypt the data from the first call. The figure below shows how ReVoLTE does this: <https://cdn.arstechnica.net/wp-content/uploads/2020/08/revolte-decryption-o…> <https://cdn.arstechnica.net/wp-content/uploads/2020/08/revolte-decryption-o…> Enlarge Rupprecht et al. “The keystream call allows the attacker to extract the keystream by XOR-ing the sniffed traffic with the keystream call plaintext,” ReVoLTE researchers explained. “The keystream block is then used to decrypt the corresponding captured target ciphertext. The attacker thus computes the target call plaintext.” While ReVoLTE exploits the incorrect implementation of LTE, Johns Hopkins’ Green said some of the fault lies in the opaqueness of the standard itself, a shortcoming that he likens to “begging toddlers not to play with a gun.” “Inevitably, they’re going to do that and terrible things will happen,” he wrote. “In this case, the discharging gun is a keystream re-use attack in which two different messages get XORed with the same keystream bytes. This is known to be utterly devastating for message confidentiality.” The researchers provide several suggestions that cellular providers can follow to fix the problem. Obviously, that means not reusing the same keystream, but it turns out that's not as straightforward as it might seem. A short-term countermeasure is to increase the number of what are known as radio bearer identities, but because there's a finite number of these, carriers should also use inter-cell handovers. Normally, these handovers allow a phone to remain connected as it transfers from one cell to another. A built-in key reuse avoidance makes the procedure useful for security as well. “[As] a long-term solution, we recommend specifying mandatory media encryption and integrity protection for VoLTE,” the researchers wrote. “This provides long-term mitigation for known issues, e. g., key reuse, and missing integrity protection on the radio layer, and introduces an additional layer of security.” Sent from my iPad 2018

1 0

FW: Boeing 747s still get critical updates via floppy disks - The Verge
by Dejan Ristanovic 13 Aug '20

13 Aug '20

:) https://www.theverge.com/2020/8/11/21363122/boeing-747s-floppy-disc-updates… Boeing 747s still get critical updates via floppy disks <https://www.theverge.com/authors/tom-warren> Tom WarrenAug 11, 2020, 7:08am EDT <https://cdn.vox-cdn.com/thumbor/DN8aduOgBpXot6U1XCXkpfMSDao=/0x0:5408x3600/…> Photo by Matthew Horwood/Getty Images Boeing’s 747-400 aircraft, first introduced in 1988, is still receiving critical software updates through 3.5-inch floppy disks. <https://www.theregister.com/2020/08/10/boeing_747_floppy_drive_updates_walk…> The Register reports that security researchers at Pen Test Partners recently got access to a British Airways 747, after the airline decided to retire its fleet following a plummet in travel during the coronavirus pandemic. The team was able to inspect the full avionics bay beneath the passenger deck, with its data center-like racks of modular black boxes that perform different functions for the plane. Pen Test Partners discovered a 3.5-inch floppy disk drive in the cockpit, which is used to load important navigation databases. It’s a database that has to be updated every 28 days, and an engineer visits each month with the latest updates. While it might sound surprising that 3.5-inch floppy disks are still in use on airplanes today, many of Boeing’s 737s have also been using floppy disks to load avionics software for years. The databases housed on these floppy discs are increasingly getting bigger, according to a 2015 <https://www.aviationtoday.com/2014/08/29/teledyne-brings-aircraft-informati…> report from Aviation Today. Some airlines have been moving away from the use of floppy discs, but others are stuck with engineers visiting each month to sit and load eight floppies with updates to airports, flight paths, runways, and more. The 10-minute video tour of the 747 (above) is a fascinating insight into the parts of the plane you never get to see, particularly on a decades-old airliner. The tour is part of this year’s virtual Def Con conference, the US’ largest hacker conference. As modern planes rely upon ever more sophisticated technology, security researchers are increasingly interested in how planes prevent passengers from interfering with flights. <https://cdn.vox-cdn.com/thumbor/1vE213LQCTaJCIH4YxGYcsE_GOs=/0x0:1666x934/1…> Boeing’s 747 floppy disk drive. Aerospace Village ( <https://youtu.be/yq8wgJO-JXY> YouTube) Security is particularly relevant when it comes to in-flight entertainment systems. A cybersecurity professor <https://go.redirectingat.com?id=66960X1514734&xs=1&url=https%3A%2F%2Fwww.li…> discovered a buffer overflow exploit onboard a British Airways flight last year. The professor was able to use a USB mouse to input long strings of text into an in-flight chat app, crashing the entire in-flight entertainment system for his seat. Security researchers are still hunting for vulnerabilities that would allow them to communicate with flight systems from publicly accessible parts of planes. A focus on security is even more important on the latest aircraft. Modern planes like Boeing’s 777X and 787 use fiber networks, where all the avionics plug into this network and are controlled by a pair of computers that run flight critical software. It’s more of a traditional network like you’d find inside an office building, and some of the latest airliners even receive software updates over the air. The software that powers modern aircraft isn’t always reliable, though. Boeing only just <https://www.theverge.com/2020/5/27/21272478/boeing-737-max-resumes-producti…> resumed production of its troubled 737 Max airplane after software glitches led to <https://www.theverge.com/2019/3/22/18275736/boeing-737-max-plane-crashes-gr…> two fatal crashes that killed a total of 346 passengers and crew members. Despite modern technology being available, it hasn’t stopped floppy disks from persisting in other industries. The US Defense Department only <https://www.theverge.com/2019/10/25/20931800/usa-nuclear-8-inch-floppy-disk…> ended the use of 8-inch floppy disks for coordinating the country’s nuclear forces in October, and the International Space Station is <https://www.theverge.com/2018/11/22/18107919/international-space-station-fl…> full of floppy disks. Sent from my iPad 2018

1 0

NBA Virtual Fans Powered by MS Teams
by Dejan Ristanovic 08 Aug '20

08 Aug '20

Ko prati NBA završnicu može da vidi "publiku" na velikim LED ekranima pored terena. Za tu kerefeku se koristi tzv Together Mode u MS Teamsu. <https://www.theverge.com/2020/7/24/21337326/nba-microsoft-teams-together-mo de-basketball-virtual-experience-fans> https://www.theverge.com/2020/7/24/21337326/nba-microsoft-teams-together-mod e-basketball-virtual-experience-fans m.

1 0

FW: Meet The Man Who Lost The Most Money In Human History | Celebrity Net Worth
by Dejan Ristanovic 04 Aug '20

