Open post

Users complain of account hacks, but OkCupid denies a data breach

It’s bad enough that dating sites are a pit of exaggerations and inevitable disappointment, they’re also a hot target for hackers.

Dating sites aren’t considered the goldmine of personal information like banks or hospitals, but they’re still an intimate part of millions of people’s lives and have long been in the sights of hackers. If the hackers aren’t hitting the back-end database like with the AdultFriendFinder, Ashley Madison and Zoosk breaches, the hackers are trying break in through the front door with leaked or guessed passwords.

That’s what appears to be happening with some OkCupid accounts.

A reader contacted TechCrunch after his account was hacked. The reader, who did not want to be named, said the hacker broke in and changed his password, locking him out of his account. Worse, they changed his email address on file, preventing him from resetting his password.

OkCupid didn’t send an email to confirm the address change — it just blindly accepted the change.

“Unfortunately, we’re not able to provide any details about accounts not connected to your email address,” said OkCupid’s customer service in response to his complaint, which he forwarded to TechCrunch. Then, the hacker started harassing him with strange text messages from his phone number that was lifted from one of his private messages.

It wasn’t an isolated case. We found several cases of people saying their OkCupid account had been hacked.

Another user we spoke to eventually got his account back. “It was quite the battle,” he said. “It was two days of constant damage control until [OkCupid] finally reset the password for me.”

Other users we spoke to had better luck in getting their accounts back. One person didn’t bother, he said. Even disabled accounts can be re-enabled if a hacker logs in, some users found.

But several users couldn’t explain how their passwords — unique to OkCupid and not used on any other app or site — were inexplicably obtained.

“There has been no security breach at OkCupid,” said Natalie Sawyer, a spokesperson for OkCupid. “All websites constantly experience account takeover attempts. There has been no increase in account takeovers on OkCupid.”

Even on OkCupid’s own support pages, the company says that account takeovers often happen because someone has an account owner’s login information. “If you use the same password on several different sites or services, then your accounts on all of them have the potential to be taken over if one site has a security breach,” says the support page.

That describes credential stuffing, a technique of running vast lists of usernames and passwords against a website to see if a combination lets the hacker in. The easiest, most effective way against credential stuffing is for the user to use a unique password on each site. For companies like OkCupid, the other effective blocker is by allowing users to switch on two-factor authentication.

When asked how OkCupid plans to prevent account hacks in the future, the spokesperson said the company had “no further comment.”

In fact, when we checked, OkCupid was just one of many major dating sites — like Match, PlentyOfFish, Zoosk, Badoo, JDate and eHarmony — that didn’t use two-factor authentication at all.

As if dating wasn’t tough enough at the best of times, now you have to defend yourself from hackers, too.

Open post

Melling Tech Tips for GM LS Lifter Issues

If you are working on a GM LS engine, watch this tech tip video featuring Melling’s tech director Cale Risinger talking about Melling JB-7011 lifters.

The Melling tech department is finding that customers are experiencing repeat AFM lifter failures. Please carefully review this video to assist when rebuilding an LS engine with a failed AFM lifter. They can be identified by the compressed state of the exterior spring. This indicates an issue with the VLOM manifold assembly.  This includes the VLOM filter and the solenoids.

Proper attention will assure that a repeat occurrence will not happen. Melling is finding its customers are experiencing repeat AFM lifter failures when the VLOM system is not properly serviced when the lifters are replaced.

How to talk to tech support about malware (and other hacks)

Who among us has never lost his composure when talking to a technical-support representative on the phone? In times of stress, it can be extremely difficult to control one’s anxiety and temper. Yet even when we feel like our world is crashing down—even when we discover that we’ve exposed our bank log-in credentials through a phishing attack, and we’re trying desperately to find someone who can help before our funds are drained—we need to keep a lid on our emotions, respecting the person who’s on the other end of the line.

Maintaining one’s composure while in a stressful situation isn’t easy; it requires the right frame of mind. These 10 simple meditations have helped me get into that zone with support representatives, such that I’ve been able to more effectively communicate and efficiently receive the help I’ve needed. So next time you dial an 800 number during a time of crisis, keep these thoughts in mind.

