Microsoft patched 'NSA hack' Windows flaws before leak

Microsoft says it had already fixed software flaws linked to an alleged breach of the global banking system before they were exposed last week.

On Friday, a group called the Shadow Brokers published details of several hacking tools, indicating they had been used by the US National Security Agency (NSA) to spy on money transfers.

Reports suggested Microsoft’s Windows operating system remained vulnerable.

But the firm revealed it had in fact addressed the problem in March.

“Customers have expressed concerns around the risk [Shadow Brokers’] disclosure potentially creates,” it said in a security update.

“Our engineers have investigated the disclosed exploits, and most of the exploits are already patched.”

The company has not, however, revealed how it became aware of the flaws.

Microsoft normally acknowledges third parties who tip it off to problems, but has not done so in this case.

The Reuters news agency reported that the company had told it that neither the NSA nor any other part of the US government had informed it of the hacking tools’ existence.

That calls into question how Microsoft learned of the issue – tech blog Ars Technica commented it was “highly unlikely” that the patch and leak would both have occurred so close together by coincidence.

‘God’s eye’

Whisteblower Edward Snowden had previously leaked documents in 2013 that alleged the NSA had carried surveillance of the Brussels-based Society for Worldwide Interbank Financial Telecommunication (Swift) for several years, but did not specify how.

Swift allows the world’s banks to send payment orders and other messages about large financial transactions in a “secure and reliable” manner.

It is used by about 11,000 financial institutions.

“If Shadow Brokers’ claims are indeed verified, it seems that the NSA sought to totally capture the backbone of [the] international financial system to have a God’s eye [view],” blogged security researcher Matt Suiche after the latest leak.

“If the US had a specific target in the region’s financial system, NSA penetration offers [an alternative to] merely relying upon good faith compliance procedures, standard diplomatic requests, or collaborating with Swift.”

Swift has not confirmed it was compromised.

“We have no evidence to suggest that there has ever been any unauthorised access to our network or messaging services,” it said in a statement on Friday.

The BBC has not been able to verify the authenticity of the Shadow Brokers’ claims, and the NSA has not provided comment.

Go to Source

How to use Start menu folders in the Creators Update

Windows 10 on PCs has always been influenced by mobile, and the newly released Creators Update is no different. This time around the latest update adds a particularly helpful feature from mobile: app folders.

Since there’s no home screen for PCs—unless you’re a masochist—app folders appear in the tiles section of the Start screen. The idea behind folders is to stuff more app tiles into a smaller space.

Cleveland Facebook killer hunted by police

Media playback is unsupported on your device

Police in Cleveland are searching for a man who fatally shot a “random” victim and posted the footage on Facebook.

The suspect, Steve Stephens, later said in a separate video post that he had killed 13 people and was looking to kill more.

Cleveland police chief Calvin Williams confirmed one killing but said they did not know of any other victims.

Mr Williams said that “multiple forces” were looking for Mr Stephens, who “needs to turn himself in”.

The victim has been identified by Cleveland police as 74-year-old Robert Godwin.

“There is no need for any further bloodshed in this incident tonight,” police chief Calvin Williams said at a news conference on Sunday.

“We need to bring this to a conclusion today,” he said, adding: “We need to get Steve from the streets.”

Mr Williams said that authorities had put out alerts “in the state of Ohio and beyond” over the “senseless” incident, and urged people not to approach the suspect, who he said was likely to remain armed and dangerous.

The Cleveland police department issued a photo of Mr Stephens, 37, on its website, describing him as a 6ft 1in (1.9m) tall black male of medium complexion.

He is thought to be driving a white or cream-coloured SUV (sports utility vehicle).

Mr Williams said that the victim appeared to have been selected at random in what he described as a “senseless” murder.

He added that Mr Stephens “clearly has a problem” and urged him to come forward in order to “receive the help that he needs”.

The Federal Bureau of Investigation (FBI) is collaborating with local police as it investigates the incident, CNN reports.

The mayor of Cleveland, Frank Jackson, said that he wanted Mr Stephens to know that “he will eventually be caught”.

A fundraising page set up to help the family of Mr Godwin had received more than half of its target of $20,000 (£16,000) within hours of publication.

Facebook said in a statement on Sunday that it co-operates fully with the authorities in incidents where there are “direct threats to physical safety”.

