Lenovo Vulnerability Lets Hackers Access Passwords

Wide Range of Laptops Affected

Lenovo just fixed a severe vulnerability in several Lenovo laptop models allowing hackers with physical access to a computer to obtain sensitive information including login credentials. The problem lies in the Lenovo Fingerprint Manager Pro, usually installed on ThinkPad, ThinkCentre and ThinkStation models.

The Lenovo Fingerprint Manager Pro application used a weak encryption algorithm, allowing a local user with non-administrative access to read Windows login information and fingerprint data. An attacker can then use the information to log in to the affected computer. This vulnerability affects Fingerprint Manager Pro on Windows 7, Windows 8 and Windows 8.1. Windows 10 machines are unaffected, as those laptops use Windows 10’s native fingerprint support.

The advisory listed these computer models: 

  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga 14 (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900

The vulnerability, indexed as CVE-2017-3762, is rated as high-severity. Although the vulnerability requires physical access to a computer, affected users should update their systems as soon as possible.


Leaked Chrome OS Tablet Uses 4:3 Aspect Ratio

iPad-esque form factor favored over 16:9 widescreen

Credit: Alister Payne 

A Chrome OS tablet was spotted at The Bett Show, a United Kingdom-based annual trade show showcasing information technology in education. The device is an Acer product and measures between eight and ten inches diagonally.

All Chrome OS devices thus far have had keyboards; they are all either 2-in-1 convertible hybrids or traditional laptops. Android tablets have done very poorly, with poor app optimization (many Android apps don’t scale well to a larger screen size) and a lack of differentiation from the Apple iPad.

The iPad isn’t a MacBook replacement, however. It run iOS, the same mobile operating system used on the iPhone. Chrome OS, on the other hand, is a custom version of Linux and as such supports input via a mouse and keyboard. Android app support has made its way to the platform, making it a robust ecosystem that includes both smartphone apps and a desktop-class web browser, something iPad owners can only dream of.

The Acer Chrome OS tablet uses a 4:3 aspect ratio.

This is where things get interesting. By targeting the Apple tablet size, Chrome OS tablets may be seen in the home, business, or education markets as a viable and less expensive iPad alternative.

Particularly in education and business, being able to deploy all of your devices with the same software will likely be too tantalizing to resist for firms and schools currently using both iOS and Chrome OS devices. Home users too may find appeal in the notion of everything running Google software, from the laptop, down to the tablet and smartphone.

Laptop sales have been in decline for years, but Chrome OS devices have bucked that trend. The iPad has performed similarly in the tablet market. A Line of Chrome OS tablets may do to the iPad what Chromebooks have done to Windows laptops.


Sony Announces New Truly Wireless Headphones at CES

A successor to the flawed WF-1000X

The Consumer Electronics Show, or CES for short, took place this past week. CES is a yearly conference where the greatest tech of tomorrow makes its debut. Most of the large consumer-facing corporations not named Apple, Google, Microsoft, or Amazon hold keynote presentations at the multi-day spectacular. Sony always has a presence at the Las Vegas, Nevada-based trade show.

Apple kicked off the truly wireless revolution with the introduction of its AirPods at the iPhone 7 launch event back in September 2016. The current trend of in-ear buds which forgo a neckband in favor of a rechargeable carrying case can be attributed to the AirPods, which themselves owe their invention to the removal of the iPhone’s headphone jack. Priced at $159 and offering no discernible improvements versus the complimentary EarPods, Apple’s first in-house attempt at wireless audio scored an overall rating of six-out-of-ten here on D&theJM

Bose SoundSport Free

Because the AirPods offer no sound isolation and take a one-size-fits-most approach, other OEMs have been looking to fill that vacuum and cater to high-fidelity diehards and individuals for whom Apple earbuds fit poorly. The fitness market has been the go-to niche for many of these products, most notably the Bose SoundSport Free which check nearly all the boxes for what to look for in an AirPod competitor. Samsung and JayBird also have respectable offerings. 

