Tag Archives: able

Microsoft ARC (@MicrosoftARC) | Twitter

Using a foot-operated mouse, Eye Control for Windows 10 and the text-to-speech function, Otto Knoke is able to communicate with his family, as well as with clients.

Wanted – ITX bundle

I wouldn’t be able to include a PSU as I’ll need it for another system.

I’m pretty sure it’s a Wraith Spire cooler, but I am not sure of the speed of the RAM and I am now starting to wonder if I put in 16Gb rather than 8Gb RAM…

As I said I am away till the 18th and can’t double check till after then. But if it’s 8Gb I’d take £290 plus postage, and for 16Gb £350.

Wanted – Good spec Laptop for £200 tops Essex area

Looking for a Laptop for the family so i can retire my old Win Xp Toshiba.

Would like something thats able to run games like Roblox and Fortnite for my son and run all the obvious Microsoft applications with ease.

Would rather cash on collection in and around the Herts essex area

£200 is my budget

Thanks

Location: Harlow essex

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – Good spec Laptop for £200 tops Essex area

Looking for a Laptop for the family so i can retire my old Win Xp Toshiba.

Would like something thats able to run games like Roblox and Fortnite for my son and run all the obvious Microsoft applications with ease.

Would rather cash on collection in and around the Herts essex area

£200 is my budget

Thanks

Location: Harlow essex

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – DDR4 / DDR3 / DDR2

Hynix 4 GB (2 x 2 GB) DDR3 1333 MHz

HMT125U7TFR8C-H9

£12.50 £10 £8 including Delivery , PayPal only.

Might not be able to post until the weekend.



Crucial 4GB ( 2 x 2GB ) DDR2 – 533 MHz

£10 £8 including Delivery , PayPal only

————
Sold
————

HyperX FURY 8 GB (2 x 4 GB) DDR4 2400 MHz Memory Kit

HX424C15FBK2/8

£50 including Delivery , PayPal only. ( Sold pending TheAdmiralCS )

Price and currency: £50 , £15
Delivery: Delivery cost is included within my country
Payment method: PayPal
Location: London
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: Postage only

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – DDR4 / DDR3 / DDR2

Hynix 4 GB (2 x 2 GB) DDR3 1333 MHz

HMT125U7TFR8C-H9

£12.50 £10 £8 including Delivery , PayPal only.

Might not be able to post until the weekend.



Crucial 4GB ( 2 x 2GB ) DDR2 – 533 MHz

£10 £8 including Delivery , PayPal only

————
Sold
————

HyperX FURY 8 GB (2 x 4 GB) DDR4 2400 MHz Memory Kit

HX424C15FBK2/8

£50 including Delivery , PayPal only. ( Sold pending TheAdmiralCS )

Price and currency: £50 , £15
Delivery: Delivery cost is included within my country
Payment method: PayPal
Location: London
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: Postage only

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – DDR4 / DDR3

Hynix 4 GB (2 x 2 GB) DDR3 1333 MHz

HMT125U7TFR8C-H9

£15 £12.50 including Delivery , PayPal only.

Might not be able to post until the weekend.

————
Sold
————

HyperX FURY 8 GB (2 x 4 GB) DDR4 2400 MHz Memory Kit

HX424C15FBK2/8

£50 including Delivery , PayPal only. ( Sold pending TheAdmiralCS )

Price and currency: £50 , £15
Delivery: Delivery cost is included within my country
Payment method: PayPal
Location: London
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: Postage only

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – DDR4 / DDR3

Hynix 4 GB (2 x 2 GB) DDR3 1333 MHz

HMT125U7TFR8C-H9

£15 £12.50 including Delivery , PayPal only.

Might not be able to post until the weekend.

————
Sold
————

HyperX FURY 8 GB (2 x 4 GB) DDR4 2400 MHz Memory Kit

HX424C15FBK2/8

£50 including Delivery , PayPal only. ( Sold pending TheAdmiralCS )

Price and currency: £50 , £15
Delivery: Delivery cost is included within my country
Payment method: PayPal
Location: London
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: Postage only

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

WhatsApp vulnerabilities let hackers alter messages

Attackers are able to intercept and manipulate messages in the encrypted messaging app WhatsApp.

