Google Maps may soon show how difficult parking is near your destination

From ARS:

Enlarge / Parking information shown in Google Maps v9.44 beta.

You can already find out a lot about your commute by using Google Maps, and you soon may be able to find out how hard it will be to find a parking place once you arrive at your destination. Android Police is reporting a new feature present for some users in the Google Maps v9.44 beta that details parking information near your destination when you set driving directions.

When you first set a destination, a parking availability indicator appears next to your estimated driving time in the form of a “P” symbol. There appear to be three levels of parking availability: “easy,” “medium,” and “limited” for areas where parking is typically hard to come by. During your drive, you can expand the turn-by-turn directions to see a more detailed explanation of your destination’s parking situation. While the descriptions are not real-time indicators of the parking situation you’re driving into, they do tell you how easy it “usually” is to find a parking spot near your destination.

According to Android Police’s report, parking information currently shows up for public places like shopping centers and airports. There’s no telling how many users have access to the parking information feature yet, or where it’s being rolled out to first. We downloaded the v9.44 beta in the New York City/Long Island area to a Samsung Galaxy S7, and parking information did show up. Give it some more time if you’re using the v9.44 beta and don’t see parking information yet.


Online databases dropping like flies, with over10k falling to ransomware groups

From ARS

More than 10,000 website databases have been taken hostage in recent days by attackers who are demanding hefty ransoms for the data to be restored, a security researcher said Friday.

The affected data is created and stored by the open source MongoDB database application, according to researchers who have been tracking the ongoing attacks all week. On Monday, Victor Gevers, co-founder of the GDI Foundation, reported finding 200 such databases that had been deleted. By Tuesday, John Matherly, founder of the Shodan search engine increased the estimate to 2,000 databases, and by Friday, fellow researcher Niall Merrigan updated the count to 10,500.

Misconfigured MongoDB databases have long exposed user password data and other sensitive information, with the 2015 breach of scareware provider MacKeeper that exposed data for 13 million users being just one example. With the surge in ransomware-style attacks—which threaten to permanently delete or encrypt data unless owners pay a fee—hacks targeting MongoDB are seeing a resurgence. Many poorly secured MongoDB databases can be pinpointed using Shodan, which currently shows 99,000 vulnerable instances.When the ransom-style attacks targeting MongoDB databases first came to light, they were mostly carried out by someone using the online handle Harak1r1. The individual or group was deleting vulnerable databases and promising to restore them if owners paid around $200 in Bitcoin. Over time, other attackers have taken part in similar attacks, in some cases replacing a rival’s ransom demand with one of their own. A list of the best-known attackers is here. In all, the attackers have compromised about 10,500 databases. Promises to restore the databases in return for a ransom payment are dubious, since there’s no evidence the attackers copied the data before deleting it.

MongoDB maintainers have responded to the reports with a blog post explaining how to detect and respond to attacks. People who administer websites that use MongoDB should ensure they’re avoiding common pitfalls by, among other things, blocking access to port 27017 or binding local IP addresses to limit access to servers.


Google Doesn’t Want My $900!

On November 27th I gave in to temptation and order a Google Pixel.  It’s everything I want in a phone and they had a good financing deal.

The phone was back ordered but I ordered it anyway.  I could wait a few weeks.

A week after placing the ordering using Googles own financing program I get an email on the 7th telling me the order is on hold.

I call and get a very very very confused woman with a foreign accent on the line.  She seems unable to understand the issue.  I keep explaining I have no bank to contact about payment, I was approved for their own Financing.  I ask to speak with a  supervisor.  I’m put on hold for a looong time.  The same girl comes back on and explains it was just a glitch and to ignore the e-mail.

The next day my phone rings I answer it and no one is there.  I look up the number and it turns out it is Google.  I call them back talk to another girl with an accent who tells me everything is fine and the payment has processed and the phone will ship eventually.

Today on the 11th I wake up to an e-mail telling me the order has been canceled.  

I call I’m told they tried to process the payment 5 times and it failed.  

So lets look at that closely.  

First, it’s a payment from their own bank that was approved solely for this purchase.

Second, it’s the total opposite of what I was told the TWO times I contacted them.

Third, I checked the status of my order multiple times daily and this issue was never indicated anywhere.

I waited two hours for a supervisor to call me back.  I finally called back and now was told I have to wait another two hours for a supervisor to call me back.

I have never in my life had a company go out of their way to make it impossible for me to purchase from them. 


Newly discovered router flaw being hammered by in-the-wild attacks

 

Update and secure your routers.  If you don’t know how to do it you can schedule an appointment with us.

From Ars

Online criminals—at least some of them wielding the notorious Mirai malware that transforms Internet-of-things devices into powerful denial-of-service cannons—have begun exploiting a critical flaw that may be present in millions of home routers.

FURTHER READING
How one rent-a-botnet army of cameras, DVRs caused Internet chaos
Routers provided to German and Irish ISP customers for Deutsche Telekom and Eircom, respectively, have already been identified as being vulnerable, according to recently published reports from researchers tracking the attacks. The attacks exploit weaknesses found in routers made by Zyxel, Speedport, and possibly other manufacturers. The devices leave Internet port 7547 open to outside connections. The exploits use the opening to send commands based on the TR-069 and related TR-064 protocols, which ISPs use to remotely manage large fleets of hardware. According to this advisory published Monday morning by the SANS Internet Storm Center, honeypot servers posing as vulnerable routers are receiving exploits every five to 10 minutes.

