Sunday, November 16, 2014

Boot up: Snapchat hacking, LED laws, Android L date

A bouquet of 8 links for you to chew over, as picked by the Technology team

Andy Greenberg:

even if Snapchat users' data was accessed via someone else's servers, that doesn't make the breach any less of Snapchat's problem, says security researcher Adam Caudill. He's been reverse engineering Snapchat's API to demonstrate exactly the problem of rogue third party apps for years. "Your average developer can build something in a day's time that interacts with Snapchat's API and saves everything that comes through it," Caudill says. "Quite honestly, I'm surprised this hasn't happened sooner."

Caudill first warned Snapchat in 2012 that he had analyzed its API and could build a pirate app that stripped out its time-deletion features. "Given the nature of the application, I suspect unofficial clients are unavoidable…especially as the service grows in popularity," he wrote at the time.

How do you prevent, in perpetuity, a third-party app with the correct login details from accessing your server?


as Peter Frase wrote in Jacobin, there's a reactionary right-wing flavour to all of Gamergate's desperate yelling. (Liz Ryerson was the first to thoroughly document this extremism.) "Some gamers would like it both ways: they want everyone to take their medium seriously, but they don't want anyone to challenge their political assumptions or call into question the way gamers treat people who don't look and think like them," Frase wrote. "They hate and fear a world where games are truly made by and for everyone."

What gives Gamergate power and momentum is its extremist conservative obstinacy; it is a reactionary movement against progressive voices that hoodwinks typically apolitical game players by convincing them of some harm that doesn't actually exist, like they are losing their right to free speech, or their hobby is being killed by an anti-gamer conspiracy. Once you've insinuated something like that, whether or not it's true, it's easy to get a lot of people on your side; a closely related project is to get people hyped up about people stealing votes to justify racially and politically biased ID laws, even though voter fraud in the United States is a mythical boogeyman.

Everyone knows about Moore's law, which says that the number of transistors in a computer chip (and, therefore, its computing power) doubles every 18 to 24 months. It has a less famous cousin called Haitz's law. It says that every 10 years, the power of LED lighting packages will increase by a factor of 20, while the cost of these packages, per unit of illumination, will fall by a factor of 10.

The law is named after Roland Haitz, who made the forecast in 2000. And so far, the industry has actually exceeded his expectations…

Recently progress has accelerated, so that you can now get LED packages that produce 1,000 lumens of light. If current trends continue you'll be able to buy 10,000-lumen LED lights in a few years.

For comparison, a 100-watt incandescent light bulb produces around 1,700 lumens. So LED lights are becoming nearly as bright as conventional lighting sources.

We should all be lighting our homes with LEDs very soon.

Diogo Mónica leads platform security at Square, the payment processing company:

In this post I'm going to make the following arguments:

• Choosing a password should be something you do very infrequently.

• Our focus should be on protecting passwords against informed statistical attacks and not brute-force attacks.

• When you do have to choose a password, one of the most important selection criteria should be how many other people have also chosen that same password.

• One of the most impactful things that we can do as a security community is to change password strength meters and disallow the use of common passwords.

Here's what most of you will be wanting to know: when can I get it on my phone? Well, if you're a developer with a Nexus 5 or Nexus 7 then it will be easiest, as it was made available on June 26 for developers.

For the rest of the folk in the world it looks like it's coming on November 1, which means that this is very much a preview to appease those that want to get cracking on development, and launching it at Google IO makes sense.

This also means that as Android L readies itself for a consumer launch we'll find out more about whether it's Android 5, Android 4.5 and which dessert name it will have and indeed it's now looking very likely that it will be Android Lollipop, as Google recently celebrated its 16th birthday with a cake topped with lollipops, which is a pretty big clue.

Smartphone memory and data costs are the two major limiting factors among app users in emerging markets, according to a recent Jana survey of smartphone users in 9 countries. The June survey, which collected feedback from over 8,000 smartphone users in India, Indonesia, the Philippines, Vietnam, Kenya, Nigeria, South Africa, Brazil, and Mexico, showed that there are still major limiting factors to digital consumption.

Overall, 29% of respondents considered a shortage of memory on their smartphone to be the primary obstacle to app consumption. Another 25% indicated that lower data costs prevent them from downloading more app content.

Hence Facebook and Google figuring out internet connectivity subsidies for mobile phones in a number of developing countries.

The Hill, another Washington, D.C. publication, said that StingRays have been in use since at least 1995 and are currently deployed by at least 43 agencies in 18 states.
Then it dawned on me. We had a rash of stories on these "mystery towers," and it seemed everywhere I turned, there was Les Goldsmith, the CEO of ESD America, the company that took a stock Galaxy S III and turned it into a hardened phone with numerous exploits removed and all kinds of security added. His phones had detected the StingRays since they display far more information than a standard cell phone.

Goldsmith was in the Popular Science article that started this all. He spoke to VentureBeat and The Blaze. ESD consultants also accompanied CNBC on a ride around Washington, D.C. to discuss their findings.

That sure worked out nicely for ESD America, didn't it? They show up in a lot of Google searches these days.

Amir Efrati:

The discussions around a new app-testing feature come as Google Play struggles to get people to open up their wallets—both for the array of TV shows or music it offers or for paid apps. As of a year ago, less than 10% of Google Play visitors paid for anything, according to a person who had access to the figure.

Over the past year or so, Google has reduced the cut of Google Play revenue it gives to some partners that sell Android devices from 25% to 15% and, in at least one case, to zero. It told at least one partner that the reduction came because Google wasn't generating enough money from Google Play.

Google Play has been held back for other reasons. Android devices, with few exceptions, are viewed by consumers as more down-market than the iPhone. As a consequence, wealthier phone buyers pick the iPhone over Android, and those people end up spending more money through apps and on buying digital content than the owners of Android devices. Google has been working on ways to help change that perception, but it will be an uphill battle.

Less than 10% of people have paid for something on Google Play; yet Google is slicing away at the cut it gives to OEMs (and carriers). Wouldn't that alienate the OEMs - and make them look at the alternative, Windows Phone?

You can follow Guardian Technology's linkbucket on Pinboard

To suggest a link, either add it below or tag it with @gdntech on the free Delicious service.

View the original article here

No comments:

Post a Comment