Tag: security

Apps and gadgets for the ‘Blade Runner’ future we didn’t ask for

Punks, monks and Harrison Ford running scared through a poisonous cityscape were just a few of the details that made the original Blade Runner feel like its environment was a standalone character in the film. It felt as alien and familiar as the way we live today, with an environment turning against us, a government that couldn't care less, and a corporate ruling class that would make the Tyrell Corporation jealous.

The dystopian world of Blade Runner felt like it had naturally come to be. Unlike the version of Blade Runner we seem to be living in now, which feels like someone threw a switch at New Year's, and surprise, we're living in hell. Suddenly we have to catch up to living in dystopian fiction really fast, lest we die from fires, hurricanes, connected Nazis or nuclear war. So it's probably best that we use every bit of tech to our advantage so we make it to the next noodle bar, as it were.

Roy Batty's survival kit

Despite the best efforts of our federal government to deny it, climate change is real and the planet has had enough of our foolishness. From hurricane destruction to extreme heat and cold, everyone needs to plan for a local disaster -- at the very least. The way things are now, with fires and floods, and even hurricanes hitting Ireland, it seems like we need to prepare for everything. But not everyone can afford a survival pod.

Survival kits start with the basics: A "go bag" to keep by the exit, a kit (or extra supplies) for staying in your house, and an off-site stash in case you have to literally run from disaster (such as a "car kit"). Pick one, or all three if you have the luxury. The American Red Cross has a good starting list, while the Disaster Supply Center has a multitude of readymade kits.

Now that we're living in a Blade Runner future on Krack, we'll have to fill in the details of true life in a future gone wrong. Like many in Northern California, this past week set a record for locals comparing life in San Francisco to existing in the film itself. That had a lot to do with the fires, which have us investing in daily-wear face masks and conditioned to air quality worse than Shanghai. We realize that we're just catching up with the rest of the world in so many ways in terms of life with poisoned air.

Prep your cyberpet

On the Set of 'Blade Runner'

As Pris surely knew, real animals are rare in Blade Runner's universe. Animals were the first to start dying of the pollution which pushed humans Off-World. From fires to dust to gale-force winds, or bombs, your kit needs a face mask with N95 and N100 ratings.

Sure, you can get any old thing at the hardware store or Amazon, but this is the future. You can take advantage of living in a time when even product designers are allergic to everything, and get an air mask fit for a city dweller. In many instances, these nouveau air-pollution masks are better than what you'll get in that prepper survival kit.

Great daily use (or temporary daily use) masks that look good are now a competitive market. For the Cal Fires, a number of SF locals grabbed a Vogmask off Amazon for getting around town. Other recommended masks that will make you actually want to wear it are those from Airinum and the Cambridge Mask Co.

If Pris had survived her encounter with Deckard, she'd surely have an animal companion -- and the gear to make her darling doggo or kitteh ready for anything. For starters, she'd make sure that sweet little manufactured beast stayed far away from any actual blade runners with GPS tracking. One option is the Whistle Pet Tracker; internet famous travel cat Willow stays connected with the Tabcat tracker and a long-range (no cell service needed) MarcoPolo Tracking System.

Pris would also have a Pet First Aid Kit, certainly, but for the oppressive heat in a climate gone wrong, she'd own a swamp cooler pup jacket or a canine cooling harness. Or like me, she'd have read about the woman fleeing the Cal Fires who put her 80-lb pit bull in a backpack and bicycled to safety, and would want a quick escape solution -- like a U-Pet escape pod.

Off-World isn't yet an option

Blade Runner

Fire is one thing, but looking at recent events, everyone will probably need waterproof everything. When you can, get a waterproof (or water-resistant) case for all your devices, or try to invest in the newest versions of things like the Kindle, which is now waterproof.

Harrison Ford's character Deckard drank whiskey -- Johnny Walker Black Label, to be precise -- so that's one way you might be able to avoid the poisonous drinking water of our collective future. For those who may find this impractical for daily applications, a top-end water filtration device is the gadget you want. The most advanced consumer model is the MSR Guardian™ Purifier, but day trippers living in the future-now will want a handheld UV water purifier like the SteriPen.

Your biggest asset in a dystopian climate change emergency might just be your backups. You can make your backup with a reputable cloud service, like Crashplan or iCloud. But to be safe from today's security threats, you should have a secure backup hard drive that you keep at home (or in another safe place) and one that you can grab and go.

This portable drive can hold copies of everything you might have to leave behind, from family photos to scans of your passport. It should also be waterproof, shock-proof, and password protected. The gold standard for this type of external hard drive is IOSafe, which claims to also be fireproof. For a small drive to keep in a bag, in case the replicant hunters come looking for you or a hurricane strikes out of nowhere, consider a Silicon Power drive, with small versions storing up to 4TB.

