After Math: Big Business
It’s been a bumper week for corporate America. Apple pledged a billion dollars to support US manufacturing jobs, Facebook announced it’s closing in on two billion users and Valve let on that it receives 75,000 complaints every day. Every. Day. Numbers, because how else are the books going to get cooked?
Drone is the first spacecraft in years to use a key Shuttle runway
Kennedy Space Center is slowly coming back to life, but you almost wouldn’t know it by looking at the Shuttle Landing Facility. While it has seen some limited use for aircraft in recent years, it hasn’t been used for an orbital mission landing since… well, the last Space Shuttle in 2011. At last, though, it’s back to serving its core purpose. The US Air Force’s X-37B space drone has touched down at the facility after completing its fourth mission. The highly secretive, autonomous spacecraft could have landed as early as February, but stayed aloft those extra few months for unknown reasons.
This was also a record-setting flight. The 718-day stint trounces the 674 days of the third expedition, which landed in 2014. It’s apparent that the X-37B has little trouble handling extended trips — far longer than the official 270-day ceiling. While it’s unclear how much longer the USAF plans to use the drone, it’s safe to say that flight time for any future adventures is now dictated more by the mission itself than technical limitations.
Also, the landing helps fulfill visions of the revived Kennedy center as a bustling, multi-user spaceflight hub. While SpaceX was quick to spring for a 20-year lease for the famous 39A launch pad, the port has remained relatively quiet beyond that. NASA will eventually rejoin the fray when it uses pad 39B for its Space Launch System’s first blast-off in 2019. It’ll be a while before KSC is in full swing, then, but it’s definitely much more than a relic of space travel’s earlier days.
Via: Space.com
Source: DVIDS
How to Find Safe Sites for Our Online Shopping
The Internet has opened up a whole new world of shopping for us, and this has brought both good and bad things. Online shopping can be used to buy all kinds of things we never thought we could get hold of, but that search for the perfect purchase also can lead us into dangerous places.
What this means is that we need some level of security when visiting sites. There are obvious rules such as secure connections, known and trusted methods of payment, and of course the reputation of the website you are buying from. The number one rule is to shop on sites you can trust, but what about when that isn’t possible?
This is when we start to search for other sites, and sometimes the results provided aren’t exactly as safe as we would like them to be. What we need then is something that can test that linked site and see what its reputation is. Thankfully we have methods to do this.
Add ons such as Web of Trust have the ability to not only check the link to make sure it is safe, but also give a guide as to how reputable they are. A good example would be that if WOT highlights the link as red (high risk) then this is a big sign that you shouldn’t risk your details and your money on that site. More than that, you should not even visit the site.
While common sense is the greatest tool to use when looking for online shopping sites, there are also other means of checking up on the site. Read reviews for the store and see what people are saying about it. If there are complaints about the quality of service, chances are it is best to use another site. It is better to be safe than sorry.
If there is one thing that helps us on the Internet, especially around online shopping, it is reputation. Whether it be the reputation built on security of the site, word of mouth, or even virus and malware checks on the site, we are provided with plenty of information as to whether we should trust the site.
Check the online store before you use it, be sure you can trust it, and see what other customers have said about it. The rule is to be safer than sorry, and when you are providing not only your personal
Are Android devices really easier to hack? We asked the experts
Android is the most widely used mobile platform on the planet. More than 1.4 billion people use an Android smartphone or tablet every single day, and the fact that it’s open source and free for manufacturers to use is a big part of that popularity. But openness is a double-edged sword: It has led to a situation where many Android phones are not regularly updated with the latest security patches.
The specter of malware has loomed large over Android for the last few years, with researchers uncovering very high profile vulnerabilities, like Stagefright. The negative news comes so thick and fast that it can be hard to put into perspective. Just last week we reported on FalseGuide malware, which may have impacted up to 1.8 million Android users.
Going on the headlines alone, you’d be forgiven for having misgivings about Android security, but where’s the line between hyperbole and genuine risk? Is the platform really insecure?
