White House privacy proposal aims to give you control over your data

U.S. businesses that collect personal data would be required to describe their privacy and security practices and give consumers control over their personal information under a proposed privacy bill of rights released Friday by President Barack Obama's administration.

The proposal would also require companies and nonprofit groups to collect and retain only the personal data they need to operate.

However, the proposal allows industry groups to submit their own codes of conduct to the Federal Trade Commission and shields companies that follow those codes from FTC enforcement actions.

Organizations adopting codes of conduct "shall have a complete defense to each alleged violation" of the privacy rules if they demonstrate compliance with the industry-developed codes, according to the draft bill's language.

That drew criticism from privacy advocates.

The White House plan is "riddled with problems," even after discussions with privacy groups in recent weeks, said Jeffrey Chester, executive director of the Center for Digital Democracy.

The proposal limits the FTC's authority to enforce privacy standards through its codes of conduct provision, Chester said via email. The FTC has only 90 to 120 days to decide whether to approve a proposed code of conduct, for example.

The proposed bill of rights, based on a 2012 Obama administration proposal, is needed because companies are collecting more and more personal data, the White House said.

"Even though responsible companies provide us with tools to control privacy settings and decide how our personal information is used, too many Americans still feel they have lost control over their data," the White House said. "Fears about identity theft, discrimination, and the trade in sensitive data without permission could erode trust in the very companies and services that have made us better connected, empowered, and informed."

The privacy draft, a proposal for Congress to consider, would require companies collecting personal data to regularly assess their security risks and establish safeguards. It would also require companies holding personal data give consumers access to it.

But the draft bill allows companies to deny customers access to their personal information if their requests are "frivolous or vexatious." This provision allows "a company to determine whether the data should be available," Chester said.

Senator Edward Markey, a Massachusetts Democrat and long-time privacy advocate, raised concerns that the proposal would preempt many state privacy laws.

The draft bill "falls far short of what is needed to ensure consumers and families are squarely in control of their personal data," Markey said in a statement. "Instead of codes of conduct developed by industries that have historically been opposed to strong privacy measures, we need uniform and legally enforceable rules that companies must abide by and consumers can rely upon."

On the other side, some industry groups said the proposal isn't needed and sends the wrong message about U.S. business practices. The proposal "says to state legislators and foreign governments that American online businesses have a privacy problem," Steve DelBianco, executive director of e-commerce trade group NetChoice, said via email.

Before passing legislation, Congress should run a cost-benefit analysis to determine the impact on U.S. businesses, he added.

The proposal "casts a needlessly imprecise net" in policing online business practices, according to the Internet Association, another trade group.

16.00 | 0 komentar | Read More

Linux gaming rising: 25 killer PC games that call Linux home

Another Paradox title, Crusader Kings II is still going strong years after release because of the developer's devotion to releasing awesome new content on a regular basis. This deep strategy games plops you down in medieval Europe and is pretty much a less-graphic, strategy game version of Game of Thrones.

The behind the scenes intrigue is nothing short of a soap opera, full of adultery, murder, incest, political marriages, pope bribing, and the occasional slaughter of friends and enemies—all in the name of advancing your goals. This strategy sandbox sinks its hooks into you and won't let go.

16.00 | 0 komentar | Read More

Personal data on 50,000 Uber drivers exposed in breach

The names and license plate numbers of about 50,000 Uber drivers were compromised in a security breach last year, the company revealed Friday.

Uber discovered a possible breach of its systems in September, and a subsequent investigation revealed an unauthorized third party had accessed one of its databases four months earlier, the company said.

The files accessed held the names and license plate numbers of about 50,000 current and former drivers, which Uber described as a "small percentage" of the total. About 21,000 of the affected drivers are in California. The company has several hundred thousand drivers altogether.

It's in the process of notifying the affected drivers and advised them to monitor their credit reports for fraudulent transactions and accounts. It said it hadn't received any reports yet of actual misuse of the data.

Uber will provide a year of free identity protection service to the affected drivers, it said, which has become fairly standard for such breaches.

The company said it had filed a "John Doe" lawsuit Friday to help it confirm the identity of the party responsible for the breach.

16.00 | 0 komentar | Read More

Hackers exploit router flaws in unusual pharming attack

An email-based attack spotted in Brazil recently employed an unusual but potent technique to spy on a victim's Web traffic.

The technique exploited security flaws in home routers to gain access to the administrator console. Once there, the hackers changed the routers' DNS (Domain Name System) settings, a type of attack known as pharming.

Pharming is tricky to pull off because it requires access to an ISP's or an organization's DNS servers, which translate domain names into the IP addresses of websites. Those DNS systems are typically well-protected, but home routers often are not.

Security firm Proofpoint wrote in a blog post Thursday that launching the attack via email was a novel approach since pharming is normally a network-based attack.

"This case is striking for several reasons, not the least of which is the introduction of phishing as the attack vector to carry out a compromise traditionally considered purely network-based," the company wrote, adding that it showed "the continued pre-eminence of email as the go-to attack vector for cybercriminals."

A successful pharming attack means users can be diverted to a fraudulent website even when they enter a correct domain name. It also means an attacker can perform a man-in-the-middle attack, such as intercepting email, logins and passwords for websites, and hijacking search results, among other things.

Proofpoint said it detected about 100 phishing emails sent mostly to Brazilians who used either UTStarcom or TR-Link home routers. The emails purported to be from Brazil's largest telecommunications company.

They contained malicious links, and clicking one directed the victim to a server that attacked their router. The server was set up to exploit cross-site request forgery (CSRF) vulnerabilities in routers,

If the attack was successful, the hackers gained access to the administrator control panel of the router. They then entered default login credentials for the device, hoping that the user hadn't changed them

If that worked, they changed the router's setting to their own DNS server. Any computer connected to that router "would potentially have their computer query a malicious DNS server to look up any hostname on the Internet."

Although users are dependent on their router manufacturer to issue patches for CSRF flaws, there is another defense, which is old security advice: change the default password on your router.

16.01 | 0 komentar | Read More

D-Link remote access vulnerabilities remain unpatched

D-Link routers have several unpatched vulnerabilities, the worst of which could allow an attacker to gain total control over a device, according to a systems engineer in Canada.

Peter Adkins, who does security research in his free time, released details of the flaws on Thursday. Adkins said in a phone interview that he has been in intermittent contact with D-Link since Jan. 11 on the issues, but the company has not indicated when it might patch.

"I believe it's probably better for the end user to know that these exist than be completely in the dark for months on end while the vendor prepares patches," he said.

D-Link officials did not have an immediate comment.

Adkins published an extensive writeup of his findings on Github. The most serious problem is a cross-site request forgery vulnerability (CSRF), a type of Web application flaw, Adkins said.

The flaw can be exploited if an attacker can lure a user into visiting a specially-crafted malicious Web page that delivers a html form using Javascript, he said.

The form accesses a service running on the router called ncc/ncc2 which does not filter out malicious commands. The ncc/ncc2 service appears to handle dynamic requests, such as updating usernames and passwords, Adkins said.

As a result, an attacker can gain full access to the router, and perform actions such as launching a telnet service or changing a router's DNS (Domain Name System) settings, an attack know as pharming.

Changing DNS settings is particularly dangerous, as it means a victim who types in the correct domain name for a website in a Web browser can end up on a fraudulent one.

Many routers have a defensive mechanism that is designed to block CSRF requests. But Adkins said the D-Link models he tested do not have that capability.

Adkins also found other problems in the ncc/ncc2 service that involved accepting remote requests without authentication.

For example, he found he could access some diagnostic functions through the ncc/ncc2 service, which also could be abused to launch telnet. Adkins said he thinks that functionality might have been left in place so ISPs could run diagnostic tests on a router. But it still has nasty security consequences.

He also found it is possible to upload files to the file systems of the routers. That again is due to a fault in the ncc/ncc2 service, which allows for firmware upgrades to be uploaded using a HTTP POST request.

If a person tries to do that but isn't logged into the router, the device will display a warning. However, Adkins found that an uploaded file is written to the file system anyway before that warning is displayed.

Also, an uploaded file is stored in the same place where the system configurations are kept, which means an attacker could overwrite DNS settings.

