Tag Archives: Devices

Macafee total protection / 1 year / 5 devices

Macafee total protection / 1 year / 5 devices, brand new sealed.

£10 code via pm or £11 via post.

Price and currency: £11
Delivery: Delivery cost is included within my country
Payment method: BT / PPG
Location: Glasgow
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

This message is automatically inserted in all classifieds…

Macafee total protection / 1 year / 5 devices

A series of new IoT botnets plague connected devices

Internet of things botnets continue to plague connected devices with two new botnets appearing this week.

The first of the IoT botnets causing trouble was discovered by security researchers at Bitdefender and is called Hide ‘N Seek, or HNS. HNS was first noticed on January 10, “faded away” for a few days and then reemerged on January 20 in a slightly different form, according to Bitdefender senior e-threat analyst Bogdan Botezatu. Since then, HNS — which started with only 12 compromised devices — had amassed over 32,000 bots worldwide as of January 26. Most of the affected devices are Korean-manufactured IP cameras.

“The HNS botnet communicates in a complex and decentralized manner and uses multiple anti-tampering techniques to prevent a third party from hijacking/poisoning it,” Botezatu explained in his analysis of HNS, also noting that the bot can perform device exploits similar to those done by the Reaper botnet. “The bot embeds a plurality of commands such as data exfiltration, code execution and interference with a device’s operation.”

Botezatu also explained that HNS works sort of like a worm in that it uses a randomly generated list of IP addresses to get potential targets. The list of targets can be updated in real time as the botnet grows or bots are lost or gained. Luckily, like other IoT botnets, the HNS “cannot achieve persistence” and a device reboot will remove it from the botnet.

“While IoT botnets have been around for years, mainly used for DDoS attacks, the discoveries made during the investigation of the Hide and Seek bot reveal greater levels of complexity and novel capabilities such as information theft — potentially suitable for espionage or extortion,” Botezatu said.

Unlike other recent IoT botnets, HNS is different from the infamous Mirai malware, and is instead similar to the Hajime botnet. Like Hajime, HNS has a “decentralized peer-to-peer architecture.”

The Masuta botnets

Two other new botnets on the scene do show similarities to Mirai, however.

The Masuta and PureMasuta variant were discovered by researchers at the company NewSky Security and appear to be the work of the Satori botnet creators. The Satori botnet targeted Huawei routers earlier this month, and the Masuta botnets now also target home routers.

According to the research from NewSky Security, Masuta shares a similar attack method with Mirai and uses weak, known or default credentials to access the targeted devices. PureMasuta is a bit more sophisticated and exploits a network administration bug uncovered in 2015 in D-Link’s Home Network Administration Protocol, which relies on the Simple Object Access Protocol to manage device configuration.

“Protocol exploits are more desirable for threat actors as they usually have a wider scope,” Ankit Anubhav, principal researcher at NewSky Security, wrote in the analysis of the botnets. “A protocol can be implemented by various vendors/models and a bug in the protocol itself can get carried on to a wider range of devices.”

PureMasuta has been infecting devices since September 2017.

In other news

  • Kaspersky Lab filed a preliminary injunction as part of its appeal against the U.S. Department of Homeland Security’s ban on the use of the company’s products in government agencies. The ban was originally issued in September 2017 in response to concerns that the Moscow-based security company helped the Russian government gather data on the U.S. through its antivirus software and other products. The ban, Binding Operational Directive (BOD) 17-01, was reinforced in December 2017 in the National Defense Authorization Act, despite offers from Kaspersky to have the U.S. government investigate its products and operations. In response to the National Defense Authorization Act, Kaspersky Lab filed a lawsuit against the U.S. government saying that the ban was unconstitutional. As part of the lawsuit, the injunction would, for now, stop the government ban on BOD 17-01.
  • The PCI Security Standards Council (PCI SSC) published new security requirements for mobile point-of-sale systems. The requirements focus on software-based PIN entry on commercial off-the-shelf (COTS) mobile devices. Requirements already exist for hardware-based devices that accept PINs, so these standards expand on them. The so-called PCI Software-Based PIN Entry on COTS (SPoC) Standard introduces a “requirement for a back-end monitoring system for additional external security controls such as attestation (to ensure the security mechanisms are intact and operational), detection (to notify when anomalies are present) and response (controls to alert and take action) to address anomalies,” according to PCI SSC CTO Troy Leach. The standard consists of two documents: the Security Requirements for solution providers, including designers of applications that accept PINS; and the Test Requirements, which “create validation mechanisms for payment security laboratories to evaluate the security” of the PIN processing apps. The SPoC security requirements focus on five core principles, according to Leach:
    • isolation of the PIN from other account data;
    • ensuring the software security and integrity of the PIN entry application on the COTS device;
    • active monitoring of the service, to mitigate against potential threats to the payment environment within the phone or tablet;
    • Required Secure Card Reader for PIN (SCRP) to encrypt and maintain confidentiality of account data; and
    • transactions restricted to EMV contact and contactless.
  • Alphabet, best known for being Google’s parent company, launched a new cybersecurity company — Chronicle. Chronicle is an offshoot of the group X and will be a stand-alone company under Alphabet. Former Symantec COO Stephen Gillett will be the company’s CEO. Chronicle offers two services to enterprises: a security intelligence and analytics platform and VirusTotal, an online malware and virus scanner Google acquired in 2012. “We want to 10x the speed and impact of security teams’ work by making it much easier, faster and more cost-effective for them to capture and analyze security signals that have previously been too difficult and expensive to find,” Gillett said in a blog post announcing the company launch. “We are building our intelligence and analytics platform to solve this problem.” The announcement did not provide many specifics, but the launch could pose a significant threat to cybersecurity vendors that do not have access to the same resources as a company with the same parent as Google.

For Sale – Macafee total protection / 1 year / 5 devices

Macafee total protection / 1 year / 5 devices, brand new sealed.

£10 code via pm or £11 via post.

Price and currency: £11
Delivery: Delivery cost is included within my country
Payment method: BT / PPG
Location: Glasgow
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Digital classrooms aren’t a distraction. Here’s why. |

Many people assume that devices and technology distract students and negatively affect how teachers run their lessons. That’s not the case when implementation is done purposefully, with learning tools that support existing structures in the classroom.

In other words, tech doesn’t replace the teacher, but enhances their capabilities in teaching and administration. One of the more effective solutions seen recently is from a Microsoft Gold Partner, Insync. The company uses Microsoft’s technology to make learning more efficient and students more engaged, in a number of different ways:

Devices and mobility

Insync uses Microsoft’s wide range of Windows devices to support different subjects and learning styles, giving educators more effective ways of delivering lessons. Devices functions such as touch-screen interactivity, digital ink, keyboard compatibility, voice integration and video allow students to sketch notes, type essays, conduct video lessons and do much more.

To help get lessons up and running, Microsoft also makes the management of all devices a straightforward process–via their Enterprise Mobility Suite, which provides secure single sign-on access to school services, applications, and safe social media.  Windows 10 also helps students and staff organise their schoolwork, with easy ways to snap apps in place, optimise their screen space, group items and create virtual desktops.

Additionally, students with special needs benefit most from Insync’s approach to the digital classroom. Learning is more accessible for physically challenged students thanks to speech recognition in Windows 10, while Skype provides real-time transcripts for the hearing impaired.

Learning solutions

Interactions between students for group projects don’t stop after school. They can continue online through Microsoft’s Office 365, which includes a range of cloud-based productivity tools that let students and staff members update essays, documents and spreadsheets at home, school or on the go.

And to help students excel in their projects or revision, schools can also register multiple third-party cloud applications on their Azure Active Directory, which provides single sign-on access to a portfolio of relevant resources online.

School administration

One of the biggest costs for schools comes from administration. Schools are always looking for ways to simplify registration, declutter paperwork, and improve course management. Staff simply don’t have the time or headspace to deal with these things and focus on their students’ wellbeing.

With Microsoft Azure, schools can opt into pay-as-you-go access to infrastructure and platform services. That saves them money by letting them scale up resources during busy times, such as enrolment and assessment periods, and scaling down during periods of low demand.

Furthermore, personal devices can also connect to mobile device management services, giving administration teams smarter reporting and more proactive security.

Security and Infrastructure

And of course, Microsoft’s integrated security options also provide schools with an impressive level of digital security and utility, negating the need to purchase more expensive solutions. Through Microsoft’s Enterprise Mobility Suite (EMS), students and staff can access IT services with self-service password reset, application and device installations, and group management.

EMS also manages access to devices (including those consistently outside firewalls) and multifactor authentication capabilities. An integrated environment extends device management to small or remote schools and campuses.

Microsoft CityNext education solutions can even help schools operate more sustainably by using Internet of Things sensors to control lighting, heating and cooling and smartcards for secure access.

Education analytics and research

Before this, schools had next to no way to track areas of improvement for individual students, forcing teachers to rely on direct feedback or their own instincts on how effective their lessons were proving. With data analytics, however, teachers can track and evaluate different criteria across each of their students’ scores and results, helping them better identify and address any learning difficulties that may crop up.

On a school-wide level, Microsoft Power BI gives schools a 360-degree view of performance and operations, while easy-to-use reporting tools simplify access to visual data and improve report-sharing capabilities with stakeholders.

Solutions like Insync’s help schools to conduct lessons, manage administration and provide accountability like never before. To learn how your school can benefit from Microsoft-based education solutions, check out the resources listed below:

Download the whitepaper: 6 features of a Modern Australian School >

Download the value summary: Education in the Cloud >

Or get in touch with the education experts at Insync on 1300 652 207 or email info@insynctechnology.com.au.

Our mission at Microsoft is to equip and empower educators to shape and assure the success of every student. Any teacher can join our community and effort with free Office 365 Education, find affordable Windows devices and connect with others on the Educator Community for free training and classroom resources. Follow us on Facebook and Twitter for our latest updates.

DUHK attack puts random number generators at risk

Researchers have discovered a vulnerability that affects some legacy security devices, including Fortinet’s FortiGate devices.

The vulnerability has been dubbed DUHK, which stands for Don’t Use Hard-coded Keys, and affects devices that use the ANSI X9.31 Random Number Generator (RNG) and a hardcoded seed key. Researchers Nadia Heninger and Shaanan Cohney from the University of Pennsylvania, along with cryptographer Matthew Green at Johns Hopkins University, studied the Federal Information Processing Standards (FIPS) certified products that use the ANSI X9.31 RNG algorithm and found 12 that are vulnerable to DUHK.

“DUHK allows attackers to recover secret encryption keys from vulnerable implementations and decrypt and read communications passing over VPN connections or encrypted web sessions,” the researchers explained in a blog post. “The encrypted data could include sensitive business data, login credentials, credit card data and other confidential content.”

Heninger, Cohney and Green were only able to gain access to the firmware of one product — a Fortinet firewall — so their detailed research paper mostly focuses on the affected Fortinet devices, specifically the FortiGate VPN gateways.

“Traffic from any VPN using FortiOS 4.3.0 to FortiOS 4.3.18 can be decrypted by a passive network adversary who can observe the encrypted handshake traffic,” they explained. “Other key recovery attacks on different protocols may also be possible.”

The full list of affected vendors is in the research paper and includes Fortinet, Becrypt, Cisco, DeltaCrypt Technologies, MRV Communications, NeoScale Systems, Neopost Technologies, Renesas Technology America, TechGuard Security, Tendyron Corp., ViaSat and Vocera Communications.

The ANSI X9.31 RNG algorithm lost its FIPS certification in January 2016, so the researchers noted that many vendors have since published software updates to remove it.

Devices have to meet four requirements in order to be vulnerable to DUHK, according to Heninger, Cohney and Green:

  • A device must use the X9.31 RNG.
  • A seed key is hardcoded into the implementation.
  • The output from the RNG is used to generate crypto keys.
  • “At least some of the random numbers before or after those used to make the keys are transmitted unencrypted. This is typically the case for SSL/TLS and IPsec.”

The researchers recommended anyone who develops cryptographic software should stop using the X9.31 RNG and not use a hardcoded key.

The research team also warned that this vulnerability is the key to an easy and practical attack, though there’s no evidence it’s being actively exploited by attackers.

“Our attack against [the] FortiGate device can be carried out on a modern computer in about four minutes,” they noted.

In other news:

  • FBI Director Christopher Wray spoke earlier this week about the FBI’s continuous battle with mobile device encryption. Speaking at the International Association of Chiefs of Police conference in Philadelphia, Wray said the FBI was unable to access more than 6,900 mobile devices so far this year. “To put it mildly, this is a huge, huge problem,” Wray said. “It impacts investigations across the board — narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime [and] child exploitation.” The FBI has warred with vendors and the security community in recent years over encryption in mobile devices, arguing that law enforcement needs backdoors through encryption to access devices during investigations. Vendors such as Apple and security experts argue that a backdoor cannot exist for law enforcement without it being accessible by malicious actors, as well, and thus putting user privacy at risk. Wray’s comment follows the U.S. Department of Justice’s call for “responsible encryption.”
  • A group of senators and congressmen have introduced a bipartisan bill that would create a new legal framework that would allow law enforcement to access U.S. electronic communications stored on servers located in other countries. The group includes Rep. Doug Collins (R-Ga.), Rep. Hakeem Jeffries (D-N.Y.), Sen. Orrin Hatch (R-Utah), Sen. Chris Coons (D-Del.), and Sen. Dean Heller (R-Nev.). They are calling on Congress to pass the bill, called the International Communications Privacy Act, and are supported by organizations such as Americans for Tax Reform and the R Street Institute, which penned a letter to the Congress pushing for the bill. With this new bill, the group of senators and representatives aims to update the Electronic Communications Privacy Act of 1986, which they argued is outdated. The International Communications Privacy Act would require law enforcement to obtain a warrant for all electronic data on U.S. citizens and allow law enforcement to access data on foreign nationals.
  • Serious security flaws have been discovered in the way the Presidential Advisory Commission on Election Integrity, which is investigating voter fraud, handles the personal data of millions of voters. Illinois-based advocacy group Indivisible Chicago requested public records from Illinois and Florida on the Interstate Voter Registration Crosscheck Program. Crosscheck aims to identify people who are registered and voting in more than one state. Indivisible Chicago received emails and other documents from election officials, which showed several security issues with Crosscheck, including the freely available usernames and passwords. “The primary problem here is not that we have these passwords, but that every official and IT department involved in this process sends usernames, login passwords, and decryption passwords in clear text in email — sometimes with up to eighty recipients,” Indivisible Chicago wrote. “Anyone could have these passwords and could have had them at a time they could have been used while the ISBE would have been none the wiser.”

Wanted – GPD Win

Hi All, fancy having a tinker with one of these small devices, before I buy new, just wondering if anyone has one laying around that they’re not using?

Money is waiting.




This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Azure IoT Hub Device Provisioning Service is now in public preview – Internet of Things

Setting up and managing Internet of Things (IoT) devices can be a challenge of the first order for many businesses. That’s because provisioning entails a lot of manual work, technical know-how, and staff resources. And certain security requirements, such as registering devices with the IoT hub, can further complicate provisioning.

During the initial implementation, for instance, businesses have to create unique device identities that are registered to the IoT hub and install individual device connection credentials, which enable revocation of access in event of compromise. IT staff also may want to maintain an enrollment list that controls what devices are allowed to automatically provision.

Wouldn’t it be great if there was a secure, automated way to remotely deploy and configure devices during registration to the IoT hub—and throughout their lifecycles? With Microsoft’s IoT Hub Device Provisioning Service (DPS), now in public preview, you can.

In a post on the Azure blog, [Title], Sam George explains how the IoT Hub Device Provisioning Service can provide zero-touch provisioning that eliminates configuration and provisioning hassles when onboarding IoT devices that connect to Azure services. This allows businesses to quickly and accurately provision millions of devices in a secure and scalable manner. In fact, IoT Hub Device Provisioning Service simplifies the entire device lifecycle management through features that enable secure device management and device reprovisioning. Next year, we plan to add support for ownership transfer and end-of-life management.

DPS is now available in the Eastern U.S., Western Europe, and Southeast Asia. To learn more about how Azure IoT Hub Device Provisioning Service can take the pain out of deploying and managing an IoT solution in a secure, reliable way, read our blog post announcing the public preview. And for technical details, check out Microsoft’s DPS documentation center.

Tags: Announcement, Azure IoT Hub, Device Provisioning Service

Celebrating women in tech, new Windows 10 devices and Microsoft’s giving effort — Weekend Reading, Oct. 16 edition

From the world’s largest gathering of women in tech to a huge Microsoft effort to help countless people in need, there was no shortage of inspiring news this week. We’ve rounded up some of the highlights in this latest edition of Weekend Reading.

More than 800 Microsoft employees headed to the annual Grace Hopper Celebration of Women in Computing, which began Wednesday in Houston. Marie Margishvili and Moriah Baxevane-Connell were excited to return after landing their jobs at Microsoft through previous Grace Hopper conferences; software engineers Joan Chao and Lauren Bissett, who work on Microsoft HoloLens, were looking forward to attending for their first time.

Margishvili went for the first time in 2014 and says it was “just amazing to see so many confident and talented women who were so full of initiative and willing to go out of their way to find new opportunities … The conference is very empowering. It sounds very cliché, but I realized there that I could do anything I wanted.”

WR_Grace Hopper

It’s been just over a week since Microsoft unveiled a new era of Windows 10 devices, including Surface Book, Surface Pro 4, new Lumia phones and more. This past week brought announcements about even more great options. On Sunday, Acer showcased a range of new Windows 10 devices in Taipei. On Monday, we got our first look at Toshiba’s dynaPad tablet as it was unveiled in Japan. On Tuesday, LG Electronics unveiled some innovative Windows 10 devices in Seoul.

Learn more about the wide variety of new Windows 10 devices on Windows blogs.WR_LG

A British startup has turned a relic of a difficult time into new hope for sustainable farming, an experiment its founders hope can be replicated in places around the world where food is desperately needed. Growing Underground is using abandoned World War II air raid tunnel in London as a subterranean farm.

“It’s incredible to take a place that was built for a time of destruction, and turn it into a place of creation,” said co-founder Richard Ballard. The startup’s story offered an inspiring possibility just in time for World Food Day.

WR_Growing Underground

A team of seven Microsoft employees are leading a company-wide effort to raise money for thousands of nonprofits — and they’ve found plenty of inspiration along the way. These “loaned professionals” served dinner to more than 150 hospitalized kids and their families, sorted medical supplies to be shipped overseas, spent time at a youth shelter and visited many other nonprofits that are helping people who need it.

“These ‘loaned professionals’ from across the company bring a special set of expertise and skills that helps us enhance and scale Microsoft’s Employee Giving Campaign,” says Lori Forte Harnick, Microsoft’s general manager of Citizenship and Public Affairs. “Our goal is to encourage employees to get involved and actively support the causes they care about, and there’s no better way to do that than by gathering insights and spreading the word through their friends and colleagues.”

Microsoft’s “loaned professionals” work to sort medical supplies that will be shipped to overseas hospitals and clinics that need them. (Photo by Scott Eklund/Red Box Pictures)

Microsoft’s “loaned professionals” work to sort medical supplies that will be shipped to overseas hospitals and clinics that need them. (Photo by Scott Eklund/Red Box Pictures)

Whether you love math or hate it, being good at it can definitely help you go places. Just ask Zuzana Kukelova, once the math whiz of her grade school, who’s just received the 2015 Cor Baayen Award. The honor is given to a promising young researcher in computer science and applied mathematics.

Kukelova is a post-doc researcher specializing in computer vision at Microsoft’s research lab in Cambridge, U.K. The Cor Baayen announcement specifically cited her ability to bridge the gap “between highly abstract mathematical results, such as algebraic geometry, and engineering applications.”

WR_ kukelova

Among the cool ideas that flow regularly from the Microsoft Garage comes Twist, a fun app that lets you and your friends engage in conversations with photos. It’s named for the unexpected juxtapositions that can happen when you use a split screen for these ongoing chats. You start a photo conversation with an image that fills half the screen and wait in anticipation to see how your friends will complete the other half. It becomes a storytelling device that keeps the conversation going instead of just capturing fleeting moments.

If you’re looking for the latest and greatest in apps, we’ve got plenty to choose from. Music lovers may appreciate knowing they can hear all their favorite streaming music and live digital radio stations through iHeartRadio, now available within the Groove music app on Windows 10. Good news for racing fans, too : The official NASCAR app is now available for Windows 10.

Another app you might find useful shows you who’s at your door — even when you’re not home. The Ring Video Doorbell app is available in the Windows Store.

We’ve also rounded up some gaming fun, including the retro brick-breaking adventure of “Briquid Mini,” the Vegas-style action of “Slots Pro,” a throwback version of a popular game in “Doodle God: 8-bit Mania” and the mind-bending challenge of five different puzzle games in “Pic Star.”


This week on the Microsoft Instagram account, we met Christian Fazio along what’s known as The Loneliest Road in America in northern Nevada. He helped carry the American flag as part of Team Red, White and Blue’s Old Glory Relay in support of U.S. veterans. Follow along as the flag makes its way from San Francisco to Washington D.C.


And that wraps up our look back at the week’s highlights from around Microsoft and beyond. See you here next week for our next edition of Weekend Reading.

Posted by Tracy Ith
Microsoft News Center Staff

Inclusive design isn’t just polite – it’s also good business, says devices exec Christina Chen

Sometimes, serving others can be a wonderfully self-serving experience. Take Christina Chen, a fast-rising star at Microsoft who was recently named by Business Insider as one of the “most powerful women engineers in the world.” She began her “education” young, working in her parents’ restaurant, where she first formed the customer-centric mindset that has taken her from appetizers to app development.

“I started out cleaning tables,” she said recently, discussing those quite-literal salad days. “My parents always told me that everyone was the same, and to treat everyone with the same respect.

“When you’re working with the public like that from a young age, you see a huge cross-section of humanity,” Chen added. “I’ve always thought that people’s strengths and their circumstances sometimes match and sometimes don’t. I think there are a lot of people out there who haven’t been given a chance.”

Christina Chen calls the neighborhood library her "happy place."

Christina Chen calls the neighborhood library her “happy place.”

But as any good small business owner will tell you, being inclusive isn’t just an altruistic idea – it also makes good business sense.

“From an engineer’s perspective, focusing on customers is about efficiency – spend your finite time on the things that people actually use,” she reasoned. “From a business perspective, people now have an abundant choice of experiences and they will choose the experiences that best serve their needs.”

Wielding that customer-focused mindset to make technology more inclusive, Chen has blazed a unique career path. Today you can find her serving as general manager for Microsoft’s Emerging Devices Experiences team, building apps for new devices. She recently shipped four high-profile apps for wearables that some might call emblematic of a new, cross-platform era at Microsoft. And on top of that, she is responsible for fostering innovation within her larger organization through incubation, open sharing and code reuse. It all would be enough to stress out most people, which might explain why Chen asked to meet us in her “happy place.”

“I love libraries; it’s a manifestation of all the world’s knowledge,” explained Chen, a picture of serenity as she described her affection towards the building she frequents daily. “The Bellevue Library, specifically, is meaningful because it’s part of the story of how I ended up back at Microsoft.”

Read the full story.