7 Things Not to Buy Before Black Friday; Malicious Trojan now attacking password managers; Using a password manager on Android? It may be wide open to sniffing attacks; How to use an authenticator app to improve your online security; Thanksgiving Survival Guide: 8 Gadgets to Keep the Family at Bay; Candy Crush is taking over your Facebook feed – again; Microsoft Lumia 635 now available for $39 off-contract; The Weather Channel app’s new ski module; Microsoft adding Skype chat to Office Online web apps; Google Maps Update Adds Weather and Local Time to Destinations; The layman’s guide to Docker; Europe’s parliament “poised to call for a break-up of Google”; Amazon to offer ad-supported free video streaming service; Target to judge: Banks’ losses in our card breach aren’t our problem; All aboard the poop bus, now farting around the UK; WifiChannelMonitor (free); Cyberwar is bullshit.
Using a password manager on Android? It may be wide open to sniffing attacks – In early 2013, researchers exposed some unsettling risks stemming from Android-based password managers. In a paper titled “Hey, You, Get Off of My Clipboard,” they documented how passwords managed by 21 of the most popular such apps could be accessed by any other app on an Android device, even those with extremely low-level privileges. They suggested several measures to help fix the problem. Almost two years later, the threat remains viable in at least some, if not all, of the apps originally analyzed. An app recently made available on Google Play, for instance, has no trouble divining the passwords managed by LastPass, one of the leading managers on the market, as well as the lesser-known KeePassDroid.
How to use an authenticator app to improve your online security – Summary: Want to avoid having your online accounts hacked? Enable two-factor authentication (2FA), a crucial security measure that requires an extra code when signing in from an unfamiliar device. In this post, I explain how to use a mobile app to make your accounts safer.
Thanksgiving Survival Guide: 8 Gadgets to Keep the Family at Bay – We all know what Thanksgiving is supposed to look like: cute grandkids, fond memories and turkey dinners as polished as a Pinterest board. But let’s be honest: Even if we love grandpa, we’ve heard the same story every year since 2003. We’d rather talk movies than aunt Mildred’s political platform. And maybe it’s time uncle Larry laid off the Merlot. With this in mind, we’ve put together a Thanksgiving survival guide: eight gadgets for putting up with eight troublesome family members.
The Top 10 Most Controversial Android Apps – In the slideshow, we spotlight 10 Android apps that kicked up a storm of controversy. Whether they posed serious security risks to users, illustrated flaws in Google’s system architecture, or just pushed the boundaries of good taste past the breaking point, these apps courted controversy and found it.
Candy Crush is taking over your Facebook feed — again – The latest puzzle game from King.com is making waves on mobile devices, and its advertising campaign on Facebook has reached millions of people.
Microsoft Lumia 635 now available for $39 off-contract – The entry level Lumia 635 is now even more affordable with Microsoft and AT&T shaving nearly 60% off its price. The 4G handset is currently available for only $39 at Microsoft’s online store. In case you’re not familiar with the device, the Lumia 635 is a decent, 4G-enabled entry level Windows Phone. The phone has some limitations and you can learn more about those and what’s it like to use the phone full-time here. However for $39, this is definitely a steal.
Google Maps Update Adds Weather and Local Time to Destinations – Google’s changes for its latest iteration of the Google Maps Android app are small, but interesting nevertheless. Not only do you get a little extra description for your locations, but Google will now also tell you the weather at the given location as well as its local time. That might not matter that most if you’re trying to find directions to some place 20 minutes away or so, but Google’s little update certainly assists those using Maps navigation on a road trip. Don’t forget your umbrella.
Find the snow with The Weather Channel app’s new ski module – The Weather Channel app has added a ski module that shows you current conditions and the forecast of the ski resorts near your saved locations. Choose a location and then scroll down and you’ll find the new Ski Slopes section right below Airport Conditions. Powered by On The Snow, it shows the temperature, past snowfall, expected future snowfall, wind conditions and snow base. It also shows you the number of lifts open and current snow conditions. You can swipe sideways to get this information for 10 local resorts.
New Chromebook owners get 1TB Google Drive storage for free – Are you in the market for a new computer this holiday shopping season? If so, Chromebooks might be on your short-list of possible purchases. The pros and cons of Google’s cloud-centric computers can be debated breathlessly, but one there’s one feature that might put you over the top this year. Google is giving anyone who purchases a new Chromebook a full terabyte of cloud storage via Drive for two years. Free. that’s right, buy a Chromebook, get 1TB cloud storage for two years at no cost.
Microsoft adding Skype chat to Office Online web apps – It’s one of those features that Google Drive/Docs users have been able to use for so long that it’s almost expected by now: real-time chat with others while collaborating on documents. As Microsoft has been pushing its Office programs like Word, Powerpoint, and Excel into the cloud recently, users of Office Online are finally able to communicate via built-in Skype chat.
Linux Mint 17.1 finally makes MATE’s fancy Compiz graphics easy to use – Linux Mint isn’t chasing touch interfaces, rethinking the way we use the desktop, or enacting any other grand experiment. It’s just a polished, modern Linux desktop system—and that’s why people love it. Linux Mint 17.1 (codenamed “Rebecca”) is on the brink of being released, and it continues the Linux Mint mission of refining the interface we use every day. Technically, Linux Mint 17.1 is out in “RC” or “Release Candidate” form, which just means “this exact image will become the final release unless we find any huge bugs.”
Prices for 4K monitors sink below $500 – Prices for 4K monitors have dropped below $500, bringing them within the reach of cost-conscious buyers looking to replace 1080p displays. The prices have been falling steadily from $700 or more earlier this year. 4K monitors are available from Samsung, Sharp, Dell, Asus, Acer, Monoprice and small vendors. 4K gives a resolution of 3840 x 2160 pixels, or four times deeper than conventional 1080p resolution of 1920 x 1080 pixels.
7 Things Not to Buy Before Black Friday – Year after year, the holidays arrive a little earlier, and 2014 is no exception, with many stores already offering “Black Friday” savings. But perhaps you don’t buy into the hype. “How much can I really save?” you wonder. Truth is, you’ll need to keep tabs on opening times and lightning rounds, but deals can be had. As a result, there are a number of gadgets you shouldn’t buy before Black Friday. Check them out in the slideshow.
Contain yourself: The layman’s guide to Docker – Welcome to the age of containerization, where an ecosystem led by startup Docker is leading IT organizations to ineffable peaks of efficiency, helping them scale their workloads ever-higher, and probably baking them a nice cake to boot (it’s my birthday, I have cake on the brain, sue me). Microsoft, Google and Amazon Web Services are all tripping over themselves to make sure prospective customers know that their clouds are the place to be if you want to get the most from Docker. That’s great and all, but what really is Docker, and why are containers suddenly such a hot topic? Without getting lost in the weeds, and without breaking out the diagrams, let’s take a look.
Governments act against webcam-snooping websites – Government officials in the U.S. and the UK are warning people to secure their webcams after websites that broadcast the contents of those cameras have sprung up online. One of the better-known sites, Insecam, appeared to have gone offline after the warnings Thursday, but at least one site that publishes similar content was still available. The websites show footage from security cameras used by businesses and in people’s homes, including CCTV networks that secure buildings and even cameras built into baby monitors.
Highly advanced backdoor trojan cased high-profile targets for years – Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran’s nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets. Regin contains dozens of payloads, including code for capturing screenshots, seizing control of an infected computer’s mouse, stealing passwords, monitoring network traffic, and recovering deleted files. Other modules appear to be tailored to specific targets. One such payload included code for monitoring the traffic of a Microsoft IIS server. Another sniffed the traffic of mobile telephone base station controllers.
Malicious Trojan now attacking password managers – People rely on password managers to remember multiple and/or complex passwords for various accounts. If a person inputs a ‘master password’ into this manager, they can access all their previously stored credentials. These softwares are now being targeted by Citadel. Labeled as highly evasive; the trojan has already infected millions of computers according to Dana Tamir, director of enterprise security at IBM company Trusteer. While this malware isn’t exactly new, the disturbing thing revealed by IBM are the instructions it contains to compromise password management and authentication solutions. The malicious software can stay idle on machines for an indefinite length of time and then be triggered by a specific action by a user. This essentially means that most people do not even know that their computer is already infected by this malware.
15 arrested in new European crackdown of peeping tom malware users – Fifteen people have been arrested across seven European countries “who are suspected of using remote access trojans (RATs) to commit cybercrimes,” Europol said in a statement on Thursday. The people were apprehended in Estonia, France, Romania, Latvia, Italy, the United Kingdom, and Norway. The National Crime Agency (NCA), a rough British equivalent to the FBI, lead a sting operation resulting in the arrests of five (out of the 15 total) across the United Kingdom. In May 2014, over 100 people were arrested as part of a similar worldwide sting operation.
This issue does not effect WordPress.com – this site for example.
Detekt tool hunts down government spyware on your PC – Government surveillance is a hot topic, and as news about the extent of such monitoring keeps coming, many individuals have wondered at one point or another whether any of their own data is under some agency’s watchful eye. To help (potentially) ease your paranoia is a new open-source malware tool called Detekt, which its maker Claudio Guarnieri — with support from the Electronic Frontier Foundation — says will help you determine whether your computer is infected. The malware detector is available for Windows users.
Apple’s $450M ebook antitrust settlement approved by judge – It’s been several months now since any news has been heard about Apple’s settlement in a class-action lawsuit over the company’s ebook price-fixing. Reuters is now reporting that a U.S. District Judge has approved a settlement amount of $450 million in what was described as an “unusual” accord. Under the agreement, $400 million is to be paid to as many as 23 million affected customers, and $50 million to lawyers. Apple was already found guilty of conspiring with ebook publishers over consumer prices in a 2013 case against the U.S. Department of Justice, but filed for an appeal in February 2014.
Apple to donate portion of holiday sales to AIDS fight – During the two-week campaign, proceeds from the sales of 25 apps with exclusive new content will be donated to fight the disease.
Apple – The modern effective business enterprise: First, they steal our money (as per the previous entry). Then, in an attempt to appear as a socially conscious enterprise, they pander to us with our own money.
Europe’s parliament “poised to call for a break-up of Google” – “The European parliament is poised to call for a break-up of Google” in a vote next week, the Financial Times reported today. The resolution would be nonbinding, because any final action would have to be taken by the European Commission, the executive branch of the European Union. While the parliament itself “has no formal power to split up companies,” it does have “increasing influence on the [European] Commission, which initiates all EU legislation,” the report said. “The commission has been investigating concerns over Google’s dominance of online search for five years, with critics arguing that the company’s rankings favor its own services, hitting its rivals’ profits.”
Mozilla reports flat revenue from Google-Firefox search deal – Mozilla today said that 2013 revenue from its deal with Google was flat compared to the year before, as was its income overall, even as expenses jumped by 42%. The flat-lining of revenue was in stark contrast to its previous financial statement, which had shown a bullish increase of 88%. The Mozilla Foundation’s 2013 revenue was $314 million, up half a percentage point from 2012, according to the financial statement released Friday.
Target to judge: Banks’ losses in our card breach aren’t our problem – Target’s massive data breach, in which criminals were able to drop malware onto point-of-sale systems and compromise at least 40 million credit and debit cards, is now the subject of a federal lawsuit by banks who issued those cards. And Target is arguing in court today that those claims should be thrown out, Bloomberg reports—because the company claims it had no obligation to protect the banks from damages.
Samsung demands NVIDIA sales ban in patent retort – Samsung has shown it’s not afraid to chase big legal injunctions when it believes its patents are at stake, and now it’s NVIDIA facing a US sales block at the hands of the South Korean firm. A complaint filed on Friday asks the US International Trade Commission to shut down sales of NVIDIA’s graphics chips, alleging they infringe Samsung’s own intellectual property. As with Apple, however, Samsung didn’t actually pull the trigger first: it was NVIDIA which kicked off this particular war.
Games and Entertainment:
Wii U’s five games that’ll make you happy you roll with Nintendo – Nintendo appears very much to be aiming all efforts for a resurgence at the holiday season, and with big hits – proven hits – like Super Smash Bros and Mario Kart, they may well be in for some heavy business. The Wii U hasn’t been selling at nearly so high a rate as either the PlayStation 4 or the Xbox One over the past year – this console was released all the way back in the fourth quarter of 2012, after all – so why would someone want to buy a new Wii U right this minute? Games!
Crookz brings 70s groove to the heist game genre – There’s something so satisfying about a well-executed heist. I don’t know whether it’s the idea of outsmarting an entire legion of people, or the idea of living on a beach on the fictional island of Kokomo for the rest of my life, but there’s something about that primal urge that makes me want to bust out a set of lockpicks and tune up my safecracking ear.
Jurassic World trailer-teaser previews dinosaurs reborn – If there’s an upcoming movie almost guaranteed to get anybody who grew up in the 90s salivating, it’s Jurassic World, and so you’ll have to forgive us for getting unduly excited about the first trailer teaser. Not due to open in theaters until June 12th, 2015, the movie takes us back to an island of dinosaurs in the most exciting – and, unsurprisingly, dangerous – theme park you can imagine, with original director Steven Spielberg returning to act as executive producer on the new installment.
Dragon Age: Inquisition Benchmarked: Graphics & CPU Performance – As a long time fan of the series, our mobile editor Tim jumped at the opportunity to preview Dragon Age: Inquisition ahead of release last month. As with Kotaku’s impression of the final release, Tim concluded that the fantasy RPG’s third iteration is a must-play. Fortunately, that should be doable for most gamers with official recommended requirements including a GTX 660 or HD 7870 (R9 270), 8GB of RAM and a Core 2 Quad or Phenom II X6 — hardly a tall order, though we suspect extra firepower wouldn’t hurt. After all, Dragon Age: Inquisition has been built with Frostbite 3, the same game engine used by Battlefield 4 except BioWare also integrated a vegetation engine called ‘Speed Tree’ that has been used in many games and movies, from Avatar to Star Trek.
Amazon to offer ad-supported free video streaming service – Amazon is one of the biggest and best sources of video content in the world, well except for BitTorrent. So it’s one of the biggest and best legal sources of video content in the world. What if you didn’t have to pay for it, though? Amazon has been rumored in the past to create a free ad-supported video offering, and a new report from the New York Post says it’s now definitely happening. It’s not just about a Netflix alternative, though. Amazon would probably use an expansion of free streaming video to push customers into Prime memberships.
Far Cry 4 woes with dual-core processors point to a bleak future for budget PC gamers – While controversy continues to swirl around Assassin’s Creed: Unity’s terrible PC performance, further tales of woe are starting to surface around Ubisoft’s other blockbuster holiday release, Far Cry 4. Numerous Reddit and forum users are reporting that Far Cry 4 flat-out refuses to work with “straight” dual-core PCs—chips that don’t use hyperthreading to “fake” having additional cores. Attempting to launch the game on just such a system results in a black-screen “failure to launch” bug, the users say.
Off Topic (Sort of):
Is the web dying? No, the browser’s best days are still to come – “The web is dead.” Four words repeated with alarming regularity. This time the web’s impending demise has been diagnosed by commentators based on observations that smartphone users spend overwhelmingly more time using native apps than a browser. Those warning of a moribund web seem to believe it is set on a path of terminal decline, with apps gradually eroding more and more of what was once the preserve of the browser.
Smart guns: Can tech bring transparency to law enforcement? – Yardarm Technologies developed a sensor for guns to detect when, where, and how they’re used, in hopes of improving safety and accountability for law enforcement officers.
These Are the Top 10 Telemarketer Area Codes: You’re most likely to get spam calls from these area codes – Thankfully, there are ways to spot a spam call before you pick up the phone. Recently, the folks at Whitepages analyzed the 2.5 billion calls and texts routed through its Caller ID app to look for patterns that might identify telemarketers. They found that some area codes are home to far more spam callers than others, and came up with a listing of the top 10 spam area codes in the United States. The full list is as follows:
From Cracked – 19 Products You Use Every Day (That Are Basically Placebos)
We can exempt CCleaner – a must have application for a typical user.
All aboard the poop bus, now farting around the UK – If you’ve always found riding the bus to be, well, a crappy experience, do we have the bus for you. The Bio-Bus, which made its maiden voyage in England this month, seats up to 40 people. The bus can travel up to 186 miles on a single tank of gas that “takes the annual waste of around five people to produce,” GENeco said in a statement. Fortunately for riders, the bus itself doesn’t actually smell like a bathroom, as impurities in the biofuel are removed to reduce — or almost entirely eliminate — any odors in the vehicle’s emissions.
ESPN bans Twitter use for baseball writer who defended evolution – Is there a modern-day Galileo in the sporting world’s midst? Is there a man who fights for science against the forces of tradition and is prepared to take any risk imaginable? I only ask because of disturbing rumbles that ESPN has prohibited one of its baseball writers, Keith Law, from using Twitter. A report on Deadspin suggests the sanction stems from Law’s defense of evolution against the creationist views of former Red Sox pitcher Curt Schilling. This defense occurred in the extremely evolved social environment of Twitter.
Something to think about:
“All truth passes through three stages. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as being self-evident.”
– Arthur Schopenhauer (1788 – 1860)
Today’s Free Downloads:
WinReducer – WinReducer makes a custom ISO with up to 825 different combinations to customize, integrate or reduce your personal Windows installation.
Customize Windows (Integrate cursors, themes, wallpapers or change files to improve Windows 7 appearance)
Help Tips available for each components (and all components help tips could be translated in your language)
Integrate (Applications, Drivers, Net Framework 3.5, Unattended Files or Updates to your customized Windows 7 ISO)
Load Language Files (Translate WinReducer 7.0 in your language)
Load WinReducer GUI Theme (Improve WinReducer 7.0 Graphical User Interface)
Remove Windows Components (Make your choice to reduce and adapt Windows 7 to your needs)
Use WinReducer Custom Configuration File (Load or Save Presets files, also know as wccf file, to restore or save your settings)
“All in One” ISO support with up to 50 Windows Editions
WifiChannelMonitor – WifiChannelMonitor captures wifi traffic on the channel you choose, using Microsoft Network Monitor capture driver in monitor mode, and displays extensive information about access points and the wifi clients connected to them. WifiChannelMonitor also allows you to view the information about wifi clients that are not connected to any access points, including the list of SSIDs (network names) that they are trying to connect.
For every access point, the following information is displayed: SSID, MAC Address, Device Manufacturer , PHY Type, Channel, RSSI, Security, Beacons Count, Probe Responses Count, Data Bytes, Retransmitted Data Bytes, and more…
For every client, the following information is displayed: MAC Address, Device Manufacturer, SSID list that the client tries to connect, Sent Data Bytes, Received Data Bytes, Probe Requests Count, and more…
Limitations: Requires Microsoft Network Monitor.
Unchecky Beta – Unchecky aims to keep potentially unwanted programs out of your computer.
Have you ever felt, while installing software, that the installer tries to push additional unwanted programs at all cost? Ever missed a checkbox, and spent hours afterwards removing adware? Ever opened your browser after an installation, only to find out that you have a new homepage, a new search engine, or even a new browser?
Nowadays it’s a reality that many software installations are bundled with potentially unwanted programs, such as toolbars or scareware system cleaners. If you’re a power user, you probably know that you have to be very careful while installing software, because if you miss a checkbox you might spend hours afterwards cleaning up the mess. If you’re an average PC user, you possibly leave everything by default, thus installing lots of additional unwanted programs without even knowing it.
Unchehky’s primary feature is automatic unchecking of unrelated offers, such as potentially unwanted programs, offers to change your homepage or your search engine. With Unchecky, these offers become opt-in instead of opt-out, i.e. they will be installed only if you explicitly choose you want them (you usually don’t).
Another important feature of Unchecky is that it warns when you accept a potentially unwanted offer. Installers often provide them as a natural part of the installation, so they can easily be accepted by mistake. With Unchecky, it’s less likely to accidentally accept such offers.
Unchecky is not an universal solution, and might not support installers which were not released yet. Thus, it’s worth noting that Unchecky updates automatically, so you don’t have to worry about running the latest version.
In Pursuit of Freedom – The Pushback Continues:
Cyberwar is bullshit: As governments build stronger and smarter digital weapons, we’re all collateral damage – If cyber-defense isn’t about defending you, then what’s it about? Why are we developing and deploying these weapons if we can’t defend against them? What’s the arms race good for if it can’t protect people? But these are weapons, and weapons are their own reason.
This logic is why groups like Amnesty don’t like the term “cyberwar.” War makes it sound like two sides, America vs. China, each playing offense and defense together. But the reality is all offense, all collateral damage. We’re building better and better weapons, protecting the most powerful parts of society from attack, then leaving everyone else to fend for themselves. It isn’t America vs. China, and it isn’t cops vs. robbers. It’s boots vs. faces.
Canada: Conservative cyberlaws threaten privacy rights – Parliament is currently considering two key pieces of legislation: Bill C-13, the Protecting Canadians from Online Crime Act, a.k.a. the cyberbullying law; and S-4, the Digital Privacy Act. While elements of each bill are good, other aspects needlessly erode privacy rights.
Therrien warns that Bill C-13 sharply lowers the bar to police obtaining court orders to pry into citizens’ private computer lives and digital activity. Instead of needing serious “grounds to believe” wrongdoing is going on, the police need only have “suspicion.”
On that desperately thin basis they can get a court order to obtain a person’s name, address, banking card use, car movements, financial accounts, email addresses, Internet pages visited, files shared, web search history, and more.
As Therrien told a Senate committee this past week, “Reasonable suspicion is too low a threshold for allowing a wide assortment of public officers, and for a multitude of purposes, to access personal information that can be so revealing.”
He’s right. Bill C-13 should be rewritten to bring back the traditional, higher standard of “reasonable grounds to believe.” Our privacy deserves at least that much protection.
Why the Surveillance State Lives On – Once upon a time, Glenn Greenwald was a lonely voice in the blogging wilderness, and Edward Snowden was an isolated functionary at the heart of the American national-security state. Then everything seemed to change at once. Snowden, who was desperate to tell his fellow Americans of the evils of NSA surveillance, revealed his secrets to Greenwald, Congress erupted, the entire world got angry, and Greenwald won a Pulitzer and a fat media contract from a billionaire eBay founder Pierre Omidyar while Snowden became the most famous exile in the world.
Six journalists sue over surveillance by UK “extremist” police unit – Six members of the United Kingdom’s National Union of Journalists—including comedian and journalist Mark Thomas—have filed suit against London’s Metropolitan Police after discovering that their daily activities were being monitored and recorded in a police database. The database is gathered by the National Domestic Extremists and Disorder Intelligence Unit, a task force led by the Metropolitan Police Service that tracks political and religious groups in the UK and monitors protests.
In an interview on BBC Radio 4, Thomas said that the surveillance was discovered through information uncovered by a request under the UK’s Data Protection Act—a law similar to the US’ Freedom of Information Act. “The police are gathering information under the domestic extremist list about journalist and NUJ members, “ he said. “And we know this because six of us have applied to the police using the Data Protection Act to get some of the information the police are holding on us on these lists. And what they are doing is monitoring journalists’ activities and putting them under surveillance and creating databases about them.”
Australia: Data retention little more than surveillance tax: Ludlam – Senator Scott Ludlam has labelled the Australian government’s proposed data-retention scheme as little more than a surveillance tax, while calling for the release of a financial study into the scheme.
Local judge unseals hundreds of highly secret cell tracking court records – A judge in Charlotte, North Carolina, has unsealed a set of 529 court documents in hundreds of criminal cases detailing the use of a stingray, or cell-site simulator, by local police. This move, which took place earlier this week, marks a rare example of a court opening up a vast trove of applications made by police to a judge, who authorized each use of the powerful and potentially invasive device.
According to the Charlotte Observer, the records seem to suggest that judges likely did not fully understand what they were authorizing. Law enforcement agencies nationwide have taken extraordinary steps to preserve stingray secrecy. As recently as this week, prosecutors in a Baltimore robbery case dropped key evidence that stemmed from stingray use rather than fully disclose how the device was used.