At least 700,000 routers that ISPs gave to their customers are vulnerable to hacking

More than 700,000 ADSL routers provided to customers by ISPs around the world contain serious flaws that allow remote hackers to take control of them.

Most of the routers have a "directory traversal" flaw in a firmware component called webproc.cgi that allows hackers to extract sensitive configuration data, including administrative credentials. The flaw isn't new and has been reported by multiple researchers since 2011 in various router models.

Security researcher Kyle Lovett came across the flaw a few months ago in some ADSL routers he was analyzing in his spare time. He investigated further and unearthed hundreds of thousands of vulnerable devices from different manufacturers that had been distributed by ISPs to Internet subscribers in a dozen countries.

The directory traversal vulnerability can be used by unauthenticated attackers to extract a sensitive file called config.xml, which is on most of the affected routers and contains their configuration settings.

D-Link

The D-Link DSL-2750E ADSL modem was one of the devices identified as having a significant seccurity vulnerability. 

The file also contains the password hashes for the administrator and other accounts on the device; the username and password for the user's ISP connection (PPPoE); the client and server credentials for the TR-069 remote management protocol used by some ISPs; and the password for the configured wireless network, if the device has Wi-Fi capabilities.

According to Lovett, the hashing algorithm used by the routers is weak so the password hashes can easily be cracked. Attackers could then log in as administrator and change a router's DNS settings.

By controlling the DNS servers the routers use, attackers can direct users to rogue servers when they try to access legitimate websites. Large-scale DNS hijacking attacks against routers, known as router pharming, have become common over the past two years.

On some devices, downloading the config.xml file doesn't even require a directory traversal flaw; just knowing the correct URL to its location is enough, Lovett said.

Many of the routers have additional flaws. For example, around 60 percent have a hidden support account with an easy-to-guess hard-coded password that's shared by all of them. Some devices don't have the directory traversal flaw but have this backdoor account, Lovett said.

For about a quarter of the routers, it's also possible to remotely get a snapshot of their active memory, known as a memory dump. This is bad because the memory of such devices can contain sensitive information about the Internet traffic that passes through them, including credentials for various websites in plain text.

By analyzing several memory dumps, Lovett found signs that the routers were already being probed by attackers, mostly from IP addresses in China.

Most of the vulnerable devices he identified are ADSL modems with router functionality that were supplied by ISPs to customers in Colombia, India, Argentina, Thailand, Moldova, Iran, Peru, Chile, Egypt, China and Italy. A few were also found in the U.S. and other countries, but they appeared to be off-the-shelf devices, not distributed by ISPs.

ZTE Corp.

The ZTE-H108N is another ADSL modem suffering from the same security vulnerability. 

Lovett found the vulnerable routers through Internet scans and by using SHODAN, a specialized search engine for Internet-connected devices. According to him, 700,000 is a conservative estimate and only covers devices that can be targeted remotely because they have their Web-based administration interfaces exposed to the Internet.

There are likely many more devices that have the same flaws, but are not configured for remote management. Those can be attacked from within local networks, from example by malware or through cross-site request forgery (CSRF), a technique for hijacking a user's browser to perform unauthorized actions.

The affected device models include ZTE H108N and H108NV2.1; D-Link 2750E, 2730U and 2730E; Sitecom WLM-3600, WLR-6100 and WLR-4100; FiberHome HG110; Planet ADN-4101; Digisol DG-BG4011N; and Observa Telecom BHS_RTA_R1A. Other vulnerable devices had been branded for specific ISPs and their real make or model number couldn't be determined.

However, Lovett found one commonality: the vast majority of affected routers were running firmware developed by a Chinese company called Shenzhen Gongjin Electronics, that also does business under the T&W trademark.

Shenzhen Gongjin Electronics is an OEM (original equipment manufacturer) and ODM (original design manufacturer) for networking and telecommunications products. It manufactures devices based on its own specifications, as well on the specifications of other companies.

According to a search on WikiDevi, an online database of computer hardware, Shenzhen Gongjin Electronics is listed as manufacturer for networking devices from a large number of vendors, including D-Link, Asus, Alcatel-Lucent, Belkin, ZyXEL and Netgear. It's not clear how many of the listed devices also run firmware developed by the company that might contain the vulnerabilities identified by Lovett.

It's also unclear if Shenzhen Gongjin Electronics is aware of the flaws or if it has already distributed patched versions of the firmware to its partners.

The company did not respond to a request for comment and according to Lovett, his attempts to notify the company went unanswered as well.

The researcher also notified the affected device vendors that he managed to identify, as well as the United States Computer Emergency Readiness Team (US-CERT).

He disclosed some of his findings Wednesday at a security conference in the U.K. as part of a larger presentation about vulnerable SOHO embedded devices—routers, network attached storage appliances, IP cameras, etc. 

This story was updated after publication. 

16.00 | 0 komentar | Read More

Leaked US antitrust report on Google adds weight to rivals' complaints

A leaked report by staff at the U.S. Federal Trade Commission paints an ugly picture of Google as a bullying monopolist and adds credence to complaints from rivals who have long criticized its business practices.

The report, which was mistakenly provided to the Wall Street Journal as part of a public records request, reveals that FTC staff concluded in 2012 that Google's business tactics had caused "real harm to consumers and to innovation," and the staff recommended a lawsuit against the company.

The FTC's commissioners ultimately decided not to take action and closed their investigation of Google. But the conduct described in the 160-page critique paints a damaging picture of the company and seems to vindicate rivals such as Yelp that have complained about its tactics.

The findings reveal, in staggering detail, the lengths to which Google went to maintain its dominance in search and bolster its lucrative advertising business.

Google typically ranks sites based on metrics like the number of links that point to a site and how often users click on those links. But at times the company boosted links to its own properties even when rival services might have better served its users, according to the report.

If a comparison shopping site from a competitor should have ranked highest, for instance, Google Shopping was sometimes placed above it. And when Yelp was deemed a more relevant result, Google Local would appear on top, the FTC staff wrote.

Google also copied, or "scraped," content from rivals such as TripAdvisor and Amazon.com, and threatened to remove those sites from its search listing if they objected, the Journal reported. In one instance, Google used Amazon's sales rankings to determine how it ranked products for its own listings, it said.

In so doing, Google sent a message that it would "use its monopoly power over search to extract the fruits of its rivals' innovations," the FTC staff wrote.

The evidence paints "a complex portrait of a company working toward an overall goal of maintaining its market share by providing the best user experience, while simultaneously engaging in tactics that resulted in harm to many vertical competitors, and likely helped to entrench Google's monopoly power over search and search advertising," the FTC staff wrote.

In a statement Thursday attributed to Kent Walker, Google's general counsel, Google said its competitors are thriving and that consumers have "more choice than ever before."

"After an exhaustive 19-month review, covering nine million pages of documents and many hours of testimony, the FTC staff and all five FTC Commissioners agreed that there was no need to take action on how we rank and display search results," Walker said. "Speculation about potential consumer and competitor harm turned out to be entirely wrong."

Yelp refers to itself today as the 'de facto local search engine,' he noted, and has grown dramatically in the last four years.

Still, the staff report paints a damaging picture of a company that once pledged to "do no evil."

According to the staff report, Google responded to the FTC's concerns by giving rivals the choice to opt out of having their content used in its listings, but to remain in its core search engine.

In advertising, they concluded, Google violated antitrust law by restricting advertisers from running campaigns on rival search engines like Bing or Yahoo. Specifically, it blocked advertisers from using data gathered from Google ad campaigns to run campaigns on other sites. The commission did not secure commitments from Google to change its policies here, the Journal reported. One FTC commissioner cited a lack of evidence.

For its investigation, the FTC collected 9 million pages of documents from Google and other parties, and took sworn testimony from Google executives.

The FTC staff conceded there would be "many risks" in bringing a lawsuit against Google, the Journal reported, including the "substantial innovation" that Google would be able to demonstrate had taken place, and the intense competition it faces from Microsoft and others.

The Journal said it had viewed parts of the report after the FTC inadvertently disclosed it as part of a Freedom of Information Act request. The FTC declined to release the remainder of the report and asked the Journal to return the document, but the Journal did not.

The agency closed its investigation of Google in 2013, after the company agreed to make changes to some of its practices. Findings by the FTC staff helped to inform the FTC commissioners' final decision.

Meanwhile, Google has continued to expand its own services. Just this week it announced more comprehensive listings for hotel searches, and earlier this month it launched a new service to shop for car insurance in California, with other states on the way.