"Although it will pop back and say you are not authorized, it will go ahead and write that to the file system anyway," he said.

Adkins said this attack will only work if WAN management is enabled, which allows someone to remotely log into a router and change its settings, he said.

Most users don't need that enabled and should shut it off, he said. But some router manufacturers have incorporated that capability as part of storage services they offer, Adkins said. Some routers have USB ports that allow consumers to plug in a hard drive to it and access content from it remotely.

Many D-Link routers could be affected by all of the flaws. Adkins confirmed D-Link's DIR-820L running firmware versions 1.02B10, 1.05B03 and 2.01b02 are vulnerable. He suspects other models of D-Link routers could be affected, which he lists in his advisory, but he has not tested them.

A router from Trendnet, the TEW-731BR, was also affected, but that vendor has patched, Adkins said.

16.01 | 0 komentar | Read More

Fresh from $532.9M win, Smartflash sues Apple again

Shortly after a jury in Texas awarded it US$532.9 million in damages in a patent dispute with Apple, patent company Smartflash has sued the iPhone maker again, this time to focus on newer Apple products.

"Apple has released new products that came out too late for inclusion in Smartflash's previous action against Apple," Smartflash's attorney Bradley W. Caldwell said in an email Thursday.

The company sued Apple and others in May 2013 in the U.S. District Court for the Eastern District of Texas, Tyler division, alleging that iTunes software infringed on six of its patents related to serving and managing access to data.

The jury found earlier this week that Apple infringed three Smartflash patents in order to produce and sell its popular iTunes software. It also found the three Smartflash patents to be valid. Smartflash had asked for $852 million in damages.

The new lawsuit in the same court alleges that Apple has infringed Smartflash's seven patents in its iPhone 6, iPhone 6 Plus, iPad mini 3, and iPad Air 2 devices containing any version of iTunes that can access the iTunes Store or any version of the App Store app. The additional seventh patent in this suit, US Patent No. 8,794,516 was awarded to the company in August last year.

The complaint also alleged that Apple infringes Smartflash's patents, all titled "Data Storage and Access Systems," in its internal servers, including those involved in operating the iTunes Store including App Store, in-application payment functionality, content via iCloud and the iAd advertising platform.

Apple could not be immediately reached for comment on the new suit. "We refused to pay off this company for the ideas our employees spent years innovating and unfortunately we have been left with no choice but to take this fight up through the court system," Apple said in a statement after the jury decision.

The new lawsuit asks the court to award damages for the alleged infringement as well as an injunction. It asks for a compulsory ongoing licensing fee if a permanent injunction to prevent future infringement is not granted. Smartflash has asked for a trial by jury.

The Tyler-based technology development and licensing company claimed in both suits that company founder Patrick Racz, one of the co-inventors of the patents-in-suit, met with various people at Gemplus, now Gemalto, to discuss the technology claimed in the patents cited in the suit. Augustin Farrugia, who later joined Apple and is now its senior director, was one of the people at Gemplus who learned of the technology of the patents, according to the complaint.

16.01 | 0 komentar | Read More

Samsung faces complaint in US FTC over Smart TV 'surveillance'

A complaint filed by a privacy group to the U.S. Federal Trade Commission charged that Samsung's Smart TVs intercept and record private communications of consumers in their homes, violating a number of rules including the Children's Online Privacy Protection Act.

The Electronic Privacy Information Center has asked the FTC to investigate and stop the practice by Samsung of collecting private communications and transmitting the recordings to a third party.

The group, which was involved in FTC privacy cases that led to settlements with Google and Facebook, has also asked the agency to investigate other companies engaged in similar practices as those of Samsung.

The South Korean company's privacy policy for its Smart TV came under criticism as it cautioned customers to "please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition."

Alleging violation of the FTC Act, EPIC said users were not typically aware that Samsung Smart TVs would record and transmit over the Internet their private conversations.

Users are "so outraged" by the company's recording and transmission practices that they are calling for class action lawsuits, it added.

These users of the TVs could "not reasonably avoid being aware of Samsung's failure to encrypt all recorded voice transmissions," added EPIC, citing findings by a researcher on this issue.

Samsung also markets its Smart TVs to children under the age of 13, and records children's voices as part of its practice of collecting and transmitting conversations in the home to a third party, thus violating COPPA rules that require getting parental consent for the collection and transmission of children's voices, according to the filing.

Samsung has defended itself stating that the TV will collect interactive voice commands only when the user makes "a specific search request to the Smart TV by clicking the activation button either on the remote control or on your screen and speaking into the microphone on the remote control." It identified Nuance Communications as the processor for voice-to-text recognition.

Users can disable data collection for voice recognition though that would prevent using some of the voice recognition features in the TVs, it added.

EPIC holds that Samsung's voice technology violates the Electronic Communications Privacy Act, which prohibits the "interception and disclosure of wire, oral, or electronic communications."

Samsung did not respond on Thursday to a request for comment on the EPIC complaint.

U.S. Senator Al Franken asked Samsung and LG Electronics earlier this month to explain their privacy policies, including whether it was necessary for the companies to collect personal communications in order to operate the voice recognition feature.

16.00 | 0 komentar | Read More

Google AI program masters classic Atari video games

Scientists at Google have produced an artificial intelligence program that can ace classic Atari video games.

The Deep Q-network (DQN) developed at London-based AI firm DeepMind, which was acquired by Google last year, can teach itself to play Atari 2600 video games using only the score and the pixel display as input information.

In a study published in the journal Nature, Demis Hassabis and other Google DeepMind collaborators said the program was able to surpass the performance of previous algorithms on most of the 49 games it tested on. It was also able to match the skill of a professional human games tester.

The program did not know the rules beforehand and was armed only with the motivation to maximize its score and the ability to learn from previous gaming sessions. It was able to excel at games including Video Pinball and Breakout, through the use of an algorithm that aims to imitate aspects of human thinking and learning.

The scientists used an approach known as reinforcement learning, which involves offering rewards as motivation for an AI system to learn. They combined that with a kind of artificial neural network, called a deep neural network, which makes use of various computational layers to represent increasingly abstract representations of data.

The team focused on a biologically inspired architecture known as a deep convolutional network, an approach similar to that taken by University of Maryland scientists who have been getting robots to teach themselves to cook by watching videos on YouTube.

The DQN algorithm did well on a variety of games, including side-scrolling shooter games, boxing matches and 3D car racing. It was also able to achieve more than 75 percent of the human score in 29 of the 49 games.

More significantly, however, it was able to learn strategy over many sessions. After 600 sessions playing Breakout, it learned the winning strategy of tunneling behind a wall of bricks that the player must destroy. It repeatedly sent the ball into the tunnel so it bounced around, destroying many bricks.

It's not the first time algorithms have been trained to play video games with minimal input, and DQN fared poorly on games such as Montezuma's Revenge, which requires a long-term planning strategy.

But the researchers said a single architecture has been shown to be able to learn and adapt when faced with various gaming challenges. They view it as another step in building effective, general-purpose AI programs.

"Taken together, our work illustrates the power of harnessing state-of-the-art machine learning techniques with biologically inspired mechanisms to create agents that are capable of learning to master a diverse array of challenging tasks," the authors wrote.

16.00 | 0 komentar | Read More

Sharp fights fraud with old-school landline phones

Be it telegrams or feature phones, Japan can't bear to part with yesterday's technology.

Now Sharp is launching a pair of old-school landline phones designed to counter a growing form of fraud in Japan that preys upon elderly Japanese.

The "ore ore" ("it's me, it's me") fraud involves scammers who try to trick seniors into handing over money by calling them up and pretending to be their grandchildren in an emergency and requiring money. Victims are typically convinced to send money via ATM.

While it may be difficult to imagine being fooled by such a ruse, it has proven very lucrative, netting criminals ¥17.4 billion (US$146 million) in 2014, up from ¥14.5 billion in 2007, according to National Police Agency data.

Sharp's new UX-AF90CL fax phone, launching Friday, and JD-AT80CL landline cordless phone, out March 13, are designed to alert seniors to the dangers of unknown callers. When they receive calls from numbers that are not registered in the phone's internal memory, their LED bars glow red and the phones go into anti-scam mode.

An automated message then tells the caller that the call is being recorded and asks for the caller to state his or her name before the call is answered. Sharp believes that the threat of recording will scare off many fraudsters.

