December now can mean one sure thing on YouTube: Mark Rober puts out a Glitter Bomb video. This year has him iterating on his designs and rolling out version 4 of his Porch Pirate Bait.
The idea is simple: invent a package that tempts thieves to steal it. When it opens, it wreaks havoc on those scummy people who stole it. Plain and simple. Oh and it records everything.
Mark Rober has a great channel that makes science and engineering fun. This video in particular is always a great one. It's now a December tradition.
Targeting the Zelle
December 14, 2021
An article that flew under my radar was this one over on Krebs on Security wherein Brian Krebs explains Zelle scams. It's a fascinating breakdown of fraudsters anticipating how the system works and manipulating victims into bypassing Zelle's security. Here's the kicker: it's not about giving up your password.
An important aspect of this scam is that the fraudsters never even need to know or phish the victim’s password. By sharing their username and reading back the one-time code sent to them via email, the victim is allowing the fraudster to reset their online banking password.
Zelle, for those unfamiliar, is a platform developed by banks in order to compete with the likes of PayPal, Venmo, and Apple Cash. You can send and receive money from friends instantly. And because it's all through trusted institutions, the transfers are instant under certain amounts. Larger amounts may take a couple of days to clear, but it's still faster than a check. Meanwhile these scammers are working the system in order to get people to authorize transfers.
The gist is a bogus text message that looks legit will trigger a spoofed phone call, both looking like they're from the bank. They trick the person into giving up their username & providing the 2FA code sent to their phone. Side note: NEVER GIVE THOSE CODES TO ANYONE YOU DIDN'T CALL. From there, the person is able to access the victim's account and initiate a Zelle transfer.
Typically, Zelle has been exempt from normal consumer protections based on its legal language. However, Krebs is quick to point out that victims ARE protected by CFPB regulations. In instances of Zelle fraud the bank must restore the stolen funds.
It's another step in the cat & mouse game to protect bank's customers and scammers finding clever ways to social engineer their ways around them. Krebs has a good mantra to help avoid these: Hang up, Look Up, and Call Back.
Closing the Window
December 14, 2021
A common theme lately is the fight between streaming services and movie theaters. COVID changed a lot with films coming out on Day 1 as a movie in the theatre. Over on VOX's YouTube channel, they have an interesting explainer as to why theaters are still a viable business.
Vox does a good job of explaining the release window. This is an exclusive time a movie is in theaters before it goes onto be available elsewhere. This exclusive time period is essential for the theater to make money. Studios make money still from theaters and also gain some ground by shortening the window. I could break down a lot more of the video, but it's a good 7-min watch. While I am steadfast in my desire to only watch movies at home, it's interesting to see how vital theaters are to the movie industry.
Pocketing the Games
December 13, 2021
Console manufacturer Analogue is a well-known player in the retro-gaming scene. They make high-end gaming consoles that can play retro games. The machines emulate original hardware via fancy chips called FPGAs and they are pixel-perfect recreations of what Nintendo and Sega put out in the 80's & 90's.
Hot on the heels of their TurboGrafx system comes the long-awaited release of their portable console, the Analogue Pocket.
At a glance, the Pocket looks like production on the Game Boy never stopped and Nintendo kept revising it over the past three decades. It has basically the same form factor as the original Game Boy. The Pocket is a plastic brick you hold up vertically, available in either black or white, with a square screen up top, a D-pad and face buttons below, and a cartridge slot in the back. There are a few changes, of course.
The Pocket is super-slick looking. Not only does it play original GameBoy cartridges but it will also support the entire Game Boy Color & Game Boy Advance library. Want to get your fill from Sega and other companies' releases? The Pocket will have cartridge adapters for Game Gear, Neo Geo Pocket Color, Atari Lynx & more. Essentially, the Pocket is a portable video gaming powerhouse.
Analogue announced the pocket nearly two years ago and was delayed so long for, well, you know. Finally, pre-orders are up as of the 14th and Analogue will get them into people's hands early 2022. For what this little device does, it will surely be a hit for any portable retro gaming fan out there.
It's a Subscription... For Your Toyota
December 12, 2021
Year after year we are being pushed into a culture of renting. We don't own things like purchased movies, digital video games, Kindle books, and lots of software. Car manufacturers, smelling blood in the water, are looking to cash in with subscription services too.
Enter Toyota who includes a remote start feature on many cars since 2018. If you're one of those lucky owners, Toyota can require a subscription after a trial to continue using this part of your car. If you don't, it gets disabled.
A Toyota spokesperson confirmed to The Drive that if a 2018 or later Toyota is equipped with Toyota's Remote Connect functions, the vehicle must be enrolled in a valid subscription (whether it be a free trial period or otherwise) in order for the key fob to start the car. It's become more common in recent years for automakers to charge for apps that allow drivers to monitor, lock, or start their cars with their smartphones. But as far as we can tell, Toyota's the first company to charge for full use of your physical key fob—either $8 a month or $80 a year at the Remote Connect plan's current price.
So after buying your car, and likely well within the time prior to paying off the loan, you will need to pony up a $80 recurring fee to Toyota to pay for something that is physically located inside your vehicle. A vehicle you own. A vehicle in which you own those components that are being actively disabled. Given the growing momentum of Right to Repair, I can easily see a secondary market crop up wherein tinkerers and curious minds learn how this works and disable the lockouts. Further, it doesn't take a large mental leap to envision these components being hacked or bypassed so a traditional remote start modules can be used.