“No, it’s not insecure. I do think we have a bit of a perception problem, but it’s very different from actual user risk,” Adrian Ludwig, director of Android Security, told Digital Trends in a recent interview. “The cryptographic work that we’ve been doing, the sandboxing that we’ve been doing, and a lot of the work to make exploitation more difficult is all coming together nicely.”
There’s little doubt that the most recent versions of Android are more secure than their predecessors, but the problem is that many Android users never feel the benefit. Looking back on 2016 in a blog post, the Android security team admitted that roughly half of the devices in use at the end of 2016 had not received an update for at least 12 months.
“Eighty-four percent of phones are not upgraded, which means most mobile devices are still at risk.”
“Up-to-date versions of Google Android can be considered secure,” Maik Morgenstern, CEO of antivirus rating organization AV-Test, told Digital Trends. “But especially in many older Android versions, more and more vulnerabilities are surfacing and many vendors don’t supply updates for their devices. Currently, over 800 vulnerabilities are known.”
If we look at the official distribution figures for Android as of April, we find that only 4.9 percent of Android devices run the latest versions, Nougat 7.0 or 7.1. That’s a disappointingly small slice of the total. Looking further back, Android 6.0 Marshmallow is running on 31.2 percent of devices, Android 5.0 or 5.1, Lollipop, is on 31 percent of devices, and a fifth of Android devices are still running Android 4.4 KitKat. Most of these devices running older versions of Android are unlikely to ever be updated.
“Eighty-four percent of phones are not upgraded, which means most mobile devices are still at risk,” Joshua J. Drake, vice president of Platform Research and Exploitation at Zimperium, told Digital Trends.
Zimperium is a mobile security company; Drake uncovered the Stagefright vulnerability back in 2015. It had the potential to give hackers control of an Android device through malicious code in an audio or video file — and up to 95 percent of devices were vulnerable to it, according to reports at the time. Drake told us that less than 1 percent of devices are still vulnerable today.
Although the potential damage was frightening, it’s unclear what the impact on Android users was.
“Here we are a year and a half in, almost going on two years since we first found out about it, and we still don’t know that anybody’s actually affected,” Ludwig said.
But Drake disagrees.
Maik Morgenstern, CEO and Technical Director of AV Test
“We know that there were targeted attacks using vulnerabilities in libstagefright and mediaserver,” he said. “We know it’s hard to prove a negative in general, and we respect Google’s efforts to better secure their platform, but without a sensor on the device, there is no way for anyone to know the risk or threat status of any device — especially a mobile one.”
The problem is that it’s not easy to tell if you have been successfully attacked. In the aftermath of the Stagefright discovery, the security firm founded the Zimperium Handset Alliance to boost communication between researchers, mobile network operators, mobile application developers, and device vendors.
“Researchers need to be encouraged to look into monthly security updates, and try to exploit those vulnerabilities, in order to promote better patching and an overall safer mobile world,” Drake said.
Google has taken some important steps to reduce security risks, putting out monthly patches and breaking down elements of Android to make it easier to push out updates. But older versions of Android have been left behind.
The Android fragmentation problem is not easily solved. Persuading carriers and manufacturers to update their Android devices has proven to be very difficult for Google. It has played directly into the opposition’s hands. Apple’s Tim Cook famously referenced a ZDNet article entitled “Android fragmentation turning devices into a toxic hellstew of vulnerabilities” on a slide at WWDC in 2014. But is iOS really that much better? And if so, why?
“There has been the impression that iOS security is superior to Android security, but that’s not necessarily the case,” Drake said.
Because Android is open-source, it’s easier for security researchers to find flaws and suggest fixes. The closed nature of iOS makes it harder for researchers to see what’s going on, he said. Morgenstern agrees with this assessment, but points to an important difference that makes malware a greater risk for Android.
“Until every update reaches all devices, we are still at risk.”
“For Android users, it is easy to install apps from any source,” explains Morgenstern. “This fact makes it easy to get malicious apps onto the device. The way other platforms handle this is much stricter, by only allowing installations from their closed markets.”