04 Aug '20

Možda zanimljivo - ko je izgubio najviše novca u istoriji? From: Dejan Ristanovic <dejan(a)ristanovic.com> Sent: Tuesday, August 4, 2020 9:58 PM Subject: Meet The Man Who Lost The Most Money In Human History | Celebrity Net Worth https://www.celebritynetworth.com/articles/entertainment-articles/meet-the-… Meet The Man Who Lost The Most Money In Human History By Brian Warner on August 2, 2020 in Articles › Entertainment Back in 2014, Brazilian businessman Eike Batista lost an <https://www.celebritynetworth.com/articles/entertainment-articles/eike-bati…> astonishing amount of money thanks to a precipitous drop in the worldwide commodities market. In less than a year, Eike's net worth dropped from $35.5 billion to less than $200 million. You might assume that that losing $34.3 billion might be the largest drop in personal wealth of all time, but that is not true. That honor belongs to a Japanese man by the name of <https://www.celebritynetworth.com/richest-businessmen/richest-billionaires/…> Masayoshi Son. Masayoshi Son is the founder and CEO of Japanese telecommunications conglomerate SoftBank. In the year 2000, as the dotcom bubble swelled, Masayoshi Son's net worth peaked at $76 billion. Then the bubble burst. Exploded might actually be a better word. As Softbank's share price plummeted, Masayoshi Son experienced the single largest loss of personal net worth in human history. Here is that story… Masayoshi Son moved with his family from Japan to California when he was just 16 years old. He barely spoke English but eventually graduated from UC Berkeley with degrees in both economics and computer science. One of his first businesses was importing cheap knock-off versions of the arcade game Space Invaders then renting them to laundromats. Soon after turning 24, Masayoshi Son founded SoftBank in Tokyo. Within a year, SoftBank was developing various programs for the PC on top of publishing two popular magazines that focused on the personal computer industry. Always striving for bigger and better, Masayoshi Son spent the next decade transforming SoftBank into a full fledged media and telecommunications empire. By the mid 90s, SoftBank was operating a stock brokerage firm and Japan's #1 satellite television provider. He also convinced Yahoo to allow him to independently launch what would become Japan's largest search engine, Yahoo! Japan. <https://vz.cnwimg.com/thumb-900x/wp-content/uploads/2014/08/GettyImages-477…> Koki Nagahama/Getty Images After taking SoftBank public in 1995, Masayoshi Son became an overnight billionaire. Over the next five years, he used SoftBank's newly acquired war chest to expand his empire at a very rapid pace just as the Dotcom bubble was heating. By 1999, SoftBank was one of the largest internet technology companies in the world. Through SoftBank, Masayoshi Son purchased large stakes in dozens of high flying companies like E*Trade, Alibaba, and Japan's Nippon Credit Bank. For a time, these investments looked brilliant and SoftBank's market cap grew to an all time high of $180 billion. As the owner of 42% of SoftBank's equity, Masayoshi Son's net worth swelled to a whopping $76 billion in early 2000. Two months later, on March 10, 2000, the NASDAQ Composite (the stock exchange that listed nearly all bubble internet companies), peaked at 5,048, more than twice the value from one year earlier. At this point in history, there were more than 300 publicly traded internet companies on the NASDAQ with a combined value of $1.3 trillion that essentially did not exist three years prior. Two months later, in May 2000, the NASDAQ composite had dropped to 3,300. On September 28, 2001 (as the nation reeled from 9/11), the NASDAQ dropped to 1,500. Another year later the market bottomed at 1,200. That's a 76% drop over two very painful years. A company like SoftBank, with so much exposure to the internet sector, did not fare well in these difficult times. Every single investment Masayoshi Son had championed over the previous five years was decimated. As just one example, Softbank's $400 million investment in E*Trade was reduced to just $22 million. Softbank's market cap dropped a mind-numbing 98% from $180 billion to $2.5 billion. And with that drop, Masayoshi Son's net worth plummeted from an all time high of $76 billion to an all time low of $1.1 billion. A personal loss of $74.9 billion. Ouch. Ok he was still a billionaire, and maybe we shouldn't feel too bad for him. But in the words of the great Chris Rock, "If Bill Gates woke up tomorrow with Oprah's money, he'd jump out a fuckin' window and slit his throat on the way down saying, "I can't even put gas in my plane!" So perhaps we give the guy a tiny bit of sympathy. And if you do feel bad for Masayoshi Son we have some good news. With time, Softbank slowly started to recover and rebuild. Today, Softbank is the third largest internet company in Japan thanks largely to its acquisition of cell phone giant Sprint. As of August 2017, Masayoshi Son owns 22% of Softbank and has a personal net worth of $31 billion. Masayoshi Son lives in a $50 million three story mansion in Tokyo that features a private, programmable golf-range that can mimic temperature and weather conditions of every top golf course in the world. When <https://www.celebritynetworth.com/richest-businessmen/richest-billionaires/…> Bill Gates visited his house, he was reportedly speechless. In 2012, Masayoshi Son dropped a cool $117 million to purchase a mansion in Woodside, California near Silicon Valley. He also owns a professional Japanese baseball team called the Softbank Hawks. He may not have $76 billion anymore, but it looks like he's surviving. How would you feel after realizing your net worth dropped $74.5 billion? Sent from my iPad 2018

1 0

Rat algoritama
by Dejan Ristanovic 04 Aug '20

04 Aug '20

Kako zamaskirati sliku This Tool Could Protect Your Photos From Facial Recognition Researchers at the University of Chicago want you to be able to post selfies without worrying that the next Clearview AI will use them to identify you. Before and after photographs of, from left, Jessica Simpson, Gwyneth Paltrow and Patrick Dempsey that were cloaked by the Fawkes team. Credit...SAND Lab, University of Chicago By <https://www.nytimes.com/by/kashmir-hill> Kashmir Hill * Aug. 3, 2020 * Updated 2:24 p.m. ET In recent years, companies have been <https://onezero.medium.com/this-simple-facial-recognition-search-engine-can -track-you-down-across-the-internet-518c7129e454> prowling the web for public photos associated with people's names that they can use to build enormous databases of faces and <https://www.nytimes.com/interactive/2019/10/11/technology/flickr-facial-rec ognition.html> improve their facial-recognition systems, adding to a growing sense that personal privacy is being lost, bit by digital bit. A start-up called Clearview AI, for example, scraped <https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-reco gnition.html> billions of online photos to build a tool for police that could lead them from a face to a Facebook account, revealing a person's identity. Now researchers are trying to foil those systems. A team of computer engineers at the University of Chicago has developed a tool that disguises photos with pixel-level changes that confuse facial recognition systems. Named <http://sandlab.cs.uchicago.edu/fawkes/> Fawkes in honor of the <https://www.nytimes.com/2019/11/05/opinion/guy-fawkes-day-v-for-vendetta.ht ml> Guy Fawkes mask favored by protesters worldwide, the software was made available to developers on the researchers' website last month. After being discovered by <https://news.ycombinator.com/item?id=23917337> Hacker News, it has been downloaded more than 50,000 times. The researchers are working on a free app version for noncoders, which they hope to make available soon. The software is not intended to be just a one-off tool for privacy-loving individuals. If deployed across millions of images, it would be a broadside against facial recognition systems, poisoning the accuracy of the so-called data sets they gather from the web. "Our goal is to make Clearview go away," said Ben Zhao, a professor of computer science at the University of Chicago. Fawkes converts an image - or "cloaks" it, in the researchers' parlance - by subtly altering some of the features that facial recognition systems depend on when they construct a person's face print. In a <https://arxiv.org/pdf/2002.08327.pdf> research paper, reported earlier by <https://onezero.medium.com/this-filter-makes-your-photos-invisible-to-facia l-recognition-a26929b5ccf> OneZero, the team describes "cloaking" photos of the actress Gwyneth Paltrow using the actor Patrick Dempsey's face, so that a system learning what Ms. Paltrow looks like based on those photos would start associating her with some of the features of Mr. Dempsey's face. The changes, usually subtle and not perceptible to the naked eye, would prevent the system from recognizing Ms. Paltrow when presented with a real, uncloaked photo of her. In testing, the researchers were able to fool facial recognition systems from Amazon, Microsoft and the Chinese tech company Megvii. To test the tool, I asked the team to cloak some images of me and my family. I then uploaded the originals and the cloaked images to Facebook to see if it fooled the social network's <https://www.facebook.com/help/122175507864081> facial recognition system. It worked: Facebook tagged me in the original photo but did not recognize me in the cloaked version. However, the changes to the photos were noticeable to the naked eye. In the altered images, I looked ghoulish, my 3-year-old daughter sprouted what looked like facial hair and my husband appeared to have a black eye. The researchers had a few explanations for this. One is that the software is designed to match you with the face template of someone who looks as much unlike you as possible, pulling from <http://www.robots.ox.ac.uk/~vgg/data/vgg_face2/> a database of celebrity faces. That usually ends up being a person of the opposite gender, which leads to obvious problems. "Women get mustaches, and guys get extra eyelashes or eye shadow," Mr. Zhao said. He is enthusiastic about what he calls "privacy armor" and previously helped design <https://www.nytimes.com/2020/02/14/technology/alexa-jamming-bracelet-privac y-armor.html> a bracelet that stops smart speakers from overhearing conversations. The team says it plans to tweak the software so that it will no longer subtly change the gender of users. The other issue is that my experiment wasn't what the tool was designed to do, so Shawn Shan, a Ph.D. student at the University of Chicago who is one of the creators of the Fawkes software, made the changes to my photos as extreme as possible to ensure that it worked. Fawkes isn't intended to keep a facial recognition system like Facebook's from recognizing someone in a single photo. It's trying to more broadly corrupt facial recognition systems, performing an algorithmic attack called data poisoning. The researchers said that, ideally, people would start cloaking all the images they upload. That would mean a company like Clearview that scrapes those photos wouldn't be able to create a functioning database, because an unidentified photo of you from the real world wouldn't match the template of you that Clearview would have built over time from your online photos. But Clearview's chief executive, Hoan Ton-That, ran a version of my Facebook experiment on the Clearview app and said the technology did not interfere with his system. In fact, he said his company could use images cloaked by Fawkes to improve its ability to make sense of altered images. "There are billions of unmodified photos on the internet, all on different domain names," Mr. Ton-That said. "In practice, it's almost certainly too late to perfect a technology like Fawkes and deploy it at scale." Other experts were also skeptical that Fawkes would work. Joseph Atick, a facial recognition pioneer <https://www.nytimes.com/2014/05/18/technology/never-forgetting-a-face.html> who has come to regret the surveillance society he helped to create, said the volume of images of ourselves that we have already made available will be too hard to overcome. "The cat is out of the bag. We're out there," Dr. Atick said. "While I encourage this type of research, I'm highly skeptical this is a solution to solve the problem that we're faced with." Dr. Atick thinks that only lawmakers can ensure that people have a right to facial anonymity. No such federal law is on the horizon, though Democratic senators did recently propose a <https://www.markey.senate.gov/news/press-releases/senators-markey-and-merkl ey-and-reps-jayapal-pressley-to-introduce-legislation-to-ban-government-use- of-facial-recognition-other-biometric-technology> ban on government use of facial recognition. "I personally think that no matter which approach you use, you lose," said Emily Wenger, a Ph.D. student who helped create Fawkes. "You can have these technological solutions, but it's a cat-and-mouse game. And you can have a law, but there will always be illegal actors." Ms. Wenger thinks "a two-prong approach" is needed, where individuals have technological tools and a privacy law to protect themselves. Elizabeth Joh, a law professor at the University of California, Davis, has written about tools like Fawkes as " <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2285095> privacy protests," where individuals want to thwart surveillance but not for criminal reasons. She has repeatedly seen what she called a "tired rubric" of surveillance, then countersurveillance and then anti-countersurveillance, as new monitoring technologies are introduced. "People are feeling a sense of privacy exhaustion," Ms. Joh said. "There are too many ways that our conventional sense of privacy is being exploited in real life and online." For Fawkes to have an immediate effect, we would need all the photos of ourselves that we have already posted to be cloaked overnight. That could happen if a huge platform that maintains an enormous number of online images decided to roll out Fawkes systemwide. A platform like Facebook adopting Fawkes would prevent a future Clearview from scraping its users' images to identify them. "They could say, 'Give us your real photos, we'll cloak them, and then we'll share them with the world so you'll be protected,'" Mr. Zhao said. Jay Nancarrow, a Facebook spokesman, did not rule out that possibility when asked for comment. "As part of our efforts to protect people's privacy, we have a dedicated team exploring this type of technology and other methods of preventing photo misuse," Mr. Nancarrow said. "I'm actually interning on that exact team at Facebook right now," said the Fawkes co-creator Mr. Shan.

