How could Lenovo miss its Superfish security hole?
Until mid-day yesterday Lenovo thought the biggest problem with Superfish VisualDiscovery was the annoying ads it caused to pop up on customers’ laptops. SuperFish was supposed to analyze images on the web and “help” consumers find similar products, but the information security world was learning that it (apparently unintentionally) does quite a bit more.Facebook engineer Mike Shaver tweeted Wednesday night about how the preloaded adware performs a man-in-the-middle (MITM) attack on supposedly secure connections, and by Thursday morning security researcher Rob Graham showed how it could be used to spy on the encrypted communications of anyone running the software. At that point, Levono CTO Peter Hortensius still referred to resulting security problems as “thoretical” but moves today from Microsoft and the US government — and his comments in an interview with Engadget — show that they’ve realized the threat is very real.
Now, Lenovo admits to the gravity of the problem (even if the company behind Superfish does not, as shown by a spokesperson’s comments to Ars Technica) and is working with others in the industry to fix it. Still, the question remains — how did a security hole this problematic get there in the first place? As Hortensius told me, that’s the question he and his team will be trying to answer over the next week or so.
How to make Superfish go away
The first priority is making sure that Superfish disappears and the security hole is closed, and there’s several ways to make sure your PC is secured. Browser test pages (Filippo.io, LastPass) can tell you if you’re affected and give tips on removal. Lenovo has its own list of uninstallation instructions, and as of today Microsoft’s Windows Defender scanner has been updated to remove Superfish and its security certificate. You can expect for other scanners to get a similar update soon, and of course Lenovo is working on an uninstall program of its own that could be available later today.
Why is Superfish such a big problem?
Superfish’s security problems are worsened by practices researchers have uncovered over the last day or so: not only is its security certificate easily extracted, as Rob Graham discovered, it uses the same one on every computer. It appears that Superfish (and others) used technology from a company called Komodia to pull off its hamfisted intervention, and all of them are equally vulnerable. Even worse, beyond the initially discovered MITM vulnerability and weak encryption, the Komodia package can be easily tricked into accepting any certificate as valid. According to CloudFlare security team member Filippo Valsorda, that means it’s easy to intercept encrypted traffic from anyone with Komodia-powered software on their system.
What is Lenovo doing about it
While we wait to find out the next way this will get worse, Lenovo says it is taking steps to turn things around. Of course, as security researcher Kenn White asked, after the company ignored respected security researchers “activating the Batsignal”, restoring its public trust will be tricky. The software appeared on computers beginning in September, and posters on Lenovo support forums were asking questions that should’ve raised alarms for months.
This is not a level of maintenance like changing oil; this is whether your headrests will sprout spikes in an accident.
– MuninrepeeK eroL (@munin) February 20, 2015
According to Hortensius, Lenovo does security checks for software that it preloads, but apparently Superfish bypassed those even with this glaring security hole. He says “If we knew then what we know now, we’d never have shipped this”, and that security practices, even the ones the company will institute going forward can never be 100 percent. He says that information with real substance is coming, that will detail how Lenovo plans to avoid getting caught out like this again, which will be key. Patching the software is relatively simple — filling in this hole in the company’s reputation may not be so easy.
[Image credit: (shark) Martin Barraud, (Windows Defender scan) Filippo Valsorda]
HTC tweet about new device is confusingly cryptic, but probably referring to the HTC One M9 Plus
For me, HTC‘s marketing over the years is pretty hit-and-miss. Some attempts like the Serious Technical Considerations videos were on point and entertaining, while some like its “Here’s to change” ads left a little more to desire. A tweet that has been posted on the HTC USA Twitter page falls somewhere between as they try […]
The post HTC tweet about new device is confusingly cryptic, but probably referring to the HTC One M9 Plus appeared first on AndroidSPIN.
More HTC One M9 wallpapers abound as number 4 and 5 get leaked out
Renowned HTC leaker, LlabTooFeR, is on a tear at the moment. Boldly claiming that he would release a wallpaper from the new HTC flagship device everyday until March 1st, LlabTooFeR has so far followed through on his word with a total of five HTC One M9 wallpapers so far leaked out. Our previous post on the wallpapers […]
The post More HTC One M9 wallpapers abound as number 4 and 5 get leaked out appeared first on AndroidSPIN.
New Sprint Family Share Pack plan offers 12GB of data on up to 10 lines for $90 per month
Sprint has just introduced a new tier into their Family Share Pack plans, which gives customers 12GB of high-speed data, unlimited talk and text, which can be shared between up to 10 lines for $90 per month. Each tablet added to the plan will cost an extra $10 per line, and each mobile broadband device added to the plan will cost an additional $20 per month.
Sprint explains:
Sprint is reducing the data access charge on the $90 Family Share Pack plan from $25 to $15 for handsets. For customers switching their number to Sprint from another carrier, Sprint is waiving the access charge for handsets, tablets and mobile broadband devices on 12GB or higher data allowances for up to 10 lines for one year.5 All devices must be purchased through Sprint Easy Pay, Sprint Lease or the Sprint iPhone for Life Plan. A family of four will save $720 in data access fees for the year.
Also, for customers who are porting their numbers over from another carrier and are planning to activate on this new plan, Sprint will give you an American Express Reward Card up to $350 for each line to help you buyout your old contract. This entire promotion will only last until March 12th.
Considering the price of other similar data tier plans throughout AT&T, Verizon and T-Mobile, this might be a good option if you have more than a few people willing to switch.
Mac Pro Buyer’s Guide: Which Model to Choose [Mac Blog]
Apple’s Mac Pro is quite an impressive machine. It doesn’t look like any other computer; it’s a work of art with its sleek, cylindrical body. It’s fast, fast, fast. And it’s expensive.
The Mac Pro isn’t for everybody, and not just because it’s Apple’s highest-priced computer. It is made to excel with a certain type of app: professional software that uses multiple processing cores, like software commonly used by videographers, photographers, animators, designers, scientists, and musicians. If that describes what you do on a daily basis, then you’ll benefit from a Mac Pro — you’ll make your money back in time saved.
This guide takes a look at the Mac Pro’s specifications, design, and performance. If you’re in the market for a Mac Pro and you’re not sure which model to buy, this guide will help you sort it all out.
Specifications
Apple offers two standard configurations. You can pick one of the standard configurations, but the Mac Pro is all about custom configurations. Think of the standard configurations as a starting point, and you can then customize your order to better suit your needs.
The $2999 Mac Pro:
- 3.7GHz Quad-Core Intel Xeon E5 processor
- 12GB 1866MHz DDR3 ECC memory
- Dual 2GB AMD FirePro D300 graphics cards
- 256GB PCIe-based flash storage
The $3999 Mac Pro:
- 3.5GHz 6-Core Intel Xeon E5 processor
- 16GB 1866MHz DDR3 ECC memory
- Dual 3GB AMD FirePro D500 graphics cards
- 256GB PCIe-based flash storage
Apple offers the following upgrades for the Mac Pro:
- 3.0GHz 8-core processor or 2.7GHz 12-core processor ($500 to $3,500 extra)
- 16GB, 32GB, or 64GB of RAM ($100 to $1,300 extra)
- 512GB or 1TB of flash storage ($300 to $800 extra)
- Dual 6GB AMD FirePro D700 graphics cards ($1000 extra)
As you can see, building a fully-loaded top-of-the-line Mac Pro can get expensive. Based on the add-ons you choose, your Mac Pro could cost up to $9,599.
Read more 
Apple gives May 1 deadline for Mac apps to switch from garbage collection to ARC
Apple announced today that new Mac apps and app updates will no longer be able to use garbage collection, a system for managing memory use, after May 1. Instead, developers must switch to using Automatic Reference Counting (ARC).
Garbage collection was deprecated in OS X Mountain Lion to be replaced by ARC, which made its debut in the previous version OS X Lion.
As developers make the transition, Apple notes that they can take advantage of the migration assistant in Xcode to ease the process.
Source: Apple
These are the can’t-miss apps and games from the last two weeks (Feb 20)
Welcome back to the regular series aimed at helping Android users get more from their devices. If you’re looking for some new Android apps or games check it out: we have a handful of popular titles to get you started.
What you’ll find below are some of the hottest trending apps of the last couple of weeks. We’re certain you will find something fun to play with this weekend. Let’s get to it!
Microsoft Outlook Preview
We say: When it comes to Exchange support, it’s really hard to argue against Microsoft’s own approach. Thanks to the integration of other cloud services, and Android’s built-in sharing features, we’re able to efficiently manage our emails and appointments. If you’re in the hunt for a different approach to handling your Gmail account we say give this one a whirl.
Blinkist
We say: Blinkist allows you to pool together interests you have in learning and self-improvement, and pools together bestselling books related to those topics, and then allows you to choose from those books to add to a list. Then, you can open a book to read in “blinks”: short snippets with ideas from the book that take a few moments to read. After a few swipes, you’ve garnered everything the book has to offer and can walk away knowing more. It does all of this in a good-looking app. You start with a free 3-day trial, but then need to pay $79.99 for a year of access with a premium account, or $49.99 for a year of access with a plus account. Considering you get unlimited reading for a ton of these books, that’s not a bad deal!
Security Pal
We say: What’s different about this particular Antivirus app, is it uses “plugins” (other apps by the same developer) to make a sort of ecosystem that works together. How well they mesh or not I’m not too sure. The idea is interesting though, and theoretically makes for a well-working system of parts that all work together. They have the following plugins: AppLock plugin, Cleaner plugin, Phone Booster plugin, and Battery Saver plugin. It also scans right when you install the app, and then every time you install an app to check for issues before you even open the installed app.
SpongeBob: Sponge on the Run
We say: One only need look at a few screen shots to see the appeal of this one. What’s more, you can also get a great sense as to what the game looks like and how it’s played. If you’ve ever played endless runners then you know exactly how addicting it gets.
You’ll find all sorts of SpongeBob goodies sprinkled throughout the game, including character customization, vehicles and obstacles, and familiar locations. It’s a little more expensive than similar titles but that matters little to the tens of thousands of people who have already downloaded.
Peak – Brain Training
We say: Peak – Brain Training has neuroscientists behind the app, so you can be assured that the app has scientific research backing it. The app uses games as well, so the goal is that exercising your brain won’t be boring, but rather quite fun. While the Google Play Store description says it has 15 games, the developers have informed me that in fact the app has been updated to have 22 games. It is also designed very well. The description in the Google Play Store says they have between 100,000 and 500,000 downloads, however they have told us that the number is actually more like 2 million downloads! Also, it has a rating of 4.3 stars, so it must be good!
ULTRAFLOW
We say: For starters, this one is completely free, so there’s that appeal. No, there’s not even a randomly displaying add. Toss in 99 levels that get harder and more creative, and we’re hooked. The colors are muted and the overall graphics are flat, but that’s what teases you. How can it be so tough to move the “chip” from the start to the desired end? You’ll need to have finesse is some levels and speed in others; obstacles show up along the way and make things difficult. Oh, and you only have a specific number of moves to complete the round.
You might fly through the first ten levels or so but we promise you’ll run into a buzzsaw at some point. And then another. And another.
The post These are the can’t-miss apps and games from the last two weeks (Feb 20) appeared first on AndroidGuys.
Here’s when your Android smartphone will receive the Lollipop update
If you’re wondering when your HTC, Samsung, Sony, LG or Huawei smartphone is set to receive the long-awaited Android 5.0 Lollipop update, then wonder no more. Here at Talk Android, we have compiled a list extracted from a variety of sources, predominantly leaks, to provide you with an estimated timeframe of when your beloved handset should start receiving the upgrade.
Just remember, that unlocked versions are likely to get the update first. Carrier branded devices go through rigorous testing, which can take up to a month or two depending on how many bugs are found. So, without further ado, here is the list:
HTC:
- One (M8) — Asian, International and American distribution in progress.
- Desire Eye — March
- One E8 — March
- One Mini 2 — March/April
- Desire 816 — March/April
- One Max — April/May
- One Mini — April/May
- Butterfly S — May
Samsung:
- Galaxy S5 — Asian, European and American distribution in progress.
- Galaxy S4 — European and American distribution in progress. Update expected in Asia in March.
- Galaxy S4 LTE-A — European distribution in progress. Update expected in Asia and America in April/May.
- Galaxy Note 4 — Asian, European and American distribution in progress.
- Galaxy Note 3 — Asian, European and American distribution in progress.
- Galaxy Alpha — April
- Galaxy Note Edge — February
- Galaxy S4 Mini — June/July
- Galaxy S5 Mini — June/July
Sony:
- Xperia Z3 — March
- Xperia Z3 Compact — March
- Xperia Z3v — March
- Xperia Z2 — April/May
- Xperia Z2 Compact — April/May
- Xperia Z — June/July
- Xperia ZL — June/July
- Xperia ZR — June/July
- Xperia Z1 — June/July
- Xperia Z1 Compact — June/July
- Xperia Z Ultra — June/July
LG:
- G3 — Asian, European and American distribution in progress.
- G Pro 2 — European distribution in progress. Update expected to arrive in Asia and America in March.
- G2 — March/April
- G2 Mini — March/April
- G3 Beat — April
Huawei:
- Ascend Mate 2 — March/April
- Honor 6 — May/June
- Ascend P7 — April/May
Come comment on this article: Here’s when your Android smartphone will receive the Lollipop update
Jerry Lawson, a self-taught engineer, gave us video game cartridges
To celebrate Black History Month, Engadget is running a series of profiles honoring African-American pioneers in the world of science and technology. Today we take a look at the life and work of Annie Easley.
