Were Intelligence Agencies Using Heartbleed in November 2013? Your Heartbleed bug fix in three steps; 5 tips for running Windows XP relatively safely; Ten cool tablet accessories, most under $10; 10 common mistakes Android newbies make; Protect your device from malicious ads; Take a ride on CloudPages for Google Apps; Breaches expose 552 million identities in 2013; Getting started with Carousel for Dropbox; Google adding continuous rogue Android app scans; Staples 3D printing launches in two stores; R.B.I. Baseball 14 slides into App Store; Titanfall update today: what you get and how to get it.
Your Heartbleed bug fix in three steps – This week there’s little question that the internet security world has been tossed down a flight of stairs. With Heartbleed, a relatively major bit of a mistake was made in OpenSSL, a form of security that most of the internet uses, resulting in a major open door for hackers and spies of all kinds. With this bug having only been discovered this week and implemented a whopping two years ago, IT professionals are notably miffed. (As per the usual, untrained talking heads (particularly on TV), have responded as if the sky is following. Yes, this is a serious issue – but, it’s hardly the first one – and, it won’t be the last one this year. The chances of you (a casual user), being directly impacted by this are so slim as to be almost non-existent. Nevertheless, follow the process described in this article. There’s no downside to being prudent.)
5 tips for running Windows XP relatively safely – Today Microsoft stops supporting the decade-old Windows XP operating system. If you can’t upgrade (or don’t want to), follow these tips to continue running the Windows XP with a little security.
10 common mistakes Android newbies make – If you’re just learning the Android ropes, you might get tangled up in a mistake or two. Here are 10 ways to avoid problems and get the maximum benefit from your Android device.
Pro tip: Use Malwarebytes to check app privacy – There’s a feature within Malwarebytes called the Privacy Manager, which will scan your device for apps that access your personal information and do an audit for security issues. It’s reliable and a must-have to keep in front of the ever-moving security curve. If you don’t already have Malwarebytes installed on your device, the process is simple.
Protect your device from malicious ads – The chances of encountering a malware-bearing ad on your phone or tablet are increasing. But blocking ads on mobile is neither easy nor very effective. Here’s a better approach to ad-blocking on your device.
Skype for Xbox One to get update next week, improves auto zoom and more – The official Skype blog states that the 1.3 version of the app will add some improvements to the camera auto zoom feature for video chats. The blog states, “We found ways to better identify people in the picture, especially when there are multiple people in the room. The camera can adjust and see the entire family, even the little ones.”
Getting started with Carousel for Dropbox – Dropbox released its Carousel photo app on Wednesday; it promises to be “a gallery for all the photos and videos from your life.” The app is available for iPhone and for Android. I took the Carousel iPhone app for a spin to show you how it works and what it can do.
Google Lets Anyone In The U.S. Become A Glass Explorer For $1,500 Starting April 15 – That’s right, as of next Tuesday, any American resident can grab a Google Glass unit for $1,500 plus applicable taxes, and these will ship with your favorite shade or Glass-specific frame included, too. The program opens its doors at 6 AM PT on Tuesday (9AM for you east coasters), and there are only limited spots available, so it’s probably going to be first-come, first-served.
Take a ride on CloudPages for Google Apps – CloudPages can add more options to your Google Apps environment such as single sign-on, password recovery and contact sharing features. Find out what it offers and how it came about.
FTC Says Facebook Will Need Permission From WhatsAppers To Use Their Data – Facebook will need the “affirmative consent” of WhatsApp users in order to use their data for advertising or anything. The ruling comes from Federal Trade Commission alongside its approval in US for Facebook to acquire WhatsApp. The $19 billion deal announced in February will still have to get past international regulators.
Chromecast gains Aereo: TV streamed to HDMI – Google’s Chromecast device caused quite a stir when it was first released, turning the television into a “show me anything” display overnight. With a $35 price tag and integration open to any developer wishing to integrate, this little device is in thousands of homes across the world. Today the team at Aereo have made clear their intent to leverage that group of users.
