Tag Archives: Security

MJR Digital Cinemas has upgraded, but what’s wrong with this picture?



Despite the ever-increasing tab at the box office, we all, or most of us, enjoy seeing an occasional movie on the big screen. There are just some flicks that lend themselves to the immersive experience. 

The good news is theaters around the country have been upgrading recently – improved seating and digital systems along with a wider selection of (overpriced) goodies to choose from and dine on during your show. Some now even have bars. 

One theater chain in Michigan, MJR, has been among those to upgrade, however they apparently failed to consult any sort of IT professional, or at least one who knows anything about security. Take a look at the image below and see if any problems seem apparent. 

At least they made the job easy for hackers. In fact, there’s no real job at all, it’s just handed over to them. 


VLC patches multiple security flaws, two critical



There are many options out there for media playback, we’ve come a long way since Windows Media Player and Quicktime.  Alternatives abound, and some of them quite compelling.

Take the Video Lan Client, better known to everyone as VLC, which is capable playing almost any format a user can throw at it. Like any software, however, there are always bugs, and sometimes security holes  that could allow bad things to happen to good people.

VLC is issuing a number of security fixes, 33 of them to be exact, designed to keep your system healthy. Two of these are considered critical, designed to patch an out-of-bound write vulnerability and a stack-buffer-overflow bug.

According ThreatPost “Details are scant on the two high-severity bugs and how they could be exploited. Impacted is VLC 3.0.7 and the EU-FOSSA release of the player, along with code tied to the upcoming 4.0 release of the player.”

The high number of patches comes on the heels of a new bug bounty program started by the European Commission on January 7, 2019.

The updates are being pushed out so users shouldn’t need to do anything except wait, and actually, you may already have it.


UK Government Consults on IoT Security



The UK Government’s Department for Digital, Culture, Media & Sport (aka Ministry of Fun) has announced plans to introduce new laws governing internet-connected devices, i.e. Internet of Things.

Given that there have been some high-profile instances involving connected toys and cameras, this is welcome news. In a perfect world, users should be educated in the basics of IT security such as changing the default password, but sadly it’s case of getting a gadget out of the box and setup as fast as possible.

The Government is consulting on a “Secure by Design” initiative which intends for basic cyber security features to be built into products and for consumers to get better information on how secure the devices are.

Much like food packaging or the energy ratings on white goods, the Government is proposing a mandatory labelling scheme that states the security level of the gadget. Only goods with the applicable “IoT” label could be legally sold in the UK.

The consultation proposes three essential requirements for internet-connected gadgets.

  1. Device passwords must be unique without any standard factory setting
  2. The minimum duration for which the device will receive security updates must explicitly stated
  3. A public point of contact as part of a vulnerability disclosure policy must be given

Point 3 isn’t directly for consumers but rather for security researchers who will be able to directly contact organisations about security issues. All of these points will be a significant deterrent to the “cheap’n’cheerful” IoT gadgets that typically come in from China with zero support.

Overall, this is a very welcome consultation and I would encourage readers to review the proposals and feedback on the options. This is very much about protecting ourselves and our families and reducing the risk of being hacked. For too long, manufacturers have got away with having little responsibility for their devices after they’ve been bought and these ideas address that balance.

If you want to know more on the consultation and comment on the proposals, it’s over here.

Photo by Dan LeFebvre on Unsplash.


23 Million People Use 123456 as a Password



Despite all the warnings, 23 million people worldwide use the password “123456”. This is according the UK’s National Cyber Security Centre which analysed the Have I Been Pwned data set to produce a list of the top 100,000 passwords.

It’s frankly embarrassing – here’s the top 10. Anyone who uses any of these should have their computer, tablet and phone taken away from them immediately.

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 111111
  6. 12345678
  7. abc123
  8. 1234567
  9. password1
  10. 12345

Looking through the full list, there’s a reasonable selection of expletives, and for Brits, variations on “Liverpool” appear twenty eight times. For non-Brits, Liverpool is not only a city in the North of England but a premier league football (soccer) team. James Bond 007 is rich pickings too, with variations into the teens. No matter how smart or unique you think you are, there’s someone else who thinks the same.

The NCSC recommends using three random words for passwords such as “tablehouseblue” and  not to re-use passwords between accounts. It particularly suggests to always have a different password for your email account.

Dr Ian Levy, NCSC Technical Director, said: “Password re-use is a major risk that can be avoided – nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band. Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.

You can read the full UK Cyber Survey and there’s more analysis on the password list in this article.

Photo by Kristina Flour on Unsplash


Encrypted Storage with SecureDrive at CES 2018



Encrypted external hard drives and USB memory sticks have been around for at least a decade, but most of the time it’s either locked or unlocked: if you have the password, you’re in. Sergey from SecureDrive shows Scott their security solution to this common problem.

