Backdoor Found In Toyota Supplier Management Network

andreasc
-
0
Backdoor Found In Toyota Supplier Management Network
[ad_1]

A security researcher discovered a serious security vulnerability that risked Toyota’s suppliers’ and users’ data. Specifically, he noticed a backdoor in the Toyota supplier management network exposing sensitive details. Following his report, Toyota promptly addressed the issue, preventing any malicious exploit.

Toyota Supplier Management Network Backdoor Exposed Sensitive Data

The researcher Eaton Zveare has recently shared details about a backdoor in the supplier management network that risked the security of Toyota suppliers.

As explained in his post, the backdoor existed in Toyota’s Global Supplier Preparation Information Management System (GSPIMS), exploiting which could allow an attacker to access sensitive details of the firm’s suppliers and other users.

Briefly, while scanning the Toyota website’s subdomains, he noticed that he could sign in to the GSPIMS app as any supplier or corporate user via the email address.

With some effort, such as patching the Angular route guards CanActivate and CanActivateChild to return true and removing the logout code on the web page’s source code, Zveare accessed the app using a system admin’s email address.

Scanning the code further made him realize the glitch. The app generated a JSON Web Token (JWT) based on the provided email only, without requiring a password. Since he had logged in with a system admin email, he eventually got (what he called) ‘total, global control’ over the system.

With such explicit access, he could view the details of over 14,000 users, details of all of Toyota’s inactive, active, and global projects (with codenames), project schedules, confidential documents, and details about 3000 Toyota’s suppliers.

In his post, the researcher shared the technical details of this vulnerability, along with screenshots.

Toyota Addressed The Unwarranted Data Exposure

While examining the supplier management network, the researcher ensured not to modify any information that could trouble Toyota.

After confirming the backdoor, he reported the matter to the firm, and the firm promptly fixed the glitch. Explaining the patch, the researcher stated,

Toyota/SHI fixed the issue by making the createJWT and findByEmail endpoints return HTTP status 400 – Bad Request in all cases.

Besides confirming the fix, the researcher appreciated Toyota’s prompt action to address the flaw.

Let us know your thoughts in the comments.


[ad_2]
Source link

Amazon Still Selling T95 TV Box with Pre-Installed Malware

andreasc
-
0
Amazon Still Selling T95 TV Box with Pre-Installed Malware
[ad_1]

A few weeks back, Hackread.com reported about a malware-infected Android TV box available on Amazon: the T95 TV box. The box contained pre-installed malware, which was discovered by a Canadian developer and security systems consultant, Daniel Milisic. 

Now the same TV box is in the news again, and the person who has identified security threats is Malwarebytes mobile malware researcher Nathan Collier. He purchased this device from Amazon to further probe and instantly realized something was off about this TV box. Collier discovered that regardless of whether the toggle switch was on or off, the box was rooted.

What is Rooting?

For your information, in an Android device, rooting refers to acquiring the highest level of access, aka root. It allows the user to modify system-level directories and files, which otherwise is not possible.

Developers require this heightened access to test the device in the pre-production phase. However, it must be noted that Android devices aren’t rooted during production. If the command adb (Android Debug Bridge) root is run on an under-production Android device, it will display the error “adb cannot run.”

Conversely, on a rooted device, the message appears as “restarting as root” or “adb is already running as root.”

Tools Used in the Research

Collier performed his research on the Android TV box using a few tools, including Android Debug Bridge from the Android Studio, Telerik Fiddler Classic internet traffic monitor with exceptional HTTPS capturing capabilities, NoRoot Firewall app that allows or denies network traffic as per an app’s requirement, and LogCat command line tool.

Performing the Research on TV95 TV Box

Collier hypothesized that DGBLuancher was responsible for APK loading and running Corejava classes.dex. To prove this hypothesis, Collier uninstalled DGBLuancher and kept Corejava classes.dex. The malicious traffic stopped immediately without DGBLuancher, Ergo, Corejava classes.dex cannot run.

Collier then reinstalled DGBLuancher, and this time he removed Corejava classes.dex, too, but again the malicious traffic stopped, and no new traffic was produced. This means the traffic required Corejava classes.dex to be produced. Hence, Collier concluded that the DGBLuancher was the APK loading Corejava classes.dex.

Later, Collier deleted Corejava classes.dex from the /data/system/Corejava, but it reappeared immediately after a reboot and when DGBLuancher was uninstalled Corejava classes.dex stopped reappearing. This strengthened the hypothesis that DGBLuancher was the culprit as it created Corejava classes.dex.

Now he had to find out why Corejva classes.dex reappeared. Collier learned that system_server ran more commands in the background than just create /data/system/Corejava. DGBLuancher used system_server to create Corejava classes.dex, so it wasn’t the culprit but conduit. Collier couldn’t determine why Corejava classes.dex reappeared.

