Dec 19, 2016

50 isn’t the new 40: It’s a sticky wicket once you get past fifty

In a little over a fortnight, I’ll be turning 50. And let’s be clear about this — 50 is not the new 40, or the new 30, or this season’s orange or the new black. Fifty is just 50, and it sucks. Half a century, the big five-o, call it what you will, the plain fact of the matter is, barring exceptional genetics and some luck, your life is way more than half over and there’s not much to look forward to except a long slow slide into decrepitude, forgetfulness and aching in the places where you used to play.
More people you know, and more of your heroes, start dying. You talk about the television shows and movies you grew up with, and get blank stares from younger folk (call yourself a millennial and I’ll punch you on the nose). You might still feel 21 inside, but you get out of a taxi in slow motion and you have become strangely invisible to the opposite sex (unless you are turning 50 and a squillionaire, in which case, party on, Bruce Wayne).
You stop going to bars and clubs, because everyone is younger and better looking and you can’t understand a damned thing they are saying anyway, even if you could hear them. It’s pointless going to restaurants because you can’t read the menu, and by the time the waiter deigns to notice you, you’ve forgotten what you wanted to order.
All your friends are married, often several times over, and are becoming grandparents at a rate of knots (or dealing with their daughter’s puberty and their wife’s menopause at the same time). If, like me, you find yourself a swinging single at 50 (well, parts of you that never used to now keep swinging after the music stops) you face a terrifying new world of dating apps, where Snapchat is the new chat-up, Tinder isn’t something you use to start a fire and Grindr isn’t just the reason you need false teeth.
Slim-fit jeans are no longer an option, a Michelin Man roll of lard settles around your middle that simply won’t be shifted, and putting on socks becomes a physical challenge, involving grunts, groans, torn hamstrings and wrecked backs. (Pro tip: lie back on the bed, feet in the air, and apply sockage, to avoid hamstring and back injuries. There may still be grunts and groans.)
You consider buying a belt-maker’s leather punch so you can put that extra hole in your belt without skewering your finger on the pointy end of your scissors. You know you have to exercise — and let’s not forget, procrastination is a form of exercise, like denial is a river in Egypt — but you no longer bother with macho pursuits like running marathons, kiteboarding or surfing, and instead opt for walking, cycling, lawn bowls or sports involving carts with someone to do the heavy lifting and tell you when it’s cocktail hour. Aching limbs take longer to stop aching, and the hangovers get exponentially more brutal.
You are strolling down the street in good spirits when you see some bent and wrinkled old fart — and realise you went to school with them. Worse, you catch your reflection in a shop window, and it takes you a minute to realise the bent and wrinkled old fart is you. The end is nigh when younger folks start calling you “sir’’ or “ma’am” and stand up for you on the bus or train.
Your thatch may be silvered and thinning, but there’s plenty of new hair growth to deal with, on your back, up your nose and in your ears. Fifty Shades of Grey isn’t some risible cinematic sex romp but a backyard barbecue with your mates.
Old age and treachery may beat youth and exuberance, and youth may be wasted on the young, but then so is your codgerly wisdom and sage advice. Although there may be nuggets to glean from your contemporaries — never waste an erection, always take the opportunity to pee and be extra careful when you fart was the sum total of hard-won knowledge imparted by one
50-something friend. Take half a Viagra … so you don’t pee on your shoes, advised another.
But perhaps the worst thing about turning 50 is a creeping lassitude and a growing sense of weltschmerz with a light sprinkling of ennui. You stop worrying about all the things you were going to do by 50 and just think, bugger it. Your personal too-hard basket gets bigger and easier to put things in. For example, this column was to be 50 Reasons it Sucks to Be Turning 50. Instead, I give you a handful of half-baked reasons and some grumpy old man rambling 

Dec 17, 2016

NSW family burned in boat explosion

Three family members have suffered burns in an explosion aboard their boat on the NSW Central Coast.

The 35-year-old man, 34-year-old woman and their two sons, eight and seven, had just left the wharf when the blast occurred.

The woman, who suffered serious burns to her arms, legs and torso jumped into the water with the eight-year-old, who was burned on his legs.

The man received burns to his arms and legs. 


 A passing boatie helped get them back to shore before paramedics arrived.

The woman was airlifted to Westmead Hospital in a serious condition while the man and two children were taken by road.

The seven-year-old escaped injury but was treated for shock.

Officers from the NSW Police Marine Area Command have been tasked with determining the cause of the explosion.