Power will be a concern, no matter if you're in a sci-fi climate disaster future or just on the go in our Blade Runner day-to-day lives. For those who are oppressed by the sun, solar chargers are now easy to use and take everywhere with you. Adafruit's DIY solar charger tutorials will have your devices constantly charged, and can help you keep others charged as well.

If your modern-day Blade Runner experience doesn't include DIY tinkering, the American Red Cross FRX3+ All Purpose Weather and Radio Charger has it all. It includes a NOAA AM/FM weather alert radio, LED flashlight, a charger via its USB port, and it stays powered for a week when fully charged via hand crank, its solar panel, or its 2600 mAh rechargeable battery.

Alcon Entertainment

Apps for humans and replicants alike

One of the apps that made day to day living safe in the Bay Area over the past two weeks was AirVisual's air quality app. More immediate than local alerts, it let us know when we needed to wear masks to go to the grocery store, and when we'd expect to get a break with some fresh air.

That said, many were stuck inside worrying how fast we were dying from the air in our apartments. That's where the AirVisual Pro would come in handy, showing inside air quality as well as that outside our doors. Yet, inside is really where it counts in polluted dystopias like ours, which is why an air purifier is probably the "coolest" gift anyone can give in this coming holiday season. For the most tech-inclined, Dyson's pricey hot-cool air purifier is definitely the Cadillac of purifiers, and comes with its own app to help you monitor your space.

Radiation wasn't an influence on the original Blade Runner's storytelling, but it might be in ours. In case our dystopia takes a Fallout 4 turn, Idaho National Laboratory scientists created an Android app for detecting radiation -- and they tested it on several different smartphone models (Samsung Nexus S, Samsung Galaxy Nexus, Samsung SIII and LG Nexus 4).

The CellRAD app wasn't released to the public, but a similar app called Radiation Alarm works on the same functionality. It uses an Android's camera app to detect gamma radiation, as long as you follow the instructions closely (and keep the camera covered to get a reading).

There are apps I wish I'd had before the fires, and apps I've found that make me glad I'm installing them now. Climate change has made Weather alert apps completely invaluable. Weather Underground, Weather Channel, AccuWeather, RainAware, and Hurricane by the American Red Cross would've helped me decide to get an air purifier in time, and will probably save me and my replicant cat before the next disaster.

It's too bad that IBM's mesh network weather alert app isn't available in America yet, but I'm setting an alert to download it when it can help us out. This will negate the need to have cell service to get alerts, and I wonder how many lives it might've saved this year so far.

Should hurricanes hit San Francisco, or if Deckard comes looking for me and my friends, I've now got the Red Panic Button. This app sends email, text, and GPS coordinates to trusted contacts in the event of an emergency, as well as notifying 911. The "ICE" app (In Case of Emergency) from American Red Cross keeps an unlocked medical alert on the lockscreen of my phone, just in case.

While we're on the subject, the American Red Cross has its problems, but the apps they provide are invaluable. Those include a Shelter Finder app, a hurricane/wildfire/earthquake app, and their first aid apps. The medial aid apps come in both human and pet versions, and they are stored offline should you end up without cell service and need to save a fellow replicant's life.

Some might say that Blade Runner was just a movie. But for the rest of us, it's suddenly a way of life, and also a guide to survival. Hopefully this little guide helps, too.

Images: Stanley Bielecki Movie Collection/Getty Images (Rutger Hauer as Roy Batty); Sunset Boulevard/Corbis via Getty Images (Joanna Cassidy as Zhora Salome with Snake); Stanley Bielecki Movie Collection/Getty Images (Harrison Ford and Edward James Olmos as Deckard and Gaff); Alcon Entertainment / Blade Runner 2049 (Weather display)


Google will pay hackers who find flaws in top Android apps

Google is probably hoping to raise the quality of apps in the Play store by launching a new bug bounty program that's completely separate from its existing one. While its old program focuses on finding flaws in its websites and operating systems, this one will pay hackers when they find vulnerabilities in Android's top third-party apps. They have to submit their findings straight to the developers and work with them before they can turn in a report through HackerOne's bounty platform to collect their reward.

Google promises $1,000 for every issue that meets its criteria, but bounty hunters can't simply choose a spammy app (of which there are plenty on the Play Store) to cash in. For now, they can only get a grand if they can find an eligible flaw in Dropbox, Duolingo, Line, Snapchat, Tinder, Alibaba, Mail.ru and Headspace. Google plans to invite more app developers in the future, but they have to be willing to patch any vulnerabilities found... which means you can't rely on the program to fix the issues in your favorite low-quality application.