A T95 Android TV box sold on Amazon

How to Fix the Issue?

In a blog post, Collier recommends a factory reset before proceeding to fix the issue. A factory reset will remove the malware that might have been downloaded during this time. Afterwards, avoid connecting the box to a network until you install adb onto a Linux, Windows, or Mac environment and put the box into Developer Mode.

Turn on USB0 device mode to install adb. Connect your PC to the box, open a terminal such as Command Prompt on PC, and type: adb devices, which will display an ID number and a list of devices attached. Now you can remove the DGBLuancher. Check out Nathan Collier’s blog on Malwarebytes for a detailed remediation process.

More Pre-Installed Malware News

  1. Malware targeting IoT devices and Android TV globally
  2. Monero Mining Malware Infecting Android Smart TVs & phones
  3. Hacked Android phones mimicked TV products for fake ad views
  4. Amazon Fire TV, Fire TV Stick hit by crypto mining Android malware

[ad_2]
Source link

Apple to Reportedly Limit Periscope Camera to iPhone 16 Pro Max

andreasc
-
0
Apple to Reportedly Limit Periscope Camera to iPhone 16 Pro Max
[ad_1]

Periscope Camera

A recent report suggests that only the 2024 iPhone 16 Pro Max model will get a higher-end periscope camera with new zoom capabilities. 

A previous rumor suggested Apple would limit its new periscope camera lens to only the iPhone 15 Pro Max models. That means the regular iPhone 15 Pro, iPhone 15, and iPhone 15 Plus would retain their traditional telephoto lens. 

The rumor wasn’t surprising since Apple has traditionally introduced new camera features on its most prominent flagship iPhone. For example, the iPhone 12 Pro Max had a sensor-shift optical image stabilization, a feature Apple eventually extended to the iPhone 13 Pro. 

However, that tradition could change soon. 

According to Apple analyst Ming-Chi Kuo, Apple might not extend the periscope camera lens to other iPhone 16 lineups besides its largest flagship device. In other words, the improved telephoto lens will remain limited to the iPhone 16 Pro Max models. 

“Only one/the highest-end model of the new 2H24 iPhone 16 series may have a periscope camera, not the two models of market expectation,” says Kuo. “It’s detrimental to Largan and Genius since the demand for lens upgrades will fall below expectations.”

Here’s why that’s a big deal. 

What a Periscope Camera Lens on the iPhone Means

You’ve heard the word “periscope” several times but may not know how it works. 

In its simplest form, a periscope consists of an outer case with two lenses — mirror or prism — at each end set at a 45 degrees angle. That way, when you look into one end, you’ll see the image reflected from the other. 

Well, a periscope lens follows the same principle. 

However, it uses a single mirror that bends the light to 90 degrees. It allows the lens length to be much longer since the phone’s depth is no longer a factor, resulting in an improved zooming capability. 

That means the iPhone 15 Pro Max could feature up to 6x optical zoom — significantly improving the 3x optical zoom in current models. 

It’s worth noting that competitors such as Samsung and Huawei already use the periscope camera lens. As a result, limiting the technology to a pricier flagship device could frustrate Apple users that prefer the latest technology. 


[ad_2]
Source link

Win a Samsung Galaxy S23 Ultra with Android Headlines!

andreasc
-
0
Win a Samsung Galaxy S23 Ultra with Android Headlines!
[ad_1]

Welcome to our giveaway of the Samsung Galaxy S23 Ultra! The latest and greatest from Samsung, and now you have a chance at winning one for yourself.

The Samsung Galaxy S23 Ultra was announced back on February 1, 2023. It’s the first big flagship smartphone that was announced in 2023, and it’s in the running to be smartphone of the year. Like last year with the Galaxy S22 Ultra, this is basically a merger of the Galaxy S line and the Galaxy Note line. It’s a $1,199 smartphone, that you can win, for free here with AndroidHeadlines.

Galaxy S23 Ultra Product Image Green Front HI Large

About the Samsung Galaxy S23 Ultra

The Samsung Galaxy S23 Ultra is a beast of a smartphone. It sports a 6.8-inch QHD+ AMOLED 120Hz display, powered by the Snapdragon 8 Gen 2 for Galaxy processor inside, with 8GB of RAM and 256GB of storage. It also has a massive 5,000mAh capacity battery inside, which should last you all-day and then some.

On the camera front, Samsung has included a 200-megapixel sensor. That is the first in any smartphone. This sensor isn’t going to take 200-megapixel images though, Samsung will pixel-bin them down to 12.5-megapixels. So the actual files will be about the same size as any other phone. But that means that you’re getting more details. As every 16 megapixels is binned down to a single megapixel. It also sports a 12-megapixel ultrawide sensor, and two 10-megapixel telephoto sensors. One is does 3X optical zoom, while the other does 10X.