Users can easily register or block callers at the push of a button. When a registered caller phones again, the LED bar glows green. The phones can be set to reject calls from anonymous callers, and play audio warnings to users to beware of scammers and seek help if they suspect fraud.

Japan has a rapidly aging population, and demographic trends suggest roughly 40 percent of Japanese will be 65 years old or over by 2040. Meanwhile, about 70 percent of people in Japan who buy landline phones are over 60 and most phone scams target those kinds of phones, a Sharp spokeswoman said.

Retailing for around ¥30,000, the fax phone reflects the continuing popularity of home fax machines, a commonly seen product in Japan's electronics stores. The cordless phone will sell for around ¥16,000.

16.00 | 2 komentar | Read More

How IBM analyzes Twitter for the enterprise developer

Capturing public conversations around the world in real time, Twitter could be a valuable source of intelligence for the business world, so IBM is creating new ways to derive potentially valuable information from this massive, sprawling data set.

At the IBM InterConnect conference, held this week in Las Vegas, company executives detailed how it is repackaging Twitter data for reuse and analysis, capitalizing on a deal struck with Twitter in October to access all the messages posted on the service.

"Developers now have the ability to get collective insights and intelligence from hundreds of millions of people," said Linda Hunt, IBM business leader for the company's Watson analytics services, during the presentation.

The curated Twitter data also provides a handy example of how enterprises could use IBM's new cloud analysis services to get more from other large data sets, both their own and from others.

With the Twitter partnership, IBM can "take this huge amount of information and offer it to developers as a drink," said Damion Heredia, IBM vice president of cloud platform services product management, in a follow-up interview. "You can sample the data, decorate it, plug it into Watson, push it onto mobile devices."

Of course, developers could access Twitter's APIs (application programming interfaces) directly, but IBM has done considerable work to make it easier to analyze the data and pipe it into other applications.

Twitter users create anywhere between 1 and 5 billion Twitter messages a month. Rather than store all of these dispatches, IBM saves and indexes a representative sample of around 10 percent of the tweets. Each message is annotated with additional information, such as the location and gender of the users. The company will keep a two-year backlog of these selected Twitter messages, said Thomas Schaeck, IBM distinguished engineer, during the presentation.

IBM provides a set of API calls for querying this dataset on Bluemix, a set of platform services for building cloud applications. A rich set of Boolean operators can parse data in myriad ways. A set of Twitter messages, for instance, could be filtered to specific periods of time, or by particular geographies.

When the user requests to download a set of Twitter messages, they are delivered in the JSON format (JavaScript Object Notation), making them easily digestible by other Bluemix services or by other software.

Schaeck showed how to pipe the results of a Twitter query about the popularity of current movies to the Bluemix data warehousing service, DashDB. Using DashDB, Twitter messages about the movies could then be categorized by the U.S. state in which they originated.

A movie distributor could use such data, Schaeck theorized, to determine which states should get additional advertising to promote its movie.

Other Bluemix services could also be used with the Twitter data, Schaeck said. It could be analyzed with the R statistical programming language, and the results could be presented on a Web page using the Node.js runtime and the D3.js visualization library.

IBM has also incorporated Twitter data into Watson Analytics. This cloud based analysis service could, for instance, determine if a user or a topic on Twitter is regarded by the public in a largely positive light or in a largely negative light, or with ambivalence.

A company could use such sentiment analysis, as it is called, to monitor the popularity and likability of its brands, Hunt said.

Organizations could derive much useful information organizations from Twitter, said Donnie Berkholz, senior analyst for IT research firm Red Monk, who was in the audience.

Berkholz himself analyses Twitter data for work, often looking for trends around IT conferences and product announcements.

Analyzing Twitter messages emanating from a 2013 VMworld conference, Berkholz found that the IT practitioners attending the conference were more interested in current product details, whereas the IT "pundits"—those not directly involved in the maintenance of IT—were more interested in product roadmaps and other abstract concerns.

Using Twitter data, he said, "could be useful for understanding consumer sentiment."

16.00 | 0 komentar | Read More

Uber's loyalty deal with Starwood Hotels could boost global growth

Uber likes to promote its service as an easy way to get from point A to point B with a smartphone. Now the company wants to reward you for making one of those points a hotel.

The ride-hailing service is teaming up with Starwood Hotels & Resorts to boost the use of its app among the well-traveled crowd. Through the partnership, members of Starwood's guest loyalty program can link their accounts with Uber accounts and earn Starwood credits whenever they take an Uber ride. They'll earn more credits if they take the ride while staying in one of the hotel company's 1,200 properties in 100 countries.

The arrangement goes into effect Wednesday, marking Uber's first partnership of this sort with a hotel operator.

Starwood, one of the world's largest hotel companies, operates brands including W, St. Regis, Westin and Le Meridien. Given its international reach, the partnership could help to expose Uber's app and expand its use across the world. Starwood's hotels are located in more than 70 percent of the markets where Uber operates.

The partnership will make the Uber experience better for riders, said Jonathan DiOrio, head of travel partnerships for Uber.

Financial terms of the partnership were not disclosed, though the investment each company has made is "non-trivial," DiOrio said.

For Uber users, taking part requires a couple of steps. First, participants must be members of Starwood's preferred guest loyalty program; enrollment can be done online for free. And participants have to stay in a Starwood hotel this calendar year before the rewards start to kick in.

Users can link their Uber and Starwood accounts at SPG.com/Uber. The linking works for both iOS and Android.

Uber riders will earn 1 Starwood point for every dollar they spend with the Uber app. If the ride is taken during a hotel stay, riders will earn between two and four points per Uber dollar spent, depending on what kind of loyalty account they have.

Starwood points—for people who rack up thousands of them—can be redeemed for free nights at hotels, and other discounts and rewards.

Uber already has partnerships with other companies like Spotify, to let people create custom playlists for their rides, and American Express, for membership rewards. But the Starwood deal is the first partnership of its kind for Uber, DiOrio said.

To kick off it off, Uber is hotel-ifying a fleet of its cars this coming Saturday in five cities: San Francisco, Mexico City, New York, London and Dubai. Users who link their Starwood and Uber accounts in those cities will be able to request, say, a special car inspired by the W hotel chain.

What does that mean? Uber describes it thusly: "A blend of iconic design and contemporary luxury will immerse riders in an extraordinary experience featuring LED mood lighting, music inspired by W, and a Bliss Spa travel pack."

16.00 | 0 komentar | Read More

Sony users unable to access popular services like Hulu, Netflix

Viewers complained Tuesday that they were unable to access some of their favorite online streaming services like Netflix and Hulu from smart devices made by Sony.

Samsung's service was also apparently affected, according to users on Twitter.

Netflix said on its Twitter feed that it was aware that viewers in the U.S. and Canada are having problems streaming on some Sony devices, and said it would be back up soon. It reported hours later that the streaming issues had been resolved.

One viewer wrote that she was unable to access Netflix using a Sony Blu-ray player, and kept getting the message, "the network connection cannot be reached" despite being connected to the Internet.

Hulu also referred a user of a Blu-ray disc player to Sony as it said the consumer electronics company "is experiencing difficulties."

Some Sony Bravia smart TV users also reported connectivity problems.

Users suggested that the outage was because of problems with servers that handle streaming services.

Sony confirmed on its Twitter feed that it was aware of an issue and is working to resolve it as soon as possible. It did not specify the nature of the problem.

Samsung did not immediately comment. Its Smart Hub is a smart TV platform that lets users search and access content including apps.

Sony in Japan said it could comment only after checking with colleagues in the U.S.

It is not clear how many countries were affected by the outages, though users from the U.K., Argentina and the Netherlands were reporting issues, suggesting that the problem was not limited to the U.S.

Sony Pictures Entertainment was hacked last year and its online service PlayStation Network faced a distributed denial of service attack on Christmas Day, but on Tuesday there appeared to be no claims by any group that the Sony Entertainment Network, a hub for third-party streaming services to TVs and other devices, had been hacked.

[Tim Hornyak in Tokyo contributed to this report]

16.00 | 0 komentar | Read More

ARM, IBM offer starter kit for making IOT devices

ARM and IBM want hobbyists to make their own connected devices in a matter of minutes with a new development kit announced Monday.

The ARM mbed IoT Starter Kit—ethernet Edition will allow users to make cloud-ready Internet of Things products that could receive or transmit data for analysis or alerts. The development kit will come with ARM's mbed OS and connect into IBM's BlueMix cloud, which will help in the development of applications and services.

The kit is for those with little to no experience in embedded or Web development. Prototype designs will guide enthusiasts through the process of making a device and connecting to IBM's BlueMix cloud service.

The starter kit will get data from "the on board sensors into the IBM cloud within minutes of opening the box," said the product page on ARM's website.

ARM and IBM hope to cash in on the mass adoption of IOT, which has led to a mesh of interconnected devices used in smart homes, smart city implementations and enterprises. The devices, which could range from weather sensors to health devices, already number 1.2 billion, and could touch 5.4 billion by 2020, according to a recent study by Verizon.

The IOT market is currently fragmented with a wide variety of hardware, operating systems and communication standards in use. Through the developer kit, ARM and IBM want to bring a level of consistency in hardware and software across IOT devices. Beyond making it easier for devices to talk one another, the developer kit could make it easier to push or pull data out of a larger number of cloud services.

The development kit includes a board with a Freescale K64F Kinetis microcontroller, which has an ARM Cortex-M4 processing core running at 120MHz. An ethernet connection links the board to IBM's BlueMix cloud service, which then acts as a guide on how to use the board. Other components on the board include a 128 x 32 graphics LCD, 256KB RAM, 1MB of flash storage, a speaker, a five-way joystick, temperature sensor, accelerometer, potentiometers and a PWM (pulse-width modulation) control line to receive digital signals.

The starter kit has ethernet for connectivity, but there's a possibility it may also include cellular or Wi-Fi in the future, ARM said in a statement.

ARM didn't provide details on the pricing or availability of the starter kit. The first devices resulting from the development kit are expected to be released later this year.

16.00 | 0 komentar | Read More

Telegram dimisses claim of a flaw in its secure messaging application

Telegram, a messaging application that markets itself as a secure communication tool, doesn't handle encrypted conversations securely, according to the founder of a mobile security company.

Zuk Avraham of Zimperium wrote in a blog post Monday that he found several weak points that allowed him to recover plain text messages.

Avraham didn't try to directly crack messages encrypted by Telegram, which is backed by Pavel Durov, founder of the popular Russian social networking site Vkontakte. Instead, Avraham focused on an alternative attack using a kernel exploit to gain root access on an Android device and then looking at how Telegram handled messages in memory.

Telegram spokesman Markus Ra contends that Avraham's attack is one that no application can defend against.

"If you assume that the attacker has root access—no app can be secure," Ra said via email. "For example, in order to show anything on the screen, you need to put it [in] the device's memory. An attacker with root access can simply read your device's memory."

System-level vulnerabilities such as the one used by Avraham for his research can only be fixed by an OS manufacturer, Ra said.

Attackers are more likely to try and find an OS-level flaw, which would then allow them to probe apps on the phone, Avraham argued in his post.

For his research, Avraham used a device running an older version of Android, 4.2.2. His attack used an application vulnerability that allows an attacker to gain higher level privilege through the Android kernel exploit, CVE-2014-3153, the so-called TowelRoot exploit.

He then looked at how Telegram stores its "secret chat" communications. Telegram doesn't implement end-to-end encryption on all messages by default. Users must initiate a secret chat to ensure messages are encrypted from the point of creation until they're decrypted on a recipient's device.

Avraham dumped Telegram's process memory and looked for traces of messages he created. He found the words he'd written in Telegram stored in clear text.

"Any attacker that gains access to the device can read the messages without too much effort," Avraham wrote.

Further investigation showed secret chats stored in a file called "cache4.db" in Telegram's "files" folder, he wrote. The supposedly secret messages were also there in clear text.

Avraham then set out to see if he could recover messages that had been deleted. He wrote he was still able to find a deleted conversation in memory.

Telegram was notified by Zimperium of the problems on Jan. 18. Avraham wrote that his company contacted Telegram three times over the next three weeks but received no response.

Zimperium has a policy whereby it will publicize some information related to a vulnerability after 30 days if the affected vendor has not responded.

16.00 | 0 komentar | Read More

Google to curb sharing of sexually explicit content on Blogger

Google will restrict from next month the public sharing of adult content on its Blogger platform.

After March 23, blogs that publicly share images and videos that are sexually explicit or show graphic nudity will be converted into private blogs for which access will be by invitation only.

Though no content will be deleted from these blogs, private content can only be seen by the owner or administrator of the blog and people who the owner has shared the blog with, according to a post on a Google support page.

"We'll still allow nudity if the content offers a substantial public benefit, for example in artistic, educational, documentary, or scientific contexts," according to the post.

For any blogs set up after March 23, Google may remove the blog or take other action if it includes adult content that breaches its rules.

A number of users said Monday on forums that they had received emails from Google advising them of the change in policy.

The company did not immediately comment on why it had changed its blogger content policy.

Its current rules allow adult content on Blogger, "including images or videos that contain nudity or sexual activity," but requires that the blogs be marked as 'adult' in Blogger settings. Blogs marked as adult are placed behind an 'adult content' warning when users access them.

The company, however, has a "zero-tolerance" policy on Blogger with regard to content that exploits children such as child sexual abuse imagery and content connected with pedophilia.

The move by Google has come in for criticism from many bloggers. "Set to private and by 'invitation only', our websites will be all but destroyed," wrote Derren Grathy, who described herself as a writer and webmaster of an adult content blog. "The fact that you haven't deleted our content is of grim consolation when you kill off our entire userbase!" Grathy added that she cannot invite individually hundreds of thousands of users.

16.00 | 0 komentar | Read More

Lenovo hit with lawsuit over Superfish snafu

Lenovo admitted to pre-loading the Superfish adware on some consumer PCs, and unhappy customers are now dragging the company to court on the matter.

A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with "fraudulent" business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware.

Plaintiff Jessica Bennett said her laptop was damaged as a result of Superfish, which was called "spyware" in court documents. She also accused Lenovo and Superfish of invading her privacy and making money by studying her Internet browsing habits.

The lawsuit was filed after Lenovo admitted to pre-loading Superfish on some consumer PCs. The laptops affected by Superfish include non-ThinkPad models such as G Series, U Series, Y Series, Z Series, S Series, Flex, Miix, Yoga and E Series.

Lenovo has since issued fixes to remove Superfish applications and certificates from PCs. Microsoft's Windows Defender and McAfee's security applications also remove Superfish since Friday.

Lenovo earlier admitted it "messed up" by preloading Superfish on computers. The software plugs product recommendations into search results, but can hijack connections and open major security holes, thus leaving computers vulnerable to malicious attacks.

The first complaints of Superfish on Lenovo's laptops emerged in September last year, but it became a real security issue when a hacker Marc Rogers pointed it out in a blog post.

Bennett, a blogger, purchased a Yoga 2 laptop to conduct business and communicate with clients. She noticed "spam advertisements involving scantily clad women" appearing on her client's website when writing a blog post for the customer. After seeing pop-ups on other websites, she assumed her computer had spyware or had been hacked, but then scoured the forums to notice similar behavior on other Lenovo laptops. She then rooted out the problem to be Superfish, which could intercept secure communication and leave computers vulnerable.

Superfish also used memory resources and took up Internet bandwidth, according to the court document.

Damages from Lenovo and Superfish are being sought as part of the lawsuit filed in the U.S. District Court for the Southern District of California.

A Lenovo spokesman declined comment on the lawsuit.

16.01 | 0 komentar | Read More

Edward Snowden documentary Citizenfour wins Oscar

A documentary on whistleblower Edward Snowden won the Oscar for the best documentary feature, in a shot in the arm for people worldwide protesting against alleged U.S. intrusions into the privacy of people in the country and abroad.

The 87th Academy Awards were held Sunday in Los Angeles and presents film awards in 24 categories.

Snowden, a former contractor of the U.S. National Security Agency, shook up the security establishment starting in June 2013, when he disclosed through newspapers that the agency was collecting in bulk phone data of Verizon's U.S. customers, the first of many revelations by him.

Subsequent disclosures also alleged that the U.S. had real-time access to content on the servers of Internet companies, which the tech firms denied, and also spied on top world leaders including German Chancellor Angela Merkel.

Last week, the Intercept cited documents from Snowden to allege that U.S. and British spies had hacked into the network of SIM cards maker Gemalto to steal encryption keys used to protect the privacy of cellphone communications.

Snowden went into hiding to avoid extradition and arrest, and is currently in Russia where he has obtained asylum. The documentary Citizenfour, named after the pseudonym used by Snowden in January 2013 to contact Laura Poitras, the activist director of the documentary, is the story of Snowden's disclosures from her eyes and that of journalist Glenn Greenwald, who received the classified documents in Hong Kong.

In the wake of the outcry following Snowden's revelations, U.S. President Barack Obama called for changes to NSA surveillance in January last year, with new privacy advocates assigned to a surveillance court and a move away from the bulk collection of telephone records.

But the changes have been slow, including because of delays by Congress to pass the necessary legislation. The USA Freedom Act, which would leave the data with telecommunications companies and restrict the search terms used by the NSA, was stalled last year in the Senate, despite White House backing for the legislation.

In a message released through the American Civil Liberties Union, Snowden said his hope "is that this award will encourage more people to see the film and be inspired by its message that ordinary citizens, working together, can change the world."

The ACLU's Executive Director Anthony D. Romero said the documentary has "helped fuel a global debate on the dangers of mass surveillance and excessive government secrecy."

16.01 | 0 komentar | Read More

Facebook, other tech firms face pressure from drivers over work conditions

Facebook and other tech companies in Silicon Valley are facing increasing pressure from its shuttle drivers to improve working conditions, amid concern about growing inequality in the area.

Loop Transportation drivers, who transfer Facebook employees to and from the company's Menlo Park, California campus, have reached an agreement with the contractor that, among other benefits, will increase their average pay to US$24.50 an hour from the current $18 an hour, International Brotherhood of Teamsters said Sunday.

The agreement will have to first be submitted to Facebook for approval as the paying client. The company could not be immediately reached for comment.

Loop drivers who work for Facebook voted in November to join Teamsters Local 853 in San Leandro.

"These are life changing improvements for these drivers that will allow them to live a more sustainable life, support their families, have decent health care and plan for the future," said Rome Aloise, international vice president and secretary-treasurer of Local 853, in a statement about the new agreement.  

The organization is now aiming to unionize the drivers of Compass International, which has service agreements with tech companies like Apple, Yahoo, eBay, and Zynga. The drivers for these companies are to vote on representation by the Teamsters later this week.

The use of underpaid contract staff by Silicon Valley companies for functions such as janitors, cooks, drivers and security guards has been criticized previously.

"These 'invisible' workers do not share in the success of the industry which they daily labor to keep running," according to a report in August last year by community labor organization Working Partnerships USA. It said that tech companies in Silicon Valley use underpaid black, Latino and immigrant workers, hired through contractors, as landscaping workers, janitors, cooks and security guards.

Google said in October it would employ on its payroll security guards, rather than have them placed by a contractor.

The tech industry in Silicon Valley has also been under pressure from civil rights groups, such as the Rainbow Push Coalition of civil rights leader Rev. Jesse Jackson, for not employing enough of blacks and Latinos in their staff. Microsoft said recently it was spending US$300 million to have more women and under-represented minorities in its staff by 2020.

16.00 | 0 komentar | Read More

Samsung promises yet another fix for slowed 840 EVO SSDs

Samsung's 840 EVO SSDs were among the cream of the solid-state crop in 2013, boasting fast speeds and big-time storage capabilities at a (then) record low cost. But some buyers noticed a troubling occurrence: As time went on the drive's read performance could plummet, all the way down to sub-100MB per second speeds. That's a mammoth dip from the drive's claimed 520MBps maximum.

Fortunately, Samsung was able to identify the root cause of the problem—a combination of usual NAND cell degradation and an unusual NAND management issue—and issued a fix in Ocotber. Problem solved!

Not so fast. Some (but not all) previously affected users have reported seeing performance dip yet again after using Samsung's original patch. PC Perspective's Allyn Malventano rounded up numerous 840 EVO SSDs and found several drives with the issue, one of which he sent to Samsung for evaluation. Now, Samsung's released a statement to PC Perspective and AnandTech acknowledging that slowdown is still a problem for a small subset of 840 EVO users:

"In October, Samsung released a tool to address a slowdown in 840 EVO Sequential Read speeds reported by a small number of users after not using their drive for an extended period of time. This tool effectively and immediately returned the drive's performance to normal levels. We understand that some users are experiencing the slowdown again. While we continue to look into the issue, Samsung will release an updated version of the Samsung SSD Magician software in March that will include a performance restoration tool."

In other words, the initial fix isn't as much as a fix as it was originally thought. Samsung's still researching a more permanent solution, but releasing an update to (presumably, hopefully) kickstart the slow data on affected SSDs in the meantime. It's better than nothing, I guess, but here's hoping Samsung solves this puzzle sooner rather than later.

One upside: These performance issues have been isolated to the Samsung 840 EVO alone. The newer Samsung 850 Pro and 850 EVO SSDs, which use bleeding-edge vertical NAND technology, aren't affected. No matter what type of solid-state drive you use, PCWorld's ultimate guide to SSD management can help you keep it running faster, longer.

16.01 | 0 komentar | Read More

UNICEF, Airtel team up in Africa to widen access to free health, data analysis apps

UNICEF, the U.N. Children's Fund, has made its RapidPro suite of apps available to Airtel customers for free across the 17 African countries in which the telecom company operates.

The open-source family of applications is designed to help governments deliver rapid and vital real-time information and connect communities to lifesaving services. The apps offer health, education and youth-focused content.

By introducing the apps to Airtel users, UNICEF content will be more accessible and data-gathering across regions made easier. RapidPro makes data related to interactions on the platform available in Excel for analysis.

RapidPro also allows organizations to create personalized messages based on information collected from users, which could in turn increase response rates.

Launched originally last September, RapidPro was designed by UNICEF's global Innovations Labs in collaboration with Nyuruka, a Rwandan software development firm, based on eight years of experience with SMS-based applications.

Downloading a free RapidPro Android application creates an instant connection to the platform. Apps include: mHero, deployed in West Africa to help tackle the Ebola crisis; U-Report, used in Zambia to link people to the resources of the National AIDS Council; EduTrac, which tracks education indicators to help in decision-making; and Project Mwana, used in Zambia to deliver HIV test results, cutting turnaround time in half, to 33 days.

The next addition to the RapidPro platform will be RapidFTR, an Android forms-based data collection app developed in UNICEF's Innovation Labs in South Sudan and Uganda but originating in New York University's Design for UNICEF class.

Countries in which Airtel operates include: Kenya, Malawi, Madagascar, Rwanda, Seychelles, Tanzania, Uganda, Zambia, Burkina Faso, Chad, DRC, Congo, Gabon, Ghana, Niger, Nigeria and Sierra Leone.

16.01 | 0 komentar | Read More

US judge dismisses antitrust case against Google over Android apps

A U.S. federal judge has dismissed an antitrust lawsuit that charges Google harmed consumers by forcing Android handset makers to use its apps by default, but gave the plaintiffs three weeks to amend their complaint.

The two consumers who filed the suit failed to show that Google's allegedly illegal restrictive contracts on manufacturers of Android devices resulted in higher prices on phones, U.S. District Judge Beth Labson Freeman said in a Feb. 20 ruling.

The complainants, who were seeking class-action status for the lawsuit, said that Google required manufacturers including Samsung Electronics to set the search giant's own apps as default options on Android-based phones, restricting access to competing software such as Microsoft's Bing search engine. The complaint alleged that this practice limited competition in the search engine market, stifled innovation and resulted in higher prices for phones.

But Freeman ruled that the complainants failed to establish a link between software requirements and phone pricing, also noting that "there are no facts alleged to indicate that defendant's conduct has prevented consumers from freely choosing among search products or prevented competitors from innovating."

She gave the plaintiffs three weeks to amend the antitrust complaint, filed in U.S. District Court, Northern District of California.