Responding to the reports involving Mr Stephens, the company said that it was “a horrific crime”, adding that it “does not allow this kind of content” on its site.

It is not the first time that a fatal shooting has been posted or streamed on Facebook. Last June, a man was shot dead while live-streaming a video of himself on the streets of Chicago. In March, an unidentified man was shot 16 times while broadcasting live.

Facebook’s live-streaming feature, which was launched in 2010, allows anyone to broadcast online in real time.

Go to Source

The woman whose phone 'misdiagnosed HIV'

Esther sells water on the side of the road in Kenya for a few dollars a day.

She also owns a smartphone and ownership of such a device should, according to most of the received wisdom, empower its owner.

But in fact it did quite the opposite for her when she acquired an app.

It claimed to diagnose HIV simply by analysing her fingerprint on the touch screen.

When researchers met her at her roadside workplace, she was worried.

“She did not know if it was true and she was panicking,” said researcher Laura de Reynal, who worked on a year-long study into the experiences of first-time smartphone users in Kenya.

“And she wasn’t the only one, there were others that came to us worried about this app and those were just the ones that were willing to speak out.”

The app was in fact a prank and anyone reading the comments on Google’s Play Store would have seen that.

However, many first-time smartphone users in Kenya get hold of apps via a friend’s Bluetooth connection, rather than downloading them via the net, in order to save data.

But the prank would not have been apparent via a Bluetooth share.

“People are not able to understand the limits of the technology,” said Ms de Reynal.

“They think, because it was on a smartphone, it seems real and credible.”

Commissioned by Mozilla – the organisation behind the Firefox operating system – the study was designed to find out what it is that limits people in the developing world from grabbing the opportunities offered by the web.

The study suggested that men often control and, in some cases, limit the internet usage of women.

It also claimed that providing access without proper training can actually worsen existing social problems such as gambling.

Esther’s issue has led the researchers to call on Google to embed warnings on such apps and to think harder about overcoming things such as language barriers.

People-powered chat

The web is largely in English while many of the new users in Kenya primarily speak Swahili or Sheng (a Swahili-English hybrid).

“These devices are designed in Silicon Valley where usage is taken for granted,” said Ms de Reynal.

“They could have features that change content into a local language, for instance,” said added.

Samantha Burton, who oversaw the project, agreed.

“Putting a smartphone into someone’s hands doesn’t necessary equal empowerment, new users need to learn how to use the tools,” she said.

The obvious answer is to provide digital literacy training, to answer questions such as how to manage data usage, how to reset passwords and how to spot fake news and other net-based scams.

But people desperate to earn a dollar are unlikely to have time for such workshops.

The Mozilla research team had to become creative and turned to the popular messaging app WhatsApp to create a chat tool with real people behind it to answer questions.

“Often the reason people get a smartphone is for communication – to use Facebook or WhatsApp – so having real people answering questions was incredibly popular,” said Ms Burton.

Faith, a small business owner in Nairobi, used her mobile to buy and sell goods online and to search for apps to entertain children at Sunday school.

She was also pretty savvy about usage; limiting hers to 35 megabytes per day, after which she cuts off access.

But, like other women in her circumstances, her smartphone use was not entirely governed by her.

Following an argument with her boyfriend, her phone was taken away, forcing her to purchase her own.

That mobile device, bought from a cousin in Rwanda, did not work and Faith did not know how to fix it.

“One day she had control and the next day she didn’t,” said Ms de Reynal.

New expenses

Women in Kenya are three times more likely to be given a smartphone as a gift from the men in their lives, who may also monitor WhatsApp and other usage.

A mobile phone is a big purchase for poor Kenyans.

At an average cost of $40 (£32), it takes many months to save up to buy one.

“Many had lost or broken their phones so that money is compounded by the extra cost of replacing a phone,” explained Ms de Reynal.

The cost of connecting is also a problem, and in some cases people have to “make a choice about buying more food or buying more data”.

But people are getting very savvy about connectivity.

“Lots of people had several Sim cards to take advantage of specific price deals while others were limiting their data use by sharing apps via Bluetooth rather than downloading them,” said Ms Burton.

Nairobi resident Evans has no regular employment and the money he does earn is used for betting.

His smartphone became a tool to research and improve his betting techniques.

He bet on football matches and used the phone to research the teams and their statistics.