Android is a big target. With such a large user base and open-source code, it’s attractive prey for cybercriminals. AV-Test registers up to 30,000 new Android malware samples every day. That’s a frightening number, but concerned Android users can take action to dramatically reduce the risks by sticking to Google Play for apps, updating devices as soon as patches are made available, and using third-party Android security apps.
Both Drake and Morgenstern also caution against connecting to unknown networks and Wi-Fi hotspots, at least without using decent Android VPN apps.
“Our data shows that most attacks are network in nature, and they don’t discriminate between iOS, Android, or other,” Drake explains. “Once an attacker has silently intercepted and redirected your network traffic, any device is dangerously vulnerable to invasive surveillance, personalized spear fishing, platform exploit delivery, or any number of other follow-on attacks.”
Android security is improving. We can point to faster updates, device encryption, permission requests, app sandboxing to isolate apps from each other, restricted access to resources, and automatic malware scanning in the Play Store. But there’s obviously still work to be done.
“Last year we paid almost a million dollars to researchers,” Google’s Ludwig said, when asked about the importance of third-party research. But despite this research program, Drake feels more is needed.
“To improve Android security overall, it’s imperative for Google to work closer with security vendors,” he said. “Apple and other vendors have increased their cooperation, but Google has decreased it. Google’s philosophy is that they can do everything on their own, but that only damages their users and unfortunately benefits malware authors.”
Ultimately, the question of Android security may come down to the device you use. If you have a two or three-year-old phone that runs an older version of Android and hasn’t been updated in months, you have cause for concern. Owners of Google’s Pixel, by contrast, receive the latest security updates in a timely fashion, at least for the next couple of years.
It’s hard to say how long it will be before most Android devices are running Nougat, or a later version of Android, but even then the slow pace of updates from some manufacturers and carriers will remain an issue.
“Until every update reaches all devices, we are still at risk,” Morgenstern said.
You can find more useful advice on how to stay safe on your Android phone in our Android security guide.
Keep your shiny LG G6 safe from damage with the best cases and covers
The LG G6 is a big, powerful phone, but its fragile frame spells trouble should you ever lose your grip. Drop this phone, and there’s a serious risk of cracks, scratches, and other kinds of unsightly damage. The smart play is to opt for some protection, whether it be polycarbonate frame or a folio-style case. Just pick one of the LG G6 cases below, and you won’t have to worry about the inevitable accidents to come.
Incipio Cool Blossom Design Series Case ($28)
If you’re bored by matte plastic and drab design, then you might fancy one of these Incipio cases for your LG G6. It’s a translucent case with a tough back panel that features a pretty, blossom print. The bumper is flexible to take the sting out of falls and bumps. You’ll find ample openings for access to ports and camera, and slim button covers. This case is part of Incipio’s Design Series of fashion-forward cases, which feature a range of different patterns and prints.
Buy one now from:
Incipio
Supcase Rugged Holster Case ($17)
Sometimes the toughest protection can be expensive, but Supcase offers a rugged case with a holster at a reasonable price. This G6 case is ideal if you want complete coverage, because it has a front panel with a built-in screen protector that clips onto the dual-layer shell. The industrial sheet metal aesthetic is actually made of polycarbonate and TPU. The sides are textured to improve grip, but even if it does slip from your grasp, your LG G6 should be safe.
Buy one now from:
Amazon
Tech21 Evo Check Case ($40)
Despite being slim, this case offers great drop protection. It will keep your LG G6 safe from falls from up to 10 feet. It’s a translucent case with a check pattern and a darker, chunky bumper section that absorbs impact shock. The openings are accurate, so it’s easy to plug into ports and use the camera or fingerprint sensor. It comes with different color tints, so you can get it with a clear, rose, or blue back and white bumper, or a grey back with a black bumper.
Buy one now from:
Best Buy
J&D Wallet Case ($12)
You don’t have to spend much to get an eye-catching wallet case for your LG G6 unless you want real leather. This one is made from polyurethane and it opens to reveal three card slots. There’s a slim, TPU shell to hold your phone in place and you can fold it back to prop your phone in landscape view. There are cut-outs to enable you to use your phone with the case on, but using the flash is going to cause problems because they’re quite tight. This case also has a magnetic closure and a detachable strap. If you don’t like the cupcake design, there are others to choose from including plain black, red, brown.
