Amazon Echo’s latest trick makes ordering your Mother’s Day flowers easier

The Amazon Echo continues to see its capabilities expand, with the voice-powered, connected speaker now letting you order flowers just in time for Mother’s Day. Orders can be placed through 1-800-Flowers once you connect an account, and you can choose from one of four arrangements for each order.

The Echo and Alexa are now ready for Star Wars Day, which is coming up on Wednesday, May 4. You can ask Alexa to tell you a Star Wars joke or an interesting fact about the franchise. There’s also a new “Top Pop” playlist that you’ll find in Prime Music, which, of course, you can ask Alexa to play through your Echo.

See at Amazon

Amazon Echo

• Read our updated review
• Get the latest news
• Join the discussion
• Download the Echo app

Amazon

Best third party watch bands for the Moto 360 (2015)

Don’t like that plain leather band that the Moto 360 comes with? Strap on one of these!

The leather wristband that comes with the Moto 360 is a pretty standard accessory. There isn’t anything wrong with it, but it may not be the best band for every occasion.

The great thing about wristbands is you can swap them out whenever you want! When you work out in the morning, you can have a sports band; when you are having that meeting at the coffee shop you can have a leather band; and, when you’re having cocktails with friends later, you can wear a metal link band. It all comes down to your style preferences.

Important Note: Make sure you know the size of band you will need for your Moto 360! The Moto 360 2nd Gen comes in three different sizes that require three different watch band widths.

• Mens 42mm case uses a 20 milimeter band.
• Mens 46mm case uses a 22 milimeter band.
• Womens 42mm case uses a 16 milimeter band.

With that in mind, we have rounded up some of the best third party wristbands for the Moto 360 that we could find. We divided them up into the material they’re made of, so you can focus on the type you really want.

• Leather bands
• Sport bands
• Metal link bands
• MODE bands

Leather

We know that the Moto 360 already comes with a leather band, but that doesn’t mean you don’t want a different one. Whether you want a different color, a different thickness, or just one that you think looks nicer, leather bands are still worth checking out.

MOTONG genuine leather band

This leather band is a little more defined than the one that ships with the Moto 360. The stitching along the sides of the band and the two-toned wash really makes the band pop a little better when it’s on your wrist.

It only comes in the one size (17.5cm) so it could potentially feel too tight or too lose on your wrist. The good thing about leather is it’s easy enough to poke an extra hole or two to make sure you get the right fit.

See at Amazon

Hadley-Roma genuine leather strap

If you want a band that stands out a little more than the stock Moto 360 leather band, Hadley-Roma’s band has a really nice look to it. The leather is worked to look slightly worn and the stitching along the band is very contrasted to give the band a defined look.

It also comes treated with a water-resistant coating that is useful to help prevent sweat and light amounts of rain from wrecking the leather.

See at Amazon

Sport

Typically made out of silicone, sport bands are great for people who are very active. The bands are waterproof and very tear-resistant.

VIMVIP silicone sports watch band

This is a pretty typical sports band that’s made out of silicone, so you can rest assured that your sweat won’t ruin it, which makes it perfect for working out.

The band itself doesn’t look like anything special, but it does have the added bonus of having a texture inside. This means the band doesn’t move around as much and can still allow air to move in between your skin and the watch. This means less chance for any skin irritation.

See at Amazon

Rerri sports band

If you want a sports band that is plain and simple, look no further that the sports band from Rerri.

It’s a simple silicone band with a metal clasp that has no texture at all, giving you a classic, clean look. The great thing about this band is how easy it is to install. It comes with two spring metal pins and the tool to remove the pins, so it’s easy to change it out whenever you like.

See at Amazon

Metal

Metal bands are super durable and very stylish. A great way to make your Moto 360 look really high-end and polished.

GOOQ stainless steel metal band

A metal watch band doesn’t always have to mean links. GOOQ’s watch band is made from a stainless steel mesh, which gives it a neat textured look and feel. The great thing about the mesh is arm hair doesn’t get pinched inside it, which makes moving the watch around on your wrist much more comfortable.

The clasp is also made of stainless steel which makes this this whole band pretty rust-resistant. The durability of the metal will also help it from showing any wear and tear.

See at Amazon

Fitian stainless steel band

The Fitian’s metal band we’ve featured here is your more classic metal band. It’s comprised of stainless steel links and connected by two spring pins that are easy to install. This is your classic metal band that you just can’t go wrong with.

