By msmash from Slashdot's keep-an-eye department
An anonymous reader shares a report: High-Tech Bridge used its free mobile app analysis software, called Mobile X-Ray, to peek under the hood of the top 30 cryptocurrency apps in the Google Play store at three different popularity levels: apps with up to 100,000 downloads, up to 500,000 downloads, and apps with more than 500,000 downloads. So, a total of 90 apps altogether. Of the most popular apps, 94 percent used outdated encryption, 66 percent didn't use HTTPS to encrypt user information in transit, 44 percent used hard-coded default passwords (stored in plain text in the code), and overall 94 percent of the most popular apps were found to have "at least three medium-risk vulnerabilities."Read Replies (0)
By msmash from Slashdot's dirt-cheap-phones department
An Android update that Blu shipped to Blu One Life X2 smartphones yesterday, November 28, has locked people out of their phones. From a report: On forums, Reddit, and Blu's official Facebook page, users are complaining that after applying the update and rebooting the device, their phone won't recognize their password, PIN code, or pattern lock, even if users are 100% sure they are entering the correct data. Bleeping Computer has independently verified this bug. "I updated my BLU Life One X2 around 2 hours ago. It asks for a password in order to access Android," said one of the Blu users facing this problem. "I am completely locked out of my phone. Ever single password used is marked incorrect." After ten "failed" login attempts, the user's data is wiped from the device, according to the standard Android OS behavior.Read Replies (0)
By BeauHD from Slashdot's come-and-get-it department
Swapna Krishna reports via Engadget: Back in January, the HDMI Forum unveiled its new specifications for the HDMI connector, called HDMI 2.1. Now, that HDMI specification is available to all HDMI 2.0 adopters. It's backwards compatible with all previous HDMI specifications. The focus of HDMI 2.1 is on higher video bandwidth; it supports 48 GB per second with a new backwards-compatible ultra high speed HDMI cable. It also supports faster refresh rates for high video resolution -- 60 Hz for 8K and 120 Hz for 4K. The standard also supports Dynamic HDR and resolutions up to 10K for commercial and specialty use. This new version of the HDMI specification also introduces an enhanced refresh rate that gamers will appreciate. VRR, or Variable Refresh Rate, reduces, or in some cases eliminates, lag for smoother gameplay, while Quick Frame Transport (QFT) reduces latency. Quick Media Switching, or QMS, reduces the amount of blank-screen wait time while switching media. HDMI 2.1 also includes Auto Low Latency Mode (ALLM), which automatically sets the ideal latency for the smoothest viewing experience.Read Replies (0)
By BeauHD from Slashdot's tech-giants department
Hal_Porter shares a report from The Register: If the tech industry wants another wave of innovation to match the PC or the internet, Google and Facebook must be broken up, journalist and film producer Jonathan Taplin told an audience at University College London's Faculty of Law this week. He was speaking at an event titled Crisis in Copyright Policy: How the digital monopolies have cornered culture and what it means for all of us, where he credited the clampers put on Bell then IBM for helping to create the PC industry and the internet. Taplin told his audience that he'd been moved by the fate of his friend Levon Helm, The Band's drummer, who was forced to go back on the road in his sixties, after radiation therapy for cancer. Helm died broke. Today, Taplin points out, YouTube accounts for 57 per cent of all songs streamed over the internet, but thanks to a loophole returns just 13.5 per cent of revenue. "That's not a willing buyer-seller relationship," he said, referring to the UGC loophole that Google enjoys, one not available to Spotify or Apple Music. But it isn't just songwriters and musicians who are poorly paid. The average person "works for two hours a day for Mark Zuckerberg" generating a data profile. Taplin pointed out that Bell held patents on many technologies including the transistor, the laser and the solar cell, that it agreed to license, royalty free, as part of a 1956 consent decree.