It’s a pretty strong phone, with Gorilla Glass Victus 2 to protect the glass, and Armor Aluminum for the frame. Meaning that if you drop it, it may not actually shatter. And that’s always a good thing.

The Galaxy S23 Ultra also runs on Android 13, with One UI 5.1, and it will get updates for the next three years. That’s pretty impressive, and it means that you will get updated to Android 16. So definitely a good choice for a new smartphone.

How To enter

To be entered for a chance to win the Samsung Galaxy S23 Ultra, all you need to do is take part in the giveaway widget below. To get started, simply enter the contest with your email address.

Once you have entered, you’ll have the opportunity to gain additional entries by completing various actions, including visiting Android Headlines social media channels.

You are entitled to complete as many actions as you like, each action offers a unique number of entries and each entry has the potential to be the winning one.

This Pixel 6a giveaway is a USA-ONLY contest and will close promptly at 2:59 pm PST on Tuesday, May 2, 2023.

Enter now for a chance to win a Samsung Galaxy S23 Ultra, courtesy of Android Headlines.

  • This is a USA-only Giveaway.
  • Entrants need to be of a suitable age to enter.
  • Shipping issues are not controlled by Android Headlines or our partners. You should be aware that things can go wrong. Android Headlines or our partners are not responsible for items lost in transit.
  • It only takes one email entry to win, so only enter using one email address. Entering with more than one email will not improve your chances of winning and may result in disqualification. Email addresses are checked and confirmed.
  • Winner(s) will be emailed and if no response is given within 48 hours, another entrant(s) will be selected.
  • Anyone deemed to be ‘spamming’ the contest will be disqualified.
  • Android Headlines reserves the right to make changes to this contest/giveaway.

[ad_2]
Source link

What is Google Bard? Everything you need to know

andreasc
-
0
What is Google Bard? Everything you need to know
[ad_1]

For years, Google has been spending a ton of money on AI or Artificial Intelligence. It’s built into your smartphone, even if you don’t use an Android phone. So when OpenAI launched ChatGPT, and it showed just how good it was, it was clear that Google was behind. So it launched Bard. It’s own AI chatbot, that should be really good. After all, it has the power of Google Search behind it. Though it’s first demo didn’t go as planned.

So here’s everything you need to know about Google Bard.

What is Google Bard?

Bard is a new Google experimental AI product. It’s basically an AI chat bot that the company has been developing, and it’s meant to be a competitor to OpenAI’s ChatGPT. Though, the big leg up that it has over ChatGPT is that it has the power of Google Search behind it. Google’s search engine is the biggest in the world, and has a ton of information, that Bard will already have. Instead of being two years out of date like ChatGPT is. ChatGPT was trained on data up until 2021.

When was Bard announced?

Bard was officially announced on February 6. Google released a statement from its CEO, Sundar Pichai talking about Bard. Which was an entirely new concept at the announcement. This AI chat service is being powered by Google’s LaMDA (Language Model for Dialogue Applications), which the company unveiled a few years ago. And it also shows off quite often at Google I/O.

Why did Google decide to announce Bard now?

It’s probably pretty obvious why Google decided to announce Bard now. In what appears to be a bit early for Google. And that’s because ChatGPT has been a viral hit since it was released last year. It’s so popular in fact, that most of the time, you can’t even access ChatGPT due to there being to many people using it. UBS claims that ChatGPT is the fastest-growing app of all time. Which forced Google’s hand a bit here, as they are the ones known for doing things like ChatGPT.

Besides Search, artificial intelligence is Google’s other big money-making area. So Google knew that it needed to go ahead and get Bard out there. But it didn’t really work out as they had planned.

This all happened in the same week that Microsoft announced the “New Bing” which has ChatGPT integrated into the search engine.

What happened to Bard?

Google was set to announce Bard during a livestream in Paris on February 8, alongside a number of other improvements to its products. However, during the demo in Paris, Bard delivered inaccurate information about the James Webb Space Telescope.

Google, during the demo, asked Bard “What new discoveries from the James Webb Space Telescope can I tell my 9 year old about?” It came back with a number of things that the JWST has done, and the last bit said “JWST took the very first pictures of a planet outside of our own solar system”. Which is incorrect, as the first exoplanet was taken in 2004 by the European Southern Observatory’s VLT (Very Large Telescope). So obviously, it was incorrect, which was a big deal for Google. Seeing as they are the number one search engine in the world.

This resulted in Google privating the YouTube livestream of the announcement, while it was happening. Which caught a lot of people off-guard. A Google spokesperson later stated that “this highlights the importance of a rigorous testing process, something that we’re kicking off this week with our Trusted Tester program.”

That was definitely not how Google wanted to introduce Bard to the world. But it also shows that this kind of AI is pretty tough, and still has a long way to go.