According to new research from Check Point, there are WhatsApp vulnerabilities that enable attackers to manipulate and modify messages in both public and private conversations. This type of manipulation could make it easy to continue the spread of misinformation.

WhatsApp, which is owned by Facebook, has over 1.5 billion users who send approximately 65 billion messages daily. The Check Point researchers warned of online scams, rumors and the spread of fake news with a user base that large, and WhatsApp has already been used for a number of these types of scams.

The new WhatsApp vulnerabilities that Check Point outlined in its blog post involve social engineering techniques that can be used to deceive users in three ways: by changing the identity of the sender of a message in a group, changing the text of someone else’s reply message, and by sending a private message to a group member to which replies are made public.

“We believe these vulnerabilities to be of the utmost importance and require attention,” the researchers wrote.

The WhatsApp vulnerabilities have to do with the communications between the mobile version of the application and the desktop version. Check Point was able to discover them by decrypting the communications between the mobile and desktop version.

“By decrypting the WhatsApp communication, we were able to see all the parameters that are actually sent between the mobile version of WhatsApp and the Web version. This allowed us to then be able to manipulate them and start looking for security issues,” the researchers wrote in their blog post detailing the WhatsApp vulnerabilities.

In the first attack outlined by Check Point’s Dikla Barda, Roman Zaikin and Oded Vanunu, hackers can change the identity of a sender in a group message, even if they are not part of the group. The researchers were also able to change the text of the message to something completely different.

In the second attack, a hacker can change someone’s reply to a message. In doing this, “it would be possible to incriminate a person, or close a fraudulent deal,” the Check Point team explained.

In the final attack disclosed, “it is possible to send a message in a group chat that only a specific person will see, though if he replies to this message, the entire group will see his reply.” This means that the person who responds could reveal information to the group that he did not intend to.

Check Point said it disclosed these vulnerabilities to WhatsApp before making them public.

In other news

  • Computers at the office of PGA America have reportedly been infected with ransomware. According to a report from Golfweek, employees of the golf organization noticed the infection earlier this week when a ransom note appeared on their screens when they tried to access the affected files. “Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorythm (sic),” the note said, according to Golfweek. The files contained information for the PGA Championship at Bellerive and the Ryder Cup in France, including “extensive” promotional materials. According to the Golfweek report, no specific ransom amount was demanded, though the hacker included a bitcoin wallet number.
  • Microsoft may be adding a new security feature to Windows 10 called “InPrivate Desktop.” According to a report from Bleeping Computer, the feature acts like a “throwaway sandbox for secure, one-time execution of untrusted software” and will only be available on Windows 10 Enterprise. Bleeping Computer became aware of this previously undisclosed feature through a Windows 10 Insider Feedback Hub quest and said that it will enable “administrators to run untrusted executables in a secure sandbox without fear that it can make any changes to the operating system or system’s files.” The Feedback Hub said it is an “in-box, speedy VM that is recycled when you close” the application, according to the report. There are no details yet about when this feature may be rolled out.
  • Comcast Xfinity reportedly exposed personal data of over 26.5 million of its customers. Security researcher Ryan Stevenson discovered two previously unreported vulnerabilities in Comcast Xfinity’s customer portals and through those vulnerabilities, partial home addresses and Social Security numbers of Comcast customers were exposed. The first vulnerability could be exploited by refreshing an in-home authentication page that lets users pay their bills without signing into their accounts. Through this, hackers could have figured out the customer’s IP address and partial home address. The second vulnerability was on a sign-up page for Comcast’s Authorized Dealer and revealed the last four digits of a customer’s SSN. There is no evidence yet that the information was actually stolen, and Comcast patched the vulnerabilities after Stevenson reported them.

Reddit breach sparks debate over SMS 2FA

Reddit admitted its systems were breached after an attacker was able to compromise the short message service two-factor authentication used by employees.

According to Christopher Slowe, CTO and founding engineer at Reddit, the main attack leading to the Reddit breach involved a threat actor intercepting SMS-based 2FA codes.

