main

Gaming News

How to Safely Transport All Your Geeky Comic-Con GearĀ 

July 20, 2018 — by Kotaku.com0

San Diego Comic-Con is upon us. And if you’re flying to this, or planning a trip to another geeky convention, you probably already know what you should and shouldn’t try to pack in your luggage. (It’s not in your best interest to surprise the Transportation Security Administration with a thermal detonator, Gom Jabbar, or Lawgiver replica when you’re putting your arms in the air like you just don’t care in the body scanner.)

While lightsabers are fine to travel with—and foam swords are not (at least, not as a carry-on)—what about all the other stuff you’re going to bring back from a convention? Expensive autographed comics? Priceless collectibles? Costume accessories?

Advertisement

Over on the TSA’s blog, the agency has a few helpful suggestions for how you might want to treat the items you’re taking to and from this year’s Comic-Con. These rules are applicable to any geeky convention you attend, and they’re worth filing away in the back of your mind the next time you suit up as Stormtrooper number 81310.

If you don’t want the TSA to break the seal on a product, ship it

Shipping items back home from a convention (or a vacation) can be a pain. It costs money, there’s no guarantee your carrier of choice won’t wreck your precious item (unless you protect it with all the bubble wrap ever), and someone might steal it off your doorstep even if it safely makes it to your house or apartment. Still, if you don’t want the TSA to open up something precious, don’t pack it in your luggage. As the TSA’s blog notes:

“There’s always the chance that a packaged item might have to be searched and opened, which would cause us to have to break the original seal. If you’re a collector, the last thing you want is a broken seal.”

Advertisement

Don’t pack items that might cause a crazy amount of panic at the airport

You’d be surprised—but probably not that surprised—at what the TSA finds in bags. (Its Instagram account is a gold mine.)

Advertisement

I’ll quote the TSA on this one, since it’s important (and some people still seem to think you can just bring whatever on a plane):

“If you’re not checking a bag and you have a realistic replica of a weapon or an actual weapon, you’ll want to ship the item. If you are checking a bag, replica weapons and actual weapons may be packed in your checked bag. Replica firearms can be placed in your checked baggage with no declaration or packing guidelines, but actual firearms must meet packing guidelines and be declared. Anything looking like an explosive (whether real or not) is strictly prohibited from air travel.”

Comic Books are OK, but …

The TSA has no issues with you flying with stacks of comic books—aside from the aforementioned bit that they might crack the seal on your pristine collectables if they need to search your gear for whatever reason. However, the agency recommends that you carry your comics with you, rather than packing them in a checked bag, to prevent problems:

“Packing these items in checked bags may cause alarms leading to bag searches that can cause a significant slowdown in the screening process leading to delays and bags possibly missing their flights.”

Advertisement

What about costumes?

If you’ve been working for the past 11 months on your gorgeous replica costume of a Warhammer Space Marine—first, I’d love to see it, because that’s awesome. And second, you might want to take a little extra care when traveling with its parts and pieces. (And consider creating items that can be disassembled and reassembled, which might make your travels a lot easier.)

Advertisement

If you’ve shipped the bulk of your gear and are hand-carrying some of the more critical props, consider leaving the TSA a little love letter when checking your luggage. Maybe you’ll get a screener who’s also a sympathetic sci-fi fan:

You should also consider adding some reference photos or anything else that might be able to help prove that your gear is for an authentic costume you’ll be wearing somewhere, not… well, whatever else the TSA thinks it might be.

Advertisement

You could also try bribery (or asking for an in-person inspection of your gear):

Advertisement

Also, don’t forget to bring along a kit for basic (or emergency) repairs, just in case a TSA screener isn’t kind to your gear:

Advertisement

If a wig is a make-or-break part of your costume, Annemarie from Travel on the Brain has a few helpful ideas for getting it safely to your final destination:

“Turn your wig inside out (unless it’s heavily styled or spiked, such as with cosplay wigs), carefully curl up long tresses and place it gently inside the wig top. Then put a hair net around it to keep everything in shape.

