Google Assistant can now share personal info in Allo, but only if you let it

One of the coolest features of Allo is the ability to bring Google Assistant into any conversation. Just type @google and you can ask Assistant questions like “What’s my schedule like today” or “Show me the latest Cars 3 trailer,” and it will happily oblige, saving you the trouble of opening Chrome or Calendar and searching yourself.google assistant allo

Now Google is making it easier to share that personal information with other people. First spotted by Android Police, the new feature gives you an option to send otherwise private data to your friends in an instant, but only if you allow it.

For example, when you’re in a chat and you ask Assistant something like, “What are my upcoming flights,” or “Show me my upcoming appointments,” it will now ask you if you’d like to share that information with the other people in your group. Tap Don’t Share and it will send a message saying, “Can’t share this right now.” Tap Share Now, however, and it will display the information it has retrieved on your phone for all to see.

Unfortunately, you can’t choose a contact to share it with when in a one-on-one conversation with Assistant, nor can you keep your personal queries completely hidden, but the ability to share information like this could prove to be useful in certain situations. The server-side feature isn’t tied to a specific Play Store update, though Android Police surmises that you likely need version 6.0 of Allo, which began rolling out last week.

While limited to just calendar entries, travel information, and contacts, the new sharing option has pretty big potential. Assistant has been frustratingly limited inside Allo—where it ought to excel in a natural conversational format—and this new feature could signal a new collaborative direction for Allo. However, without proper SMS integration, Allo is likely to remain a niche app, no matter how smart Assistant gets.

This story, “Google Assistant can now share personal info in Allo, but only if you let it” was originally published by Greenbot.

Researchers trick ‘CEO’ email cammer into giving up identity

Businesses targeted in email scams don’t always have to play the victim. They can actually fight back.ceo email scam spoof

Researchers at Dell SecureWorks have documented how they identified a suspected email scammer from Nigeria, by essentially playing along with the scheme to fool the attacker into revealing his true whereabouts.

Anyone can use these tips, said Joe Stewart, director of malware research at SecureWorks. “We’re letting them (the scammers) give us all the information about themselves,” he said.

The email scheme SecureWorks dealt with involved a fraudster impersonating a CEO in what’s called a business email spoofing attack. The goal is often to trick a victim into wiring funds to the scammer’s bank account.

Although a business can train its employees to learn how to spot these suspicious emails, that won’t necessarily stop the attack, especially since it’s easy for anyone to continually bombard a victim with emails, SecureWorks said.

Instead, a business’ IT security staff can actually fight back and disrupt the scammer’s operations. They can do this, by first replying to an email scam and pretending to act like a gullible victim.

This was how SecureWorks managed to eventually identify an email scammer from Nigeria that targeted a U.S. technology company back in November. SecureWorks was brought in to investigate and decided to fool the fraudster into thinking his scheme had worked.

The scammer had tried to trick the U.S. technology firm into wiring funds to a bank account by impersonating its CEO. SecureWorks pretended to comply, which caused the scammer to turn greedy.

“He started asking for $18,000,” said James Bettke, a SecureWorks researcher. “And then after that, he said, ‘Oh that’s a typo. It’s a $118,000.’”

screen shot 2017 02 14 at 10.23.39 pmSecureWorks
One of the emails sent by the scammer.

To try and identify the scammer, SecureWorks decided to email back a PDF-based receipt, indicating the wire transfer had been complete. In reality, the receipt was a decoy that when clicked on, sent off the recipient’s IP address and other web browser information.

The researchers found that their scammer was using an internet service provider in Lagos, Nigeria and was viewing the receipt on an iPhone.

SecureWorks continued to play a gullible victim, by claiming the wire transfer had failed. That forced the scammer to hand over details to other bank accounts. The researchers then took that information and notified the responsible bank that these accounts were being used for fraud, shutting them down.

To find out more about the scammer, the researchers sent another decoy receipt of a wire transfer that forced the recipient to enter a legitimate mobile phone number to view the form.

The scammer fell for the ruse. Using Facebook, the researchers found that the entered phone number was tied to a user named “Seun,” which the researchers believe is a real account.

“We know who he is,” Stewart said. “We could report him to the EFCC (The Economic and Financial Crimes Commission in Nigeria). But he didn’t get away with any money.”

So instead, SecureWorks is publicizing information about the fraudster’s scams, including the email addresses he used.

