HP recalls 101,000 laptop batteries due to fire concerns

HP is asking the owners of some laptop models to send their batteries in for a replacement to make sure their devices don’t catch fire. The US Consumer Product Safety Commission (CPSC) has issued a notice about the recall, which affects around 101,000 computers. Those who have HP, Compaq, HP ProBook, HP ENVY, Compaq Presario and HP Pavilion laptops purchased between March 2013 and October 2016 may want to check their lithium-ion battery. If its bar code starts with 6BZLU, 6CGFK, 6CGFQ, 6CZMB, 6DEMA, 6DEMH, 6DGAL or 6EBVA, the company says the best course of action is to pull it out and contact HP for a free replacement.

According to the CPSC notice, HP has received an “additional report of the battery overheating, melting and charring and causing about $1,000 in property damage.” The electronics maker issued a recall for 41,000 batteries in June 2016, but this new report compelled it to do another round. Lithium-ion batteries are prone to overheating and catching fire — the Samsung Note 7 fiasco is the perfect example — and this is far from the first time HP’s had battery troubles. It recalled hundreds of thousands of batteries over the past few years for the same reason. And until the electronics industry finds a better battery tech or a way to prevent lithium-ion-related fiery mishaps, tech companies will have to continue dealing with the same issue.


Google Maps may soon show how difficult parking is near your destination

From ARS:

Enlarge / Parking information shown in Google Maps v9.44 beta.

You can already find out a lot about your commute by using Google Maps, and you soon may be able to find out how hard it will be to find a parking place once you arrive at your destination. Android Police is reporting a new feature present for some users in the Google Maps v9.44 beta that details parking information near your destination when you set driving directions.

When you first set a destination, a parking availability indicator appears next to your estimated driving time in the form of a “P” symbol. There appear to be three levels of parking availability: “easy,” “medium,” and “limited” for areas where parking is typically hard to come by. During your drive, you can expand the turn-by-turn directions to see a more detailed explanation of your destination’s parking situation. While the descriptions are not real-time indicators of the parking situation you’re driving into, they do tell you how easy it “usually” is to find a parking spot near your destination.

According to Android Police’s report, parking information currently shows up for public places like shopping centers and airports. There’s no telling how many users have access to the parking information feature yet, or where it’s being rolled out to first. We downloaded the v9.44 beta in the New York City/Long Island area to a Samsung Galaxy S7, and parking information did show up. Give it some more time if you’re using the v9.44 beta and don’t see parking information yet.


Online databases dropping like flies, with over10k falling to ransomware groups

From ARS

More than 10,000 website databases have been taken hostage in recent days by attackers who are demanding hefty ransoms for the data to be restored, a security researcher said Friday.

The affected data is created and stored by the open source MongoDB database application, according to researchers who have been tracking the ongoing attacks all week. On Monday, Victor Gevers, co-founder of the GDI Foundation, reported finding 200 such databases that had been deleted. By Tuesday, John Matherly, founder of the Shodan search engine increased the estimate to 2,000 databases, and by Friday, fellow researcher Niall Merrigan updated the count to 10,500.

Misconfigured MongoDB databases have long exposed user password data and other sensitive information, with the 2015 breach of scareware provider MacKeeper that exposed data for 13 million users being just one example. With the surge in ransomware-style attacks—which threaten to permanently delete or encrypt data unless owners pay a fee—hacks targeting MongoDB are seeing a resurgence. Many poorly secured MongoDB databases can be pinpointed using Shodan, which currently shows 99,000 vulnerable instances.When the ransom-style attacks targeting MongoDB databases first came to light, they were mostly carried out by someone using the online handle Harak1r1. The individual or group was deleting vulnerable databases and promising to restore them if owners paid around $200 in Bitcoin. Over time, other attackers have taken part in similar attacks, in some cases replacing a rival’s ransom demand with one of their own. A list of the best-known attackers is here. In all, the attackers have compromised about 10,500 databases. Promises to restore the databases in return for a ransom payment are dubious, since there’s no evidence the attackers copied the data before deleting it.

MongoDB maintainers have responded to the reports with a blog post explaining how to detect and respond to attacks. People who administer websites that use MongoDB should ensure they’re avoiding common pitfalls by, among other things, blocking access to port 27017 or binding local IP addresses to limit access to servers.


