Tokyo police figure Mt. Gox bitcoin heist was an inside job

It’s been about ten months since the Mt. Gox bitcoin exchange turned out the lights, blaming hackers or a bug in the blockchain as reasons why 850,000 bitcoin it held had suddenly disappeared. Today the Japanese paper Yomiuri Shinbun (English) reports that Tokyo Police investigating the events have found evidence that only about one percent of the lost bitcoins disappeared due to hacking from outsiders. Citing sources inside the department, the report suggests that the rest of the 650,000 bitcoins still unaccounted for (200k popped up unexpectedly) were lost by “unauthorized operation” of the system. The evidence shows unauthorized transactions by someone that did not correspond to any customer accounts. There’s no indication of who exactly was responsible, but former CEO Mark Karpeles told PC World via email that he will “continue investigating” to find out what really happened. Maybe North Korea could help?

[Image credit: Photothek via Getty Images]

Filed under: Internet

Comments

Source: Yomiuri Shinbun, The Japan News

Welcome to 2015 — now follow us everywhere!

OnePlus releases custom Lollipop-based ROM alpha to close out 2014

OnePlus announced yesterday that they were releasing an alpha build of a custom ROM that has been in development. The ROM will eventually be customizable, but starts out with a bloat-free, stock-Android experience for users. Although OnePlus has not added any extras yet in this version, the ROM is built on AOSP Lollipop, so users can get the latest sweet goodies included in Google’s most recent version of the Android operating system.

According to OnePlus, you do need to have TWRP recovery installed on your device in order to flash their ROM onto your device. They also indicate the ROM experience is best if you have Google Mobile Services installed. Making sure you have the GApps package installed after loading the ROM will give users access to all the normal Google services. OnePlus also notes that their build does not include a built-in recovery.

There are a few known issues with this build. OnePlus indicates the camera and video may be unstable, although it does support 4k video. Quality may be a bit off though as they are still fine-tuning the camera. OnePlus says the capacitive keys do not turn off when you enable software keys, the clock crashes on occasion, the new app pinning feature is a bit buggy, and the initial boot is a little bit slower than they would like.

If you want to give the ROM a try, hit the source link to grab the file and the detailed instructions on how to flash it onto your device.

source: OnePlus

Come comment on this article: OnePlus releases custom Lollipop-based ROM alpha to close out 2014

Samsung’s going all-in with Tizen for their smart TV OS

The 11 biggest hacks and security breaches of 2014

New York Post

2014 was a year like no other for technology. Security was on the forefront of many people’s minds, all while Android truly came into its own in the public eye – not just for enthusiasts but for the typical consumer as well. Numerous verticals received the Android treatment, namely in the domain of wearables and the living room, with automobiles and the home not too far behind.

Google’s push to assist us in all aspects of our lives continued its march forward, with the release of the first Android Wear smartwatches, Android TV for the living room, Android Auto for the car and their purchase of Nest, bringing smarts to the home, if only your thermostat and smoke detector, for now. These efforts have been fairly worry free for users, and Google pushes forward making it even more secure with rumors of future integration of Nest with services from the home security provider ADT.

Google and Android are not alone in expanding the offerings of technology around the globe. As more and more of our lives sync across the web, in our push for the internet of things, so too do the risks of a security breach increase.

Although 2014 was not a huge departure from years past in terms of the magnitude and severity of hacks and security breaches, there was an impressive shift in the approach to these attacks.

In previous years it was not uncommon to see security breaches resulting in the loss and exposure of millions of usernames, passwords, credit card numbers and other private user data. These attacks had an air of financial gain for the hackers.

A number of the larger events in 2014 did not seek to attack us as individual users, instead, an idealism behind hacks presented itself, with the target seemingly to free information for the public from governments and large corporations.

Without further adieu, here is our list of the top 11 hacks and security breaches of 2014:

11. Secret

The app that allows you to anonymously share your thoughts and confessions was hacked, revealing email addresses and phone numbers of users. Not so anonymous after all.

10. eBay

User information, including usernames, passwords, phone numbers and even home addresses were compromised for over 145 million users. If you haven’t changed your eBay password since before March, you really should get on that.

9. Tinder

Praying on individuals looking to find their soul mate, seductive photos found their way onto Tinder, but instead of reading a profile and potentially hooking up, users were directed to malware infected websites.

8. Target 

The large retail chain is popular for its great prices on your average everyday stuff, they are also popular for a major breach at the end of 2013 that bled well into 2014. About 110 million records were compromised, including customers’ personal and banking info, with an estimated total loss for the company coming in, coincidentally, at about $110 million. The scary part about this breach is that it was not a vulnerability of a server or database, hackers managed to install malware on the POS (Point of Sale) machines, directly collecting credit and debit card info as customers swiped to pay.