Now, store it in a zippable plastic bag to avoid moisture or at least put it in a (silky) scarf for protection. If your wig is very dear to you, pack it in your carry on. Alternatively, you can also wear it on your head. More wig packing ideas include special hair packaging boxes, hair extension or wig travel case or wig packing bags.”

Advertisement

Tech News

Mark Zuckerberg: CEO, billionaire, troll

July 20, 2018 — by Engadget.com0

We imagine the scene at Facebook right now is like Kim Jong-il’s funeral. Employees weeping in hallways, dripping anguished snot onto keyboards, beating their chests with unsold Facebook phones in an orgy of anguish at the injustice of media coverage regarding Mark Zuckerberg’s unprompted defense this week of giving Holocaust deniers a voice on the platform.

But I think we’ve finally figured out what’s going on at Facebook after all.

You know that guy. The one who pops into a chill online community and makes everyone miserable. The one who says he’s “just asking questions” about women able to do math, black people and evolution, shooting victims and paid actors, the validity of the Holocaust.

He’s the one that mods have to kick out for “JAQing off” (“Just Asking Questions”) because he clearly has bad intentions to harm the community and recruit hate. The troll who feigns naïveté and uses free speech as a foil.

This week we learned that if you give that guy a platform for his voice, he’ll out himself real fast. Right now, headlines blare Zuckerberg in Holocaust denial row and Fortune 500 C.E.O. Says Holocaust Deniers Must Be Given “a Voice”.

To be clear, on Tuesday Zuckerberg gave a wandering kid-glove interview with Kara Swisher of Recode, the same day Facebook’s representatives went to the mat to avoid telling the House Judiciary Committee exactly how InfoWars gets to stay on Facebook while it pretends to decry hate speech.

Zuckerberg told Recode that Facebook won’t ban Holocaust deniers or race-war conspiracy propagators like InfoWars just because they’re “getting it wrong.” Also, booting them would go against his and Facebook’s “responsibility” to “give people a voice.” Even in his next-day backtracking, Mr. Zuckerberg and his company doubled-down on giving that guy a safe space, a voice, and a platform.

As Matt Ford at The Atlantic tweeted, in the original interview Zuckerberg wasn’t even asked about his company’s policy of fostering Holocaust denial, “he just said he’d keep it on Facebook on his own.”

So, I guess that was Zuckerberg’s last podcast? pic.twitter.com/niUS5NPuQR

— Mat Honan (@mat) July 19, 2018

Then came the headlines. Quickly followed by Mark Zuckerberg pulling a Trump, telling his softball interviewer that he misspoke. “I personally find Holocaust denial deeply offensive, and I absolutely didn’t intend to defend the intent of people who deny that,” he wrote in a warm personal email to Kara Swisher.

We imagine loyal Facebook employees on the floor in the breakroom, tearing up chunks of rubber floor mats and chewing them, swallowing through their own howls and moans, sobbing. “No one understands what Mark really means,” they cry.

But we all know that one way to double-down is to split hairs. It’s the hallmark of trolling. It’s what that guy is really good at.

Nowhere is this more clear than this week’s Channel Four (UK) Dispatches episode Inside Facebook: Secrets of the Social Network. The episode

Tech News

Facebook could have another Cambridge Analytica on its hands

July 20, 2018 — by Engadget.com0

Alexander Koerner via Getty Images

Facebook has suspended a Boston-based analytics firm from both Facebook and Instagram as it investigates the company’s data collection practices, the Wall Street Journal reports. Facebook said that so far, it hasn’t found any evidence that the company has improperly obtained any Facebook or Instagram information, but it would be looking into whether Crimson Hexagon violated any of its policies on how to collect, share and store user data. “We don’t allow developers to build surveillance tools using information from Facebook or Instagram,” Facebook told Engadget. “We take these allegations seriously, and we have suspended these apps while we investigate.”

This move comes as Facebook continues to deal with privacy concerns stemming from the Cambridge Analytica scandal.

