Anyone can sign up to buy Google Glass tomorrow; will you?

Tomorrow, as most everyone in the US knows, is tax day. It’s also the one day where Google will open up the sale of its Glass wearable to the general public, meaning you won’t need that Explorer invite to nab a pair. What you will need is $1,500, a US shipping address and a healthy dose of realism about the limitations of Google Glass as it currently exists. That’s right; even though the curtain of exclusivity around the product is slowly but surely lifting, Glass is still very much in the beta stage, with short battery life and a limited number of apps.

Plenty of you have voiced suspicions that Google made this one-day-only event for the sole purpose of selling out of units and making headlines. Maybe so, but it’s still a good opportunity for the curious who may have hefty tax rebates heading their way. If you want to take the plunge, make sure to point your browser here tomorrow at 6AM Pacific on the dot, as supplies are indeed limited. In the meantime, tell us if you’re planning to splurge tomorrow in our poll below the break.

Vote on our poll for Do you plan to buy Google Glass tomorrow?!

Filed under: Wearables, Google

Comments

Source: Google Glass

Google beats Facebook to acquisition of drone maker

Google has just agreed to buy Titan Aerospace, a maker of high-altitude solar-powered drones that was in acquisition talks with Facebook just a few months ago. The Mountain View company hopes to use these long-lasting autonomous vehicles to assist its Project Loon project, which aims to broadcast internet signals to parts of the world that can’t get online. Facebook, on the other hand, went ahead with another drone company called Ascenta for Internet.org, its own worldwide internet project. Titan drones could also work with Makani, a Google airborne wind turbine project. As the unmanned planes are also able to collect high-res images of earth and support voice and data services, they could also be of use in other Google divisions, such as Maps.

Filed under: Google

Comments

Source: WSJ

​What is Heartbleed, anyway?

If you’re an IT professional, gadget blogger or token geek in your circle of friends, chances are, you’ve been hounded relentlessly over the past couple of days about “this Heartbleed thing.”

“Do I need to update my antivirus?”

“Can I login to my bank account now?”

“Google already fixed it, right?”

We’ve heard them all, but the answers aren’t all that clear or simple. In an attempt to take the pressure off — it is the weekend after all — we’ve put together a primer that should answer all of those questions and a few more. Next time someone asks you about that “Heartbleed thing,” just shoot them our direction.

How it works

The problem affects a piece of software called OpenSSL, used for security on popular web servers. With OpenSSL, websites can provide encrypted information to visitors, so the data transferred (including usernames, passwords, and cookies) cannot be seen by others while it goes from your computer to the website.

OpenSSL is an open source project, meaning it was developed by really talented volunteers, free of charge, to help the internet community. It happens that version 1.0.1 of OpenSSL, released on April 19, 2012, has a little bug (a mistake introduced by a programmer) that allows for a person (including a malicious hacker) to retrieve information on the memory of the web server without leaving a trace. This honest mistake was introduced with a new feature implemented by Dr. Robin Seggelmann, a German programmer who often contributes security code.

Heartbleed exploits a built-in feature of OpenSSL called heartbeat.

Heartbleed exploits a built-in feature of OpenSSL called heartbeat. When your computer accesses a website, the website will respond back to let your computer know that it is active and listening for your requests, this is the heartbeat. This call and response, is done by exchanging data. Normally when your computer makes a request, the heartbeat will only send back the amount of data your computer sent. However, this is not the case for servers currently affected by the bug. The hacker is able to make a request to the server and request data from the servers memorybeyond the total data of the initial request, up to 65,536 bytes.

The data that lives beyond this request “may contain data left behind from other parts of OpenSSL” according to CloudFlare. What’s stored in that extra memory space is completely dependent on the platform. As more computers access the server, the memory at the top is recycled. This means that previous requests may still reside in the memory block the hacker requests back from the server. Just what might be in those bits of data? Login credentials, cookies and other data that may be exploitable by hackers.

What should I do?

