Pokémon Go owners to sue developers over third-party hacks

The Pokémon Company has sent out at least one cease and desist letter to an independent developer threatening prosecution under the Computer Fraud and Abuse Act. The letter, sent to GitHub user Mila432 and reposted online, contains a detailed breakdown of how the developer violated Pokémon Go's terms of service with a reverse-engineered application programming interface (API). It also says the developer may be subject to legal action if he or she does not comply with the company's demands.

"Your actions ... potentially violate the Computer Fraud and Abuse Act, a statute that prohibits the unauthorized access of servers and access which exceeds authorization as well as similar state statues," the letter reads. "And your inducement of others to violate numerous terms of service provisions violates the CFAA."

Mila432's API, released online over at code repository GitHub was designed to automate Pokémon Go play. It allows any third-party developer to create bots that could play the game without user input by effectively simulating the software and communicating with the game's servers. The Pokémon Company says this API violates the Pokémon terms of use, which governs the use of the Pokémon Trainer Club account system for logging into the game. It also allegedly violates the Pokémon Go terms of service, which dictate how users interact with the game, its servers, and any data involved in the communication between the two.

The Pokémon Company has banned Mila432 from accessing any Pokémon-related service, and it's also asking the developer remove the API from GitHub within seven days. The letter was first received on July 28th and the API remains live over at GitHub, where it has been starred more than 2,250 times. Mila432 was not immediately available for comment.

This appears to be a significant escalation in how Pokémon Go's creators are handling any abuse of the service. Starting this week, developer Niantic begin restricting how third-party APIs access its servers, effectively breaking many of the popular pokémon-tracking apps used to locate different creatures on a virtual map. 

This was, according to Niantic CEO John Hanke, a decision the company felt it had to make to ensure the game was played fairly and to reduce the amount of strain being placed on its servers. "We have limited access by third-party services which were interfering with our ability to maintain quality of service for our users and to bring Pokémon GO to users around the world," Niantic wrote in a Facebook post on Monday.

The creator of the most popular Pokémon Go mapping API has not received a cease and desist letter.

That API is still available at GitHub as well. Enabling people to use bots to play the game would seem to be where Niantic and The Pokémon Company draw the line. It even now appears hacking and taking advantage of exploits is now a reason for a permanent game ban.

Read More

GENETICALLY MODIFIED MOSQUITOES FOR RELEASE IN FLORIDA

TARGET THE AEDES AEGYPTI MOSQUITOES THAT TRANSMIT ZIKA AND OTHER DISEASES

Today, the U.S. Food And Drug Administration (FDA) gave its support for a biotech company to release genetically modified mosquitoes into the Florida Keys in an effort to stop the spread of diseases, including Zika.

The “green light” comes after months long debates, including comments from the general public.
Biotech company Oxitec submitted a draft of its plan in March to release thousands of genetically modified male Aedes Aegypti mosquitoes into the area. This is the species of mosquito that carries and transmits Zika, dengue, and other nasty diseases. But Oxitec's version of these mosquitoes come with a genetic twist: a gene that wipes out any offspring they produce with wild female mosquitoes before the baby mosquitoes reach reproductive age.

The hope is that this will curb the local mosquito population, reducing the risk of diseases spreading.

After reviewing the draft, the FDA has called the proposal to have a “Finding of No Significant Impact (FONSI).” However, this doesn’t mean Oxitec is free to release the mosquitoes whenever. Oxitec now needs to gain additional approval from the Florida Keys Mosquito Control District, who will vote on the proposal this fall.

That said, the FDA approval is a major step forward for the use of this type of GMO mosquito in general. That's especially true given the recent news of a (so-far) small outbreak of Zika in the Miami area, which health officials say was transmitted by local mosquitoes.

via : popsci

Read More

Pokemon Go is now Officially available on Android and iOS devices in the Philippines, Singapore, Thailand, Vietnam, and Taiwan

Gamers in as many as 37 countries have been having fun with latest international sensation "Pokemon Go" for weeks now, but people in most Asian countries, including India, China, South Korea, Malaysia, Singapore, Thailand, Taiwan, and Philippines are still waiting for its release. Japan and Hong Kong are the only places in Asia that have received the game.