FreeSync gets luxurious with Acer’s 37.5-inch curved, ultrawide gaming monitor

Even though Nvidia explicitly pitches its G-Sync monitors as premium accessories, the GeForce crew doesn’t hold an iron grip over luxurious variable refresh rate displays. This week, Acer revealed a swanky ultrawide display with AMD FreeSync support and an astoundingly bad name.acer xr382cqk monitor

The Acer XR382CQK’s 37.5-inch screen boasts a 3440×1600-pixel resolution and a gentle 2,300R curve. Combine those with the stutter-killing FreeSync tech and a 21:9 aspect ratio and you’re looking at a screen that screams “immersion” on paper. The display’s rocking a 5 millisecond response time—not great, but definitely not bad—and 75Hz refresh speeds that you’ll probably have trouble hitting in-game unless you’ve got one hell of a rig. That resolution’s no joke.

Somewhat surprisingly, the XR382CQK isn’t part of Acer’s dedicated Predator gaming lineup. Acer probably did that for design flexibility; while Predator gear features aggressive black and red aesthetics, the slim and silver XR382CQK utilizes a “ZeroFrame” design with smaller bezels to (you guessed it) increase immersion even more.

Acer’s premium FreeSync monitor also supports picture-in-picture and picture-by-picture modes that let you watch input from two sources simultaneously, a nifty touch that takes advantage of the XR382CQK’s size.

acer xr382cqk monitor 2

Other features include preset “GameView” display profiles, wide 178-degree viewing angles, HDMI 2.0, DisplayPort 1.2, USB-C, and a four-port USB 3.0 hub for connecting your gaming accessories. The display also packs a pair of 7 watt speakers bolstered by DTS Sound, but if you’re already dropping $1,300 on a gaming monitor, you’d be much better off investing in a nice speaker system or pair of headphones to go with it.

: While FreeSync’s openness has proven to be a major win for AMD in modestly priced monitors, we’re starting to see the high-end fill out, too. At CES 2017 Samsung announced several ultrawide, curved FreeSync monitors of its own, the highlight being the CF791, which looks downright stunning in real life.

Samsung’s 34-inch, 3440×1400 display is a wee bit smaller than Acer’s XR382CQK, but it compensates for that with the inclusion of cutting-edge Quantum Dot technology, a more aggressive 1,500R curvature, and a much lower price tag of $950. Decisions, decisions.

New Chrome beta feature looks to make web apps as powerful as native ones

Chrome users have been able to add homescreen shortcuts for their favorite websites for years, letting you quickly jump to a site without having to navigate the bookmarks folder, but they’ve always been just that: fancy links. With the latest Chrome beta, Google wants them to be something far greater.chrome android

Called Progressive Web Apps, they promise to offer the best of both worlds, allowing users to experience the power of a Google Play Store app without needing to go through a download or update process. “It loads quickly, even on flaky networks, sends relevant push notifications, has an icon on the home screen, and loads as a top-level, full screen experience,” Google says.

The concept has been around since 2015, but it only just making it available in the beta version of Chrome for Android. How it works is simple: When you visit a Progressive Web App, you’ll be able to save it your homescreen like before (via a new Add Shortcut option), except now it won’t just be a fancy link. It will appear in your app drawer alongside everything else you’ve downloaded from the Play Store, and it will function just like a native app would, with the same settings, notifications, and subscriptions that you would find in a Play Store app.

progressive web apps

Ads by Kiosked

Google

Progressive Web Apps act just like native apps, except you add them to your phone through Chrome.

You’re not even technically running them in Chrome. Once installed, Progressive Web Apps launch independently of the browser and work even when there isn’t an Internet connection. Updates are done silently in the background, they scale to any screen, and most importantly, they feel like a native app. As Google writes in a blog post:

“This new Add to Home screen feature is one more step in our journey to empower developers to build the best possible experience for their users, and we are committed to ensuring the same mechanisms for installing Progressive Web Apps are available to all browsers on Android.”

If you want to test them out, you can download Chrome Canary, Google’s beta version of Chrome, in the Play Store. Then, navigate to chrome://flags, find the #enable-improved-a2hs experiement, and tap the Enable button. (Thanks for the tip, Android Police!) Then, when you visit one of Progressive Web Apps, you’ll be able to add it to your phone and play around with it. There aren’t too many sites available right now, but you will find a decent smattering of popular apps like Polymail, Flipboard, and the Financial Times.

progressive web apps

Ads by Kiosked

Greenbot

Once you add it to your app drawer, the Progressive Web App (right) is indistinguishable from a native app.