Google Doesn’t Want My $900!

On November 27th I gave in to temptation and order a Google Pixel.  It’s everything I want in a phone and they had a good financing deal.

The phone was back ordered but I ordered it anyway.  I could wait a few weeks.

A week after placing the ordering using Googles own financing program I get an email on the 7th telling me the order is on hold.

I call and get a very very very confused woman with a foreign accent on the line.  She seems unable to understand the issue.  I keep explaining I have no bank to contact about payment, I was approved for their own Financing.  I ask to speak with a  supervisor.  I’m put on hold for a looong time.  The same girl comes back on and explains it was just a glitch and to ignore the e-mail.

The next day my phone rings I answer it and no one is there.  I look up the number and it turns out it is Google.  I call them back talk to another girl with an accent who tells me everything is fine and the payment has processed and the phone will ship eventually.

Today on the 11th I wake up to an e-mail telling me the order has been canceled.  

I call I’m told they tried to process the payment 5 times and it failed.  

So lets look at that closely.  

First, it’s a payment from their own bank that was approved solely for this purchase.

Second, it’s the total opposite of what I was told the TWO times I contacted them.

Third, I checked the status of my order multiple times daily and this issue was never indicated anywhere.

I waited two hours for a supervisor to call me back.  I finally called back and now was told I have to wait another two hours for a supervisor to call me back.

I have never in my life had a company go out of their way to make it impossible for me to purchase from them. 


Newly discovered router flaw being hammered by in-the-wild attacks

 

Update and secure your routers.  If you don’t know how to do it you can schedule an appointment with us.

From Ars

Online criminals—at least some of them wielding the notorious Mirai malware that transforms Internet-of-things devices into powerful denial-of-service cannons—have begun exploiting a critical flaw that may be present in millions of home routers.

FURTHER READING
How one rent-a-botnet army of cameras, DVRs caused Internet chaos
Routers provided to German and Irish ISP customers for Deutsche Telekom and Eircom, respectively, have already been identified as being vulnerable, according to recently published reports from researchers tracking the attacks. The attacks exploit weaknesses found in routers made by Zyxel, Speedport, and possibly other manufacturers. The devices leave Internet port 7547 open to outside connections. The exploits use the opening to send commands based on the TR-069 and related TR-064 protocols, which ISPs use to remotely manage large fleets of hardware. According to this advisory published Monday morning by the SANS Internet Storm Center, honeypot servers posing as vulnerable routers are receiving exploits every five to 10 minutes.

SANS Dean of Research Johannes Ullrich said in Monday’s post that exploits are almost certainly the cause behind an outage that hit Deutsche Telekom customers over the weekend. In a Facebook update, officials with the German ISP said 900,000 customers are vulnerable to the attacks until they are rebooted and receive an emergency patch. Earlier this month, researchers at security firm BadCyber reported that the same one-two port 7547/TR-064 exploit hit the home router of a reader in Poland. They went on to identify D1000 routers supplied by Eircom as also being susceptible and cited this post as support. The Shodan search engine shows that 41 million devices leave port 7547 open, while about five million expose TR-064 services to the outside world.

FURTHER READING
Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net
The attacks started shortly after researchers published attack code that exploited the exposed TR-064 service. Included as a module for the Metasploit exploitation framework, the attack code opens the port 80 Web interface that enables remote administration. From there, devices that use default or otherwise weak authentication passwords can be remotely commandeered and made to join botnets that carry out Internet-crippling denial-of-service attacks.
BadCyber researchers analyzed one of the malicious payloads that was delivered during the attacks and found it originated from a known Mirai command-and-control server.

“The unusual application of TR-064 commands to execute code on routers has been described for the very first time at the beginning of November, and a few days later a relevant Metasploit module had appeared,” BadCyber researchers wrote in a blog post. “It looks like someone decided to weaponize it and create an Internet worm based on Mirai code.”

All bases covered

To infect as many routers as possible, the exploits deliver three separate exploit files, two tailored to devices running different types of MIPS chips and a third that targets routers with ARM silicon. Just like the Metasploit code, the malicious payloads use the exploit to open the remote administration interface and then attempt to log in using three different default passwords. The attack then closes port 7547 to prevent other criminal enterprises from taking control of the devices.