For years, Amazon has offered a label on some products stating that they were the "choice of Amazon". For years, it was unclear which products were chosen for this dizzying designation or which sales targets, user assessments or other qualifications needed to be achieved. To be so labeled. Amazon describes the Amazon products of choice as "highly priced and highly priced products that can be shipped immediately," but it is known to appear on products that are not even shipped yet, and as a result can not have been evaluated by anyone affiliated or buying on Amazon. He also appeared on badly rated unwanted objects.
Now, a new Digiday report suggests Amazon used a remarkably simple process to decide which products would be labeled "Amazon's Choice". Businesses were invited to bid on the badge by lowering their prices and spending more money on advertising with Amazon. The criteria examined in this publication are as follows: To be eligible, Amazon-owned suppliers – resellers could not apply – had to maintain brand ratings of more than four stars, keep products in stock for 12 months, and keep various technical sub-categories. assessments. Digiday writes:
In an e-mail addressed to a branded customer, an Amazon Strategic Vendor Service Manager recommended that the brand lower its $ 30 selling price to win the offer, which would increase Amazon's profits. on the sale. For suppliers, access to a strategic provider service manager, supposed to provide internal access to Amazon, costs hundreds of thousands of dollars a year …
As Amazon has done in the past to attract attractive brands on its platform, it has offered other incentives to potential candidates. On deck, he added extra marketing value, including free A + scans and discounted A + premium scans, Amazon Vine credits (giving brands free access to their customers' product reviews) e-mail promotions and higher inventory purchases for 12 weeks.
In return, Amazon wanted brands to commit to putting resources in their product lists in order to earn the badge. According to the press, customer return rates and damage, past sales, expert reviews, margin growth, additional marketing investments in Amazon's advertising products, content creation and major promotions would be taken into account for each offer. In terms of marketing investments, Amazon asked bidders to list the investments they planned to make to support the product, as well as the ongoing marketing.
According to Amazon, this program was launched briefly in 2017 and has since been canceled, but problems persist with the Amazon program. The results have been mediocre: the recently purchased HDMI cables and part of "Amazon's Choice" have problems with the appearance of green snow in 3D games, despite the fact that these cables are supposed to be certified HDMI 2.0b. I bought two and both are defective. Some of the iPhone cables I bought and certified in the same program remained empty and failed in a few months; others have worked perfectly for years. I will be the first person to say that the plural of "anecdote" is not "data", but my experience is in agreement with a Buzzfeed. investigation in June. Amazon's Choice labels appeared on products maker labeled as inaccurate, like a baby thermometer. The Buzzfeed survey revealed the presence of choice of "Amazon's Choice" clips in seconds. The "Amazon's Choice" AmazonBasics Security Safe can be selected in three seconds. A balloon purchased on the website became black whiskey and other customers complained of a horrible metallic taste.
The question was recently brought to the US Senate. US Senator Bob Menendez (D-NJ) sent a letter Jeff Bezos asked for additional information on how products are labeled as "Amazon Choice". The letter states that consumers generally identify the label as indicating that Amazon has selected a product, in particular, as a recommended choice. The badge is also worth a lot of money; A study by OC & C Strategy Consultants found that products labeled "Amazon's Choice" had tripled their sales, while products removed from the "Amazon's Choice" list had dropped by 30%.
The letter asks for a detailed explanation of how the decision is made to apply the label, as well as information as to whether an algorithm is involved and, if so, whether the algorithm's decisions are considered by a human. The letter also asks for information on what Amazon considers to be "highly rated", on the steps to follow to eliminate fraudulent listings, on the possibility for companies to bid for the Amazon's Choice label, and how it deals with recycling practice apply old revisions to revisions of new products without disclosing it).
My own advice is to treat the label "Amazon's Choice" with skepticism and do your own homework before buying the product. I had enough bad luck with that to no longer trust it.
Kaspersky Labs does not enjoy the best reputation. The company is linked to Russian intelligence services, the Department of Homeland Security has banned its use in government computers and Best Buy will not sell its products. In 2017, it was reported that Israelis had observed Russian intelligence agents using Kaspersky software to spy on the United States. Now, a survey of the company's antivirus software has revealed a major data leak that dates back to 2015.
