Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Security

"BadUSB" Exploit Makes Devices Turn "Evil" 175

Posted by timothy
from the thinkgeek-had-something-funnier-years-ago dept.
An anonymous reader writes with s snippet from Ars Technica that should make you (even more) skeptical about plugging in random USB drives, or allowing to persons unknown physical access to you computer's USB ports : When creators of the state-sponsored Stuxnet worm used a USB stick to infect air-gapped computers inside Iran's heavily fortified Natanz nuclear facility, trust in the ubiquitous storage medium suffered a devastating blow. Now, white-hat hackers have devised a feat even more seminal—an exploit that transforms keyboards, Web cams, and other types of USB-connected devices into highly programmable attack platforms that can't be detected by today's defenses. Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices.
Android

Google, Linaro Develop Custom Android Edition For Project Ara 45

Posted by timothy
from the things-you-want-to-see-folded-in dept.
rtoz writes with this excerpt from an IDG story about the creation of an Android fork made just for Google's modular cell-phone project : A special edition of Android had to be created for the unique customizable design of Project Ara, said George Grey, CEO of Linaro. ... Android can already plug and play SD cards. But Grey said additional OS functionality is needed for storage, cameras and other modules that are typically inside smartphones, but can now be externally added to Project Ara. A lot of work is also being done on UniPro transport drivers, which connect modules and components in Project Ara. UniPro protocol drivers in Android will function much like the USB protocol, where modules will be recognized based on different driver "classes," such as those for networking, sensor, imaging, input and others. Some attachable parts may not be recognized by Android. For those parts, separate drivers need to be developed by module makers through emulators. "That will be need to be done in a secure system so the device can't do damage to the system," Grey said. Project Ara is a very disruptive concept, and it turns around conventional thinking on how to build phones, Grey said.
Android

Old Apache Code At Root of Android FakeID Mess 127

Posted by Soulskill
from the write-once-run-anywhere dept.
chicksdaddy writes: A four-year-old vulnerability in an open source component that is a critical part of Android leaves hundreds of millions of mobile devices susceptible to silent malware infections. The vulnerability affects devices running Android versions 2.1 to 4.4 ("KitKat"), according to a statement released by Bluebox. The vulnerability was found in a package installer in affected versions of Android. The installer doesn't attempt to determine the authenticity of certificate chains that are used to vouch for new digital identity certificates. In short, Bluebox writes, "an identity can claim to be issued by another identity, and the Android cryptographic code will not verify the claim."

The security implications of this are vast. Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems. Once installed, vulnerable versions of Android will treat the application as if it was actually signed by Adobe and give it access to local resources, like the special webview plugin privilege, that can be used to sidestep security controls and virtual 'sandbox' environments that keep malicious programs from accessing sensitive data and other applications running on the Android device. The flaw appears to have been introduced to Android through an open source component, Apache Harmony. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.

Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged.
Graphics

$299 Android Gaming Tablet Reviewed 65

Posted by timothy
from the is-$300-an-impulse-buy? dept.
Vigile (99919) writes "Last week NVIDIA announced the SHIELD Tablet and SHIELD Controller, and reviews are finally appearing this morning. Based on the high performance Tegra K1 SoC that integrates 192 Kepler architecture CUDA cores, benchmarks reveal that that the SHIELD Tablet is basically unmatched by any other mobile device on the market when it comes to graphics performance — it is more than 2.5x the performance of the Apple A7 in some instances. With that power NVIDIA is able to showcase full OpenGL versions of games like Portal and Half-Life 2 running at 1080p locally on the 19:12 display or output to a TV in a "console mode." PC Perspective has impressions of that experience as well as using the NVIDIA Game Stream technology to play your PC games on the SHIELD Tablet and controller. To go even further down the rabbit hole, you can stream your PC games from your desktop to your tablet, output them to the TV in console mode, stream your game play to Twitch from the tablet while overlaying your image through the front facing camera AND record your sessions locally via ShadowPlay and using the Wi-Fi Direct powered controller to send and receive audio. It is incredibly impressive hardware but the question remains as to whether or not there is, or will be, a market for Android-based gaming devices, even those with the power and performance that NVIDIA has built."
Cellphones

Samsung Delays Tizen Phone Launch 108

Posted by Unknown Lamer
from the enlightenment-deemed-too-cool-for-you dept.
New submitter tekxtc (136198) writes Slashdot has reported in the past that a Tizen phone is coming and that the design and photos leaked. But, it has just been announced that the launch of the first Tizen phone has been delayed because of Tizen's small ecosystem. Should it ever ship? Haven't Android and iOS completely cornered the market? Is there any hope for the likes of Tizen, Firefox OS, and Windows on phones and tablets?
Privacy

Ask Slashdot: Preparing an Android Tablet For Resale? 112

Posted by timothy
from the link-free-cloth-and-a-.45 dept.
UrsaMajor987 (3604759) writes I have a Asus Transformer tablet that I dropped on the floor. There is no obvious sign of damage but It will no longer boot. Good excuse to get a newer model. I intend to sell it for parts (it comes with an undamaged keyboard) or maybe just toss it. I want to remove all my personal data. I removed the flash memory card but what about the other storage? I know how to wipe a hard drive, but how do you wipe a tablet? If you were feeling especially paranoid, but wanted to keep the hardware intact for the next user, what would you do?
Microsoft