Dec 5, 2016

Josh Frydenberg on who will pick up the battery storage tab | afr.com

Energy rules need to be changed to ensure households that don't embrace new technologies such as battery storage and solar photovoltaic systems are not left picking up the bill, federal Energy Minister Josh Frydenberg says.

As state and federal leaders prepare to discuss energy issues at next week's Council of Australian Governments meeting, Mr Frydenberg said the National Electricity Market had to change to adapt to the influx of new technologies such as wind and solar.

But he said while battery storage and PV systems were being embraced by some households and businesses, governments had an obligation to make sure non-solar/battery households were not slugged with the bill.

"While solar PV and battery storage can offer significant benefits to households and the network as a whole, it is important to get the pricing framework right, otherwise some households will be unfairly forced to pick up the tab for other people's choices," Mr Frydenberg said in a speech to the Australian National University's Energy Change Institute in Canberra on Tuesday.

Generous state feed-in tariffs for rooftop solar PV systems over the past decade – where solar households were subsidised to sell energy back into the grid – led to spike in electricity prices as network charges were passed on to non-solar households in the form of higher power bills. This led to state governments closing solar schemes or limiting them to new entrants.

Creating challenges

Mr Frydenberg said while consumers were "hungry" for new and more affordable technologies – such as battery storage or "neighbour to neighbour trading" – they were changing the way the NEM operated.

"This is creating challenges for fairly sharing the costs of supplying electricity," he said.

Mr Frydenberg said the state-wide black out in South Australian in September showed the challenges facing the NEM and the need to ensure the move towards renewables did not affect energy security.

While other countries around the world also faced the move from fossil fuels to lower emissions technologies, Australia's geographic isolation made it even more challenging, he said.

Other countries such as Germany, where wind and solar accounted for 20 per cent of the nation's energy needs, could tap into the wider European grid when the intermittent power was not operating at full capacity.

"This allows them to overcome some of the security and reliability challenges arising from a higher mix of intermittent renewables in the electricity system," Mr Frydenberg said.

Energy security

"Where Germany has far more options to manage its electricity supply through a wider European grid, the NEM is isolated. In Australia the challenge of balancing differing loads from the integration of intermittent renewable generation has to be managed much more closely and with fewer options."

The Finkel review into energy security, chaired by chief scientist Alan Finkel, is looking into how non-synchronous generation such as wind and solar can provide stable electricity supply, including the 50 hertz required for proper frequency, in the NEM.

A preliminary report from the Finkel review will be delivered to next week's COAG meeting, with the final report due in the first half of 2017.



Read more: http://www.afr.com/news/politics/josh-frydenberg-on-who-will-pick-up-the-battery-storage-tab-20161129-gszvgu#ixzz4Rv5ZGbTJ
Follow us: @FinancialReview on Twitter | financialreview on Facebook

Dec 1, 2016

More Than 1 Million Google Accounts Breached by Gooligan | Check Point Blog

As a result of a lot of hard work done by our security research teams, we revealed today a new and alarming malware campaign. The attack campaign, named Gooligan, breached the security of over one million Google accounts. The number continues to rise at an additional 13,000 breached devices each day.

Our research exposes how the malware roots infected devices and steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more.

Gooligan is a new variant of the Android malware campaign found by our researchers in the SnapPea app last year.

Check Point reached out to the Google Security team immediately with information on this campaign. Our researchers are working closely with Google to investigate the source of the Gooligan campaign.

info_3_revised_11-29-copy

“We’re appreciative of both Check Point’s research and their partnership as we’ve worked together to understand these issues,” said Adrian Ludwig, Google’s director of Android security. “As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall.”

Click here to read Adrian Ludwig’s complete statement on Gooligan.
We are very encouraged by the statement Google shared with us addressing the issue. We have chosen to join forces to continue the investigation around Gooligan. Google also stated that they are taking numerous steps including proactively notifying affected accounts, revoking affected tokens and deploying SafetyNet improvements to protect users from these apps in the future.

In the following sections, we provide more answers regarding the campaign.

Who is affected?

Gooligan potentially affects devices on Android 4 (Jelly Bean, KitKat) and 5 (Lollipop), which is over 74% of in-market devices today. About 57% of these devices are located in Asia and about 9% are in Europe.

info_4_revised_11-23-16

In our research we identified tens of fake applications that were infected with this malware. If you’ve downloaded one of the apps listed in Appendix A, below, you might be infected. You may review your application list in “Settings -> Apps”, if you find one of this applications, please consider downloading an antivirus product such as Check Point ZoneAlarm to check if you are indeed infected.