The wait is OVER

#PokemonGO is now available on Android and iOS devices in the Philippines, Singapore, Thailand, Vietnam, and Taiwan.

  Download the Official APP at Google Play by Niantic,Inc.

source : POKEMONGO Twitter

Read More

The Washington Post will use Robots to cover the Rio Olympics 2016

The Washington Post announced today that it will use artificial intelligence to report key information about the Olympics.

The software will contribute The Post’s coverage of Rio 2016 by posting raw data and short updates, while a team of human reporters will provide readers with analysis and more in-depth articles.

Heliograf, as the team calls its robot reporter, will take information from sports data company Stats.com and turn it into short narratives.

Starting tomorrow morning, these multi-sentence updates will appear in the Post’s live blog, on Twitter at @WPOlympicsbot and via the Post’s bot for Facebook Messenger. An audio version will be available on Amazon Echo. 

The goal is to post more than 300 stories on the live blog and 600 updates on Twitter, Echo and Messenger during the Olympics, said Jeremy Gilbert, director of strategic initiatives at The Washington Post. The live blog will feature updates not only from Heliograf, but also from the Post’s correspondents in Rio and the sports team in DC.

Heliograf has a safety mechanism to check the data, explained Sam Han, engineering director of data science at the Post. The systems analyzes the data automatically; if any potential error or suspicious results are identified, Heliograf reports them to the editorial staff.

The software was developed in-house starting six months ago by using data from primary elections during the testing phase.

source: Washington Post

Read More

DARPA’s Cyber Grand Challenge top two teams were awarded $2 million and $1 million

DARPA officials this morning released partial final, audited results of yesterday’s all-day Cyber Grand Challenge (CGC) Final Event—the world’s first all-machine cyber hacking tournament—and confirmed that the top-scoring machine was Mayhem, developed by team ForAllSecure of Pittsburgh.

Second place was formally awarded to Xandra, a cyber reasoning system developed by TECHx of Ithaca, N.Y., and Charlottesville, Va.

The third-place designation is pending verification by the Cyber Grand Challenge Competition Framework Team and the DARPA Verification team. The DARPA Verification team is currently engaged in a third run of its event replay verification system.

At a ceremony held in the ballroom of the Paris Las Vegas Conference Center, DARPA Director Arati Prabhakar and CGC program manager Mike Walker congratulated the winners and thanked all of the seven competing finalist teams for helping DARPA achieve its goal of accelerating the development of advanced, autonomous systems that can detect, evaluate, and patch software vulnerabilities before adversaries have a chance to exploit them.

After some 8 hours of battle at a ballroom held in the Paris  hotel Las Vegas Conference Center in conjunction with DEF CON, America’s biggest hacking conference and home to many of the world’s top cyber defense experts. Paris (some highlights), the victor emerged.



All teams received trophies for their efforts and the top two teams were awarded $2 million and $1 million, respectively, on top of the $750,000 each of the 7 finalists already received.. The other five contestants were:

• Mechanical Phish, a system developed by Shellphish of Santa Barbara, Calif.
• Rubeus, a system developed by Deep Red of Arlington, Va.
• Galactica, a system developed by CodeJitsu of Berkeley, Ca., Syracuse, N.Y., and Lausanne, Switzerland
• Jima, a system developed by CSDS of Moscow, Id.
• Crspy, a system developed by disekt of Athens, Ga.

“DARPA was created nearly 60 years ago to prevent technological surprise, and I can think of no better way of doing that in today’s networked world than by developing automated, scalable systems able to find and fix software vulnerabilities at machine speed,” Prabhakar said. “Our goal in cyber is to break past the reactive patch cycle we're living in today, and unleash the positive power and creative potential of the information revolution.”