According to the German publication C't, Kaspersky antivirus injects a universal unique identifier (UUID) in the source code of each Web site visited. This UUID value is specific to the computer and the software installation. The value injected into each website never changes, even if you use a different browser or access the Internet using the browser's Incognito mode.
It was discovered the injection because one of their antivirus software evaluators discovered the same line of source code in several websites. The installation of the application on different systems has resulted in the creation of different UUID values. The assigned UUIDs have not changed over time, indicating that they were static. And because these values are injected into the source code of every website you visit, it means that the sites you follow can follow you. As C't writes:
Other scripts run in the context of the website domain can access the HTML source at any time, which means that they can read the Kaspersky ID.
In other words, any website can read the user's Kaspersky ID and use it for tracking. If the same universally unique identifier comes back or appears on another website of the same operator, they can see that the same computer is being used.
After developing a proof of concept and verifying that users with installed Kaspersky antivirus could actually be tracked in private browsing mode, C't contacted Kaspersky The flaw now has an official name: CVE-2019-8286. Kaspersky argued that this was a fairly minor problem, which would require advanced techniques to exploit. Kaspersky has updated its software so that it only introduces more information about the version of a Kaspersky product that you use in each visited website, and not a unique identifier unique to your site. personal machine. It is not satisfied with this fix and considers it still a security risk.
A bug that identifies a computer on a Web site that knows how to listen to this information is potentially very useful. Even though Kaspersky does not have an external database associating UUIDs with specific installations, broadcasting in UUID directly in private browsing mode means that a Web server registers a visit from within. a specific computer. If this machine is associated with a specific person, you have established a link.
Is it possible that Kaspersky simply made a dreadful security decision when implementing its anti-virus software? Absolutely the fact that a bug exists does not automatically mean that some bad one was using it. But these types of coincidences are interesting to say the least. Broadcasting a UUID as part of the use of antivirus software is not the type of attack that most of us could expect. This is the type of fingerprint method that an intelligence agency could be very interested in tracking down who was accessing very specific websites, but not the kind of thing that would be of interest to a typical malware company. Of course, we could also say that's why the bug was hinted at the beginning. The defect of Kaspersky in this reading is not deliberately harmful; it is an accident that reflects the company's desire to put an end to ordinary malicious programs and not to state actors.
I do not know what perception is good. But I would suggest at least investigating an antivirus vendor with fewer allegations of outside intelligence cooperation if you're concerned about this type of problem.
Nest is the leading player in smart home security and connected security. His status as a subsidiary of Google has subjected him to a special examination. Google talked about its "Customer Confidentiality Commitment" at the I / O 2019 when it unveiled the new Google Nest logo. The company has just delivered on its promise for I / O: it removes the option to disable the camera's status lights. Nest customers have answered with almost universal anger to change.
One of the principles in Google's commitment to privacy was that the company would ensure that there is a visual indicator when your Nest camera was on and streaming video on Google. According to the email sent to users, Google does this by constantly turning on the status of most Nest cameras. Thus, you will always know if any of these devices is actively broadcasting. So that's good, right? Not so fast – it turns out that many people liked being able to turn off those lights.
Nest says the Nest Cam video doorbell and Nest Hello will soon get a silent OTA update that removes the status light feature. The small green LED will be lit continuously when the camera is active and will flash when someone will watch the live stream. Instead of turning off the light, Nest will only support light attenuation.
This ensures that you and everyone around you are aware of what the camera is doing. However, this is not a characteristic that everyone wants. Many Nest camera owners prefer devices to attract the least attention possible. For example, blinking the camera at the door could indicate to an unwanted visitor that you are looking at him and not answering the door. Pretty awkward. This could also make the cameras easier to spot for an observer thief, who could then avoid them or damage them.
The status light is indeed a valuable tool if you are worried that someone will hack your cameras or if you do not trust Google. Although placing a Google camera in your home seems like a bad idea if you are that person. For all others, the status light is at best unimportant and at worst a nuisance. Imposing it on everyone could miss the point. The outrage over the Google community forums is widespread, but there is no indication that the company will reconsider its decision.
Throughout the history of modern computing, passwords have been the primary method of securing data. Password problems are many, but things are changing slowly with biometrics, hardware security keys, and so on. Google is exploiting several new technologies for make one of his sites without a password, but only for Android users.
