Major Security Flaw Lets Anyone “Hack Mac OS High Sierra Just By Typing Root”!

0

If you own a Mac computer running the latest version of High Sierra — 10.13.1 (17B48) then do not leave your PC unattended because security researchers disclosed a bug that lets anyone with physical access to a Mac gain system administrator access even without entering a password.

Anyone can gain the highest level of access to your Mac just by typing “root” in the username field, leaving the password blank and clicking “unlock” a couple of times. That’s it you will immediately gain full access to the computer without even requiring hacking skills.

Root-bug-tweet

This silly yet major vulnerability was first noticed by a developer named developer Lemi Orhan Ergin and then he publicly addressed it on Twitter.

Here’s How To Perform This Hack:

  • Open System Preferences on your Mac with High Sierra operating system.
  • Select Users & Groups.
  • Click the lock button.
  • Enter “root” in the username field of the login window.
  • Leave the Password field blank and hit enter button few times.

macos-high-sierra-password-bug

These steps lets will make you a superuser with read and write privileges to more areas of the system, including files in other macOS user accounts. You can alter passwords, email id’s linked to the account and much more to create a havoc on the computer.

This flaw can be exploited in several ways such as when the full-disk encryption is disabled or disabling the FileVault. But it’s not possible to exploit this vulnerability when a Mac computer is turned on, and the screen is protected with a password.

However, Ergin contacted Apple Support to address the issue and Apple responded that it is reportedly working on a fix.

“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

Temporary Fix To MacOS High Sierra Bug

Until Apple releases a fix for this bug, you can protect your Mac by ensuring to set a root password. To do that:

  • Go to  System Preferences and then select Users & Groups.
  • Click the lock icon and then enter administrator name and password.
  • Click on Login Options and select Join at the bottom of the screen.
  • Select Open Directory Utility
  • Click the lock icon in the Directory Utility window, then enter an administrator name and password.
  • Click Edit at the top of the menu bar
  • Select Enable Root User if you haven’t already and then choose Change Root Password.

You can also disable the guest accounts on your Mac for additional security. To do this go to System Preferences  > Users & Groups > select Guest User > disable “Allow guests to log in to this computer.”

Update:

On Wednesday, Apple said it has issued a software update for the vulnerability in High Sierra version of its MacOS. The update was made available at 8 a.m. PT Wednesday and the computers would automatically start installing the update later in the day.

“When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole,” Apple said in a statement.

Facebook Could ‘Lock You Out’ Unless You Upload A Clear Selfie”

1

The social networking giant Facebook will soon ask “upload a photo of yourself that clearly shows your face,” to prove that you are not a robot. This is a new kind of captcha to verify your identity feature that the company is working.

facebook-selfie-authentication

 

This news was first shared on Twitter as a screenshot on Tuesday and was verified by Facebook, which says: “Please upload a photo of yourself that clearly shows your face. We’ll check it and then permanently delete it from our servers.” The prompt also mentions that the picture will be removed permanently from Facebook servers.

facebook-selfie-authentication

This isn’t the first time Facebook is asking for pictures because recently the company asked users to upload their nudes to fight against revenge porn. In a statement to Wired, the company’s spokesperson said that the photo test is  intended to “help us catch suspicious activity at various points of interaction on the site, including creating an account, sending Friend requests, setting up ads payments, and creating or editing ads.”

Another screenshot was posted on Twitter (now deleted) indicating that the users are locked out of their account until the photo was verified. The message said “You Can’t Log In Right Now. We’ll get in touch with you after we’ve reviewed your photo.”

A similar incident was reported on Reddit earlier this year which says “Facebook won’t let me log in, asks for me upload picture of myself, then says picture is invalid.”

This photo test is both automated and manual to detect any suspicious activity and authenticate the user. Facebook is lining up in the list of companies to adopt the Facial technology for authenticating users because we’ve seen Apple introduce the Face ID feature and completely ditch the touch ID in it’s recent iPhone X release.However, we don’t know how well the Facial technology is going to function but it sure has attracted various companies to adopt the feature.

What are your views on Facebook’s new selfie feature for verifying user’s identity? Share your views in the comments below!

This Facebook Bug Allowed Anyone To Delete Your Photos

1

Even the top most websites with billions of turnover can have vulnerabilities. That is the reason these companies conduct bug bounty programs that offer a valuable amount of money to developers to find bugs and vulnerabilities.

Earlier this month, an Iranian web developer, Pouya Darabi has discovered a critical vulnerability in Facebook that lets anyone delete to delete any photo from the social media platform. This loophole resides in Facebook’s new Poll feature launched earlier this month which lets the users create polls that include GIF’s and images.