Because this feature is so specific, the number of servers actually affected is significantly fewer than many thought originally. In fact, while some estimates mentioned that 60% of all Internet servers had the Heartbleed bug, Netcraft says the number should be much lower, and under 17.5% (well, that’s still a lot of servers, but still less than 60).

After the discovery of the bug, the OpenSSL software was rapidly patched, and as of version 1.0.1.g the problem no longer exists. Even before that, if the OpenSSL software was installed without the heartbeat extension, the server never would have been vulnerable.

If you need the TL;DR, here it is: do not panic.

Now, the important question is if you should worry about this problem? The short answer is: “yes, but don’t panic”. You should definitely change your passwords at least for the services confirmed as vulnerable and have now been fixed, such as Google and Yahoo. But you should be changing your passwords regularly no matter what. If you have trouble remembering your passwords, you can always use a password manager such as LastPass or 1Password (remember: don’t ever write down your passwords on a Sticky note next to your monitor, a notepad, or a document inside the computer).

This password changing recommendation is nothing but a precaution, because even if hackers knew about the problem (something that hasn’t been confirmed — aside from by our friends at the NSA, apparently), the chances of them getting your password, and being able to match up that data to your username are pretty slim. Some people claim that the encryption certificates for servers (a technology that allows us to confirm that a website is in fact what it says it is) could have been stolen, but the company CloudFlare has said it’s very difficult to do. It published a challenge to whoever could steal this key, and it appears that someone did, during a server reboot. Regardless of the probability, companies are changing encryption keys so new data is not vulnerable if somebody was able to obtain the old keys.

TL;DR

If you need the TL;DR, here it is: do not panic. Simply, change the passwords of the services you consider more important (email, banking, shopping) and continue with your life. While doing so, follow good security practices: don’t use the same password across services, select passwords with 10 or more characters and use at least upper and lower case letters, in addition to numbers.

The Internet sure is fun!

Frank Spinillo and Ben Gilbert contributed to this article.

Filed under: Internet

Comments

‘Let Me Google That For You’ may be the best Senate bill ever

Soon “Let me Google That For You” might not be just a phrase you hear from annoyed friends when you ask a silly question, it might be a law. No, really. Senators Tom Coburn (R-OK) and Claire McCaskill (D-MO) introduced the Let Me Google That For You Act of 2014 in Senate last week, a bill that would prioritize using the web to find information.

Currently, many government searches are made through the National Technical Information Service (NTIS) and cost taxpayers tons of cash. The NTIS gets the job done, but it turns out that many of those queries (which could be $100 a pop) could actually be completed in just a few seconds using Google. If approved, the bipartisan bill would eliminate the NTIS, and encourage people to rely on their trusty (and very free) browser for information instead, ultimately saving everyone a lot of time and money.

Filed under: Internet

Comments

Source: The Library of Congress

Amazon phone reportedly coming in September with glasses-free 3D

Stop us if you’ve heard this one before: Amazon’s getting ready to launch a phone. This is actually one of the longest-running rumors we’ve heard, with the first reports stretching back to 2012. So what’s different this time? According to the Wall Street Journal, the company is already showing off prototypes of the handset to developers and is gunning to announce the device by the end of June with a September release. The report tells us that Amazon wants to differentiate itself from other top-of-the-line flagships by adding four cameras with retina-tracking tech, making it possible to project 3D images without needing glasses.

Rumors of a “Kindle phone” (or multiple phones) have been floating around the internet for ages, and this isn’t even the first time we’ve heard that Amazon was working on a 3D-type display — the Journal began reporting last May that the project would enable visuals that “seem to float above the screen like a hologram.” Given how much smoke we’ve seen, there’s quite likely fire. We wouldn’t be surprised to see some news come out around the same time as Google’s I/O developer conference, but we’re more curious to find out exactly what Amazon plans to do with this retina-tracking tech and how developers will be able to take advantage of it. Needless to say, it certainly would add an interesting element to our already endless Instagram feed.

Filed under: Cellphones, Wireless, Mobile, Google, Amazon

Comments

Source: WSJ