Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Medicine

The Big Short: Security Flaws Fuel Bet Against St. Jude (securityledger.com) 28

chicksdaddy writes: "Call it The Big Short -- or maybe just the medical device industry's 'Shot Heard Round The World': a report from Muddy Waters Research recommends that its readers bet against (or 'short') St. Jude Medical after learning of serious security vulnerabilities in a range of the company's implantable cardiac devices," The Security Ledger reports. "The Muddy Waters report on St. Jude's set off a steep sell off in St. Jude Medical's stock, which finished the day down 5%, helping to push down medical stocks overall. The report cites the 'strong possibility that close to half of STJ's revenue is about to disappear for approximately two years' as a result of 'product safety' issues stemming from remotely exploitable vulnerabilities in STJ's pacemakers, implantable cardioverter defibrillator (ICD), and cardiac resynchronization therapy (CRT) devices. The vulnerabilities are linked to St. Jude's Merlin at home remote patient management platform, said Muddy Waters. The firm cited research by MedSec Holdings Ltd., a cybersecurity research firm that identified the vulnerabilities in St. Jude's ecosystem. Muddy Waters said that the affected products should be recalled until the vulnerabilities are fixed. In an e-mail statement to Security Ledger, St. Jude's Chief Technology Officer, Phil Ebeling, called the allegations 'absolutely untrue.' 'There are several layers of security measures in place. We conduct security assessments on an ongoing basis and work with external experts specifically on Merlin at home and on all our devices,' Ebeling said."

More controversial: MedSec CEO Justine Bone acknowledged in an interview with Bloomberg that her company did not first reach out to St. Jude to provide them with information on the security holes before working with Muddy Waters. Information security experts who have worked with the medical device industry to improve security expressed confusion and dismay. "If safety was the goal then I think (MedSec's) execution was poor," said Joshua Corman of The Atlantic Institute and I Am The Cavalry. "And if profit was the goal it may come at the cost of safety. It seems like a high stakes game that people may live to regret."

Google

Google Search Removes 'Mobile-Friendly' Label, Will Tackle Interstitials Next (venturebeat.com) 79

An anonymous reader quotes a report from VentureBeat: Google today announced two updates to mobile search results: an aesthetic one rolling out now and an algorithmic one coming next year. The former consists of removing the "mobile-friendly" label in search results and the latter will punish mobile sites that use interstitials. The goal is to "make finding content easier for users," though as always, the company didn't share exactly how much of an impact users and webmasters can expect. The report adds: "If your site is in the 15 percent group, here's a quick recap. A webpage is considered 'mobile friendly' if it meets the following criteria, as detected in real time by Googlebot: Avoids software that is not common on mobile devices, like Flash; Uses text that is readable without zooming; Sizes content to the screen so users don't have to scroll horizontally or zoom; Places links far enough apart so that the correct one can be easily tapped. The company now wants to tackle 'intrusive interstitials' as they 'provide a poorer experience to users than other pages where content is immediately accessible.' After January 10, 2017, pages where content is not easily accessible when coming from mobile search results 'may not rank as highly.' Interstitials that Google doesn't like include showing a popup that covers the main content (immediately or delayed), displaying a standalone interstitial that the user has to dismiss before accessing the main content, and using a layout where the above-the-fold portion is similar to a standalone interstitial but the original content is inlined underneath. Interstitials that Google deems OK include legal obligations (cookie usage or for age verification), login dialogs on sites where content is not publicly indexable, and banners that use a reasonable amount of screen space and are easily dismissible."
Electronic Frontier Foundation

US Customs and Border Protection Wants To Know Who You Are On Twitter (eff.org) 346

An anonymous reader quotes a report from Electronic Frontier Foundation: U.S. border control agents want to gather Facebook and Twitter identities from visitors from around the world. But this flawed plan would violate travelers' privacy, and would have a wide-ranging impact on freedom of expression -- all while doing little or nothing to protect Americans from terrorism. A proposal has been issued by U.S. Customs and Border Protection to collect social media handles from visitors to the United States from visa waiver countries. The Electronic Frontier Foundation opposes the proposal and has commented on it individually and as part of a larger coalition. "CBP specifically seeks 'information associated with your online presence -- Provider/Platform -- Social media identifier' in order to provider DHS 'greater clarity and visibility to possible nefarious activity and connections' for 'vetting purposes,'" reports EFF. "In our comments, we argue that would-be terrorists are unlikely to disclose social media identifiers that reveal publicly available posts expressing support for terrorism." They say this plan "would unfairly violate the privacy of innocent travelers," would cause "innocent travelers" to "engage in self-censorship, cutting back on their online activity out of fear of being wrongly judged by the U.S. government," and would lead to a "slippery slope, where CBP would require U.S. citizens and residents returning home to disclose their social media handles, or subject both foreign visitors and U.S. persons to invasive device searches at ports of entry with the intent of easily accessing any and all cloud data."
Cellphones

