VW says Audi software can distort emissions during tests
No, the Volkswagen Auto Group’s emission cheating scandal isn’t done unfolding. VW has confirmed earlier reports (including one from Suddeutsche Zeitung) that Audi software can distort emissions during tests. Cars with automatic transmissions can change their shift patterns in a way that lowers carbon dioxide and nitric oxide emissions, making it appear as if the vehicles are more eco-friendly than they are during typical driving. The transmission normally adapts based solely on the driving conditions, VW says.
The admission was likely given that VW is already under intense scrutiny, and there are hints that things are only going to get worse. Bild claims that the US’ Environmental Protection Agency has already started an investigation into Audi over the software, and will talk to VW engineers about its concerns as soon as next week. VW has declined to comment on whether or not that’s happening, but it makes sense in light of the EPA’s interest in finding as many cheating mechanisms as possible. And if an additional EPA investigation wasn’t on the cards before, it’s likely to be after this public revelation.
Source: Reuters, Bild, Suddeutsche Zeitung
Secret’s anonymous sharing is coming back as a response to Trump
Secret’s air-your-dirty-laundry service collapsed about as quickly as it rose to prominence, but it looks like it’s poised for a comeback thanks to the new political climate. Co-creator David Byttow has vowed that “Secret V2” is on the way as an explicit answer to Donald Trump winning the US election — “it’s too important not to exist,” he says. In a chat with our friends at TechCrunch, he paints it as a way to both encourage authenticity and bridge political divides. The US can’t “heal and work together” if people aren’t comfortable being themselves and aren’t self-aware, Byttow argues. This wouldn’t be a simple matter of turning the servers back on and re-releasing the apps, though.
The developer won’t actually create the new Secret himself, to begin with. He’s currently running an enterprise startup, Bold, and would hire a new team that operates under his watch. Also, Byttow wants to be cautious this time around, avoiding the mistakes that plagued Secret in its brief original existence. He’ll consult with many other people to make sure it’s done well.
Version 2 could be a long time in coming. Byttow doesn’t have a timetable, and he won’t be leaning on venture capital to build the new app. This isn’t a profit-making endeavor, he stresses — if there are any profits, they’ll go directly to good causes. Still, the revival is good news for anyone who saw Secret as a tool for promoting free speech and healthy discussion, not just a rumor mill.
Source: TechCrunch
Kaspersky says Windows’ security bundle is anti-competitive
Windows 10’s bundled Defender security tool can be helpful for basic antivirus protection, but what if you prefer third-party software? The operating system normally steps aside when you run other programs, but antivirus mainstay Eugene Kaspersky (above) believes Microsoft still isn’t playing fair. He just filed complaints in both the European Union and Russia alleging that Windows 10’s handling of third-party antivirus tools is anti-competitive. The argument mostly hinges around when Microsoft switches you to Defender and the amount of breathing room given to other developers.
Kaspersky points out that Windows automatically uninstalls unsupported antivirus software when you upgrade to the new OS, regardless of your settings, and will sometimes revert to Defender even if you pass an initial check. Also, if your third-party antivirus tool is compatible, you’ll still get a warning that Defender is off with a “big juicy” button to turn it on. These wouldn’t be so bad if Microsoft gave independent developers more slack, Kaspersky argues. Third parties supposedly don’t get much lead time before new releases (just a week in one case), so they’re left scrambling to make their apps compatible. And to top it off, notices for expired antivirus software licenses are buried in Security Center notifications for three days before you get a more explicit warning. You may not realize that your preferred software is inactive until Defender automatically kicks in.
If successful, the complaints would have Microsoft clearly tell Windows users about software compatibility problems before an upgrade, preventing rude surprises with antivirus protection. Microsoft would also have to ask for your approval whenever it wants to turn on Defender, and give outside developers “good time” to address compatibility issues.
We’ve asked Microsoft for its response to Kaspersky’s issues, and we’ll let you know if it has something to say. However, Kaspersky might have a tougher time with its case than in other antitrust situations, such as when Microsoft’s rivals attacked it over browser choice. For one thing, it’s not as if Microsoft keeps Windows development completely in the dark. Ars Technica notes that the Windows Insider program gives just about anyone a peek at where Windows is going in the future, and explicitly warns you if antivirus apps aren’t compatible. Also, antivirus is more of a must-have than a nicety these days. Regulators may be hesitant to make any moves that potentially leave users unprotected, even if that’s unlikely with Kaspersky’s proposals.