7. Sony and Microsoft

Christmas day is a great day of the year for many video game enthusiasts, receiving brand new video games to enjoy. However, Christmas day in 2014 saw an attack that brought down both the Sony Playstation network and the Microsoft Xbox network. As a result, the services were taken offline for as long as three days, leaving all players of cloud saved games out in the cold.

6. Celebrity iCloud

At least one of these celebrities, from the 2014 Oscars, lost private photos in the 2014 iCloud breach.

Hackers managed to breach Apple’s iCloud service in 2014. The culprits stole hundreds of private photos and videos, and I do mean private, from a long list of celebrities. These images were then released to the world. While the event itself was likely the most embarrassing thing to ever happen to the victims, the reach of this attack sparked the conversation of privacy and even ones legal rights as pertains to cloud storage.

5. Snapchat

In the same light as the celebrities in the iCloud attack, hackers managed to score almost one hundred thousand private images and videos from the Snapchat service. While many users shared in a moment of embarrassment all their own, this brought to light the unfortunate and disturbing reality that many of the under-aged users of the service have posted content that has been classified as child pornography.

If I may take a moment to speak to the under-aged users, and the parents of those users, please be aware of how you are using these services. I will not place any moral judgement or opinion here, but please be aware of what actions and content are against the law, no need getting in some serious trouble that can haunt you for the rest of your life.

4. NSA

While we can debate the ethics of a certain Mr. Edward Snowden’s actions, that’s not what we are here to do, we cannot overlook the impact he has had. The extent to which the NSA has stopped at nothing to grab every single bit of electronically communicated data, both in the US and abroad – regardless of whether it is encrypted or not – is simply staggering. No one can deny that these revelations shocked the world, with massive geopolitical and financial implications for the US and its incumbent tech industries.

3. Heartbleed

If you have ever received instruction on computer usage, I am hoping that your instructor explained the difference between HTTP and HTTPS. While the ‘S’ is there to keep you and your data safe, the Heartbleed bug was found this year that compromises the SSL that is behind the ‘S’ of most websites. The vast reach of this bug did not rightly mean that you or your data was ever compromised, but if you have not changed your passwords for most of your online accounts in the last 10 months, well, you should change your password by this point regardless the Heartbleed bug.

2. U.S. Dept. of Homeland Security

If you thought that all U.S. governmental agencies took care of their own business in-house, you’d be wrong. A private contractor for Homeland Security was hacked in 2014. The contractor was responsible for conducting high-level background checks of government officials, allowing hackers to walk away with personal information for employees.

1. Sony

Yes, Sony is on the list once again. As the target of a major breach in December 2014, Sony lost a significant amount of crucial data to hackers. Private business affairs, salary info, employee Social Security Numbers, scripts for potential new films, private communications, a few full length movies and more all walked out the door. In all, nearly a full terabyte of information was compromised.

Sony’s breach itself may not have placed it as number one on a list like this if it were not for the circumstances surrounding the event. Sony had a new film scheduled to release on December 25th called The Interview. Due to the nature of this film, many believe that North Korea is responsible for the breach on Sony.

What is more important, and scary, is the follow up threat by the hackers for terrorist acts upon individual movie theaters, and innocent lives, should they air the film. If nothing else, because of these threats, the hack on Sony almost led to international conflict between nations.

Honorable mentions

With a list like that, it is scary to think that there were more attacks out there in 2014. Sadly, we only scratched the surface of it all. Our honorable mentions list includes a few big ones as well:

• JPMorgan – The banking firm was hacked, exposing credit card info for more than 80 million Chase bank customers. The ‘attack’ survived for a couple months, dodging all the security checks.
• Shell shock – Proving that nothing is safe, a vulnerability was identified in Linux and Unix based operating systems, like Apple’s OS X. The Bash injection bug was quickly patched, but proved once again that no system is perfect.
• LinkedIn – With a little bit of elbow grease, researchers found that faking one’s own address book could trick LinkedIn into revealing actual email addresses of users in their system. Nothing end-of-the-world here, but a patch was issued for our protection.