Samsung Plans To Sell Refurbished High-End Smartphones In 2017 (reuters.com) 82

An anonymous reader quotes a report from Reuters: Samsung Electronics Co Ltd plans to launch a program to sell refurbished used versions of its premium smartphones as early as next year, a person with direct knowledge of the matter told Reuters. The world's top smartphone maker will refurbish high-end phones returned to the company by users who signed up for one-year upgrade programs in markets such as South Korea and the United States. Samsung would then re-sell these phones at a lower price, the person said, declining to be identified as the plan was not yet public. The person declined to say how big a discount the refurbished phones would be sold at, which markets the phones would be sold in or how many refurbished devices Samsung could sell. It was not clear to what extent the phones would be altered, but refurbished phones typically are fitted with parts such as a new casing or battery. Refurbished phones could help vendors such as Samsung boost their presence in emerging markets such as India, where high-end devices costing $800 or so are beyond most buyers. Samsung's refurbishment program, details of which the person said could be finalized as early as 2017, could help the firm generate revenue from dated high-end smartphones returned by users upgrading to newer versions.
Television

North Korea Unveils Netflix-Like Streaming Service Called 'Manbang' (bbc.com) 162

North Korea has unveiled a set-top box that offers video-on demand services similar to Netflix. The service is called Manbang, which translates to "everywhere" in Korean, and allows consumers to stream documentaries about Kim Jong Un and other "educational" programs, as well as five live TV channels. "If a viewer wants to watch, for instance, an animal movie and sends a request to the equipment, it will show the relevant video to the viewer [...] this is two-way communications," according to NK News. It reportedly works by plugging the set-top box into an internet modem, then connecting an HDMI cable from the cable box to the TV. A very small number of North Koreans will actually be able to use the device as "only a few thousand [...] have access to the state-sanctioned internet, in a nation of 25 million people," reports New York Daily News.
Botnet

'Smart' Electrical Socket Leaks Your Email Address, Can Launch DDoS Attacks (softpedia.com) 82

An anonymous reader writes from a report via Softpedia: There is an insecure IoT smart electrical socket on the market that leaks your Wi-Fi password, your email credentials (if configured), and is also poorly coded, allowing attackers to hijack the device via a simple command injection in the password field. Researchers say that because of the nature of the flaws, attackers can overwrite its firmware and add the device to a botnet, possibly using it for DDoS attacks, among other things. Bitdefender didn't reveal the device's manufacturer but said the vendor is working on a fix, which will be released in late Q3 2016. Problems with the device include a lack of encryption for device communications and the lack of any basic input sanitization for the password field. "Up until now most IoT vulnerabilities could be exploited only in the proximity of the smart home they were serving, however, this flaw allows hackers to control devices over the internet and bypass the limitations of the network address translation," says Alexandru Balan, Chief Security Researcher at Bitdefender. "This is a serious vulnerability, we could see botnets made up of these power outlets."
Programming

The $5 Onion Omega2 Gives Raspberry Pi a Run For Its Money (dailydot.com) 124

An anonymous reader writes from a report via The Daily Dot: Onion's Omega2 computer may give the Raspberry Pi a run for its money if the success of the Kickstarter campaign is any indication. The Daily Dot reports: "With an initial goal of just $15,000, over 11,560 backers have pledged the company $446,792 in hopes of getting their hands on this little wonder board. So why are thousands of people losing their minds? Simple; the Omega2 packs a ton of power into a $5 package. Billed as the world's smallest Linux server, complete with built-in Wi-Fi, the Omega2 is perfect for building simple computers or the web connected project of your dreams. The tiny machine is roughly the size of a cherry, before expansions, and runs a full Linux operating system. For $5 you get a 580MHz CPU, 64MB memory, 16MB storage, built-in Wi-Fi and a USB 2.0 port. A $9 model is also available with 128MB of memory, 32MB of storage, and a MircoSD slot. The similarly priced Raspberry Pi Zero comes with a 1GHz Arm processor, 512MB of memory, a MicroSD slot, no onboard storage, and no built-in Wi-Fi. Omega2 supports the Ruby, C++, Python, PHP, Perl, JavaScript (Node.js), and Bash programming languages, so no matter your background in coding you should be able to figure something out." You can also add Bluetooth, GPS, and 2G/3G support via add-ons or expansions. It looks promising, though it is a Kickstarter campaign and the product may not come into fruition.
Google