On its website, Crimson Hexagon boasts that it can provide “instant access to over one trillion consumer conversations from social media, forums, blogs, reviews and more.” Along with brands like Samsung, Twitter, Adidas and GM, the Wall Street Journal reports that Crimson Hexagon has held contracts with both US government agencies and a Russian nonprofit group with connections to the Kremlin. The publication asked Facebook about what oversight it had over the company’s storage of user data and its government contracts. Facebook told the Wall Street Journal that it wasn’t aware of some of Crimson Hexagon’s contracts but said today that it would suspend its apps while it investigates further.

“We are investigating the claims about Crimson Hexagon to see if they violated any of our policies,” Ime Archibong, Facebook’s VP of product partnerships, said in a statement. “People can share their information with developers on Facebook and Instagram — just as they can when they download an app on their phone. We also have APIs so that developers can use public or aggregated information to produce anonymized insights for business purposes.” He added, “Facebook has a responsibility to help protect people’s information which is one of the reasons why we have tightened our APIs significantly over the last few years.”

The social media giant said Crimson Hexagon is cooperating with its investigation and that it plans to meet with the company’s staff in the coming days.

Tech News

Three top FBI officials quit as US cybersecurity threats mount

July 20, 2018 — by Engadget.com0

Loop Images/Alan Novelli via Getty Images

Looming cybersecurity threats are reportedly behind the departure of several cybersecurity officials at the Federal Bureau of Investigation. According to The Wall Street Journal, three of the top FBI officials — Scott Smith, David Resch, and Carl Ghattas — are exiting the bureau.

The resignations come amidst an “unprecedented” number of cyberattacks, which apparently include Russian meddling in the political system, as well as disputes with President Trump. Last year, the US President took a swipe at the FBI’s reputation on social media, calling it “the worst in history”.

Assistant FBI director Scott Smith is set to resign this month, and will be joined by David Resch, the FBI’s executive assistant director of the cyber, response and services office. Meanwhile, the national security branch of the FBI will lose Carl Ghattas — also an executive assistant director — as he pursues other opportunities in the private sector.

All of the departures have been confirmed by the FBI.

In a statement, Resch assured the public that “the Bureau will remain the FBI the American people have depended on for 110 years”. Those familiar with the decisions have labelled the mass exodus of senior officials as “highly unusual”, particularly in the case of Smith, whose premature departure diverges from the standard practice of agents leaving after retirement age.

With the shadow of the 2016 election hacking still lingering, and concerns with present cybersecurity issues, senior US intelligence officials have cautioned the country has reached a “critical point”.

Tech News

DOJ decides it should publicly 'expose' foreign election schemes

July 20, 2018 — by Engadget.com0

Bloomberg via Getty Images

If the US Justice Department stays true to its new policy, we’ll hear about foreign cyberattacks and disinformation campaigns targeting the country’s democracy straight from its office. Deputy Attorney General Rod J. Rosenstein (above) has announced at the Aspen Security Forum that under the new policy, the DOJ will inform American corporations, organizations and even individuals if they’re being targeted by foreign operations in an attempt to influence the country’s elections. “Exposing schemes to the public is an important way to neutralize them,” he explained, less than a week after the DOJ indicted 12 Russian intelligence agents for hacking Democrats leading up to the 2016 Presidential Elections. He added: “The American people have a right to know if foreign governments are targeting them with propaganda.”

[embedded content]

Rosenstein has announced the new policy as part of his speech discussing the first comprehensive report released by the US Attorney General’s Cyber-Digital Task Force. In that report, the task force has identified five different types of foreign interference techniques used to target US political processes. The first type covers attackers that break into election infrastructure, including voter registration databases and vote-tallying systems. Cyberattacks targeting political organizations, campaigns and public officials fall under the second type, while spies who join political campaigns to steal info for foreign governments belong to the third type.

The fourth type covers schemes to spread disinformation and propaganda to influence American public opinion, such as the use of trolls on social media to spread fake news about candidates. Finally, foreign governments that use media outlets they control and paid lobbyists to influence elections in the US fall under the fifth type. The DOJ will presumably inform the public if they’re affected by these foreign influence methods going forward.