Credit: TheSeafarer/Flickr

• Forbes – Putting your published content behind a pay wall means collecting customer info, which was compromised by the Syrian Electronic Army (SEA), who then posted online all 1,071,963 user email addresses and passwords stolen.
• Kickstarter – Unaware of any wrongdoing until law enforcement brought it to their attention, a whopping two accounts were maliciously accessed. Of course, Kickstarter‘s entire user base had their usernames, email addresses, mailing addresses, phone numbers and encrypted passwords accessed.
• Network Time Protocol (NTP) – the service that nearly every computer and router uses to keep the clock in sync was found to allow a little code injection of its own. With carefully crafted packets, a hacker could run code with the same permissions as the NTP service. Patches have been issued.
• European Central Bank – A rather minor breach occurred early in the year, resulting in the theft of customer email addresses, postal addresses and phone numbers.

Credit: tiseb/Flickr

• Home routers – An estimated 300,000 home routers have been hacked, resulting in a change to the DNS settings. Look for DNS servers 5.45.75.11 and 5.45.75.36 on your router, as these servers are known to perform man-in-the-middle attacks, providing you fake web results and ads designed to steal your info.
• Fingerprints – Including a fingerprint scanner on a few high-end smartphones, bio-metrics appeared to take a giant leap forward for device security. Too bad hackers are now stealing your fingerprints from your photos, defeating the scanners with faux fingerprints and U.S. courts determining that law enforcement does not require a warrant to search a fingerprint protected phone. Otherwise, great work manufacturers.

Near miss:

BadUSB – With no known hacks yet found in the wild, a vulnerability was found this year in many USB devices. Called BadUSB, the potential hack allows code to be saved onto a USB device, such as a USB flash drive. The malicious data is even saved such that it is immune to a full formatting of the drive. Scary stuff.

Of course, if you are not scared off, why not check out this how-to article showing how to connect a USB flash drive to your Android device.

Conclusions (how you can be more secure in 2015)

If you are reading this, you obviously have not been scared away from the internet. And you shouldn’t be. There are always lessons to be learned about online security and the rights and obligations of both the users and the companies behind the services, but it still remains true that some common sense will keep you and your data safe and happy.

The topic of security is a dear one for us. We’ve looked at many tools, tips and tricks to keep your devices and your data safe. We even frequent deals on tools in our AA Store, like Sticky Password Premium from a couple weeks back.

I could ramble on about our other stuff, but I best just link you over to our long list of security related posts from throughout the year, 17 apps to secure your Android device and this great video:

Google, as well as other smartphone OS developers, have taken action within Android to help you stay secure. One option has been available for some time now, but Android 5.0 Lollipop is the first Android release to ship by default with full device encryption. This means that without your password, not even Google can crack into your phone to view your stored data.

While device encryption is a powerful tool, it is not a means to secure your communications over the internet. With this in mind, one might follow my simple rule, if it goes online, there is a chance it can go public. This goes for communications through SMS, chat, email and social media, all the way through to the files you store on your private cloud storage.

Protecting yourself from hacking is also the same formula as yester-year, change your passwords frequently, and be certain that they are well structured and not easily guessed. Where possible, employ two-factor authentication, just as Google offers through the Authenticator app for Android.

Another great tool that users around the globe have been using not only for security, but for anonymity and as a way to get around regional restrictions, is VPN. VPN is a method of routing your internet traffic through another computer. The result is for the web sites visited believing you are is located at the location of the VPN server, instead of your actual location. This really isn’t supposed to be a sales pitch, but we’ve got VPN solutions in our AA store as well.

If all else fails, you might consider looking at the Boeing Black phone, it is designed for government grade privacy, and will be coming soon infused with a little BlackBerry enterprise encryption technology.

What do you think, is online security a personal matter, or should companies, or the government, be doing more to protect us?

Overall Android hardware profits took a sharp decline in 2014

2014 was another solid year for Android’s market share growth, but despite that increase the world’s biggest mobile OS saw a pretty heavy drop in profits. Global profits for Android devices are estimated to have dropped by about 50%, which is the first time that Android has seen a massive decline like this.

Samsung’s rough year is partly to blame for the decreased profitability, and combined with the fact that much of the increased market share came from OEMs like Xiaomi with incredibly thin margins, it’s easy to see how there’s less money being made on each Android device sold on average. 

Short term, the increased market share is always a good thing, but without being profitable it’s going to be tough for other OEMs to continue making devices. Motorola and HTC are two great examples of companies that struggle to turn a profit in their mobile division thanks to competition on the high end from Apple and Samsung, and eroded profits on the low end due to tons of cheap devices from Chinese OEMs.

More and more manufacturers are slimming down their smartphone portfolio and only offering a few devices per year so they can better focus on a handful of devices to make it profitable. That’s probably a trend we’ll see continue into 2015, especially after this news.

source: re/code

Come comment on this article: Overall Android hardware profits took a sharp decline in 2014

Have a happy Hangouts New Year