Google says that it has automated safeguards that prevent unauthorized people from accessing a user account, but that no password-based system is perfect. You will never convince everyone to use strong passwords, and some of them will have to write them on post-it notes. For the first time, you do not need a password to access your Google Account data. However, this is only true for a service and for some Android phones at the moment.
Starting today, you can access the Google password manager site on your smartphone and sign in with one click. The Password Manager site gives you access to all the account credentials registered in the Chrome and Android autofill. It is therefore a mine of valuable data that could potentially allow an attacker to compromise many accounts of the victim. Instead of using a password to log in, you can use the secure unlock method on your phone, for example your fingerprint. Tap the sensor to verify your identity and you're in.
Google does not have fingerprint data on its servers – they stay locally on your phone. It is also a fundamental part of the design of FIDO2 driven by Google and others. Google stores FIDO platform-related credentials on your phone, which are used to verify your identity as a hardware security key. When you visit the Google Password Manager, the site uses a WebAuthn "Get" call to retrieve the stored credentials. It works as a FIDO2 signature to verify your identity.
Currently, this feature only works on the aforementioned Google password manager site. You will also need a Pixel phone. The feature will be deployed on all Android phones running version 7 (Nougat) or higher. Since this feature is connected to the Android Secure Unlock feature, it should work automatically with all future secure unlock methods. For example, the advanced face unlock feature offered at Pixel 4. Current Android phones with Face Unlock will not be considered a secure unlock method for the purposes of Google's new sign-in feature.
For people who work in technology like me, building a computer is second nature. I often build and destroy two full desktops a week, while those who work in computer repair shops or build custom systems for clients can create a dozen or more computers during the same period. However, if you have never built a computer, the task can prove arduous because it seems far more complex than it actually is.
However, if you want to learn how to build a computer, a Udemy course titled "How to build a computer from scratchAims to teach you how to do it yourself. Unfortunately, it fails so completely and completely that this class is nothing short of a torture for anyone who actually knows how to build a custom PC.
Classes start badly, the lecturer teaching you half-truths about the benefits of building a custom PC versus buying a pre-built system. First, the conference notes that building a custom system will give you the ability to perform more upgrades and change parts over time. The speaker goes on to say that the upgrade possibilities are endless and that the system will have more advanced features. The speaker emphasizes that predefined systems lack these attributes with extremely limited upgrade options and a higher price.
This is only partially true. Many predefined systems can realistically be upgraded in the same way as a custom built system. Each motherboard has its limitations in terms of the processors they can support and the type of RAM they are compatible with, but this is true for all computers, not just pre-built computers. end to the upgrade, but certainly not always. An example of where it may be cheaper to buy a prefabricated system is the OverPowererd DTW2 at Walmart, which is a fully built system that is often available at a lower price than parts.
The speaker then states that you can not change the BIOS settings of a pre-built system without causing problems, but any custom built PCs may have their BIOS modified to improve it. Personally, I feel that creating a custom system is a better option, but I find the amount of false information presented at the beginning of this course extremely confusing.
In section 3, the speaker begins to explain the different parts of a computer. This whole section is rather poorly done. The system used as an example contains absolutely no cable management system. Parts such as RAM are completely hidden. The processor is mentioned, but is not displayed because it is under a heat sink and only the edge of the system hard drive is visible. From that, I do not know how beginners would know what a hard drive, processor or RAM is.
The remaining courses in Section 3 focus on the components one by one and show you what a processor and RAM keys look like. These conferences also have serious problems. For example, the motherboard conference uses an older example from around 1998. Almost none of the components shown in this example are still in use, including the Slot 1 connector, the ISA and AGP connectors, and the Intel chipset. 440BX, the SCSI data. connectors, and much more. It then shows a real AM3 motherboard, then returns to the 1999 diagram for reasons that I can not explain or understand.