“On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers. Already having our primary access points for code and infrastructure behind strong authentication requiring two-factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept,” Slowe wrote in a post on the social news site. “We point this out to encourage everyone here to move to token-based 2FA.”

Slowe wrote that the attacker accessed user data, including some current email addresses, as well as “account credentials (username + salted hashed passwords), email addresses, and all content (mostly public, but also private messages)” from 2007. The attacker was apparently limited to read-only access on Reddit systems, and Reddit has since rotated all production secrets and API keys and took steps to harden access management security with “enhanced logging, more encryption and requiring token-based 2FA to gain entry since we suspect weaknesses inherent to SMS-based 2FA to be the root cause of this incident.”

SMS 2FA security

Because the Reddit breach was blamed on the security limitations inherent to SMS-based 2FA, experts have begun to debate whether or not it’s worth using it as an authentication method.

What can be taken from this attack is that, while SMS authentication can be used to boost security, two-factor authentication that involves standalone hardware token generators is needed to mitigate the risk of such attacks.
Leigh-Anne Gallowaycybersecurity resilience lead, Positive Technologies

Even back in 2016, when NIST advised organizations to stop using SMS-based 2FA, experts said the recommendation was overdue because of known techniques to intercept one-time codes sent via SMS either via malware on smartphones, exploiting the SS7 protocol, or by cloning a victim’s SIM card.

Craig Young, computer security researcher for Tripwire’s Vulnerability and Exposures Research Team, noted that “while SMS interception has been a common trick in opportunistic financial fraud, it is far less common to hear about this method being used in this type of targeted attack of a public service.”

“Although any form of multi-factor authentication is a considerable improvement on simple password models, SMS-based verification tokens can be stolen with a variety of well-known techniques, including social engineering, mobile malware, or by directly intercepting and decrypting signals from cell towers,” Young wrote via email. “An attacker within the same cellular coverage area as the victim could even intercept and decrypt SMS out of the air with just a couple hundred dollars’ worth of equipment. The moral of this story is that SMS-based two-factor authentication should not be considered ‘strong’ in the face of a determined attacker.”

However, there was no clear consensus among experts about SMS-based 2FA. Many acknowledged the flaws in the system, but noted it was still better than not using 2FA at all.

Pravin Kothari, CEO of CipherCloud, said it is still far too common for users to not use any 2FA.

“Today, use of two-factor authentication is a best practice still not used by most authenticating systems. Even when two-factor is offered, for example, in Google’s Gmail, over 90% of the Gmail users don’t opt to use it,” Kothari wrote via email. “Given that two-factor authentication is still a best practice the likely move by financial institutions will be to utilize token-based SMS systems, instead of mobile phone-based systems. In any case two-factor authentication, even with a mobile phone, is still much better than not using two-factor.”

Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, said the Reddit breach is an example of businesses placing “unwarranted faith in two-factor authentication.”

“While lots of organizations think 2FA is a silver bullet for authentication, it actually isn’t, thanks to weaknesses in mobile networks which allow SMS [messages] to be intercepted,” Galloway wrote via email. “What can be taken from this attack is that, while SMS authentication can be used to boost security, two-factor authentication that involves standalone hardware token generators is needed to mitigate the risk of such attacks. SMS alone is not enough to constitute adequate defense of customer and employee data.”

Ilia Kolochenko, CEO of High-Tech Bridge, said he would “refrain from blaming 2FA SMS — in many cases it’s still better than nothing.”

“Moreover, when most of business critical applications have serious vulnerabilities varying from injections to [remote code execution], 2FA hardening is definitely not the most important task to take care of,” Kolochenko wrote via email, adding that there may be more to the Reddit breach story. “I would equally be cautiously optimistic about the size of the disclosed data breach and thoroughly ascertain that no other systems or user accounts were compromised. Often large-scale attacks are conducted in parallel by several interconnected cybercrime groups aimed to distract, confuse and scare security teams. While attack vectors of the first group are being mitigated, others are actively exploited, often not without success.”