SecureDrive specialise in hardware encrypted data storage. They’ve three product ranges with varying capacity (1 – 5 TB) to address different security and storage requirements.
– SecureDrive BT, which uses Bluetooth and an app for authentication
– SecureDrive KP, which uses keypad authentication
– BackupDrive, which backs up files and encrypts them with built-in anti-malware
For the rapid transfer of large files, all the devices use USB 3.0, and for security, it’s pending FIPS 140-2 level 3. That’s pretty secure.

The unique part of the SecureDrive solution focuses on the BT model, which uses Bluetooth and an authentication app. Instead of the drive only being locked or unlocked, the solution allows additional controls for geo-fencing and time schedules. For example, the SecureDrive BT can be set to only unlock between 9-5 M-F or only if the unit is within company premises. In addition, there’s remote management so authorisations can be revoked and the drive remotely wiped.

The drives are assembled in Ohio, USA, and they’re available for purchase priced at  US$299-$499. The remote management feature is a subscription service.

Scott Ertz is a software developer and video producer at F5 Live: Refreshing Technology.

Become a GNC Insider today!

Support my CES 2018 Sponsor:
30% off on New GoDaddy Orders cjcgeek30
$4.99 for a New or Transferred .com cjcgeek99 @ GoDaddy.com
$1.00 / mo Economy Hosting with a free domain. Promo Code: cjcgeek1h
$1.00 / mo Managed WordPress Hosting with free Domain. Promo Code: cjcgeek1w
Become a GNC Insider: Support this podcast

Need a Housesitter? Ask Kevin at CES 2018



It’s a sad statistic that around half of us in the Europe and US will experience a break-in or burglary during our lifetime and unfortunately, I’m one of those. Most burglaries are over in less than five minutes and by the time the police turn up, the criminals are long gone. Smart homes and security alarms only go so far and what you really want is to deter the burglars from breaking in at all. You need a housesitter and Mitipi have one called Kevin. Todd thought Kevin was a minion

Kevin is the first IoT device to simulate the presence of people in a room by emitting light, shadow effects, and sound, meaning burglars will think someone’s home, and won’t want to break in for fear of being confronted or even caught.

Kevin is extremely easy to use. Place the device in a main room with a window, say, the living room. Once set up, Kevin can be controlled via the buttons on the box, or through the companion app. To pretend someone is home, Kevin uses a smart logic that considers multiple factors such as location, language, weather and home type to produce a realistic simulation with light, sound and shadows.

Kevin is currently on Kickstarter and the best pledge is SFr249, which is around GB£190 or US$270. Delivery is expected in December 2018.

Todd Cochrane is the host of the twice-weekly Geek News Central Podcast at GeekNewsCentral.com.

Become a GNC Insider today!

Support my CES 2018 Sponsor:
30% off on New GoDaddy Orders cjcgeek30
$4.99 for a New or Transferred .com cjcgeek99 @ GoDaddy.com
$1.00 / mo Economy Hosting with a free domain. Promo Code: cjcgeek1h
$1.00 / mo Managed WordPress Hosting with free Domain. Promo Code: cjcgeek1w
Become a GNC Insider: Support this podcast

Keep Porch Pirates at Bay with BoxLock at CES 2018



From a consumer’s point of view, internet shopping is great: huge choice and prices to fit every pocket. Sure it takes a day or two to come but that only increases the rush while you wait for the delivery…..only that’s the snag. Many of us are in work when the delivery comes to our empty homes and either the delivery service takes it back to their depot or you parcel lies at risk of theft until you get home. BoxLock have an ingenious solution and Todd unlocks its potential with Brad.

BoxLock is an internet-connected smart padlock with a built-in barcode scanner. To use BoxLock, you first get a secure container or bin which can be locked using a traditional padlock – it’s usually called a hasp – and put it out front. The BoxLock then goes on the bin instead of the padlock.

When the delivery driver arrives, he (or she) simply grabs the BoxLock and presses the button on the top to scan the tracking number on the package. The BoxLock checks online via wifi and only packages addressed to you and that are actually out for delivery that day will unlock the BoxLock. The driver opens the container, places your package safely inside and then closes it all up.

Your BoxLock smartphone app then notifies you which package was scanned and that your BoxLock is safely locked with your packages inside.

Several of the big delivery companies are on board including FedEx, UPS, USPS and Amazon, so it’s perfect for keeping those porch pirates and packet thieves at bay.

BoxLock is current InDemand on Indiegogo for pre-ordering at US$109 (the video says $129 retail) with deliveries expected in June 2018.

Todd Cochrane is the host of the twice-weekly Geek News Central Podcast at GeekNewsCentral.com.

Become a GNC Insider today!

Support my CES 2018 Sponsor:
30% off on New GoDaddy Orders cjcgeek30
$4.99 for a New or Transferred .com cjcgeek99 @ GoDaddy.com
$1.00 / mo Economy Hosting with a free domain. Promo Code: cjcgeek1h
$1.00 / mo Managed WordPress Hosting with free Domain. Promo Code: cjcgeek1w
Become a GNC Insider: Support this podcast