Malware That Fakes Bank Login Screens Found In Google Ads (fastcompany.com) 120

tedlistens quotes a report from Fast Company: For years, security firms have warned of keystroke logging malware that surreptitiously steals usernames and passwords on desktop and laptop computers. In the past year, a similar threat has begun to emerge on mobile devices: So-called overlay malware that impersonates login pages from popular apps and websites as users launch the apps, enticing them to enter their credentials to banking, social networking, and other services, which are then sent on to attackers. Such malware has even found its way onto Google's AdSense network, according to a report on Monday from Kaspersky Lab. The weapon would automatically download when users visited certain Russian news sites, without requiring users to click on the malicious advertisements. It then prompts users for administrative rights, which makes it harder for antivirus software or the user to remove it, and proceeds to steal credentials through fake login screens, and by intercepting, deleting, and sending text messages. The Kaspersky researchers call it "a gratuitous act of violence against Android users." "By simply viewing their favorite news sites over their morning coffee users can end up downloading last-browser-update.apk, a banking Trojan detected by Kaspersky Lab solutions as Trojan-Banker.AndroidOS.Svpeng.q," according to the company. "There you are, minding your own business, reading the news and BOOM! -- no additional clicks or following links required." The good news is that the issue has since been resolved, according to a Google spokeswoman. Fast Company provides more details about these types of attacks and how to stay safe in its report.
China

China Launches World's First Quantum Communications Satellite (theverge.com) 102

hackingbear quotes a report from The Verge: China's quantum network could soon span two continents, thanks to a satellite launched earlier today. Launched at 1:40pm ET, the Quantum Science Satellite is designed to distribute quantum-encrypted keys between relay stations in China and Europe. When working as planned, the result could enable unprecedented levels of security between parties on different continents. China's new satellite would put that same fiber-based quantum communication system to work over the air, utilizing high-speed coherent lasers to connect with base stations on two different continents. The experimental satellite's payload also includes controllers and emitters related to quantum entanglement. The satellite will be the first device of its kind if the quantum equipment works as planned. According to the Wall Street Journal, the project was first proposed to the European Space Agency in 2001 but was unable to gain funding.
Privacy

Tim Cook: Privacy Is Worth Protecting (washingtonpost.com) 120

An anonymous reader writes from InformationWeek: In a wide-ranging interview with The Washington Post, Apple's CEO Tim Cook talks iPhones, AI, privacy, civil rights, missteps, China, taxes, and Steve Jobs -- all without addressing rumors about the company's Project Titan electric car. One of the biggest concerns Tim Cook has is with user privacy. Earlier this year, Apple was in the news for refusing a request from the U.S. Department of Justice to unlock a suspected terrorist's iPhone because Apple argued it would affect millions of other iPhones, it was unconstitutional, and that it would weaken security for everyone. Cook told the Washington Post: "The lightbulb went off, and it became clear what was right: Could we create a tool to unlock the phone? After a few days, we had determined yes, we could. Then the question was, ethically, should we? We thought, you know, that depends on whether we could contain it or not. Other people were involved in this, too -- deep security experts and so forth, and it was apparent from those discussions that we couldn't be assured. The risk of what happens if it got out, could be incredibly terrible for public safety." Cook suggest that customers rely on companies like Apple to set up privacy and security protections for them. "In this case, it was unbelievably uncomfortable and not something that we wished for, wanted -- we didn't even think it was right. Honestly? I was shocked that [the FBI] would even ask for this," explained Cook. "That was the thing that was so disappointing that I think everybody lost. There are 200-plus other countries in the world. Zero of them had ever asked [Apple to do] this." Privacy is a right to be protected, believes Cook: "In my point of view, [privacy] is a civil liberty that our Founding Fathers thought of a long time ago and concluded it was an essential part of what it was to be an American. Sort of on the level, if you will, with freedom of speech, freedom of the press."
Google

Google Working On New 'Fuchsia' OS (digitaltrends.com) 145

An anonymous reader writes: Google is working on a new operating system dubbed Fuchsia OS for smartphones, computers, and various other devices. The new operating system was spotted in the Git repository, where the description reads: "Pick + Purple == Fuchsia (a new Operating System). Hacker News reports that Travis Geiselbrech, who worked on NewOS, BeOS, Danger, Palm's webOS and iOS, and Brian Swetland, who also worked on BeOS and Android will be involved in this project. Magenta and LK kernel will be powering the operating system. "LK is a kernel designed for small systems typically used in imbedded applications," reads the repository. "On the other hand, Magenta targets modern phones and modern personal computers with fast processors, non-trivial amounts of RAM with arbitrary peripherals doing open-ended computation." It's too early to tell exactly what this OS is meant for. Whether it's for an Android and Chrome OS merger or something completely new, it's exciting nonetheless.
Republicans

