$5 PoisonTap Tool Easily Breaks Into Locked PCs

Proving once again that you can do a lot of damage with a little investment and a lot of ingenuity, security researcher Samy Kamkar recently managed to take down a locked, password-protected computer armed with only a US$5 Raspberry Pi.

The low-tech cookie-siphoning intrusion is one of Kamkar’s simplest hacks ever. He previously has unlocked car doors, garages, wireless remote cameras and other devices, with MacGyver-like precision.


Kamkar’s latest hack, PoisonTap, uses a Raspberry Pi Zero, a micro SD card, and a micro USB cable or other device that emulates USB, including USB Armory or LAN Turtle.

Windows, OS X and Linux recognize PoisonTap as an Ethernet device, load it as a low-priority network device, and perform a DHCP request across it, even if the computer is locked or password-protected, Kamkar explained.

PoisonTap provides the computer with an IP address. However, the DHCP response tells the machine that the IPv4 space is part of PoisonTap’s local network, rather than a small subnet, he said.

If a Web browser is running in the background, one of the open pages will perform an HTTP request in the background, noted Kamkar. PoisonTap responds with a spoof, returning its own address, and the HTTP request hits the PoisonTap Web server.

When the node Web server gets the request, PoisonTap’s response is interpreted as HTML or JavaScript.

The attacker is able to hijack all Internet traffic from the machine and siphon and store HTTP cookies from the Web browser or the top 1,000,000 Alexa websites.

 Low-Cost Havoc

“The PoisonTap project is an extremely clever and creative attack that can have serious consequences,” said Mark Nunnikhoven, vice president for cloud research at Trend Micro.

“The code is public, and hardware required to run it is only a few dollars, which increases the risk to average users,” he told TechNewsWorld. “However, it still takes some effort for an attacker to steal the user’s data.”

For the device to work, the attacker needs physical access to the machine while a Web browser is running in the background, noted a Symantec researcher in comments provided to TechNewsWorld by spokesperson Jenn Foss.

The risk is lower when a machine has restricted physical access. The risk is higher when a machine is in the public domain, where anyone potentially has access to it — for example, at a sidewalk cafe.

Open Source Factor

It might be easier to build a solution to the hack, given that Kamkar’s attack was conducted over an open source language, suggested the Symantec researcher. “If someone slips a secret backdoor into an open source project, chances are someone will find it quickly. Often open source is quicker to address vulnerabilities as an open source community can be very large.”

In addition, if someone creates a tool and the source code is publicly available, anyone can read the code and develop proper protection for the future, the Symantec researcher pointed out.

“It’s certainly very creative work, and it shows just how many attack vectors exist that we’ve yet to really consider,” remarked Troy Hunt, Microsoft MVP-Developer Security.

“However, it also requires physical access — and once you get to that point, there’s a lot of avenues available to an attacker,” he told TechNewsWorld.

The use of HTTPS could have crippled this particular attack, Hunt noted, and we don’t normally think of that as being a defense against an adversary with physical access.

SteamVR Performance Tool knows if your PC can Vive

SteamVR Performance Tool knows if your PC can Vive

We recently learned the price of the HTC Vive and all that your money will get you, but there was still one major detail that had yet to be confirmed by HTC or Valve; what PC specs will it take to run Vive. The new SteamVR Performance Test is the tool that will give you all the details you need even though you haven’t bought the Vive yet. And we know you want to!

Valve’s new tool will evaluate your PC, or rig as those who custom built their own call them and it will give you a metered chart based on the hardware inside your box. The results of the test will let you know if you any of your equipment fails to meet the recommended specs to run a smooth VR experience with the HTC Vive or other VR Ready hardware on the SteamVR platform.

The handy little tool can be downloaded from the Steam store or the SteamDB site and will only take up approximately before extraction. After you run the app on your computer you’ll find out if you need to get a new graphics processor or CPU or possibly both due to the details the Vive will need sent to those little displays in the Head Mounted Display.

Update: After a comment below from Andre and actually having the time to download the test it appears the download is much larger than I stated earlier. Steam reported the app to be 4700+ MB’s, but my download says the file ended up taking 1.9 GB of disk space. So depending on your network speed it could take a little while to download.

Using Hearthstone cheat programs could infect your PC with malware

malware, malicious software, bitcoins, hearthstone, cheating software, third-party add-ons

If you’re a Hearthstone player and not averse to using hacks and deck tracker add-ons to gain an advantage in the game, you may want to rethink your morally dubious actions. Security firm Symantec has just revealed that many of these third-party programs that supposedly benefit players can actually compromise computers with malicious software.