Seven teams were invited to Las Vegas to compete on the floor in a 96-round game of “Capture the Flag.” It’s a time-tested competitive hacking game in which teams are assigned servers which must perform certain tasks while constantly being fed new code filled with bugs, security holes, and inefficiencies. Teams must protect their own data while attempting to access that of the others — much like real-life CTF.
The difference in this game is that the players in the game were totally autonomous. Normally a human would be looking at and correcting the code, choosing whether and whom to attack, and so on — but for the CGC, all that has to be done by the system.

The idea is, of course, to produce systems that can patch themselves, watch for intrusions, and so on, with minimal human interaction. It’d be nice to know that your computer is looking out for itself.


Source: DARPA

Read More

Facebook tests MSQRD selfie filters and opening your camerafeed run through the end of the Olympics

We all seen Olympic-themed profile pictures, now Facebook is trying the same starting with an Olympics-themed test in Brazil and Canada. Instead of just the “What are you doing?” text status update prompt, users will see an open camera window as Facebook executes on Mark Zuckerberg’s promise to put “video at the heart of all of our apps.”

The new feature also sports the first official integration of Facebook’s acquisition MSQRD’s animated selfie filters, which are similar to Snapchat’s selfie Lenses.



Using MSQRD’s object recognition tech, users can swipe to apply different Olympics face paint like Brazilian flags and “Go Canada!” that match the contours of their face. People can also add static graphic overlay filters like “Team Canada”, similar to Snapchat’s geofilters, to photos and videos they shoot or upload.

Here’s a demo of the features:



The test that I call the “camerafeed” will roll out today to all iOS and Android users in Canada plus iOS users in Brazil, and run through the end of the Olympics. If users show they prefer the camerafeed design and create more content with it, it could be released to everyone.

According to figures attained by The Information, original content sharing like status updates, photos, and home-made videos, was down 15% year over year on Facebook as of February.

Opening the News Feed to the camera will encourage Facebook’s 1.1 billion daily users to take and share more photos and videos. And thanks the MSQRD filters, people can jazz up their face so they feel less self-conscious or basic about sharing selfies.

When asked where the idea for the camera feed design came from, and whether Snapchat inspired it, Monga was unusually candid, matching the sentiment of Instagram CEO Kevin Systrom who said “They deserve all the credit” when asked about Instagram Stories cloning Snapchat.

Eventually, Facebook wants to build even more “magical augmented reality” into its camera, Monga says. Facebook already had graphic filters called “Profile frames” and the ability to add drawings, text, and doodles to your photo uploads. You also could save animated selfies from MSQRD and upload them to Facebook. But now these features are front and center instead of being buried.

Read More

The world's biggest BitTorrent meta-search engine Torrentz.eu has shut down its operation

The surprise shutdown of Torrentz marks the end of an era. Torrentz.eu was a free, fast and powerful meta-search engine that hosted no torrents of its own, but combined results from dozens of other torrent search engine sites including The Pirate Bay, Kickass Torrents and ExtraTorrent.

The meta-search engine has announced "farewell" to its millions of torrent users without much fanfare, suddenly ceasing its operation and disabling its search functionality.

At the time of writing, the Torrentz.eu Web page is displaying a message that reads in the past tense:

"Torrentz was a free, fast and powerful meta-search engine combining results from dozens of search engines."

When try to run any search or click any link on the site, the search engine refuses to show any search result, instead displays a message that reads:

"Torrentz will always love you. Farewell."

Launched back in 2003, Torrentz has entertained the torrent community for more than 13 years with millions of visitors per day.

However, today, the popular meta-search engine has shut down its operation from all Torrentz domains, including the main .EU domain (both HTTP and  HTTPS version) as well as other backups such as .ME, .CH, and .IN.

TorrentFreak says, there is no news of any arrest or legal takedown of the site in this case. Lets  wait for an official announcement from the site owners.

Read More

FACEBOOK WANTS TO CLEAN UP THE NEWSFEED CLICKBAIT

Facebook is trying to get rid of more of those awful "you won't believe what happened" headlines on your newsfeed. You know, the ones your annoying relatives seem to enjoy posting?

This is going to make certain sites a lot less prominent in your newsfeed—even if mom and dad still click and share them every time.