Via: Ars Technica
Source: Kaspersky
AdultFriendFinder hack puts 412 million accounts at risk
There have been some massive data breaches in recent years, but the latest might just top them all. LeakedSource reports that a hack targeting Friend Finder Network has exposed over 412 million accounts, most of them (339 million) belonging to sex hookup site AdultFriendFinder. Users at Cams.com (62 million), Penthouse (7 million) and a handful of smaller sites were also affected. This reportedly represents about 20 years’ worth of data, and handily eclipses the 360 million records from the MySpace breach.
The vulnerable data includes some particularly sensitive details. While it’s not as bad as a 2015 breach, where sexual preferences were in the clear, the hack has revealed usernames, purchasing patters, internet addresses and easily crackable (or in some cases, unprotected) passwords. ZDNet has verified that at least some of the accounts are real.
Friend Finder Networks hasn’t directly confirmed the intrusion, but it does acknowledge that it received reports of “potential security vulnerabilities,” some legitimate while others were extortion schemes. The company says it fixed one hole in its code and has asked for help from the “right external partners” for its investigation. Penthouse, meanwhile, says it’s aware of the hack and is just waiting for a “detailed account” of what happened and what the solutions may be.
While the chances of someone going on a shopping spree with this info are slim, there’s still plenty of risk involved. Login details can reveal identities and open the door to account hijacks, and the age of the database raises extra potential for mischief — say, blackmailing someone who may have abandoned AdultFriendFinder years ago and doesn’t want their past coming back to haunt them. Either way, Friend Finder Networks will want to beef up its user data safeguards, not just prevent hackers from reaching that data.
Via: ZDNet
Source: LeakedSource
Top considerations when securing your Android phone
Know how to use the tools your given to keep your phone and your data secure.
Google, Apple, and Microsoft have great tools for managing your online security. Some implementations may be technically better than others, but you can be reasonably sure that your data — both on the phone and in the cloud — is safe. If you need more reassurance or have different needs, third-party companies are available that with the big three to provide enterprise-grade security assurances. No method is 100% secure, and ways to get around it are found regularly; then patched quickly so the cycle can repeat. But these methods are usually complicated and very time-consuming and rarely widespread.
This means you are the weakest link in any chain of security. If you want to keep your data — or your company’s — secured you need to force someone to use these complicated time-consuming methods if they wanted to get into your phone. Secure data needs to be difficult to obtain and difficult to decipher if someone does get hold of it.With Android, there are several things you can do to make someone work really hard to get your data — hopefully so hard that they don’t bother trying.
Use a secure lock screen
Having a secure lock screen is the easiest way to limit access to the data on your phone or the cloud. Whether you just left your phone on your desk while you had to walk away for a moment or two or if you’ve lost your phone or had it stolen a lock screen that can’t be simple to bypass is the best way to limit that access.
The first step is to lock the front door.
If your company issued you a phone or you work for someone with a BYOD policy there’s a good chance your phone is forced by a security policy to have password protection and your IT department may have assigned you a username and password to unlock it.
Any method that locks your phone is better than none, but generally a random six-digit PIN is enough to require someone have special knowledge and tools to bypass it without triggering any self-destruct settings. Longer randomized alpha-numeric passwords mean they will need the right tools and a lot of time. Entering a long complex password on a phone is inconvenient for you and we tend not to use things that inconvenience us so alternatives have been thought up that use patterns, pictures, voiceprints and a host of other things easier to do than typing a long password. Read the instructions and overview for each and decide which works best for you. Just make sure you’re using one.
Encryption and two-factor authentication
Encrypt all of your local data and protect your data in the cloud with two-factor authentication on your account logins.
Recent versions of Android come encrypted by default. Android 7 uses file-level encryption for faster access and granular control. Your corporate data may have another level of security to reinforce this. Don’t do anything to try and lessen it. A phone that needs to be unlocked to decrypt the data is one that only someone dedicated is going to try to crack.
Online accounts all need to use a strong password and two-factor authentication if offered. Don’t use the same password across multiple sites and use a password manager to keep track of them. A centralized spot with all your account credentials is worth risking if it means you’ll actually use good passwords.
