YoU are GeTTing HaCKed! -‘Cloak and Dagger Attack’


Android users may want to keep a close eye on the apps they download onto their devices as researchers have discovered a series of vulnerabilities in the operating system that relies on two particular Android permissions to work.

Dubbed Cloak & Dagger by the research team that discovered the vulnerability, the attack relies on abusing the SYSTEM_ALERT_WINDOW and BIND_ACCESSIBILITY_SERVICE permissions in order to compromise the system.
System vulnerabilities
The way the exploit works is pretty straightforward: a malicious app gets downloaded and installed to the Android device, with the necessary permissions being granted without requiring the user’s input.

From there, hackers are able to perform Clickjacking, record keystrokes, phishing, and even installing a God-mode app, all without the user being aware of it.
God-mode-app
Illustrate the danger that the vulnerability poses, the researchers have prepared three videos that demonstrates the potential attacks that could be carried out.

The first one is called the Invisible Grid Attack, and it works by placing an invisible overlay over the device’s keyboard. With it, the hacker could identify the information that is being typed out.
The second video depicts a clickjacking attempt that eventually culminates in a God-mode application being silently installed in the background without the user even noticing it.

Finally, the third video showcasing how a hacker could steal a password by manipulating the overlays.


Even newest Android version Android Nougat 7.1.2 might get affected due to this attack. So be aware of it.
As google is working on this problem, they will be coming with a solution pretty quickly. Stay safe!

Want  to learn Android Programming?

Printing heroes at home

There is a piece of good news for the few of us who like to print D&D miniatures in 3D at home. And two pieces of bad news. The good news is that Hero Forge is now offering the digital download option on their website. You can use their excellent editor to create a D&D character of one of many different races, with lots of different equipment and pose options. And then instead of choosing a material to have it printed by them, you choose digital download and get an .stl file.

The two pieces of bad news are that a) that option costs $9.99 per miniature, which is only slightly less than the $14.99 for the cheapest printed option. I consider it worth it, but it might not be for everybody. And b) you don’t get the file immediately, but sometimes “after one business day for processing”, sometimes after a few minutes. So if you want to print a more common miniature, like a wizard with a staff and pointy hat, you’d better first check sites like Thingiverse for a free version. However I really like Hero Forge for the less common hero miniatures, or the ones you want with very specific equipment.

The .stl files are of very high resolution and end up being 75 MB large. When I want to edit them on Tinkercad (e.g. for adding print supports), I first need to use Meshmixer to reduce the number of triangles and the file size. And of course a typical home printer isn’t producing that high resolution miniatures. But it’s a bit like with photographs, it’s better to have too high resolution and scale it down than having too low resolution.

If you want to try it out, check out the Hero Forge Digital Downloads info page. It links to your user profile (if you have an account with them), where you can download two demo .stl files for free.

What is Dash? — a short guide

CoinJournal

What is Dash? It’s a cryptocurrency. At it’s simplest, Dash is a form digital cash you can send over the internet to a friend or retailer without a middleman like a bank.

Read: What is cryptocurrency?

Dash began its journey in 2014 and is currently the sixth largest cryptocurrency in the world by market cap — behind Bitcoin, Ethereum, Bitcoin Cash, IOTA, and Ripple. But how is it different from Bitcoin, what are its advantages, and how much does it cost? You’ll find answers to these questions and more below.

Dash vs Bitcoin

The Merkle

Dash is similar to Bitcoin in many ways. You can use it to make purchases online or hold on to it as an investment. It also runs on a publicly disclosed blockchain that records each transaction.

Read: What is a blockchain? – Gary Explains

But Bitcoin has its share of problems Dash is trying to solve. Speed is one of them. Dash transactions are confirmed in four seconds, while sending Bitcoins to someone can take 10 minutes or more.

Then there are the fees. The average Bitcoin transaction fee is around $6, compared to only $0.4 you have to pay to send someone Dash. But the fee will increase when more people start using the cryptocurrency.

A big problem with Bitcoin is also that it doesn’t have a governance structure. This means important changes can’t be made without a hard fork that brings a new cryptocurrency to the market, which is how Bitcoin Cash was born. Dash is different. It has a voting system in place so that important changes can be implemented quickly.

Unlike Bitcoin, Dash is self-funding. 45 percent of newly created Dash goes to the miners, and 45 percent to masternodes. The rest — 10 percent — goes to a treasury for funding the development team, marketing, customer support centers, and so forth.

There are a few other differences between the two cryptocurrencies, but these are the major ones.

What are the advantages of Dash?