The announcement doesn't actually indicate the first attempt Facebook has tried to kill clickbait. The first step in that process was a previous algorithmic change that devalued (and therefore showed fewer) stories that lead quickly back to the newsfeed. In other words, links you click, regret clicking, and leave behind to go back to Facebook get penalized.

 
Now Facebook, deepening its commitment, is also targeting language in posts similar to the ones that people regret clicking on. Which means that, if this works right, you'll see fewer ambiguous and misleading headlines promising unbelievable results from whatever situation they're schilling.

Our system identifies posts that are clickbait and which web domains and Pages these posts come from. Links posted from or shared from Pages or domains that consistently post clickbait headlines will appear lower in News Feed.

We’ve heard from people that they specifically want to see fewer stories with clickbait headlines or link titles. These are headlines that intentionally leave out crucial information, or mislead people, forcing people to click to find out the answer. 

For example: “When She Looked Under Her Couch Cushions And Saw THIS… I Was SHOCKED!”; “He Put Garlic In His Shoes Before Going To Bed And What Happens Next Is Hard To Believe”; or “The Dog Barked At The Deliveryman And His Reaction Was Priceless.”


Source: FACEBOOK,

Read More

A 10-year-old found a major flaw in Instagram, earning him a cool $10,000 from Facebook

Before he even reached the age requirement to make a Facebook account, a 10-year-old found a major flaw in Instagram, earning him a cool $10,000 from Facebook.

The youngster, a 10-year-old Finnish kid named Jani, claimed the security flaw he discovered could even allow him to delete Justin Bieber's Instagram comments and captions, should he feel so inclined. Jani showed off his hack to the Instagram team by deleting a comment they posted on a test account.

As the boy's father told the Finnish news site Iltalehti, Jani and his twin brother are fairly prolific at poking holes in seemingly secure websites, but the Instagram hack was their biggest to date.

The $10,000 prize was part of Facebook's Bug Bounty program, which offers rewards to White Hat hackers and other researchers who find bugs or security flaws in their code. In 2015, Facebook reportedly paid out $936,000 to 210 different researchers, out of a grand total of 13,000 submissions. 102 of those submissions were considered "high impact."

Similar to Google's own security rewards program. According to the most recent release from Facebook, the company received over 13,000 submissions from researchers in 2015 alone, 526 of which were valid reports.

In 2015, Facebook paid out a total of $936,000 to 210 researchers, averaging about $1,780 per submission


Source: Iltalehti, Mashable,

Read More

Apple announces $200,000 bug bounty program open for outside security researchers

Unlike many of the other major tech companies, Apple has never had a formal bug bounty program or corporate policy for welcoming outsiders who poke holes in their security features. However, as TechCrunch reports today, Apple's head of Security Engineering and Architecture Ivan Krstic announced at Black Hat that his company will now offer cash bounties of up to $200,000 for hackers and researchers who find and report security flaws in Apple products.

Tech companies hold the keys to some of our most personal information — payment details, health records, chat logs with our lovers and archives of family photos — and, as we hand over more and more private data, it becomes increasingly important that companies earn our trust by keeping it secure. 

The announcement came during Krstic's larger talk about the security features built into some of Apple's newest services. 

According to Securosis CEO and iOS security analyst Rich Mogull, the bounty is "the largest potential payout I'm aware of," but also fairly limited in scope: the guidelines focus on a very specific set of vulnerabilities and Apple is currently working with a select list of researchers. (Although, the company says if someone outside the initial group finds a bug, they can easily be included in the program.) The highest level bounty covers bugs found in secure boot firmware components, but there are also smaller bounties for gaining unauthorized access to things like iCloud account data -- a major talking point after the infamous celebrity photo hack.


