The UpStream

One of the largest security leaks in history was just revealed

posted Saturday Jan 19, 2019 by Scott Ertz

If 2018 was the year of security breaches, then 2019 is not shaping up to make us more comfortable with our online security. In fact, we are starting 2019 with the largest leak of security information in history. Dubbed "Collection #1," this leak contains 773 million unique email addresses and over 21 million passwords, with a combined collection of 1.16 billion unique account credentials and 2.7 billion total credentials, collected from various sources.

The data was made available to Troy Hunt, who owns and operates the personal security platform HameIBeenPwned, which allows people to look up their email address and password to see how many publicly available breaches that address has been involved in, with details about each. We recommend that users search for their email addresses on a regular basis, but especially after a large hack. It will help you determine just how much of your information is available publicly and for sale online.

This will certainly not be the last time we hear about a security breach or leak in 2019. In fact, if things continue down the current path, you can expect "Collection #1" to not be the last one we hear. It is important to think about your data security and create a plan to protect your information. A common method is password managers, but those can get hacked, too, making all of your passwords available in the wild. In reality, the best plan is to create scenarios where getting your information is not enough to do harm.

For credentials, creating a 2-factor authentication method is a huge step in the right direction. Requiring that you use a 2FA app or receive a code via text is the most common solution, but we're seeing physical 2FA enter the market in a big way. We're currently reviewing a physical 2FA method called YubiKey, which we will have a video and review on soon, but so far it looks like a great security method.

In addition to your credentials, you should protect your financial information. We've begun working with Privacy, which allows you to create 1-time use cards for use online - for free. If the retailer gets breached and your card information is stolen, it is only good at that retailer, and only until you terminate the card.

The important thing to remember here is that your information is never going to be secure, but there are some steps you can take to protect it above and beyond the norm.

Fallout 76 has a private loot room that will disable your account

posted Saturday Jan 19, 2019 by Scott Ertz

Fallout 76 has a private loot room that will disable your account

In videogames, it is not unusual for developers to create a locked or hidden area of the game in which the visual assets of the game can be spawned and rendered before being moved from the hidden area to the public area of the game. The most public instance of this was in a version of Grand Theft Auto which featured the visual aspects sitting in the clouds. The most recent public example of this is in already controversial Fallout 76, which contains a hidden "developer room" with every available asset in the game, including some that have not been released into the game yet. It also features an NPC named Wooby.

The room was discovered about a week ago, and since the discovery has become the focus of a lot of interest. Some of the interest has simply been curiosity, with people trying to figure out how to get into this hidden room. Some, on the other hand, have had a more nefarious intent: to bring items into the economy that technically do not exist yet. A move like this can damage the in-game economy, so Bethesda has clearly been forced to respond to the situation.

After issuing a temporary ban on players who access the "developer room," Bethesda has contacted users with an email asking,

please describe the way (the developer room) was accessed in a reply to this email. This detail should provide the information necessary for us to correct any corruption issues on this side and safely release this account and return these characters back into the world.

While it may sound as if there are innocuous ways of accessing the room, Bethesda has claimed that only through third-party hacking tools. As part of their research into how to prevent access, Bethesda said,

in an effort to ensure the integrity of these characters and accounts, these accounts are being temporarily disabled pending further investigation. Players that have accessed these areas and have had their accounts impacted are encouraged to contact our support team.

The Dev room access glitch follows another economy-damaging glitch which allowed players to duplicate an arbitrary item into an infinite number of copies. These issues have added to a growing list of reasons players are displeased with the game since it debuted in November.

Legality of biometric phone unlock gets a ruling in your favor

posted Saturday Jan 19, 2019 by Scott Ertz

Since the beginning of fingerprint unlocking of phones, but brought into prominence by Apple's Touch ID, there has been a battle over whether or not law enforcement has the right to compel you to unlock your device using biometrics. It has long been ruled that unlocking a device via PIN was a violation of the 5th Amendment because it requires a person to divulge private and confidential information, which is tantamount to testimony.

On the other hand, biometric sensors have been thought to fall under a different set of rules which apply to things like requiring a person to take a urine test for alcohol. Since no information is required to be divulged to unlock the device, and the process of unlocking the device is in no way invasive, the legal standing has been that law enforcement had the right to compel a person to place their finger on a sensor, or to look into the camera of a phone.

The legal standing has been challenged on multiple occasions with differing results. However, the prevailing precedent has held that law enforcement can compel. That precedent has been changed this week, as US District Court for the Northern District of California magistrate judge Kandis Westmore ruled in opposition, closing any jurisdictional question on the law. In her ruling she stated,

If a person cannot be compelled to provide a passcode because it is a testimonial communication, a person cannot be compelled to provide one's finger, thumb, iris, face, or other biometric feature to unlock that same device.