What is Dash? BitcoinCloudMining

Two of the biggest advantages of Dash are the speed and low fees already mentioned above. You can send money to anyone in the world for less than $0.4 in four seconds — try doing that through a bank.

Editor’s Pick

Banks charge higher fees, especially if you’re sending money abroad. A transaction can also take up to a few days to complete, although most banks can speed up the process, if you’re willing to pay extra.

Another benefit is anonymity. Although all transactions are public, you don’t have to share personal info like your name and address. However, this can also be a drawback. Dash, Bitcoins, and other cryptocurrencies that provide anonymity have been used by criminal organizations because the money can’t be traced back to them. Some claim their popularity among bad guys is one of the main reasons we’ve seen such a large increase in their value so far.

How to buy, store, and spend Dash?

What is Dash? Dash

Buying Dash is easy. You can get it the same way as many other cryptocurrencies including Bitcoin. Make an account on an exchange like BitPanda or Kraken and buy Dash with your local currency.

There are also a few locations in the US where you can buy Dash from an ATM. It’s the easiest way to get the cryptocurrency, although the fees are high. If you live in Austria, you can buy it at over 400 Post branches and about 1,300 Post partners.

How can you store Dash? You keep the cryptocurrency in a digital wallet, one of which you can download from the company’s website. The alternative is to keep it in a hardware wallet such as the Ledger, which is a much safer method due to the reduced risk of getting hacked.

Businesses that accept Dash include hosting providers, online casinos, and even advertising agencies.

Where can you spend it? Dash isn’t as acceptable as standard currencies like dollars and euros, but there are many businesses that have embraced it. These include hosting providers, online casinos, and even advertising agencies — see full list here. You can also use it as an investment, which we’ll talk more about in the next section.

How is it created and how much does it cost?

What is Dash? Waffal

Dash is created through a process called mining, same as Bitcoins. Mining requires specialized computers that search for solutions to difficult math problems. If the solution is correct, a new block is added to the blockchain and the miner is rewarded with some of the Dash created.

How much does a Dash cost? Its price goes up and down all the time as a result of supply and demand. At the time of writing, you can get one for around $690 — though the exact value of Dash can be seen in the updated widget below. This makes it far less valuable than Bitcoin, which currently costs around $15,800 per piece.

Dash has proven to be an excellent investment so far, as its value has been increasing ever since its introduction. For example, if you had invested $1,000 at the beginning of 2014 when one Dash was worth $0.3, you would have $2.3 million today. Cryptocurrencies have made people into millionaires in a short period of time, which is why everyone is talking about them these days.

If you bought $1,000 worth of Dash at $0.3 per coin in 2014, you would have $2.3 million today.

But before you get too excited and go online to buy Dash, keep in mind that investing in cryptocurrencies is risky. Sure, most of them have increased in value in recent years, but that doesn’t mean the trend will continue. The price can go down as fast as it went up, so make sure to never invest more than you can afford to lose.

What is Dash?


There you have it. These are some of the basic things about Dash. Will it become an important part of our daily lives in the future? No one can be sure, especially because there are many cryptocurrencies on the market — over 1,000. Not all of them will be able to survive, although it looks like Dash is on the right path for now.

Have you ever used Dash or any other cryptocurrency? Let us know in the comments.

Former CIA Official Suggests Trump Campaign Team May Have ‘Welcomed’ Russian Election Interference

No one bothered to report an obviously relevant Trump Tower meeting.

Former CIA and U.S. Defense Department official Jeremy Bash told MSNBC host Nicolle Wallace that President Donald Trump’s actions after being cautioned by the FBI about Russia raise serious red flags.

Bash specifically noted that the Trump team’s disinterest in informing the FBI about a Trump Tower meeting with Russians following the bureau’s alert is suspicious.

“I think the fact that the campaign, the candidate was warned and that the candidate and the campaign did not then go back to the FBI after the Trump Tower meeting is a huge red flag that, not only were they unconcerned with this Russian overture,  but they welcomed it and in some ways want to conceal it,” he said. 

“To have warned the FBI would have been to expose their own conduct, the campaign’s own conduct, and that is something that Bob Mueller will be very, very interested in.”

Watch the segment below.

 

Related Stories

  • If Trump Fires Mueller, Is a Watergate Rerun Coming?
  • Robert Mueller Has the Trump Team Panicked, No Matter What the President Says
  • Intelligence Analyst Malcolm Nance Compares Fox News Rhetoric to ‘Psychological Warfare’

Skill vs. Gear in Zelda – Breath of the Wild

I have played 120 hours of Zelda – Breath of the Wild now, and my main game character is advancing very nicely; I’m now able to kill boss mobs and tough mini bosses with relative ease or even farm them when required. More because I was interested in the technology than because I needed the boost I bought a couple of amiibo, which are Nintendo’s “toys-to-life” figurines: You can scan them with your controller and have the amiibo appear in your game, or trigger some sort of bonus effect. But because I was relatively advanced in the game already when I got them, they didn’t really change much.