Symantec found that a large number of unofficial Hearthstone apps could, once installed, be used to steal passwords, spy through webcams and even mine bitcoins.

One program, Hearthstone Hack Tool v2.1, which promised players unlimited gold and dust, was described as a “total scam” that doesn’t work.

Another program that claimed to provide extra gold and dust, called Trojan.Coinbitclip, searches users’ clipboards for Bitcoin addresses and replaces them with a different but similar looking one of its own – another reason for Bitcoin miners not to use the clipboard.

The gray area of deck trackers – essentially card counters – are also susceptible to malware as game creator Blizzard doesn’t support these tools. “In December 2015, Symantec saw that attackers disguised Backdoor.Breut as one of these add-ons by using the file name Hearthstone Deck Tracker.exe. This threat is capable of opening a back door, recording from the webcam, logging key strokes, and stealing passwords.”

It was recently revealed that a Redditor had created a number of fake hacks for Counter-Strike: Global Offensive as a way to get those who used them banned by Valve’s Anti-Cheat system (VAC). Hopefully, people will start to realize that downloading this kind of software really isn’t worth it.

Rumor suggests more Xbox One exclusives are headed to PC

microsoft, pc, pc gaming, gears of war, xbox one, forza

Following the announcement that Quantum Break, previously an Xbox One exclusive, will be heading to PC on its April 5th launch date, a rumor has appeared that suggests more Xbox-exclusive titles will be transitioning to PC in the near future.

The report, which comes from WPDang via Windows Central, claims that Microsoft will soon be putting a greater emphasis on gaming through Windows 10 and the Windows Store. To improve the experience on PC, the company will allegedly be bringing Forza Motorsport 6, Gears of War 4, and Scalebound to the platform.

On top of this, the yet-to-be-announced Forza Horizon 3 will also make its way to both Xbox One and Windows 10. All four titles, as well as Quantum Break, will be exclusive to the Windows Store.

The move to bring these Xbox exclusives to PC is a significant one for Microsoft, as series such as Forza have never previously been available on PC, while Gears of War has been missing since the very first title. However, they won’t be the first Xbox exclusives to appear on PC: Microsoft has already brought titles such as Killer Instinct and Gears of War Ultimate Edition to the platform.

It could be a while until we hear about the aforementioned games coming to PC. Gears of War 4 is slated for a late 2016 launch, while action role-playing game Scalebound isn’t coming until 2017. The only title that could potentially be ported soon is Forza 6, which launched on Xbox One in September last year to widespread praise.

Quantum Break on PC requires Windows 10, DirectX 12

microsoft, windows, xbox, pc gaming, xbox one, windows 10, quantum break

Previously an Xbox One exclusive, the hotly anticipated Quantum Break will also be coming to PC, with both versions set to be released on April 5th. As a nice bonus for people with both systems, Microsoft revealed that anyone who pre-orders the Xbox One version will get the Windows 10 version for free.

Quantum Break, which was announced alongside the Xbox One nearly three years ago, is a third-person action-adventure shooter from Remedy Entertainment and Microsoft Studios, who previously worked on Alan Wake. In the game, players take control of Jack Joyce, who has time manipulation powers that can be used (along with guns) to defeat enemies.

The game has been developed using a new engine called Northlight, which uses DirectX 12’s new capabilities. As such, DirectX 12 is a requirement to play the game on PC, which makes it only compatible with Windows 10; gamers still using Windows 7 will not be able to run the title.

Remedy has revealed the system requirements for Quantum Break, and it’s going to take a fairly beefy system to run the game at its maximum settings.

Recommended Minimum
CPU Intel Core i7 4790 4.0 GHz
AMD “equivalent”
Intel Core i5-4460 2.7 GHz
AMD FX-6300
AMD Radeon R9 Fury X
6 GB of VRAM
NVIDIA GeForce GTX 760
AMD Radeon R7 260X
2 GB of VRAM
RAM 16 GB 8 GB
OS Windows 10 64-bit. Requires DirectX 12 support.
Storage 55 GB

Quantum Break is a single-player game, so you’ll be able to share saves between the Xbox One and Windows 10 versions, but there is no cross-play support.