In Kenya, mobile phone Sims are often tied into mobile money providers, such as M-Shwari, and this offered Evans another way to borrow money other than from his friends and neighbours.

Unlike a personal loan, which he tends to repay to prevent fights, he is much more blasé about online loans.

“He was defiant of strict loan repayment rules, which may have landed him on a financial blacklist,” said Ms de Reynal.

“He felt that as long as he threw away the Sim, he could buy another with no consequences,” she added.

These case studies illustrate that mobile ownership is complex and nuanced.

For those firms desperate to break into new markets, there are plenty of lessons to be learned.

Go to Source

Team Group T-Force Cardea SSD Review

Modern integrated circuits have a problem. Lithographies have shrunk while transistor technology has increased the switching frequency. The result is faster devices with a smaller surface area to dissipate heat. There are several ways to address the challenge. The first is to set a lower base clock and then boost the speed under load. This allows the IC to run cooler more of the time, but there is always some latency involved in making the jump to hyperspace (the turbo clock speed). The second method is to run the chip at full speed until it reaches a critical temperature and then downclock to reduce heat generation, but that actually slows the IC down when you need it the most. The third method is kind of old school. You just simply put a big heat sink over the IC and run full speed all the time. That’s the solution we’re looking at today.

Some early M.2 SSDs had minor issues with thermal throttling. At one time, we even measured the Samsung XP941 controller with an 114C surface temperature. I’ve never seen thermal throttling as a significant issue for most users. The truth is, we don’t run these drives like you do at home. Our testing spans four days, and the drive is active nearly the entire time. Over the course of testing, we read and write years worth of data compared to a typical user environment. The accelerated testing allows us to measure performance during different workload patterns and to explore corner case issues. To mimic a real-world environment, we inject idle time to cool the drives off between tests and allow them to recover from the previous workload.

In contrast, most PC users load a lot of data quickly, roughly 15GB over 10 minutes, during Windows installation. After installing drivers and commonly-used apps, like Office, most data comes to the PC at the speed of the internet connection. Other common use-cases involve backing up data (reading most of the data on your drive at queue depth 1), and editing a 2GB video file. In a properly configured desktop with adequate airflow, it’s difficult to see the effects of thermal throttling during these simple workloads.

Heat sinks can look really good from an aesthetics point of view. To each their own, my grandmother always said. They are not quite as audacious as RGB everything, but heat sinks do provide positive benefits for SSDs in a system with limited airflow.

Enter the new Team Group T-Force Cardea SSD. This drive uses a large full-length heat sink across a standard Phison PS5007-E7 M.2 2280 SSD. The heat sink is a full departure from the thin aluminum strip Plextor used on the M8Pe(G) M.2 SSD we tested several months ago. The Cardea uses a beefy heat sink that is more than adequate to cool the tiny E7 controller.

At first glance, the heat sink’s height looks to be an issue with video cards mounted above the M.2 slot, which motherboard vendors commonly situate between two PCIe slots. That isn’t the case. We tested five video cards, both AMD- and NVIDIA-based, and they all fit without touching the Cardea’s heat sink. You would need a feeler gauge to measure the distance between the heat sinks, but we didn’t run into an issue where the video card wouldn’t seat completely. That’s not to say all video cards with custom coolers will fit without issue. The video card companies ride the line of the PCIe specification, but some of the cards we tried, like the Asus GeForce GTX 680 DirectCU II TOP, are fine. The DirectCU II TOP is also the best example of a large GPU (it consumes 3 PCIe slots) that restricts airflow to an SSD under the PCIe slot.

Specifications

Team Group released the T-Force Cardea in two capacities of 240GB and 480GB. We have the largest and fastest model in for testing.

Three is a slight difference in performance between the two capacities. Most users will not see a difference in four-corner performance, but they will notice a difference in mixed workloads. The T-Force Cardea 480GB sports up to 2,650/1,450 MB/s sequential read/write speeds. Random performance comes in at 180,000/150,000 read/write IOPS, but to achieve those numbers you need multiple threads. We test with a single thread because that’s how most software addresses storage.

The Cardea uses a PCIe 3.0 x4 connection and the NVMe protocol. This is the first Phison E7 we’ve tested with the new 3.6 firmware. The “M” in the E7M03.6 leads us to believe this firmware is MP or mass production, and that means it has been tested for compatibility and stability. We haven’t heard anything about this update from any of the manufacturers, so it will be interesting to see what we find during testing.