How does Bard work?

As mentioned already, Bard is powered by LaMDA, which was built on Transformer, Google’s neural network architecture that it had invented in 2017. Google also notes that GPT-3, which is the language model that ChatGPT functions on, was also built on Transformer.

Initially, Bard will use a lightweight model version of LaMDA because it would require less computing power. It could also be scaled to more users, according to the company. Bard will also draw on all of the information from the web to provide responses. Google’s CEO, Sundar Pichai, also noted that pulling from the web would provide “fresh, high-quality responses.” And it should also mean that we won’t get outdated information, like we currently get with ChatGPT.

Screenshot 2023 02 10 at 10 19 59 AM

How can you access Bard?

Bard has not yet been released to the public. Google says that it is currently testing Bard with a small group of “trusted testers”. Both internal and external feedback is going to be taken into account. This is to ensure that the service is ready to be released to the public and adheres to Google’s AI responsibility standards.

Google has said that Bard will be available to everyone in the weeks following the initial announcement, which was on February 6. But that was before the little demo fail that it had. So that might get pushed back a bit further.

Bard vs ChatGPT

Right now, it looks like AI chatbots will be a two-horse race between Google and Microsoft/OpenAI. Microsoft has poured billions of dollars into OpenAI as of late – even after it laid off a ton of its workers.

Google has been rushing to get Bard out. It was reported that a few weeks ago, it had developed Bard under a project called “atlas” which was part of a “code red” effort to compete with ChatGPT. As mentioned before, ChatGPT has been deemed the fastest-growing app of all-time. Which is quite impressive.

The big difference between the two so far, is that while both run on Transformer, Google’s Bard will use LaMDA and also be able to pull information from the web. Leading to more up-to-date information. While ChatGPT is trained on information up until 2021. So it’s not super accurate as of right now.

While Microsoft is investing in OpenAI, Google has announced it is investing in and partnering with Anthropic. That’s an AI startup led by some of the former leaders at OpenAI. They do have their own chatbot, called Claude, and it has a mission centered around AI safety. Which aligns really well with what Google is already doing with AI.

What other AI products does Google have?

Google isn’t new to AI, quite the opposite actually. Google has a number of AI products that have not yet been released to the public. Typically, Google will tred lightly when it comes to AI products. As it doesn’t want to release something until it is confident in its performance. Which shows just how worried Google was about ChatGPT.

Outside of actual chatbots and other AI products, Google also has a number of AI components in its Pixel smartphones. It has the Google Assistant, which can do all sorts of things like screening calls for you. As well as clear calling which uses AI to cancel out all of the background noise when you’re on the phone in a noisy place. It also has Magic Eraser, which uses AI to remove objects from photos, among many other features.


[ad_2]
Source link

Here’s proof that Google is about to upgrade Chrome’s flawed share sheet

andreasc
-
0
Here’s proof that Google is about to upgrade Chrome’s flawed share sheet
[ad_1]
One of the most underappreciated features found on a smartphone is the share sheet. This is the page that allows you to pick the platform being used to share content. The ones used by both Google Chrome and Google Photos are often criticized. The current share sheet used by the aforementioned apps is limited at first glance and requires the user to press the “more” tab to see all of the options. Ironically, having a different share sheet than the one used system-wide violates Android Guidelines.
According to Techdows (via AndroidPolice) Google is working to move the Chrome browser app to the native Android system share sheet. Signs that such a move is in the works were spotted in the Chrome Canary app. This is an unstable version of Chrome that gets updated daily and it is available from the Google Play Store. In version 112 of Canary Chrome (made available with the stable Chrome browser app at a older version), you can toggle a setting that will force the app to use the Android system share sheet by defdault.
To force Chrome to use the Android system share sheet, follow these directions:
  1. Launch Chrome
  2. Go to chrome://flags
  3. Search for share, find the flag “Share sheet refactor Android”
  4. Chrome Share sheet refactor Android flag
  5. Select Enabled
  6. Restart the browser

After you restart the browser and request the share sheet from the triple-dot menu in the upper right corner, it will show you the native Android share sheet. Right now, this is only available on the Canary Chrome app and will be eventually be found on the stable Chrome app. Right now, my Pixel 6 Pro running Android 13 QPR2 Beta 3.1 has version 109 of stable Chrome installed. The version of Canary Chrome on my phone is 112 which does offer the migration to the Android system share sheet.

You can set Canary Chrome to run the native Android system share sheet by default - Here's proof that Google is about to upgrade Chrome's flawed share sheet

You can set Canary Chrome to run the native Android system share sheet by default

To see which version of Chrome is installed on your phone, open the app, tap the three-dot menu button found in the upper right of the display. Go to Settings > About Chrome, and the version number will appear. Once you see that you’re running version 112 of stable Chrome, follow the six steps listed above. Again, these steps work right now on Canary Chrome but we will need to wait for it to appear for the stable version of Google’s mobile web browser.


