Sony 年終特賣,半價入手 XB910N 無線降噪耳機

Sony 正於 Amazon 上推出年終特賣,這次 WH-XB910N、WH-CH710N 兩款頭戴式耳機,加上 WF-C500 真無線耳機都正以大額折扣發售,當中 WH-XB910N 更首次跨越半價的界線,只需 US$123 即可入手,較本地亦價格便宜許多,是入手的好時機。…

Two men allegedly hacked JFK’s taxi dispatch system with Russian help

Would you pay a few bucks to skip an interminably long taxi wait line at the airport? That’s essentially what Daniel Abayev and Peter Leyman did, according to the DOJ, except they focused on taxi drivers. The two men, both from Queens, have been arrested for hacking into JFK’s taxi dispatch system with the help of Russian nationals. From September 2019 and September 2021, they charged drivers $10 to jump ahead of JFK’s taxi queue. Typically, those cars are sent out depending on their order of arrival.

“For years, the defendants’ hacking kept honest cab drivers from being able to pick up fares at JFK in the order in which they arrived,” U.S. Attorney Damian Williams said in a statement. “Now, thanks to this Office’s teamwork with the Port Authority, these defendants are facing serious criminal charges for their alleged cybercrimes.”

According to the DOJ’s indictment, both men explored a variety of ways to break into JFK’s taxi dispatch system, from bribing people to insert a malware-filled flash drive into a computer, stealing tablets and logging into the system over Wi-Fi. Abayev at one point messaged one of the Russian hackers: “I know that the Pentagon is being hacked[.]. So, can’t we hack the taxi industry[?]”

The pair used chat threads to communicate with drivers, some of whom also had their $10 fee waived if they could recruit others. Abayev and Leyman have been charged with two counts of conspiracy to commit computer intrusion, which carry a maximum 10-year sentence in prison. Their story follows a spate of Russian cyberattacks over the last ten years, including the infamous hack on Florida’s voter databases in 2016, a decade-long malware scheme to steal millions, and the theft of NATO data in 2014.

Twitter appears to be blocking Google Voice numbers from SMS authentication

Twitter appears to have cut off Google Voice numbers from two-factor authentication (2FA). Although it’s hardly the first company to block virtual phone numbers from SMS authentication, the change could be connected to CEO Elon Musk’s aggressive moves to snuff out bot accounts from the platform.

The new behavior, reported by 9to5Google, appears to block users from using a Google Voice number to authenticate their accounts. (I tried it today, and it rejected my Google Voice number.) Further, users previously authenticated with Google Voice could find themselves locked out of their accounts. Engadget reached out to Google to confirm, and we’ll update the story if we hear back. Twitter no longer has a PR department.

Since buying Twitter and taking over as CEO (a title he now says he’ll abandon once he finds a successor), Musk has been vocal about vanquishing bots from the platform. Earlier this month, Platformerreported the company blocked traffic from 30 mobile carriers worldwide — including networks in Russia, Indonesia, India and Malaysia. The move cut off access for thousands of accounts, including legitimate ones using those wireless carriers for 2FA. Musk accused the carriers of initiating the bogus texts to inflate what Twitter owed them contractually for SMS.

That report didn’t mention Google Voice, but anyone with a Gmail account can set up a free Google Voice number, making it an easy authentication tool for bots, scammers and spammers. Although it’s tempting to lump this move together with Musk’s seemingly erratic overhauls since taking over, it’s standard practice for apps ranging from financial institutions to dating apps to bar virtual numbers from 2FA.

If you set up your Twitter account with Google Voice authentication, you should be able to change the number without contacting support. You can go to Twitter Settings > Security and Account Access > Security > Two-Factor Authentication to remove that number and add your primary carrier line.

The Guardian hit by suspected ransomware attack

Prominent news organizations are high-value targets for hackers and it appears that The Guardian is the latest to have fallen victim to an attack. A “serious IT incident” struck the publication on Tuesday evening. “We believe this to be a ransomware attack but are continuing to consider all possibilities,” editor-in-chief Katharine Viner and Guardian Media Group chief executive Anna Bateson told employees in a note. “Our technology teams have been working to deal with all aspects of this incident, with the vast majority of our staff able to work from home as we did during the pandemic.”

Some of The Guardian‘s tech infrastructure and “behind-the-scenes services” have been impacted, according to the publication. Employees were asked to work from home for the remainder of the week. The Guardian has still been able to publish stories on its website and app, and leaders were confident of being able to deliver a print edition on Thursday.

Other news organizations have suffered security breaches in recent months. Fast Company was forced offline for eight days amid a cyberattack that saw hackers deliver obscene push notifications through Apple News. The New York Post, meanwhile, claimed in October that a rogue employee took over its website and Twitter accounts and was the culprit behind racist and sexist posts.