Google Maps is a Ms. Pac-Man arcade game for April Fools’ Day

It’s that goofy time of year again: April Fools’ Day.

That means tech companies are briefly turning their apps and services into something lighthearted for the silly holiday. And for the last few years, Google has transformed its Maps app and web service into a version of Pac-Man. This year, Google did it again. Check out Maps for Android, iOS, and desktop to find “Ms. Pac-Man”. Simply open up Maps, and then click on the Pac-Maps button on the right.

Once you press the button, your Map will turn into an arcade-style grid. On Android, you’ll be taken to a random location, though some iOS users have claimed they could choose anywhere they wanted to play. The web version does appear to let you pick your own levels. Anyway, once you land some place, you’ll be given five lives to chomp fruit, collect dots, and outrun ghosts Blinky, Pinky, Inky, and Sue.

• Android O: What’s the story so far?
• Google Photos tips and tricks: Store and edit your photos like a pro

There doesn’t seem to be as many features as last year’s prank, but it’s still fun to play nevertheless. Google said Ms. Pac-Man will be available from 31 March until 4 April. You can even sign in to save your top score on a leaderboard and share it with friends.

Oh, and for those who don’t know, Ms. Pac-Man is from the golden age of arcade video games. It released in 1981 with a female protagonist, new mazes, and other changes over the original Pac-Man.

Netflix nabs ‘Archer’ team for its first animated feature

Netflix is making its animated feature film debut with the grandly titled America: The Motion Picture. According to Deadline, the original movie is an R-rated, comedic take on the founding of our country. The production team is stellar and will be led by Archer‘s Matt Thompson (who will direct) and Adam Reed. The Expendables’ Dave Callaham will write the script, and the team behind The LEGO Movie, (including Phil Lord, Chris Miller and Will Allegra) will also contribute. Channing Tatum gets a producer credit as well, and is on tap to voice George Washington in the film.

Deadline calls the project an “R-rated revisionist history tale about the founding of the country,” which makes a ton of sense considering the Thompson and Reed previous work, which includes the hilarious shows SeaLab 2021 and Frisky Dingo. This will also be the first feature-length animated project for Netflix, which has previously only made a foray into kid-friendly episodic shows like The Mr. Peabody & Sherman Show as well as the much more melancholy and adult animated series, Bojack Horseman.

Source: Deadline

The government plans to crack down on sketchy advertorial

The Federal Trade Commission is going back to an old well, and possibly will actually exercise some of its authority. We’re talking about the FTC’s stance on sponsored editorial posts that aren’t clearly labeled as such. “The FTC will soon begin holding media companies accountable for deceptive practices,” fashion business publication WWD reports. “Although the FTC works with publishers, it has never penalized a media company with a fine.” That could soon change given the rise of native advertising online (especially with celebrity social media accounts) and in print. As a quick refresher, native advertising is different in that it looks like an editorial piece, but is paid for by advertisers.

In print, that usually is achieved with a label on the header or footer of the page saying it’s advertisement. And, in addition to that, there’s usually a writing staff focusing solely on native advertising that the editorial side would never touch. Because ethics. To sidestep this, some online publications have rushed to label themselves as “entertainment” rather than news and have moved such articles under that label. But when you ask the people running such websites, the delineation between ads and genuine editorial becomes murky.

“There are things that we do, there are ad products that we have where we’re making stuff for the brands, but we don’t think of ourselves as an agency,” Refinery 29 cofounder Justin Stefano told WWD. “We’re a media company. That’s what makes us different, and why brands want to work with us because we’re using tens of thousands of pieces of content across our channels every month for ourselves. Because we’re doing it for ourselves, it gives us a lot of data and insights that we can use when we’re doing it for other brands.”

Both WWD and The Fashion Law use examples from places like Refinery29 and Vogue, but you can find this type of stuff all over the web. The problem arises when readers or social followers can’t tell the difference between independent opinions and paid advertising, and that’s what the FTC hopes to end.

Via: The Fashion Law

Source: WWD

Snapchat adds another feature Facebook will copy

Snapchat is in a tough spot right now and we’re not just talking about all of those insensitive filters. Users love Stories, but because of that, everybody from Medium to Bumble to Facebook is adding its own version of the feature to its platforms. At this point, Snapchat needs to do whatever it can to stay one step ahead of its many imitators. It made a move to do just that today with a new search tool for Stories.