See at Amazon

MODE Bands

MODE bands were just released from Google and they get rid of the hassle of dealing with those tiny pins all the time. They might just be the easiest bands you have ever installed! This neat video on the MODE site, shows you just how simple clipping one of these to you Moto 360 actually is.

To use them all you have to do is replace the original pin that is on your Moto 360 and then add the MODE pin. From there it’s just a matter of sliding your MODE band over the pin, and locking it shut!

Hadley Roma is the only company making the MODE bands right now and they start around $50. Don’t forget, want size band you will need.

See at Android

Moto 360 (2015)

• Review
• The latest news
• Full specs
• Discuss in the forums!

Motorola
Best Buy

Verizon rings in May with $50 discount on Moto 360 (2015)

Verizon is ready to kick off the month off May with a solid discount on the Moto 360 (2015) and Moto 360 Sport. Throughout the month-long sale, Verizon says you’ll be able to score either of Moto’s latest smartwatches at $50 off.

For those keeping track, the sale will drop the highest-priced 46mm Moto 360 with a metal band down to $350, while the Moto 360 Sport will move down to $250. Smaller models and those with leather bands will fall somewhere in between. In addition to the Moto 360, discount, Verizon says it will also offer LG’s Tone PRO Bluetooth headset for $60 — down from $70.

Verizon’s sales are set to kick off on May 1, and will run throughout the entire month.

See at Verizon

Moto 360 (2015)

• Review
• The latest news
• Full specs
• Discuss in the forums!

Motorola
Best Buy

Android N Developer Preview 2 now available for the Nexus Player

Though it’s a little late to the party, the second Android N Developer Preview release is now available for the Nexus Player. The update was announced by Android Developer Advocate Ian Lake, who notes that the release moves the build number up to NPC91O.

According to Lake, there are a few Nexus Player-specific issues to be aware of after installing, however:

• Playback of Netflix HD content may fail on Nexus Player.
• Any application that relies on dynamic video resolution changes may fail on Nexus Player.
• Any application that use the VP9 video codec may fail on Nexus Player.
• Vulkan: SPIR-V shaders may trigger driver asserts.
• Vulkan: Some pipeline configurations may cause vkCreateGraphicsPipeline() to crash.

If that looks like a hefty list of issues, it bears repeating that the Android N Preview is aimed squarely at developers. Still, if you’re interested, you can grab the latest factory image from Google now. Also be sure to check out our look at everything new in the Android N preview so far.

Android N Developer Preview

The Android N Developer Preview is just that — a developer preview. It is not intended for daily use. That doesn’t mean it’s not cool, and that you shouldn’t poke around. But know that things will break. Tread carefully. (And have fun!)

• What’s new in Android N
• All Android N news
• About the Android Beta Program
• Download system images
• Android N easter egg
• Join the Discussion

Android Central 285: What are you wearing?

After a few wild weeks on the road we’re back with even more new hardware — the Huawei P9, for one, and the new Android Wear MODE bands for another. Plus the Nextbit Robin has received a major update and is better than ever, someone drops an F-bomb, and we see if podcasts on Google Play Music are anything to fuss over.

Audio only this week!

Thanks to this week’s sponsor:

• Harrys.com: Save better — and save $5 off your first purchase with coupon code AC.

Podcast MP3 URL: http://traffic.libsyn.com/androidcentral/androidcentral285.mp3

51 people to follow on Periscope for their awesome broadcasts

Pericope is one of the latest “must-have” app.

It’s a live-streaming app that allows you to broadcast whatever you’re seeing and hearing to whoever happens to follow you. It’s like Snapchat’s Story feature, but it’s in real-time. Twitter bought Periscope earlier this year, in an attempt to rival Meerkat, another live-streaming app that blew up last spring.

Because Periscope works seamlessly with Twitter though, Pericope has managed to become the go-to app for interesting people looking to live stream their lives. Everyone from politicians to celebrities have embraced Periscope to show the world what they’re up to at any given moment.

And we can’t get enough of it.

If you’re new to Periscope and want to begin following people who do awesome broadcasts or just do them regularly, we’ve curated 51 notable accounts. We’ve included people like Arnold Schwarzenegger and even people who’ve become famous on other apps (like Brittany Furlan from Vine).

To add a person on Periscope, go to the People section (fourth tab on the right of the app’s bottom menu bar), then go to Search (magnifying glass icon in the corner), and start entering a person’s name or username.