[ad_2]
Source link

Doctor Paid $60k in Bitcoin to Hire Dark Web Hitmen

andreasc
-
0
Doctor Paid $60k in Bitcoin to Hire Dark Web Hitmen
[ad_1]

The former neonatologist has been sentenced to eight years in prison and ordered to pay more than $25,000 in restitution and a $100,000 fine.

Ronald Craig Ilg, 56, was sentenced to eight years in prison for hiring hitmen on the dark web to assault and kidnap victims. The doctor in Spokane, Washington paid $60,000 in Bitcoin as payment for the tasks he asked the hitmen to perform.

This should not be a surprise, as just last year, the US Department of Justice charged a cardiologist with developing two dangerous ransomware strains: Thanos and Jigsaw v.2.

Senior United States District Judge William Fremming Nielsen sentenced Ilg to 96 months in prison, ordering him to pay more than $25,000 in restitution and a $100,000 fine. Even after release, Ilg will be supervised for three years.

The former neonatologist used the dark web’s anonymity to direct purported hitmen to assault his victims; the first was a former colleague, also a Spokane-area doctor. Ilg paid the hitmen more than $2,000 worth of Bitcoin and specifically requested that the victim’s hands be broken or otherwise significantly injured. He also asked for proof of the task’s completion.

Doctor Sentenced to 8 Years for Hiring Dark Web Hitmen
Ronald Craig Ilg

The second victim was his estranged wife. He paid the criminals approximately $60,000 worth of Bitcoin to kidnap and inject her with heroin so she would be forced to drop the divorce proceedings. He even promised the hitmen a bonus if the task was completed successfully. 

However, the FBI successfully intercepted Ilg’s communications on the dark web and thwarted his plans. As the initial investigation began, he falsely claimed to have been instructing the hitmen to kill him, instead of his victims.

He also attempted to persuade the key witness to marry him so he could control her testimony in court. He offered to pay for her children’s tuition fees to attend St. Aloysius Catholic School and Gonzaga Preparatory School. 

MORE DARK WEB CRIME NEWS

After pleading guilty to his crimes, Ilg tried to profit from them by seeking “a book or movie deal.” Judge Nielsen described Ilg’s behaviour as “really egregious, and even evil,” while emphasizing the irony of Ilg’s actions as a doctor. 

“A doctor’s goal in life is to protect people, keeping people alive – not taking overt steps to do the opposite,” he said. 

Doctor Sentenced to 8 Years for Hiring Dark Web Hitmen
Clinic Permanently closed

In a DoJ press release, Richard A. Collodi, Special Agent in Charge of the FBI’s Seattle field office, said that “This case demonstrates that even the anonymity of the dark web will not prevent the FBI from identifying and disrupting individuals who are intent on engaging in criminal activity.”

MORE DARK WEB NEWS

  1. 8 Online Best Dark Web Search Engines for Tor Browser
  2. Student Running Germany’s Largest Dark Web Market DiDW
  3. What Are Dark Web Search Engines and How to Find Them?
  4. Dark Web search engine Kilos lets users find hidden markets
  5. Largest Dark Web Webinjects Marketplace “In The Box” Found

[ad_2]
Source link

A gaming chair that has your back

andreasc
-
0
A gaming chair that has your back
[ad_1]

When you think of a gaming chair, you probably don’t think of something like the Herman Miller Vantum. Instead, your mind more than likely conjures up images of racing-style bucket seats made of faux leather. These seats can be decent enough for shorter periods of time. And they do have a certain aesthetic quality to them that can look good in many setups.

However, most traditional gaming chairs do little to nothing for proper lumbar support. No matter how much the marketing tells you they do. Furthermore, very rarely will any of them have proper thoracic (your upper back) support. And over time, sitting in a chair like that for long hours on a daily basis can lead to issues. Back pain, neck pain, you name it.

Herman Miller is on a mission to change the perspective on gaming chairs, and the Vantum is its latest creation in that respect. When the chair was announced last year, I was eager to test one. Because I sit in my chair daily for many hours during work. Then I normally dump at least a few hours into gaming in the evenings, while playing for much longer hours on the weekends. I’ve been testing the Vantum for the last couple of months. And I can now confidently say this is the last gaming chair you’ll ever need or want.

The Herman Miller Vantum is designed specifically for gamers

If you’ve ever shopped for a chair for gaming, then you’ve probably at some point heard or seen someone recommend getting a Herman Miller chair instead of a “gaming chair.” Although most chairs from Herman Miller aren’t designed for gaming, they’re still used by many to game in because of their stellar comfort and support. The Vantum follows that design ideal but is also made specifically with gamers in mind.