Snapchat added a new search bar in January, but now its functionality includes the option to search for “cats” and see a bunch of cat videos, for example. To contribute to a Story, all users have to do is add a Snap to Our Story. Then, Snapchat’s machine learning algorithms will sort these posts into relevant feeds that users can look for. As Mashable notes, this new feature may have been made possible thanks to Snapchat’s acquisition of search and recommendation app Vurb last year.

The feature is rolling out to users in select cities today, but there’s no word yet on when it will be available more widely. Whatever the case, Facebook currently has Story-like features on four of its platforms: Facebook Stories, Instagram Stories, Messenger Day and WhatsApp Stories. At a time when Snapchat is facing more direct and threatening competition than ever, it’s trying to set itself apart with a new feature that seems useful.

Via: Mashable

Source: Snap Inc.

When the ‘S’ in HTTPS also stands for shady

Just when we learned the importance of HTTPS in address bars, spammers and malicious hackers have figured out how to game the system.

Let’s Encrypt is an automated service that lets people turn their old unencrypted URLs into safely encrypted HTTPS addresses with a type of file called a certificate. It’s terrific, especially because certificates are expensive (overpriced, actually) and many people can’t afford them. So it’s easy to argue that Let’s Encrypt service has done more than we may ever realize to strengthen the security of the internet and users everywhere.

But like so, so painfully many great ideas from the tech sector, Let’s Encrypt apparently wasn’t built with abuse in mind. And so — of course — that’s exactly what’s happening.

Because it’s now free and easy to add HTTPS to your site, criminals who exploit trusting internet users think Let’s Encrypt is pretty groovy. When a site has HTTPS, not only does the user know to trust they’re on an encrypted connection, but browsers like Google’s Chrome display an eye-catching little green padlock and the word “Secure” in the address bar. What’s more, privacy and security advocates, from the EFF and Mozilla (who founded it) to little people like yours truly have done everything possible to push people to seek these out as a signifier that a website is safe…

The fact that Let’s Encrypt is now being used to make phishing sites look legit is a total burn for us, and a potential house fire for users that rely on simple cues like the green padlock for assurance. According to certificate reseller The SSL Store, “between January 1st, 2016 and March 6th, 2017, Let’s Encrypt has issued a total of 15,270 SSL certificates containing the word PayPal.”

Keep in mind that The SSL Store is a provider of those incredibly overpriced certificates, so Let’s Encrypt’s mission isn’t necessarily in their interests. Even still, their post points out that the “vast majority of this issuance has occurred since November – since then Let’s Encrypt has issued nearly 100 “PayPal” certificates per day.” Based on a random sample, SSL Store said, 96.7 percent of these certificates were intended for use on phishing sites.

The reseller added that while their analysis has focused on fake PayPal sites, the firm’s findings have spotted other SSL phishing fakers that include Bank of America, Apple IDs, and Google.

This problem isn’t new (it’s just getting worse). Back in January, security firm Trend Micro raised a semaphore convention’s worth of red flags about a malvertising campaign that targets sites that use those free Let’s Encrypt certificates.

Researchers at Trend Micro had uncovered a malicious ad campaign in December 2016 that sent surfers to websites hosting the Angler Exploit Kit. If you’re unfamiliar, Angler infects you with malware when you visit a web page invisibly and seamlessly, meaning that you won’t know and you don’t even need to have clicked on anything. Researchers found that over 50 percent of Angler infections turn into ransomware, where all your files are locked until you pay, well… a ransom.

Trend Micro found that the malvertisers using Let’s Encrypt for HTTPS had created subdomains that looked real enough to fool the average web surfer. The criminals used Let’s Encrypt certificates that had been specifically obtained for the subdomains, making the poisoned sites look valid and secure.

“Any technology that is meant for good can be used by cyber criminals, and Let’s Encrypt is no exception,” Trend Micro fraud researcher Joseph Chen wrote on the TrendLabs Security Intelligence blog.

So why can’t Let’s Encrypt just revoke what are obviously fake PayPal certificates?

Because they believe it’s just not their problem.

Josh Aas, executive director of the Internet Security Research Group, told InfoWorld back in January that giving a toss about what happens to certificates after Let’s Encrypt issues them “would be impractical and ineffective.” (ISRG is the group managing the Let’s Encrypt project.)

Aas echoed his 2015 Let’s Encrypt blog post disavowing responsibility for the massive HTTPS trust issue the org has facilitated, telling press the certificate-issuing system is not the appropriate mechanism for policing phishing and malware on the Web.