1 0

TikTok
by Dejan Ristanovic 04 Aug '20

04 Aug '20

Microsoft kupuje TikTok? https://techcrunch.com/2020/08/03/trump-calls-tiktok-a-hot-brand-demands-a-c hunk-of-its-sale-price/?tpcc=ECTW2020

1 0

Garmin Ransomware
by Dejan Ristanovic 02 Aug '20

02 Aug '20

Izgleda da je Garmin platio... Pozdrav, Dejan https://www.bleepingcomputer.com/news/security/confirmed-garmin-received-de… Confirmed: Garmin received decryptor for WastedLocker ransomware <https://www.bleepingcomputer.com/author/lawrence-abrams/> Lawrence Abrams <https://www.bleepstatic.com/content/hl-images/2020/08/01/garmin-office.jpg> BleepingComputer can confirm that Garmin has received the decryption key to recover their files encrypted in the WastedLocker Ransomware attack. On July 23rd, 2020, Garmin suffered a worldwide outage where customers could not access their connected services, including the Garmin Connect, flyGarmin, Strava, inReach solutions. <https://img.connatix.com/067e5169-ece3-4ce8-87ad-c7961b8bb396/1.png> Top Articles Havenly discloses data breach after 1.3M accounts leaked online <https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/38f5f20e-b939…> <https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/4fc0f2a9-3800…> <https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/b969cbb7-3e49…> <https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/d828405c-3cb5…> <https://img.connatix.com/d59f5d0c-2087-416a-821c-141798bc501e/63bc408d-2330…> Read More BleepingComputer was the first to confirm that they suffered a <https://www.bleepingcomputer.com/news/security/garmin-outage-caused-by-conf…> cyberattack by the WastedLocker Ransomware operators after employees shared photos of encrypted workstations, and we found a sample of the ransomware utilized in the attack. <https://www.bleepstatic.com/images/news/ransomware/attacks/g/garmin-wastedl…> Photo of encrypted Garmin workstation Employees later shared with BleepingComputer that the ransom demand was $10 million. After a four day outage, Garmin suddenly announced that they were <https://www.bleepingcomputer.com/news/security/garmin-confirms-ransomware-a…> starting to restore services, and it made us suspect that they paid the ransom to receive a decryptor. Garmin refused, though, to comment any further. Confirmed: Garmin received a WastedLocker decryption key Today, BleepingComputer gained access to an executable created by the Garmin IT department to decrypt a workstation and then install a variety of security software on the machine. WastedLocker is an enterprise-targeting ransomware with no known weaknesses in their encryption algorithm. This lack of flaws means that a decryptor can not be made for free. If you work at Garmin or know someone working there with first-hand information on this incident, you can confidentially contact us on Signal at <tel:+16469613731> +16469613731. To obtain a working decryption key, Garmin must have paid the ransom to the attackers. It is not known how much was paid, but as previously stated, an employee had told BleepingComputer that the original ransom demand was for $10 million When extracted, this restoration package includes various security software installers, a decryption key, a WastedLocker decryptor, and a script to run them all. <https://www.bleepstatic.com/images/news/security/attacks/g/garmin/restorati…> Garmin restoration package contents When executed, the restoration package decrypts the computer and then preps the machine with security software. <https://www.bleepstatic.com/images/news/security/attacks/g/garmin/script.jpg> Garmin script to restore a workstation Garmin's script contains a timestamp of '07/25/2020', which indicates that the ransom was paid either on July 24th or July 25th. Using the sample of WastedLocker from the Garmin attack, BleepingComputer encrypted a virtual machine and tested the decryptor to see if it would decrypt our files. In our test, demonstrated in the video below, the decryptor had no problems decrypting our files. All companies should follow the general rule of wiping all computers and installing a clean image after a ransomware attack. This reinstall is necessary as you never know what the attackers changed during their incursion. Based on the script above, it does not appear that Garmin is following this guideline and is simply decrypting the workstations and installing security software. Custom decryptor used The decryptor enclosed in the package includes references to both cybersecurity firm Emsisoft and ransomware negotiation service firm Coveware. When BleepingComputer reached out to Coveware, we were told that they do not comment on any ransomware incidents reported in the media. In a similar response, Emsisoft told us that they could not comment on any cases, but that they create decryption tools and are not involved in ransom payments. "I cannot comment on specific cases, but generally speaking, Emsisoft has no involvement whatsoever in negotiating or transacting ransom payments. We simply create decryption tools," Brett Callow, a threat analyst at security firm Emsisoft, told BleepingComputer. Emsisoft commonly makes custom ransomware decryptors when the tools supplied by the threat actors are buggy or if companies are concerned that they may contain backdoors. "If the ransom has been paid but the attacker-provided decryptor is slow or faulty, we can extract the decryption code and create a custom-built solution that decrypts up to 50 percent faster with less risk of data damage or loss," Emsisoft's <https://help.emsisoft.com/en/2863/ransomware-advisory-and-recovery-services/> ransomware recovery services page states. As Evil Corp has been attributed as the creator of WastedLocker and was <https://home.treasury.gov/news/press-releases/sm845> placed on the US sanctions list for using Dridex to <https://www.bleepingcomputer.com/news/security/evil-corp-hackers-charged-fo…> cause more than $100 million in financial damages, paying this ransomware could lead to hefty fines from the government. Due to these sanctions, sources familiar with Coveware have told BleepingComputer that the negotiation company has placed WastedLocker on their restricted list in early July, and are not handling negotiations for related attacks. Garmin has not responded to our queries at this time. Related Articles: <https://www.bleepingcomputer.com/news/security/garmin-confirms-ransomware-a…> Garmin confirms ransomware attack, services coming back online <https://www.bleepingcomputer.com/news/security/garmin-outage-caused-by-conf…> Garmin outage caused by confirmed WastedLocker ransomware attack <https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-…> The Week in Ransomware - July 31st 2020 - Cooked Crab <https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-…> The Week in Ransomware - July 24th 2020 - Navigation failure <https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-…> The Week in Ransomware - July 3rd 2020 - Yes, Macs need antivirus Sent from my iPad 2018

1 0

FW: Emoji u imenima fajlova
by Dejan Ristanovic 31 Jul '20

31 Jul '20

Kako smo do sada živeli bez ovoga... ;)) https://www.howtogeek.com/682868/%e2%9c%a8-you-can-use-emoji-in-file-names-o n-windows-10/

1 0

Garmin
by Dejan Ristanovic 27 Jul '20

27 Jul '20

Evo (ukoliko je verovati Dalu Mail-u) priče o hakeru koji je "zarobio" Garmin. Vidite da krade milione dolara i ne živi loše sa svim tim Lamburdžinima i Gospođom Haker na priloženoj slici (a ta je ujedno ćerka nekog ruskog KGB-ovca ili šta je već) Koliko vidim, Garmin polako pušta neke servise, počelo da se sinhronizuje. Ali radi jako, jako sporo radi. Portal ne radi, ali očigledno su krenuli da vraćaju a Rus da bira novu Lambu :) Izgleda da im je glavni problem da hendluju requests. Em što gomila uređaja oće da se sinhronizuje, em što oni moraju da rade sync sa stravom, training peaks-om i gomilom drugih servisa. Vidim obaveštenje na stravi da su počeli sync sinoć i da će verovatno da traje 7 dana (!?). Zamišljam, milioni uređaja pokušavaju da se zakače. Oni koji se zakače, rade sync. Sync traje. Pita server imaš ovo, imam, imaš ovo, imam, imaš ovo, nemam, evo ti ovo, jel dobro, jeste, crc mrc pa u krug. Server load 100% flat line. Dok to traje, milioni gađaju svako malo i pokušavaju da se konektuju. Pozdrav, Dejan https://www.dailymail.co.uk/news/article-8562805/Will-Garmin-pay-10-Million… Will Garmin pay $10 Million ransom in order to bring to an end ransomware attack after three days? * The navigation company was hit by a ransomware attack on Thursday with customers unable to log in to their apps and record their fitness sessions for five straight days - pilots who use their apps have also been affected Tens of millions of people around the world have found their Garmin devices, including those used by runners, cyclists and pilots, down for a fifth day after being hacked by Russian group Evil Corps which is demanding a $10m ransom to restore their operation. Garmin has been ordered to pay the ransom by the cybercriminal group headed by a 33-year-old Russian playboy hacker, Maksim Yakubets, who drives a customized $250,000 Lamborghini. In December 2019, the FBI placed a $5 million bounty on Yakubets head for information leading to his capture. It is the largest reward being offered for an alleged criminal connected to cybercrime. Yakubets' latest target is Garmin, which has still offered no explanation for their outage, but security analysts said the reason is likely ransomware, a technique used by hackers to encrypt data and extort funds. The company said on <https://www.dailymail.co.uk/sciencetech/twitter/index.html> Twitter that its website and Garmin Connect fitness app had been offline since Thursday. It said the 'flyGarmin' site used for aviation databases was also down. <https://i.dailymail.co.uk/1s/2020/07/27/06/31231570-8562805-Maksim_Yakubets…> &lt;img id="i-55a4b72c09002459" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31231570-8562805-Maksim_Yakubets…" height="542" width="962" alt="Maksim Yakubets speaks with a police officer. Yakubets drives a customized Lamborghini Huracan supercar with a personalized number plate that translates to the word 'Thief'" class="blkBorder img-share" /&gt; Maksim Yakubets speaks with a police officer. Yakubets drives a customized Lamborghini Huracan supercar with a personalized number plate that translates to the word 'Thief' <https://i.dailymail.co.uk/1s/2020/07/27/06/31231062-8562805-Maksim_Viktorov…> &lt;img id="i-b41c59f481ce0e65" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31231062-8562805-Maksim_Viktorov…" height="570" width="470" alt="Maksim Viktorovich Yakubets, 33, is believed to be the head of Russian hacking group Evil Corp and responsible for the attack on Garmin's systems. The FBI has a $5 million reward for information that leads to his capture" class="blkBorder img-share" /&gt; Maksim Viktorovich Yakubets, 33, is believed to be the head of Russian hacking group Evil Corp and responsible for the attack on Garmin's systems. The FBI has a $5 million reward for information that leads to his capture The malware has been linked to a Russian cybercriminal group known as Evil Corp. In December 2019, the U.S. Treasury Department sanctioned Evil Corp after causing more than $100 million in financial damages in the American banking system. As a result, if Garmin wanted to pay the ransom, it could potentially be found to be breaking United States sanctions. Evil Corp is a Russia-based cybercriminal organization, headed by Maksim Yakubets, which is believed to be responsible for the ransomware attack against Garmin. Yakubets is alleged to have run the operation since May 2009 from the basements of Moscow cafes. He is said to have employed dozens of people to steal money from victims in 43 countries using computer viruses that are designed to target only victims outside Russia. The ‘malware’ is downloaded when a victim clicks on an email attachment and remains hidden on their computer to harvest their personal and financial data such as online banking details – which is subsequently used to drain their accounts. Operating online under the name Aqua, the hacker and his associates are accused of stealing at least $100million. US treasury officials also say Yakubets has provided ‘direct assistance to the Russian government’ by acquiring confidential documents for the FSB security agency. He was also said to be part of a scheme in which Russian intelligence agencies recruit criminals to hack national security targets. Yakubets, a Russian national originally from Ukraine, is still at large, as is his administrator Igor Turashev, 38. In December, 15 people associated with the hacking group were sanctioned by the US treasury. Many are believed to be living in Moscow. If Yakubets leaves Russia, he will be arrested and extradited to America to face charges. Financial sanctions have been imposed on him by the US, but privately, insiders say the chances of him setting foot outside Russia remain small. Yakubets is known to be a flamboyant character and along with his flash cars, one of which is a customized Lamborghini with a number plate that reads THIEF in Russian, he is known to have splashed out on a pet tiger and lion cubs. WHAT IS EVIL CORP? Evil Corp is a Russia-based cybercriminal organization, headed by Maksim Yakubets, which is believed to be responsible for the ransomware attack against Garmin. It has been described by officials as one of the most damaging criminal organizations on the internet. Yakubets is alleged to have run the operation since May 2009 from the basements of Moscow cafes. He is said to have employed dozens of people to steal money from victims in 43 countries using computer viruses that are designed to target only victims outside Russia. The 'malware' is downloaded when a victim clicks on an email attachment and remains hidden on their computer to harvest their personal and financial data such as online banking details – which is subsequently used to drain their accounts. In December, 15 people associated with the hacking group were sanctioned by the US treasury. Many are believed to be living in Moscow. 'Yakubets is a true 21st century criminal,' U.S. Assistant Attorney General Brian Benczkowski said in December last year 'He's earned his place on the FBI's list of the world's most wanted cyber criminals.' He is described as untouchable in the Russian capital, Moscow, where he regularly films himself driving 'doughnuts' around police, with tires screeching, in one of his fleet of supercars - 'cash rich with fast cars' bought from the proceeds of fraud. For a decade the multi-millionaire is said to have run the world's most harmful cyber- <https://www.dailymail.co.uk/news/crime/index.html> crime group. Yakubets, who has also worked for Russia's FSB intelligence agency, is said to live like a king, splurging more than $250,000 on his wedding. He married at a golf club north of Moscow in summer 2017 to glamorous businesswoman Alyona Benderskaya. She is believed to be the owner of a chain of Moscow stores selling Italian luxury clothing called Plein Sport and graduated from the Higher School of Economics in Moscow in 2014. Benderskaya is believed to be Yakubets' second wife. Her father, Yakubets' father-in-law, is a former officer with an elite special-forces unit of the FSB, Eduard Bendersky but it is also believed that some of his spy work for the organization rubbed off on his daughter. Benderskaya is known to be a founder of several companies called Vympel-Aktiv and Vympel-Protekt which are linked to the FSB's Special Purpose Center, known mainly for counterterrorism operations and 'foreign sabotage operations' according to <https://www.rferl.org/a/in-lavish-wedding-photos-clues-to-an-alleged-russia…> RadioFreeEurope. In April 2018, Yakubets was in the process of obtaining a license to work with classified Russian information from the Russian spy agency, the FSB - the Federal Security Service of the Russian Federation. The FSB was the main successor agency to the KGB. Yakubets was also responsible for recruiting and managing a network of individuals to Evil Corps who would then be responsible for facilitating the movement of money illicitly. <https://i.dailymail.co.uk/1s/2020/07/27/06/31233104-8562805-Yakubets_was_ma…> &lt;img id="i-bf1b60296185e10b" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31233104-8562805-Yakubets_was_ma…" height="1039" width="962" alt="Yakubets was married at a golf club north of Moscow in summer 2017 to glamorous businesswoman Alyona Benderskaya who runs a chain of Italian luxury clothing stores" class="blkBorder img-share" /&gt; Yakubets was married at a golf club north of Moscow in summer 2017 to glamorous businesswoman Alyona Benderskaya who runs a chain of Italian luxury clothing stores <https://i.dailymail.co.uk/1s/2020/07/27/06/31231732-8562805-Maksim_Yakubets…> &lt;img id="i-e099f6b20376d950" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31231732-8562805-Maksim_Yakubets…" height="642" width="962" alt="Maksim Yakubets' wedding in 2017 to&nbsp;Alyona Benderskaya whose father-in-law works for FSB" class="blkBorder img-share" /&gt; Maksim Yakubets' wedding in 2017 to Alyona Benderskaya whose father-in-law works for FSB <https://i.dailymail.co.uk/1s/2020/07/27/06/31235218-8562805-President_Eduar…> &lt;img id="i-cacc3a15d9cea59e" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31235218-8562805-President_Eduar…" height="492" width="470" alt="President Eduard Bendersky is seen in pages from the Vympel Charitable Fund For Former FSB Officers" class="blkBorder img-share" /&gt; <https://i.dailymail.co.uk/1s/2020/07/27/06/31235216-8562805-Eduard_Bendersk…> &lt;img id="i-b452c2003f656c28" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31235216-8562805-Eduard_Bendersk…" height="492" width="470" alt="Eduard Bendersky" class="blkBorder img-share" /&gt; Yakubets' father-in-law, is a former officer with an elite special-forces unit of the FSB, Eduard Bendersky but it is also believed that some of his spy work for the organization rubbed off on his daughter and she is now also involved in some of the FSB-related 'charities' that he sits on Over the past five days, Garmin, a company valued at $18 billion, has become Yakubets' latest target. On Sunday night, even