Facebook-Vulnerability

When Darabai was analyzing this feature, he came to know that when a poll is created by a user, a request will be sent to the Facebook servers with image ID of any photo chosen on the social media network which could be replaced by anyone. Now, when the image ID is changed in the URL, that particular image will be shown in the poll.

Facebook-Vulnerability

“Whenever a user tries to create a poll, a request containing gif URL or image id will be sent, poll_question_data[options][][associated_image_id] contains the uploaded image id,” Darabi said. “When this field value changes to any other images ID, that image will be shown in poll.”

Moreover, if the poll creator deletes the poll, it would eventually delete the original image sourced from someone else’s page permanently.

Facebook-Vulnerability

As soon as Darabi discovered the vulnerability he reported the bug to Facebook on November 3 and the social media giant has immediately responded to it and released a temporary fix for it on November 3rd followed by a permanent fix on November 5th. Later on November 8th, Facebook awarded him $10,000 bounty for preventing potential damage to both users as well as the social media giant’s reputation in general.

Delete any image on facebook

Image removal vulnerability in Facebook polling featurehttps://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html

Posted by Dynamic World on Tuesday, November 21, 2017

This isn’t the first time when Darabi has received a reward from Facebook. Previously, in 2015, the company awarded him $15,000 bug bounty for avoiding the system of protection against cross-site request forgery (CSRF). And in 2016, he earned another $ 7,500 dollars for finding a similar issue.

 

What is Google Play Services? Why Is it Important?

0

If you own an Android device then you must have encountered with an app called Google Play Services. However, no one really knows the exact purpose of it and some even don’t know its existence until something goes wrong. But these services serve a great purpose on your Android device which supports a large functionality of your phone.

google-play-services

What is Google Play Services?

Google Play services is a background service for Android devices that is used to update Google apps and other apps from Google Play such as Maps, Google+ and more. These updates are automatic platform updates distributed as an APK through the Google Play store to make receiving and integrating updates faster and easier.

What does it do?

It also provides core functionality like authentication to your Google services, access to all the latest user privacy settings, synchronized contacts, and higher quality, lower-powered location-based services. It also speeds up the offline searches, improves gaming experiences, and provides more immersive maps.

google-play-services

Google Play Services can also deal with the Google’s fragmentation issue. It gives you the freedom to use latest API’s provided by Google without worrying about the device support( from Android 2.2 up).

Components of Google Services:

  • Google Play Game Services: This service helps you make your games more social, with achievements, leaderboards, and multiplayer. It even allows you to save and store games in the cloud.
  • Google Maps API: This API allows you to access Google Maps in other apps without actually leaving that particular application. For example, booking a cab and using maps in that app.
  • Location APIs: The location APIs facilitate adding location awareness to your app with automated location tracking, geofencing, and activity recognition i.e, the direction and method of movement, and whether the device has moved across a predefined geographical boundary, or geofence.
  • Google Drive API: This API helps you to interact, share and store files from other apps in Google Drive.
  • Google+: This service allows you to use Google+ login credentials to access various accounts on multiple apps without the need to create an account for that particular app. This is nothing but the Sign in with Google+ feature you see whenever you install a new application.
  • Google Mobile Ads: This API is responsible for displaying ads in the apps based on your location and browsing history. This is a key API for app developers to make money.

Other components that constitute Google Play Services include Google Wallet, Google Fit API, Google Play Protect, Google Cast Android API, Google account authentication methods.

Do I need Google Play Services?

Many applications on your Android device are dependant on Google Play Services to access the Google APIs which adds functionalities as mentioned above. The apps may not work if you try to uninstall Google Play services.

How Can I disable it?

Google Play Services is an inbuilt app and you can not uninstall it. However, you can disable it by going to Settings > Applications > All > Google Play Services > Disable.

google-play-services-disable

If you have any other queries related to Google Play Sevices, drop them in the comments below!

How big data ensures seamless customer experience across channels?

0

With the prudent adoption of big data analytics to personalize experiences, 53% of the consumers are purchasing more from brands who personalize their shopping experience across all channels, according to MyBuy’s Personalisation Consumer Survey. If organizations want their customers to stay loyal, they will have to invest in the experience. With the view to achieving this, more than 50% of organizations will redirect their investments to customer experience innovations by 2018 as per Gartner predictions. This will lead to 40% more revenue per person.

When consumers visit the company websites, social media pages, and catalogs, while switching between multiple devices, big data plays a pivotal role to predict their behavior and create a seamless marketing and buying process.

