Uncategorized

Under Armour’s HOVR Smart Running Shoes are a Game Changer

Both of these come with a sensor built in that can track your cadence, distance, pace, stride and, of course, steps -- all the important metrics runners care about. Under Armour developed this Record sensor in-house, and it has been drastically improved since it debuted on the SpeedForm Gemini 2 running shoes in 2016; it's now able to track more data than before, such as stride length. The Bluetooth-powered sensors are located inside the thickest part of the midsole, which ensures that they can work even during your rainy-day runs.

As far as power goes, you don't need to worry about charging the HOVRs, since the batteries in the sensors are self-contained. According to Under Armour, the Record chip is designed to outlast the life of the running shoes themselves, so longevity will depend on each individual and how much they work out. That said, the company is confident that you won't ever have to worry about running out of power.

Of course, you'll need an app to digest all the data captured by the shoes. For that, you'll use Under Armour's Map My Run application, available for iOS and Android. Pairing the Phantoms to my iPhone was surprisingly quick and seamless: I took the pair out of the box, placed my phone near them, opened the Map My Run app and, within seconds, a message popped up prompting me to connect my shoes. After I accepted and hit continue, the app pushed an update to them, added them to my "Gear Tracker" tab in Map My Run and then the setup process was complete.

Altogether, it only took about four minutes before my Phantoms were paired to the app. If, for some reason your iOS or Android device doesn't automatically pick up the Bluetooth signal from the HOVRs, Under Armour says it'll give customers a walkthrough of how to connect the shoes to the Map My Run app, which may include telling you to turn on Bluetooth or having to shake the right shoe to wake it up from sleep mode.

One of the main differences between Under Armour's latest Record sensor, compared to the previous version, is that it now lets you go on smarter untethered runs. This means you don't need to have your phone with you with the Map My Run app open to track your stats, since the HOVRs measure your data as soon as you start running. You can then sync that to your app when you get back home if, say, you forgot to take your phone with you. It's a great option for those who like to be as light as possible during their training or workout, or if you simply want to use the HOVRs as an unobtrusive step counter.

Later this month, Under Armour plans to roll out a coaching feature that will add more functionality to the HOVRs and the Map My Run app, both for iOS and Android users. You'll be able to monitor your gait/stride length mile after mile, and the application will show you how that impacts your pace and cadence. Under Armour says that, by interpreting that data, Map My Run can offer you tips on how to improve your pace and splits by changing your form, like if you should be taking shorter or longer strides as you run.

Comfort-wise, the Phantom HOVRs are bouncy yet stiff enough to reduce the amount of impact you feel every time your feet hit the ground. Under Armour says its HOVR foam tech is meant to provide a "zero gravity feel," an element that's complemented by an Energy Web material that's spread through various areas of the shoe's midsole and a knit upper that wraps around your foot like a sock. It's definitely one of the most comfortable running shoes I've tried on, right up there with Adidas' popular Ultra Boost.

The Sonic and Phantom HOVR connected sneakers are available now for $110 and $140, respectively. And if you like the shoes but don't care about making them work with the Map My Run app, Under Armour also has versions without the Record sensor for $10 less per pair.

Russian Scientists Arrested for Using Nuclear Weapon Facility to Mine Bitcoins

bitcoin-mining

Two days ago when infosec bods claimed to have uncovered what's believed to be the first case of a SCADA network (a water utility) infected with cryptocurrency-mining malware, a batch of journalists accused other authors of making fear-mongering headlines, taunting that the next headline could be about cryptocurrency-miner detected in a nuclear plant.

It seems that now they have to run a story themselves with such headlines on their website because Russian Interfax News Agency yesterday reported that several scientists at Russia's top nuclear research facility had been arrested for mining cryptocurrency with "office computing resources."

The suspects work as engineers at the Russian Federation Nuclear Center facility—also known as the All-Russian Research Institute of Experimental Physics—which works on developing nuclear weapons.The center is located in Sarov, Sarov is still a restricted area with high security. It is also the birthplace of the Soviet Union's first nuclear bomb.