So I was wondering how much of an impact it would make if one had those amiibo right from the start of a game. Now normally you can have only one save game in normal mode and one save game in master mode for Zelda. But that is per “profile”, so you can easily just create another profile and start a new game from scratch without affecting your main game. I did that, and it turned out you can’t use amiibo at the very start. You need to play until finishing the first shrine, and then you can turn the amiibos on in the options. And at that time the treasure chests you get from amiibo contain stuff like rusty or travelers weapons; which are still useful that early in the game compared to tree branches and bokoblin weapons, but certainly not game breaking. You need to finish the whole “tutorial”, that is all four shrines and get the paraglider, before the amiibo result in the “normal” treasures, e.g. the guardian amiibo drops guardian weapons and shields.

So while I was testing that, I had another idea: You can finish the tutorial in well under 1 hour, so how does a new character in an 1-hour old game compare to a character that has been played for 120 hours? If your first character was lost and weak, was that because you were still learning the game, or was that simply that he didn’t have the stats and gear you get from playing a long time?

So I took my new character without even exchanging the first 4 spirit orbs to the toughest place in the game, Hyrule castle; dressed in the starting shirt and trousers, and equipped with nothing more than can be found in the tutorial. And I am happy to report that I was doing quite well there: I basically cleaned out the place, except for the game end boss of course. I got the complete royal guard armor, which involves getting three pieces from the bottom, middle, and top of Hyrule castle. And I didn’t just sneak through the castle, but actually killed even tough mobs like moblins and guardians. Of course then I found lots of awesome weapons, so my new character now has a very impressive armory, much better than anything you can get from the amiibo.

In short, knowing the game helps a lot, and the best way to get great gear early is using that knowledge to loot the toughest places in the game. I probably won’t play that second character much, because doing the same 120 shrines again isn’t going to be all that fun, but it is interesting to know that in Zelda – Breath of the Wild skill beats gear.

Is FCC Chairman Ajit Pai a Closeted Alt-Right Sympathizer?

The evidence is inconclusive, but no one in this administration has earned the benefit of the doubt.

On Thursday, the Federal Communications Commission voted 3-2 along party lines to repeal an Obama-era regulation to preserve net neutrality, defying Silicon Valley executives and consumer advocacy groups, not to mention the will of the people. A recent University of Maryland survey finds that more than 80 percent of registered voters oppose the FCC’s plans.

The move will fundamentally transform the internet as we know it, allowing corporate behemoths like Verizon and Comcast to manipulate loading speeds and charge customers a premium for access to individual websites and apps. Adding insult to democratic injury, circumstantial evidence suggests the man who cast the deciding vote, Ajit Pai, sympathizes with the so-called alt-right.

Back in November, the FCC chairman and Trump appointee unveiled his plans to junk the net neutrality rules established in 2015, arguing that websites and social media platforms, rather than internet service providers (ISPs), posed the greatest threat to an open internet. At the time, Pai singled out Twitter for blame.

“The company has a viewpoint and uses that viewpoint to discriminate,” he told the R Street Institute, a libertarian-minded think tank. “And to say the least, the company appears to have a double standard when it comes to suspending or deverifying conservative users’ accounts as opposed to those of liberal users. This conduct is many things, but it isn’t fighting for an open internet.”

It’s difficult to know exactly who Pai had in mind, but Slate’s April Glaser notes that Twitter recently deverified the accounts of several prominent white supremacists, including Laura Loomer and Jason Kessler. The former is a YouTube sensation on the alt-right who was recently banned from Uber and Lyft for her Islamophobic tweets, while the latter was one of the organizers of the Unite the Right rally in Charlottesville. In October, Kessler was indicted on a felony perjury charge after falsely accusing a man he’d assaulted of attacking him first. 

“What’s weird about Pai’s comments is that while these are all figures on the right, conservatives don’t typically count them among their ranks,” Glaser writes. “And while conservatives do sometimes cast themselves as ideological victims of Silicon Valley’s overreach, there have been no recent deverifications of prominent right-wing figures, ‘conservative’ or otherwise, not known for promoting hate. In other words, according to Pai, the demotion of racists on a social network is a bigger deal than an action that could radically change the architecture of—and who succeeds on—the internet.”