 Apps on Android are changing. A couple weeks ago, Google began testing its new Instant Apps that let users interact with aps without needing to download them in the Play Store, but Progressive Web Apps takes that concept one step further. Not only do they eliminate the Play Store middleman altogether, they let developers build powerful apps right in Chrome and deliver them quickly without the hassle of downloads and updates, or concern about compatibility. Native apps have served us well (and likely will for years to comes), but Google is already thinking beyond the present implementation of apps to a future where everything is instant and connected.

This story, “New Chrome beta feature looks to make web apps as powerful as native ones” was originally published by Greenbot.

Plex’s new Amazon Echo support lets you control your home theater with your voice

Plex is getting into the home automation game. The popular media management software just announced it now has an Alexa skill, as well as smart home features that turns off the lights or post a message in Slack based on an action you take with Plex.plexserver

The new Alexa skill is available now in the US and UK Alexa stores. Once you’ve activated the Plex skill, you can ask your Alexa to play content from your local media library on demand, such as a movie or a television episode from a specific season. Not sure what you’re in the mood for? You can also ask Alexa and Plex (Plexa?) to suggest music or something to watch.

Plex doesn’t specifically say this, but it appears the Alexa skill is open to all users, not just Plex Pass subscribers.

That said, the company is also adding an interesting new feature for Plex Pass users called Webhooks. Basically, what this means is that when you take an action with Plex, a secondary action can be carried out by a computer.

If you start a movie in Plex, for example, you could use Plex’s Webhooks feature to automatically dim the living room lights. Right now, Plex is hoping to get developers to start adding Webhooks that integrate with Plex.

There are three examples on Github that you can try out right now, including desktop notifications for music playback, automated Slack posts when you rate something in Plex, and a smart light integration with the Wink Hub.

These integrations are useful, but they’ll require some knowledge of JavaScript meaning it’s probably out of the grasp of most users, and that may not change. Plex’s technical documentation for Webhooks says they are a “fairly advanced feature and won’t commonly be used by an ‘average’ user.” Plex Pass Pro customers may be able to get an installer to come to their home and set Webhooks up, however.

This story, “Plex’s new Amazon Echo support lets you control your home theater with your voice” was originally published by TechHive.

LG’s fixing its 5K monitor to work near Wi-Fi routers

LG has ended its silence on the router proximity problems for its 5K Mac monitor that rolled out in late 2016. The company recently told Recode that 5K monitors manufactured after February 2017 would add extra shielding to prevent them from freaking out near Wi-Fi routers.ultrafine5k

As for existing monitors, it appears those can also be retrofitted against signal interference, as well. The report didn’t mention how existing monitor owners can have their displays repaired if necessary. LG’s 5K monitor comes with a one year warranty that covers labor and parts, so it may be as simple as submitting a repair request on LG’s site. We’ve reached out to the company for clarification.

New monitors with the extra shielding will presumably be able to operate near a router without issue. Soon after the monitor became available, users started complaining that their fancy new displays would be unusable next to a router. The problems start when the monitor is within 6.5 feet of a router.

LG’s UltraFine monitor features a 27-inch display with 5120-by-2880 resolution, a Thunderbolt 3 port, and three USB 3.1 ports. It also has a built-in camera, stereo speakers, and is currently priced at $974.

The extra shielding is good news for anyone who was hoping to pick up LG’s stunning monitor. You might still want to wait for the updated models to roll out before buying one, however, since the fix requires physical alteration. It’s not clear how long the retrofitting will take, or if the models currently available from Apple’s online store are already fixed. We’re asking LG about all of those details, but in the meantime patience is probably a virtue in this case.

This story, “LG’s fixing its 5K monitor to work near Wi-Fi routers” was originally published by Macworld.

Zero-day Windows file-sharing flaw can crash systems, maybe worse

The implementation of the SMB network file sharing protocol in Windows has a serious vulnerability that could allow hackers to, at the very least, remotely crash systems.windows 10 bsod

The unpatched vulnerability was publicly disclosed Thursday by an independent security researcher named Laurent Gaffié, who claims that Microsoft has delayed releasing a patch for the flaw for the past three months.