Let us know in the comments below if we missed someone worth including.

Who hacked Facebook?

Late last week, a hacker named Orange Tsai wrote about how he hacked into Facebook under the aegis of its bug bounty program. A bug bounty is when a company pays hackers for vulnerabilities they find, providing the company with real-world threat testing outside the scope of its security team.

But Tsai found much more than a bug. He discovered that another hacker had been in the company’s systems for around eight months, grabbing employee usernames and passwords — and probably more.

In his post How I Hacked Facebook, and Found Someone’s Backdoor Script, Tsai described how he used Google and publicly available information to find the internal Facebook domain tfbnw.net (“TheFacebook Network”). That led him to discover at least five other servers, including Outlook mail and two VPNs. One, called files.fb.com, had a login page that Tsai knew belonged to Accellion’s file-sharing product Secure File Transfer.

He found seven vulnerabilities in Accellion — which he dutifully reported to the Facebook security team and Accellion’s support team. He used one of those holes to get into Facebook’s server, using a very old and common hacking technique called a “SQL injection.” Then Tsai took control of the machine. Accellion identified these vulnerabilities and delivered a patch to customers in February.

It was a distressingly straightforward path to breaking into an internal server at a company whose collection of personal and identity data is so vast as to be unimaginable. But what happened next is flat-out alarming. Tsai wrote, “While collecting vulnerability details and evidences for reporting to Facebook, I found some strange things on [the server’s] web log.”

Tsai found a backdoor in place that had been actively accessed by another hacker for at least eight months.

“Completely owned”

This is where Tsai’s details break apart and form a new picture. On closer look, he saw that the hacker had installed keyloggers — software that records keystrokes — and had collected Facebook employee usernames and passwords. These credentials were stored in a directory where the hacker could retrieve them.

He wrote:

“And at the time I discovered these, there were around 300 logged credentials dated between February 1st to 7th, from February 1st, mostly ‘@fb.com’ and ‘@facebook.com’. Upon seeing it I thought it’s a pretty serious security incident.

(…) Also, from the log on the server, there were two periods that the system was obviously operated by the hacker, one in the beginning of July and one in mid-September [of last year].”

This was what caused infosec commenters to describe the company as being “completely owned.”

Next came Facebook playing down the problem — a spiel familiar to anyone with a Facebook account. When the post started getting attention on a forum, Facebook security employee Reginaldo Silva left a comment claiming the backdoor Tsai found had been left behind by “another researcher who participates in our bounty program.”

Plus, he said, that particular server was isolated from “the systems that host the data that people share on Facebook.” Silva continued, “It’s a double win: two competent researchers assessed the system, one of them reported what he found to us and got a good bounty, none of them were able to escalate access.”

Other than collecting and probably using the login credentials of 300 Facebook employees for close to a year, I suppose the other hacker may not have been able to “escalate access.” Yet how would he know? Even if it was as Silva claims — a box hosting software from a third party, completely isolated from FB’s infrastructure — with employee passwords, the hacker could’ve accessed any number of things.

Either way, collecting those logins and passwords is absolutely against the rules for Facebook’s bug bounty program. It’s pretty clear that the other hacker wasn’t a “participant” saving their bounty cash-in for a later date.

And like every accountability dodge that’s issued from a Facebook employee’s lips, Mr. Silva’s claims are — by his employer’s own rules — unverifiable.

Bug bounty

After reporting everything he found in detail, Facebook awarded Tsai a paltry bug bounty of $10K.

Okay, maybe I’m overvaluing the work Tsai did for the Facebook security team, who were obviously busy with more important things. I just think that getting control of a Facebook server and revealing an intruder swiping employee passwords is worth more than a used 2008 Kia Sportage. And it’s $5K less than what the company paid out to researcher Anand Prakash last month when he found out that anyone could brute-force a password reset (to hijack user accounts) on both Facebook’s mobile and app testing sites.

I wasn’t the only one who felt that way. When Tsai’s post made the infosec rounds, people were equally shocked by the active and persistent compromise Tsai found and the low amount Facebook paid him for his disclosure.

Lol a nice “explanation” of that Facebook fail re the old backdoor they had https://t.co/csCQ62WG5U

— Vitaly Osipov (@agelastic) April 23, 2016

If managing the bug bounty program is too hard…

Still, this mess might be better than what happened with Facebook’s bug bounty last December.

