General Gaming Article |
- Newegg Daily Deals: MSI GeForce GTX 970 Graphics Card, WD Blue 6TB HDD, and More!
- Microsoft Takes Axe to Surface Pro 4 and Band 2 Pricing
- Hacker Makes Infiltrating FBI Database Seem All Too Easy
- Play Games with Your Eyeballs on MSI's GT72S G Tobii Laptop, Available Now
- YubiKey Neo and Neo-n Review
Newegg Daily Deals: MSI GeForce GTX 970 Graphics Card, WD Blue 6TB HDD, and More! Posted: 08 Feb 2016 12:41 PM PST Top Deal: There's a perfect storm brewing for gamers. First, Steam is having a sale on thousands of titles. Secondly, it's tax season, and hopefully that means a juicy refund is on its way to you. And third? That would be today's top deal for a MSI GeForce GTX 970 4G 4GB 256-Bit GDDR5 PCI Express 3.0 x16 HDCP Ready SLI Support G-SYNC Support Video Card for $325 with free shipping (normally $360; additional $20 Mail-in rebate; Free game: Rise of the Tomb Raider w/ purchase, limited offer). It comes with a custom cooling solution that both cools better and runs quieter than reference, plus a free game. Other Deals: WD Blue 6TB Desktop Hard Disk Drive - 5400 RPM SATA 6Gb/s 64MB Cache 3.5-Inch for $200 with free shipping (normally $215 - use coupon code: [ESCEGET74]) Asus H170 Pro Gaming LGA 1151 Intel H170 HDMI SATA 6Gb/s USB 3.1 USB 3.0 ATX Intel Motherboard for $111 with $3 shipping (normally $130 - use coupon code: [EMCEGET27]) Asus Desktop Computer Intel Core i3 4160 (3.60 GHz) 4 GB DDR3 500 GB HDD Windows 7 Professional Pre-installed with Windows 8.1 Pro Key for $350 with free shipping (normally $370 - use coupon code: [EMCEGET75]) Corsair Vengeance LPX 16GB (2 x 8GB) 288-Pin DDR4 SDRAM DDR4 3000 (PC4 24000) Desktop Memory for $85 with free shipping (normally $90 - use coupon code: [EMCEGET35])
|
Microsoft Takes Axe to Surface Pro 4 and Band 2 Pricing Posted: 08 Feb 2016 11:25 AM PST Getting a jump start on Presidents' Day
It's not exactly rare for Microsoft to mark down prices on various hardware, though if you need an official excuse for the latest round of discounts, it's to celebrate Presidents' Day. There's quite a bit that's on sale currently, including the company's line of Surface Pro 4 tablets. Each one is marked down $100 off the regular retail price. Here's how things shake out:
If you're not into the Surface Pro 4, there are several other 2-in-1 devices and regular laptops on sale at all different kinds of price points. On the lower end, the Acer Aspire One Cloudbook 11 is just $97 (11.6-inch HD display, Intel Celeron N3050, 2GB RAM, 16GB eMMC, Windows 10), while the Vaio Z Canvas 2-in-1 starts at $997 (down from $2,199). At that price, you get a 12.3-inch IPS display, Intel Core i7-4770HQ processor, 8GB of RAM, 256GB SSD, and Windows 10 Pro (plus a keyboard). Moving along, Microsoft is selling its Band 2 wearable for $200, which is a $50 discount over its normal selling price, and you can find several deals on phones, Xbox One consoles, and accessories. Go here to check it all out. |
Hacker Makes Infiltrating FBI Database Seem All Too Easy Posted: 08 Feb 2016 10:51 AM PST Security fail
The team of geniuses on CBS's action-drama show Scorpion routinely make it look simple to hack into government systems, and while it's not supposed to be that way in real life, a hacker who wishes to remain anonymous didn't have much trouble plucking personal details of 20,000 Federal Bureau of Investigation agents and 9,000 Department of Homeland Security employees. How so? According to Motherboard, who's been in contact with the hacker, it all began with a compromised Department of Justice email account. The hacker didn't say how he sabotaged the email account, but once he had the login details, he tried accessing the DoJ's web portal. When that didn't work, he simply called up the department. "I called up, told them I was new and I didn't understand how to get past [the portal]. They asked if I had a token code. I said 'No', they said 'That's fine, just use our one'." After that, he logged in, clicked on a link to a PC that directed him to an online virtual machine, entered in the DoJ's email login details, and then had access to three computers, including the one belonging to the DoJ employee he initially hacked. According