According to a report by Oracle, the benefits of brands evolving to data-driven customer experiences are extensive (See Figure 1). Big data has ensured a significant shift in elevating customer experiences. The results of the survey have indicated the positive scenarios for the organizations as mentioned in the figure below:

Data-driven-customer-experience

Big data enhancing all customer channels

As the telecom industry is witnessing an explosion of competition, the most immediate impact has been an increase in customer churn. However, big data has proved to be the differentiating factor for delivering services across all channels.

Big data has helped the telecom operators to optimise their websites in such a way that it has helped to solve customer’s problems and convinced customers to buy from them.

customer-experience-stats
Having a seamless interface across all the channels was a challenge before. But now, big data has assisted the telecom operators in integrating their direct mail pieces to other channels. As these pieces are now integrated, customers see a very common interface which has lead an ideal experience for them.

Providing a customer-centric approach by integrating a personal touch is now catered by data analytics. Speech and text analytics is used to track customer interactions across all channels, including voice, social media, SMS, chat, email, and blogs. It has helped many brands to become more customer-centric by developing a sense of personal touch.

Unstructured data was always a challenge. Big data has now dug deep into the unstructured data mine and has led to some fantastic insights. Social listening tools are being used to learn what people are saying about the brand across the internet. Such unstructured data has helped to reveal a great deal about customer sentiments and has, in turn, helped the operators to tackle the addressable issues.

Using Big Data for Customer Experience Management

  • Validate and steer the marketing decisions

The data analytics solution provides information relevant for marketing, steering wise decisions regarding service packaging and marketing campaigns, resulting in increased operator revenues.

  • Optimize the network investment

Big data analytics have helped telecom operators to know customer behavior and customer-related issues to plan the network investments efficiently. This, in turn, has enabled them to avoid outages in the highest revenue areas and eliminate over-investment in lower priority areas.

  • Comprehensive visualization

Along with the flexible dashboards, big data analytics solutions provide many specialized dashboards supporting most essential use cases, like roaming monitoring, and VIP monitoring tailored for the customers.

Telecom operators are using big data solutions to review metrics in real-time to come up with the price for a product offering. After testing the price with different segments of customers in different regions, operators are coming up with the most optimised price. This is a win-win for the operators and the customers as customers get the price they are happy with, and the telecom receives a steady revenue stream with low customer churn.

Why data-driven customer experience makes the difference?

In the past, data concerning client interactions were primarily based on observation and person-to-person communication, but now, because of the thousands of data points that companies can examine about each customer, it can use trends that might otherwise go unnoticed to better understand and segment their customer base.

Pattern Analysis: Big data helps to determine customer behavior pattern based on either structured data like sequential demographic data or unstructured data like tweets about products.

Sentiment Analysis: This is helping the operators to know what customers are saying about their products/service and aids help them to address issues before they spread too big.

Recommendation Analysis: Big data plays a pivotal role to help give the best recommendation to the telecom customers to increase the conversion rate.

Marketing analysis: It helps the telecom operators to analyze customer interactions and optimise marketing decisions and messages.

With the programmatic advertising and email marketing metrics, operators are moving towards continual improvement cycling in their marketing program. Collecting the vital data has enabled them to analyze and improve their efforts to deliver a best-of-class customer experience.

Customer experience management becomes easy through big data analytics solutions as it provides compelling visualizations, graphs, charts and dashboard reports that allow businesses to understand and gain insights on their survey responses at a glance!

 

Future of CEM with Big Data Analytics

The global big data revenue is expected to reach $203 billion by 2020, meaning that operators need to move ahead of customer service performance and quality and focus on customer perceptions to become a significant part of this revenue growth. For example, the data analytics tool can enable businesses to compensate the customers for bad experiences before they even complain, possibly turning a potential red flag into a wow moment.

A leading telecoms operator developed a mobile app to display the status of a customer’s inquiry which in-turn reduced the inbound calls. Such should be the application of big data analytics solutions where an offer or service is highly customised. It can help the customers to see their CLV-based status, the expected service level, and features or services they might have to pay for.

In the years to come, ‘Crystal Ball Analysis’ will be the widely applied in customer experience management, meaning that, analytics will be beneficial to target people depending on their mood, in happy or dejected moods, based on what they are typing or looking for.

Another significant use case of big data will be for people working in sales and marketing in telecom. They can use analytics to forecast the impact of their actions and provide more personalized pitches or content to individual customers, instead of depending on historical data.

‘Predictions-as-a-service’ will see growth, wherein big data analytics will be used to gather the data from various platforms and analyze how it is performing against broader regional and global sales trends in the telecom sector. This will be backed-up by understanding the influences of current events, economic factors and even the weather on its sales pipeline.

Conclusion

Big data has the potential to move the telecom strategy from segments to true personalization. Now, with big data, operators have unprecedented amounts of information, and through proper utilization, it has allowed them to determine customer needs before ever interacting with a customer.

Using big data analytics solutions, operators can analyze behavioral triggers, and tailor a personalized marketing effort to meet their client’s needs for relevant email marketing and programmatic advertising.

 

 

 

5 Products That Presage the Technological Revolution in Sports

0

Sports brands constantly develop technological products designed to help improve the performance of athletes and reinvent the fan experience with the help of apps and wearables.

Last January, the CES technology fair served to confirm the unstoppable rise of wearable technologies. And within wearable, along with glasses and smartwatches, smart devices focused on improving the fitness experience also had a special role. Brands such as Sony, Intel, Garmin, and Razer, among others, presented new fitness trackers or announced they were involved in further development.

Technology analysts such as Canalys estimate that more than 17 million smart bands will be sold in the world this year, and the concern for physical exercise is largely to blame for these figures. But the introduction of new technologies such as those meant to help with sweating, go beyond fitness, reaching the world of professional sports.

In recent months we have seen brands begin to explore technologies aimed at improving the performance of athletes themselves and enhance the fan experience, making it more physical thanks to intelligent apps and clothing, or exploring technologies that promise to bring new points of view to the Follow up on massive sports like football. Here are 5 of those product ideas that warn of the new technological revolution about to shake the world of sports.

Virtual Reality

Virtual Reality or VR has come a long way. There used to be a time when no one would believe VR would take off but nowadays it’s part of many homes and industries and is now also making a splash in the sports and events industry. It’s not only a whole new way to experience gaming but also sports in general. Imagine being able to see a match from different angles as if you were in the middle of the stadium. When you’re cheering for a team and want it to win because you bet on it at luckystreet.com, feeling like you’re there, watching it and cheering while still in your living room, gives a great feeling and is the true revolution in Sports.

Virtual-reality-in-sports

The ‘Brazucam’ by Adidas

At the beginning of April, the sports brand Adidas presented the ‘Brazucam‘ in society. It is a modified version of the official soccer ball of the 2014 World Cup Brazil that incorporates six small HD video cameras inside. The idea is that these cameras can give the viewer a vision of the action on the pitch from the perspective of the ball itself. The ball will be traveling around the world (Spain, Germany, England, Russia, Japan, USA, Mexico, etc.), being the protagonist of a series of videos that count with the participation of stars like Xavi Hernandez, Dani Alves, Cristian Tello, Manuel Neuer and David Villa and who are being publicized as a weekly clip on the Adidas YouTube channel.

Brazucam

The invention of ‘Brazucam’ does not stop being a promotional brawl of the brand to advertise its ball, but the idea gives clues as to where the shots could go in the football retransmissions of the future.

The smart basketball

The Wilson brand, in collaboration with the Finnish technology company SportIQ, has developed an intelligent basketball that incorporates sensors inside. In combination with an app, these sensors allow you to collect a series of data about the player’s performance. The ultimate idea is to help the athlete to improve their game, by offering information on percentages of hits, times of execution of the throws or statistics on their effectiveness from different areas of the field. The brand plans to launch the ball next winter, and according to those responsible for its digital department, they are considering developing similar technologies for products of other sports.

Moov Personal Virtual Trainer

Moov is a wearable that offers the user a constant flow of data focused on improving their sports performance in real time. The device comes after a decade of research by institutions such as Harvard, Stanford, professional athletes and coaches and even US Army researchers, and today Moov has support for five activities: race, cycling, swimming, cardio boxing, and weightlifting. Moov can measure various variables such as the race pace, the frequency of hitting or the pedaling speed, depending on where in the body the device is placed. Each sport has its own dedicated app, currently only for iOS devices, although the corresponding versions for Android systems are being developed.

moov-now-running

The ‘Alert T-Shirt’ from WE: eX

Wearable Experiments (We: eX) is defined as a social technology company focused on the development of wearables. They describe their mission as an activity aimed at fusing fashion and technology with a functional design, applying creative ideas to solving problems to help us have a better quality of life. One of their inventions is the ‘Alert Shirt’, a technological shirt developed in collaboration with Foxtel and CHE Proximity and aimed at fans of Australian football. The idea is that the fans can physically experience the action that takes place on the pitch. Via Bluetooth, the Alert Shirt app transmits a series of data taken in real time to the electronic components inserted in the shirt, which convert that data into impulses that seek to reproduce the sensations experienced by players in the field.