Google faces allegations of anticompetitive behavior in a number of antitrust cases around the world. The most recent case involves Russian search engine company Yandex, which has accused Google of illegally forcing Android device manufacturers to install its own apps and exclude software from competitors. Yandex said on Feb. 18 that it had filed a complaint with the Russian Federal Antimonopoly Service (FAS) asking the authority to investigate Google for possible violations of Russian antitrust law.

16.01 | 0 komentar | Read More

Lenovo CTO admits company 'messed up,' publishes Superfish removal tool

Lenovo plans to release an automated tool that will remove the Superfish adware from affected PCs on Friday, said the company's chief technical officer, who admitted that Lenovo had "messed up."

Lenovo's CTO, Peter Hortensius, told PCWorld that the company has published instructions on how customers can remove the Superfish software themselves, but promised an automated solution by week's end. (Lenovo made the Superfish automated update tool available on Friday afternoon.)

"We're removing it as thoroughly as we possibly can," Hortensius said. For our own how-to guide on removing Superfish, see our previous story. For Lenovo's instructions, check out the PDF here.

"Going forward, we feel quite strongly that we made a significant mistake here, or we missed something here." —Lenovo CTO, Peter Hortensius

Superfish makes visual search apps for Android and iOS, including LikeThat Decor, Pets, and Garden. The tool identifies particular objects and tries to find similar images. In 2012, the company developed WindowShopper, a technology that allowed shoppers looking for a kitchen table online, for example, to find similar products elsewhere. On Lenovo's PCs, this software stepped in to search more than 70,000 stores to find similar items, according to a Lenovo customer posting.

The Superfish technology was preloaded on several Lenovo consumer PCs, but Lenovo halted the practice in January. Those PCs may have included:

• G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
• U Series: U330P, U430P, U330Touch, U430Touch, U530Touch 
• Y Series: Y430P, Y40-70, Y50-70
• Z Series: Z40-75, Z50-75, Z40-70, Z50-70
• S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
• Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
• MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
• YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW E Series: E10-30

Adi Pinhas, the chief executive of Superfish, said in an emailed statement that the company's software had not been active on Lenovo PCs since December. "It is important to note:  Superfish is completely transparent in what our software does and at no time were consumers vulnerable—we stand by this today," he wrote. "Lenovo will be releasing a statement later today with all of the specifics that clarify that there has been no wrong doing on our end."

Superfish has not been pre-installed on PCs from other manufacturers, Pinhas added.

Superfish

How the Superfish technology works.

Hortensius said that the Superfish software was opt-in, meaning that customers would have to approve its use. If they did so, however, the software stepped in to deliver its own ads. The real concern, however, is that it issued its own security certificates, resigning all SSL certificates presented by HTTPS sites with its own, This is also known as a man-in-the-middle attack.

"Going forward, we feel quite strongly that we made a significant mistake here, or we missed something here," Hortensius said. "We have procedures... where we asked the right questions, but we clearly didn't do a thorough enough job on this. And we're going to do a very deep investigation in what we do to make this better. We intend to do that work, and come back and let our users have input into what we need to do... and how we make sure we don't ever repeat this again."

"At the end of the day, we're seeing clearly that we messed up," Hortensius said.

Hortensius said that Lenovo and Superfish had a "minor commercial relationship," without specifying further. The Superfish adware has not been re-installed on Lenovo PCs, and Hortensius said that if it struck a similar deal, "it would not be for a very long time". Lenovo also pledged to talk to partners and industry experts, and announce more details on how it would deal with preinstalls by the end of the month.

With that said, Hortensius didn't rule out adware returning to Lenovo PCs. 

"I think you do this thing right, people like information and awareness," Hortensius said, when asked whether adware would be used again. "You do them wrong, it's obviously a disaster."

Updated at 4:37 PM on Feb. 20 with additional details, including the addition of the automated upgrade tool.

16.01 | 0 komentar | Read More

The Beam smart projector doubles as a light bulb

Developed by a Los Angeles-based startup of the same name, Beam is essentially an Android-based LED pico projector that can also serve as a smart LED light bulb. Screw it into an existing E26/E27 light socket or connect it to a power cable, the choice is yours.

It packs a 1.3GHz dual-core processor, 8GB storage, Wi-Fi, Bluetooth 4.0, 12 LEDs, and a couple of 2-watt speakers. Support for IFTTT (If This, Then That) means you'll be able to automate many of its operations—be they standalone, or those performed in conjunction with other devices—using a series of simple if-then statements. For example: If it's 9:00 PM on Sunday, then open YouTube.

As of press time, the Airplay- and Miracast-enabled device had secured more than $300 thousand in Kickstarter pledges, with $399 being the minimum that new backers need to fork out for a unit. Apparently, even this so-called "regular" Kickstarter price is a "lot less" than the as-yet undisclosed final retail price.

"With Beam you can watch TV on your bedroom ceiling, play games using your phone or a Bluetooth controller, project recipes on your kitchen counter, stream content from your network drive, listen to music through its speakers, play projected board-games on your dining table, show a presentation or even use it in a restaurant to show the menu and turn the walls into digital paintings," reads the projector's Kickstarter page.

According to the company, there is enough secret sauce in Beam to warrant a patent, and so it has filed for one. We are pretty sure they are not referring to the projector's rather pedestrian combo of 854-by-480-pixel resolution and 100-Lumen brightness. As for the size of the projected display, the device has a throw ratio of 1.6:1 (distance:width) and can project images up to 120-inches wide from a distance of 6.25 feet.

Why this matters : There's plenty to like about this whole idea of a networked projector that can interface with a wide gamut of devices, while also doubling as a stylish light bulb. And things might even get better, with the company now saying that it could "improve the resolution and any other specifications" before the beginning of the production phase. Let's hope that's exactly what it will do because the current resolution is so poor as to be a serious threat to Beam's marketability.

16.01 | 0 komentar | Read More

Bravo! Windows Defender, McAfee update fully removes Lenovo's dangerous Superfish malware

Microsoft's stayed mum during Thursday's uproar about Lenovo installing dangerous, invasive "Superfish" adware on new PCs —adware that hijacks all secure HTTPS connections on affected PCs. But early Friday morning, Redmond quietly issued a sly condemnation of Lenovo's folly, updating its Windows Defender antivirus solution to eradicate both the adware itself and the rogue self-signed certificate that allows Superfish to compromise encrypted web traffic.

Lenovo also said that it was working with McAfee to issue its own updates. 

"We are working with McAfee and Microsoft to have the Superfish software and certificate quarantined or removed using their industry-leading tools and technologies," Lenovo said in a statement issued Friday afternoon. "This action has already started and will automatically fix the vulnerability even for users who are not currently aware of the problem."

The update was first noticed by Cloudflare security engineer Filippo Valsorda, who also created the first website that checks to see if your computer is infected with Superfish. A Microsoft spokesperson confirmed that "Microsoft security software detects and removes the Superfish software from Lenovo devices."

Further reading: In a post Superfish world, it's time to hold PC vendors more accountable for adware. PCWorld is changing its review policies.

Windows Defender is Microsoft's homegrown antivirus solution, which is enabled by default in Windows 8. (Unless your PC vendor disabled it to activate a bundled AV solution by Norton, McAfee and their ilk, that is—as Lenovo often does. If so, here's how to reactivate Windows Defender.) As the default security solution for Windows 8 users, Microsoft's bold move should go a long way toward killing off the Superfish threat.

The Microsoft representative's statement also indicates that Microsoft's separate Security Essentials tool for past versions of Windows should wipe out Superfish. Microsoft's free antivirus solutions are the most-used antivirus tools, protecting more than a quarter of all PC users, according to a late 2014 report by Opswat.

Other security programs may well eliminate the Superfish adware itself, but not the rogue certificates it creates in the Windows and Firefox certificate managers. And one more warning: If you use Firefox, Windows Defender doesn't appear to wipe Superfish from the browser's independent certificate manager.

Check out PCWorld's guide to completely eradicating Superfish to make sure you truly wipe this rotten, stinking fish off your PC. I'd suggesting walking through the steps even if you use Windows Defender, just to make sure the site-hijacking certificates are truly gone.

Additional reporting by Mark Hachman This story was updated at 5:06 PM to add McAfee's participation.