to the hacker, once he clicked on that PC, he had full access to it, and from there he pulled documents on the DoJ's intranet containing details of tens of thousands of employees—some 200GB worth (he had access to 1TB). The hacker said that some of the data contained military emails and credit card numbers, though it's not clear if he swiped that as well or just peeked at it while he was in the system. Either way, he didn't provide those details to Motherboard, just the aforementioned accounts. Motherboard was able to confirm that the data was accurate by randomly calling some of the numbers the hacker provided. The numbers led to various FBI agents and employees, one of which told the site this was the first they heard of the data breach. The hacker has already dumped the data containing details of the 9,000 DHS employees through Twitter accompanied by a pro-Palestinian message. He also plans to dump the remaining data, but hasn't done so yet. |
Play Games with Your Eyeballs on MSI's GT72S G Tobii Laptop, Available Now Posted: 08 Feb 2016 09:00 AM PST Are you looking at me?
Ready for something trippy? MSI's GT72SG G Tobii laptop with eye-tracking technology that lets you control game activity with looks, stares, and gazes, is now available to purchase. It's the first gaming laptop in the world to feature Tobii's eye-tracking tech, and with it you can do things like switch targets in a game, select objects, or simply just pause a game by looking away. "The GT72S G Tobii Tobii adds another dimension to gaming and provides a level of interaction and immersion never experienced before," says Andy Tung, president of MSI Pan America."Our eyes will no longer be passive players, they will now direct, command and transport us into the future of PC gaming." How is it possible? The necessary technology is baked right into the laptop, so there's no awkward third-party accessory to mount. Part of it consists of three dual-lens near-IR beams that appear as three red lights on the laptop, but they're really using infrared light to track your eye movement. Outside of gaming, you can use the eye-tracking technology to navigate Windows and login via Windows Hello, and with supported applications like XSplit Gamecaster (you can find more supported apps here). Beyond the eye-tracking tech, this is a pretty potent laptop. It has a 17.3-inch Full HD 1080p display powered by a 6th generation Intel Core i7-6820HK processor, 32GB of DDR4-2133 memory, GeForce GTX 980M GPU, and a 256GB PCIe-based SSD flanked by a 1TB hard drive. Other features include a Blu-ray burner, 801.11ac Wi-Fi, Bluetooth 4.1, Killer Gaming Network E2400 LAN, half a dozen USB 3.0 ports, a singe USB Type-C port, mini DisplayPort, HDMI output, a pair of 3W speakers with a woofer, SteelSeries full-color backlit keyboard, and a few other odds and ends. The GT72S G Tobii is available now from Newegg for $2,599. It comes with Tom Clancy's The Division and offers support for several other titles, such as Assassin's Creed Syndicate, Assassin's Creed Rogue, ArmA III, Elite Dangerous, and others. |
Posted: 08 Feb 2016 12:00 AM PST Your passwords aren't strong enoughWhen it comes to contemporary security, the humble password (or passphrase) isn't enough to keep you safe. It seems like every day someone breaks into an organization's database and steals an array of passwords and user IDs. Even if organizations could keep their systems totally safe, some people still use low-tier passwords out of laziness. At a glanceOne Key to Rule Them All: Secure 2FA with a slew of options like OATH-HOTP, HMAC-SHA1, and Yubico OTP; can securely store 2048-bit RSA keys; FIDO U2F compatible. And In The Darkness Bind Them: Not all services offer U2F, OATH, or HMAC; small enough to lose easily. It's for this reason that password managers are so handy, but even the password manager can be insecure due to its reliance on a password to secure it. Luckily, two-factor authentication (2FA) is beginning to become the norm. (If you haven't activated two-step verification for your Google account, stop what you're doing and activate it now.) For those who want more than what Google Authenticator has to offer, there's Yubico's YubiKey. YubiKeys