The program launches in September with five categories of risk and reward:

• Vulnerabilities in secure boot firmware components: Up to $200,000
• Vulnerabilities that allow extraction of confidential material from Secure Enclave: Up to $100,000
• Executions of arbitrary or malicious code with kernel privileges: Up to $50,000
• Access to iCloud account data on Apple servers: Up to $50,000
• Access from a sandboxed process to user data outside the sandbox: Up to $25,000

While $200,000 might be high for an official corporate bounty program, it's still only a fraction of a payout like the $1 million the FBI reportedly paid hackers to break into an iPhone owned by one of the shooters involved in the San Bernardino incident last year. And such high bounties can also be detrimental to security research in general. On the other hand, Twitter is a more secure place thanks to some $322,420 in bounties it has handed out over the past two years, and a bug bounty from Instagram made one 10-year-old Finnish kid $10,000 richer.

Source: Securosis, TechCrunch,

Read More

Genius SP-906BT: Your Compact Outdoor Companion

The new Bluetooth speaker from Genius is a little beast.

The newest offering of Bluetooth speaker from Genius is a treat to music enthusiasts who sports an active, stylish yet cost-conscious lifestyle.

Design for sound

Genius SP-906BT is equipped with the latest 4.1 Bluetooth technology at a compact size, just about the size of a hand. Designed for mobile and outdoor use, it is lighter than a baseball. But do not be fooled by its size because the SP-906BT delivers crisp audio quality with deep bass performance. 

Its round design is purposely built to give a surround sound experience, even while you’re outside. The smart anti-breaking sound technology assures you of a high fidelity music experience with no break during high or low pitches. Giving off that hyper bass sound is the built-in amplifier that’ll make for an enjoyable listening session. 

  

Performance for value

Expect this puck-sized device to give you a 10-hour playtime of your favorite songs with its 780mAh lithium battery. It’s also compatible to all Bluetooth-enabled devices, making sure you enjoy it with whatever device you have.

And if you’re always looking out for ways on how to bring your music with you everywhere, like going on a hike or biking, the Carabiner hook has got you covered. It’s made of metal paired with silicon rim. It’s highly durable yet flexible, something you need for all of your outdoor activities. Just hook, and go. 

The ease-of-use feature also allows for a hands-free mode where a built-in microphone makes hands free calling a breeze. Receivig and returning calls are made easy with just one press of a button.

A small device packed with knock-out features, the Genius SP-906BT is one Bluetooth speaker you need to get your hands into.

Priced at a pocket-friendly amount of PHP 995.00, it is now available in the Philippines through its exclusive distributor, MSI-ECS. With available colors of black, red and green, this is the perfect outdoor or indoor buddy you need everyday.  

For product availability, you may call MSI-ECS at (02) 688-3512 or email inquiry@msi-ecs.com.ph.

Read More

IBM researcher builds artificial neuron similar to how the process works in an organic brain

The tech giant IBM research center in Zurich created 500 of them to simulate a signal transfer similar to how the process works in an organic brain.

As other research in artificial signaling demonstrate, the real milestones are had when elements can be shrunk down to microscopic scale and still work. That's what makes IBM's accomplishment significant: their faux neurons are built out of well-known materials that can scale down to a few nanometers but can still activate with low energy, points out Ars Technica.

Organic neurons have membranes acting as signal gates that take a certain amount of energy to absorb. In the IBM version, that role is taken by a square of Germanium-Antimony-Tellerium (GST), a common ingredient in optical disks. Heat the GST enough and it changes its physical phase, from an amorphous insulator to a crystalline conductor. In other words, signal passes through when the faux membrane is hit with enough electricity to change into its crystal phase, then it resets to its amorphous one.

“We have been researching phase-change materials for memory applications for over a decade, and our progress in the past 24 months has been remarkable,” said IBM Fellow Evangelos Eleftheriou. “In this period, we have discovered and published new memory techniques, including projected memory, stored 3 bits per cell in phase-change memory for the first time, and now are demonstrating the powerful capabilities of phase-change-based artificial neurons, which can perform various computational primitives such as data-correlation detection and unsupervised learning at high speeds using very little energy.”

But the scientists needed the artificial neuron to have another characteristic of its organic counterpart: stochiasticity, or some randomness in when signals will fire. IBM says its neurons achieve this because its GST membranes never reset to the same configuration. This lets groups of them unexpectedly accomplish things that they could not if their results were perfectly predictable.