1. I have time

Technical calls are rarely completed as quickly as we would like. The act of talking to a customer rep—giving information, getting information, clarifying, and repeating—is a dance. And sometimes, it’s an aggravatingly slow dance. Keep in mind that it is one the rep would also like to end quickly, as most reps’ success is measured on the number of calls per hour they resolve.

2. The phone tree does not hate me

Before you talk to a support rep, you will likely have to navigate a phone maze, replying to robotic prompts with button presses or specific words. Hacks can be highly personal attacks, and communicating with a robot gatekeeper is rarely a reassuring experience. Attempt to remain calm. Work with the system, not against it. This will make the trial of the phone tree pass more quickly.

3. I am open

When you finally are on the line with a support rep equipped to help you, answer his or her questions openly and honestly. Try not to get (or act) annoyed if you have to repeat yourself. Do not raise your voice if asked to elaborate. Try not to roll your eyes when the rep asks if you have reused your password on other systems.  Allow the person on the phone to catch up to you.

4. I will allow the rep to act through me

Follow the rep’s instructions, step by step. Yes, even logging out and then logging back in again.

5. The rep is a human being…

The person on the phone was not put in the job to make your life worse. Quite the contrary. He or she is trying to help you securely get back to your life. Even if the rep speaks with a thick accent you can barely understand.

6. …who has one of the worst jobs out there

Most people the rep attempts to help are fearful, or angry, or both, and they dump negativity onto reps without a care for them. This takes a toll. If you can show a little empathy, the rep is more likely to help resolve your issue with speed and cheer. You might also brighten her day. In the midst of all the difficulty, isn’t that worth something?

7. I’m playing a role too

Many tech and customer support people have limited autonomy. They typically follow a script—and they may get penalized for diverting from it. In this script, you are merely an actor. While you can go in a few directions with your role, opening up particular prewritten adventures for the rep to take you on, in most cases, you cannot rewrite the script on the fly. Play your part.

8. Sometimes, we can transcend our fate

The script of technology is incomplete, and it is possible that your role is not one of the preordained. The rep you are speaking with may choose, or be directed, to elevate your issue to a higher power (technically to a Tier 2, or even Tier 3, support rep). If you are transferred to one of these loftier beings, you may have to backtrack and repeat some of the work you have done with your Tier 1 rep. These are the wages of being elevated.

9. I can always leave

A phone support rep will not hang up on you. They cannot—not if they want to remain employed. There is nothing stopping you, however, from hanging up. You have the power in the transaction; use it wisely. Furthermore, if you really don’t like how the rep and the company is treating you, you can take your business elsewhere (once your current issue is solved). The rep knows this—and knows that his job exists to make sure that you do not do that. Allow him to help, if you can—and he they can.

10. I will experience gratitude

Mostly, remember this: The person trying to help you is trying to help you. She wants your virus gone, the malware attack thwarted, your account restored—almost as much as you do. As one rep I interviewed told me about the job, “It feels really good when I solve a problem that was ruining somebody’s day.” That mind-set itself is worthy of appreciation and heartfelt thanks.

Open post

Justice Department accuses Chinese spies of hacking into dozens of US tech and industry giants

The Justice Department has unsealed a damning indictment that links to spies working for the Chinese government an aggressive campaign to hack into U.S. tech and industry giants.

The indictment, out Thursday, accuses China’s main intelligence agency — the Ministry of State Security — of hacking into dozens of tech companies and government departments, largely in an effort to steal intellectual property. Prosecutors said the hackers were part of a Beijing-backed group, dubbed APT10, which various security companies had previously linked to China.

Zhu Hua and Zhang Shilong, both nationals and residents of China, were charged with three counts each of computer hacking, conspiracy to commit wire fraud and aggravated identity theft.

None of the companies were named, but noted that the hackers targeted and “stole hundreds of gigabytes of sensitive data” in aviation, space and satellite technology, manufacturing, pharmaceutical and oil and gas exploration, as well as from communications and computer processor firms and maritime technology companies.