The post, which explained “The CA’s Role in Fighting Phishing and Malware” might as well have been titled “¯_(ツ)_/¯” for all the interest it had in addressing the monster it was most certainly enabling.

In it, Let’s Encrypt officially pushed the problem off onto the browser security teams at Google, Firefox, Safari and others. Aas said that browsers’ anti-phishing and anti-malware protections were “more effective and more appropriate” than anything issuers like Let’s Encrypt can do.

But even if Google flags malicious HTTPS phishing domains, Let’s Encrypt won’t revoke their certificates.

Thus begins the unraveling of the work we’ve done getting people to trust HTTPS and that little “Secure” green padlock.

Now we say, you should always use HTTPS, but you shouldn’t always trust it as a marker for your safety. Because now people really, really need to know that HTTPS doesn’t equal legitimate safety, as they’ve been led to believe. It’s important to remember that checking the link they click for validity, spelling, and malfeasance needs to take priority over the need to check against making sure Chrome says “Secure.” Because it’s not.

You’d think that when it becomes well-documented that criminals are obtaining and using that green padlock, it would undermine the whole purpose of getting people to trust them.

But this is the world of cybersecurity, and so you would be wrong.

Images: adrian825/Getty (HTTPS); Getty Images/iStockphoto (Ransomware)

Amazon is making Twitch a destination for original shows

You’ll probably have to get used to the idea of Twitch streaming a bunch of Amazon Prime Video shows. Starting at 4PM Eastern on April 5th, three of Prime Video’s spring pilots will air on repeat for 24 hours on the Twitch Presents page, which just finished showing 23 seasons of Power Rangers. The first episodes of sci-fi drama Oasis, dramedy The Legend of Master Legend and comedy Budding Prospects will air back to back the whole day. It sounds like a great way to catch any of them if you can’t be bothered to head over to Prime Video’s website.

The media and retail company first aired pilots on Twitch late last year. We’re guessing this won’t be the last time it’ll promote new shows on the streaming service it purchased in 2014, especially since Twitch has been expanding its repertoire. In fact, it’s gearing up to show its own studios’ first original mini-documentary on April 7th, 5PM Eastern. Entitled Ironsights, it tells the story of Big Buck Hunter champ Sara Erlandson, as she makes her way to the arcade hunting game’s World Championship in Austin, Texas. The mini-docu will air right after Twitch Weekly concludes and might only be the first in a series of originals produced by Twitch Studios.

Source: Twitch Presents

Pornhub adds HTTPS to keep your kinks hidden

Now that your ISP will soon be able to sell your browsing history to advertisers, it’s good to know which companies have your back, privacy-wise. Around the web, the recent switch to HTTPS encryption has been a step in the right direction, but adult websites — the ones with the most potentially embarrassing content — have been slow to adopt. This week Pornhub, the most popular porn site on the internet, announced it now supports HTTPS to keep users’ browsing habits within its network of sites as private as possible.

HTTPS uses encryption to secure the connection between your browser and the server and while it won’t make you invisible on the internet, it will conceal any traffic beyond the top domain level. HTTPS can also speed up page loads, keep out malware and prevent sketchy ads from hijacking the page, which can be fairly common in some of the seedier corners of the internet. In the case of HTTPS-enabled adult sites like Pornhub, your ISP (or anyone monitoring your connection, really) will be able to see that you’ve visited the site, but not what data is being transferred. While the protocol is not perfect, your dirty searches and video views will be kept in the dark.

“With this Internet communication protocol we can ensure not only the security of our platform, but also that of our users,” Pornhub VP Corey Price said in a statement. “At the end of the day, we want every single one of them to feel safe and secure on our platform while enjoying our library of over 5 million videos.”

Source: Pornhub

DDR5 memory specifications expected to be finalized by JEDEC association in 2018

Why it matters to you

DDR5 is still a ways off, but the specifications that are currently being drawn up could benefit your next PC build.

The JEDEC Solid State Technology Association says the development of specifications for the DDR5 DRAM standard has already begun, with finalization set for next year. DDR5 is set to succeed DDR4, which was released to the market in 2014 after JEDEC finalized its specifications in 2012.

DDR5 is expected to be twice as fast as DDR4, and far more efficient in terms of power consumption, according to a report from PC World. It’s also set to offer twice the density of its predecessor, with typical DDR5 DIMMs offering two times the capacity in terms of gigabytes compared to a DDR4 DIMM.

