Connect with us

Biz & IT

Google Assistant picks up a few new tricks

Published

on

Google Assistant, the voice-driven AI that sits inside Google Home (plus Android phones, newer Nest cameras and a bunch of other devices) and awaits your “Hey, Google” commands, is already pretty clever. That doesn’t mean it can’t learn a few new tricks.

In a quick press briefing this week, Google told us a couple of new abilities Assistant will pick up in the coming weeks.

First, and perhaps most interestingly: routines can now be set to trigger the moment you dismiss an alarm on your phone. Routines are basically Google Assistant combo moves; you build them to trigger multiple actions at once. You can build a “Hey Google, I’m going to bed” command, for example, that turns off your smart lights, shuts down the TV and locks your smart locks. For a while now, you’ve been able to have routines triggered at specific times; now you can have them triggered by alarm dismissal.

The difference? If you snooze the alarm on your phone, the routine won’t go off just yet. So you can build a routine, for example, that turns on the lights and starts reading the news — but now it can go off when you’re really getting out of bed, roughly two snooze-buttons after when you probably should’ve gotten up. You’ll find this one hiding in Android’s Clock app.

Another feature, meanwhile, is getting an upgrade: broadcasts. If you’ve got multiple Google Home devices around your house, you can already “broadcast” to all of them to make house-wide announcements like “Dinner’s ready!” or “help I need toilet paper downstairs” (THE FUTURE!). Now you can broadcast messages back to your home while out and about via Google Assistant on your phone, and people inside the home can respond. You can say, “Hey Google, broadcast ‘Do we need milk?’” and anyone inside your house can say “Hey Google, reply ‘no but please get eggnog, come on, please, it’s basically December, you said we could get eggnog in December.’ ”

Broadcast replies will be sent back to your phone as a voice message and a transcription.

Google is also starting to introduce “character alarms” — which are, as the name implies, alarms voiced by popular characters. Right now they’re adding the heroes in a half shell from Nickelodeon’s “Rise of the Teenage Mutant Ninja Turtles,” and a bunch of LEGO animated series characters (alas, no LEGO Batman.) They’ll presumably expand this with more licenses if it proves popular.

And if you listen to podcasts or audiobooks on your Google Assistant devices, you can now adjust the playback speed by saying “Hey Google, play at 1.5x” or “1.8x” or whatever you want up to twice the speed. “Play faster” or “Play slower” also works if you’re not feeling specific.

Oh, and for good measure: Google Assistant can now silence all the phones in your house (or, at least, the Android phones tied to your Google account) with a quick “Hey Google, silence the phones” command.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

A white supremacist website got hacked, airing all its dirty laundry

Published

on

Enlarge / Patriot Front members spray painting in Springfield, IL.

Unicornriot.ninja

Chat messages, images, and videos leaked from the server of a white supremicist group called the Patriot Front purport to show its leader and rank-and-file members conspiring in hate crimes, despite their claims that they were a legitimate political organization.

Patriot Front, or PF, formed in the aftermath of the 2017 Unite the Right rally, a demonstration in Charlottesville, Virginia, that resulted in one death and 35 injuries when a rally attendee rammed his car into a crowd of counter-protesters. PF founder Thomas Rousseau, started the group after an image posted online showed the now-convicted killer, James Alex Fields, Jr., posing with members of Vanguard America shortly before the attack. Vanguard America soon dissolved, and Rousseau rebranded it as PF with the goal of hiding any involvement in violent acts.

Since then, PF has strived to present itself as a group of patriots who are aligned with the ideals and values of the founders who defeated the tyranny of British colonists in the 18th century and paved the way for the United States to be born. In announcing the the formation of PF in 2017, Rousseau wrote:

The new name was carefully chosen, as it serves several purposes. It can help inspire sympathy among those more inclined to fence-sitting, and can be easily justified to our ideology [sic] and worldview. The original American patriots were nothing short of revolutionaries. The word patriot itself comes from the same root as paternal and patriarch. It means loyalty to something intrinsically based in blood.

Turbo cans and rubber roofing cement

But a published report and leaked data the report is based on present a starkly different picture. The chat messages, images, and videos purport to show Rousseau and other PF members discussing the defacing of numerous murals and monuments promoting Black Lives Matter, LGBTQ groups, and other social justice causes.

This chat, for instance, appears to show a PF member discussing the targeting of a civil rights mural in Detroit. When a member asks what the best way is to fully cover up a mural with paint, Rousseau is shown replying “It’s in the stencil guide. Turbo cans.” The stencil guide refers to these instructions provided to PF members showing how to effectively use spray paint and not get caught. The PF member also sent Rousseau pictures taken while scouting the mural.

When a different member discussed whether rubber roofing cement was suitable to covering a George Floyd memorial that had been treated with anti-graffiti clear coating, Rousseau allegedly responded: “Keep me posted as to your research and practice with this substance. Orders will be given out at the event.”

The data dump also appears to document the defacing of a monument in Olympia, Washington.

What it looked like before.
Enlarge / What it looked like before.

Unicorn.ninja

What it looked like after.
Enlarge / What it looked like after.

Unicorn.ninja

The leaked data purports to show a range of other illegal activities the group discussed. They include Rousseau informing members planning a rally in Washington DC that one participant will call 911 from a burner phone and make a false report to authorities.