Microsoft has now made Windows 10 a ‘recommended update’ rather than an optional one

windows update, windows 10, windows 10 update, windows 10 recommended update

Microsoft is continuing its quest to get Windows 10 installed on every PC on the planet. After it revealed last month that all new processors will only be compatible with the company’s latest operating system, it’s now been announced that Windows 10 has become a ‘Recommended update’ in the Windows Update application, rather than an optional one.

Microsoft did say back in October that it would change the Windows 10 listing so it would become a recommended update in “early 2016.”

“As we shared in late October on the Windows Blog, we are committed to making it easy for our Windows 7 and Windows 8.1 customers to upgrade to Windows 10. We updated the upgrade experience today to help our customers, who previously reserved their upgrade, schedule a time for their upgrade to take place,” a Microsoft spokesperson told VentureBeat.

The change means that anyone using Windows 7, 8 or 8.1 that has automatic updates activated with recommended updates automatically selected will have Windows 10 downloaded without requesting it.

Microsoft has stressed that users will have a say on whether or not they want Windows 10 installed; it isn’t a mandatory update and users will be able to stop the install process. There will also be a 30 day period where users can roll back to the previous version of Windows.

Microsoft aims to have Windows 10 installed on 1 billion devices over the next two or three years, and the company is doing everything it can to increase uptake. The OSrecently passed Windows 8.1 and Windows XP to become the second most-used operating system in the world.

While the newest iteration of Windows has been generally well-received by most users (barring some privacy issues), there are those who say Microsoft’s tactics at getting people to install Windows 10 sometimes verge on the excessive.

Pre-orders now being accepted for Oculus Rift PC bundles

dell, asus, alienware, desktop, graphics card, video card, virtual reality, vr, oculus rift, oculus, oculus vr

Today is the big day for those looking to save a bit of coin on the purchase of an Oculus Rift and a PC to power the experience as Amazon, Best Buy and the Microsoft Store are now accepting pre-orders for Rift bundles.

Pricing starts at $1,499 for the Asus G11CD-B11 bundle which includes a desktop powered by a quad-core Intel Core i5-6400 processor alongside 8GB of memory and an Nvidia GeForce GTX 970 graphics card. If you recall, the recommended specs from Oculus VR call for an Intel Core-i5 4590 or greater, at least 8GB of RAM and an Nvidia GTX 970 / AMD 290 equivalent or better.

In terms of pure processing power, this entry-level Asus bundle just barely meets the recommended hardware specs.

On the opposite end of the price spectrum is the Alienware Area 51 bundle. For $3,149, you’ll get a desktop loaded with Intel’s Core i7-5820K processor (six cores, 12 threads), 16GB of RAM and an Nvidia GTX 980 video card. This configuration also comes with a 128GB SSD and a traditional 2TB hard drive.

Each bundle also includes an Oculus Rift VR headset, sensor, remote, an Xbox One controller and two games: Lucky’s Tale and EVE: Valkyrie Founder’s Pack.

As of writing, the only three PC makers participating in the Oculus Ready PC programare Asus, Dell and Alienware (Dell’s gaming-minded subsidiary). That’s likely to change moving forward, assuming of course that Oculus sticks with the program.

If you have the time and / or know-how to build your own system, that’s probably the best route to go as you can get the exact combination of hardware you’re after. Another option is to simply upgrade your existing machine if it doesn’t quite meet Oculus’ recommended specs.

Google is reportedly working on a standalone VR headset – no PC, console or laptop required

google, virtual reality, vr, vr headset, stand-alone vr headset

Last week, it was reported that Google would be releasing a device sometime later this year as a successor to its Cardboard virtual reality system; one that would supposedly feature a host of improvements over the cheap VR viewer, and be more like Samsung’s Gear VR headset.

Now, a report from the Wall Street Journal claims that in addition to working on this smartphone-powered headset, Google is also developing a VR first: a stand-alone device that requires no smartphone, computer or games console to power it.

The device will reportedly feature a display, outward-facing cameras (possibly depth-sensing ones like those used on Project Tango), and high-powered processors using chips from startup Movidius Inc, a company specializing in embedded machine vision.

Movidius acknowledged that it has a “business relationship” with Google, and said in a statement that it works with many companies on virtual reality and augmented reality devices, but it didn’t go into details.

Should the reports prove to be true, the headset would be another product from Google’s recently formed Virtual Reality division, which is headed by the company’s VP for product management, Clay Bavor.