It was developed in partnership with Logitech G and it shows. Though I wouldn’t necessarily say the Vantum has a “gamer aesthetic” to it, I think that’s only because we’ve been conditioned to think only of the racing-style chairs as gaming chairs. That being said, Logitech G has done a great job at assisting Herman Miller in designing a first-rate gaming chair.

A new standard for gaming chair style

When it comes to style, the Vantum looks amazing, and provides the kind of support you need for long gaming sessions. While also giving you features that are meant to help you be more focused and perform in your games better. I’m not saying that this chair is going to help you win games. But what it will do is keep your more comfortable and alert while you play. Which can translate to performing better. And for me, that’s exactly what’s happened.

Since using it, I’ve been less focused on any sort of discomfort that may pop up and more focused on the games. That lack of worrying about shoulder or back pain has left me free to keep my attention on my games. And I have noticed a slight increase in performance, playing better than I usually do. Though overall, I’m just noticing that I am enjoying my gaming sessions more because I’m extremely comfortable.

This is also in part due to the chair’s ‘Active forward-leaning-alignment’ as Herman Miller calls it, which I feel helps with the focus in games and in work. Again, I’m not saying the Vantum is going to give you pro-level gaming performance. But it will help you focus more. And that’s not a bad thing.

Easy assembly makes setting this up a breeze

One of my biggest gripes with most gaming chairs is the setup. Putting them together often times results in a longer process. Not with the Vantum. It’s a great unboxing experience that comes packaged neatly. And that’s only made better by the fact that it comes almost entirely assembled. Out of all the chairs I’ve tested so far, this has been the quickest to put together.

That made the assembly a refreshing experience because it didn’t take me an hour. Instead, I was ready to sit down and start gaming in five minutes. And that’s because all the small steps done before you even open the box. The casters are already installed in the base, and the arms and back are already attached to the seat. So all you literally have to do is place the seat onto the base and then attach the headrest. That’s it.

No messing with screws or annoying little Allen wrenches. And if like me you have an incalculable distaste for all the steps that most gaming chairs require for assembly, then the Vantum will be a breath of fresh air.

The tilt and lumbar support adjustment are game-changing

After a couple months of use, one of my favorite parts about the Vantum has become the adjustment knobs for the recline and lumbar support. On the left, the numeric tilt knob (which Herman Miller calls the tilt limiter) handles the level of recline for the back. While the knob on the right takes care of the tilt tension.

There’s also a set of knobs that let you adjust the lumbar support. First, let’s talk about the lumbar support. The Vantum uses Herman Miller’s patented Posture Fit system. Which is designed to prevent slouching and fatigue while sitting by reinforcing your pelvis and lower back. It might take you a few gaming sessions to figure out your own preferred alignment like it did for me. But it’s super easy to adjust thanks to these knobs.

They’re easily reachable even though they’re behind the back, for one. But the knob is also covered in little nubs or bumps. This is a small detail but I found that it makes the knobs easier to locate and it just feels like they’re easier to grip and turn.

Tilt limiter and tilt tension

No matter how you’re playing games, the tilt limiter and tilt tension are there to help make you as comfortable as possible. The best part is that the knobs for them have the same little grippy nubs as the knobs for the lumbar support. And are just as easy to reach while sitting down in the chair. With a quick twist, I was able to easily go from sitting upright while working or playing more competitive PC games, to leaning back a little for a more relaxed gaming experience on my PS5.

And when I’m ready to take a break from gaming the tilt tension is fantastic for leaning back all the way and watching movies or TV. I was skeptical at first with the Vantum not having a tilt lock option. Because really, every other chair I’ve used for the past 10 years has had one. But honestly, the Vantum doesn’t need it.

Releasing the tilt tension to its lowest level makes it possible to lean back with next to no effort and is perfectly comfortable for watching videos. And I’ve found that I actually like it more that the back comes back up if I need to get up and out of the chair.

Overall, I think the lumbar support and tilt adjustment setup is a very clever design and most people should love it.

The Herman Miller Vantum isn’t perfect

When I say I love this chair, I absolutely love this chair. But the Herman Miller Vantum isn’t perfect. There are definitely some areas I’d like to see improvement on for Herman Miller and Logitech G’s next chair. Should there be one.

For starters, 4D armrests. With the armrests on the Vantum, you can adjust the depth, height, and width. But they don’t turn. And sometimes it’s just a tiny bit more comfortable on your arms to have this option. Not having these was not a deal breaker for me though. Because the armrests are still extremely comfortable in just about every situation. And they’re easy to adjust any which way. The arms also have a nice, satisfying click as you raise them.

And while this doesn’t really have any impact at all on how they function, I just find it as a nice satisfying detail.

The seat depth adjustment could use some work

Another area I’m not super fond of is the seat depth adjustment. To be clear though, I have no issues at all with how much it can be adjusted. Rather, it’s that it’s not really easy to adjust without getting out of the chair.