According to Reuters, the Chinese hackers successfully targeted Hewlett Packard Enterprise, IBM and their customers. But only the NASA Goddard Space Center and the space agency’s Jet Propulsion Lab were named in the filing.

The indictment also said the hackers stole personally identifiable information — including names, dates of birth, email addresses, salary information and Social Security numbers — on more than 100,000 U.S. Navy personnel.

The hackers used spearphishing — or highly targeted phishing campaigns — to install malware using malicious Microsoft Word documents and steal data from targeted computers, the indictment reads. Others used keyloggers to steal usernames and passwords to break into employees’ accounts.

“We want China to cease illegal cyber activities and honor its commitment to the international community, but the evidence suggests that China may not intend to live up to its promises.” said U.S. deputy attorney general Rod Rosenstein, in remarks at the Justice Department in Washington, DC.

The latest indictments come as tensions between the U.S. and China have increased following the arrest of Huawei’s chief financial officer Meng Wanzhou in Canada, after being accused of fraud by the U.S. She faces up to 30 years in prison if found guilty.

Prosecutors said that China was conducting its “extensive” hacking campaign over the last three years. With this indictment, the Trump administration has effectively scrubbed an Obama-era bilateral agreement, signed by President Obama and China’s premier Xi Jinping in 2015, under which the two countries agreed not to launch hostile cyberattacks and espionage.

Dmitri Alperovitch, chief technology officer at CrowdStrike, which has tracked APT10 in recent years, called the Justice Department’s move “unprecedented and encouraging” to take action against China.

“Today’s announcement of indictments against Ministry of State Security (MSS), whom we deem now to be the most active Chinese cyber threat actor, is another step in a campaign that has been waged to indicate to China that its blatant theft of IP is unacceptable and will not be tolerated,” he said. “While this action alone will not likely solve the issue and companies in US, Canada, Europe, Australia and Japan will continue to be targeted by MSS for industrial espionage, it is an important element in raising the cost and isolating them internationally.”

The U.K. government also said in a statement that it is “holding responsible elements of the Chinese government for an extensive cyber campaign.”

“The National Cyber Security Centre assesses with the highest level of probability that the group widely known as APT10 is responsible for this sustained cyber campaign focused on large-scale service providers,” said a statement from the U.K.’s Foreign Office. “The group almost certainly continues to target a range of global companies, seeking to gain access to commercial secrets.”

U.K. Foreign Secretary Jeremy Hunt called the hacking campaign “one of the most significant and widespread cyber intrusions against the UK and allies uncovered to date.”

Several other allied nations, including Japan and Australia, are expected to release statements to support the U.S. indictment.

Prosecutors conceded that prosecutions are unlikely, given that the named hackers are Chinese residents and extraditions are rare. Thursday’s indictment represents the department’s latest in “name and shame” charges, designed to instead restrict the international travels of those named in the filing but also send a warning to others.

“We hope the day will come when the defendants face justice under the rule of law in a federal courtroom,” said Rosenstein.

China has long rebuffed complaints from other nations accusing it of cyberattacks and espionage, but didn’t immediately comment on Thursday’s indictment.

Open post

Ford Tech Tip: Squeaking Noise When Making Right Turns During Slow Parking Lot Maneuvers

Models:
2011-’12 Ford Edge and Lincoln MKX

Condition:
Some 2011-’12 Edge and MKX vehicles may experience a squeaking noise coming from the front of the vehicle when turning right at slow parking lot maneuvers.

Figure 1

Repair Procedure:
1. Inspect the roll restrictor heat shield for witness marks that indicate contact was made with the engine roll restrictor-to-subframe retaining bolt head (see Figure 1).
a. If witness marks are present on the roll restrictor heat shield, proceed to Step 2.
b. If no witness marks are present on the roll restrictor heat shield, do not continue with this article. Refer to Workshop Manual (WSM), Section 100-04 for normal diagnostics.

