South Korean data breaches leave every citizen’s ID at risk
There are big data breaches, and then there are massive, nation-changing data breaches. South Korean officials have warned that hacks targeting the country’s national ID number system were so damaging that the government may not only have to revamp how it issues ID numbers, but hand out new ones to every citizen. That could cost the equivalent of $650 million by itself, and businesses might have to spend billions of dollars upgrading their systems to match — you need that ID for many basic tasks in South Korea, so it’s not just a question of a simple software fix.
A large part of the problem stems from the nature of the identity system, which was created in the 1960s as a reaction to a North Korean assassination attempt. Rather than issue arbitrary or random digits, South Korea creates numbers based on your birth date, sex and other key details. As such, they’re both easily linked to a given person and impossible to change; if thieves get yours, you may never be safe. This isn’t helped by the country’s long-time reliance on Microsoft’s ActiveX web code for online shopping. The signature you need to shop is little more than a password, and ActiveX is vulnerable enough that Microsoft itself has been backing away from the technology for years. It won’t at all be surprising if South Korea passes legislation that introduces a far more secure approach to ID, but that won’t be much consolation to locals who may spend ages worrying about fraud and theft.
[Image credit: Jung Yeon-Je/AFP/Getty Images]
Filed under: Internet
Via: The Register
Source: AP (ABC News)
French students built an interactive celebration of Marvel comics’ 75-year history
Keeping tabs on all of Marvel’s superheros is pretty challenging work — the company has been publishing comics for 75 years. Over 2,500 characters have lived in its pages, spanning more than 3,000 individual issues over more than 440 series. How did I know all that? Well, I stole the stats from Ultimate 75th, a student-made website that pilfer’s Marvel’s own database to celebrate 75 years of comics. Students at the Hétic school in France built the site in just four days using the REST API used on Marvel’s official site. This allowed the group to pull comic and character data directly from the publisher’s database. The result is impressive, but it isn’t perfect.
Ultimate 75th correctly charts and catalogues most of the data Marvel offers up through its API, allowing users to sort through ever single year in the publisher’s history and see what it was up to. Unfortunately, some elements are inaccurate: the site lists Amazing Spider-Man — a series with over 700 issues under its belt – as having only 20 published issues. The hastily built database has a few bugs too: it has a tendency to freeze if you scroll through Marvel’s history too fast.
Still, most of the data seems accurate, and the every year of data is accompanied by a fun fact. Did you know that Spider-Woman was originally created to preserve a trademark? I didn’t. Check out the full experience for yourself — it’s a pretty entertaining way to while away the work day.
Filed under: Misc
Via: CNET
Source: Ultimate 75th
Google discovers another web security flaw that leaves your browser vulnerable
Get ready for Heartbleed deja-vu: Google just found an exploit in SSL 3.0 that could give attackers the ability to work out the plaintext traffic of a secure connection. It’s calling the attack “POODLE,” or Padding Oracle On Downgraded Legacy Encryption, and it allows a man-in-the-middle attacker to decrypt HTTP cookies. Cookies can be used to store personal information, website preferences or even passwords, depending on the situation. SSL 3.0 is a pretty old (15 years) protocol, but it’s still used in most web browsers and as a fallback for countless servers in case modern protocols fail to connect. Prospective attackers can force a server to default back to SSL 3.0 for the sake of the exploit.
The easiest way to solve the problem is for servers to simply stop supporting SSL 3.0, since it’s largely been replaced by TLS and other successors — but since SSL is still widely used, Google says that could cause significant compatibility issues. For now, the company says the best solution is for browsers and severs to support TLS_FALLBACK-SCSV, a mechanism designed to stop attackers from forcing security handshakes to default to older standards. Google Chrome and the company’s own servers have been using it since February, and the company is testing further Chrome changes that disable falling back to 3.0 altogether.
On the positive side, Google seems to have discovered the vulnerability on its own, and it’s not clear how wide-spread it is. Still, Google’s solution is only a temporary defense: SSL 3.0 can’t be fixed. “There is no reasonable workaround,” the company wrote in its security advisory. “To achieve secure encryption, SSL 3.0 must be avoided entirely.” Check out the company’s full technical explanation of the bug at the source link below.
Source: Google (1), (2)
Broadcasters want your phone to include a mix of online and old-school radio
You may think that radio is dying in an era when on-demand music streaming is nearly ubiquitous, but some of the world’s biggest broadcasters (unsurprisingly) disagree. The BBC, Clear Channel, HD Radio’s Ibiquity and a handful of others are researching a “hybrid” radio format that would give smartphone users the advantages of reliable, low-intensity digital or FM radio with the interactivity and “enhancements” of internet streaming. In theory, this would keep your costs down and your battery life up without giving up the creature comforts of modern technology.
Supposedly, there’s a lot of demand for this — a BBC-commissioned study claims that the “majority” of smartphone owners want radio of some kind, and two thirds of them liked the idea of hybrid radio. Whether or not it pans out as hoped is another matter, though. There’s no definite timetable for when this hybrid format would be ready, and getting manufacturers to cooperate may be tough. Apple, Microsoft and others frequently have a vested interest in promoting internet-only radio services, and access to DAB or FM isn’t usually a major factor in phone purchases. Even so, don’t be surprised if your next phone puts a bigger emphasis on broadcasts.
Filed under: Cellphones, Internet, Mobile
Source: BBC Media Centre
The Big Picture: Philae lander snaps a selfie as it passes by comet
The European Space Agency’s (ESA) Philae lander has a knack for taking selfies. Last month, it passed by Comet 67P/C-G at a distance of 50 km (31 miles) attached to the ESA’s Rosetta spacecraft. This time around, Philae got even closer before snapping the picture — coming within 16 km (10 miles). In the image above, you’ll notice one of Philae’s 14-meter (46-foot) long solar arrays in a snapshot that combines two images with different exposures for a proper visual. An on-board CIVA (Comet Infrared and Visible Analyser) employs a collection of micro-cameras to capture panoramas used to study the surface. The Philae lander is set to depart Rosetta next month to get an even closer look when it’ll land on the comet’s surface for further research.
[Photo credit: ESA/Rosetta/Philae/CIVA]
Filed under: Science
Source: European Space Agency
New image and details for Verizon’s DROID TURBO surface
The line of leaks surrounding the Motorola DROID TURBO from Verizon got a little longer today with another image and details about the device surfacing. You may recall the name of the new device is rooted in a desire for the smartphone to charge quickly and it appears Motorola may have succeeded. Despite having a large 3,900mAh battery that should last two days, users should be able to juice up the device for eight hours of use with only 15 minutes of charging.
Externally, the device appears to most closely resemble the DROID MAXX from last year. Red and black versions will be available and the back panel will have a distinctive pattern thanks to Kevlar reinforcement. Although not certified as water resistant, the DROID TURBO should be able to survive “everyday spills and 20 minutes in a downpour.”
Other hardware includes a 2.7 GHz Snapdragon 805 processor, 32GB of internal memory, 3GB of RAM, and a display that measures 5.2-inches with a quad HD resolution resulting in 565 ppi. The smartphone will come with a 21MP camera and will be capable of recording 4K video.
It appears the DROID TURBO will ship with Android KitKat 4.4, although sources did not specifically include operating system information in the leaked marketing materials. Despite being a Verizon exclusive, it appears buyers will have to wait 1-3 months for support for Wireless Calling 1.0 to be available on the device. The DROID TURBO is also slated to get a variety of Moto X type features like Moto Voice, Moto Actions and others along with some Droid model line specific apps and features like Zap Zone for local sharing.
The DROID TURBO is shaping up to be a high-end phone for Verizon and at least from a specs standpoint, able to hold its own against anything else on the market.
Anyone out there planning to check out the DROID TURBO when it is released later this month?
source: Android Central
Come comment on this article: New image and details for Verizon’s DROID TURBO surface
U2’s Bono Apologizes for Automatic ‘Songs of Innocence’ Album Download
In a Facebook interview where U2 band members answered questions asked by their fans, U2 frontman Bono apologized to iTunes users that were upset after the band’s new album “Songs of Innocence” was automatically downloaded on their devices without their consent.
In the apology, Bono says that the group “got carried away” with themselves and were worried that songs they had spent two years working on “might not be heard.”
Oops. Um. I’m sorry about that. I had this beautiful idea and we got carried away with ourselves.