The image above was taken three-quarters of our way through testing, and we’d already written 45 terabytes to the drive.

Team Group released temperature data for the T-Force Cardea with a large heat sink. There are three sets of data. The first is without a heat sink. The second says a “normal heat sink,” but we’re not sure what that actually defines. The third and final set measures the Cardea with the large heat sink. During a two-hour burn-in test, the heat sink kept the E7 processor nearly 20 degrees cooler than without a heat sink. We don’t have any data about the testing environment. The Phison PS5007-E7 employs a dynamic throttling algorithm, and the controller can reach temperatures as high as 90C before activating an extreme throttle that severely degrades performance.

Pricing And Accessories

Newegg already carries the Team Group T-Force Cardea in both capacities. The 240GB model currently retails for $149.99. The 480GB model we have in for testing sells for $269.99. The pricing scheme moves the E7 out of the entry-level NVMe category and pits it against products like the OCZ RD400, Plextor M8Pe(G) (M.2 with heat sink model), and Samsung 960 EVO.

We didn’t find any accessories inside the package and Team Group doesn’t have SSD Toolbox software.

Warranty And Endurance

Team Group backs the T-Force Cardea with a 3-year warranty limited by the amount of data you write to the drive. The 240GB model can absorb 335 TB of warrantied data writes, while the 480GB model comes with 670 TB.

Packaging

The Team Group T-Force Cardea retail package is fairly straight forward. You get the drive in a retail-ready blister pack, but there is very little information available for retail shoppers. Team Group doesn’t have a retail presence that we are aware of, so most of these drives sell online.

A Closer Look

The Team Force graphic appears with the drive at an angle. You can still see it straight on, but you get the full effect at an angle. The heat sink retention bracket doubles as a cooling device on the other side of the drive. This helps to spread the heat from the NAND packages.

I can’t say with certainty that the T-Force Cardea will not fit in any notebook, but it doesn’t fit in our Lenovo P70 mobile workstation, which is the largest notebook I have with NVMe support.

MORE: Best SSDs

MORE: How We Test HDDs And SSDs

MORE: All SSD Content

Go to Source

iPage

Founded back in 1998, iPage is now one of several hosting and tech companies owned by Endurance International Group (others include Bluehost, Domain.com, HostGator and SiteBuilder.com).

The company stood out for us immediately with its focus on a single shared hosting plan. There’s no need to scroll down lengthy comparison tables, weigh up the value of this or that feature or perform multiple price calculations: iPage is hoping its Essentials Plan – $2.75 (£2.20) a month initially over 3 years, $11 (£8.80) on renewal – will satisfy just about everyone.

The firm might have a point, too. Not only does Essentials have unlimited web space and bandwidth, it also supports unlimited email addresses, MySQL databases and even domains, a premium feature with most other hosts.

iPage throws in a simple drag-and-drop page builder, another feature often reserved for specialist accounts with rivals. There’s the standard 1-click installation of WordPress and other applications, basic shared SSL included, a simple shopping cart, and you get a free domain for a year when you sign up.

Support options include an online help centre, 24/7 live chat and telephone support, with a toll-free number in the UK and US – and if the service still doesn’t deliver, there’s a 30-day money-back guarantee.

There’s a lot of functionality here, and if your needs are simple – a single domain, a handful of databases – then iPage Essentials isn’t for you. But the plan offers good value for what you get, and if you’re looking to host multiple sites, or just want room to grow, it could be very appealing.

Account setup

We thought iPage’s focus on its Essentials Plan would make signing up very simple, but – surprise, surprise – life turned out to be a little more complicated than that. 

You’ll probably visit iPage.com first and you can buy from there, but it might not be the best move. There are also UK, Canadian and other sites, and these aren’t only priced in the local currency, they also follow different rules. 

Buy from iPage.com, for instance, and the 1, 2 and 3-year plans all have different monthly rates, and will cost you $60 (£48), $84 (£67) and $99 (£79) respectively. But the UK pricing not only starts fractionally lower at £2.50 a month, that rate is also available on both the 2 and 3-year plans, so the prices are £30, £40.32 and £60.48.

This isn’t the whole story – there’s the treatment of taxes to consider, and the conversion rate you might get via your payment method – but spend a minute or two on the calculator and you might find you can save a few quid.

Whatever your choice, iPage tries to bump up the total anyway by adding a few chargeable extras to your cart. Some of these are reasonable value – malware scanning for £1.66 ($2.10) a month, domain-validated SSL at £20 ($25) for year one, £60 ($75) a year afterwards – but be sure to check this section carefully, and clear the checkboxes for anything you don’t need.

The rest of the page is all about entering your personal and payment details (credit cards and PayPal are supported). We noticed nothing out of the ordinary and the purchase went through as normal.

Once you’ve handed over the cash, you’re told that a welcome email will arrive imminently with more details. And sure enough, within a minute of our PayPal receipt we had an iPage email with a username and login link.

The final step of setup involved choosing an account password. iPage delivered a little more than we expected here by enforcing multiple rules, using what seemed to be an accurate password strength meter, and also requiring an answer for a security question as a backup (the usual mother’s maiden name, or name of first pet sort of thing). It’s a fraction more hassle initially, but hosting security is really important, and small steps like this can make a real difference.

Creating a site

Logging on to iPage took us straight to the company’s vDeck hosting control panel. We suspect experienced users are likely to prefer cPanel – it’s more widely used, has more features add-ons, is more likely to be familiar – but this won’t be a major issue for most people. The core interface looks similar, with icons for a File Manager, email setup and more, and even a hosting novice could learn the basics in an evening.

A Weebly-powered Website Builder is included with the package. It’s very basic, featuring just the core essentials and limited to six pages, but the templates are okay and we had a starter site online within minutes.

There’s very simple e-commerce support with a bundled ShopSite Starter account. Again, it’s limited, with support for only 15 products and five pages. But that’s more than you’ll get with most hosts, and overall we’re glad to see it included.

1-click installations of WordPress and other applications are handled by Mojo Marketplace, which means there’s some pushy marketing to navigate. Just opening the Mojo Marketplace window generated a ‘welcome’ email a few moments later, and after setting up an application Mojo does its best to try and persuade you to buy something. It generally does a good job of installing whatever you need, though, and once your app is up and running you don’t have to use the marketplace again.

If you’re setting up your site manually, a sidebar gives you handy account information: IP, name servers and mail servers. (Don’t ignore the ‘Show More’ link – this also displays details like your PHP, MySQL and Perl versions, document roots, key paths and more.) Icons like FTP, File Manager and MySQL Databases point you at the key creation tools, and although these are relatively limited they’re easy to pick up and learn.

Performance

iPage is proud of its ‘expert support team’, on hand 24/7 to handle queries by live chat, email and phone. The flexibility sounds good, but how would these options work in real life?

We started with some basic live chat queries and were immediately impressed. The chat client predicts how long you’ll have to wait, and we only waited for a minimal two and a half minutes before an agent gave us quick, concise and accurate replies.

Online web support is accessible from the iPage control panel, but only as a link to a separate page. We prefer HostGator’s approach where a search box enables searching the database and viewing article titles without moving away from the control panel.

The initial support page seems very familiar – search box at the top, icons leading to particular topics underneath – but the organisation and structure is poor. We were looking at the Control Panel Support Console, for instance, but realised that didn’t have an icon for Website Builder. After running some searches we found a Website Builder section on the iPage knowledgebase, a second list accessed via the Help page, and a link to a Website Builder-specific knowledgebase on another site entirely.

We tried an ‘import WordPress’ query, hoping for guidance on importing an existing WordPress site into an iPage setup. This was also disorganised, with searches from Control Panel and the Help site giving us completely different results, but there was an article available which pointed us in the right direction.

Further searches and browsing produced much the same results: there aren’t enough support articles, they’re too hard to find, and most of the items you manage to track down are too limited to be really useful. (A say-no-more example would be the search page which told us: “Sorry, there are no articles that match your query: apache”.)

You can’t rely on the website, then, and although the iPage site mentions email support and ‘support tickets’ in a few places, there is no ticket system. Which seems just a little misleading.

If you’re happy with chat and email support this may not matter too much, of course, and there’s no doubt that making direct contact works much better. We tried a second live chat and it went even more smoothly than the first, with a response in under two minutes and our (admittedly simple) question answered in the first sentence.