Reading the CPU is informative enough without real problems, but the lecturer comes back to showing obsolete hardware in the course of RAM. SDRAM, which stopped being used at the turn of the millennium, has more or less the same appearance as modern RAM, so it's not such a big problem, but it's a strange choice when there are images of modern RAM arrays. This conference is extremely simple, with no discussion of the different types of RAM or RAM settings. Clocks? Latency? Slot compatibility? Non pertinent
The PSU speaker is similar to the RAM conference in that it is extremely simple. According to the speaker, the unit simply needs to have enough power to run the system regardless of the quality of the power supply or its efficiency. There is no discussion about 12V rails or how to calculate if a power supply provides enough amperage for a given high-end board.
Section 4 of this course explains in detail the selection of your components and begins with another lecture on the motherboard. Did you know that Micro-ATX motherboards have almost the same performance as ATX motherboards? I'm sure that it's not the case. The form factor of a motherboard does not alter its performance. It is possible to have an ATX card and a micro-ATX card with identical performance and it is possible that the micro-ATX card is more efficient than the ATX card. Size is not a factor in determining performance, but the speaker says so.
The CPU section of this course is both inaccurate and out of date to be useful. The conference does not really seem to have a clue what he's talking about. It presents Intel's Broadwell processor architecture as an interesting technology offering better multicore performance and the ability to "generate much more powerful graphics." He also mentions Intel Core i3, Core i5, and Core i7 products as having failed for a long time without indicating that he would understand that these products evolve over time as new processors are introduced. By the time these conferences were held, Ryzen had not been published yet and the discussion on AMD was only about the APUs and low prices of the company.
At this point, I jumped to the part of these lectures that really shows you how to build the system. There are more problems here, but in general you will learn to connect the parts together. It's already the longest Udemy class review I've ever written, and now I think you understand this course is awful.
I suppose technically it would show you how to build a computer, but you'd be horribly prepared to select the right components to build a system. Even if you manage to get the correct parts, following these building instructions would leave the system poorly built with many potential problems over the years.
You may think that I may have just chosen a bad course to review because several Udemy courses teach you how to build a PC, but I've specifically chosen this one because he got a high score of users on Udemy of 4.6 / 5. It's incredibly shocking to me and I can not help but wonder if a lot of these critics have been falsified in order to improve sales of this course.
I can not say how terrible this course is. I consider it dangerous and expensive to approach the establishment of a modern system based on the information contained in these conferences. It is impossible to find a worse source of information, and it would be much better to buy a pre-built system than to try to build one yourself after taking this course. If you really want to learn how to build a PC, look elsewhere.
The ever growing network of the Internet of Things (IoT) can make your life easier by automating your home and providing data wherever you are. However, all these devices connected to the Internet can also provide a massive attack surface to online criminals. We have already seen malware targeting IoT hardware, but Microsoft now claims to have discovered a coordinated hacking campaign focused on government, political groups and charities via devices such as printers and VoIP phones.
The Microsoft Threat Intelligence Center says that a new wave of IoT hacks began in April this year. She points to a group known as Fancy Bear or Strontium, best known for being the author of large-scale piracy supporting the Russian government. Naturally, Fancy Bear is linked to the Russian Military Intelligence (GRU). Fancy Bear stole files from the Democratic National Committee in 2016. These documents were subsequently published on Wikileaks, which harmed Hilary Clinton's presidential campaign. Later, he led the NotPetya ransomware attack on Ukraine and other countries.
The new hacking operation targets popular Internet devices because they often escape the usual security controls. According to Microsoft, hackers attacked three popular devices: a VOIP phone, a desktop printer and a video decoder. In many cases, these devices connect to the Internet but have a default password or outdated security patches. This makes it an ideal entry point to allow an attacker to access a larger network. From there, Fancy Bear used access to steal valuable data from other computers.
Microsoft has only spotted this attack because it can view many corporate networks via Windows software. It detected about 1,400 intrusions via IoT hardware. About 20% of the infiltrations took place in non-governmental organizations, think tanks and other political organizations. The remaining 80% focused on the government, the military, technology companies and other entities. The campaign even targeted Olympic organizing committees and anti-doping agencies, two issues that presented problems for Russian interests.
Microsoft offers many suggestions for improving IoT security, starting with securing trust before connecting new IoT devices. Unauthorized hardware can bypass many security measures on a network, such as NASA recently discovered. Microsoft also suggests configuring secure networks specifically for IoT hardware and monitoring connections to detect any unusual activity. You can see the complete list in Microsoft Blog.