NEWS
That AU defence contractor hack contained info about the F-35 & more
There's a bit more detail around regarding yesterday's news that a Australian defence contractor that was hacked months ago. We now know that the attacker (likely state sponsored) snagged technical information on the F-35 joint strike fighter, as well as the P-8 Poseidon surveillance plane and naval vessels. It was a pretty simple hack too - "All the actor did was exploit the vulnerability and upload a web archive file. The uploaded file contained a copy of a backdoor known as the China Chopper Web Shell". Once they were in, it was game on, as all the machines in the organisation had the same admin password and username. The weirdest bit of all is that the Australian Signals Directorate gave the hacker the codename Alf, as in the Home and Away character with his own rape dungeon.
Discuss - Share
Israeli spies found Russian spies snooping around Kaspersky then told USA
Things have turned weird in the NSA and Kaspersky situation. Now the Israelis are involved. That's how the US government found out about this stuff actually - the Israelis were spying around Kaspersky's servers and they saw Russian spies doing the same thing. Israel told their allies, the USA, that Kaspersky is compromised, which freaked out the yanks because they knew Kaspersky had NSA tools lying around due to one of the NSA's contractors taking files home and his home PC's anti-virus software sent them back to Kaspersky for analysis. Germany doesn't think the Russians actually have those NSA tools, or at least, haven't used them yet, which they would have done by now, if they actually did have them. Either way, Kaspersky's cooked, right? Nobody's trusting them now.
Discuss - Share
New Oculus VR headset - the Oculus Go
Facebook's announced a new Oculus VR headset - the Oculus Go. It's way cheaper, as US$199 and is self-contained. There's no need for a cable or a computer or smartphone, the Oculus Go has its own hardware and power built right in. Apparently it's a Snapdragon 821 SoC (the same SoC as the previous Google Pixel and LG G6) inside, which is pretty impressive for the price. There's built in spatial audio headphones and a little remote control to navigate around stuff, but no full room tracking system like the bigger Oculus Rift. For US$199, this looks like a kickarse piece of gear for a VR ecosystem to grow around. It'll be out "early 2018". The entire 2hr keynote where Zuck and his Oculus buddies announced their plans for VR world domination is ready to watch.
Discuss - Share
New waterproof Kindle
There's now a waterproof Kindle for all you bathtub, pool side and clumsy readers. The updated Amazon Kindle Oasis is the same high priced ($449) e-book reader you know and love, with a 300 dpi Paperwhite screen, thin bezels except the big right hand bezel to grip on to, dedicated page turning buttons, but it's now got an aluminium finish, is a bit heavier (194g vs 131g) and importantly, has an IPX8 rating, "which means it should survive being dunked in roughly two meters of water for up to 60 minutes". Plenty of time to fish it out from the bottom of the hotel pool.
Discuss - Share
Interesting news link dump
Lots of little bits of interesting news around today, so here's a dump of links:
COOL SHIT
It's a bit too easy to phish someone's iCloud password on iOS
Felix Krause has revealed how damn easy it is to get someone to enter their iCloud/App Store password into your malicious website or app on iOS. Users are so conditioned to entering their password whenever prompted by iOS, that if your app or malicious website simply asks, people will probably do it. Felix says that, "this could easily be abused by any app, just by showing an UIAlertController, that looks exactly like the system dialog" - go look at the screenshots, it's very easy to be fooled. His advice is to "hit the home button, and see if the app quits: if it closes the app, and with it the dialog, then this was a phishing attack" as legit system prompts for passwords can't be removed by pressing the home button.
Discuss - Share
OnePlus sends heaps of data back to HQ with no opt-out
Also pretty creepy is the discovery of OnePlus spying on all its customer's devices. Christopher Moore hooked his OnePlus 2 up to a proxy to see what it was sending back to HQ and man, it was sending way more than anyone would consider reasonable for diagnostics. Things like the time of screen on/off and unlock activities, the time you opened and closed apps and how long you used them for, the services those apps launched, your phone number, wireless SSIDs and more. To make it worse, this info wasn't anonymised either. The device's serial number was sent back to OnePlus, which, if you purchased the device directly from OnePlus, would mean it's easy to identify an individual. If you've got a OnePlus phone and want to opt-out, uninstall the OnePlus System Service and it'll keep its mouth shut, as you're unable to opt-out within the app itself, it's permanently enabled.
Discuss - Share
Thoughts on the 23 recommendations from the NBN joint committee report
On Grand Final weekend, a government committee dropped a very detailed report on the NBN and came up with 23 recommendations to make the NBN suck less. We've heard sweet fuck all about it since then, but Robert Hudson, the President of the ITPA has published his thoughts on each one of the recommendations. Lots of common sense here, particularly the recommendations around NBN handling customer and RSP complaints. The biggest frustration of the NBN (putting aside the obvious huge spend for shit speeds) is simply getting connected. You sign up for an NBN plan, and for many people it's an absolute shitfest between RSP and NBN while the customer is in the middle, treated like a mushroom.
Discuss - Share
Here endeth the sizzle (until tomorrow!)
--Anthony
The Sizzle is curated by Anthony "@decryption" Agius and emailed every weekday afternoon. Join us on Slack and chat with other Sizzle subscribers. This issue was published whilst listening to Before I Forget, by Slipknot.