the company's website was unable to load properly. The security news website <https://www.bleepingcomputer.com/news/security/garmin-outage-caused-by-conf…> Bleeping Computer described Garmin as being attacked by the WastedLocker ransomware. The ransomware attack works by encrypting the company's data, rendering it inaccessible to employees. Evil Corp have demanded a $10 million ransom for the data to be freed up. Screenshots show lists of the company's files encrypted by the malware, with a ransom note individually attached to each file. The note tells the recipient to contact one of two email addresses to 'get a price for your data'. It is not clear whether any customer data has been compromised, as the tech firm continues to investigate and works to resolve the matter. <https://i.dailymail.co.uk/1s/2020/07/27/06/31229694-8562805-Files_shared_fr…> &lt;img id="i-93c541e63463713a" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31229694-8562805-Files_shared_fr…" height="1604" width="962" alt="Files shared from a Garmin employee show how a ransomeware file had been attached to each one giving the user details of what to do next in order to retrieve their data" class="blkBorder img-share" /&gt; Files shared from a Garmin employee show how a ransomeware file had been attached to each one giving the user details of what to do next in order to retrieve their data <https://i.dailymail.co.uk/1s/2020/07/27/06/31229708-8562805-A_tweet_shows_t…> &lt;img id="i-d2beaebfdb6c2f58" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31229708-8562805-A_tweet_shows_t…" height="876" width="962" alt="A tweet shows the email address that Garmin workers were told to email in order to restore access to their data" class="blkBorder img-share" /&gt; A tweet shows the email address that Garmin workers were told to email in order to restore access to their data <https://i.dailymail.co.uk/1s/2020/07/27/06/31229706-8562805-A_note_from_the…> &lt;img id="i-684add2e0a5d46b6" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31229706-8562805-A_note_from_the…" height="718" width="962" alt="A note from the hackers has been attached to every single data file within Garmin's systems along with details as to how the company will be able to restore access after paying a ransom" class="blkBorder img-share" /&gt; A note from the hackers has been attached to every single data file within Garmin's systems along with details as to how the company will be able to restore access after paying a ransom <https://i.dailymail.co.uk/1s/2020/07/27/06/31228798-8562805-The_company_s_c…> &lt;img id="i-194dcb1b0d95b1c" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31228798-8562805-The_company_s_c…" height="390" width="962" alt="The company's communication systems have also been disabled and it now appears to be unable to respond to frustrated and disgruntled customers" class="blkBorder img-share" /&gt; The company's communication systems have also been disabled and it now appears to be unable to respond to frustrated and disgruntled customers <https://i.dailymail.co.uk/1s/2020/07/27/06/31228204-8562805-The_navigation_…> &lt;img id="i-329efb8b52297e5b" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31228204-8562805-The_navigation_…" height="335" width="962" alt="The navigation company was hit by a ransomware attack on Thursday with customers unable to log their fitness sessions in Garmin apps ever since" class="blkBorder img-share" /&gt; The navigation company was hit by a ransomware attack on Thursday with customers unable to log their fitness sessions in Garmin apps ever since <https://i.dailymail.co.uk/1s/2020/07/27/06/31228140-8562805-An_outage_map_s…> &lt;img id="i-f489cb877aca44fa" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31228140-8562805-An_outage_map_s…" height="1136" width="962" alt="An outage map shows just how big of a problem the company's apps are experiencing" class="blkBorder img-share" /&gt; An outage map shows just how big of a problem the company's apps are experiencing In the past, Evil Corp targeted banks primarily located in the United States and the United Kingdom. They developed Dridex software, which was spread using phishing emails that would entice victims to click on malicious links or attachments embedded within the emails. Evil Corp would then use compromised credentials to fraudulently transfer funds from victims' bank accounts to those of bank accounts controlled by the group. Yakubets and his co-conspirators are alleged to have victimized 21 specific municipalities, banks, companies and nonprofit organizations in California, Illinois, Iowa, Kentucky, Maine, Massachusetts, New Mexico, North Carolina, Ohio, Texas and Washington. Evil Corp is known to be one of the world's most prolific cybercriminal organizations and operates as a business run by a group of individuals based in Moscow, Russia. In June, it was revealed how Evil Corp had breached 31 major American corporations with a new ransomware attack targeting employees working from home. The cybersecurity firm Symantec first announced the breach and attributed it to WastedLocker. <https://i.dailymail.co.uk/1s/2020/07/27/06/31231060-8562805-The_FBI_is_offe…> &lt;img id="i-699e53a9d2dde49b" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31231060-8562805-The_FBI_is_offe…" height="1241" width="962" alt="The FBI is offering a $5 million reward for info that leads to the capture of Maksim Yakubets who is known to work directly with the Russian government in carrying out malicious cyber attacks" class="blkBorder img-share" /&gt; The FBI is offering a $5 million reward for info that leads to the capture of Maksim Yakubets who is known to work directly with the Russian government in carrying out malicious cyber attacks Russian hacking group Evil Corp show off their luxury lifestyle <https://i.dailymail.co.uk/1s/2020/07/27/06/31231568-8562805-Maksim_Yakubets…> &lt;img id="i-aabcca0bd7a2460e" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31231568-8562805-Maksim_Yakubets…" height="542" width="962" alt="Maksim Yakubets is pictured second from left along with other Evil Corp members who allegedly 'provide material assistance' including, from left, Kirill Slobodskoy, Dimitriy Slobodskoy, in red shirt and Artem Yakubets, far right" class="blkBorder img-share" /&gt; Maksim Yakubets is pictured second from left along with other Evil Corp members who allegedly 'provide material assistance' including, from left, Kirill Slobodskoy, Dimitriy Slobodskoy, in red shirt and Artem Yakubets, far right <https://i.dailymail.co.uk/1s/2020/07/27/06/31233664-8562805-Evil_Corp_membe…> &lt;img id="i-c70387221fd71210" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31233664-8562805-Evil_Corp_membe…" height="698" width="962" alt="Evil Corp members Kirill Slobodskoy, Dmitry Smirnov and Denis Gusev pictured in Dubai" class="blkBorder img-share" /&gt; Evil Corp members Kirill Slobodskoy, Dmitry Smirnov and Denis Gusev pictured in Dubai Evil Corp declined to disclose the identities of the other targeted companies, but they include eight Fortune 500 companies and one major news publication. 'These hackers have a decade of experience and they aren't wasting time with small, two-bit outfits,' Symantec's Eric Chien told the <https://www.nytimes.com/2020/06/25/us/politics/russia-ransomware-coronaviru…> New York Times. 'They are going after the biggest American firms, and only American firms.' According to Chien, WastedLocker is part of a major expansion in hacking attempts focused specifically at major American business and government services in recent months. 'Security firms have been accused of crying wolf, but what we have seen in the past few weeks is remarkable,' Chien said. 'Right now this is all about making money, but the infrastructure they are deploying could be used to wipe out a lot of data — and not just at corporations.' According to Symantec, the ransomware is first downloaded on a worker's computer after clicking a malicious software update window. Once installed on the person's computer, the ransomware begins unlocking permissions on the remote corporate network the person is connected to, with the goal of eventually locking the entire company out of its own systems to extract a ransom payment. According to Symantec, the software update window that initiates the entire process could have come from from any one of 150 legitimate websites whose security Evil Corp has breached. WastedLocker is part of a major expansion in hacking attempts focused specifically at major American business and government services in recent months. <https://i.dailymail.co.uk/1s/2020/07/27/06/21880112-8562805-Russian_native_…> &lt;img id="i-32938170ac001890" src="https://i.dailymail.co.uk/1s/2020/07/27/06/21880112-8562805-Russian_native_…" height="534" width="962" alt="Russian native Yakubets owns a customized Lamborghini with a number plate that reads THIEF in Russian (pictured). He provided a 'malware' software which was downloaded by people who clicked on an email attachment which arrived in their inbox and stole their bank details" class="blkBorder img-share" /&gt; Russian native Yakubets owns a customized Lamborghini with a number plate that reads THIEF in Russian (pictured). He provided a 'malware' software which was downloaded by people who clicked on an email attachment which arrived in their inbox and stole their bank details <https://i.dailymail.co.uk/1s/2020/07/27/06/21879598-8562805-A_Lamborghini_H…> &lt;img id="i-d892fb2592b3f1d8" src="https://i.dailymail.co.uk/1s/2020/07/27/06/21879598-8562805-A_Lamborghini_H…" height="652" width="962" alt="A Lamborghini Huracan and Audi R8 which were apparently used by Evil Corp members" class="blkBorder img-share" /&gt; A Lamborghini Huracan and Audi R8 which were apparently used by Evil Corp members <https://i.dailymail.co.uk/1s/2020/07/27/06/31231710-8562805-One_of_Maksim_s…> &lt;img id="i-2d53eda9e869f030" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31231710-8562805-One_of_Maksim_s…" height="1011" width="962" alt="One of Maksim's supercars which has been intricately designed and customized" class="blkBorder img-share" /&gt; One of Maksim's supercars which has been intricately designed and customized Hacker's lavish lifestyle funded by the life savings of his victims Worldwide, cybercrime results in losses that total in the billions of dollars, while in the United States, financial institutions and other businesses remain prime targets for cybercriminals but Evil Corp relies upon a number of core individuals to carry out critical logistical, technical, and financial functions. Essentially the group is run like a legitimate business with someone in charge of managing the malware software with others supervising the operators seeking to target new victims, and laundering the proceeds derived from the group's activities. Some of the other members cited for allegedly 'providing material assistance' in this way, according to the U.S. Treasury, are Dmitriy Smirnov, Artem Yakubets, Ivan Tuchkov, Andrey Plotnitskiy, Dmitriy Slobodskoy and Kirill