Rep. Adam B. Schiff (D-Calif.) has voiced his support for the rule, telling The Washington Post: “If this disclosure requirement had been around in 2016, I firmly believe that it would have served as a meaningful deterrent after Russia’s interference was first discovered, and it would have informed voters more quickly and more forcefully that a foreign government was trying to affect their vote.”

We’ll likely hear frequently from the DOJ once it starts implementing the policy, considering attacks on candidates running in 2018 have reportedly already begun. At the same forum, Microsoft VP for customer security and trust Tom Burt also revealed that his team discovered a spear-phishing campaign targeting three candidates vying for re-election in 2018. He said they traced it back to Russian intelligence agency GRU, the same organization behind the DNC hacks in 2016.

Tech News

Microsoft detected Russian phishing attacks on three 2018 campaigns

July 19, 2018 — by Engadget.com0

Russia is still launching cyberattacks against the US, a Microsoft exec has revealed, contradicting what the President claimed just a few days ago. According to Microsoft VP for customer security and trust Tom Burt (shown above second from right, with his hand raised), his team discovered a spear-phishing campaign targeting three candidates running for office in 2018. Burt announced his team’s findings while speaking on a panel at the Aspen Security Forum, where he also revealed that they traced the new campaign to a group believed to be operated by the GRU, Russia’s largest foreign intelligence agency. In other words, those three candidates are being targeted by the same organization that infiltrated the DNC and Hillary Clinton’s Presidential campaign in 2016.

[embedded content]

The US recently indicted 12 Russian GRU officials, 11 of whom are accused of hacking the DNC and leaking the party’s emails with the purpose of influencing the 2016 elections. If you’ll recall, a “Guccifer 2.0” dumped names, phone numbers, emails and a bunch of other information stolen from the party, from Hillary Clinton and from the Clinton Foundation on the internet.

The last GRU official named in the indictment is accused of breaking into the state board of elections and the systems owned by companies making election software to steal half a million voters’ information.

While Burt divulged Microsoft’s findings to the public, he refused to name the targets and their parties due to security concerns. He did say, however, that they’re “candidates of note” who are “running for reelection.” Neither party would confirm whether their candidates are being targeted, but DNC rep Xochitl Hinojosa told BuzzFeed News: “We saw the Russians attack our democracy in 2016 and we know they’re a threat in 2018, 2020 and beyond.” He added that it’s unfortunate how the President isn’t taking the issue seriously and how House Republicans refuse to increase funding for election security.

Tech News

Robocall company exposes hundreds of thousands of voter records

July 18, 2018 — by Engadget.com0

Getty Images/iStockphoto

Hundreds of thousands of voter records were left exposed on an Amazon S3 bucket, ZDNet reports, this time by Virginia-based robocalling firm Robocent. Among the information that was left accessible were names, home addresses, gender, phone numbers, age, birth years, ethnicity, education and language spoken as well as state-provided or inferred political leanings such as “weak Democrat,” “hard Republican” and “swing” voter. The cache contained nearly 2,600 files, including audio recordings of political messages.

The records were spotted by Bob Diachenko, Kromtech Security’s head of communications, who notified Robocent of the leak. The data were secured shortly thereafter and the company’s co-founder, Travis Trawick, told ZDNet that the records contained in the cache were from “an old bucket from 2013-2016 that hasn’t been used in the past two years.” It’s unclear how long the records were exposed, but Robocent says it’s looking into the leak. Trawick said those who were affected will be notified if Robocent is “required by law” to do so.

It has been a bad few years for voter data security. Last year, information on nearly 200 million US citizens was exposed by a political ad-targeting strategist, and a voting machine supplier leaked personal information from over 1.8 million Chicago residents. In 2016, the Republican Party of Iowa exposed information from around 2 million voters and in 2015, a badly configured database was spotted exposing voter registration info, including addresses, party affiliations and voter IDs, for 191 million Americans.