< article continued at Slashdot's tech-giants department
>Read Replies (0)
By BeauHD from Slashdot's increased-transparency department
A study by French research organization Exodus Privacy and Yale University's Privacy Lab analyzed the mobile apps for the signatures of 25 known trackers and found that more than three in four Android apps contain at least one third-party "tracker." The Guardian reports: Among the apps found to be using some sort of tracking plugin were some of the most popular apps on the Google Play Store, including Tinder, Spotify, Uber and OKCupid. All four apps use a service owned by Google, called Crashlytics, that primarily tracks app crash reports, but can also provide the ability to "get insight into your users, what they're doing, and inject live social content to delight them." Other less widely-used trackers can go much further. One cited by Yale is FidZup, a French tracking provider with technology that can "detect the presence of mobile phones and therefore their owners" using ultrasonic tones. FidZup says it no-longer uses that technology, however, since tracking users through simple wifi networks works just as well.Read Replies (0)
By BeauHD from Slashdot's digital-age department
On November 29th, the U.S. Supreme Court will hear oral arguments in Carpenter v. US, a case essentially asking whether or not authorities need a warrant based on probable cause and signed by a judge to see your cellphone location data. For now, they do not. Given the fact that about 95% of Americans have cellphones, this case has major implications. Quartz reports: Mobile-service providers collect "cell site location information" (CSLI) for all phones, ostensibly to use for things like improving their networks. The U.S. government considers these data "routinely collected business records" rather than private information. That means it can demand the records without proving probable cause. That's what happened in the criminal case of Timothy Carpenter, accused of a series of Detroit, Michigan robberies. At Carpenter's trial, prosecutors presented evidence collected by private companies, obtained by the law without probable cause. They used 127 days-worth of cellphone-location data, amounting to almost 13,000 data points, to tell a circumstantial story of Carpenter comings and goings.
In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider's service, he agreed that his call records weren't private information belonging to him, but rather business records belonging to the company. Therefore, he should have "no reasonable expectation of privacy" when it comes to these records, government attorneys wrote. Carpenter argues that the location evidence was obtained illegally. The Sixth Circuit Court of Appeals denied that claim last year, basing their decision on Supreme Court cases from the 1970s: Smith v. Maryland and US v. Miller . The appeals court concluded that, under what's called the "third-party doctrine," Americans don't have a reasonable expectation of privacy in things like check deposit slips, similar banking records, and dialed telephone numbers.Read Replies (0)
By BeauHD from Slashdot's broken-promises department
An anonymous reader quotes a report from Slate: Anyone who has ever paid a bill to or waited for customer service from Comcast knows why it is one of America's most detested companies, its recent efforts to improve its image notwithstanding. While Comcast says its customers will "enjoy strong net neutrality protections," it hasn't explicitly said it won't offer paid prioritization, which is how the company would most likely monetize its new ability to legally muck with internet traffic. In other words, Comcast might not choke or slow service to any website, but it could speed access to destinations that pay for the priority service. The company's promises should sound familiar. As Jon Brodkin pointed out in Ars Technica on Monday, back when the FCC was crafting the network neutrality rules in 2014, Comcast said it had no plans to enact paid prioritization, either. "We don't prioritize Internet traffic or have paid fast lanes, and have no plans to do so," a Comcast executive wrote in a blog post that year.
< article continued at Slashdot's broken-promises department
>Read Replies (0)
By BeauHD from Slashdot's feasibility-study department
dmoberhaus writes: Someone claimed to use their Tesla to power a cryptocurrency mine to take advantage of the free energy given to Tesla owners. But even with free energy, does this scheme make sense? Motherboard ran the numbers.
From the report: "...If we assume that each of the GPUs in this rig draws around 150 watts, then the 16 GPUs have a total power draw of 2.4 kilowatts per hour or 57.6 kilowatt hours per day if they ran for a full 24 hours. According to Green Car Reports, a Tesla Model S gets about 3 miles per kilowatt hour, meaning that running this mining rig for a full day is the equivalent of driving nearly 173 miles in the Tesla. According to the Federal Highway Administration, the average American drives around 260 miles a week. In other words, running this cryptocurrency mine out of the trunk of a Tesla for a day and a half would use as much energy as driving that Tesla for a full week, on average. Moreover, drivers who are not a part of Tesla's unlimited free energy program are limited to 400 kilowatt hours of free electricity per year, meaning they could only run their rig for a little over 7 days on free energy.
< article continued at Slashdot's feasibility-study department
>Read Replies (0)
By BeauHD from Slashdot's trivial-to-exploit department
An anonymous reader quotes a report from The Register: A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password. The security bug is triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff like configure privacy and network settings. If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen. The vulnerability effectively allows someone with physical access to the machine to log in, cause extra mischief, install malware, and so on. You should not leave your vulnerable Mac unattended until you can fix the problem. And while obviously this situation is not the end of the world -- it's certainly far from a remote hole or a disk decryption technique -- it's just really, really sad to see megabucks Apple drop the ball like this. Developer Lemi Orhan Ergan was the first to alert the world to the flaw. The Register notes: "If you have a root account enabled and a password for it set, the black password trick will not work. So, keep the account enabled and set a root password right now..."Read Replies (0)