Weirder still is the video Pai released Wednesday in conjunction with the Daily Caller assuring millennials that they can still “gram their food” and “post photos of cute animals” if net neutrality is scrapped. (In May, he made a separate appeal to America’s youth by reading aloud the meanest tweets about his proposals, a nod to the popular segment on “Jimmy Kimmel Live!”) When he’s not wielding a fidget spinner and assuring viewers they can still binge-watch “Game of Thrones,” he can be seen doing the Harlem Shake next to a woman named Martina Markota, a far-right conspiracy theorist who has speculated that Hillary Clinton’s former campaign chair ran a child sex ring out of the basement of a Washington pizzeria.

Before joining the Daily Caller, Markota appeared in a video for the Proud Boys, a self-described “Western Chauvinist” men’s club with ties to the alt-right, where she claimed that the (thoroughly debunked) Pizzagate was real. “This is not something I’m making up because I’m trying to…put in my fantasy version of what’s going on and interject it into these email scandals,” she says at one point. “This is independent of the campaign. I know what cheese pizza is.”

Pai, the son of Indian immigrants, has been a subject of racist attacks himself in recent months, some of them bearing the hallmarks of the alt-right. “We all have the power to murder Ajit Pai and his family,” an FCC commenter wrote in May. “Jk jk.” No one stands to lose more from the repeal of net neutrality rules than the patrons of websites like 4chan and Reddit, which internet service providers will soon be able to slow to a crawl, so it’s difficult to imagine white nationalists embracing Pai as an ally, and vice versa.

And yet. After the FCC chairman pleaded his case that social media networks were suppressing free speech, he earned the effusive praise of far-right radio host Matt Forney and Andrew Torba of Gab, a platform where users “are generally free to be as racist or anti-Semitic as they’d like without fear of being reprimanded or censored,” according to Slate.

It’s possible, even probable, that Pai was unaware of Martina Markota’s history before he recorded his latest video for the Daily Caller. But the fact remains that Jason Kessler got his start as a contributor for the right-wing publication, and Pai had no reservations about lending it his imprimatur. With a White House that has excused and enabled white nationalists at every turn, no one in the Trump administration has earned the benefit of the doubt.

 

Related Stories

  • It’s Ayn Rand’s America Now, Thanks to the GOP
  • There’s an Insidious Strategy Behind Donald Trump’s Retweets
  • The Uncanny, Frightening Ways That Trump’s America Mirrors Hitler’s Germany

Gardmore Abbey 5E rerun – End

I think I forgot to report one or two sessions of my Gardmore Abbey 5th edition rerun. The campaign suffered from something very typical of campaigns in my local role-playing club: Player attrition. You start with 5 players, all very enthusiastic, and then over the months real life intervenes, or enthusiasm fades, and in the end it is hard to get a quorum together.

Today we finished the campaign. The players were level 7, but they had never fought the orcs who were the main force holding the abbey. So for the grand finale I strung together two encounters: The defense of the watchtower against attacking orcs (who had brought a hill giant and dire wolf cavalry), followed by the group attacking the keep with the orc chieftain. As there were only 3 players left, these were tough fight, especially with some lucky dice rolls on my side, like the hill giant scoring a critical hit.

But in the end the group prevailed and, having done all the quests in the abbey, returned to Lord Padraig. Having previously found out how the abbey fell through the use of the Deck of Many Things, they were able to persuade the lord to give them the last remaining cards. That assembled the deck, and allowed them to draw from it.

Ander the ranger drew just one card, but it was the Talons, which destroyed all his magical items. Ouch! Raymond the librarian barbarian drew two cards, but ended up drawing cards that gave him more draws. In the end he lost 10,000 xp, got permanently cursed, and gained a rare magical weapon. Kaze the monk drew 3 cards: The first lost him 5 points of intelligence (and he had only 10). The second gave him 50,000 xp and a rare wondrous item. And the third allowed him to erase the effect of the first card. Which meant that he was the only one who got really lucky, gaining 3 levels and some nice magic boots.

The Deck of Many Things is by itself frequently a campaign-ending item, and thus not recommended unless you don’t plan to continue anyway. But with the dwindling player-base this was the good opportunity to end the campaign on a high note.