Last year, Harvard researchers also found that some states’ voter registration websites left voter records vulnerable to manipulation and earlier this year, the Department of Homeland Security revealed that Russian forces accessed a number of US states’ voter registration databases ahead of the last presidential election.

Tech News

Trump claims Russia has stopped its cyberattacks against the US

July 18, 2018 — by Engadget.com0

Xinhua/Lehtikuva/Heikki Saukkomaa via Getty Images

President Trump is still dealing with the repercussions of appearing to agree with Vladimir Putin that Russia didn’t interfere with the 2016 US election (and the subsequent attempted walk back of this statement), but that isn’t stopping him from further controversial statements on cybersecurity. In a cabinet meeting, Trump told a reporter that Russia was no longer “targeting” the US with cyberattacks. The claim strains credulity, to put it mildly — it contradicts both his previous remarks and the findings of intelligence agencies.

To start, Trump told members of Congress in a July 17th meeting that the US was reportedly “doing everything in [its] power to prevent Russian interference in 2018.” If cyberattacks weren’t a real possibility, why show concern about Russian meddling just a day earlier? Director of National Intelligence Dan Coats also stressed in a July 16th statement that Russia was conducting “ongoing, pervasive efforts” to undermine the US, indicating a continued threat.

It’s certainly an unusual statement to make in light of dozens of indictments (some made just before Trump’s meeting with Putin) against Russian intelligence officers and Russia-linked individuals for attempting to interfere with the 2016 election through everything from ad campaigns to hacking electoral systems. And that’s not even including the reams of evidence of ongoing cyberattacks against the West, including Twitter bots as well as hacks targeting the Olympics and chemical warfare prevention labs. There’s simply no good reason to believe Russia has changed its ways ahead of the US mid-term elections, regardless of what Trump says.

Gaming News

How to Make Your Wifi Router as Secure as Possible

July 18, 2018 — by Kotaku.com0

Though more router manufacturers are making routers easier to set up and configure—even via handy little apps instead of annoying web-based interfaces—most people probably don’t tweak many options after purchasing a new router. They log in, change the name and passwords for their wifi networks, and call it a day.

While that gets you up and running with (hopefully) speedy wireless connectivity, and the odds are decent that your neighbor or some random evil Internet person isn’t trying to hack into your router, there’s still a lot more you can do to boost the security of your router (and home network).

Advertisement

Before we get into our tips, one quick caveat: Wireless routers all have different interfaces, different ways they name their settings, and different settings you can adjust. For this article, I’ll be poking around the interface of a TP-Link Archer C7. You’ll want to explore around your router’s web-based configuration screen (or app) to make sure you’ve adjusted all the right settings, but it’s possible you won’t be able to do everything we’ve detailed below.

Accessing your router’s settings

If your router doesn’t have an easy-to-use app for configuring its settings—like what you typically encounter when buying a mesh-networking system—you’ll probably access its settings by pulling up a web browser (on a device that’s connected to your router) and typing in your router’s IP address:

  • On a Windows system, pull up the command prompt and type in ipconfig. The IP address that’s listed as your default gateway is likely your router’s IP address.
  • If you’re on a Mac, pull up System Preferences > Network, and click on Advanced in the bottom-right corner. Click on the TCP/IP option toward the top of the next window and look for your router’s IP address.
  • If you’re on your iPhone, tap on Settings, then Wi-Fi, and tap on the “i” icon next to the wifi network you’re connected to. Your router’s IP address should be listed right there.

Advertisement

Step One: Update your firmware

Some routers bury firmware updates deep in their settings menus; some might even notify you about a new firmware update the moment you log into their apps or web-based user interfaces. However you find the option, you’re going to want to make sure that your router is running the most up-to-date firmware.

If you’re lucky, your router will be able to download new firmware updates directly from its manufacturer. You might have to click on a button (or two) to start this process, or this might happen automatically—routers that do the latter are great, because most people don’t really think about “checking to see if my favorite tech gear has updated firmware” on a regular basis, if ever.