With these neurons, scientists may be able to create computers mimicking the efficient, parallel processing design of organic brains and apply its style of approach to decision-making and processing sensory information, suggests Ars Technica. But as they point out, constructing it might be the easy point: writing software for that kind of setup will be another challenge entirely.

Source: IBM press

Read More

New York state might not just ban sex offenders from playing games like Pokémon Go

New York state might not just ban sex offenders from playing games like Pokémon Go -- it may eliminate the incentives for them to play, too. A group of senators have introduced a bill No: S08173 that would prevent augmented reality game developers from placing objectives (such as pokéstops) within 100 feet of where a registered sex offender lives. Companies that don't heed the warning could face fines of up to $100 per day for every location that violates the legislation.

 Bill No: S08173


The measure has yet to reach a vote, and there's no guarantee that it'll become law. It certainly faces some daunting obstacles. The bill could easily be considered redundant when there's already a ban on offenders playing AR games, and banning objectives may cause serious problems for players in dense urban areas like New York City. Also, it's not as if this would stop determined offenders -- they'd just have to walk a little farther from home to find their targets. As important as children's safety is, the bill might not do much to help.

Source: New York State Assembly,

Read More

Facebook opens Area 404 - A giant hardware lab to build its future

Facebook just opened Area 404 (yes, a play on "site not found"), a massive 22,000 square foot facility at its Menlo Park headquarters that will handle the brunt of Facebook's hardware "modeling, prototyping and failure analysis." Unlike some labs, it's not segmented into product-specific divisions -- instead, there are only electrical engineering and prototyping workshop sections. It's designed to encourage cross-team collaboration that could lead to discoveries that might not happen in an isolated group.

The prototyping half includes some heavy-duty equipment that you'd be more likely to see in a factory than an internet veteran's campus. It touts lathes, milling machines, water jets and other devices that can cut or shape everything from metal to stone. There's also a CT scanner and an electron microscope to detect miniscule flaws.

The lab consists of two main areas: the electrical engineering labs and the prototyping workshops. The electrical engineering labs provide space and equipment for the various teams to test and debug their designs. Much of the work in these labs is very specialized, with equipment setups that are custom to the products being developed. The prototyping workshops are stocked with a variety of machine tools, including multi-axis computer numerically controlled (CNC) machines, that enable teams to quickly iterate on complex problems. Some of those machines are:

• 9-axis mill-turn lathe, used for making complex components that require tight tolerance turning features and milling features on a single part, like our custom-designed, two-axis gimbal for air-to-air and air-to-ground laser communications. With this machine, we can make these parts in one setup and in low volume production; without this machine, parts would have to be machined in multiple setups on multiple machines, which is slow and error-prone.
• 5-axis vertical milling machine, capable of producing extremely large, complex, and accurate prototypes by machining with all five axes simultaneously. This machine allows us to create large and extremely complex geometry — like parts associated with Terragraph — rapidly.
• 5-axis water jet, capable of cutting full 10' x 5' sheets of material, including aluminum, steel, granite, stone, etc. The jet is powerful enough to cut through a sheet of one of these materials that is several inches thick.
• Sheet metal shear and folder, two machines used for sheet metal prototyping. The folder is a CNC machine that can be programmed to bend complex sheet metal components, such as the components making up our custom-built server racks.
• CNC fabric cutter, used to cut any fabric quickly and accurately based on a 2D engineering design.
• Coordinate measuring machine (CMM), used to inspect prototypes to ensure they are within specifications that are calculated by the engineer. The machine is also capable of reverse-engineering a part and turning it into a 3D computer model.
• Electron microscope and CT scanner, used for examining components for failure analysis and can produce 3D, X-ray images for inspection. During prototyping, it's important that we can pinpoint where to make improvements.

A lab like this was really just a matter of time, since Facebook only has so much room to develop hardware in its existing facilities without looking for outside help. Still, it's a telltale sign of how much the company has changed. The days of Facebook focusing strictly on social services are long gone -- this is a general tech company where physical products are equally important to its future.