Via: Android Police

Source: HackerOne


Google and Microsoft troll each other over software vulnerabilities

Google has a history of not playing nicely with Microsoft. The company has previously posted publicly about their competitor's software vulnerabilities, and understandably, Microsoft hasn't been very happy about it. But now, the company has turned the tables on Google. Microsoft found a vulnerability within the Chrome browser, and while Google patched it in beta versions, it wasn't fixed in the public release for roughly a month.

However, Google posted the fix on GitHub instantly, before it was applied to the public release. While the fix for this issue doesn't out the vulnerability, according to Microsoft, that hasn't always been the case. Microsoft believes that a fix should be applied before they are public knowledge.

Microsoft does have a point here. It took Google a month to patch this particular Chrome vulnerability; that's plenty of time for a hacker to examine it and exploit it. It's probably not the best judgment to put fixes for vulnerabilities on GitHub before they're patched in a browser.

That being said, though, are we really benefitting from this one-upmanship between Google and Microsoft? Sure, the issues are being identified and corrected, which is always a good thing. And a bit of friendly competition can certainly be helpful. But this may have veered beyond "friendly" territory and started endangering users' security in the process. Perhaps it's time for both companies to rethink their approach when it comes to these issues.

Source: Microsoft


Apple responds to Sen. Al Franken’s Face ID concerns in letter

Apple has responded to Senator Al Franken's concerns over the privacy implications of its Face ID feature, which is set to debut on the iPhone X next month. In his letter to Tim Cook, Franken asked about customer security, third-party access to data (including requests by law enforcement), and whether the tech could recognize a diverse set of faces.

In its response, Apple indicates that it's already detailed the tech in a white paper and Knowledge Base article -- which provides answers to "all of the questions you raise". But, it also offers a recap of the feature regardless (a TL:DR, if you will). Apple reiterates that the chance of a random person unlocking your phone is one in a million (in comparison to one in 500,000 for Touch ID). And, it claims that after five unsuccessful scans, a passcode is required to access your iPhone.

More significantly, Apple provides a summary on how it stores Face ID biometrics, which gets to the heart of the privacy concerns. "Face ID data, including mathematical representations of your face, is encrypted and only available to the Secure Enclave. This data never leaves the device. It is not sent to Apple, nor is it included in device backups. Face images captured during normal unlock operations aren't saved, but are instead immediately discarded once the mathematical representation is calculated for comparison to the enrolled Face ID data."

On the topic of data-sharing, it writes: "Third-party apps can use system provided APIs to ask the user to authenticate using Face ID or a passcode, and apps that support Touch ID automatically support Face ID without any changes." It continues: "When using Face ID, the app is notified only as to whether the authentication was successful; it cannot access Face ID or the data associated with the enrolled face."

Interestingly, the company dodges the Senator's question about data requests from law enforcement. But, by indicating that data lives inside a "secure enclave" that it can't access, it's suggesting that it won't be able to handover info that it doesn't possess. It could also be holding back in light of its scrap with the Department of Justice last year, which saw it refuse to unlock an iPhone 5C owned by the San Bernardino shooters.

As Sen. Franken noted in his letter, Apple trained its Face ID neural network on a billion images. But, that's not to say the photographs were of a billion different faces. For its part, Apple claims it looked at a "representative group of people" -- although it's still silent about exact numbers. It adds: "We worked with participants from around the world to include a representative group of people accounting for gender, age, ethnicity and other factors. We augmented the studies as needed to provide a high degree of accuracy for a diverse range of users." Of course, we'll get to see how accurate Apple's tech is when the new iPhone makes its way into more hands next month.

For now, it seems the Senator is satisfied with the company's initial response, which he plans to extend into a conversation about data protection. You can read his full statement below:

"As the top Democrat on the Privacy Subcommittee, I strongly believe that all Americans have a fundamental right to privacy. All the time, we learn about and actually experience new technologies and innovations that, just a few years back, were difficult to even imagine. While these developments are often great for families, businesses, and our economy, they also raise important questions about how we protect what I believe are among the most pressing issues facing consumers: privacy and security. I appreciate Apple's willingness to engage with my office on these issues, and I'm glad to see the steps that the company has taken to address consumer privacy and security concerns. I plan to follow up with the Apple to find out more about how it plans to protect the data of customers who decide to use the latest generation of iPhone's facial recognition technology."