The Vantum use a similar type of seat depth adjustment as Herman Miller’s more expensive gaming chair, the Embody. Though it’s not entirely the same. The handle for adjusting the seat depth is located on the underside of the seat on the right side. It’s easy to grab, and all you have to do is pull it outward, then slide the seat backward or forward to adjust the depth.

The problem here, is sliding the seat. No matter how many times I’ve tried, trying to adjust the seat backward or forward while I’m sitting in it always results in the chair simply moving forward or backward because the casters move. So, at least for me, I have to get out of the chair to adjust the depth. All that being said, this isn’t an issue if you find the seat depth you prefer and never have to adjust it. But it would have been nice if this adjustment was easier to do while sitting down.

Might not be a great fit for taller people

I’m about five feet seven inches. So the chair is perfectly comfortable for me. But I have heard that people over six feet may find it less comfortable. Obviously, this isn’t something I can test. But if you’re over six feet you may want to see if you can find a dealer who sells the Vantum so you can try it out for yourself. Or if you know someone who has a Vantum, inquire about sitting in it to see if it works for you.

Be sure you want to use the head rest

One last point I’d like to touch on is the head rest. There’s a reason it’s there. It’s meant to provide extra support for your neck. And while I have grown to like it a lot, be sure you want to use it. Because it doesn’t seem like it’s possible to remove it. Ever. At least not without potentially breaking it.

Once you slide it into place, it feels locked in for good. So my suggestion here, is to use the chair without the headset first. And see how you feel without it. Personally, I think the headrest is a must. You’re probably going to want it for any and all times you lean the chair back.

Also worth mentioning is that the head rest does take some getting used to. Once you find the right height for it, then you should be good to go. From that point, just tilt up or down depending on how you’re sitting. If you’re sitting upright, you probably want to tilt it more downwards so the bottom of the headrest isn’t scraping against your neck. But I find that when I lean back, my neck has more support and it’s more comfortable if I tilt the headrest upwards.

Herman Miller Vantum review: wrap-up

I think there is a particular target market for the Vantum and a perfect chair for many gamers. While it doesn’t hold as much prestige as other chairs from Herman Miller, like the Embody gaming chair or the Aeron, the Vantum is well-made and offers loads of features. And it’s an even better investment now that the price has come down from $995 to $795.

I firmly believe this is the last gaming chair that many people will ever need to buy or want to buy. It’s stylish, extremely comfortable, and has lots of adjustments for promoting better health of your lower and upper back, neck, and shoulders. Yes, it is still expensive. But if taken care of, you may never have to replace this chair because it comes with a 12-year warranty. This also covers parts and labor. Plus, the Vantum comes in three colorways. White, Black, and Red. That being said, the Vantum is not for everyone. At least not in my opinion.

Overall, the Vantum is an excellent gaming chair that will probably last you for more than a decade or two. And you don’t have to spend more than $1,000 to get that.

You should buy the Herman Miller Vantum if:

  • You want a high-quality, comfortable gaming chair
  • You want top-tier ergonomic features
  • You’re already considering spending upwards of $500 or more

You shouldn’t buy the Herman Miller Vantum if:

  • You don’t want to spend more than a few hundred
  • You can afford the Herman Miller Embody gaming chair

Herman Miller Vantum


[ad_2]
Source link

Anonymous Leaks 128 GB of Data from Russian ISP Convex

andreasc
-
0
Anonymous Leaks 128 GB of Data from Russian ISP Convex
[ad_1]

Caxxii, an affiliate of Anonymous hacktivists, has released 128 GB of documents revealing the Russian government’s illegal surveillance tactics to spy on its citizens.

The hacktivist group Anonymous released 128 gigabytes of data from Convex, the leading Russian internet provider, detailing the Kremlin’s alleged illegal monitoring of its citizens across the country.

Such surveillance activities are classified as unauthorized wiretapping, espionage, and warrantless surveillance of civilians, which are against the country’s laws.

In 2015, in Zakharov v. Russia, the European Court of Human Rights warned that the laws governing the country’s System for Operative Investigative Activities surveillance system didn’t offer sufficient and impactful guarantees against arbitrariness and abuse of any secret surveillance system, urging Kremlin to circumvent the legal authorization requirements.

The passage of the Yarovaya Law in 2016 allowed authorities to obtain communication information without needing a court order.

What Data was Dumped?

The alleged data reveals how the Russian government apparently spies on its citizens’ internet and phone usage, and exclusive details of the yet-undisclosed Green Atom surveillance program, which Anonymous claims. was operated by Russia’s Federal Security Service.

The data also contains records of thousands of Russian citizens who were customers of Russian corporations targeted by this program.