This is obviously far from the last time we will hear about this scenario. There is little doubt that something of this nature will make its way to the Supreme Court for a final ruling, but for now, this is the law of the land, and it is good for all of us. Previously, the only real hope we had in protecting our data from the prying eyes of law enforcement was a feature Apple introduced with a completely different purpose.

What We've Learned: Everyone is tired of the app store policies

posted Friday Dec 28, 2018 by Scott Ertz

One of the biggest surprise trends of 2018 has been the disillusion with the normal process for distribution. The leader of the revolution has certainly been Epic Games. Between circumventing Google Play for Fortnite on Android and launching a new PC game store, they have been the ones carrying the flag against high commissions and "business as usual" in the industry. Epic has not been the only one fighting against the norm, however. Discord also created their own store, yet another way for developers to distribute their games and for gamers to discover great new content.

But standard distribution is not the only problem facing developers. One of the biggest financial hits to any subscription service is the cut that platform providers charge for those recurring payments. The biggest problem has always been Apple, which requires that in-app purchases be made available through the App Store. This requirement is because Apple takes 30 percent of the charge. That means that a service offering the ability to subscribe to their service through their app must either charge more for the service or potentially lose money on every subscriber.

Netflix has been on the leading front of this particular battle. As the company produces more and more original content, they need every penny that they can get. Since announcing their plans, they have tried to keep their prices steady, but with a 30 percent loss on every Apple-based subscription, that gets really tough.

Earlier this year, there was a rumor that they would turn off the ability to subscribe through an Apple device, requiring new users to go to the website to sign up instead. This week, the rumors were proven true, with Netflix officially killing the ability to sign up for service through their iPhone app. This change could significantly change the bottom line for Netflix, meaning that they can continue to enhance their slate of original content for the foreseeable future.

Moral of the Story: Giving up personal data is how it works now

posted Friday Dec 28, 2018 by Scott Ertz

Moral of the Story: Giving up personal data is how it works now

If 2018 has had a theme, it would be that people simply don't care about their privacy anymore. Online services have increased the amount of data they collect about you and the types of companies that they sell that data to. Some apps don't even provide a value and still collect information. This has been the way that the web has worked for decades, and we have accepted it, but things are changing.

These days, we don't just expect the behavior from free services. We purchase Alexa-powered devices that proveably record everything that happens around them, and when they send that data to the wrong person, we seem to accept it as normal. But, in Amazon's case, both of these instances were accidental.

Then there are companies who knowingly violate your privacy, like Facebook. Despite their own terms of service and data sharing disclosures, Facebook has still made your data available without your permission or knowledge. For example, when they gave top tech companies carte blanche to your Messenger account. Or how about the Cambridge Analytica scandal. Rather than users fleeing the service that obviously doesn't care about you as a person, nothing has changed. Perhaps because the company has a policy of silencing their critics.

No matter the scenario, the response always stays the same: we're doing what we can to continue to provide you with the services you want. We're sorry you didn't like what we did, maybe we'll change. The reality is that we cannot expect these companies to change their behaviors, because as users we've told them that we're okay with it. Clearly, the problem is a complex one, that has been made more complex by our dependence on these platforms for everything from personal communication to corporate collaboration.

Blizzard is fighting the nonsense that is the Twitch Chat community

posted Friday Dec 28, 2018 by Scott Ertz

Blizzard is fighting the nonsense that is the Twitch Chat community

Anyone who has ever spent any real time on Twitch knows that a channel's chatroom can go from 0 to 60 in way under 10 seconds. As a streamer gets more popular, the potential for chat disaster gets exponentially worse. There are some measures that streamers can take to try and keep some semblance of control over their chat, including content filtering, moderation, and bans. For most streamers, this is enough to prevent the madness that can become a reality.

When it's an official channel, however, it's an almost guaranteed scenario that viewers will get contentious, and quickly. When that happens, things like moderation becomes nearly impossible because of the sheer number of messages being posted. Often times, these channels take more severe measures to try and keep some civility in the chat. Others, however, take severe to all new heights.

This is the way that Blizzard is trying to handle their official Overwatch channels. Discovering that toxicity comes with the territory, Blizzard has decided to bring harsher penalties to viewers who try to raise a ruckus in chat than just being banned from the chat itself. In fact, the company has announced intentions to force Twitch users to link their Battle.net accounts before they can chat on official channels.

The question is, how does the company intend to use the linked information? It would not be a surprise to find that Blizzard plans to suspend users from certain features on Battle.net, or within Overwatch itself, if things get too out of hand. They might even go so far as to ban users on their Battle.net accounts. Starting with the Overwatch Contenders season 3 finals, Blizzard will be piloting the program. If successful, it is likely that we will see the program rolled out on a larger scale, including all of the Overwatch League.

We're live now - Join us!
PLuGHiTZ Keyz

Email

Password

Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats