Samsung announces its latest security update — the question is when you’ll see it

Vague announcements of monthly security updates mean nothing if we don’t know when (or if) phones will see updates.

Update Feb. 26: Samsung’s February update has now been disclosed. Whether you’ll see it on your phone anytime soon remains a question.

Perhaps we should thank last year’s “Stagefright” security freakout. The vulnerability deep inside the Android operating system was dubbed a “unicorn” by the researches who discovered it (never mind that it’s not known if anyone was ever actually affected by it) and sent Google and its downstream partners scrambling for fixes. And within a matter of days, Google announced that the Android Open Source Project and Google’s own Nexus line would see monthly security updates independent of major maintenance releases. You can find up-to-date information on those updates here.

That is a good thing (in addition to all the server-side protections Google has in place), and is no small undertaking.

Since the Stagefright scare last fall, anyone who’s anyone has begun taking a long, hard look at security updates. Google, even, has made it a requirement for devices to display the date of their most recently installed update in the “About” section on the phone or tablet. (Or TV — whatever.) We’re placing a greater emphasis on updates in our evaluation of products, both in terms of the software a device ships with, as well as in the long-term updates received.

Nobody’s doing as well as Google, of course. The Nexus line was the first to show the Oct. 1, 2015, patches. And early each month since we’ve received updates and blog posts from Google explaining what’s in each update.

Samsung, as you’d expect from a manufacturer of its caliber, quickly followed with its own security website. It’s basic, and largely mirrors Google’s own security bulletin. But there’s a very big difference between announcing updates, and actually rolling them out to devices. Samsung says the maintenance release is for “major flagship models” — and if you poke around more on Samsung’s rudimentary site you’ll find they’re talking about the Galaxy S6 and its “edge” variants, the Galaxy S5, Note 5, Note 4 and Note edge, and the Galaxy Tab S2 and Tab S tablets.

But you don’t have to look far for the footnote: “Models list may vary depending on regions and carriers.”

And that’s the rub.

My Verizon Galaxy Note 5, for example, is still on the November 1, 2015, security update. That’s not a small phone on a small American carrier. That’s the Note 5, on Verizon. And according to data from the Google Play Developer Console — which keeps track of all different models of phones that access the store for app compatibility reasons — that’s just one of the 14 Note 5 listings (you’ll often see a single model referred to as a SKU). The Galaxy S6 line is worse; there are 44 listed models, between the GS6 proper, the GS6 edge and GS6 edge+. The Galaxy S5 and S5 Mini add another 34 to that list. The Note 4 adds another 18.

That’s 110 SKUs of phones that need to be supported by these new security updates. And myriad cellular operators — and not just in the United States — that need to be handled before many of those updates will ever make it to our phones. I don’t envy Samsung — or any of the manufacturers — in this. It’s a hugely important, and damned near impossible, given the shotgun approach employed by most manufacturers.

Any real improvement here will take a few steps. Some drastic, others not so much.

Samsung needs to be more specific about which phones are actually getting updates — and when the new software is available.

First, Samsung needs to be more transparent in its update announcements. Vague statements about “flagships” doesn’t do a whole lot for the folks actually holding the phones, even when (or especially when) we’re getting the same vague statement every month. The static, black-and-white web page doesn’t help, either. Users need to be able to search for their phone and know where it stands. And if it’s more than a month behind, we need to know why. Is it held up in carrier testing? Is there some other factor at work? We put a lot of trust into the manufacturers — and more trust in Samsung than just about any other — and so they need to trust us to be able to handle more than a vague (and not particularly well-worded) “releases a maintenance release” statement.

And then Samsung needs to make sure updates actually hit phones in a timely manner. Having 110 SKUs of supported phones doesn’t help. (And it’s certainly possible that software updates could overlap models.) But if any of the manufacturers outside Google is in a position to fix this it’s Samsung.

Maybe it’ll make some progress this year with the Galaxy S7. But let’s not break our arm patting anyone on the back for presenting us with an updated blog post of what mostly is Google’s security changelog — at least not until updates consistently reach our phones and tablets.

Oscars 2016 nominees: Watch all the trailers here

Early this morning, Hollywood held its breath… because the Academy was getting ready to unleash the Oscars 2016 nominees.

Shortlists for all 24 categories are now out, and you can browse them in the gallery above. The categories include the usuals, such as Best Picture and Best Director, but of course their nominees are different, with this year’s highlights including The Revenant, which received the most nominations with 12 total, and Mad Max: Fury Road with 10 nods.

The nominees for the 88th Academy Awards were announced on 14 January at 5:30 am PST at the Samuel Goldwyn Theater in Beverly Hills, by directors Guillermo del Toro and Ang Lee, Academy president Cheryl Boone Isaacs, and actor John Krasinski. You can watch the entire live stream here.

But the 2016 ceremony, which is presented by the Academy of Motion Picture Arts and Sciences, takes place 28 February at the Dolby Theatre in Hollywood. Actor Chris Rock will host. If you want to make a game of it and predict which films will win coveted trophies, be sure to check out all the trailers.

We’ve scoured the internet and rounded them up. Underneath every category image in the gallery you’ll find a list of trailers. You’re free to watch them, and if you wish, leave us a comment below, letting us know which films you think will win in each category. We got our money placed on Leo for Best Actor.

The 2016 Oscars will start airing at 7pm EST on the ABC network,  or you can go here to watch the Oscars live stream once the ceremony begins. Also, here’s the official Oscars nominees site for more information.

Meet the Oscar-nominated sound designers behind Kylo’s lightsaber

Skywalker Sound is home to Star Wars. The award-winning sound designers and mixers who inhabit the red-bricked walls of George Lucas’ audio post-production facility have shaped the soundscapes for the saga so far. From the first movie in 1977 to The Force Awakens in 2015, the team of sound wizards has converted fictional ideas into believable sounds and indelible memories. Instead of pulling from a ready-made digital library, they tend to rely on organic sounds. Mundane objects and creatures are carefully manipulated into powerful spaceships and energized lightsabers.

This year, Star Wars: The Force Awakens has five Academy Award nominations, including two for the Skywalker Sound team. I caught up with co-supervising sound editor David Acord (nominated in the sound editing category) and re-recording mixer Christopher Scarabosio (sound mixing) to learn more about Kylo Ren’s lightsaber and BB-8’s motors.​

Does Amazon’s new ad-supported show hint at a free video service?

Yesterday, Amazon announced that season 3 of Vogue’s The Fashion Fund is now available for streaming through its video library. This series is a little different than the company’s Prime Video offerings, though, as you can watch The Fashion Fund for free thanks to its ads. This is a first for Amazon, breaking from its subscription-based streaming plan to offer free ad-supported content to viewers. The company has offered television shows for free if you were willing to sit through ads before, but usually the selections are limited to the first episode.

Is Amazon prepping a free video service that will get by on revenue from ads? Well, maybe. There are a couple of other explanations, though. First, as we mentioned yesterday, Amazon is selling items from the designers on the show on its site. You’re basically watching one big ad for The Fashion Fund collection, so there’s no doubt the company is looking to drive sales. Amazon could also be using the ad-supported method to test the waters of unscripted original series, too.

“We’re always experimenting on behalf of our customers, including experimenting with ads,” an Amazon spokeswoman told Recode. She went on to explain that using ads to support the production of The Fashion Fund was on the table because of the strong interest from said advertisers. We’d surmise that if Amazon wanted to do an unscripted cooking show, something along the lines of Chopped or Top Chef, the pool of interested brands would be quite deep as well. And if you’re worried, the one thing the spokeswoman did confirm is that ads wouldn’t appear on Prime Video.

As Recode points out, a free streaming tier would likely pull in a lot of people who aren’t willing to pay $99 for Prime or make other movie and TV show purchases. Either way, Amazon isn’t revealing any hints as to its future plans. We’ll have to wait and see how effective Vogue’s show is driving viewers… and sales. A free video service certainly an interesting proposition for the company and one that stands to attract more folks to its streaming library. In the meantime, we’ve reached out to Amazon for more info and will update this post if/when we receive a response.

Source: Recode

MasterCard’s selfie security: What could possibly go wrong?

When I read about MasterCard’s plan to do selfie security with purchases, I wondered what the first massive breach of biometric data is going to look like. Unlike passwords, biometrics such as face mapping, fingerprints, and iris scans can’t be changed when a database gets popped. Worse, having that data sold to marketers or snarfed into an authoritarian database isn’t revokable. Manny the cat would not approve.

Fortunately, MasterCard isn’t going to be replacing the password or pin with selfies, but instead wants to make its “Selfie Pay” app part of a two-step security routine when purchases are made or money is withdrawn. MasterCard says users will be required to blink for the app to demonstrate it’s a live image. The company plans to roll it out in the US, Canada, the U.K. and a few European countries by this summer.

Only MasterCard knows I’m Manny the cat

In 2015, MasterCard’s pilot program for Selfie Pay took place with Silicon Valley’s First Tech Federal Credit Union. So I’m going to make a guess that the opportunities to troubleshoot user skin color were few and far between. I say this because facial recognition technology has a well documented problem “seeing” black people.

HP’s webcams got a lot of bad press in 2009 for its cameras’ inability to “see” black faces. Horrifyingly, Google’s facial recognition software in 2015 tagged two African Americans as gorillas. Google’s Yonatan Zunger reacted appropriately, yet noted in a tweet that “Until recently, Google Photos was confusing white faces with dogs and seals. Machine learning is hard.”

Machine learning is indeed hard. So is security.

And don’t let current headlines fool you, the whole selfie-security plan wasn’t entirely a security based decision.

“Selfie Pay” was first aimed at MasterCard’s millennial customers when announced in July, 2015. Ajay Bhalla, MasterCard’s President of Enterprise Security Solutions, told press it would be a way for the company to engage with young people. He added, “The new generation, which is into selfies … I think they’ll find it cool. They’ll embrace it.”

Reassuringly, college students reacted to Mr. Bhalla’s remarks with an appropriate amount of skepticism and mistrust. I just hope everyone in Bhalla’s security chain “is into” encryption as much as selfies.

We may share your password with our advertisers

We can yell “encrypt or GTFO” at MasterCard all we want, and it won’t change our other big problem with all of this: The breach that comes from within. Meaning, when companies sell our personal data in backroom deals to greedy brokers, or let it get siphoned into government databases behind the scenes.

Did you ever think someone might sell your password to advertisers as marketable information about you? That’s the intersection we’re approaching.

Welcome to the entirely messed-up, behind-the-scenes free-for-all of facial recognition technology in the private sector. There is nothing preventing private entities (businesses, app developers, data brokers, or advertisers) from selling, trading, or otherwise profiting from an individual’s biometric information. Distressingly, the US government has only gotten as far as a working group to develop rules around companies using facial recognition. Voluntary rules, that is.

This gets super worrying when you consider that there are companies hell-bent on using every scrap of user data for profit who are pouring money into making facial recognition both accurate and ubiquitous. Like Facebook, whose “DeepFace” project will most likely commingle with its billion-user rich stash of identified photos. Even though its name is a facepalm, DeepFace’s ability to identify dissidents someone by photo alone is up to a remarkable 97% accuracy.

Entities like Facebook are a great example of where facial recognition and data monetization are coming together in ways that are troubling. In fact, Facebook has been using facial recognition to increase the worth of its data since at least 2011 — when the Electronic Privacy Information Center appealed to the FTC to “specifically prohibit the use of Facebook’s biometric image database by any law enforcement agency in the world, absent a showing of adequate legal process, consistent with international human rights norms.”

#NoFilter surveillance

EPIC isn’t alone in its worries about protecting consumers from facial recognition databases. At a Senate Judiciary subcommittee hearing in 2012, Senator Al Franken remarked that, “Facebook may have created the world’s largest privately held database of face prints without the explicit knowledge of its users.”

Franken continued, linking the deficits in consumer protections with the FBI’s then-new facial-recognition program designed to identify people of interest called Next Generation Identification (NGI). “The FBI pilot could be abused to not only identify protesters at political events and rallies, but to target them for selective jailing and prosecution, stifling their First Amendment rights,” he said. NGI became fully operational in 2014.

MasterCard’s Ajay Bhalla probably wasn’t thinking about that when he was trying to get down with the kids. He probably also doesn’t know that Selfie Pay might cross-match and compare really well with commercial surveillance products like TrapWire, which is sold to and implemented by private entities, the US Government “and its allies overseas.”

TrapWire combines various intel surveillance technologies with tracking and location data, individual profile histories from various sources (datamining and social media), and image data analysis (such as facial recognition; TrapWire’s video component) to monitor people under the guise of threat detection.

Upon the 2012 release of Wikileaks’ Stratfor documents, news about TrapWire and sibling surveillance technologies (like Europe’s INDECT) were met with surprise, fear, outrage, and protests. A significant number of TrapWire and INDECT’s opponents believe the surveillance systems to be direct threats to privacy, civil freedoms and that their implementation could constitute human rights violations.

MasterCard’s Selfie Pay will very likely be opening the door to consumer level biometric security, and if done properly, that could be a really good thing. I just hope the methods of storing and protecting this data are as shrewd and clever as the people profiting off it by passing it around in the background.

The best HDTV indoor antenna

By Grant Clauser

This post was done in partnership with The Wirecutter, a buyer’s guide to the best technology. Read the full article here.

After spending more than 20 hours attaching many antennas to multiple TVs in two different testing locations (one suburban and one urban), watching way too much daytime programming, and compiling objective data from a signal-strength meter, we think the Antennas Direct ClearStream Eclipse is the indoor HD antenna with the best combination of features for most users. It matched or outperformed larger models in pulling in TV signals, required less (basically zero) assembly, and was easy to hide. The omnidirectional antenna includes an attached 12-foot coaxial cable and sticks to your wall without any hardware or tape, which makes finding the right mounting location simpler than with the other antennas we tested.

Who this is for

TV antennas are perfect for people who are fed up with expensive cable TV subscriptions and who get most of their viewing fix from online streaming services such as Amazon, Hulu, Netflix, and Sling TV. Streaming gives you lots of great TV programming, but an antenna gives you free, live, HD programs from major networks such as ABC, CBS, NBC, Fox, The CW, Telemundo, Univision, and PBS.

How we tested

Today, most indoor TV antennas are flat wall-huggers that copy the original Mohu Leaf design. Photo: Michael Berk

We tested the antennas in two locations: Hatfield, Pennsylvania (a suburb north of Philadelphia), and Brooklyn, New York. For test purposes, we evaluated the signal strength and quality of ABC, CBS, NBC, Fox, The CW, PBS, ION, and UNI, as well as some independent stations.

For our initial tests, we scanned for channels multiple times with each antenna. We then recorded the number of channels each antenna received and the quality and integrity of the picture. We also tested how well the antennas responded to touching, movement, and obstructions by walking near the antennas and covering them.

Next, we connected each antenna to a Silicon Dust HD HomeRun external tuner, which includes software that calculates signal strength and quality on a scale of 1 to 100. We then scanned each antenna again (for more than a few minutes, multiple times) and recorded the signal strength and quality of each of the target channels. We considered signal strength and quality readings of 70 and above to indicate the best-performing channels for a given antenna.

Our pick

The Antennas Direct ClearStream Eclipse easily attaches to most surfaces without any hardware or tape. Photo: Grant Clauser

In our tests, the Antennas Direct ClearStream Eclipse proved to be the best-performing antenna in our New York City location, and a very good antenna for our Philly-area location. It can pull in free UHF and VHF HDTV channels within about a 15- to 20-mile radius. Its design and extra features, considered alongside its overall strong performance, made it our pick.

The Eclipse takes the flat-antenna concept in a slightly different direction by eliminating much of the plastic casing. It’s essentially a flat, circular piece of plastic with the antenna element inside. The wall side of the Eclipse is tacky, making it easy to attach to any flat surface (and saving you from having to poke holes in your walls or risk pulling off paint or wallpaper). A 12-foot nonremovable cord is included.

A budget option

The Channel Master Flatenna worked pretty well in our tests, but it’s cheaply made (in this photo, you can see the crease that occurred in shipping). Photo: Michael Berk

If you want to save even more money with your cord cutting, or if the Eclipse is unavailable, the Channel Master Flatenna is a good alternative. It’s basic, with the antenna wire embedded in thin plastic, but it held its own against much more expensive antennas (especially in New York City), and the price can’t be beat. Note that the plastic is thinner and flimsier than what you’ll find on the Mohu Leaf models, and that this unit has a short, nonremovable cord. If you plan to mount the Flatenna behind your TV, the length won’t matter, but if you need to move it any farther than 6 feet from your TV, you’ll need to add a cable with a coupler.

Wrapping up

We spent a lot of time trying various antennas, talking to experts, and comparing results, and we feel confident that the Antennas Direct ClearStream Eclipse is the antenna that will satisfy most users’ broadcast-TV needs, as long as they’re not too far from a tower. While a few of the other antennas we tested pulled in a few stations better (depending on the location in which we used them), the Eclipse was consistent in both locations.

This guide may have been updated by The Wirecutter. To see the current recommendation, please go here.

Last year’s IRS cyber attack may have accessed 700,000 accounts

The Internal Revenue Service already increased the total number of accounts accessed in last year’s cyber attack once. Today, it’s raising the number gain. The IRS announced that during a 9-month review of the incident, it discovered that an additional 390,000 taxpayer accounts were potentially accessed during the breach. Those accounts are in addition to the confirmed access of and initial 114,000 last May and the subsequent 220,000 that were added in August. For those keeping track at home, today’s announcement brings the total to over 700,000 affected tax payers.

The IRS says that aside from today’s increase of the total potentially accessed accounts, another 295,000 taxpayer transcripts were targeted, but the attempts to nab that info were unsuccessful. It also reiterated that the Get Transcript tool that was the target of the breach has been offline since last may when the cyber attack was discovered. Notices to those who are included in this new group will go out next week and those affected will receive a year of Equifax identity theft protection free of charge.

“We are moving quickly to help these taxpayers,” said IRS Commissioner John Koskinen.

Earlier this month, identity thieves nabbed 100,000 e-file PINs. With that information, fake returns can be filed in an attempt to cash in on bogus refunds. With tax season in full swing, the IRS already has a lot on its plate. It looks like keeping this year’s taxpayer info locked down just got bumped to tops on the to-do list.

Via: USA Today

Source: IRS

EVs will cost the same as gas-powered cars by 2025

If the price of EVs is what’s keeping you from giving up your gas guzzler, you may not have to wait long for the prices to come down. In a study released today, Bloomberg New Energy Finance says that the cost of electric vehicles will continue to drop as the batteries that power them get cheaper. Even with lower oil prices, EVs will be able to compete with gasoline and diesel automobiles in terms of price by the mid 2020s. The BNEF report also forecasts that EVs will make up 35 percent of new “light duty vehicle” sales worldwide by 2040, or 41 million automobiles annually.

Even before 2025, the prices of EVs will come down, but the total cost of ownership will still be cheaper for fuel-burning cars. In terms of the environmental implications, if a quarter of the vehicles on the road in 2040 are EVs, that will replace 13 million barrels per day of crude oil. However, it means 1,900TWh of electricity will be required, or about 8 percent of global electricity demand from last year.