“He will cite that there is a protest, he sees shields BUT NO WEAPONS, and everyone involved appears to be behaving peacefully, waving and handing out flyers, nonetheless he is a concerned citizen and suggests the police take a look into it to ensure everyone’s civil rights are safe,” Rousseau appeared to write. “He will add that it looks like we just arrived from the metro. This will soften the police up before our big visual contact on the bridge, and provide a little confusion and misinfo that’s within the realm of honest dialogue.”

Attempts to reach Rousseau or other PF members didn’t succeed.

Friday’s published report said that the leak comprised about 400 gigabytes of data and came from a self-hosted instance of RocketChat, an open source chat server that’s similar to Slack and Discord. It’s only the latest example of a hate group being hacked and its private discussions being dumped online. In 2019, the breach of the Iron March website revealed, among other things, that many of its members were members of the US Marines, Navy, Army, and military reserves.

Continue Reading

Biz & IT

Supply chain attack used legitimate WordPress add-ons to backdoor sites

Published

on

Getty Images

Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on “quite a few” sites running the open source content management system.

The backdoor gave the attackers full administrative control of websites that used at least 93 WordPress plugins and themes downloaded from AccessPress Themes. The backdoor was discovered by security researchers from JetPack, the maker of security software owned by Automatic, provider of the WordPress.com hosting service and a major contributor to the development of WordPress. In all, Jetpack found that 40 AccessPress themes and 53 plugins were affected.

Unknowingly providing access to the attacker

In a post published Thursday, Jetpack researcher Harald Eilertsen said timestamps and other evidence suggested the backdoors were introduced intentionally in a coordinated action after the themes and plugins were released. The affected software was available by download directly from the AccessPress Themes site. The same themes and plugins mirrored on WordPress.org, the official developer site for the WordPress project, remained clean.

“Users who used software obtained directly from the AccessPress website unknowingly provided attackers with backdoor access, resulting in an unknown number of compromised websites,” Ben Martin, a researcher with Web security firm Sucuri, wrote in a separate analysis of the backdoor.

He said the tainted software contained a script named initial.php that was added to the main theme directory and then included in the main functions.php file. Initial.php, the analysis shows, acted as a dropper that used base64 encoding to camouflage code that downloaded a payload from wp-theme-connect[.]com and used it to install the backdoor as wp-includes/vars.php. Once it was installed, the dropper self-destructed in an attempt to keep the attack stealthy.

The Jetpack post said evidence indicates that the supply chain attack on AccessPress Themes was performed in September. Martin, however, said evidence suggests the backdoor itself is much older than that. Some of the infected websites had spam payloads dating back nearly three years. He said his best guess is that the people behind the backdoor were selling access to infected sites to people pushing web spam and malware.

He wrote, “With such a large opportunity at their fingertips, you’d think that the attackers would have prepared some exciting new payload or malware, but alas, it seems that the malware that we’ve found associated with this backdoor is more of the same: spam, and redirects to malware and scam sites.”

The Jetpack post provides full names and versions of the infected AccessPress software. Anyone running a WordPress site with this company’s offerings should carefully inspect their systems to ensure they’re not running a backdoored instance. Site owners may also want to consider installing a website firewall, many of which would have prevented the backdoor from working.

The attack is the latest example of a supply chain attack, which compromises the source of a legitimate piece of software rather than trying to infect individual users. The technique allows miscreants to infect large numbers of users, and it has the benefit of stealth, since the compromised malware originates from a trusted provider.

Attempts to contact AccessPress Themes for comment were unsuccessful.

Continue Reading

Biz & IT

Red Cross implores hackers not to leak data for 515k “highly vulnerable people”

Published

on

Getty Images

The Red Cross on Wednesday pleaded with the threat actors behind a cyberattack that stole the personal data of about 515,000 people who used a program that works to reunite family members separated by conflict, disaster or migration.

“While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them,” Robert Mardini, the director-general of the International Committee for the Red Cross, said in a release. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”

Wednesday’s release said the personal data was obtained through the hack of a Switzerland-based subcontractor that stores data for the Red Cross. The data was compiled by at least 60 different Red Cross and Red Crescent National Societies worldwide. The ICRC said it has no “immediate indications as to who carried out this cyber-attack” and is so far unaware of any of the compromised information being leaked or shared publicly.

Those affected had used Restore Family Links, a service the Red Cross operates in cooperation with the Red Crescent to reunite families. On Wednesday, the site was down. The Internet Archive last updated it on December 27, raising the possibility of the breach occurring a few weeks ago.

The release provided few details about the attack. It’s not clear if it was done by profit-motivated ransomware criminals, nation-state hackers, or others. Over the past few years, a rash of ransomware breaches has hit healthcare providers, forcing them in many cases to reroute ambulances and cancel elective surgeries. In 2020, the ICRC helped lead a coalition that called on nations around the world to crack down on cyberattacks involving hospitals and healthcare providers.

Last September, the ICRC confirmed it was on the receiving end of a hack the previous April that compromised login credentials and other data that could be used to target agencies within the intergovernmental organization. The earliest known date the hackers obtained access to the UN’s systems, Bloomberg News reported, was April 5, and the hackers remained active through at least August. The breach came to light when private researchers noticed login credentials for sale on the dark web.

Continue Reading

Trending