Buy one now from:
Amazon
Diztronic TPU Case ($10)
Seeking simplicity? This cheap, matte, TPU case is as plain as they come. The textured finish adds grip and won’t show up smudges or fingerprints. The cut-outs offer easy access to all the ports and functions, and there are chunky button covers for the volume controls. You’ll find this malleable case is easy to fit and there’s a slight lip around the screen to protect it. The only real detail is a subtle Diztronic logo on the side. If the red is too garish for you, don’t worry – it comes in black, navy, and teal as well.
Buy one now from:
Amazon
Ringke Fusion Case ($12)
The G6 is beautiful to behold, so why cover it up? The Ringke Fusion is a nice option for protection, one that doesn’t sacrifice the G6’s innate style. The back panel is made of hard, crystal-clear polycarbonate, and it’s ably supported by a flexible TPU bumper. The fit is good, with a protective bezel around the screen, accurate openings, and port covers to keep dust and debris out. You can currently get a translucent version, or opt for a tinted bumper.
Buy one now from:
Amazon
UAG Ice Case ($40)
If you’re looking for dependable, rugged drop protection with a slightly futuristic look, then UAG has you covered. This G6 case is actually lighter than it looks, but it doesn’t skimp on protection. Every angle of your device is covered, and there’s a raised lip around the screen and special pads on the back to keep your phone from touching down or slipping around. The cut-outs for your phone’s ports, fingerprint sensor, and camera are also generous, and there’s a cover for the volume rocker. If you prefer, you can opt for a translucent, plastic shell with a darker tint.
Buy one now from:
Amazon
Hansmare Calf Wallet Case ($26)
The soft, leather exterior of this wallet case is eye-catching and comfortable to hold. Open it up and you’ll find a trio of card slots and a larger money pocket on the back. There’s also a clear, plastic shell that holds your G6 firmly in place, while offering easy access to your phone’s ports, buttons, and controls. The interior leather and closure showcase a lighter, contrasting shade of pink, which is less noticeable if you opt for the blue or black variants.
Buy one now from:
Mobile Fun
Amazon slashes prices on its lineup of Kindle ebook readers through Mother’s Day
Amazon is cutting prices on its popular lineup of Kindle tablets and e-readers through Mother’s Day. We’ve put together a quick rundown of our favorite models to help you choose which is best for you. With Amazon offering discounts of up to 25 percent off until May 14, now is a great time to grab a Kindle for a mom who loves to read.
Kindle
The first Kindle on our deals list is the one that started it all. The classic ebook reader is now being offered at a $20 discount, bringing it down to $60. While this is essentially the same basic ebook reader that kicked off the Kindle family years ago, the current eighth-generation iteration features a few new refinements like a thinner, lighter body and greatly increased resolution.
The touchscreen display uses a glare-free finish and multiple shades of black, white, and grey to mimic the appearance of paper and eliminate eye strain. The Wi-Fi-capable device lasts for weeks on a single charge and has enough room to store thousands of ebooks. Prime members can enjoy free access to thousands of titles, as well.
Buy it for $60 on Amazon
Kindle Paperwhite
A unique twist on the classic ebook reader, the Paperwhite boasts a few upgrades from the standard model. Now $20 off the original price, the Kindle Paperwhite has a pixel density of 300ppi for razor-sharp text rendered in Amazon’s custom Bookerly font. Like the original Kindle, the Paperwhite features a glare-free screen that mimics the appearance of paper for easy viewing in all daylight conditions, while adding a built-in adjustable light for reading in the dark.
The unique illumination system guides light toward the front of the display, an improvement over eye-straining backlighting. Educational features like Word Wise, Vocabulary Builder, Smart Lookup, and an instant translator make this ebook reader ideal for learners both young and old. The discounted Kindle Paperwhite can be had for $100.
Buy it for $100 on Amazon
Fire HD 8
For those who want a full-featured tablet, Amazon has you covered with its Fire lineup. This upgraded model, available for just $70, is an excellent entry-level option that is now $20 off. The Fire HD 8 boasts a vibrant eight-inch IPS touchscreen display and runs on a 1.3 GHz quad-core processor.