Last fall, Sony unveiled their first truly wireless headphones, the WF-1000X, at IFA 2017 (Europe's equivalent to CES). The headphones have garnered mediocre customer reviews on various sites, including Amazon, Best Buy, and Sony’s official website, averaging just over three-out-of-five stars. In other words, owners of Sony’s first-gen wireless buds found them to be roughly on par with how we at Davis & the Jake-Man rate the Apple AirPods. 

Sony WF-1000X

Audio latency, intermittent connectivity, and poor onboard controls are pervasive in third-part truly wireless solutions, as explained by The Verge’s Sean O’Kane in his reviews of the Gear IconX, SoundSport Free, and JayBird Run. That other headphones in 2017 had similar problems doesn’t excuse the WF-1000X, however. This is why Sony has been quick to offer a replacement. 

The WF-SP700N truly wireless headphones are, feature-for-feature, the successor to the WF-1000X and address this segment of the Bluetooth market in Sony’s 2018 headphone portfolio. They offer noise cancellation, NFC, and Bluetooth 4.1 like their predecessor, and introduce IPX4 sweat resistance, a no-brainer on workout buds. Time will tell if these new headphones address the connection and lag problems of last year's model. The WF-SP700N are slated for a spring 2018 release and we will be reviewing them in full when they are publicly available.


New Platform Lets Users Sell Used PC Games

And Yes, it Has its Own Currency

Digital ownership tends to be a bit complicated, especially regarding video games. Gamers have many options when purchasing form digital retailers, from Steam and Denuvo keys to DRM-free standalone executables. As digital became the norm and prices for digital games dropped thanks to sites like Fanatical (formerly Bundle Stars) and Humble Bundle, many gamers find themselves with extra copies of games they will likely never use.

Naturally, markets will open whenever there is a demand for a service, and potentially unscrupulous sites like G2A popped up, allowing users to sell or trade their extra game keys. A new upcoming gaming platform, Robot Cache, will allow users resell their games using “Iron”, a built-in, mineable cryptocurrency. Robot Cache is the brainchild of inXile CEO Brian Fargo and former Atari exec Lee Jacobson. 

“Each used game sale gives 25 percent of the proceeds to the seller and 70 percent to the developers and publishers.”

Using blockchain technology, unchangeable records are kept for who owns a specific copy of a game. Each used game sale gives 25 percent of the proceeds to the seller and 70 percent to the developers and publishers. Additionally, new game sales give a whopping 95 percent of the sale to developers and publishers compared to Steam’s 70 percent. 

When games are resold, users will be paid in Iron, which can be exchanged for cash or used to buy games. As with any currency, (especially the crypto variety) Iron’s value is likely to fluctuate over time. Rampant cryptocurrency mining is already causing problems like high energy usage and skyrocketing GPU prices, so there is potential for a crash in Robot Cache’s digital market somewhere down the line. 

Robot Cache is still finalizing the process for deciding which games appear in their catalog, but they do intend to curate their games. A representative told Kotaku “almost all the devs they have on board already agree that some kind of bar would be helpful to make discoverability easier and to ensure no malware."

“With its rampant piracy, PC as a platform has always had a problem with used game sales compared to home consoles.”

With its rampant piracy, PC as a platform has always had a problem with used game sales compared to home consoles. The complete lack of a physical disc in most cases makes lending a game to a friend for the weekend harder than it needs to be. I don’t expect Robot Cache to revolutionize used PC game sales, especially if it’s marketing with the cryptocurrency fad in mind. For now, I’ll just have to hold on to my extra Steam keys.


Davis & the Jake-Man 14: Lit Proxies and Fleek Firewalls

Davis and the Jake-Man is a New England-based "monthly" podcast hosted by two certified computer technicians.