SANS Dean of Research Johannes Ullrich said in Monday’s post that exploits are almost certainly the cause behind an outage that hit Deutsche Telekom customers over the weekend. In a Facebook update, officials with the German ISP said 900,000 customers are vulnerable to the attacks until they are rebooted and receive an emergency patch. Earlier this month, researchers at security firm BadCyber reported that the same one-two port 7547/TR-064 exploit hit the home router of a reader in Poland. They went on to identify D1000 routers supplied by Eircom as also being susceptible and cited this post as support. The Shodan search engine shows that 41 million devices leave port 7547 open, while about five million expose TR-064 services to the outside world.

FURTHER READING
Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net
The attacks started shortly after researchers published attack code that exploited the exposed TR-064 service. Included as a module for the Metasploit exploitation framework, the attack code opens the port 80 Web interface that enables remote administration. From there, devices that use default or otherwise weak authentication passwords can be remotely commandeered and made to join botnets that carry out Internet-crippling denial-of-service attacks.
BadCyber researchers analyzed one of the malicious payloads that was delivered during the attacks and found it originated from a known Mirai command-and-control server.

“The unusual application of TR-064 commands to execute code on routers has been described for the very first time at the beginning of November, and a few days later a relevant Metasploit module had appeared,” BadCyber researchers wrote in a blog post. “It looks like someone decided to weaponize it and create an Internet worm based on Mirai code.”

All bases covered

To infect as many routers as possible, the exploits deliver three separate exploit files, two tailored to devices running different types of MIPS chips and a third that targets routers with ARM silicon. Just like the Metasploit code, the malicious payloads use the exploit to open the remote administration interface and then attempt to log in using three different default passwords. The attack then closes port 7547 to prevent other criminal enterprises from taking control of the devices.


These SNES-era Kirby games were considered lost until this week

I’m always happy when any forgotten media gets discovered and released.

 

From ARS

These four early Kirby games will now have their ROMs preserved, thanks to the efforts of a group of preservationists.

A group of dedicated game preservationists has obtained a set of obscure Japanese Kirby games from the Super Famicom era in order to archive them for future generations. But the uncertain fate of such early games presages a much bigger problem facing digital game preservation going forward.

Even die-hard Kirby fans would be forgiven for not knowing much about Kirby’s Toy Box, a collection of six mini games that was only available through Japan’s Satellaview, an early satellite-based distribution service for the Super Famicom (the Super NES in the West). That system only let you download one game at a time to a special 8-megabit cartridge, though, and you could only download when that specific game was being broadcast across the narrow satellite feed.

Thus, existing copies of most Satellaview games are available only if they happen to be the last game downloaded to individual cartridges (Satellaview broadcasts ended in the late ’90s). While some of these games have been publicly dumped and preserved as ROM files, many exist only in the hands of Japanese collectors. Sometimes, those individuals are reluctant to release the digital code widely.

That’s why gaming historians were so intrigued when a Japanese auction popped up listing four of the Kirby’s Toy Box mini games (Circular Ball, Cannon Ball, Pachinko, and Arrange Ball) for sale on four separate Satellaview cartridges. As Video Game History Foundation founder Frank Cifaldi put it on Twitter, “finding 3 different ones from 1 seller is a miracle.”

Preservationists including Cifaldi and Matthew Callis sought out donations to help win the auctions and preserve the game data for future generations. Yesterday morning, the group announced it had won all four cartridges for a total of ¥85,500 (about $813.08, as reported by Kotaku). “Still missing most of Nintendo’s Satelleview [sic] output, but at least we’ve got most of the Kirbys now,” as Cifaldi put it.

A growing digital preservation problem

The quest to save today’s gaming history from being lost forever

The shaky fate of these early digital downloads likely points to future issues we’ll face when it comes to longterm preservation of modern games distributed exclusively as downloads. Last year, Sony shut down PlayStation Mobile, cutting off access to plenty of great Vita titles from smaller indie publishers. Xbox Live’s Indie Games program will fully shut down in 2017, leaving quite a few hidden gems of its own without an online home. And Apple has begun the process of culling “problematic and abandoned” older games from the App Store, continuing a process of game removal already started by many iOS game publishers themselves.

When Sony, Microsoft, and Nintendo eventually shut down their PS3, Xbox 360, and Wii servers for good, hundreds of digital download games will only exist as scattered copies on various console hard drives. That’s already happening with games like P.T., Konami’s free cult horror classic that was pulled down from PSN unceremoniously in 2015. That move led to a spike in prices for secondhand PS4 consoles that happened to have the game trapped on their hard drives.

Sure, we’ll likely be able to find copies of many of the biggest and most popular of these digital-exclusive games in order to export them to a more permanent and emulatable archival format (a recent DMCA decision makes this whole process easier when it comes to mimicking authentication servers). But as servers go offline and games are scattered among myriad distinct consoles, assembling anything close to a complete understanding of today’s digital game marketplace is going to get very tough very quickly. As is the case with many early films that have been lost forever, we may not know what hidden gaming treasures have been lost to history.