come in several models, and I got a chance to play with a YubiKey NEO and YubiKey NEO-n. Both of them are kick-ass pieces of security hardware. The YubiKey NEO is an unassuming-looking USB device that you attach to a key-ring or lanyard. When inserted into your PC, the user only needs to touch the gold button on the YubiKey for it to work. (The button is capacitive, not a fingerprint reader.) The YubiKey NEO also supports NFC, so you can use the key with an Android device. The NEO-n is a low-profile USB key that, when inserted, is nearly flush with the side of your laptop or USB port. To activate the NEO-n, you simply touch the exposed side of the device while it's inserted. The NEO-n does not have NFC capability. Each YubiKey is unique, and will have to be paired with services separately. (If you have a NEO and a NEO-n, they will give different responses to whatever service is requesting input.) The devices also register as HID keyboards by default, so they will work without having to install any drivers. That's a big plus in my book. Three functions in one keyThe YubiKey NEO and NEO-n have three modes of use, and you can enable all of them at once with the newer firmware. (Older firmware only allowed the user to enable two at a time.) All YubiKeys (with the exception of the $18 blue Fido U2F Security Key model, which only has FIDO U2F support) ship with one-time password (OTP) mode enabled by default. Services that use OTP authentication (like LastPass) make use of Yubico's cloud service to authenticate YubiKeys. In this mode, the YubiKey supplies a string of characters. The first few characters of the string is the YubiKey identifier and always remains the same. The rest of the string is a unique code made up of a cryptographic nonce. When the string is supplied to the service (like LastPass), the service checks it against the Yubico cloud to authenticate the string. If the service gets the okay from Yubico, access is granted. In this manner, the OTP mode basically serves as a second username and password, in which the password (nonce) for the YubiKey changes every time it's used. The second mode that the NEO and NEO-n can use is chip card interface device mode, or CCID. In CCID mode, the NEO can store OpenPGP keys for use on different PCs. For those who use OpenPGP/GnuPG, this means that you won't have to carry around private and public key-files on a FAT32-formatted USB stick—though you should always keep a backup of your private key somewhere secure like a USB stick in a locked box. By extension, it also means that you won't have to move those keys to your PC. The only setback to this mode is that the YubiKey NEO (and NEO-n) only support 2048-bit RSA keys. If you have a 4096-bit key, you can get around this by creating 2048-bit signing, authentication, and encryption keys and moving those onto your YubiKey using GnuPG. (Note: The YubiKey 4 supports 4096-bit keys in CCID mode, but lacks NFC capability.) The last mode is U2F, which makes use of the FIDO U2F standard. There are several services that make use of FIDO U2F, like Google and GitHub. However, at the time of writing, Mozilla's Firefox browser doesn't support FIDO U2F. (Native support of U2F in Firefox is being worked on, and there is an active bug in Bugzilla tracking the issue.) If you want to use U2F with web applications, you have to go with Chrome for now. Other authentication methodsThere are other features the YubiKey NEO can implement via one of its two "slots." Slot one comes pre-configured with Yubico's OTP. The first slot is activated by a quick tap on the YubiKey's button, while a long (three to four second) tap activates Slot 2. Using the YubiKey Personalization Tool, you can configure Slot 2 to to use a static password, OATH-HOTP, or a challenge-response using either the Yubico or HMAC-SHA1 algorithm. The static password is pretty straightforward, and has its uses in systems that don't support any other password method (like a BIOS password). The OATH-HOTP option generates a six to eight digit number, much like Google Authenticator or an SMS second-factor authentication method would. The HMAC-SHA1 feature allows for a system to challenge the YubiKey with a string that has to be combined