UK collected social media data as part of its mass surveillance

It's no secret that the UK has been engaging in mass surveillance over the past few years. Since Edward Snowden's leaks revealed the extent of their program, the UK's security and intelligence organization GCHQ has been under fire for possible violation of privacy laws, as well as the possibility that too much data had compromised the organization's ability to analyze it fully. Now, Privacy International, a privacy rights group, claims to have documents that show that GCHQ has been collecting social media information on millions of people.

GCHQ, which stands for Government Communications Headquarters, has been collecting this information over years, even decades, and sharing these databases with foreign intelligence and law enforcement services. Their oversight body, the Investigatory Powers Commissioner, has been out of the loop in regard to this practice. GCHQ reportedly obtained the data through access to private companies' databases. It's unclear what information has been collected and what it's being used for, but it is sorted into "biographical data," "financial activities," "travel" and more.

The documents stemmed from the organization's overall challenge at how the UK government is using its investigatory powers to gather mass surveillance data. In this case, Privacy International's specific issue concerns the role of private contractors. These third-party contractors have administrator access to the data, and there are currently no safeguards in place to prevent them from misusing it.

"The intelligence agencies' practices in relation to bulk data were previously found to be unlawful," says Millie Graham Wood, a solicitor at Privacy International. "After three years of litigation, just before the court hearing we learn not only are safeguards for sharing our sensitive data non-existent, but the government has databases with our social media information and is potentially sharing access to this information with foreign governments." It's understanding why this information is concerning -- oversight is necessary when it comes to intelligence operations. Hopefully Privacy International's case has some positive results.

Via: TechCrunch

Source: Privacy International


Digital rights groups speak out against EU plan to scan online content

For the past few years, the European Union has been developing reforms that would turn Europe into a Digital Single Market. Under such a structure, anyone in Europe would be able to buy goods and services online from any of the EU member states, not just where they currently happen to be, and services like Netflix would be the same in each country, though that piece would be quite a bit harder to implement. However, there's another part of this conversation that has drawn a fair amount of backlash and this week led major rights groups to pen an opposition letter to the EU.

The stipulation in question, reports TorrentFreak, is Article 13 of the current Digital Single Market proposals, which would require online service providers like YouTube and Facebook to constantly scan uploaded content to make sure it doesn't infringe on any copyrights. This would largely replace the current model wherein once a copyright violation is reported, that content is removed. While groups like entertainment companies support such a measure, others have spoken out against it. In an open letter to the EU, dozens of international rights groups -- such as Human Rights Watch, Electronic Frontier Foundation and Reporters without Borders -- helmed by the Civil Liberties Union for Europe and European Digital Rights requested Article 13 be removed from the proposals.

In the letter, the groups say, "Article 13 of the proposal on Copyright in the Digital Single Market include obligations on internet companies that would be impossible to respect without the imposition of excessive restrictions on citizens' fundamental rights." They continue, "In particular, the requirement to filter content in this way would violate the freedom of expression set out in Article 11 of the Charter of Fundamental Rights. If internet companies are required to apply filtering mechanisms in order to avoid possible liability, they will. This will lead to excessive filtering and deletion of content and limit the freedom to impart information on the one hand, and the freedom to receive information on the other." The groups also make a practical argument, pointing out that similar mandates have been rejected by the Court of Justice twice before and Article 13 would likely be thrown out as well.

Whether such a response will have any impact on the EU's decision will remain to be seen, but it looks like it's going to have a fight on its hands if it decides to go forward.

Via: TorrentFreak

Source: Electronic Frontier Foundation, European Commission


Engadget giveaway: Win a Sense smart security router courtesy of F-Secure!

With smart home technology proliferating and cybercriminality afoot, adding data security to your home network is a wise move. F-Secure's new Sense router can help monitor your home and provide feedback on the state of your network, IoT gadgets and even mobile devices while providing dual-band WiFi for your home. The Sense router monitors by device type to offer the protection for each connected product, from threats targeting your home PC to checking for unusual activity on IoT products.

Sense stays connected to F-Secure's Security Cloud service to stay up-to-date, apply its file scanning services and AI analysis, while upholding its privacy principles. This week, F-Secure has provided us with three of its new Sense smart security routers -- which include a one-year security subscription -- for three lucky readers. All you need to do is head to the Rafflecopter widget below for up to three chances at winning this one-stop home data-security device.

a Rafflecopter giveaway

  • Entries are handled through the Rafflecopter widget above. Comments are no longer accepted as valid methods of entry. You may enter without any obligation to social media accounts, though we may offer them as opportunities for extra entries. Your email address is required so we can get in touch with you if you win, but it will not be given to third parties.
  • Contest is open to all residents of the 50 states, the District of Columbia and Canada (excluding Quebec), 18 or older! Sorry, we don't make this rule (we hate excluding anyone), so direct your anger at our lawyers and contest laws if you have to be mad.
  • Winners will be chosen randomly. Three (3) winners will each receive one (1) F-Secure SENSE router including a one (1) year security subscription ($199 value each).
  • If you are chosen, you will be notified by email. Winners must respond within three days of being contacted. If you do not respond within that period, another winner will be chosen. Make sure that the account you use to enter the contest includes your real name and a contact email. We do not track any of this information for marketing or third-party purposes.
  • This unit is purely for promotional giveaway. Engadget and AOL are not held liable to honor warranties, exchanges or customer service.
  • The full list of rules, in all of its legalese glory, can be found here.
  • Entries can be submitted until October 18th at 11:59PM ET. Good luck!

Microsoft’s internal bug database was hacked in 2013

Over four years ago, Microsoft's internal database for bug tracking was apparently breached by hackers. It was discovered in 2013 but never disclosed to the public, according to five former employees of the company who spoke with Reuters.

This is a serious issue because of what exactly was hacked. Microsoft's internal database of bugs contains secret security flaws and possible exploits within its widely used software that need to be fixed. With this information, hackers and foreign governments had a road map on how to breach vulnerable systems.

Microsoft was able to fix the stolen vulnerabilities within a few months after the hack was detected. The company also checked to see whether the leaked information had been used in other breaches around that same time, before Microsoft was able to patch them. The company was unable to link their internal hack to any other breaches.

According to the former employees, Microsoft has since put more of an emphasis on internal security. Still, the fact that Microsoft didn't disclose that the breach occurred isn't a great move. It's not hard to follow their line of thinking -- that bringing publicity to it might encourage the group responsible to exploit these vulnerabilities more quickly because they knew the breach had been noticed and an eventual fix for these issues was coming. But the fact remains that computer systems around the world were even more vulnerable than usual because of a security breach. Had it been public, the organizations could have taken preventative measures to ensure their security.

Source: Reuters


Google Advanced Protection is for high-profile hacking targets

Many internet giants offer security measures like two-factor authentication (which you should really use) to keep your account safe from hackers. But there are a handful of people who are so valuable as targets that hackers will go after them specifically -- say, election campaign managers. And Google wants to do something about it. It's introducing the previously rumored Advanced Protection Program, an extra layer of security for people who virtually expect cyberattacks. Sign up and you'll put restrictions on your account that will be borderline onerous, but could be vital when you know you're facing a serious threat.

To start, you need a physical security key to sign in. These certainly aren't unheard of (Facebook supports them), but it's not optional for anyone in Advanced Protection. Google also limits full access to your Gmail and Drive accounts to specific apps (currently its own), so a rogue program can't spy on you or steal your data. And hackers won't have much luck with social engineering, either. There are "additional reviews and requests" if someone claims to be locked out of an account, reducing the chances that someone can impersonate you well enough to get account details.

Google is promising to "continually update" its security measures to adapt to threats. You'll get the latest the company can offer, in other words.

At the moment, Advanced Protection is limited to personal Google accounts. However, you don't need to be a celebrity or political figure to enroll. Google is quick to stress that this is for anyone who has a particular reason to be worried about hacks, such as someone escaping an abusive relationship or a journalist who needs to protect the anonymity of a source. While it's patently obvious that this is coming about as a response to the hacks that defined the 2016 US election (Google makes not-so-vague allusions to the attack on John Podesta's account), it's clearly useful on a much broader level.

Via: Reuters, Wired

Source: Google, Advanced Protection


DHS will demand that feds implement basic email security

After suffering several security breaches over the past few years, the US government will finally require federal agencies to implement basic email security measures. According to Reuters, Homeland Security's deputy undersecretary for cybersecurity Jeanette Manfra has revealed at an event in New York that the agency will soon require other federal agencies to adopt DMARC and STARTTLS. DMARC helps detect and block spoofed emails to prevent impersonation of government officials. STARTTLS prevents emails from being intercepted en route to the recipient. Both are at least a decade old and have already been widely adopted by email providers like Google and Microsoft.

Manfra said Homeland Security will issue a binding directive soon, after which agencies will have 90 days to implement the new requirements. Democratic Senator Ron Wyden has been trying to convince agencies to begin implementing the standards since earlier this year. See, the problem is that some government offices already use at least one of those two security measures, while others don't. In fact, the Pentagon has only started using STARTTLS to protect the military's mail.mil email accounts in July. The directive will ensure all agencies are protected by both -- as they say, better late than never.

Via: Gizmodo

Source: Reuters