In 2011, the Russian Federation Nuclear Center switched on a new supercomputer with a capacity of 1 petaflop, making it the twelfth most powerful in the world at the time.

According to Russian media reports, the engineers had tried to use one of Russia's most powerful supercomputers housed in the Federal Nuclear Center to mine Bitcoins.

The suspects were caught red-handed while attempting to connect the lab's supercomputer to the internet, which was supposed to be offline to ensure security, the nuclear center's security department was alerted.

Once caught, the engineers were handed over to the Federal Security Service (FSB).

"There has been an unsanctioned attempt to use computer facilities for private purposes including so-called mining," Tatyana Zalesskaya, head of the Institute's press service, told Interfax news agency.

"Their activities were stopped in time. The bungling miners have been detained by the competent authorities. As far as I know, a criminal case has been opened regarding them," Zalesskaya added, without revealing the exact number of employees detained.

The Federal Security Service (FSB) has yet to issue a statement on the arrests and criminal charges.

Cryptocurrency has gained tremendous popularity over the past year. Mining a single Bitcoin is not an ice cakewalk, as it requires an enormous amount of computational power and huge amounts of energy.

According to media reports, Russia is becoming a hotbed of cryptocurrency mining due to its low-cost energy reserves. One Russian businessman, Alexey Kolesnik, reportedly also bought two power stations exclusively to generate electricity for Bitcoin-mining data centers.

New Point-of-Sale Malware Steals Credit Card Data via DNS Queries

Cybercriminals are becoming more adept, innovative, and stealthy with each passing day. They are now adopting more clandestine techniques that come with limitless attack vectors and are harder to detect. A new strain of malware has now been discovered that relies on a unique technique to steal payment card information from point-of-sale (PoS) systems.

Since the new POS malware relies upon User Datagram Protocol (UDP) DNS traffic for the exfiltration of credit card information, security researchers at Forcepoint Labs, who have uncovered the malware, dubbed it UDPoS.

Yes, UDPoS uses Domain Name System (DNS) queries to exfiltrate stolen data, instead of HTTP that has been used by most POS malware in the past. This malware is also thought to be first of its kind.

Besides using 'unusual' DNS requests to exfiltrate data, the UDPoS malware disguises itself as an update from LogMeIn—a legitimate remote desktop control service used to manage computers and other systems remotely—in an attempt to avoid detection while transferring stolen payment card data pass firewalls and other security controls.

"We recently came across a sample apparently disguised as a LogMeIn service pack which generated notable amounts of 'unusual' DNS requests," Forcepoint researchers said in a blogpost published Thursday.

"Deeper investigation revealed something of a flawed gem, ultimately designed to steal magnetic stripe payment card data: a hallmark of PoS malware."

The malware sample analyzed by the researchers links to a command and control (C&C) server hosted in Switzerland rather than the usual suspects of the United States, China, Korea, Turkey or Russia. The server hosts a dropper file, which is a self-extracting archive containing the actual malware.

It should be noted that the UDPoS malware can only target older POS systems that use LogMeIn.

Like most malware, UDPoS also actively searches for antivirus software and virtual machines and disable if find any. The researchers say it's unclear "at present whether this is a reflection of the malware still being in a relatively early stage of development/testing."

Although there is no evidence of the UDPoS malware currently being in use to steal credit or debit card data, the Forcepoint's tests have shown that the malware is indeed capable of doing so successfully.

Moreover, one of the C&C servers with which the UDPoS malware sample communicates was active and responsive during the investigation of the threat, suggesting the authors were at least prepared to deploy this malware in the wild.

It should be noted that the attackers behind the malware have not been compromised the LogMeIn service itself—it's just impersonated. LogMeIn itself published a blogpost this week, warning its customers not to fall for the scam.

"According to our investigation, the malware is intended to deceive an unsuspecting user into executing a malicious email, link or file, possibly containing the LogMeIn name," LogMeIn noted.

"This link, file or executable isn't provided by LogMeIn and updates for LogMeIn products, including patches, updates, etc., will always be delivered securely in-product. You'll never be contacted by us with a request to update your software that also includes either an attachment or a link to a new version or update."