Slobodskoy. <https://i.dailymail.co.uk/1s/2020/07/27/06/31232054-8562805-Andrey_Plotnits…> &lt;img id="i-eb08490f29b628d8" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31232054-8562805-Andrey_Plotnits…" height="1044" width="962" alt="Andrey Plotnitskiy, who authorities identified as another member of Evil Corp" class="blkBorder img-share" /&gt; Andrey Plotnitskiy, who authorities identified as another member of Evil Corp <https://i.dailymail.co.uk/1s/2020/07/27/06/31232302-8562805-image-a-230_159…> &lt;img id="i-40cbdc356d994053" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31232302-8562805-image-a-230_159…" height="1071" width="962" alt="" class="blkBorder img-share" /&gt; <https://i.dailymail.co.uk/1s/2020/07/27/06/21880944-8562805-Maksim_Yakubets…> &lt;img id="i-d3f408be6e1c13d6" src="https://i.dailymail.co.uk/1s/2020/07/27/06/21880944-8562805-Maksim_Yakubets…" height="734" width="470" alt="Maksim Yakubets, 33, has been named the world's biggest cyber criminal after he allegedly ran the world's most harmful cyber-crime group Evil Corp" class="blkBorder img-share" /&gt; <https://i.dailymail.co.uk/1s/2020/07/27/06/31232304-8562805-Igor_Turashev_w…> &lt;img id="i-17331fed7c512476" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31232304-8562805-Igor_Turashev_w…" height="734" width="470" alt="Igor Turashev was involved in helping Evil Corp exploit victims’ networks. As of 2015, Turashev served as an administrator for Yakubets and had control over the Dridex malware software" class="blkBorder img-share" /&gt; Maksim Yakubets, 32, left, has been named the world's biggest cyber criminal running Evil Corp. Igor Turashev, right, is also allegedly involved in helping Evil Corp exploit victims' networks. As of 2015, Turashev served as an administrator for Yakubets and had control over the Dridex malware software <https://i.dailymail.co.uk/1s/2020/07/27/06/31231704-8562805-Evil_Corp_have_…> &lt;img id="i-fc6d12e7707add0e" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31231704-8562805-Evil_Corp_have_…" height="932" width="962" alt="Evil Corp have long been behind international computer hacking and bank fraud schemes, which allow members of the group to purchase supercars such as this Audi" class="blkBorder img-share" /&gt; Evil Corp have long been behind international computer hacking and bank fraud schemes, which allow members of the group to purchase supercars such as this Audi <https://i.dailymail.co.uk/1s/2020/07/27/06/31228142-8562805-The_Garmin_Conn…> &lt;img id="i-36dbf521238a4aeb" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31228142-8562805-The_Garmin_Conn…" height="619" width="962" alt="The Garmin Connect software can be seen unsuccessfully attempting to contact the company's servers to upload fitness data. The experience has frustrated customers" class="blkBorder img-share" /&gt; The Garmin Connect software can be seen unsuccessfully attempting to contact the company's servers to upload fitness data. The experience has frustrated customers <https://i.dailymail.co.uk/1s/2020/07/27/06/31228716-8562805-One_Twitter_use…> &lt;img id="i-ff9ee8ac7695a11e" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31228716-8562805-One_Twitter_use…" height="622" width="470" alt="One Twitter user posted a image that showed how their Garmin smartwatch was not able to be updated" class="blkBorder img-share" /&gt; One Twitter user posted a image that showed how their Garmin smartwatch was not able to be updated The ransomware attack has led to a shutdown of many of Garmin's systems. Employees working from home connecting by VPN were also cut off from Garmin's systems in an effort to halt the spread of the ransomware across its network. Garmin been largely silent on the outage. On Saturday the company tweeted 'We are currently experiencing an outage that affects Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.' Brent Callow, a threat analyst at the security firm Emsisoft, said he had no firsthand knowledge but that it 'certainly has all the hallmarks of a ransomware incident. 'There is really no other event that would be likely to cause such widespread disruption and cause a company to immediately shut down everything from its online services to its production line,' Callow said. Garmin's online fitness tracking service is offline leaving runners and cyclists unable to upload data from their latest workouts. Garmin Connect, an app and website that works with the company's popular line of fitness watches, remained out of service on Sunday. The company apologized for the disruption at the end of last week when it indicated the problem was more widespread and also affected its communications systems. <https://i.dailymail.co.uk/1s/2020/07/27/06/31228718-8562805-image-a-235_159…> &lt;img id="i-2641f22413107bfc" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31228718-8562805-image-a-235_159…" height="376" width="962" alt="" class="blkBorder img-share" /&gt; <https://i.dailymail.co.uk/1s/2020/07/27/06/31228924-8562805-image-a-236_159…> &lt;img id="i-441f799f86b1c00a" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31228924-8562805-image-a-236_159…" height="470" width="962" alt="" class="blkBorder img-share" /&gt; <https://i.dailymail.co.uk/1s/2020/07/27/06/31228762-8562805-image-a-237_159…> &lt;img id="i-d2189a92f1c315f6" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31228762-8562805-image-a-237_159…" height="475" width="962" alt="" class="blkBorder img-share" /&gt; <https://i.dailymail.co.uk/1s/2020/07/27/06/31230782-8562805-image-a-240_159…> &lt;img id="i-3fa4c2ee4c8945fe" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31230782-8562805-image-a-240_159…" height="376" width="962" alt="" class="blkBorder img-share" /&gt; <https://i.dailymail.co.uk/1s/2020/07/27/06/31228758-8562805-image-a-238_159…> &lt;img id="i-c355ae4922a5dbfa" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31228758-8562805-image-a-238_159…" height="376" width="962" alt="" class="blkBorder img-share" /&gt; <https://i.dailymail.co.uk/1s/2020/07/27/06/31229128-8562805-image-a-239_159…> &lt;img id="i-b2680ba942046bfe" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31229128-8562805-image-a-239_159…" height="522" width="962" alt="" class="blkBorder img-share" /&gt; <https://i.dailymail.co.uk/1s/2020/07/27/06/31228724-8562805-image-a-241_159…> &lt;img id="i-4972ca4cd021c1ba" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31228724-8562805-image-a-241_159…" height="332" width="962" alt="" class="blkBorder img-share" /&gt; <https://i.dailymail.co.uk/1s/2020/07/27/06/31228722-8562805-Some_Garmin_use…> &lt;img id="i-4cab6cb5bc233c31" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31228722-8562805-Some_Garmin_use…" height="479" width="962" alt="Some Garmin users were furious that the company had not explained the reason for its outage in five days while other mocked those who claimed it was disrupting their exercise routines" class="blkBorder img-share" /&gt; Some Garmin users were furious that the company had not explained the reason for its outage in five days while other mocked those who claimed it was disrupting their exercise routines Garmin Aviation, which provides cockpit navigation and communication services, said on its Facebook page its 'flyGarmin' website and mobile app were down. Fitness enthusiasts took to social media to vent their frustrations about not being able to use the service. Runners said that while the outage doesn't stop them from training, not being able to use Garmin Connect means they can't track their workout data or share their routes on Strava, a social network for runners and cyclists. Atlanta tech executive Caroline Dunn, who runs five days a week and finished the New York Marathon in 2018, said the outage means she and her running friends can't send each other kudos - Strava's version of Facebook's likes - to encourage each other. 'We're not doing this for our health, we're doing this so that we can brag to our friends,' Dunn said lightheartedly. 'Now that we're all social distancing, I don't run in a group with my friends and they don't watch me run. I have to brag online to my friends about all of my runs.' The outage is also preventing athletes from proving that they've completed virtual runs that are replacing the many races cancelled because of the pandemic, Dunn said. Runners who use the Garmin system can't be ranked because they can't submit GPS data to organizers. <https://i.dailymail.co.uk/1s/2020/07/27/06/31228212-8562805-A_selection_of_…> &lt;img id="i-e1845c63078c0c81" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31228212-8562805-A_selection_of_…" height="476" width="962" alt="A selection of Garmin's most popular products is shown above in a file photo" class="blkBorder img-share" /&gt; A selection of Garmin's most popular products is shown above in a file photo <https://i.dailymail.co.uk/1s/2020/07/27/06/31228200-8562805-Smartwatch_make…> &lt;img id="i-3e6d4992a921b889" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31228200-8562805-Smartwatch_make…" height="546" width="962" alt="Smartwatch maker Garmin is suffering widespread outages after it was reportedly targeted in a ransomware attack. A notification about the update is seen on the company's website" class="blkBorder img-share" /&gt; Smartwatch maker Garmin is suffering widespread outages after it was reportedly targeted in a ransomware attack. A notification about the update is seen on the company's website Connecticut runner Megan Flood saw the prolonged outage as both a curse and a blessing. 'It's frustrating in part because my Garmin is connected to my Strava (fitness app), and I like the community aspect on Strava,' Flood, 27, said Friday. 'But sometimes not being so connected to my device is nice. I've run some of my best races when I forgot my watch or covered my watch face, so I find there are pros and cons to be so connected to a watch.' Tech-savvy users shared a workaround: plug the watch into a computer with a USB cable and manually transfer the files. Some users also complained that Garmin's lack of communication was a bigger problem. <https://i.dailymail.co.uk/1s/2020/07/27/06/31229962-8562805-image-a-244_159…> &lt;img id="i-df747f697fdc4446" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31229962-8562805-image-a-244_159…" height="654" width="962" alt="" class="blkBorder img-share" /&gt; <https://i.dailymail.co.uk/1s/2020/07/27/06/31229956-8562805-image-a-246_159…> &lt;img id="i-18ef43df9fd07038" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31229956-8562805-image-a-246_159…" height="824" width="962" alt="" class="blkBorder img-share" /&gt; <https://i.dailymail.co.uk/1s/2020/07/27/06/31229958-8562805-Some_Twitter_us…> &lt;img id="i-bd49cb4ee7675682" src="https://i.dailymail.co.uk/1s/2020/07/27/06/31229958-8562805-Some_Twitter_us…" height="754" width="962" alt="Some Twitter users were quick to mock the situation Garmin and its wearers find themselves" class="blkBorder img-share" /&gt; Some Twitter users were quick to mock the situation Garmin and its wearers find themselves Sent from my iPad 2018

1 0

Garmin
by Dejan Ristanovic 25 Jul '20

25 Jul '20

https://www.forbes.com/sites/barrycollins/2020/07/25/will-garmin-pay-10m-ra… Will Garmin Pay $10m Ransom To End Two-Day Outage? <https://www.forbes.com/sites/anthonykarcz/> Anthony Karcz05:33pm EDT Garmin's computer systems are being held to ransom SOPA Images/LightRocket via Getty Images Garmin is reportedly being asked to pay a $10 million ransom to free its systems from a cyberattack that has taken down many of its services for two days. The navigation company was hit by a ransomware attack on Thursday, leaving customers unable to log fitness sessions in Garmin apps and pilots unable to download flight plans for aircraft navigation systems, among other problems. The company’s communication systems have also been taken offline, leaving it unable to respond to disgruntled customers. Garmin employees have told <https://www.bleepingcomputer.com/news/security/garmin-outage-caused-by-conf…> BleepingComputer that the company was struck down by the WastedLocker ransomware. Screenshots sent to BleepingComputer show long lists of the company’s files encrypted by the malware, with a ransom note attached to each file. The ransom note tells the recipient to email one of two email addresses to “get a price for your data”. That price, Garmin’s sources have told BleepingComputer, is $10 million. Crippled Garmin The ransomware attack has crippled many of the company’s systems. Reports claim that Garmin’s IT department shut down all of the company’s computers, including those of employees working from home who were connected by VPN, to halt the spread of the ransomware across its network. Garmin’s Taiwan factories have reportedly closed production lines yesterday and today while the company attempts to unpick the ransomware. The shutdown is having a big effect on Garmin’s customers. <https://downdetector.co.uk/status/connect-garmin/> DownDetector reveals a huge spike today in people having trouble accessing Garmin Connect, the app that logs fitness routines for the company’s devices. More people are likely to be using such devices at the weekend. <https://specials-images.forbesimg.com/imageserve/5f1c03e1e0278b36b49447c2/9…> DownDetector shows how Garmin customers continue to be affected DownDetector The problem is even more serious for Garmin’s aviation device customers. Pilots have told <https://www.zdnet.com/article/garmin-services-and-production-go-down-after-…> ZDNet that they are unable to download a version of Garmin’s aviation database onto their airplane navigation systems, which is an FAA requirement. Garmin has issued very little public comment about the problem. On Thursday, the company issued a tweet saying “we are currently experiencing an outage that affects Garmin Connect,” adding that the outage “also affects our call centers and we are currently unable to receive any calls, emails or online chats”. Garmin has been approached for comment, but as you can appreciate from the statement above, that’s somewhat complicated... The Best Home Printers In 2020, For Every Printing Need <https://www.forbes.com/sites/forbes-personal-shopper/> <https://www.forbes.com/shopping/> Shopping I write about how to do more with your consumer gadgets. Forbes and/or the author may earn a commission on sales made from links on this page. Now more than ever, with work and school shifting to home for the foreseeable future, what's the best home printer to keep you and your family productive? Is it one that’s versatile — able to copy, scan, fax and just generally do more than your average paper-pusher? Or would you prefer a fast home printer, able to complete the job before you’ve pulled your finger off the print button? Maybe the best printer for your needs is one that connect to whatever devices you own. Or maybe it’s all of that. If you're going to spend hundreds on a new printer, it should do be able to perform multiple tasks, do them well, and do them reliably. Below, I’ve outlined the best home printers for every conceivable need, from an overall workhorse to a photo-only printer. One thing to note, the availability of these printers and their associated refills can be a little inconsistent. With everyone trying to outfit their home office, demand has been high these past few months. You may have to keep checking back to get the device you’re looking for at the price you want to pay. * Best Overall Home Printer: <https://www.amazon.com/dp/B07FMX1RXT/ref=dp_cerb_2/ref=as_li_ss_tl?tag=5f18…> Brother MFC-L3710CW * Best All-In-One Printer for Home Use: <https://www.amazon.com/Epson-Wireless-Cartridge-Free-Supertank-Ethernet/dp/…> Epson Ecotank ET-3760 * Best Inkjet Printer for Less Than $200: <https://www.amazon.com/dp/B07214SQW3/ref=dp_cerb_3/ref=as_li_ss_tl?tag=5f18…> Canon Pixma G3200 * Best Hassle-Free Inkjet Printer: <https://www.amazon.com/HP-Wireless-Printer-Mobile-5SE16A/dp/B083ZZ96PT/ref=…> HP Envy 6055 All-in-One Printer * Best Monochrome Laser Printer: <https://www.amazon.com/HP-Neverstop-Printer-Cartridge-Free-Monochrome-Toner…> HP Neverstop Laser Printer 1001NW * Fastest Color Laser Printer: <https://www.amazon.com/dp/B07QK2KDYC/ref=psdc_172648_t4_B07N22V2L5/ref=as_l…> Canon Color imageCLASS MF644Cdw * Best Photo Printer: <https://www.amazon.com/Canon-Wireless-AirPrint-Printing-2234C001/dp/B073YHR…> Canon Selphy CP1300 _____ Best Overall Home Printer Brother MFC-L3710CW <https://www.amazon.com/dp/B07FMX1RXT/ref=dp_cerb_2/ref=as_li_ss_tl?tag=5f18…> Amazon Brother MFC-L3710CW Compact Digital Color All-in-One Printer $445 - $749 The Brother MFC-L3710CW digital color laser printer all-in-one lets you print, copy, scan, and fax. With a top print speed of 19 page-per minute (ppm), you’ll be able to power through long assignments or large workbooks in no time. It’s a reliable performer, able to connect to all your devices wirelessly. Even when set to sleep mode, the Brother consistently activates (which, surprisingly, is something not all printer manufacturers get right) and starts churning out documents, fed by the 250-page paper drawer. Scanning is a simple task as well—the 50-page automatic document feeder will let you make quick work of whatever you need to digitize. The 3.7-inch touchscreen on the device is responsive and easy to use. There are quite a few handy features, including connecting the printer to Google Drive, Dropbox, OneNote and more for direct printing from the web. The Brother MFC-L3710CW comes with four starter toner cartridges which should last for at least 1,000 pages. You can also set up automatic refills through Amazon Dash but make sure your bank account can handle it. A high-yield, 3,000-page black toner cartridge costs $75 while 2,300-page color cartridges cost $96. Ouch. Despite the toner refill cost, a good laser printer like the MFC-L3710CW is worth it. The output is crystal clear and the speed is unparalleled, plus you don’t have to worry about smudging. If you need the highest quality documents you can possibly