Source: Facebook Code

Read More

New exploit can attack secure websites via ads

The HTTPS cryptographic scheme protecting millions of websites is vulnerable to a newly revived attack that exposes encrypted e-mail addresses, social security numbers, and other sensitive data even when attackers don't have the ability to monitor a targeted end user's Internet connection.

Security researchers at KU Leuven have discovered an attack technique, HEIST (HTTP Encrypted Information can be Stolen Through TCP-Windows), that helps compromise an encrypted website using only a JavaScript file hidden in a maliciously-crafted ad or page. Unlike many similar attacks, you don't need a man-in-the-middle spot to make this work -- it can gauge the size of an encrypted response (and thus enable an attack) all on its own. Combine it with another technique and it's relatively easy to pluck sensitive info from encrypted data traffic, such as email addresses and banking details.

The team's Tom Van Goethem tells Ars Technica that the only surefire way to prevent attacks in the short term is to disable third-party cookies. That's not hard to do (multiple browsers have an option for it), but it's rarely turned on by default. Thankfully, the researchers have already revealed their findings to Google and Microsoft. It's not certain that they'll have patches in place soon, but the advance disclosure at least raises hope that this latest exploit won't be available forever.

Source: Black Hat,

Read More

According Security Researchers, Advertisers Are Tracking You via Phone's Battery Status

Two security researchers, Steve Engelhard and Arvind Narayanan, from Princeton University, have published a paper describing how phone's battery status has already been used to track users across different websites.

The issue is due to the Battery Status API (application programming interface).


The battery status API was first introduced in HTML5 and had already shipped in browsers including Firefox, Chrome, and Opera by August last year.

The API is intended to allow site owners to see the percentage of battery life left on a laptop, tablet, or smartphone in an effort to deliver an energy-efficient version of their sites.

However, researchers warned last year about the API’s potential threat that could turn your battery level into a "fingerprintable" tracking identifier. Potentially providing a pseudo-unique identifier for each device that can be used to pinpoint specific devices between sites they visit.

 One of those researchers named Lukasz Olejnik has published a blog post this week, saying that companies are currently leveraging the potential of this battery status information.

"Some companies may be analyzing the possibility of monetising the access to battery levels," he writes. "When a battery is running low, people might be prone to some - otherwise different - decisions. In such circumstances, users will agree to pay more for a service."

Set for example  Uber's head of economic research Keith Chen said the company had been monitoring the battery life of its users, as it knows users are more likely to pay a much higher price to hire a cab when their phone's battery is close to dying.

Olejnik underlined the latest research by Engelhard and Narayanan, who discovered two tracking scripts of shady code running on the Internet at large scale, which take advantage of battery status API and currently tracking users.

Battery readouts provide the following information:

• the current level of battery (format: 0.00-1.0, for empty and full, respectively)
• time to a full discharge of battery (in seconds)
• time to a full charge of battery, if connected to a charger (in seconds)

Those values are updated whenever a new value is supplied by the operating system

The duo explains that they observed the behavior of two actual scripts and suggested the companies and other entities are perhaps leveraging this technique for their own purposes.

    "These features are combined with other identifying features used to fingerprint a device," the researchers write in their paper titled, "Online Tracking: A 1-million-site measurement and analysis."

    "Some companies may be analyzing the possibility of monetising the access to battery levels," Olejnik writes.

There's hardly any way to mitigate against this attack. Unlike Google or Facebook or any Social Media that tracks only your browsing history. Nothing works: Deleting browser cookies or using VPNs and AdBlockers will not solve your problem.

Read More

Iranian hackers have compromised more than a dozen accounts on the Telegram

Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system

The attacks, which took place this year and have not been previously reported, jeopardized the communications of activists, journalists and other people in sensitive positions in Iran, where Telegram is used by some 20 million people, said independent cyber researcher Collin Anderson and Amnesty International technologist Claudio Guarnieri, who have been studying Iranian hacking groups for three years.

Telegram - prides itself on private messaging that lets activists escape government censorship and crackdowns.