Telephone support is available via a toll-free number in the UK and US. There’s no PIN number or other complications involved in setting up a call, we were talking to an agent in under 30 seconds, and the results weren’t bad at all. He didn’t seem the most technically proficient of contacts, but he answered our starter questions easily, and we felt he’d make real efforts to help solve more difficult issues.

As a final check we ran Bitcatcha and other speed tests on our server. This gave excellent response times from the east coast of the US and lagged fractionally in the UK, but performance was normal overall and you’re unlikely to notice any issues in real-world browsing.

Final verdict

iPage gives you comprehensive web hosting with loads of features, and it’s good value for experienced users looking to host multiple sites. But if you only need a single domain and a handful of websites, there are much better deals elsewhere.

Go to Source

UsenetBucket

It’s disappointing when a Usenet platform is limited to a particular region or language, but fortunately, UsenetBucket is different to many competitors, putting flexibility first. Although it’s based in the Netherlands, the website can be accessed in languages including English, German, Swedish, French, Dutch and Portuguese.

As well as being available to an array of different users around the world, the company prides itself on customer service. If you have an issue that you need addressing or a simple question about pricing, you can access an experienced support team that’s available 24 hours a day, 7 days a week.

Another thing that sets UsenetBucket apart is the fact that it relies heavily on automated systems. When you sign up for a membership, an account is made available and ready to use within minutes. You don’t need any prior tech knowledge to be able to access all the Usenet services this provider offers.

Performance

Just as we always say in our Usenet reviews, retention is one of the most important considerations when choosing a Usenet service. Retention simply refers to the length of time that articles will remain available to download. UsenetBucket offers 1,200 days of binary retention to all its users, and there’s a completion rate in excess of 99% promised. 

That’s not bad, although there are more powerful offerings out there. Eweka, which is another European Usenet company, provides 3,157 days of retention for example. Whatever the case, it’s worth noting that these numbers are constantly changing. So there’s nothing to say that UsenetBucket’s retention won’t grow in the foreseeable future.

Security and UI

When using a newsgroup service, you’re constantly downloading, accessing and sharing data. This is why security is important. Like most providers nowadays, all of UsenetBucket’s accounts come with SSL protection for secure access to files. And this also means third-parties can’t track the things you download. Unfortunately, there isn’t an additional VPN service here, but that’s not to say that UsenetBucket isn’t as secure as other companies. A VPN just adds another layer of protection. 

This provider has also made a commitment that it won’t share any of your data with external organisations. In fact, UsenetBucket claims to put the customer at the heart of everything it does. On its website, the firm writes: “Our mission is to give you the best Usenet experience in the business … by giving you full control over your account and letting you take part in improving our services.” 

There are some great Usenet services out there, but many of them still lack decent user interfaces and are complicated to use. UsenetBucket’s UI is not only easy on the eyes, but it also gives you access to a dedicated control panel. This is a quick and simple way for you to access newsgroups, but it also houses your account information. You can sign in with your email address or a Facebook account, which is something that many providers don’t allow.

Pricing and speeds

You can choose from plenty of payment methods too. UsenetBucket supports the likes of Visa, MasterCard, American Express, Bitcoin, MyBank, GiroPay, WebMoney, Dotpay and iDeal. Thanks to partnerships with Stripe, Pay.nl and Bitpay, all transactions you make are also secure. There’s nothing worse than your payment details being exposed, so it’s great to see all these options.

UsenetBucket is relatively affordable, and there are only three plans to choose from. The first, which is described as the ‘basic bucket’, costs €2.95 (£2.50, $3.10) a month. For that, you get 10Mbps in terms of speed, unlimited downloads and 25 connections.

Next up, you have the ‘comfort bucket’ (yes, the plan names are strange) costing €4.95 (£4.25, $5.25), giving you up to 40Mbps of speed and 25 connections. Last of all, there’s the ‘ultimate bucket’, which is priced at €12.95 (£11, $13.70) and provides you with a maximum speed of 400Mbps and 50 connections.

Final verdict

UsenetBucket isn’t the most powerful newsgroup platform on the market, but that’s not to say it disappoints. It’s a mid-range offering that lets you access Usenet groups quickly and easily, although more experienced users may want to look elsewhere, and the retention rate is rather low compared to rivals.

Go to Source