Advertisement

Screenshot: David Murphy

It’s also possible that your router will require you to upload new firmware yourself. If so, you’ll have to download the right firmware from the router’s manufacturer—likely on a support page for your router—and manually update the router by browsing for this firmware file and starting the update process yourself. You’ll have to do this each time you want to update your router with new firmware, which means you’ll have to check for new firmware fairly regularly, perhaps a few times a year. It’s a laborious process that’s easily forgotten, but it’s also important if you want to keep your router protected from external threats.

Change your router login and password

If you’re still using “admin / admin,” “admin / password,” or some variant of generic words to log into your router, change that. Even if your router manufacturer has given you a quirkier password that presumably differs for everybody, it’s important to use a login and password that’s tough to guess or brute-force.

Advertisement

Screenshot: David Murphy

Even if you’re stuck using “admin” as a user name to log in, make your password something complex, not something anyone can look up via a quick web search.

Use WPA2 to secure your wireless network

It almost goes without saying, but don’t use WEP when you’re setting up a password for your wifi network. Passwords “protected” with the WEP encryption are a lot easier to brute-force attack than those encrypted with WPA2. Even though you probably don’t have someone hanging out on your street corner, wardriving everyone’s wireless networks, there’s no reason to not use the stronger WPA2 protocol—unless you have an old device that simply can’t handle WPA2, which is unlikely. And whatever you do, don’t run an open (password-free) wifi network. My god.

Advertisement

Screenshot: David Murphy

Turn off WPS

On paper, WPS—or Wi-Fi Protected Setup—sounds great. Instead of having to type in a long, reasonably complex wifi password on a device, you can just type in a smaller PIN number, likely printed directly on your router.

Advertisement

Guess what? These PIN numbers are much easier to brute-force attack than a more complicated password or passphrase. While a number of routers will time out an attacker after they botch a certain number of password attempts, that hasn’t stopped more ingenious WPS attacks from surfacing. The easiest way to prevent these kinds of shenanigans is to just disable WPS entirely.

Yes, you’ll have to type in your password. Yes, it’ll be annoying. It’s an extra minute of your life. You’ll be fine. Or, if you truly cannot handle this process, check to see if your router allows you to use push-button WPS instead of PIN-based WPS. That way, you’ll have to physically press buttons on your router and any devices you want to connect, which will make it a lot trickier for someone to exploit WPS and break into your network.

Advertisement

Use a better DNS

Browse the web a little bit faster by switching away from your ISP’s DNS and using a service like Google DNS, Cloudflare, or OpenDNS. As an added bonus, you’ll also increase the likelihood that you actually make it to the websites you’re trying to visit without any man-in-the-middle attacks, popups, redirects, interstitials, or annoying “you made a typo in your web address so we’re going to redirect you to a webpage filled with spam and ads” that your ISP might use.

If you want to get really crafty, you can drop a service like OpenDNS on your kid’s laptop, enable parental controls to keep them off time-sucking websites like Tumblr and Reddit, and give yourself a different DNS provider (like Google DNS) to browse the web without any restrictions. Your child will hate you, but at least they’ll turn out to be a rocket scientist with 27 inventions instead of a Twitch streamer with 3 followers.

Advertisement

Screenshot: David Murphy

Consider using MAC filtering, annoying as it might get

While it’s easy for an attacker to spoof a MAC address, you can at least give yourself a little extra security by setting up your router to only allow devices to connect that appear on a whitelist. This filtering is based on each device’s MAC address—a long string of letters and numbers that looks something like “00-11-22-33-44-55.”

Advertisement

Screenshot: David Murphy

While this means that you’ll need to go in and add any new devices you purchase whenever you want them to be able to connect to your router, it also means that devices you don’t authorize won’t be able to do squat. Like I said, though, MAC addresses are easy to spoof, so if this tip gets more annoying than practical, feel free to disable MAC filtering. You’ll be OK.

Consider scheduling your wifi

If you work a pretty normal schedule during the week and you have no reason to remotely connect to your home devices, consider using your router’s scheduling mechanism—if it has one—to just turn off your wifi when you aren’t home.