In episode eleven of their ‪technology podcast, Davis and Jake discuss the #technews for the month of December, including:

  • Microsoft Edge has finally come to mobile
  • In display fingerprint sensors coming next year
  • Xbox One X value proposition
  • Sponsored content on YouTube
  • Failed T-Mobile/Sprint merger
  • Facebook exploited “vulnerability in human psychology”
  • British iPhone owners file class action lawsuit against Google

Free Upgrades to Windows 10 End Today

Extended support to continue until January 2023

The Windows 10 “assistive technologies” loophole, the workaround that allows the disabled (or anyone who claims to be) to upgrade from Windows 8 to Windows 10, ends today. The Windows 10 free upgrade period officially ended back in July 2016, but the grace period was extended to ease the transition for users who employ the use of accessibility services, i.e. the on-screen narrator or a braille keyboard.

January 9 marked the day mainstream support ended for Microsoft’s tablet-centric operating system. Windows 8 is now in the “extended support” period, in which only security fixes and patches are pushed to legacy users. Windows 7 is also at this stage in its lifecycle, with end-of-life sunsets scheduled for 2020 and 2023 for Windows 7 and Windows 8, respectively. 

July 29, 2016 was the last day most users could upgrade for free.

Windows 10 was called “the last version of Windows” when it was introduced in 2015. Naturally, this claim and the indefinite support it implied were simply too good to be true. Windows 10 version 1507, for example, has already reached end-of-life. Windows 10 as a whole will sunset on October 14, 2025. What this means for the future of Redmond’s desktop OS remains to be seen.

Users aided by assistive technologies must upgrade today if they don't want to pay.

After today, all users, even those who are handicapped, will have to pony up the $119.99 for Windows 10 Home or the $199.99 for Windows 10 Pro. New features are no longer being pushed to Windows 8 and security support will end in five years' time.


Wi-Fi Alliance Announces WPA3

The Next Generation of Wireless Security

At long last, the Wi-Fi Alliance has announced the next generation of the most popular wireless security protocol, Wi-Fi Protected Access 3 (WPA3). This is great news as the previous generation of the protocol, WPA2, has been in operation for over 15 years. 

Several problems with the WPA2 protocol have been known for a long time. Open, unencrypted Wi-Fi networks allow anyone connected to the same network to intercept any sent data. Additionally, the recently discovered KRACK (Key Installation Attack) vulnerability makes it possible for attackers to intercept and decrypt wireless traffic passing between a computer and an access point.

"WPA3 will be available later this year."

WPA3 will be available for personal and enterprise wireless products later this year. The new protocol offers new features such as individualized data encryption, protection against brute-force dictionary attacks, simplified security for devices with no user interface for configuring security, and a 192-bit security suite.

In order to use the protocol, new devices must be certified by the Wi-Fi Alliance. Such a process could potentially take months, but is definitely possible for a mid or late 2018 launch.


Apple Official Cases Aren't Built to Last

Anecdotal experience incoming

One of the many perks of owning an iPhone is the stylish first-party accessoriesApple really does know how to make a smartphone case. Or does it?

I’ve been on the hunt for The One Case to Rule Them All for several years now. Many of my friends and colleagues (including Davis) could tell you I’m always switching phones and/or cases, and I haven’t found the right one in all this time.

Apple Silicone Case

After cycling through literally dozens of Android phones, I thought I’d found the right smartphone/case combination in the iPhone and the Apple Silicone Case. I found myself in an “it was in front of me the whole time” iEureka Moment™ (now available for Apple Watch).

Alas, it was not meant to be. The bottom portion of the soft silicone began to fray from being taken in and out of my pants pocket. It was too good to be true; I had to look elsewhere. Enter: Apple Leather Case.

Apple Leather Case

“Surely this study material will not wither like that soft rubber,” thought the Jake-Man (me). I thought wrong. That veritable Cupertino cowhide picked up the the dyes of my slacks easily, tarnishing my signature garish yellow with the navy blue of my store bought semi formal wear. I'm  trying a third-party bumper case next.

Maybe it was the pants?