As per Anonymous, the Green Atom data provide evidence of the extent to which the Russian government abuses its legal structures, as Convex virtually captured the entire data. Anonymous also noted that they had more unreleased information on FSB’s intelligence-collecting activities.

What is Green Atom Surveillance Program?

In their Twitter post, Anonymous stated that the data was stolen from Convex, which led to the revelation that the company had been running a project named Green Atom involving installing and maintaining surveillance equipment for monitoring Russian citizens and private corporations’ online activities.

Anonymous Exposes Russian Digital Spying Operations

Through the Green Atom program, the government could perform wide-ranging surveillance activities, using the equipment from Convex to monitor their incoming and outgoing traffic.

At the time of publishing this article, the data was available on the official website of DDoSecrets.

Anonymous Exposes Russian Digital Spying Operations

Anonymous – Russia and Ukraine Conflict

The Ukraine-Russia conflict has reached a new level with Anonymous cyber attacks on Russian networks. Anonymous, the international hacktivist group that works to fight censorship and corruption, has so far claimed responsibility for several cyber and social engineering attacks against the Russian government and the private sector.

Some of the collective’s attacks include hacking the Yandex taxi app (1), Payment processor Qiwi (2), Ministry of Culture (3), State-Run Broadcaster (4), Central Bank of Russia (5), unsecured printers (6), security cameras (7), media censoring agency Roskomnadzor (8), 90% of Russian misconfigured databases (9), TV transmissions (10), Electic vehicle charging station (11) and more.


[ad_2]
Source link

Reddit breached, here’s what you need to know

andreasc
-
0
Reddit breached, here’s what you need to know
[ad_1]

In an admirably transparent notification, Reddit announced that one of its employees was phished.

On Thursday, February 9, 2023, Reddit reported that it had experienced a security incident as a result of an employee being phished.

What happened?

According to Reddit, it “became aware of a sophisticated phishing campaign” late on February 5, 2023, that attempted to steal credentials and two-factor authentication tokens.

One of its employees fell for the phish, and then self-reported, alerting Reddit to what had happened. It says its “security team responded quickly, removing the infiltrator’s access and commencing an internal investigation.”

The employee’s credentials were reportedly used to gain access to “some internal docs, code, as well as some internal dashboards and business systems”, which exposed “limited contact information” for company contacts and employees, and information about advertizers.

According to Reddit, your passwords are safe. As a result, there is no need to alter your login details. It also says there are no signs the breach affected “the parts of our stack that run Reddit and store the majority of our data” or “any of your non-public data.”

Reddit deserves praise for reporting what happened so clearly: Clear messaging, no evasion, and a clear indication of what users should take into consideration. Ironically, the one piece of advice that Reddit offers it users is to set up two-factor authentication (2FA) to protect their accounts.

The right kind of 2FA—2FA that relies on hardware keys or FIDO2 devices—could have prevented its own employee from being phished. Still, any form of 2FA is better than none, so we encourage you to set up 2FA on Reddit. Its app-based 2FA can’t protect you from phishing, but it will stop all kinds of assaults on your passwords.

How to set up 2FA on Reddit

You’ll need to make use of an app to generate the six-digit code required to log in alongside your password. From the FAQ:

  • Click on your username in the top right of your screen.
  • Select User Settings and click on the Privacy & Security tab. 
  • Under Advanced Security, you’ll see the Use two-factor authentication control. To enable it, click the toggle to on.
  • Next, enter your password and click Confirm. 
  • Follow the step-by-step instructions to set up your authentication and don’t forget to save your backup codes
  • After setup, you may be asked to log out and log back in to your account. Moving forward, you’ll need to enter a 6-digit code from your authenticator app every time you log in to Reddit.

With this in place, your account will be a lot more secure with or without a breach of some kind lurking in the background. Now it’s time to take a look at the breach notification. In their own words:

An incident notification done well

As anyone in security will tell you, breaches are a matter of “if, not when”, so it matters how companies respond when they are breached. Reddit has handled it well so far.

The very first paragraph of its notification is a “too long, didn’t read” for those in a real hurry. It reads as follows and is very clear about what went on, and what users need to do:

“Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems.”

Although the main body of text of the notification is not particularly complicated, this shorter paragraph breaks things down to their bare bones, so absolutely anyone can understand what’s taken place. This doesn’t always happen in breach notification situations!

The Reddit staff also held an “Ask Me Anything” (AMA) in the comments underneath the notification. Yes, Reddit is ideally suited to a Q&A interaction given its posting format, but they could just as easily have turned off replies. Can you remember the last time a breach notification gave users of a service a way to directly interact with staff dealing with the incident?

Finally, the employee concerned is not being fired, instead its notification says it is “working with our employees to fortify our security skills.”

Kudos to Reddit for being so open and approachable where this breach is concerned.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link
1...1,4441,4451,446...1,452Page 1,445 of 1,452