We have noticed that hundreds of the email addresses are associated with enterprise accounts worldwide.

How do you know if your Google account is breached?

You can check if your account is compromised by accessing the following web site that we created: https://gooligan.checkpoint.com/.

If your account has been breached, the following steps are required:

A clean installation of an operating system on your mobile device is required (a process called “flashing”). As this is a complex process, we recommend powering off your device and approaching a certified technician, or your mobile service provider, to request that your device be “re-flashed.”
Change your Google account passwords immediately after this process.
How do Android devices become infected?

We found traces of the Gooligan malware code in dozens of legitimate-looking apps on third-party Android app stores. These stores are an attractive alternative to Google Play because many of their apps are free, or offer free versions of paid apps. However, the security of these stores and the apps they sell aren’t always verified. Gooligan-infected apps can also be installed using phishing scams where attackers broadcast links to infected apps to unsuspecting users via SMS or other messaging services.

How did Gooligan emerge?

Our researchers first encountered Gooligan’s code in the malicious SnapPea app last year. At the time this malware was reported by several security vendors, and attributed to different malware families like Ghostpush, MonkeyTest, and Xinyinhe. By late 2015, the malware’s creators had gone mostly silent until the summer of 2016 when the malware reappeared with a more complex architecture that injects malicious code into Android system processes.

info_2_revised-11-23-16-copy

The change in the way the malware works today may be to help finance the campaign through fraudulent ad activity. The malware simulates clicks on app advertisements provided by legitimate ad networks and forces the app to install on a device. An attacker is paid by the network when one of these apps is installed successfully.

Logs collected by Check Point researchers show that every day Gooligan installs at least 30,000 apps fraudulently on breached devices or over 2 million apps since the campaign began.

How does Gooligan work?

The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device. Our research team has found infected apps on third-party app stores, but they could also be downloaded by Android users directly by tapping malicious links in phishing attack messages. After an infected app is installed, it sends data about the device to the campaign’s Command and Control (C&C) server.

Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153). These exploits still plague many devices today because security patches that fix them may not be available for some versions of Android, or the patches were never installed by the user. If rooting is successful, the attacker has full control of the device and can execute privileged commands remotely.

After achieving root access, Gooligan downloads a new, malicious module from the C&C server and installs it on the infected device. This module injects code into running Google Play or GMS (Google Mobile Services) to mimic user behavior so Gooligan can avoid detection, a technique first seen with the mobile malware HummingBad. The module allows Gooligan to:

Steal a user’s Google email account and authentication token information
Install apps from Google Play and rate them to raise their reputation
Install adware to generate revenue
Ad servers, which don’t know whether an app using its service is malicious or not, send Gooligan the names of the apps to download from Google Play. After an app is installed, the ad service pays the attacker. Then the malware leaves a positive review and a high rating on Google Play using content it receives from the C&C server.

Our research team was able to identify several instances of this activity by cross-referencing data from breached devices with Google Play app reviews. This is another reminder of why users shouldn’t rely on ratings alone to decide whether to trust an app.

gooligan1

Two examples of reviews left by users who were also found on the attacker’s records as victims.

gooligan2

An example of fake reviews and comments to one of the fraudulent applications.

gooligan3

The same user discovered two different fraudulent apps were installed on his device, without his knowledge.

Similar to HummingBad, the malware also fakes device identification information, such as IMEI and IMSI, to download an app twice while seeming like the installation is happening on a different device, thereby doubling the potential revenue.

google4

One of the apps downloaded from Google Play by Gooligan.

What are Google authorization tokens?

A Google authorization token is a way to access the Google account and the related services of a user. It is issued by Google once a user successfully logged into this account.

When an authorization token is stolen by a hacker, they can use this token to access all the Google services related to the user, including Google Play, Gmail, Google Docs, Google Drive, and Google Photos.

While Google implemented multiple mechanisms, like two-factor-authentication, to prevent hackers from compromising Google accounts, a stolen authorization token bypasses this mechanism and allows hackers the desired access as the user is perceived as already logged in.

Conclusion

Gooligan has breached over a million Google accounts. We believe that it is the largest Google account breach to date, and we are working with Google to continue the investigation. We encourage Android users to validate whether their accounts have been breached.

Appendix A: List of fake apps infected by Gooligan

Perfect Cleaner
Demo
WiFi Enhancer
Snake
gla.pev.zvh
Html5 Games
Demm
memory booster
แข่งรถสุดโหด
StopWatch
Clear
ballSmove_004
Flashlight Free
memory booste
Touch Beauty
Demoad
Small Blue Point