Cracking The Code On Trump Tweets (time.com) 330

jIyajbe writes: From Electoral-Vote.com: "A theory has been circulating that the Donald Trump tweets that come from an Android device are from the candidate himself, while the ones that come from an iPhone are the work of his staff. David Robinson, a data scientist who works for Stack Overflow, decided to test the theory. His conclusion: It's absolutely correct. Robinson used some very sophisticated algorithms to analyze roughly 1,400 tweets from Trump's timeline, and demonstrated conclusively that the iPhone tweets are substantively different than the Android tweets. The former tend to come later at night, and are vastly more likely to incorporate hashtags, images, and links. The latter tend to come in the morning, and are much more likely to be copied and pasted from other people's tweets. In terms of word choice, the iPhone tweets tend to be more neutral, with their three most-used phrases being 'join,' '#trump2016,' and '#makeamericagreatagain.' The Android tweets tend to be more emotionally charged, with their three most-used phrases being 'badly,' 'crazy,' and 'weak.'" reifman adds: In an excellent forensic text analysis of Trump's tweets with the Twitter API, data geek David Robinson demonstrates Trump authors his angriest, picture-less, hashtag-less Android tweets often in the morning, while staff tweet from an iPhone with pictures, hashtags and greater joy mostly in the middle of the day. Robinson's report was inspired by a tweet by artist Todd Vaziri. As for why Robinson decided to look into Trump's tweets, he told TIME, "For me it's more about finding a really interesting story, a case where people suspect something, but don't have the data to back it up. For me it was much more about putting some quantitive details to this story that has been going around than it was about proving something about Trump's campaign."
Security

Samsung Pay Hack Lets Attackers Make Fraudulent Payments (theverge.com) 16

jmcbain writes: The Verge reports that a security researcher at DefCon outlined a number of attacks targeting Samsung Pay, Samsung's digital payment system that runs on their smartphones. According to the article, the attack "[focuses] on intercepting or fabricating payment tokens -- codes generated by the user's smartphone that stand in for their credit card information. These tokens are sent from the mobile device to the payment terminal during wireless purchases. [They expire 24 hours after being generated and are single-use only.]" In a response, Samsung said that "in certain scenarios an attacker could skim a user's payment token and make a fraudulent purchase with their card," but that "the attacker must be physically close to the target while they are making a legitimate purchase."
Data Storage

Seagate Reveals 'World's Largest' 60TB SSD (zdnet.com) 162

An anonymous reader writes: While Samsung has the world's largest commercially available SSD coming in at 15.36TB, Seagate officially has the world's largest SSD for the enterprise. ZDNet reports: "[While Samsung's PM1633a has a 2.5-inch form factor,] Seagate's 60TB Serial Attached SCSI (SAS) SSD on the other hand opts for the familiar HDD 3.5-inch form factor. The company says that its drive has "twice the density and four times the capacity" of Samsung's PM1633a, and is capable of holding up to 400 million photos or 12,000 movies. Seagate thinks the 3.5-inch form factor will be useful for managing changing storage requirements in data centers since it removes the need to support separate form factors for hot and cold data. The company says it could also scale up capacity to 100TB in the same form factor. Seagate says the 60TB SSD is currently only a 'demonstration technology' though it could release the product commercially as early as next year. It hasn't revealed the price of the unit but says it will offer 'the lowest cost per gigabyte for flash available today.'"
Businesses

Report: Apple Watch 2 Coming Late 2016 With GPS, Faster Processor and Better Waterproofing (9to5mac.com) 159

An anonymous reader writes: Apple analyst KGI's Ming-Chi Kuo says the Apple Watch 2 is right around the corner. The analyst says the Watch will arrive in late 2016 and will likely be announced alongside the iPhone 7 in September. It will reportedly feature a GPS, barometer, better waterproofing, as well as a new internal SoC for faster performance. Those looking for a fresh new design may be disappointed as KGI does not expect the physical design of the watch to change at all. The Apple Watch 2 will essentially be an 'iPhone S' update, where it keeps the same physical design with improved internal specifications. In addition to the updated Apple Watch 2, Apple is expected to update the original Apple Watch with a new SoC to improve CPU and GPU performance. The price of the Apple Watch in general should be cut even further than it already has. The original Apple Watch could receive more than a $50 reduction in its pricing, possibly pushing it below the $200 mark. We should know more in early September when Apple unveils the iPhone 7.

Slashdot Top Deals