16.00 | 0 komentar | Read More

To avoid NSA, Cisco gear gets delivered to strange addresses

One of the most successful U.S. National Security Agency spying programs involved intercepting IT equipment en route to customers and modifying it.

At secret workshops, backdoor surveillance tools were inserted into routers, servers and networking equipment before the equipment was repackaged and sent to customers outside the U.S.

The program, run by the NSA's Tailored Access Operations (TAO) group, was revealed by documents leaked by former NSA contractor Edward Snowden and reported by Der Spiegel and Glenn Greenwald.

It was one of many revelations about the NSA that caused widespread suspicion that U.S. technology products shouldn't be trusted, even if companies strenuously denied helping the agency.

And it appears some Cisco Systems customers have since taken steps to prevent NSA tampering.

The company has shipped equipment to addresses that are unrelated to a customer, said John Stewart, Cisco's chief security and trust officer, on Wednesday during a panel session at the Cisco Live conference in Melbourne.

In theory, that makes it harder for the NSA to target an individual company and scoop up their package. But supply chains are tough to secure, Stewart said, and once a piece of equipment is handed from Cisco to DHL or FedEx, it's gone.

Still, the risk of such tampering is pretty low for most customers. Cisco has been working on better ways for customers to verify the integrity of the systems it ships, but there will always be certain amount of risk that can't be mitigated, Stewart said.

"If a truly dedicated team is coming after you, and they're coming after you for a very long period of time, then the probability of them succeeding at least once does go up," Stewart said. "And its because they've got patience, they've got capacity and more often than not, they've got capability."

One of the leaked Snowden documents, dated June 2010, has two photos of an NSA interdiction operation, with a box that said Cisco on the side.

The document, labeled top secret, goes on to say that supply-chain interdiction operations "are some of the most productive operations in TAO, because they pre-position access points into hard target networks around the world."

In May 2014, Cisco CEO John Chambers sent a letter to President Barack Obama, arguing that the NSA's alleged actions undermine trust with its customers and more broadly hurt the U.S. technology industry. Cisco also asserted that it does not work with any government to intentionally weaken its products.

During the roundtable on Wednesday, Stewart was asked if Cisco ever identified any strange hardware put inside any of its products.

"No, we couldn't, because the only people who would know that for sure is the NSA," Stewart responded.

(Adam Bender of Computerworld Australia contributed to this report.)

16.00 | 0 komentar | Read More

Everything you need to know about DLNA: The de facto home-entertainment network standard

If you've ever watched the photos on your digital camera come alive on your TV or played the music files on your computer over your home theater system, you've brushed against the magic of DLNA. This widely integrated but little understood technology allows you to stream media files from a hard drive or memory card to other devices on your home network without your needing to know a whole lot about codecs, file formats, or even how your network operates.

DLNA stands for Digital Living Network Alliance, the trade group founded by Sony in 2003 to define the interoperability guidelines that make this communication possible. Prior to DLNA, setting up a home-entertainment network was an arduous process of gathering IP addresses and configuring each component to talk to the others with no guarantee of success. DLNA simplified the process by establishing a single protocol that ensured DLNA-certified multimedia devices from different manufacturers would work together.

How it works

DLNA separates multimedia devices into 10 certified classes subdivided into three broad categories: Home Network Devices (PCs, TVs, AV receivers, game consoles), Mobile Handheld Devices (smartphones, tablets, digital cameras), and Home Infrastructure Devices (routers and hubs).

A device's class is determined by its functional capabilities—whether it stores, controls, or plays media—rather than the type of product it is. So it's possible (even common) for a device to fall into more than one class. Some DLNA-certified TVs, for example, can be classified as both a Digital Media Player—meaning it can locate and play media from other devices—and a Digital Media Renderer—because media can be pushed to it by an external controlling device.

Yamaha

A modern AV receiver that supports DLNA can stream movies, music, and digital photos from a storage device attached to your home network to your smart TV.

All DLNA-certified devices use Universal Plug and Play (UPnP) to discover and talk to each other on the network. When you connect one to your router, it should automatically appear on any other DLNA-certified component's menu without needing you to perform any setup.

In a typical scenario, you might have a PC running DLNA-certified software that transforms it into a media server. Your DLNA-certified player—a TV or game console, for example—would be able to browse the content on the PC and stream it. Alternatively, a controller, such as a tablet or smartphone, could discover the content on the PC and tell the TV to play it back.

Getting started

With more than 4 billion DLNA-certified products on the market—including TVs, Blu-ray players, storage devices, media boxes, smartphones, tablets, game consoles and software—chances are good you already have more than one compliant device or application in your home. Depending on the manufacturer, the product may use a branded version of DLNA such as SmartShare (LG), SimplyShare (Philips), or AllShare (Samsung), but rest assured it's all the same technology and it will all interoperate.

If you own a recent model PC, NAS, smartphone, or tablet, it probably came with bundled DLNA-certified software that will allow any media on it to be recognized by your networked components. If you have an older model, however, you can still turn it into a media server by adding a program like Plex, Twonky, TVersity, or Windows Media Player. Even if a component manufacturer steers you to its branded media-server program—for example, Samsung's AllShare for Windows, you may still be able to use one of these third-party options, but finding which application works best with your component's brand takes some experimentation.

Philips

Philips' SimplyShare is simply a private-label version of DLNA that lets you stream music and other media between smartphones, media players, media servers, other devices to smart TV on your network. 

Another area where DLNA gets messy is codecs. The DLNA specification only allows for a few common audio and video formats like Windows Media Audio, MP3, MP4. FLAC, AVI and MKV files, and many others, aren't supported. To make it more complicated, different implementations of DLNA support different codecs. And even supported formats may not work if the container, bitrate, or other details don't comply with the DLNA spec. Some DLNA server software will try to make up for this shortfall by transcoding files from a non-compliant format to a compliant one on the fly, but results vary.

Has DLNA outlived its usefulness?

DLNA was developed more than a decade ago, when tapping into your vein of locally stored media was the only way to stream a movie or photo slideshow from your computer to your TV. Our current bounty of online media-streaming and -sharing sites like Spotify, Netflix, and Flickr have since satisfied DLNA's original intent with a much simpler process. Sony, DLNA's founder, doesn't even support the standard on its PlayStation 4 (though it looks like it might add it in the future).

Still, if you have gigs of media just sitting on a hard drive, it's worth giving DLNA a try. Just be aware of its limitations and be prepared to endure some trial and error before you find the combination of components and server software that works best on your network.

Even if DLNA eventually falls by the wayside, the alliance itself continues to do good work. It's latest initiative—dubbed VidiPath—is designed to enable consumers to stream their pay-TV content over their home networks without needing to additional set-top boxes for each TV. We'll have a story explaining how VidiPath will work in the near future.

16.00 | 0 komentar | Read More

GoogleX exec: Where Google went wrong with Glass

Google botched its wearable, Google Glass, and now the director of GoogleX labs is openly talking about it.

Astro Teller, Google's director of its research arm, GoogleX, was speaking to an audience at the South by Southwest conference in Austin on Tuesday when he said the company made mistakes with Glass.

Google, according to Teller, needs to work out its wearable's battery and privacy issues, and address miscommunications about the state of the project.

Google Glass, even when it was being sold to early testers for $1,500, was never close to being ready for official sale. It's a prototype and still solidly in the experimental phase.

The company, however, did not make that clear, especially when its executives and its PR people were repeatedly putting timeframes on an official Glass release.

Looking back at the Glass Explorer program, Teller said Google did one good thing it launched the project but it also did one thing wrong.

"The bad decision was that we allowed and sometimes even encouraged too much attention for the program," he said. "Instead of people seeing the Explorer devices as learning devices, Glass began to be talked about as if it were a fully baked consumer product. The device was being judged and evaluated in a very different context than we intended."

That tactic frustrated a lot of early adopters.

"While we were hoping to learn more about how to make it better, people just wanted the product to be better straight away , and that led to some understandably disappointed Explorers," Teller said.

While thousands of people bought Glass to become early adopters, or Explorers , the application ecosystem for the product didn't grow and the project became the target of jokes and waning interest.

"It sounded reasonable to them to have an alpha testing program where, rather than paying the folks testing the product and keeping it secret, they got the testers to pay for the privilege in a kind of a Tom Sawyer scheme, and made the test public," said Rob Enderle, an analyst with the Enderle Group. "Now the product has to dig itself out of a hole that wouldn't have existed had they done the testing using traditional methods."

Teller said the Explorer program, which ended in January, was invaluable.

"I can say that having experimented out in the open was painful at points, but it was still the right thing to do," he said. "We never would have learned all that we've learned without the Explorer program, and we needed that to inform the future of Glass and wearables in general."

According to Teller, Google learned that it has to work out problems with the wearable's battery and with the privacy issues surrounding computerized eyeglasses that can take photos and short videos.

After the company stopped selling the prototypes early this year, speculation swirled that Google was giving up on the project altogether. Google said that's not the case, and that Glass was pulled out of the spotlight to be retooled. The device also was moved from under the research umbrella of GoogleX and placed with its own team, much like the teams working on search and Android.

"Google did screw up," said Zeus Kerravala, an analyst with ZK Research. "The way they talked about it led people to believe it was a finished off, polished product, which it's not. So by hyping it so much, they set expectations they could not meet."

Google had the hype ramped up way before it was time, said Jeff Kagan, an independent industry analyst.

"Google had the sizzle, they just didn't have the steak," Kagan said. "This is a perfect example of a company believing their own PR and not paying any attention to the realities that make something hot... This is a very painful and embarrassing lesson for Google to learn. It's amazing that they haven't learned it yet."

Kagan said he can't see Glass becoming a product anytime soon, but Kerravala said the device still has a good shot.

"Oh, sure they can recover," Kerravala said. "They'll have to take a step back but... there's an expression that if you're not failing, you're not trying hard enough."

16.00 | 0 komentar | Read More

Uber sued for false advertising by California taxi companies

Taxi companies in California have sued Uber Technologies in a federal court, charging the ride-hailing smartphone app company with misleading advertising regarding the safety of its rides.

Uber has made false and misleading advertisements regarding the safety of rides on its UberX platform, and criticized the safety of taxi rides offered by the taxi companies, the 19 firms said in a lawsuit filed Wednesday in the U.S. District Court for the Northern District of California, San Francisco division.

The suit comes in the wake of problems Uber is facing in some countries. On Wednesday, the Frankfurt Regional Court issued a nationwide ban against the company's UberPop service after declaring its business model illegal. Using a smartphone app to connect passengers with private drivers that use their own cars and don't have the required licenses is illegal, the court observed.

In South Korea, Uber's head of operations there, and several drivers associated with the company and a partner are being investigated for breaking local communications and transportation rules.

The false and misleading statements by Uber help the company "line its pockets," but they also cause financial harm to the taxi companies, because their potential customers opt for UberX, mistakenly expecting a safer ride, according to the complaint in California.

The claims against Uber by the taxi companies are quite similar to those in a consumer protection lawsuit filed in December in San Francisco Superior Court by the district attorneys for Los Angeles and San Francisco that accused Uber of misleading consumers over its background checks on drivers. The lawsuit on Wednesday appears to focus instead on the damages to the taxi companies from Uber's allegedly false claims.

The complaint alleges that Uber charges a US$1 "safe rides fee" for each UberX ride, while representing to consumers that the entirety of the fee goes towards ensuring the safety of Uber riders and drivers, as opposed to the company's bottom line or some other aspect of the company, according to the complaint.

The $1 "safe rides fee" was also charged as a misrepresentation by the district attorneys.

Addressing Uber's claims about the safety of its rides and its rigorous background checks of drivers, the taxi companies claim their use of Live Scan, which uses fingerprint identification, is considered "the gold standard of background checks for a variety of reasons." The fingerprint scans are checked with information in U.S. Department of Justice and Federal Bureau of Investigation databases that have "no time-based or jurisdictional limitations," according to the filing.

Uber and rivals Lyft and Sidecar were recently asked by eight members of the U.S. Congress to adopt fingerprint-based background checks of their drivers, which the lawmakers described as "more comprehensive and harder to fake."

"Uber does not require that its UberX drivers take a driver safety training course, nor does it provide any other substantive safety training," according to the complaint. This is said to reflect in the drivers not knowing how to get to even the major intersections in cities and relying almost exclusively on GPS, besides lacking in courtesy and driving unsafely, according to the cab companies.

Uber could not be immediately reached for comment.

The company has been charged with violating the federal Lanham Act, which deals with false advertising, and California's False Advertising Law and Unfair Competition Law. The taxi companies have asked the court for a jury trial and an injunction on Uber's false advertising, besides an award of damages for which the amount was not specified.

16.00 | 0 komentar | Read More

Qualcomm faces dispute in China over its local trademark

Qualcomm could face another regulatory headache in China, this time over a trademark dispute with a Chinese company that is asking the local government to intervene and fine the U.S. company US$100 billion for alleged infringement.

Last month, the chip company agreed to pay Chinese authorities a US$975 million fine for alleged monopolistic business practices relating to its patent licensing business.

Both Shanghai-based Genitop and Qualcomm have been battling over the trademark "Gaotong", which the two companies use as their Chinese brand names.

Genitop claims that it owned the trademark first in China and its products are continually mistaken for Qualcomm's. "People believe we are the fake Qualcomm, or that we maliciously try to depend on the Qualcomm name," Genitop said in a statement. In Chinese, Gaotong means "high communication".

Genitop develops telecommunications gear and chips, and first registered for the Gaotong trademark back in 1992, the year it was founded, it said Tuesday.

Qualcomm has allegedly "bullied" Genitop by refusing to respect the trademark laws, and has instead tried to buy from the Chinese company the trademark rights to Gaotong for 2 million yuan (US$326,000).

Genitop has already filed a trademark infringement lawsuit against Qualcomm in Shanghai, demanding 100 million yuan in compensation. But it will also ask China's State Administration for Industry and Commerce to penalize the U.S. chip vendor for 15-years of trademark infringement.

Qualcomm did not respond to a request for comment.

It's not the first time a U.S. technology company has faced a trademark dispute in China. Back in 2012, Apple agreed to pay a company US$60 million for ownership of the iPad trademark, following a prolonged legal dispute. This came after the Chinese company wanted a $400 million settlement.

16.01 | 0 komentar | Read More

US gov't wants HTTPS on its publicly-accessible sites within two years

Publicly accessible websites and services of U.S. government agencies will have to move to HTTPS encryption within two years to meet the government's objective that these sites and Web services should be offered over a secure connection.

The Hypertext Transfer Protocol Secure offers the strongest privacy protection available for public Web connections with today's Internet technology, according to a draft proposal released Tuesday by the White House's Office of Management and Budget.

"The use of HTTPS reduces the risk of interception or modification of user interactions with government online services," it added.

Besides verifying the identity of a website or service to which the person is connecting, thus preventing redirection to bogus websites, HTTPS also encrypts information sent between the website or service and the user.

A number of government websites including that of the White House have moved to HTTPS by default. The U.S. Federal Trade Commission said earlier this month that it had enabled HTTPS encryption on its website by default. The Federal Register, the daily journal of the U.S. government, has a fully HTTPS-enabled website since 2011.

Under the program now being proposed, newly developed websites and services at all federal agency domains or subdomains must follow the policy upon launch. Existing websites and services are being asked to deploy the encryption in phases, with priority given to services and sites where the content is sensitive or has high traffic and personally identifiable information is exchanged.

Private intranets are also recommended to move to HTTPS, but the shift is not "explicitly required."

Websites and services must also enable a new security mechanism HTTP Strict Transport Security (HSTS) that allows sites to specify that the browser should always use a secure connection to the server. "This reduces insecure redirects, and protects users against attacks that attempt to downgrade connections to plain HTTP," according to the proposal.

OMB recognized that the cost of the transition and maintenance could be high but said it was outweighed by the benefits of a secure service for the public.

The proposal has been put up on GitHub for comment. People can also send in their comments by email, the government said.

16.01 | 0 komentar | Read More

BodyBrew claims to make healthier coffee

Startup BodyBrew claims that their upcoming cold-brewing coffeemaker will result in a healthier cup of joe. But we'll have to wait until summer to find out.

Coffee, originally from Ethiopia, found its first European popularity in the 17^th century. It was followed almost immediately by the enlightenment.

The bitter brew helped create modern civilization. It wakes us up in the morning and keeps us going through the day. We serve it to friends and socialize around it.

But is it good for you? BodyBrew used results from two studies from Harvard—Ask the Expert: Coffee and Health and What is it About Coffee—to show how traditional brew methods can impact health. These reports are generally positive about coffee's effect, but they also note the negative effects of cafestol and kahweol, two substances often found in coffee that can increase LDL cholesterol: That's the bad cholesterol.

And anyone with a sensitive stomach knows that coffee delivers discomforting acid to your digestive system. That's why I switched to tea years ago.

How you brew your coffee makes a difference. Filters, for instance, remove much of the cafestol and kahweol that you would drink if you used a French press or espresso machine. But acid can be high in filtered coffee.

BodyBrew

Which brings us to BodyBrew's product, the Bod (BodyBrew wants us to spell it BOD, but the name isn't an acronym so we won't). According to the company's claims, the Bod will be a compact, easy-to-use brewing device that uses cold water. This cold-brewing technique should, according to EPYK and other sites, result in better-tasting and less-acidic coffee—while filtering out the cholesterol.

Both Intertek and Columbia Food Labs tested the contents of Bod-made coffee. The findings that BodyBrew report seemed quite impressive: 82 percent less cafestol than a French press, and 69 percent less acid than drip. But keep in mind that BodyBrew paid for both tests.

But you don't need a fancy device to cold-brew coffee. You can do it with a jar and a filter.

BodyBrew claims that the Bod will be "compact, modular, portable, spill-proof…shatter-proof and dishwasher safe." It will come with two Kanteen portable containers, and a stainless steel filter. The device will be available for pre-order in various configurations ranging from $59 to $79 (a $20 discount off retail pricing according to BodyBrew) beginning March 23.

Cold-brewing takes patience. According to the Bod instructions sent to the press, you brew the coffee for 12 to 24 hours, and then store it in the fridge. If you want hot coffee, you add hot water. (I'm guessing that a microwave would work as well.)

Acquiring a Bod takes patience, as well. It won't be available before July, and you might have to wait until August—but BodyBrew will charge you when you place your order, not when it ships the product.

16.00 | 0 komentar | Read More

Battlefield: Hardline review impressions: Crossing the thin blue line

Battlefield Hardline, a cops vs. robbers spin on the military shoot 'em ups, actually shakes up the series' tried-and-true formula so much that it barely even feels like Battlefield anymore. 

At least in singleplayer. 

A bit of bookkeeping up front: We were invited to attend a Battlefield Hardline review event at EA's offices in Redwood City last week, but as a rule we don't attend gaming review events. As such, we waited until we got a review code that I could play in the comfort of my own apartment.

And we did get that code! Unfortunately, the PC multiplayer servers were deserted the entire weekend, so I have played 0.0 hours of review-ready Battlefield Hardline multiplayer (though you can read my beta impressions here). It's not really a huge deal because after the complete mess that was Battlefield 4 at launch, we wouldn't have felt comfortable slapping a score on this thing anyway until we saw how the servers held up.

I did play Hardline's singleplayer campaign though, and I enjoyed it. Here are my thoughts, if you're interested in the solo side of the game.

Heat

My biggest problem with the Hardline multiplayer beta was that it felt like scaled-back Battlefield. You can cover the military's olive drab with as much blue and black paint as you want, but at the end of the day Hardline's multiplayer still felt like I was storming compounds in Fallujah or at the very best reenacting the chaos of Call of Duty: Modern Warfare 3's US-invasion storyline. Just, you know, without tanks.

Hardline's singleplayer campaign is an entirely different beast. You play the part of Nick Mendoza, a rookie cop who lands in Miami's Vice department. Yes, like the TV show. And that's important, because Hardline is itself taking cues from TV. The entire campaign is set up like an episodic TV show, right down to a Netflix-style "Next Episode" overlay in between missions.

It's a clever conceit to an ever-so-slightly-clever game—probably the best (or at least most dedicated) use of the episodic format I've seen since Alan Wake's American Nightmare.

Mendoza quickly discovers that not everything in his department is entirely on-the-level. A name keeps cropping up: Stoddard a.k.a. Sergeant Stoddard a.k.a. your former/temporary partner upon arriving in Vice. Stoddard is a brash hothead who's quick to go for his gun, but is he dirty? And is anyone else dirty?

Look, it's not the greatest, most original police story ever told this side of The Thin Blue Line. It's not going to win awards for its amazing, prescient look at the state of the country's police force or anything along those lines. This isn't The Wire. This isn't Breaking Bad.

"No way! The guy from House of Cards is in this?"

But Hardline is fun. It nails the cop-show feel, with some great acting by Kelly Hu, Benito Martinez, Adam Harrington, and more people who you'll go "Oh wow, that's the guy from [insert TV show/movie here]." The characters here are two-dimensional archetypes, sure, but they're well-written archetypes. And honestly, well-acted too. It's crazy that when LA Noire launched, the facial tech in that game was so amazing for the time. Now, regular ol' games like Hardline are hitting that same level of fidelity.

The game is just gorgeous across-the-board, which comes as no surprise after Battlefield 4. Take a look at this screenshot driving in Miami, for instance:

Or this one, of the Los Angeles skyline:

I actually sent that last one to a friend who lives in Los Angeles, I was so excited. "Look, you can see downtown LA! And you can see Hollywood! And if you pan over you can see Santa Monica! And they're all in the right place!" I spent more time than I'm willing to admit just admiring backdrops in Hardline, be it downtown Miami or Los Angeles or a sunset over the Everglades. It's all beautiful.

Pacifist run

Which brings us to how Hardline plays. Honestly this is the most interesting part: It plays nothing like Battlefield. Or, at least, it doesn't have to.

You could go into every level and just shoot everything that moves. In fact, I have no doubt a subset of people will play the campaign like they play normal Battlefield, and they'll go "This is dumb." And they'd be right, because Hardline is not built to be played as a shooter.

You hear that? Battlefield Hardline's singleplayer campaign is not a shooter. If you play it as a shooter, I guarantee you'll be bored. Encounters often include just a handful of enemies. Even large encounters drop in two-dozen guys at most. This is not the non-stop slaughter you'd expect.

Did I mention the game has a "Press E to pay respects" joke?

And the game doesn't reward you for being quick with a gun either. Over the course of the game you'll unlock new weapons and gadgets with your "Expert Rank," and the only way you accrue experience is through non-lethal action—either arrests, non-lethal melee takedowns, or taser stuns.

So the surprise is that Battlefield Hardline plays like a stealth game, in its optimum form. You can approach up to three enemies at a time, flash your badge to order them to freeze, then put each of them in handcuffs. If you're spotted while making an arrest, or just spotted sneaking around, the whole base goes on alert and it turns into a shootout, nullifying any experience you might gain from the area.

It's an interesting mechanic that basically lets you play the game however you'd like, but clearly favors players who put in the effort to be a "Good Officer" and make arrests—similar to Deus Ex or Dishonored. I think I only got in two non-essential shootouts in the entire game, because I found the stealth side of things so much more satisfying.

The whole "Do what you want" idea culminates in the last level, which is (I kid you not) Far Cry. Or like very small Far Cry. You're on an island, there are enemy outposts, and you can either skirt around them entirely or go in stealthy and arrest the whole crew (with your apparently infinite supply of handcuffs) or just run in guns blazing and blow everything to bits.

Seriously. It's Far Cry.

Another fun aspect is the evidence collection mechanic, used to solve Case Files. Each mission in Hardline has documents or other items scattered around that pertain to different backstory elements. It's not hard—your scanner will lead you right to each piece of evidence, if you just pay attention to it. It's definitely not as involved as even LA Noire's simplistic evidence-gathering. But it's a great, actually-interesting implementation of collectibles. I ended up snagging all of them.

Plus, this enemy is playing Dead Space:

I laughed.

Bottom line

You know what? It's not at all what I was expecting from a game with Battlefield in the title, especially since the multiplayer side of things is so focused on shooting.

Hardline's campaign is a great stealth-lite game packaged with the big-budget presentation of a prime-time TV show—including some incredible musical moments that rival anything Rockstar's done with Grand Theft Auto/Red Dead Redemption. It's a weird mix that for some reason worked perfectly on me, though I admit it's probably not for everyone. if you go into this wanting a Battlefield game? I guarantee you're probably going to come away disappointed. A shooter, this is not, and if you try to play it as a shooter you're going to find a pretty short, boring campaign.

I'd urge you to give it a try though, and engage with it on its terms—especially if you're buying Hardline for the multiplayer component anyway. And that's not something I say about many shooter campaigns.

16.00 | 0 komentar | Read More