Gaffié, who is known on Twitter as PythonResponder, published a proof-of-concept exploit for the vulnerability on GitHub, triggering an advisory from the CERT Coordination Center (CERT/CC) at Carnegie Mellon University.

“Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service or potentially execute arbitrary code on a vulnerable system,” CERT/CC said in the advisory.

Microsoft’s implementation of the Server Message Block (SMB) protocol is used by Windows computers to share files and printers over a network and also handles authentication to those shared resources.

The vulnerability affects Microsoft SMB version 3, the most recent version of the protocol. CERT/CC has confirmed that the exploit can be used to crash fully patched versions of Windows 10 and Windows 8.1.

An attacker can exploit the vulnerability by tricking a Windows system to connect to a malicious SMB server which would then send specially crafted responses. There are a number of techniques to force such SMB connections and some require little or no user interaction, CERT/CC warned.

The good news is that there are no confirmed reports of successful arbitrary code execution through this vulnerability yet. However, if this is a memory corruption issue as described by CERT/CC, code execution might be a possibility.

“The crashes we’ve observed so far do not manifest in a manner that suggests straight-forward code execution, but that may change, though, as we have time to analyze it more in-depth,” said Carsten Eiram, the chief research officer at vulnerability intelligence firm Risk Based Security, via email. “This is only the initial stage of the analysis.”

Carsten’s company also confirmed the crash on a fully patched Windows 10 system, but has yet to establish if this is just a NULL pointer dereference crash or the result of a deeper issue that could have a more severe impact. Just to be on the safe side, the company is following CERT/CC’s lede in treating this as a potential code execution flaw. CERT/CC scored this vulnerability’s impact with 10, the maximum in the Common Vulnerability Scoring System (CVSS).

Gaffié said on Twitter that Microsoft plans to patch this issue during its next “Patch Tuesday,” which this month will fall on February 14—the second Tuesday of the month. However, it’s possible that Microsoft could break out of its regular patch cycle if the vulnerability is indeed critical and starts to be exploited in the wild.

Microsoft did not immediately respond to a request for comment.

Both CERT/CC and Eiram advise network administrators to block outbound SMB connections—TCP ports 139 and 445 along with UDP ports 137 and 138—from local networks to the Internet. This won’t completely eliminate the threat, but will isolate it to local networks.

Signifying the Importance of Growth Factor

Human growth hormone is one of the most helpful hormones on earth, and repeatedly proves its worth in both medical and presentation circles. HGH prescriptions denote the hormones prescribed by the doctors and are well tolerated by both the genders.Numerous companies sell HGH in forms like injections, liquids, sprays and capsules. The shortage of natural hormones in humans can be assisted by synthetic growth hormones. Serostim is one variety of HGH used in curing individuals affected with HIV or AIDS undergoing cachexia or muscle-wasting condition. This supplement has been intended to improve slim body mass and weight besides augmenting stamina and endurance in these patients.

Image result for Signifying the Importance of Growth Factor

Dosage indication

Serostim like various Somatropin bodybuilding products, such as Norditropin, Saizen, and Humantrope, works like an anabolic agent. It makes a network with certain receptors on many cell structures, such as adipocytes, lymphocytes, myocytes, hematopoietic cells, and hepatocytes. The effects make more insulin-like growth factor 1. This medicine is identified as a synthetic hormone and produced in a laboratory with recombinant DNA machinery. This drug is controlled by subcutaneous injection. This therapy must be carried out following the guidance of a doctor, experienced in the analysis and organization of HIV injection.Serostim contains similar growth hormone manufactured by the pituitary gland in the human brain.

The normal starting dose for HIV-associated or Cachexia is 0.1 mg per kg intravenously once daily until reaching the total dosage of 6 mg. This drug needs to be administered before going to bed based on body weight dose recommendations. The injection of 0.1 mg/kg every alternate day drew fewer side effects and resulted in parallel improvement in work output, in comparison to 0.1 mg/kg each day. Therefore, this dosage was considered for patients who are at risk for adverse side effects. Most work output of this supplement on slender body mass was ostensible after undergoing treatment for 12 weeks.