get at home, and the toner price doesn’t scare you away, this is the best home printer to get. _____ Best All-in-One Printer for Home Use Epson Ecotank ET-3760 <https://www.amazon.com/Epson-Wireless-Cartridge-Free-Supertank-Ethernet/dp/…> Amazon Epson EcoTank ET-3760 Wireless Color All-in-One Cartridge-Free Supertank Printer $449 - $684 Refillable tanks are the most interesting development in printer technology in the past few years. Epson pioneered the cartridgeless system and now, in its latest generation of Supertank printers, the EcoTank ET-3760 seems to have perfected the technology. No longer bolted on to the side like some weird growth, the EcoTank is built directly into the front of the device, making it easier to refill and see how much ink you have left. Not that you'll have to worry about that too much, since the ink that comes in the box should last you for about 2 years (or 7,500 pages, whichever comes first). That's assuming you print about 200 pages a month. Features include wireless printing, voice-activated printing, direct printing from your smartphone, copying, scanning, automatic two-sided printing, and direct SD card printing. I like this model in particular because of the automatic document feeder (ADF) on top. You might think you don’t need it, but the first time you have to scan a multi-page document, you’ll be wishing you had it. The Epson EcoTank ET-3760 is ready to take on just about any home print job you can throw at it. _____ Best Inkjet Printer for Less Than $200 Canon Pixma G3200 <https://www.amazon.com/dp/B07214SQW3/ref=dp_cerb_3/ref=as_li_ss_tl?tag=5f18…> Amazon Canon G3200 All-In-One Wireless Supertank (MegaTank) Printer $446 - $483 Also ditching the expensive and waste-generating cartridge system, Canon's MegaTank lets you refill permanent ink reservoirs in the Pixma G3200 from bottles that cost considerably less than your average cartridge. The tanks have the added bonus of letting you see at a glance if you need to top things off before you start a big print job. This makes the G3200 cost a little more upfront (since the cost isn't defrayed by expensive print cartridges), but it's considerably cheaper to operate over several years. In addition to making worrying about cartridges a thing of the past, the Canon Pixma G3200 solves a lot of the common headaches of printer ownership. It's a multi-function device, able to scan, copy, and print. It also supports wireless printing from Google Cloud Print and Apple AirPrint, enabling you to print directly from your phone or tablet. The MegaTank will last for 6,000 pages—if you don’t have a ton of documents to print or scan each month, the Canon G3200 will last for years right out of the box. _____ Best Hassle-Free Inkjet Printer HP Envy 6055 All-in-One Printer <https://www.amazon.com/HP-Wireless-Printer-Mobile-5SE16A/dp/B083ZZ96PT/ref=…> Amazon HP Envy 6055 All-in-One Printer $169 There’s nothing worse than either sending a bunch of print jobs to your printer and having it fail to connect or get halfway through printing and have your ink cartridges run out. The HP Envy 6055 All-in-One Printer circumvents both common printer issues. It’s “self-healing” dual-band Wi-Fi is able to recover from common connectivity issues and can connect on either a 2.4 or 5 GHz band network (many printers are limited to one or the other). HP’s Instant Ink program sends you cartridges automatically whenever you run low for as little as $2.99 per month, based on the number of pages you print. The Envy 6055 is also a capable photo printer, able to print borderless images. It can also copy and scan, sending documents directly to Google Drive or Dropbox. In all, it’s a hassle-free printer for those who don’t want to think about their printer. _____ Best Monochrome Laser Printer HP Neverstop Laser Printer 1001NW <https://www.amazon.com/HP-Neverstop-Printer-Cartridge-Free-Monochrome-Toner…> Amazon HP Neverstop Laser Printer 1001NW $279 - $295 What if you don't need an all-in-one device? What if you don't even need color? The HP Neverstop Laser Printer 1001NW is a versatile champ of a monochrome laser printer. It has onboard Wi-Fi, letting you connect to it directly. Its 21ppm print speed is considerably better than a comparable inkjet printer. With a footprint that's not much larger than a sheet of 8.5x11 paper, you'll be hard pressed to find a printer that does more in such a small space. The best part? Instead of toner cartridge refills that cost hundreds of dollars, the 1001NW uses a refillable toner tank that gives you 2,500 pages per refill (the device ships with 5,000 pages worth of toner in the tank) and costs under $30 for a 2-pack. _____ Fastest Color Laser Canon Color imageCLASS MF644Cdw <https://www.amazon.com/dp/B07QK2KDYC/ref=psdc_172648_t4_B07N22V2L5/ref=as_l…> Amazon Canon Color imageCLASS MF644Cdw $399 - $599 If you want the fastest printing possible for your home, you need to upgrade to this color laser printer. The large 5-inch touchscreen of the Canon Color imageCLASS MF644Cdw sets this device apart. It prints at a blistering fast 22ppm in full color and yet is somehow cheaper than some inkjet printers. The MF644Cdw also has one pass scanning, duplex printing, and fax capability. You don't even have to hook it up to a network to be able to print. The MF644Cdw can create its own Wi-Fi hotspot and print from mobile devices via AirPrint. Yes, toner cartridges are definitely more expensive than ink, but each one yields around 1,500 pages. That, plus the speed, quiet operation, and long-term reliability of a laser printer, can make the increased premium more than worth it. _____ Best Photo-Only Printer Canon Selphy CP1300 <https://www.amazon.com/Canon-Wireless-AirPrint-Printing-2234C001/dp/B073YHR…> Amazon Canon SELPHY CP1300 Photo Printer $79$100SAVE $21 (21%) The Canon SELPHY (get it?) CP1300 is custom built for one thing and one thing only — to deliver image printouts that are crisp and consistent. With the optional battery pack, it's portable, so you can take it with you to photo shoots. You can print directly from your phone or tablet or plug in a USB stick or your camera's memory card. While the SELPHY can give you instantly dry, archival quality prints via its dye sublimation printing on Canon paper (rated for up to 100 years), you can also switch out the standard 4x6 prints with square photo label paper that lets you print instant stickers. It's a great way to get your prints off your phone or camera and into the real world. Follow me on <https://www.twitter.com/@sunstreaker84> Twitter or <https://www.linkedin.com/in/anthonykarczwriter> LinkedIn. Check out my <http://www.anthonykarcz.com> website. <https://www.forbes.com/sites/anthonykarcz/> I’ve been writing about technology, gadgets, and pop culture back before Apple had even thought of the iPhone. I’ve seen the rise and fall (and rise again) of Apple. I've … Sent from my iPad 2018

2 2

2026

2025

2024

2023

2022

2021

2020

2019

2018

Webteam