More: How much RAM does your PC need? Probably less than you think

Putting standards like this in place is a long process that typically precedes hardware being made available by a number of years. Manufacturers of other computer components will need to build in support for DDR5 RAM, and that can only take place once the specifications are made public.

We’re still a ways off seeing DDR5 RAM being sold at retail, but the work that’s being done now should ensure that the transition from DDR4 to DDR5 is as smooth as possible. The fact that DDR5 is coming to fruition at all is a surprise to some analysts, as many predicted that its lineage would end at DDR4.

Various organizations are currently working on compelling alternatives to DDR DRAM. Intel is preparing to make its Optane memory available to consumers, while the likes of HBM2 and GDDR5X have already been used to great effect in graphics processors.

Even JEDEC is keeping an open mind when it comes to the memory technology of tomorrow. The group also announced that it’s developing specifications for a new form of persistent memory dubbed NVDIMM-P, which combines non-volatile flash storage with volatile DRAM.

Alexa-enabled Clarity Speaker is like Amazon Echo with a touchscreen

Why it matters to you

Both Google Assistant and Amazon’s Alexa have their benefits, but a third-party alternative offers the best of both worlds.

In just a few years, smart speakers have quickly grown into a competitive market. No matter the preference, it is hard to deny that Amazon Alexa and Google Assistant are two of the leading competitors. But rather than choosing sides, one third-party smart speaker is making its presence known by embracing both assistants.

By combining both Alexa and Google Assistant, the Clarity Speaker gains the best attributes of each. Not only is it the first standalone device to offer access to both voice services, it is also the first and only Alexa-enabled device to feature a multitouch screen.

More: Sonos’ smart speakers could one day integrate with all digital assistants

As a smart speaker, Clarity promises to deliver great sound performance. It takes advantage of two 5-watt speakers with spacious sound chambers as it plays music, podcasts, audiobooks, and more. Content plays directly from Clarity through internet radio stations and streaming services, or by connecting a personal device.

With voice commands, users can control any enabled device within their home including Nest, TP-Link, Hue Lighting, and more. If Alexa or Google can connect to it, so can Clarity. Alternatively, these devices can be controlled using the built-in 7-inch touchscreen.

For clarity, the screen boasts a resolution of 1280 x 800. A built-in camera allows it to act as an android tablet with apps and services like Netflix and Skype. Users can access and enjoy any of their favorite apps straight from the Google Play store. Clarity runs Android 6.0 Marshmallow powered by a quad-core CPU. All this weighs in at two pounds with a battery life of 6 hours of audio and 2.5 hours of video.

Due to its early success, Clarity has extended its IndieGoGo campaign. Through April 30, the Clarity Speaker is available for a discounted price of $149. After the device ships in June, it will retail for $199.

Apple patches vulnerability that led to cyberattacks on 911 call centers

Why it matters to you

Last October’s attack showed how easily our emergency response systems could be overloaded and it will take effort like this to ensure it never happens again.

Last fall, a hacker posted a Twitter link that resulted in tens of thousands of unintentional 911 calls from iPhones. When tapped, the link would immediately call 911 and when the user attempted to hang up the phone, it would simply redial until the device was turned off. With the latest iOS update, it appears Apple has patched this exploit, according to the Wall Street Journal.

The scheme, developed by an 18-year-old in Arizona, reportedly affected emergency call centers in at least 12 states and operated as simple Javascript code. Apple’s fix relies on a change in the behavior of certain links in iOS 10.3. Now, tapping that same URL will result in a prompt showing the number and asking the user whether to call, whereas before it would have automatically dialed 911.

More: Apple’s iOS 10.3 update is finally rolling out to the iPhone, iPad, and more

Apple told the Journal it is working alongside third-party app developers to ensure the exploit never manifests itself again on iOS in any capacity. While the company’s commitment to resolving the vulnerability is reassuring, it doesn’t change the reality that the wide majority of the United States’ 6,500 emergency call centers are still unprepared for another attack of this magnitude. Just 420 of those stations are equipped with the necessary cybersecurity protections — the rest are as susceptible now as they were last year.

The site in question that housed the malicious link was believed to have seen about 117,000 page views. With many of those clicks each producing a call — sometimes more than one, depending on how many times the user allowed their phone to repeatedly dial 911 before shutting down — the link quickly incapacitated emergency centers across multiple states as it was shared and retweeted. A Washington Post report that narrowly predated the attack speculated it could take as few as 200,000 devices, evenly distributed across the country, to “significantly disrupt 911 services around the nation,” based on findings from a team of researchers in Israel.