Purchasing Serostim

Like other growth hormones this medicine also needs a prescription. As growth hormone for the purpose of bodybuilding has been barred by many sports organization so it’s illegal to purchase or sell growth hormones. As this supplement is identified as a controlled substance so people depend on black-market to acquire this drug. This is also referred to as smuggling when you buy these products from foreign sources and bring it into your country.So before buying it’s important to check the manufacturing standards and the country they are bought from. Many growth hormone products are fake as they contain suspicious components and fillers, and some even bacteria!

The working mechanism

Serostim gets in contact with receptors present inside specific cells and its effects get arbitrated to make more insulin-like growth factor 1. It leaves pharmacodynamic impacts on carbohydrate, lipid, retention of nitrogen and minerals, protein metabolism and physical performance. A maximum number of these studies were short-term and involved HIV patients. Though Serostim HGH for sale coupled with other anti-retroviral drugs is used for the treatment of HIV patients, yet they treat grown-up geriatric, in pediatric patients also.

Gears of War 4 adds multiplayer crossplay for Windows 10, Xbox One gamers

Microsoft’s ambitious Play Anywhere initiative, which lets PC and Xbox gamers game together, made unexpected strides on Friday, when it was announced that Gears of War 4’s crossplay will expand beyond cooperative mode to include multiplayer competition. gears of war 4

The feature, however, will be limited to Social Quickplay, rather than competitive ranked matches, Microsoft said. So your dreams of a “Super Bowl” of GoW play between the best PC and Xbox players will have to wait.

Interestingly, when Microsoft tested GoW4’s expanded crossplay features at the end of 2016, participation heavily favored the Xbox One. Of the 115,000 players that took part in the test weekend, there was a whopping 91-9 percentage split between the Xbox One and the Windows 10 platform. Over 750,000 matches were played.

To the question of which platform came out on top, Microsoft said the two sides were pretty even: Windows 10 and Xbox players had “closely matched results” when comparing their average kills and deaths, score, and kills per match. Nevertheless, Microsoft said the game’s Core and Competitive rankings will remain separated: Xbox players will only play Windows players, for example, to maintain parity.

“When we looked at the extensive data we received, thanks to the incredible participation from our community, there was a clear message—it works,” the company said in a blog post.

When played with a decent community of polite, competitive opponents, multiplayer gaming can be awesome. Crossplay simply opens up this experience to a larger number of potential players. For its part, Microsoft is really trying to establish Windows and the Xbox as one happy, collective ecosystem, and crossplay is a big part of that.

Alt Twitter government accounts spring up to challenge Trump

Alternative facts and fake news, meet Alt-Twitter. In the last few days, a growing number of Twitter accounts have been started claiming to be the “alternative” or “rogue” voices of U.S. government workers and agencies.p1170191 1

It started with the brouhaha over tweets from two National Park Service accounts and the reaction to them from the White House.

An @AltNatParkSer account quickly sprang up claiming to be the “unofficial resistance team of U.S. National Park Service” and has to-date amassed 1.3 million followers — that’s three times as many followers and the legitimate @NatlParkService account.

The account says it’s run by environmental activists and journalists, not government workers, and that’s the case for many of the other alternative accounts that are now online.

Like the Alt US Forest Service, Rogue NASA, Alt CDC, and NOAA Uncensored, many of the tens of accounts appear to be set up by sympathizers to show support for science-focused agencies that are facing changes and restrictions under the new administration.

But not all.

Perhaps none is as daring as @RoguePOTUSStaff, which purports to come directly from the White House. It has been tweeting out overhead conversations and White House gossip to its 83,000 followers since Wednesday.

For anyone following presidential politics this week, it makes for juicy reading but — and this is important — no-one can say for sure whether any of it is real.

The bio on the account claims it is run by “the unofficial resistance team inside the White House,” but that’s all. The person or people running the account have been asked for verification but have declined to provide it.

It’s worth remembering that the fake news stories that rose to prominence during the election campaign were written in a way to confirm suspicions or beliefs that a group of the electorate already held, and the same can be said of the RoguePOTUSStaff Twitter feed if the audience is scared and skeptical liberals.

But the account holder does at least appear to have some knowledge of government affairs, writing on Friday that the account could be a “violation of Hatch Act.”

The Hatch Act is legislation that prohibits government employees from engaging in political acts while on the job.

For now, the alternative accounts don’t represent a big challenge to official outlets. The government’s U.S. Digital Registry lists 3,347 official Twitter accounts, so the resistance has some way to go.