Security researchers speaking to Reuters say that an Iranian hacking group has not only breached over a dozen Telegram accounts, but identified the phone numbers of over 15 million of the service's users in the country. The intruders reportedly intercepted SMS authentication codes and used those to add devices to their accounts, letting them read messages and impersonate others. To get the phone numbers, they took advantage of a Telegram programming interface.

It tells Reuters that you can protect against these attacks by creating a strong password (which is strictly optional) that would add a layer of security.

 

It's not certain that the Iranian government is behind the attacks. However, the culprits (Rocket Kitten) have launched phishing campaigns that reflect official "interests and activities," according to the researchers. Also, the compromised targets included members of both opposition and reform groups -- and it's safe to say that some of those 15 million phone numbers could expose other activists and journalists.

source: REUTERS,

Read More

China Unveiled TEB - Transit Elevated Bus proof of concept demo can let cars drive under it

Unveiled in Hebei province's Qinhuangdao, city China yesterday. This "Transit Elevated Bus" or "TEB" in short is designed to handle 300 passengers, and it comes in at 22 meters long, 7.8 meters wide plus 4.8 meters tall. That's right, it's only a tad taller than a double-decker bus for the sake of existing bridges in China, so only cars less than two meters tall can drive under the TEB.

The TEB runs on sixteen tired wheels and is guided by eight pairs of rail wheels. It's supposed to reach 40 to 50 km/h (about 25 to 31 mph) just 300-meter demo instead of the original 1km distance.

It was more of a proof of concept demo rather than a technical test run, because the vehicle here isn't the real deal. No bridges, no traffic lights, no crosswalks and no turns. Still, it was able to wow some folks, especially those who were allowed to board the TEB to get a taste of the large space inside -- a bit like an enlarged subway train as opposed to having long rows of seats like a ferry.

Could this the answer for the heavy TRAFFIC? 


Source: Xinhua,

Read More

IBM's new nanoscale exosome sorting technology could lead to home diagnostic tools

It’s long been understood that early disease detection is the key to successful treatments. But annual checkups with a doctor might not be frequent enough to help. So imagine if you could forego a trip to the doctor’s office and detect any disease with a simple urine or saliva test at home.

New research from IBM could lead to lab-on-a-chip virus detection technology that would enable let patients monitor their health by analyzing saliva or urine samples at home.

Specifically, IBM has made a breakthrough in nanoscale deterministic lateral displacement (DLD) -- a method of separating viruses and other health threats from DNA in fluid samples. The process kind of works like a pachinko machine, albeit less random: Fluids are filtered through a series of tiny pillars that separate elements by size. The technology has been used in the past to isolate parasites and other larger targets.

(image source www.nature.com)

Now, IBM has used silicon technologies to build a nanoscale DLD process capable of targeting exosomes, demonstrating that a DLD can be used to filter obects in the 20 to 110 nanometer scale. That's small enough to detect viruses or markers that could be associated with potential cancers.

DLD has been used to sort and separate micrometer-scale organisms, like parasites, but it has never been used for sorting nanoscale targets, like viruses. (See Jonas Tegenfeldt and Stefan Holms’ video below.)


The IBM team believe that within a year it will be possible to determine whether this device can sort and detect viruses from biological fluids, the key requirements for generating a mobile, easy-to-us,e and rapid diagnostic platform.

Naturally, it's pretty early in the research, and IBM says it will need more time to figure out if this kind of technology could feasibly and reliably be used to analyze fluids. If it can, however, it could lead to more affordable, compact methods of detecting illnesses -- and possibly in-home devices for self-monitoring, and open the door for new early-treatment options.

Source: Nature, Spectrum,

Read More

Notifying Android users when new devices access your Google account

Google is introducing native Android notifications that pop up whenever a new device accesses your account, giving you a chance to change your password before an intruder goes on a shopping spree using your credentials. If you're ever suspicious, it takes one tap to review what happened.

The feature is rolling out gradually, and Google notes that it make take over two weeks for some people to see the change. Whenever it does arrive, it should provide a useful safeguard against data breaches and the surprise bills that frequently follow.

Source: Google Apps Updates

Read More