Figure 2

2. Increase the air gap between the engine roll restrictor-to-subframe retaining bolt and roll restrictor heat shield by performing the following steps.
a. Place a 3/4” block of wood or equivalent to support the tip of the roll restrictor heat shield to ensure the exhaust pipe to roll restrictor heat shield clearance is not reduced (Figure 2).
b. Place a flat-bladed screwdriver on the engine roll restrictor-to-subframe retaining bolt head.
c. Reposition the roll restrictor heat shield away enough to gain 1/4” of clearance.
d. Remove the block of wood and ensure there is a minimum of 15 mm (19/32”) of clearance between the exhaust pipe and roll restrictor heat shield.

Courtesy of Mitchell 1.

Open post

Two-Minute Motocross Tech Tip With Travis Parry

TWO-MINUTE TECH TIP | COMPLETE ARCHIVE

Would you like to cut down on the amount of time you spend working on your bike? Think that a few pointers from a professional race team technicians would help out when it’s time to spin the T-handles? We’ve thought the same things during the days at the track and in the garage, so we decided to tap into the knowledge of mechanics for a new feature. The concept we came up with is to share a tech tip that would cost almost no money or would help ease the difficulty of a routine maintenance task. For our first post, we asked Monster Energy Kawasaki mechanic Travis Parry for advice and he was quick to point out the way he protects the front brake line on the Kawasaki KX450 motorcycles that are raced by Josh Grant and Tyler Bowers. Take it away, TP…

“I wrap black electrical tape around the brake lines on all of my bikes. When I worked at RCH, I saw that Oscar Wirdeman was doing it to his brake lines. It keeps the brake lines nice because they aren’t getting hit directly by the roost and I pull it off and reapply it when I build the bike each week. I went one entire Supercross season on one front brake line and it looked new at the end.”

“I apply it from the top, just below the top clear sheathing and the shrink wrap on the brake line, all of the way down. Another thing we do is we wrap the inside of the brake line guide on the front number plate with a piece of material, the soft side of Velcro. This keeps the plastic and the brake line from wearing on each other.”

Open post

American Manganese completes recycling of 100% of cathode materials

American Manganese (TSX.V: AMY; FRANK: 2AM) announced that it has successfully completed the recycling of 100% of cathode materials (Co, Ni, Mn, Al) and 92% of lithium from its US Patent Pending recycling application.

In a press release, CEO Larry Reaugh said that the company has also produced rechargeable lithium-ion cobalt and lithium nickel manganese button cell batteries from that recycled cathode material.

“Management has been studying ways to capitalize on the company’s technologies working toward developing positive cash flow. One such opportunity may exist in recycling unused cathodes. Industry sources have shown that up to 10% of manufactured lithium ion battery cathodes are rejected for use. The rejected cathodes, termed ‘scrap,’ consist of the aluminum foil backing and the cathode metal powder which we believe can be recycled into usable cathode material using AMI’s patent-pending process,” Reaugh explained.

The monetary values (per 500 kg) of the metals recovered from electric vehicle lithium ion batteries are $5,947 for lithium cobalt, $2,347.00 for nickel manganese cobalt, and $1,585.00 for nickel cobalt aluminum.

The numbers show a ‘significant increase’ in post-consumer electric vehicle battery value, compared to January of 2017. This is due, according to American Manganese’s CEO, to the increase in the price of cobalt from $35.02 to $58.50/kg over the past six months.

“Cobalt is currently under severe supply side pressure, and is expected to remain undersupplied. According to the Cobalt Development Institute the battery industry consumes 41% of global cobalt supply. Over the next ten years, that usage is expected to increase to above 65%,” Reaugh said and added that such increase in anticipated demand, will result in recycling being an important part of the supply solution to an emerging cobalt shortage.

The executive also announced that in early 2018, the company intends to build and begin operating a hydrometallurgical plant to prove continuous recovery of cathode material. The plant will be able to recycle up to 4000 tons of cobalt from spent lithium-ion batteries each year – with a market value of over US$ 230 million.

Scroll to top