“In the next few years, the total-cost-of-ownership advantage will continue to lie with conventional cars, and we therefore do not expect EVs to exceed 5 percent of light duty vehicle sales in most markets — except where subsidies make up the difference,” said Salim Morsy, senior analyst and author of the study. “However, that cost comparison is set to change radically in the 2020s.”

Via: Computerworld

Source: Bloomberg New Energy Finance

‘Dark Souls’ publisher brings ‘Necropolis’ to PS4, Xbox One

Here’s one to add to your video game watch list: Necropolis is a stylish, hardcore dungeon-diving game from Harebrained Schemes, the studio behind the magnificent cyberpunk title Shadowrun Returns. It was originally due to hit PC and Mac on March 17th, but now Dark Souls publisher Bandai Namco is involved and the times, they are a-changing.

Necropolis is now due to hit PC, Mac, PlayStation 4 and Xbox One in the summer, with Bandai handling the console publishing duties. Harebrained Schemes is self-publishing the game on Steam.

“While we really hate to slip a release date, we know from experience that doing a console release right adds a significant amount of development work,” Harebrained Schemes President Mitch Gitelman says in a press release. “So we believe this is absolutely the right decision, and that the additional time will make for an even better Necropolis for consoles and for PC.”

Necropolis is an action title where players have just one life to defeat hordes of ghastly beasties in ever-changing, procedurally generated dungeons. It features crafting and four-player drop-in co-op, plus an art style that is both moody and adorable at the same time. It looks like an effortlessly cool game, which should make it perfect for the summer.

Tim Cook Teases Apple Car: ‘It’s Going to Be Christmas Eve for a While’

Apple CEO Tim Cook has remained tight lipped about the so-called “Apple Car,” but today he dropped a hint about the much-rumored electric vehicle at the company’s annual shareholders meeting in Cupertino (via Business Insider).

Do you remember when you were a kid, and Christmas Eve it was so exciting, you weren’t sure what was going to be downstairs? Well, it’s going to be Christmas Eve for a while.

Cook’s comment suggests that, if such a project exists, the purported “Apple Car” will not be publicly revealed for quite some time — in line with reports claiming Apple is currently targeting a 2019 or 2020 production date.

Apple has recruited hundreds of engineers from Tesla, Ford, GM, Samsung, A123 Systems, Nvidia, and elsewhere, likely to work on the purported car project, which has allegedly been called “Project Titan” internally. Tesla CEO Elon Musk recently said it is an “open secret” that Apple is developing an electric car, based on its number of recent automotive-related hirings.

Other evidence that points towards Apple’s interest in the automotive industry includes its discussions with a secure Bay Area testing facility for connected and autonomous vehicles and its meeting with the California DMV to review self-driving vehicle regulations in 2015. More recently, Sunnyvale residents have reported hearing loud “motor”-sounding noises at night on a campus where Apple leases at least one building.

When questioned about the “Apple Car” in a recent interview, Cook provided a more elaborate non-answer:

Yeah, I’m probably not going to do that. The great thing about being here is we’re curious people. We explore technologies, and we explore products.

And we’re always thinking about ways that Apple can make great products that people love, that help them in some way. And we don’t go into very many categories, as you know. We edit very much. We talk about a lot of things and do fewer. We debate many things and do a lot fewer.

Apple’s internal “Project Titan” team has reportedly faced some obstacles over the past month. In January, supposed “Apple Car” project lead Steve Zadesky informed colleagues that he would be leaving the company for personal reasons. Then, just a few days later, it was reported the “Apple Car” team is on a hiring freeze as Apple executives are unhappy with the progress being made on the development of the vehicle.

Other news out of Apple’s shareholders meeting today includes the company’s commitment to customer privacy and raising its dividends annually. Cook also hinted that now is a “great opportunity” for Apple to acquire smaller technology companies. He said Apple has made 19 acquisitions in the past 15 months.

Related Roundup: Apple Car
Tag: Tim Cook
Discuss this article in our forums