The tablet comes equipped with the cloud-based Alexa service that gives you complete control of your device with easy voice commands, and Amazon Underground offers thousands of free apps and games for it. The standard 16GB or 32GB of internal storage can be expanded via the MicroSD slot, and Prime members can enjoy exclusive access to millions of free movies, TV shows, books, and more. Coming in at just $70 after the current $20 Mother’s Day discount, the Fire HD 8 is a popular and affordable tablet.
Buy it for $70 on Amazon
Kindle Voyage
With its sleek lines and advanced features, the Kindle Voyage is an expertly crafted ebook reader for serious reading enthusiasts. The crisp, high-resolution display features smart lighting that detects your environment and adjusts itself accordingly, so you don’t have to fiddle with brightness settings. The paper-like picture can be viewed in bright daylight and pitch black thanks to its adaptive illumination feature.
Unique PagePress sensors on the side of the unit eliminate the need for buttons – a press of your thumb creates a haptic response that turns the page. The lightweight, 7.6mm-thin body can be comfortably held with one hand for hours of reading, and the housing has an elegant and modern look. Now offered for $20 off the usual price, the Kindle Voyage can be yours for $180.
Buy it for $180 on Amazon
Kindle Oasis
The Kindle Oasis is Amazon’s thinnest and lightest ebook reader yet. The high-resolution display features a glare-free finish for easy reading in sunlight, and a pixel density of 300 ppi that results in laser-sharp text. The Wi-Fi-capable Oasis also offers a built-in adjustable LED light for reading in dim environments or at night. Added functions like Vocabulary Builder and X-Ray let you instantly look up word definitions, fictional and historical characters and events, story timelines, and more without losing your place.
Included with the ebook reader is a leather charging case, available in black, merlot, or walnut.It protects your Kindle and boosts the internal battery life, letting you use your device for months before needing a charge. As with other Kindles, Prime members can enjoy access to well over a thousand free ebooks. A $50 discount brings the Kindle Oasis down to $240 through Mother’s Day.
Buy it for $240 on Amazon
Get Mom $50 worth of flowers for $35
Mother’s Day is right around the corner. Did you remember? You forgot, didn’t you?
It’s OK. Android Central Digital Offers has you covered.
$50 worth of flowers for $35Learn more
Ordering flowers online is the perfect way to surprise Mom this Mother’s Day, since Bouqs will have them delivered right to her doorstep. At Android Central Digital Offers, you can get a $50 credit for just $35 and send Mom a beautiful bouquet of spring flowers from the Bouqs Company. Registration with Bouqs is free and every purchase is backed by the Happiness Guarantee, so if you get some sad flowers, you’ll be taken care of.
The Bouqs Company gets all of its flowers from eco-friendly, sustainable farms, so you can purchase a bouquet for your mother or any other mothers in your life in good conscience. Flowers from some florists can cost you an arm and a leg and aren’t as sustainably sourced, but through Android Central Digital Offers, you can get a $50 credit for just $35.
$50 worth of flowers for $35Learn more
Ben Heck’s Mini Pinball kit: Selecting a microcontroller
As the development of the Mini Pinball kit progresses, Ben and Felix split their focus between different areas of the build. Ben is finalizing the design of the flippers and how they’re controlled, while solenoids are being used to give the power required to blast the metal ball up the table. Thanks to a technique called pulse-width modulation (PWM) from the Arduino software, we can make sure the device isn’t powered all the time. Felix isn’t having an easy go of it with the Teensy 3.6: After switching out the I2S audio circuit, so he’s now using a digital-to-analogue Converter (DAC), and the SD card Arduino libraries meanwhile aren’t making the right noises. Do you have experience with SD cards and Arduino? What would you like to see in the Mini Pinball kit? Let us know over on the element14 Community.
Handbrake Developers Issue Mac Security Warning After Mirror Download Server Hack
The developers of open source video transcoder app Handbrake have issued a security warning to Mac users after a mirror download server hosting the software was hacked.