First impressions Zortrax M200 Plus 3D Printer

I am going to post a full review with comparison of things I printed later, but I already wanted to write about my first impressions with my new 3D printer. Unboxing the printer, installing, calibration, and starting to print took me about 1 hour, which is about a “plug & play” as it gets in 3D printing. Most of the printer is pre-assembled, but you need to assemble the cable to the print head and the cable to the heated bed yourself, as well as the spool holder and the guide tube from the spool to the print head. Then you need to install the latest firmware via an USB key, and calibrate the bed to be even. That is done with the help of 3 screws, with the printer telling you which one to turn by how much. Apart from a ridiculous degree of precision in the instructions (“turn the screw by 86.02°”), that went smoothly.

The printer comes with one model for a test print on the provided USB key. In a disappointing display of lack of professionalism Zortrax managed to forget to include supports in that test print model, which results in it being actually impossible to print. Of course I didn’t know that and went back to the shop to ask why after installation the test print wasn’t working, and it was just by chance that there was a technician present who was aware of that issue and told me not to worry and print something else instead.

Both the firmware and the Z-Suite 3D printing software can only be downloaded after entering the serial number of the printer, but then the software worked on the first try. So I printed a 3D Benchy as test print, and it came out very nice. Much better detail on the fine parts, and smoother walls. However after printing some other models I have to say that not everything is perfect, and some prints that I succeeded with on the old printer failed to print on the new one; right now it is hard to say how much of that is due to the change in material from PLA to ABS, how much is related to finding the best settings, and how much is due to the printer.

What I really disliked about my old XYZ printer was that he would only take spools of PLA from the company that made the printer, with an RFID chip in the spool making sure you didn’t use other material. That system also resulted in the spool physically still having several meters of material on it at the end, while the RFID chip claimed the spool was empty and refused to use it any more. The new Zortrax printer is better in that respect, you can print with spools from any supplier. However the software has the optimum parameters for the Zortrax spools, while for external materials you need to find the best settings yourself. That curiously means that if you want to print the Zortrax ABS at a different temperature for some reason, you need to unload it, and reload it as external material, claiming it was ABS from a different supplier.

I notice a real change printing in ABS rather than in PLA. I will need to explore that further, and for example try to print PLA on the new printer. The previous model Zortrax M200 was famous for not doing PLA well, but the M200 Plus has an additional cooling fan on the print head and is supposed to have solved that problem. From a scientific point of view, PLA is more crystalline, which makes it more shiny, but also more brittle. ABS is more matte, more flexible, and sturdier. Lego bricks are made from ABS, and those usually don’t break easily. However when printed with a 3D printer, the layers create a preferred axis of breakage, so if I would print a Lego brick it would be less sturdy than the original. And it would be less glossy and smooth on the surface. However ABS, unlike PLA, is soluble in acetone, so there are methods of making ABS printed parts smooth and glossy by exposing them to acetone vapors. I haven’t tried that yet. The disadvantage I noticed with ABS is that you need to print it at higher temperature to make it stick to the previous layer, and then there is a bit of possible “sagging”, making the printed part a bit broader than the model. I had some prints of figurines with supports where the side of the support stuck to the side of the model, and then left a mark when I removed it. That can probably be fixed by the settings of the software making the supports.

Talking of supports, I still have the same problem with the supports generated by the Z-Suite software than I had with the supports generated by the XYZWare software: The supports are far too massive for small 28mm scale figurines. You can’t use them to print a support for something which is only a millimeter or two thick, like a weapon or arm of a miniature. They seem to be designed for large objects. Having said that, the Z-Suite software has at least some degree of manual editing of support structures, so that is good. Just for my main application I’ll keep using Meshmixer for building support structures for small figurines.

Finally there is one point where the new Zortrax printer is far worse than the old XYZ printer: The XYZ printer automatically shut down the light after a few minutes, and shut down the fans when the print head was cold. Thus I could start a print in the morning and go to work, or in the evening and go to bed, and when I came back the XYZ printer was on standby. The Zortrax printer doesn’t have that, when you come back hours later the light is still on (presumably to allow the internal camera to work) and the fans are still blowing, although the machine is cold. That adds unnecessary wear and tear to the fans, and also consumes more electricity when not in use. I think I will have to buy an electronic time switch or something.

Overall I am happy with the new printer, and I’ll show some photos of the improved results in a future post. But there remains a lot of fiddling and optimizing to be done, and the new printer didn’t miraculously and immediately solve all my printing problems. But then that would have been boring anyway! 🙂 

Test Your PL/SQL Fundamentals

In Oracle database management, PL/SQL is a procedural language extension to Structured Query Language (SQL). The purpose of PL/SQL is to combine database language and procedural programming language. The basic unit in PL/SQL is called a block, which is made up of three parts: a declarative part, an executable part, and an exception-building part.
Test your PL/SQL knowledge by solving following 49 MCQ’S

Loading…