Artists are prone to that kind of thing. Drop of megalomania, touch of generosity, dash of self-promotion, and deep fear that these songs that we poured our life into over the last few years might not be heard.
There’s a lot of noise out there. I guess we got a little noisy ourselves to get through it.
U2’s newest album, “Songs of Innocence,” was provided for free to 500 million iTunes users as part of Apple’s September 9 iPhone event. As part of the promotion, apple pushed the album to iTunes accounts, causing some devices to download the album without user permission.
The automatic downloads caused quite a bit of backlash, prompting Apple to create a tool to allow users to remove the free U2 album from their devices. Despite the negativity over the auto downloads, U2’s partnership with Apple appears to have been wildly successful, with “Songs of Innocence” seeing 26 million downloads from iTunes users. Additionally, more than 81 million users are said to have “experienced” the album, via iTunes, iTunes Radio, and Beats Music.
Apple’s deal with U2 and Universal Music Group is worth an estimated $100 million and is said to be part of a “long-term relationship” that will see Apple and U2 continuing to partner up to promote innovation in music.
AT&T’s GigaPower fiber set to hit Chicago and Atlanta
If you’ve tried burning incense or seeing an internet shaman but Google Fiber still won’t come to your city, you may still be able to get gigabit speeds — from AT&T. The carrier’s U-verse GigaFiber service will finally venture away from Texas and hit Chicago and Atlanta. That marks 14 cities (including Cupertino and Miami) set to receive the fiber lines so far, on top of current locations Dallas, Fort Worth and Austin. On top of that, AT&T has announced 100 candidate markets — including Mountain View — which may have tweaked, well, Mountain View’s nose a bit. Google’s Fiber is still stuck in Austin, Provo and Kansas City, with 34 other candidate cites still waiting. There’s no news of pricing or availability in the two new GigaFiber markets yet, but pricing in Texas is $99 a month, or $70 if you don’t mind targeted ads.
[Image credit: Getty Images]
Google teases Android L in latest YouTube video
Google has just published a short, “Sweeeeet” video on its official YouTube channel teasing the release of the next big update of its mobile operating system. Although the specific dessert name is still tightly under wraps, the search engine giant did confirm that “L” will be “Android 5.0″ and gave us the names of a few contestants who auditioned for the role — Lemon Meringue Pie, Lava Cake, Lady Finger, Lemon Drop and Oreo. But, of course, they’re wasn’t a Lollipop in sight.
Hit the break below for the full teaser.
Click here to view the embedded video.
What do you think the next build of Android will be called? Be sure to let us know your thoughts in the comments section down below.
Come comment on this article: Google teases Android L in latest YouTube video
Verizon soak test for Droid Ultra, Maxx and Mini brings VoLTE
If you own a Verizon-branded Droid Ultra, Maxx or Mini and have previously registered as a member of the Motorola Feedback Network, you should now be receiving an invitation for a brand new soak test.
If you chose to accept, you will be prompted to download and install a relatively major functionality update, which brings “Advanced Calling 1.0″, also known as VoLTE for Verizon’s network, as well as to the usual multitude of bug fixes and stability improvements.
Thanks to a loyal reader, we happen to have a copy of the email Motorola is sending out to all its Feedback Network testers, which you can see below:
Hi XXXXX.
Thanks for joining the Motorola Feedback Network. This invitation is not going to everyone. We are reaching out to you because we have an exclusive testing opportunity for select DROID MAXX/ULTRA/MINI owners. This opportunity is first come first serve.
If you are interested please click this link: XXXXXXXXXXXXXXXXXXXXXXXXX
This link is uniquely tied to this survey and your email address (XXXXXXXXXXXXXXX). Please do not forward this message and please do not share this or any communication about this invitation online or with others.
Thanks for your participation!
If you’re not a tester and you want to take advantage of the VoLTE service, don’t worry. Once a soak test is successful, the firmware is distributed to all other models of the smartphone within a couple of weeks.
If you’ve had an opportunity to try out the VoLTE service we’d love to know your thoughts, so be sure to drop us a line in the comments section below.
Thanks Jason!
Come comment on this article: Verizon soak test for Droid Ultra, Maxx and Mini brings VoLTE
AIVAnet 