The alert was issued on Saturday after it was discovered that the original HandBrake-1.0.7.dmg installer file on mirror server download.handbrake.fr had been replaced by a malicious file.
The affected server has been shut down for investigation, but developers are warning that users who downloaded the software from the server between 14:30 UTC May 2 and 11:00 UTC May 6 have a 50/50 chance of their system being infected by a trojan. “If you see a process called ‘Activity_agent’ in the OS X Activity Monitor application, you are infected,” read the alert.
To remove the malware from an infected computer, users need to open up the Terminal application and run the following commands:
- launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist
- rm -rf ~/Library/RenderFiles/activity_agent.app
- if ~/Library/VideoFrameworks/ contains proton.zip, remove the folder
Users should then remove any installs of the Handbrake.app they have on their system. As an extra security recommendation, users should also change all the passwords that may reside in their OSX KeyChain or in any browser password stores.
The malware in question is a new variant of OSX.PROTON, a Mac-based remote access trojan that gives the attacker root-access privileges. Apple updated its macOS security software XProtect in February to defend against the original Proton malware. Apple initiated the process to update its XProtect definitions on Saturday and the update should already be rolling out to machines silently and automatically.
Handbrake users should note that the primary download mirror and the Handbrake website were unaffected by the hack. Downloads via the application’s built-in updater with 1.0 and later are also unaffected, since these are verified by a DSA Signature and won’t install if they don’t pass. However, users with Handbrake 0.10.5 and earlier who used the application’s built-in updater should check their system, as these versions don’t have the verification feature.
For reference, HandBrake.dmg files with the following checksums are infected:
SHA1: 0935a43ca90c6c419a49e4f8f1d75e68cd70b274 / SHA256: 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd2b743b01ae6793
(Thanks, Alfonso!)
Tags: security, malware
Discuss this article in our forums
‘Real Time’ Surveillance and Breakable Encryption Proposed in U.K. Government Technical Paper
An alleged leak of a draft technical paper prepared by the U.K. government contains proposals that endorse the “live” surveillance of British web users’ online communications, it emerged this week.
Civil liberties organization the Open Rights Group received the document on May 4 and decided to publish the draft, which states that telecommunications companies and internet service providers would need to provide “data in near real time” within one working day.
The paper, first reported by The Register, also states that technology companies would be required to remove encryption from private communications and provide the raw data “in an intelligible form” without “electronic protection”.
If made law, the capabilities would come under the controversial Investigatory Powers (IP) Act, dubbed the “Snooper’s Charter” by critics. According to the act, the access would have to be sanctioned by secretaries of state and a judge appointed by the prime minister. Telecoms firms would be forced to carry out the requirements in secret, leaving the public unaware that access had been given.
The Home Office has denied there is anything new in the consultation paper, which has reportedly been sent to affected bodies without being publicly announced by the government. However, the document reveals that bulk surveillance would occur simultaneously alongside individual access requests, but would be limited to one in every 10,000 users of a given service – or 6,500 people in the country at any one time.
The leak of the paper has re-opened the debate surrounding law enforcement agencies’ demands for “back doors” in security protocols that would provide access to encrypted data, similar to the request that caused a standoff between the FBI and Apple last year.
“It seems very clear that the Home Office intends to use these [powers] to remove end-to-end encryption – or more accurately to require tech companies to remove it,” said Dr Cian Murphy, a legal expert at the University of Bristol who spoke to the BBC. “I do read the regulations as the Home Office wanting to be able to have near real-time access to web chat and other forms of communication.”
Home Secretary Amber Rudd recently argued that the Investigatory Powers Act offers a set of laws necessary to curb “new opportunities for terrorists” afforded by the internet. However, critics counter that the idea of creating back doors in encrypted communications would render the encryption worthless, since such access would inevitably end up in the hands of bad actors, while appearing as a green light for oppressive regimes to crack down on dissenters by compromising encrypted communications.
The U.K.’s Internet Service Providers’ Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others, said it would be consulting its members and submitting a response to the draft regulations by May 19.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Tags: privacy, IPB
Discuss this article in our forums
AIVAnet 