According to Forcepoint researchers, protecting against such threat could be a tricky proposition, as "nearly all companies have firewalls and other protections in place to monitor and filter TCP- and UDP-based communications," but DNS is still often treated differently, providing a golden opportunity for hackers to leak data.

5 Privacy Protecting Apps You Need to Use Right Now

On the internet, you can never be too safe. New threats keep coming up all the time, whether attacking your security or trying to mine your data. It only makes sense to do whatever you can to stay secure. And just as the internet takes, the internet also provides. Developers have made everything from extensions that will stop data-miners to simple apps that monitor how secure you are. Here are five of the best that you should use right away.

1. Two Factor Auth (Web): Lock Your Accounts Twice!

Two-factor authentication (2FA) is fast gaining popularity as a must-have security measure for any digital account.

Two Factor Auth has every single website that supports or doesn’t support 2FA, and which type of 2FA is available. For example, your secondary token can be hardware or software related, and differ in how you receive it: email, phone call, or SMS.

Two Factor Auth Web App

There are some services you should lock down with 2FA right away, but make this site your weekend project. In case the worst happens, you’ll feel mighty thankful.

2. IOT Scanner (Web): Are Your Devices “Open” on the internet?

The “internet of Things” (IoT) promises to change how we live our lives. But it’s also fraught with risk. When you have things like your fridge or your smart TV always connected to the internet, that also leaves them open to hackers. In fact, IoT is a potential security nightmare.

IoT Scanner is a simple tool that figures out which of your devices is open publicly. It checks the IP devices of all the gadgets in your home network, and sees if they are available openly on Shodan. Shodan is a database of publicly-accessible devices on the internet.

Internet of Things Scanner

After you click the “Check if I am on Shodan” button, it’s a good idea to also do the Deep Scan. That’s the one which you want to know about, and ideally, you’re looking for the green tick at the end of it.

3. Deseat.me (Web): Scan Gmail, Find Everything You Signed Up For

Over the years, you’ve probably used your Gmail account to sign up for several services. Whether you used the power of Gmail aliases or not, you might have forgotten which places you have an account at. And if you used the same password and one of those gets hacked, suddenly, you’re in grave danger.

Deseat Me Web App

Deseat.me scans your Gmail inbox to find everything you have subscribed for over the years. It reads your emails, yes, but your privacy is guaranteed by working entirely offline. The app does not send any data to its servers. So run it once, let it find everywhere you have registered, and then start visiting those sites to delete the accounts you no longer use.

4. Privacy Badger 2.0 (Chrome, Firefox): The EFF’s Privacy Protecting Extension

Websites are always tracking you. On any page you go, even something as small as Facebook and Twitter’s social sharing buttons are tracking you. All of this information is used to build a “profile” of you, sold to advertisers. Want to stop that? Privacy Badger is what you need.

Privacy Badger Logo

Privacy Badger is made by the Electronic Frontier Foundation, a non-profit independent group protecting consumers on the internet. Privacy Badger works faster than before and adds more protection. Specifically, it tackles the problem of websites and malware trying to find your IP address, which can lead to more harm later.

Privacy Badger is completely free. The EFF recommends also enabling Do Not Track, but we found that Do Not Track doesn’t do much.

5. Passlock (Web, Chrome, Android, iOS): Easy Email Encryption for Everyone

You already know that sending sensitive data on emails is risky. You never know who might be snooping. The ideal solution is to encrypt your emails, but it’s a messy process. Passlock makes it simple.

https://youtu.be/UxgrES_CGcg

In a nutshell, Passlock is a client for the Pretty Good Privacy (PGP) standard. The app creates a “lock” and a “key” for you. You can send your lock to others. Others can apply your lock to any email they want to send you. This way, since only you have the key, only you’ll be able to open the lock and read the email. Even if someone else intercepts the email, they can’t open it since they don’t have the key.

Passlock works on smartphones as well as with email, including Gmail. It’s extremely easy to use, and it is built by a security professor to boot.