With the Oculus Rift and HTC Vive requiring fairly beefy PCs to get the most out of them, and cheaper, smartphone-powered devices unable to match the quality of these headsets, Google’s potential stand-alone device could offer a good middle-ground between these two types of VR experiences.

The headset is reportedly in the early stages of development, so we may not see it until next year, but it’s yet another indication that tech companies view virtual reality as the future of the industry.

Weekend Open Forum: Which PC case do you use?

One of the very first premium aftermarket computer cases I acquired was a Lian Li PC-60. In the 15 or so years since, I’ve had the opportunity to work with probably a hundred or more cases of varying shapes, sizes, building materials and price points including my current chassis, the hulking Cooler Master Cosmos II.

I’ve owned this behemoth for nearly four years now and have no plans of replacing it anytime soon. Outfitted with Noctua fans, a towering heatsink and a passively cooled video card, it’s nearly silent and large enough to accommodate virtually anything I can throw at it in the future.

With this week’s open forum, we’re curious as to what computer case you’re using these days? Does your current case meet all of your needs? Are you eyeballing an upgrade?

Nvidia stock surges after company posts record sales

nvidia, geforce, gpus, q4, deep learning, sales report, sales forecast

There was some good news for the PC industry yesterday; despite a global slowdown in the number of computers sold, hardware sales are improving – for Nvidia, at least. The GPU maker reported that it had beaten fourth quarter earnings targets and posted record revenue for both Q4 and 2016.

Nvidia’s revenue from its core graphics card business for the three months up to January 31 was $810 million, a jump of 25.4 percent from the same period a year earlier. The company puts this down to consumers buying new GPUs to power some of the blockbuster games released during this holiday quarter, including Star Wars: Battlefront and Call of Duty: Black Ops III.

“GeForce sales are driven by the launch of great gaming titles and that again proved true this past holiday season,” Chief Financial Officer Colette Kress said on a conference call with investors and press.

While revenue for the entire year was up 7 percent to $5.01 billion, the company’s net income was down 3 percent from $631 billion to $614 billion. Operating expenses rose 12 percent to just over $2 billion.

Nvidia is continuing to expand its business into other areas outside of gaming; the company is “especially excited” about its deep learning strategy.

“Deep learning is a new computing model that teaches computers to find patterns and make predictions, extracting powerful insights from massive quantities of data. We are working with thousands of companies that are applying the power of deep learning in fields ranging from life sciences and financial services to the Internet of Things,” said CEO Jen-Hsun Huang.

Nvidia’s share price rose almost 10 percent in after-hours trading following the report, and is currently up 25 percent over the last 12 months. With continued growth in the PC gaming, VR, deep learning and self-driving vehicle markets, the future is looking bright for Nvidia.

Here’s the full breakdown from the report.

($ in millions except earnings per share) Q4 FY16 Q3 FY16 Q4 FY15 Q/Q Y/Y
Revenue $1,401 $1,305 $1,251 up 7% up 12%
Gross margin 56.5% 56.3% 55.9% up 20 bps up 60 bps
Operating expenses $539 $489 $468 up 10% up 15%
Operating income $252 $245 $231 up 3% up 9%
Net income $207 $246 $193 down 16% up 7%
Diluted earnings per share $0.35 $0.44 $0.35 down 20%
($ in millions except earnings per share) Q4 FY16 Q3 FY16 Q4 FY15 Q/Q Y/Y
Revenue $1,401 $1,305 $1,251 up 7% up 12%
Gross margin 57.2% 56.5% 56.2% up 70 bps up 100 bps
Operating expenses $445 $430 $420 up 3% up 6%
Operating income $356 $308 $283 up 16% up 26%
Net income $297 $255 $241 up 16% up 23%
Diluted earnings per share $0.52 $0.46 $0.43 up 13% up 21%

FY2016 Summary

($ in millions except earnings per share) FY16 FY15 Y/Y
Revenue $5,010 $4,682 up 7%
Gross margin 56.1% 55.5% up 60 bps
Operating expenses $2,064 $1,840 up 12%
Operating income $747 $759 down 2%
Net income $614 $631 down 3%
Diluted earnings per share $1.08 $1.12 down 4%
($ in millions except earnings per share) FY16 FY15 Y/Y
Revenue $5,010 $4,682 up 7%
Gross margin 56.8% 55.8% up 100 bps
Operating expenses $1,721 $1,657 up 4%
Operating income $1,125 $954 up 18%
Net income $929 $801 up 16%
Diluted earnings per share $1.67 $1.42 up 18%