The pros and cons (mostly cons) of saving files to the desktop – As far back as I can remember, no version of Windows has ever, by default, saved data files (documents, spreadsheets, photos, and so on) to the desktop. And at least since XP, it has not been a particularly safe place to save them. But, because the desktop is always visible, some people just can’t resist temptation.
Check out this crazy dual-screen iPhone 6 concept – The latest concept features a superthin new iPhone with a second slide-out screen. Is it fantasy or prophecy?
Ten cool tablet accessories, most under $10 – These ten accessories meet both the useful and cheap criteria. When used with any tablet, they add benefit to the owner in different ways. Many of the accessories are from AmazonBasics. This is a store within a store, the huge Amazon online retail operation. The value is so great we searched through the store to find good accessories worth sharing. Take a look at the ten tablet accessories in this collection, and odds are you’ll find at least one you can use. It won’t cost you much to give it a try, anyway.
Why almost every PC could use a video card upgrade – There was a time when no PC could play a decent game unless it was outfitted with a discrete graphics processor. Today, most off-the-shelf desktop rigs—and nearly all notebook PCs—rely entirely on the CPU for video and graphics processing. And yet the market for discrete graphics continues to thrive. If you don’t give a flying joystick about playing AAA PC games, is a video card a worthwhile upgrade? Let’s compare the performance of integrated and discrete graphics processors to find out.
Breaches expose 552 million identities in 2013 – After lurking in the shadows for the first ten months of 2013, cybercriminals unleashed the most damaging series of cyberattacks in history. Symantec’s Internet Security Threat Report (ISTR), Volume 19, shows a significant shift in cybercriminal behavior, revealing the bad guys are plotting for months before pulling off huge heists – instead of executing quick hits with smaller rewards.
Proposed law seeks to make retailers financially responsible for data breaches – When it comes to massive data breaches – such as the ones at Target and Neiman Marcus – in which millions of customers’ credit and debit card numbers were breached, who should foot the bill?
Google adding continuous rogue Android app scans – Google is updating Android to continuously check phones and tablets for rogue apps, picking out those with malware behavior even if they’ve managed to squeeze through the initial verification. The new feature, which builds on Android’s existing “Verify apps” system that sifts through software at the point of installation to flag up any concerns, will add real-time and ongoing checks.
AMD launches low-cost, low-wattage AM1 chipset: Socketable all-in-one chip starts at $34, aims sights at budget Pentiums – New flavors of Athlon and Sempron promise top power draws of 25W and enough power to play modern games in 1080p. Roughly one month after its announcement, AMD’s AM1 chipset launched internationally today, promising an all-in-one desktop computing solution that combines CPU and GPU with low wattage, low cost, and (relatively) high performance. Today’s launch comes in four flavors, ranging from the $34, dual-core Sempron 2650 to the $59, quad-core Athlon 5350.
AMD working with Toshiba on AMD-branded SSD – AMD must count 2014 as one of its better years already, due in most part to the millions of PS4 and Xbox One consoles flying off store shelves. But its main business remains the components that go inside our PCs, and in particular processors and graphics cards. However, AMD isn’t a company to shy away from slapping its name on new products, and it looks like we are set to get an AMD-branded SSD soon.
Petition Demanding Removal Of Condoleezza Rice From Dropbox Board Pops Up Online, On Twitter – Internet activists are at it again. Following yesterday’s news regarding the appointment of Condoleezza Rice, former United States Secretary of State and National Security Advisor, to the board of cloud storage and syncing service Dropbox, a petition has sprung up online, demanding that users tell Dropbox they’re opposed to this move, and threaten to leave the service if Rice isn’t removed from the board.
Amazon acquires comiXology, the future of Kindle comics is bright – One of the best ways to read legally obtained comics on mobile devices, comiXology, has just been acquired by Amazon, manufacturer of the Kindle, which is one of the best ways to read on mobile devices. ComiXology CEO David Steinberger posted an official letter announcing the acquisition, and he sees bright things in both companies’ future.
Mozilla responds to media speculation over board resignations – According to Mozilla’s blog, Brendan Eich was not forced to resign and did not step down out of employee pressure as well. Eich, who has been a founding member of Mozilla, decided to leave the company on his own to prevent any damage to the Foundation’s mission of a free and open web. Mozilla’s board members who resigned following Brendan’s appointment had planned to do so well before the CEO appointment, and the matter is said to be unrelated altogether. (Mozilla = Cowards)
Staples 3D printing launches in two stores – Staples has launched an in-store 3D printing service in two of its locations: New York and Los Angeles. With this, they aim to make 3D printing a service available to anyone who wants to have a product whipped up, and all the while helping get the 3D printing industry’s consumer-level ball rolling.
Games and Entertainment:
R.B.I. Baseball 14 slides into App Store – If you’re old enough to remember R.B.I. Baseball, the classic Nintendo game, you’re old enough to be excited by this news: R.B.I. Baseball has been rebooted for next-generation platforms, including PlayStation 3, Xbox 360, and iOS. In particular, R.B.I. Baseball 14 for iOS revives the classic franchise for iPhone, iPod Touch, and iPad. It’s a fast-moving, arcade-style ballgame, but with the full weight of Major League Baseball behind it.
Microsoft reveals Age of Empires: World Domination for iOS, Android and Windows Phone – Microsoft is expanding its Age of Empires real time strategy game franchise to the mobile phone and tablet arena. Today, it was revealed that Age of Empires: World Domination will be released this summer for iOS, Android and Windows Phone. Plans for such a game were first revealed in July 2013 but no other details were provided at that time. The game’s official website has now launched, along with a trailer that shows off some gameplay from the title.
Relive your XP nostalgia with Microsoft’s ‘Escape from Windows XP’ game – Microsoft pulled the plug on Windows XP support on Tuesday and the IE team has put together a fun little game called ‘Escape from Windows XP’ which is a small browser based shooter that, as you would expect, you try to escape Windows XP. You can check out the browser based game here and it should work with any modern browser. The game is a simple, arcade style, shooter where broken windows of IE6 make up the ‘ground’ that you play on while destroying various bits of XP nostalgia.
Watch Dogs NVIDIA trailer: delivering PC’s highest-level graphics – With Watch Dogs’ final release right around the corner, final graphics and gameplay videos are being released left and right. Today we’re to understand from a PC Games video (now pulled) that Ubisoft is suggesting the game will be full HD (1080p) on the PlayStation 4. The Xbox One has no such confirmation. Meanwhile, NVIDIA has stepped up with their optimizations video – always an interesting spot to watch when a new game has had top-level work done with the folks that make the graphics cards you might very well be using to play the game.
Titanfall update today: what you get and how to get it – Today the folks at Respawn Entertainment have let it be known that quite a few changes are coming to Titanfall for Xbox One, PC, and Xbox 360 builds. This update brings on Private Matches in Beta mode, Party Colors, Auto-Titan Color in Obituary, Menu Changes, Game Version notes on Main Menu, and a number of Game Balance Changes. One massive set of bug fixes are in the mix as well.
Off Topic (Sort of):
Video games may cause aggression based on difficulty, not violence – Violent video games are a popular scapegoat for aggressive behaviour — but it seems that violent content may not be the culprit after all. A new study suggests that, if a person acts aggressively after playing a game, the root cause is frustration over the game’s difficulty.
TinkerBots lets you build and train a toy robot – The pieces are designed to snap together with ease, and they’re capable of bringing creations much more complex than a wiggly dog to life. Not to take anything away from the dog — it’s a wonderfully example of how simple and yet powerful TinkerBots are. To train the dog to walk, you simply have to switch on the Power Brain’s recording mode and twist and turn the dog manually. Press play, and it repeats the motion you just programmed.
France bans managers from contacting workers outside business hours – A new agreement between employer organizations and labor unions in France has made it illegal for French managers to contact their employees about work-related matters outside of normal business hours. The agreement [PDF], which amends an existing pact signed in 1999, specifies that employees must have “the opportunity to disconnect from remote communication tools at their disposal” (in the words of Google’s Francophone translating robots) to ensure that they comply with strict rules on working hours. That means French workers who receive emails or calls from coworkers or the boss at dinnertime can now safely ignore them without fear of retribution.
Largest volcanic eruption in human history changed the 19th century as much as Napoleon – Most have heard of the Battle of Waterloo, but who has heard of the volcano called Tambora? This extraordinary geological event took place 199 years ago this week, and on the cusp of its bicentenary Tambora is finally getting its due. With the help of modern scientific instruments and old-fashioned archival detective work, the Tambora 1815 eruption can be conclusively placed among the greatest environmental disasters ever to befall mankind. The floods, droughts, starvation, and disease in the three years following the eruption stem from the volcano’s effects on weather systems, so Tambora stands today as a harrowing case study of what the human costs and global reach might be from runaway climate change.
DATA Act, Which Would Make Government-Spending Data Available Online, Passes Senate – The Senate unanimously passed the Digital Accountability and Transparency Act, or DATA Act, today. The DATA Act is designed to help bring new transparency to spending by the federal government, by making spending data available to the public at USASpending.gov. The bill’s goal, to quote the Congressional Research Service’s (CRS) summary, is to “provide consistent, reliable, and searchable government-wide spending data.” That data will “improve the quality of data submitted to USASpending.gov by holding federal agencies accountable for the completeness and accuracy of the data submitted,” according to the CRS.
Turns out most people prefer to watch TV instead of tweet about it – Twitter and Facebook think they’re pretty important to TV viewers and have spent the last year or so fighting for a piece of advertisers’ budgets. But it turns out that most people aren’t paying attention to social media at all when they tune in to their favorite shows. But research shows that people are using Facebook to talk about the primetime show they’re watching 3.8 percent of the time, and even less on Twitter—just 1.8 percent of the time. Those numbers are higher for TV events like awards shows, which generate more watercooler discussion in general than normal shows, which rarely have moments like Ellen DeGeneres’s record-breaking selfie.
Something to think about:
“I wonder if there is going to be some backlash from the mainstream press and the public. If nothing really bad happens — if this turns out to be something like the Y2K bug — then we are going to face criticisms of crying wolf.”
- Bruce Schneier on Heartbleed
Today’s Free Downloads:
Don’t Sleep – Don’t Sleep is a small portable program to prevent system shutdown, Standby, Hibernate, Turn Off and Restart. Especially when old Programs run on Windows-7 or Windows Vista. Here’s more aggressive power-saving features with new rules. But not only that, it also prevents logging off the computer, and the deactivation of the monitor or activation of the screen saver. Of course you can also manually disable all the options and then activate again, but with Don’t Sleep one can save now many hand moves and also save time! And it’s easier than ever. Apart from the fact Don’t Sleep has a timer that allows time control unblock, or shutdown the computer for a specified time. Don’t Sleep does not have to be installed and can be executed easily from the desktop, and can be carried on a small usb-stick or other memory device.
HTTrack Website Copier – HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility. It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site’s relative link-structure. Simply open a page of the “mirrored” website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system.
In Pursuit of Freedom – The Pushback Continues:
Wild at Heart: Were Intelligence Agencies Using Heartbleed in November 2013? – Yesterday afternoon, Ars Technica published a story reporting two possible logs of Heartbleed attacks occurring in the wild, months before Monday’s public disclosure of the vulnerability. It would be very bad news if these stories were true, indicating that blackhats and/or intelligence agencies may have had a long period when they knew about the attack and could use it at their leisure. In response to the story, EFF called for further evidence of Heartbleed attacks in the wild prior to Monday. The first thing we learned was that the SeaCat report was a possible false positive; the pattern in their logs looks like it could be caused by ErrataSec’s masscan software, and indeed one of the source IPs was ErrataSec. The second log seems much more troubling. We have spoken to Ars Technica’s second source, Terrence Koeman, who reports finding some inbound packets, immediately following the setup and termination of a normal handshake, containing another Client Hello message followed by the TCP payload bytes 18 03 02 00 03 01 40 00 in ingress packet logs from November 2013. These bytes are a TLS Heartbeat with contradictory length fields, and are the same as those in the widely circulated proof-of-concept exploit. A lot of the narratives around Heartbleed have viewed this bug through a worst-case lens, supposing that it might have been used for some time, and that there might be tricks to obtain private keys somewhat reliably with it. At least the first half of that scenario is starting to look likely.
Australia: Facebook feud fires alarm over public service snoop plans – Federal government departments are using increasingly powerful cyber-snooping equipment to monitor the social media lives of millions of Australians. A dramatic public confrontation between the Immigration Department and a Sydney-based political activist over her Facebook page has resulted in accusations that mass surveillance is being used to keep tabs on political dissent. Other large government departments including Centrelink, Defence and Social Services have all conducted mass monitoring of social media activity. Centrelink’s parent agency, the Department of Human Services, even has its own software, which was developed by the CSIRO. A social media team of 10 public servants operates the software. The Department of Immigration and Border Protection hires private sector contractors who can monitor more than half-a-billion ”pieces” of social media each day on sites such as Facebook, Twitter, YouTube, Pinterest and Flickr. Immigration experimented several years ago with powerful software called Radian 6, which can provide surveillance across a range of social web platforms, but decided not to adopt it. The department’s key research contractor has told Fairfax that the monitoring currently undertaken for Immigration was about ”taking the temperature of society” and that no reputable research company would help government departments compile ”hit lists” of political opponents. (recommended by Mal C.)
US set to boycott Brazil’s anti-surveillance plans – A document released by WikiLeaks this week revealed that spying activities carried out by the United States will be condemned at Brazil’s upcoming global Internet governance event – but the proposals to change the current set-up will face strong opposition from the United States. The draft agreement for the NETmundial consists of 180 contributions from a multi-stakeholder committee and was due to be publicly released on April 14. The document outlines the key discussion themes – essentially the redefinition of the concept of Internet governance and principles such as rights to access information, freedom of association and expression, privacy, accessibility, diversity and development. NETmundial is a multistakeholder event created after the NSA spying scandal, which involved various nations including Brazil – and the impact that government-led surveillance is having on the privacy of Internet users and the infrastructure of the Web will be at the top of the agenda at the conference. “Mass and arbitrary surveillance undermines trust in the Internet and trust in the Internet Governance ecosystem,” says the NETmundial agreement. “[Human] rights that people have offline must also be protected online, in accordance with international human rights law,” the document adds. Representatives from Brazil, France, Ghana, Germany, India, Indonesia, South Africa, South Korea, Tunisia, Turkey and the US have all agreed to participate of NETmundial. But WikiLeaks implied that this seemingly collaborative process was in fact a situation where the US “appears to have comprehensively thwarted Germany [and] Brazil in [the] internet governance plan, leaving only platitudes.”
Republicans Don’t Want America to Give Up Control of Web Addresses – House Republicans advanced legislation Thursday that they say will keep the Internet open and free from government censorship. Every Democrat on the panel considering the measure opposed it in service, they say, of the same goal. At issue is a question with profound implications for the future of global communications that delves into the deepest bowels of the Internet, and a version of the age-old question: Who guards the guards? “We can’t let the Internet turn into another Russian land grab,” Rep. Marsha Blackburn (R-Tenn.), one of the bill’s co-sponsor’s, said in a statement announcing the so-called DOTCOM Act. “America shouldn’t surrender its leadership on the world stage to a ‘multistakeholder model’ that’s controlled by foreign governments.” The “domain name system” is sort of like the phone book for the Internet—it’s the tool your computer used to convert the URL “Time.com” into the unique code of numbers and letters that are the actual address for this website—and it has historically been owned by the United States but administered through the international nonprofit ICANN. The Domain Openness Through Continued Oversight Matters Act (a name excruciatingly eked out of the DOTCOM Act acronym) would, if passed into law, prevent the Obama Administration from going through with its plan to permanently turn control of the Internet’s domain name system over to an international authority comprised of various Internet stakeholders. Under the DOTCOM Act, that handover would be delayed at least until the completion of a government study into the implications of such a move. After rejecting four Democratic amendments that would have weakened the bill, Republicans in a House subcommittee on technology advanced it to the full House Energy and Commerce Committee for consideration. (Do these imbecilic political sociopaths not yet realize that the rest of the world will never again allow the U.S. to dominate the Internet as it has in the past? That, can’t come soon enough.)