16.00 | 0 komentar | Read More

The digital picture frame refuses to die (and here’s one that wants to hatch)

You probably don't care that someone is trying to build a better digital photo frame, but your non tech-savvy grandparents might. That's what prompted a startup called Timewyse to come up with Pigeon, a Wi-Fi enabled digital picture frame that stays updated with fresh photos and videos that you and your family upload to the cloud.

Timewyse is looking to raise $50,000 on Kickstarter. The startup's primary selling point is that Pigeon is a better digital frame than the one you gifted your mom and pop a decade ago, both because it's simpler to set up and easier to keep up to date. All the recipient needs to do is enter their home network's Wi-Fi password; or you can do it for them since it only needs to be entered once. After that, the onus falls on the gift giver to push updated content to the frame.

Up to 10 people can send photos and videos to Pigeon. This is accomplished by selecting a photo from your phone's camera roll and sending it to the accompanying Pigeon app, which is available for Android and iOS. Your photo is then uploaded to Pigeon's encrypted cloud and automatically sent to one or more desired frames. The upshot is that Nana can now enjoy new content on her digital frame's 10-inch display without having to figure out how to update it herself.

You and your siblings can each push photos and videos to multiple digital frames.

Each Pigeon frame comes with a hook and a magnetic back so recipients have the option of hanging it on the wall or slapping it on the refrigerator. It also has a motion sensor to prevent it from running all the time and prematurely draining the rechargeable battery. When there's new content to view, a green LED will blink. Finally, a pair of 2-watt speakers gives the Pigeon audio capabilities, so little Billy can verbally thank his grandparents for his birthday money.

Timewyse president Keith Beckley explains that he has experience building complex and intricate products and knows what to expect on the manufacturing side. Armed with that knowledge, the funds raised through Kickstarter will be used to source the necessary components, make refinements, purchase molds, and finish the software enhancements as Pigeon graduates from prototype to a finished product.

While it's not yet ready to ship, the good news for anyone interested in Pigeon is that the Kickstarter campaign can help take some of the sting out of the price tag. At the $119 reward tier, you'll receive the entry-level "Winkie" Pigeon frame valued at $159; at the $135 reward level, you can choose from one of five customized frames valued at $184 each. There's also a "White Vision" Pigeon frame available at the $180 tier that's valued at $205.

Why this matters: Enter "worst tech gift ideas" into your search engine of choice, and you'll find "digital photo frame" near the top of many of them. They've become the fruitcake of the tech world, but those criticisms typically don't take the gift recipient into account. Tech-savvy folks know all kinds of ways to share and display their favorite photos. Pigeon isn't aimed at us; it's targeting those of our relatives who don't have the same grasp on technology. Like the GrandPad tablet for seniors that we told you about earlier, Pigeon might be a better alternative to teaching someone how to use email, download files, and edit photos.

At the same time, Timewyse must be conscious of privacy and security concerns. We recently wrote about a cybersecurity report on connected homes being easy targets for hackers, and something like this could be yet another device to exploit. An ornery hacker could infiltrate Pigeon's infrastructure and push inappropriate photos and videos to Nana's frame. If someone isn't already handling it, a tech-savvy (and hopefully local) family member should volunteer to periodically insure that Nana's router has up-to-date firmware and secure passwords.

16.01 | 0 komentar | Read More

Yahoo courts developers at its first mobile conference

Mobile users have become a vital part of Yahoo's recovery effort, and on Thursday it tried to woo developers with new tools to help them build better apps using its services.

The company held its first-ever mobile developer conference in San Francisco on Thursday, where it unveiled tools that help developers collect data about their apps and make money from them using Yahoo advertising services.

Many of the tools come courtesy of Flurry, a mobile analytics and advertising company Yahoo acquired last year. Flurry now has more than 200,000 developers using it's tools, Yahoo CEO Marissa Mayer said Thursday. Yahoo hopes to get even more developers on board by giving them new ways to see how their apps are performing and by baking Yahoo advertising options directly into Flurry.

Developers who use Flurry can now use the service to incorporate Yahoo search into their apps, for instance. And a new tool called Flurry Explore makes it easier for developers to track how users move through their apps and tweak them to increase engagement.

More than 1,000 people attended the one-day conference, many of them small or independent software developers. Several expressed interest in the new tools, but said they need time to assess how useful they were.

"If they're easy to use like Yahoo says, lots more people might use Flurry," said Ashley Fernandes, who works on prototype app designs at Intuit.

Using Flurry, developers at Tempo AI, a smart calendar app, were able to see a steep increase in engagement after they changed how their app presents alerts. That data helped confirm the change was a good move, cofounder Thierry Donneau-Golencer said.

Flurry's analytics tools are free, but developers must pay if they want to advertise their apps in Yahoo's own mobile products. Developers can also have ads placed by Yahoo within their own apps.

The goal is a mutually beneficial partnership: developers get tools from Yahoo to attract more users and make money, and Yahoo gets to sell more ads and perhaps gather data about mobile users along the way.

Mayer has spent nearly two years rebuilding Yahoo's mobile products, which are a cornerstone of her efforts to make Yahoo a leader again in Silicon Valley.

"We're continuing to invest to make our own apps great, but we want to take what we've learned, including monetization, and make it more broadly available," Mayer said during a talk with the press.

Other developers at the show said they liked having the ability, within Flurry, to advertise their apps within Yahoo apps like Tumblr and the Yahoo News Digest. The ads, known as "native ads," are meant to mimic the content around them.

The event could build awareness of the tools Yahoo offers, said Philipp Kuecuekyan, an independent app developer.

But Yahoo needs more than awareness if it wants to be "the most partner friendly company in Silicon Valley," as Mayer put it Thursday. The company faces stiff competition for mobile developers from Facebook, Google and Twitter, which also provide tools for creating and monetizing apps.

"They've got their work cut out for them," said Nikhil Modi, CEO at Whiz Technologies, which places ads in publishers' apps. He pointed to Google's AdMob as a powerful competitor to Flurry.

But, he said, "it's good that Google's got competition."

16.01 | 0 komentar | Read More

Google launching YouTube for kids on Monday

Google is launching a version for kids of YouTube that will feature appropriate content and controls, in line with its strategy to redesign some of its products for use by this segment.

The free app, called YouTube Kids, will be available from Monday in the U.S. on Google Play, a Google spokesman said Friday.

Kids are seen as the next big opportunity for Internet companies. A number of kids are known to lie about their age to wrangle accounts on social networks.

Google did not comment on whether it would display advertisements to its young users. The company is discussing raising revenue from ads in the application, the Wall Street Journal reported.

"The big motivator inside the company is everyone is having kids, so there's a push to change our products to be fun and safe for children," Pavni Diwanji, vice president for engineering at Google, told USA Today in December. Google products have been made with adults in mind and need to be redesigned for kids, she added.

Google's move is, however, likely to come under scrutiny from both parents and regulators as the Children's Online Privacy Protection Act (COPPA) in the U.S. has strict rules on the mining of a child's personal information. Internet companies have to get the parent's verifiable consent before collecting, using or disclosing personal information from a child, according to COPPA rules.

The new app will filter out certain search terms on it, USA Today said in a report Thursday. If a child types in a word such as "sex," a message prompts the kid to try something else, the report said.

The app will give parents control over how much time the child can spend on it, according to sources. Parents will also have the ability to turn off search and sound. Channels and playlists will be organized into four categories: Shows, Music, Learning and Explore.

16.01 | 0 komentar | Read More

Revenge porn site operator faces at least two years in prison

Ringkasan ini tidak tersedia. Harap klik di sini untuk melihat postingan.

16.01 | 0 komentar | Read More

Google worried US could use amended warrant rule to search computers abroad

Google has opposed moves by the U.S. Department of Justice to extend the warrant issuing authority of magistrate judges to searches of computers in districts other than their own.

Innocuous as that may sound, Google is concerned that the proposed amendment would likely end up being used by U.S. law enforcement to directly search computers and devices anywhere in the world.

There is nothing in the proposed change to the Federal Rule of Criminal Procedure 41 that would prevent access to computers and devices worldwide, wrote Richard Salgado, Google's legal director for law enforcement and information security, in a blog post Wednesday.

The rule currently gives authority to a judge in a district to issue a warrant to search for and seize a person or property located within the district, with certain exceptions.

The amendment would allow a magistrate judge of the location, where activities relating to a crime may have occurred, the authority to issue a warrant "to use remote access to search electronic storage media and to seize or copy electronically stored information located within or outside that district," if the location of the media is concealed using technology or the media are protected computers that have been damaged without authorization and are located within five or more districts.

The little known Advisory Committee on the Federal Rules of Criminal Procedure proposed the amendment and the last day for comments was Tuesday. The move to amend Rule 41 has been opposed by a number of privacy and civil rights groups. Google also filed its comments.

The Department of Justice in a submission in 2013 argued that it is becoming difficult to identify the location of a computer suspected to be involved in a crime, as criminals are, for example, increasingly using anonymizing techniques. Criminals are also using multiple computers in multiple districts simultaneously and effective investigation and disruption of their schemes requires remote access to the Internet-connected devices in many districts.

The DOJ gave the example of a large investigation into a botnet of compromised computers under a central control that could require investigations in a large number of districts. Obtaining warrants in all the districts simultaneously would be practically impossible, it said.

The U.S. has diplomatic arrangements with many countries, called Mutual Legal Assistance Treaties (MLATs), for cross-border crime investigations. The repercussions of the amendment on relations with other countries should be addressed by the U.S. Congress and the President, not the Advisory Committee, Google said.

The definition of "remote search" and under what circumstances and conditions it can be undertaken are not specified by the amendment, according to Salgado. "It carries with it the specter of government hacking without any Congressional debate or democratic policymaking process," he added.

The reference to obscuring a location using technology would also bring under the amended rule a whole number of computers that use VPNs (virtual private networks), used by businesses like banks, online retailers and communications providers, according to Salgado. VPNs can conceal the actual location of a network, "and thus could be subject to a remote search warrant where it would not have been otherwise," he wrote.

16.01 | 0 komentar | Read More

This pirated movie brought to you by Pampers

Whether they know it or not, major advertisers are subsidizing online movie piracy, accelerating a trend in which illicit video streaming is eclipsing illegal P2P file sharing and downloading of copyrighted material.

That's according to an upcoming study commissioned by Digital Citizens Alliance, a nonprofit organization with the stated goal of making the Internet a safer place. The study is a follow-up to a February 2014 report that pegged the collective annual revenue of the nearly 600 illegal movie sharing sites it sampled at $227 million.

According to Variety, the report reveals that video streaming was the only piracy category to post annual revenue growth, even though the number of large streaming sites dropped by half from the previous year.

The bigger culprits are the legitimate online ad networks.

Speaking at last week's Digital Entertainment World conference, DCA Executive Director Tom Galvin cited the high CPM rates (cost per 1000 impressions) associated with video ads as the primary reason for this spike in revenue. Most of that income came from major brands placing video advertising on those infringing streaming sites.

Why this matters: Consumers are all too often blamed for movie piracy, but one of the key takeaways from this report is that consumers aren't the primary revenue source for these illegal streaming sites. The bigger culprits are the legitimate online ad networks that place video ads on those sites, and the companies whose ads wind up there.

Pampers, Tide, and Esurance were among the brands we saw advertised on the pirate site pictured above, and brands don't get more mainstream than that. While it could be argued that major companies such as these are relying on middlemen to place their ads, ignorance of whose pockets their advertising dollars are ending in up is no excuse. 

Last year, the DCA estimated that even some of the smaller pirate sites it looked at were collecting as much as $100 thousand a year from advertisements. Because those sites are paying zero dollars for the movies they're streaming, the vast majority of that revenue goes directly to their bottom lines. Hollywood should also look to the bankers and payment processors between the ad networks and the pirate sites, who are taking their own slices of this illegitimate pie.

Finally, Hollywood should take their customer's preferences into account. If people want to watch movies at home, why force them to find illicit ways of doing it? Make it easy, make it legal, and make some money!

16.01 | 0 komentar | Read More

What's in a typo? More evidence tying North Korea to the Sony hack

A security company in the U.S. has provided further evidence that last year's devastating hacking attack on Sony Pictures Entertainment was carried out by a group with ties to North Korea.

The FBI has already named North Korea as the source of the attack, but some security experts have been skeptical, in part because the FBI didn't disclose all the details of its investigation.

Security firm CrowdStrike is among those who believe North Korea was the culprit, and on Tuesday it presented another piece of evidence to support that claim.

CrowdStrike said it found similarities between the malware used against Sony and a piece of destructive code deployed in 2013 by a group it calls Silent Chollima, which has already been linked to several attacks on South Korea and the U.S.

Parts of the code used in each attack are almost identical in their structure and functionality, CrowdStrike CTO Dmitri Alperovitch said during a webcast Tuesday in which he described how the Sony attack was carried out. (A replay will be available here.)

What's more, he said, the malware used in both attacks contains the same typographical error in the same place, spelling "security" as "secruity."

CrowdStrike had already identified similarities between attacks by Silent Chollima and the one on Sony, including the use of destructive "wiper" malware and the way that code was deployed. But it hadn't described the similarities in the code itself.

The similarities are in a part of the malware that's used to spread the code through a network. The part that does the data-wiping is considerably more advanced in the malware used against Sony, Alperovitch said, suggesting it was a later version of the same program.

Malware sometimes get shared and reused in underground forums, but the source code for the 2013 attack and the Sony attack haven't been released publicly, Alperovitch said. So it's unlikely another group of hackers could have reverse-engineered the Secret Chollima code and reproduced it exactly, right down to the typo.

"Once you go through so many 'ifs' and 'buts,' it makes it highly implausible," he said.

The group that claimed responsibility for attacking Sony calls itself Guardians of Peace. Silent Chollima often uses different names during different attacks and may have done the same with Sony.

Other security companies, including Symantec, also have linked the Sony attack to North Korea.

"We're just providing more details and additional evidence to tighten up the case," Alperovitch said.

"There's been a lot of questions about the attribution for this case, and more public evidence will help people make up their own minds about who's really responsible," he said.

In December, the FBI publicly blamed North Korea for the attack, which led to reams of company data being published on the Web, including executives' emails and salary data, as well as unreleased movies.

16.00 | 0 komentar | Read More

Israel targeted by malware packaged with pornographic video

Israeli institutions have been targeted by an Arab-speaking hacker group that sought to extract sensitive documents, according to Trend Micro.

The campaign, which Trend called Operation Arid Viper, focused on sending phishing emails to targets. Those emails came with malware packaged with a short pornographic video, according to the company's report.

The phishing emails were sent to targets including a government office, infrastructure providers, a military organization and academic institutions in Israel and Kuwait.

The attacks "targeted professionals who might be receiving very inappropriate content at work and so would hesitate to report the incident," Trend wrote. "These victims' failure to act on the threat could have then allowed the main malware to remain undiscovered."

The malware then began hunting around on a victim's hard disk for Word, Excel, PowerPoint and text files. It reported the files to the command and control server, which then decided which files to steal.

The command-and-control servers used by Arid Viper were "closely locked down, providing very little hint that could aid our investigation," Trend said.

Trend found the Arid Viper attacks shared the same command-and-control infrastructure as another campaign it calls Advtravel, although the style of attacks are very different.

The company gained insight into Advtravel after a server connected with the operation was left open on the Internet.

"This allowed us to download copies of its entire content to study as part of our investigation before its owners realized their mistake and locked it down," the report said.

The Advtravel attackers infected more than 500 systems of mostly Arabs living in Egypt. They focused on stealing images from victims' computers, many of which were screenshots of Facebook profiles, perhaps in an attempt to identify victims.

"This could be a sign that they are looking for incriminating or compromising images for blackmail purposes," Trend wrote. "As such, the attackers may be less-skilled hackers who are not after financial gain nor hacking for espionage purposes."

Overall, the Advtravel attackers were much less skilled than Arid Viper. "They look like a classic group of beginner hackers just starting their careers," Trend said.

Trend did extensive research into the email addresses used to register domain names use for Arid Viper's command-and-control infrastructure as well as Advtravel, linking some possible actors to the Gaza Strip.

But it cautioned that such analysis was not definitive, as the attackers could have easily faked information required to register domain names.

16.00 | 0 komentar | Read More