Security researcher Wesley Wineberg saw that Facebook had started including Instagram in its bug bounty program. Poking around, he quickly stumbled into a daisy chain of security holes that would have given him access to pretty much everything, including source code.

As Wineberg made one discovery after another, he responsibly reported each subsequent bug he found and retained data as key evidence. Facebook “awarded” him $2,500 for the first bug.

The subsequent bugs must’ve been embarrassing, because Facebook’s head of security seemed to take it personally. Chief Information Security Officer Alex Stamos didn’t bother to contact Wineberg with his concerns about the bugs or the way he’d gone about finding them. Instead, Stamos called Wineberg’s employer, who had nothing to do with any of it, and made gentlemanly threats of legal charges and law enforcement involvement. This is what earned Facebook a reputation for threatening researchers who disclose flaws in its properties.

The truth here is, someone shelled the server and keylogged creds from hundreds of Facebook employees. In the world of hacking, there isn’t an inch or an ounce between whether or not this is a big deal. It’s huge.

In just the past year, their systems have been compromised in major ways, and they’ve had no idea until bug bounty hopefuls reported it. Tsai’s Facebook hack isn’t even the first time files.fb.com has been publicly breached, and people who know what to look for in technical details will notice that the company’s security team learned very little from what Wineberg found in Instagram’s failures. All of this is made worse by the inconsistent payouts, flimsy assurances and jocks-in-the-schoolyard behavior.

Right now, Facebook’s security team looks like salesmen pushing snake oil at a premium rate.

Image: Shutterstock (Facebook login)

The ‘Mass Effect’ theme park attraction opens in May

Mass Effect is traveling to a strange new world: California’s Great America theme park. The Mass Effect attraction opens on May 18th at California’s Great America in Santa Clara, featuring an interactive 3D presentation with 4D effects, all hosted by a live performer. Riders will travel to “a distant planet” to make a stand against “larger-than-life foes,” though there’s no word on which characters will make an appearance in the experience. The ride is made in conjunction with Mass Effect publisher EA, and developer BioWare announced it back in September.

The next Mass Effect game, Andromeda, is due to land in early 2017 and it remains shrouded in mystery. A few high-profile developers have left BioWare this year, including Andromeda senior editor Cameron Harris and lead writer Chris Schlerf. Dragon Age lead writer David Gaider left the studio in January.

#MassEffectNewEarth created in partnership with @EA, will officially open on May 18. https://t.co/cLy8yE5whb pic.twitter.com/wFwFuRyAu2

— CA Great America (@CAGreatAmerica) April 27, 2016

Source: @CAGreatAmerica

Cord-munching weasel temporarily knocks the LHC offline

Just weeks after coming online from a series of crucial upgrades, CERN’s Large Hadron Collider was knocked back offline overnight after a weasel (potentially a Marten) chomped through the wrong power cable. “We had electrical problems, and we are pretty sure this was caused by a small animal,” CERN spokesman, Arnaud Marsollier, told NPR.

CERN figures that repairs to the system should take a few days to complete and the machine should be ready for atom smashing by mid-May. The weasel, however, lost its battle against voltage. Engineers investigating the outage discovered its crispy-cooked corpse at the scene of the incident.

Source: NPR

Google patents smart lenses you inject into your eyes

Google Glass may have been too clunky to succeed in its original version, but the search giant will find its way into your eyeballs one way or another. According to a new patent filing, the company has devised a method to inject a device directly into your eyeballs.

Per the patent filing, the device is meant to replace your eye’s natural lens and is injected in a solution that congeals and attaches to your lens capsule. While the intra-ocular device is mostly intended to correct poor vision, it is so much more than just an permanent set of contact lenses or an alternative to surgery. As Forbes reports, the device includes an electronic lens as well as storage, sensors, a battery and radio components meant to communicate with a separate, external device that has some additional processing power. The internal battery, the one that will apparently live inside your eyeball, will draw power from what the patent calls an “energy harvesting antenna.”

Google’s focus on eyeballs started in earnest back in 2014, when the company filed a patent for smart contact lenses that included a very tiny wireless chip and the ability to monitor a wearer’s glucose levels. That patent moved closer to becoming a reality when Google partnered with healthcare company Novartis to help develop the technology. As for the competition, Sony has also jumped into the game with a patent for a smart contact lens that comes complete with a camera, zoom and aperture control.