If you’ve got fond memories of blowing into video game cartridges, you’ve got Gerald “Jerry” Lawson to thank. As the head of engineering and marketing for Fairchild Semiconductor’s gaming outfit in the mid-’70s, Lawson developed the first home gaming console that utilized interchangeable cartridges, the Fairchild Channel F. That system never saw the heights of popularity of consoles from Atari, Nintendo and Sega, but it was a significant step forward for the entire gaming industry. Prior to the Channel F, games like Pong were built directly into their hardware — there was no swapping them out to play something else — and few believed that you could even give a console a microprocessor of its own. Lawson, who passed away at 70 from diabetes complications in 2011, was the first major African-American figure in the game industry. And, just like the tech world today, it still isn’t as diverse as it should be.
Only 2 percent of game developers in 2005 were African-American, according to a study by the International Game Developer Association (who also honored Lawson as a game pioneer a month before his death). But things were even worse during Lawson’s time: For his first five years at Fairchild, the company and its executives actually thought he was Indian. He was also one of two black members of the Homebrew Computing Club, a group that famously included Steve Jobs, Steve Wozniak and other Silicon Valley pioneers.
Born on December 1, 1940, Lawson grew up in a Queens, New York, housing project, where his predilection for engineering was on display early on. His father, a longshoreman with a fondness for science, gave him unique gifts like an Irish mail, a handcar typically used by railroad workers. More often than not, Lawson ended up being the only kid that knew how to use them. His mother arranged it so that he could attend a well-regarded elementary school in another part of the city (i.e., one that was predominantly white), and she stayed actively involved in his education throughout his childhood (so much so that she became the president of the PTA). Lawson also credits his first grade teacher as a major inspiration.
“I had a picture of George Washington Carver [a black inventor who was born into slavery] on the wall next to my desk,” he told Vintage Computing in an interview. “And she said, ‘This could be you.’ I mean, I can still remember that picture, still remember where it was.”
It’s hard to deny Lawson’s geek cred: He ran an amateur radio station out of his housing project after building a ham radio on his own (complete with an antenna hanging out of his window and a radio license). He also spent his teenage years repairing electronics all over the city. Most impressively, he taught himself most of what he knew about engineering. Lawson attended Queens College and the City College of New York before working at several firms, including Grumman Electric and Federal Aircraft. After scoring a job with Kaiser Electronics, which focused on military technology, Lawson moved to Silicon Valley.
It’s hard to fathom today, but trying to make removable game cartridges was an incredibly new concept in the ’70s. Lawson and his team at Fairchild had no clue how the cartridges would fare after being plugged in and out multiple times — remember, nobody had ever done it before. The company also caught the attention of the FCC, as it was aiming to deliver the first consumer device with its own microprocessor. Lawson’s description of meeting the agency’s grueling requirements reads like engineering comedy: Fairchild had to encase the console’s motherboard in aluminum; it put a metal chute over the cartridge adapter to keep in radiation; and every cartridge it produced had to be approved by the FCC. He was also justifiably apoplectic when, years later, Texas Instruments successfully lobbied to change the laws that determined the FCC’s harsh requirements.
As for how race affected his job prospects during the ’60s and ’70s, Lawson told Vintage Computing it “could be both a plus and a minus.” If he did well, it seemed as if he did twice as well, since any accomplishment received instant notoriety. But the idea of a 6-foot-6-inch black man working as an engineer was still surprising to many people. Lawson noted that some people reacted with “total shock” when they saw him for the first time.
Lawson also had plenty of insightful advice for young black men and women who were interested in science and engineering careers:
First of all, get them to consider it [technical careers] in the first place. That’s key. Even considering the thing. They need to understand that they’re in a land by themselves. Don’t look for your buddies to be helpful, because they won’t be. You’ve gotta step away from the crowd and go do your own thing. You find a ground; cover it; it’s brand-new; you’re on your own — you’re an explorer. That’s about what it’s going to be like. Explore new vistas, new avenues, new ways — not relying on everyone else’s way to tell you which way to go, and how to go, and what you should be doing.
“The whole reason I did games was because people said, ‘You can’t do it,’” Lawson told the San Jose Mercury News in an interview. “I’m one of the guys, if you tell me I can’t do something, I’ll turn around and do it.”
[Photo credits: The Estate of Jerry Lawson (Jerry Lawson); Doug Kline/Flickr (Fairchild Channel F system)]
Filed under: Gaming
Samsung Galaxy S6 render looks pretty close to the real deal
When a device release gets closer, the design community usually has a field day trying to render the device as closely to the real deal as possible. Naturally, a Samsung Galaxy S6 render is at a premium at the moment, and some designers appear to have nailed Samsung‘s latest devices in a video featuring some very […]
The post Samsung Galaxy S6 render looks pretty close to the real deal appeared first on AndroidSPIN.
AIVAnet 