Know what you’re tapping on
Never open a link or message from someone you don’t know. Let those people email you if they need to make the first contact, and offer them the same courtesy and use email instead of a DM or a text message to get in touch with them the first time. And never click a random web link from someone you don’t trust. I trust the Wall Street Journal’s Twitter account, so I’ll click obscured Twitter links. But I won’t for someone I don’t trust as much.
Trust is a major part of security at every level.
The reason isn’t paranoia. Malformed videos were able to cause an Android phone to freeze up and had the potential to allow elevated permissions to your file system where a script could silently install malware. A JPG or PDF file was shown to do the same on the iPhone. Both instances were quickly patched, but it’s certain that another similar exploit will be found now that the “right” people for the job know where to look. Files sent through email will have been scanned and links in the email body are easy to spot. The same can’t be said for a text message or a Facebook DM.
Only install trusted applications
For most, that means Google Play. If an app or link directs you to install it from somewhere else, decline. This means you won’t need to enable the “unknown sources” setting required to install apps that didn’t originate from a Google server in the Play Store. Only installing apps from the Play Store means Google is monitoring their behavior, not you. They are better at it than we are.
If you need to install apps from another source you need to make sure you trust the source itself. Actual malware that probes and exploits the software on your phone can only happen if you approved the installation. And as soon as you’re finished installing or updating an app this way, turn the Unknown sources setting back on as a way to combat trickery and social engineering to get you to install an app manually.
None of this will make your phone 100% secure. 100% security isn’t the goal here and never is. The key is to make any data that’s valuable to someone else difficult to get. The higher the level of difficulty, the more valuable the data has to be in order to make getting it worthwhile.
Some data is more valuable that others, but all of it is worth protecting.
Pictures of my dogs or maps to the best trout streams in the Blue Ridge Mountains won’t require the same level of protection because they aren’t of value to anyone but me. Quarterly reports or customer data stored in your corporate email may be worth the trouble to get and need extra layers.
Luckily, even low-value data is easy to keep secure using the tools provided and these few tips.
Ben Heck’s Atari junk keyboard, part 2
We’re not so sure about Ben and Atari making beautiful music together, though the Ben Heck Show team certainly builds good circuits. Previously, they took apart a keyboard and made a manually activated switch matrix to read the piano keys. Now it’s time to take those outputs and hook them up to a 555 logic chip array to create the Atari inspired sound effects.
There’s a lot of wiring to do, so Ben and Felix split up the tasks. Ben wires up the bank of chips onto a board that will sit on top of the transistor array that Felix is wiring, with a header interfacing them. Karen meanwhile, paints and designs the casing in a retro feel befitting of the time. Ben and Felix then go to work on making additional adjustments to the board and create a totally ’80s Atari junk keyboard. What instrument would you like the team to make? Join the element14 Community to tell us about your music hacks and suggest an instrument.
Watch the first live-action ‘Ghost in the Shell’ trailer
Want to see how Hollywood takes on Ghost in the Shell outside of a handful of tiny video clips? You just got your chance. Paramount has released a full-length trailer for its spin on the anime/manga classic, and it’s at least interesting — if not necessarily what purists would want. It’s visually stunning, with more than a few moments that will remind you of at least the 1995 animated movie. It’s mainly the casting and unanswered questions that might leave you on the fence ahead of the movie’s March 31st, 2017 launch date.
Scarlett Johansson’s Major (Motoko Kusanagi in the anime and manga) at least pays basic tribute to the original movie’s interpretation. She’s a confident, capable cyborg, but has questions about her origins and how much humanity she really has. However, it’s hard not to see Johansson and other key Western actors (Pilou Asbaek’s version of Batou, for example) as somewhat out of place in a story that revolves heavily around a futuristic Japan. Also, how many creative liberties has the studio taken with Ghost in the Shell that we can’t see? Does it retain the spirit of the original, or is it Lucy in a different setting? If nothing else, the fact that it’s conversation-worthy at all gives us hope that this might do justice to its forebears.
Source: Paramount Pictures (YouTube)
From the Editor’s Desk: It’s Google hardware season
This is Google’s biggest release year in recent memory, but that comes with extra responsibility.
Most companies in the Android world like to front-load their announcements for the first quarter (or so) of the year, but Google has consistently stuck to a Fall release schedule for all of its biggest consumer-facing products. This year was perhaps its biggest yet, dropping the Pixels, Chromecast Ultra, Google Home, Daydream View and Google Wifi all at once. And even though we’re five weeks removed from the launch event, we’re just now hitting the point where these products are actually shipping out in real numbers.
I’ve had my Pixel and Pixel XL for about a month now (primarily using the Pixel, fwiw), but just received my Chromecast Ultra and Google Home this week. I’m still waiting for my free-with-purchase Daydream View, and though I haven’t made up my mind on buying a Google Wifi I don’t have a choice right now.
Unfortunately for Google fans, the company is still pretty bad about shipping products in a timely and consistent fashion, while keeping them in stock for new buyers. Though Google has made it over the hurdle of dead websites and two-month waitlists back in the Nexus 4 days, its products are still consistently out of stock or unavailable in certain SKUs. Over a month removed from launch, the Pixel XL is still tough to come by, and models that are “in stock” have 3-4 week ship times. Depending on the day Google Home, Chromecast Ultra and Daydream View may actually be in stock, but with a few days to a week of lead time before shipping. How about Google Wifi? ::crickets::
The physical products are now the main attraction, and Google has to deliver (figuratively and literally).
Perhaps I’ve been spoiled by same-day (and two day at the most) delivery from Amazon, and forget how bad ordering from the Google Store used to be, but it’s still extremely frustrating to see a company the size of Google be incapable of keeping its brand new products in stock when enthusiasm is the highest. We’re definitely starting to get into the swing of the holiday shopping season, and Google has to have these products ready to ship.
The stock and shipping issues are really indicative of Google’s overall hardware shortcomings. It has shown serious ambition with this “Made by Google” initiative, but as our own Russell Holly astutely summarized this week, Google is a bit short on execution. The Pixels are perhaps the most complete thought of the bunch, with very few missing pieces. Chromecast Ultra is a new Chromecast — that wasn’t too difficult. Google Home is a great idea but clearly needs a lot of software tuning and server-side improvements to make it actually great (or, just above average). Daydream View is clearly a great product ready to take over from Cardboard, but is launching with effectively no VR content. Again, Google Wifi? ::more crickets::
When Google was just releasing products here and there, we cut it slack on the execution part of things because we always knew the true product was having you use the internet and its services as much as possible. Now with “Made by Google” the physical products are the main attraction, not a secondary piece of things — and it has to actually start delivering. No more half-baked ideas, no more “it’ll get better in the future” caveats — that won’t fly anymore.
A few closing thoughts on the week that was:
- I know the HTC Bolt isn’t the next amazing drool-worthy phone, but you have to give HTC credit for doing a lot of neat stuff with what would otherwise be a boring carrier-branded handset.
- Shame it has to be saddled with a Snapdragon 810 processor and being a Sprint exclusive — it’s putting a cloud over an otherwise solid phone.
- Sprint is still going to use the Bolt as a centerpiece of its marketing the next few months, though, and that’s going to sell a considerable number of phones.
- I’m excited to give the Samsung Gear S3 a try again after first seeing it over two months ago. I want to use the new software especially, but I’m not particularly enthused by how huge both models are (and I have larger-than-average wrists).
- I always enjoy watching people guess which phone I took my Instagram photos with. Many times they’re right, sometimes they’re way off.
That’s it for this week. This is supposedly the “slow” part of the year in the Android world, but we’re certainly staying busy. See everyone next week.
Everything you need to know about PlayStation VR
What is PlayStation VR?
Basically, it’s a way to supercharge the gaming experience on your PlayStation 4 by using a headset that makes you feel like you are in the game. Just sit in front of your TV like usual, put on Sony’s futuristic-looking headset, and enjoy being able to look in every direction and see the whole game universe around you.
Read more at VR Heads!
After Math: The new normal
This week sure went sideways in a hurry. After Hillary Clinton’s stunning election night collapse, the American people are now faced with four years of well, whatever sorts of fresh hell the President-elect’s administration unleashes upon us. Gitmo is getting better Wi-Fi, Facebook denied all responsibility in spreading FUD throughout the election, the internet’s worst people are bolder than ever and the Navy can’t even afford bullets for its brand-new destroyer. Numbers, what are they good for? Not predicting presidential elections, apparently.
AIVAnet 