Advertisement

This isn’t the most practical tip if you have a bunch of smarthome devices that need the Internet, like if you want to be able to turn the lights on and off to piss off your cat or you want to be able to watch a delivery driver drop off the expensive package you ordered. If you live a relatively simple life—no harm there—and nothing really needs Internet connectivity when you aren’t around, then why power up your wifi for no reason? It’s hard to hack into a network that doesn’t exist.

Disable potentially sketchy services

You probably don’t need to mess with your router’s settings when you aren’t actively connected to your wireless network. If your router has some kind of an option for “remote management” or “remote administration” make sure it’s disabled.

Advertisement

Screenshot: David Murphy

You should also consider disabling UPnP on your router, although this might give you a little grief when you’re gaming or running BitTorrent—to name two examples. Still, when an entire website is dedicated to the various ways one can exploit UPnP for nefarious purposes … maybe it’s time to go back to manually forwarding ports, if needed.

Some routers also let you set up an FTP server so you can transfer files in and out of your network. However, we live in an era when it’s easy to use any number of cloud storage providers—or file-uploading services—to share your files. You probably don’t need to run an FTP at home, and it’s a lot safer to disable this feature entirely (if your router supports it).

Advertisement

You also likely don’t need to access your router over SSH or Telnet—turn either off, if offered—nor do you probably need to access any USB-connected printers or storage when you aren’t at home. In short, if your router lets you do something from afar, consider turning the feature off (if you can). The fewer ways you can access your home network when you aren’t in it, the harder it’ll be for someone else to take advantage of a vulnerability and access your router (or your home network).

If you can, consider disabling your router’s cloud functionality as well. While it might be useful to be able to edit your router’s settings by logging into the manufacturer’s cloud service, it’s just one more open door that an attacker could use to compromise your router (or network). While you have no choice with some routers—typically mesh routers—it’s always better, and safer, to log into a router’s web-based UI manually from a device that’s connected to your home network, even though it’s a lot less convenient.

Consider a separate wifi network for guests and smart-home devices

I’ve been playing, testing, and reviewing routers for more than a decade, and I still have yet to meet someone who uses their router’s guest network feature. Heck, I don’t think I’ve ever even connected to a friend’s “guest network” in their home or apartment.

Advertisement

Still, the premise of a guest network is great, security-wise: Your router automatically sets up a second SSID for friends to use, and any device connecting to it is walled off from other devices on your primary network, either plugged into your router directly or connected wirelessly. (Most routers let you adjust whether you want guests to see everything, each other, or nothing, if you need to customize your setup a bit.)

A guest network comes with an added bonus, too; you can use it for all of your less-secure smart-home devices. If someone takes advantage of a vulnerability in your smart lightbulb and breaks into your network, there will still be a layer of protection between your hacked device and your desktop PC, smartphone, and laptop—to name a few examples. While you can also get crazy and segment off your network with separate SSIDs and VLANs, if your router supports it, this is an easier method that won’t give you a weekend’s worth of headaches (if you don’t know what you’re doing).

Advertisement

Tech News

Apple iCloud data in China is being stored by a state-run telco

July 18, 2018 — by Engadget.com0

Pixabay

Six months ago Apple caused controversy by moving Chinese users’ iCloud keys out of the US and into China, in order to comply with Chinese law. Now, that data, which includes emails, text messages and pictures, is being looked after by government-owned mobile operator China Telecom. And users and human rights activists alike have big concerns.

The move has unsurprisingly been praised by state media, with Chinese consumers being told they can now expect faster speeds and greater connectivity. But as comments on Weibo (China’s equivalent of Twitter) reveal, users have major privacy worries, claiming the government — known for its extreme citizen surveillance methods — will now be able to check personal data whenever it wishes.

Apple has repeatedly stated that its hands are tied on the matter — Chinese legislation has essentially given the company a “comply or die” ultimatum. However, Apple users in China are able to opt out of local data storage by choosing an alternative country for their iCloud account, but it’s not clear whether that would delete previous information, or simply migrate it to the new server. If you have concerns about the government snooping at your data, you might just want to start an account from scratch.