with a shared secret and hashed before being sent back to the system. HMAC-SHA1 allows the YubiKey to be used for system logins with Yubico's login software for Windows, or with LUKS disk encryption on Linux. Considering how small and simple the YubiKey is, that's an impressive array of security options that are available to the user. If you're still with me, let's go over one more really cool thing about the YubiKey NEO: NFC. NFC and Yubico AuthenticatorIf you've ever used two-factor authentication, there's a good chance you've used Google Authenticator. Google Authenticator makes use of a shared secret, TOTP, and HMAC-SHA1 to generate one-time passwords that are generated on a clock cycle. It's reasonably secure, and lots of services use it because it's free, easy to use, and doesn't require the service to send SMS messages with one-time use codes. But what if someone happens to unlock your phone? That 2FA isn't so secure. Yubico's Authenticator app requires the user to tap their YubiKey NEO to the back of their phone before codes are displayed. The codes that are displayed look and act just like Google's codes. The app can add any service that Google's Authenticator can, which makes the Yubico Authenticator a drop-in replacement for Google Authenticator. Besides just using the YubiKey, the Yubico Authenticator allows you to lock the codes behind a password as well. This seems a little bit like overkill, since if someone has my phone, YubiKey, user name, and password, they're probably in a position where they can beat the Authenticator password out of me. Still, this feature offers security on top of security, and the truly paranoid can feel safe knowing that their one-time pass-codes are as secure as they can be. Losing your keysOne bad thing about the YubiKey is that it's so small. The damned thing can be easy to lose if you're not careful. Even if attached to your key ring, the YubiKey is as easy to lose as your keys are. A couple of weeks ago I lost my keys on BART (Bay Area Rapid Transit), which meant I had to reset all of my YubiKey pairings. Another thing that ticks me off is that I can't use the YubiKey NEO with some services that really should allow FIDO U2F or OATH-HOTP. PayPal (and other sites that use Symantec's VeriSign), won't work with any YubiKey except the YubiKey VIP, which you have to call in to order. Steam doesn't yet support U2F and sticks to its proprietary 2FA system. None of the financial organizations I use take advantage of U2F. But hey, you can bet your ass my Gmail is secure. I was also a little worried at first about what could have happened if I had my PGP keys loaded on the YubiKey. Then I remembered that if you load subkeys and not your primary key, all you would have to do is revoke the subkeys. The upside to having this thing on my key ring is that I always know where my keys are when I'm working on a PC: right next to me. Since I need the YubiKey to unlock my LastPass vault on a regular basis, my key ring is never far from my laptop or desktop. Using 2FA and advanced security features online and on your PC can be a pain the ass sometimes, but the YubiKey makes it really easy once it's set up. The added confidence in knowing that only someone with your physical YubiKey can access your accounts gives peace of mind to using password managers and online services. For the consumer worried about security, you really can't get much better than using the YubiKey when it comes to securing online accounts. 2FA won't save you by itself (it can't defend against man-in-the-middle attacks, for example), but it will make you a harder target. At $50, I can't recommend the YubiKey NEO highly enough. Though I got to review the YubiKey NEO-n, you can't get the NEON-n individually, as Yubico only sells them in batches of 500 or more. That's not a big deal, since the $50 YubiKey 4 Nano is pretty much the same thing as the NEO-n and can hold 4096-bit RSA keys to boot. However, if you don't need the NFC features or want the ability to store 4096-bit RSA OpenPGP keys, I'd recommend getting the cheaper YubiKey 4 for $40. |
You are subscribed to email updates from Maximum PC latest stories. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |