Archive for: security
- November 7, 2011 11:07 am
For those of you that thought type that SMS or e-mail on your smartphone was hidden from the masses, you are wrong. Researchers from the University of North Carolina at Chapel Hill have developed screen spy software that can tell what you are typing from up to 200 feet away. Jan-Michael Frahm and Fabian Monrose are the geniuses behind this little gem. They wondered if modern computer vision technologies threatened mobile phone privacy, so they created a program to steal text remotely, using only known techniques.
The way iSpy works is that it takes the common bubble text effect that happens when typing a letter on Android devices as well as in the keyboard on your iPhone. If you recall the last message you typed, if you hold on a letter, it shows up in a bubble so you are aware of what you are typing. The program analyzes the footage of where those bubbles appear on your screen to determine what is being typed. For the letters that overlap, like E and R, the software assigns accuracy probability to each letter. The leet hack worked 90% of the time, so beware of those dirty little late night emails you like sending out!
Drop on in for a video.
- September 26, 2011 11:29 am
As the saying goes, there’s a mobile application for nearly anything lately, from those for music like Shazam to social check-in sites like Foursquare. Mobile apps also include innovative platforms that help homeowners monitor their property when they’re away. One such product is ADT Pulse, an iPhone app that is part of the ADT home security line of merchandise. Given Pulse’s capabilities, it would seem the chance to become an overlord just became a little bit easier.
Around one year old, ADT’s Pulse allows homeowners to arm and disarm their alarm systems from remote locations, survey rooms in the home via live video, raise or lower the thermostat’s temperature, adjust the lights, and even receive alerts via text message, such as notifications of a perimeter breach. The app is widely accessible, allowing users to do their monitoring from a laptop, a mobile browser, or their iPhones. According to Forbes, the complete Pulse package starts at $1,200, along with a $57/month fee. While the premier version of the app is hardly a steal, it might just prevent a robbery and that’s value that simply can’t be overlooked…
Cryptography researches Andrey Bogdanov (K.U.Leuven — Katholieke Universiteit Leuven), Dmitry Khovratovich, (Microsoft Research) and Christian Rechberger (ENS Paris) managed to find a weakness in AES encryption that now makes the security protocol 4x easier/faster to crack. The crack has already been seen and confirmed by AES creators Dr Joan Daemen and Professor Dr Vincent Rijmen.
Seeing as how AES-128 specifically is one of the more widely used, secure systems the world uses today, this news is somewhat troubling — until you hear how long it still takes to crack it. According to the three musketeers of science, the number of steps to crack AES now stands at an “8″ followed by 37 0′s. Per Bagdanov:
“To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key.”
Looks like we can continue relying on AES encryption for at least a few more years…
Canadian based Research In Motion have a new burden to worry about; Law firm Holzer Holzer & Fistel, LLC have announced that they have launched an investigation focusing on RIM’s potential federal securities law violations. The basis of their investigation centers around previous statements made by RIM between December 2010 and April 2011 that the firm claims are/were misleading and intentionally false. Essentially, Holzer Holzer & Fistel is accusing RIM of trying to cover up an aging product lineup with promises of much better things to come to avoid a drop in share value.
We’re not legal experts by any means so we can’t comment on just how “fair” or “right” such a statement and investigation is. Nonetheless, we are sure that RIM doesn’t need the added weight of a possible lawsuit on their hands in the midst of a massive re-invention of the brand.
Yesterday it was found that Android had a rather serious security hole in the way it handled authentication tokens, especially when done over less secure wireless networks.
Users of Android 2.3 (Gingerbread) and 3.0 (Honeycomb) have lucked out as Google has already patched said flaw in the latest versions of Android. What makes the situation more serious is the fact that most of the Android user base still runs on Android 2.2 (Froyo) or older software leaving a large swath of Google’s customers unprotected.
Thankfully Google is moving swiftly to address the issue and has announced an update is scheduled to begin rolling out in the nextfew days:
“Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days.”
This recent security hole in Android is but one of many security issues that’s come to light over the last month. Along with Google, Apple and Sony have also enjoyed some of the security breach limelight over the last several weeks signaling the companies we trust with our data day in and day out have quite a ways to go before really being “secure”.
Verizon Wireless phones will soon have new warning labels, proclaiming that your phone can track you.
There are certain times in life where you just have to sit back and say, “Wow”. The “locationgate” scandal that first erupted around iOS and then spread to Android is perhaps one of the most overhyped non-stories in the tech realm in recent memory. The stories and rumors have gotten so bad as of late that several different politicians and governments around the world have questioned Apple.
More recently, Cogressmen Joe Barton and Ed Markey sent a letter to U.S. wireless carriers asking them about their data collecting practices in lieu of the ongoing location scare. Verizon responded today (PDF) with a letter assuring the Congressmen that their motives weren’t malicious and that federal law actually requires the level of tracking they perform.
Nevertheless, in an effort to quell public outcry and government scrutiny, Verizon Wireless will now begin slapping warning labels on their phones with the saying:
Using this device could be hazardous to your location privacy, and may result in your being tracked!
Too much?
Wordpress.com has been hacked — this according to an official post by Automattic’s Matt Mullenweg on the website’s blog. “Anything and everything” could have been revealed”, says the post.
Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed.
We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.
Based on what we’ve found, we don’t have any specific suggestions for our users beyond reiterating these security fundamentals:
- Use a strong password, meaning something random with numbers and punctuation.
- Use different passwords for different sites.
- If you have used the same password on different sites, switch it to something more secure.
(Tools like 1Password, LastPass, and KeePass make it easy to keep track of different unique logins.)
Our investigation into this matter is ongoing and will take time to complete. As I said above, we’ve taken comprehensive steps to prevent an incident like this from occurring again. If you have any questions or concerns, please leave a comment below or contact our support.
While we here at Gadgetsteria make use of the WordPress platform, ours is self-hosted. That doesn’t completely exempt us or other self-hosted WordPress blogs from the security breach, however. All WordPress.com and WordPress.org users obviously need to use common sense, change passwords if need be, and roll with the punches.
We’ll keep you updated as the WordPress team provides details regarding the breach…
If you had any doubts about RIM’s handling of the Middle East/security situation that has been ongoing the last few months, a recent interview between RIM co-CEO Mike Lazaridis and BBC isn’t going to do much to stem your worries. While the interview itself is much longer than the short ~ minute long clip, it does give us a good look at a legitimate, ongoing issue despite claims from Lazaridis and RIM stating otherwise.
During the clip, the BBC journalist conducting the interview, Rory Cellan-Jones, inquires about the India-BlackBerry “back door” that captivated tech geeks and technology media for many weeks. Lazaridis responds by saying “that’s not a fair question” (?) before going on a mini-rant about how awesome BlackBerry is. Regardless of where your loyalty lies, it’s clear that RIM finds the India topic (and security scares overall) as a major sore point.
Be sure to check out the video over at BBC and let us know your thoughts…
Need a more important reason to jump onto the Google Chrome bandwagon aside from an already super fast rendering engine, sleek look, and frequent updates? How about malware support? Google announced today via the company’s official blog that Chrome 12 will pack in a new malware protection scheme that will alert users when Chrome suspects that a downloaded .exe is malicious. This new feature will source from the list of publicly known malicious websites according to the Safe Browsing API and is built off of the already in place malware protections that have been employed by Google over the last 5 years.
Interested parties wanting in on the ongoing testing phase can sign up within the Google Chrome development release channel.