Microsoft's Nokia Plans Come Into Better Focus 149

Posted by timothy
from the ringtones-baby-the-future-is-ringtones dept.
Forbes has an update on what sort of future Nokia faces, as Microsoft reveals a strategy for making sense of the acquisition: [Microsoft EVP of devices Stephen] Elop laid out a framework for cost cuts in a memo to employees on July 17. Devices would focus on high and low cost Windows smartphones, suggesting a phasing out of feature phones and Android smartphones. Two business units, smart devices and mobile phones, would become one, thereby cutting overlap and overhead. Microsoft would reduce engineering in Beijing and San Diego and unwind engineering in Oulu, Finland. It would exit manufacturing in Komarom, Hungary; shift to lower cost areas like Manaus, Brazil and Reynosa, Mexico; and reduce manufacturing in Beijing and Dongguan, China. Also, CEO Satya Nadella gave hints about how Microsoft will make money on Nokia during Tuesday' conference call. Devices, he said, "go beyond" hardware and are about productivity. "I can take my Office Lens App, use the camera on the phone, take a picture of anything, and have it automatically OCR recognized and into OneNote in searchable fashion. There is a lot we can do with phones by broadly thinking about productivity." In other words, the sale of a smartphone is a means to other sales.
Android

Popular Android Apps Full of Bugs: Researchers Blame Recycling of Code 145

Posted by timothy
from the little-of-this-little-of-that dept.
New submitter Brett W (3715683) writes The security researchers that first published the 'Heartbleed' vulnerabilities in OpenSSL have spent the last few months auditing the Top 50 downloaded Android apps for vulnerabilities and have found issues with at least half of them. Many send user data to ad networks without consent, potentially without the publisher or even the app developer being aware of it. Quite a few also send private data across the network in plain text. The full study is due out later this week.
Stats

Do Apple and Google Sabotage Older Phones? What the Graphs Don't Show 281

Posted by timothy
from the maybe-apple-fans-are-driven-by-pheremones dept.
Harvard economics professor Sendhil Mullainathan takes a look in the New York Times at interesting correlations between the release dates of new phones and OSes and search queries that indicate frustration with the speed of the phones that people already have. Mullainathan illustrates with graphs (and gives plausible explanations for the difference) just how different the curves are over time for the search terms "iPhone slow" and "Samsung Galaxy slow." It's easy to see with the iPhone graph especially how it could seem to users that Apple has intentionally slowed down older phones to nudge them toward upgrading. While he's careful not to rule out intentional slowing of older phone models (that's possible, after all), Mullainathan cites several factors that mean there's no need to believe in a phone-slowing conspiracy, and at least two big reasons (reputation, liability) for companies — Apple, Google, and cellphone manufacturers like Samsung — not to take part in one. He points out various wrinkles in what the data could really indicate, including genuine but innocent slowdowns caused by optimizing for newer hardware. It's an interesting look at the difference between having mere statistics, no matter how rigorously gathered, and knowing quite what they mean.
Cellphones

Greenpeace: Amazon Fire Burns More Coal and Gas Than It Should 288

Posted by timothy
from the not-enough-greenwashing dept.
Jason Koebler (3528235) writes "The biggest thing that sets the Amazon Fire Phone apart from its Android and Apple competitors probably isn't the clean interface or the unlimited photo storage—it's the dirty power behind it. When Fire users upload their photos and data to Amazon's cloud, they'll be creating a lot more pollution than iPhone owners, Greenpeace says. Apple has made a commitment to running its iCloud on 100 percent clean energy. Amazon, meanwhile, operates the dirtiest servers of any major tech giant that operates its own servers—only 15 percent of its energy comes from clean sources, which is about the default national average." Greenpeace's jaundiced eye is on Amazon more generally; the company's new phone is just an example. Maybe Amazon or some other provider could take a page from some local utilities and let users signal their own preferences with a (surcharged) "clean energy" option.
Education

Chromebooks Are Outselling iPads In Schools 223

Posted by Unknown Lamer
from the keyboards-still-useful dept.
Nate the greatest (2261802) writes Apple thrilled investors earlier this week when they revealed that they had sold 13 million iPads to schools and claimed 85% of the educational tablet market, but that wasn't the whole story. It turns out that Apple has only sold 5 million iPads to schools since February 2013, or an average of less than a million tablets a quarter over 6 quarters. It turns out that instead of buying iPads, schools are buying Chromebooks. Google reported that a million Chromebooks were sold to schools last quarter, well over half of the 1.8 million units sold in the second quarter. With Android tablets getting better, Apple is losing market share in the consumer tablet market, and now it looks Apple is also losing the educational market to Google. Analysts are predicting that 5 million Chromebooks will be sold by the end of the year; how many of those will be sold to schools, do you think?
Encryption

CNN iPhone App Sends iReporters' Passwords In the Clear 40

Posted by Unknown Lamer
from the safe-reporting dept.
chicksdaddy (814965) writes The Security Ledger reports on newly published research from the firm zScaler that reveals CNN's iPhone application transmits user login session information in clear text. The security flaw could leave users of the application vulnerable to having their login credential snooped by malicious actors on the same network or connected to the same insecure wifi hotspot. That's particularly bad news if you're one of CNN's iReporters — citizen journalists — who use the app to upload photos, video and other text as they report on breaking news events. According to a zScaler analysis, CNN's app for iPhone exposes user credentials in the clear both during initial setup of the account and in subsequent mobile sessions. The iPad version of the CNN app is not affected, nor is the CNN mobile application for Android. A spokesman for CNN said the company had a fix ready and was working with Apple to have it approved and released to the iTunes AppStore.
Google

Privacy Lawsuit Against Google Rests On Battery Drain Claims 175

Posted by Soulskill
from the discovery-will-be-powered-by-bing dept.
Jason Koebler writes: According to plaintiffs in a class-action lawsuit against Google, personal information about you and your browsing, email, and app-using habits that is regularly sent between apps on you Android phone is harming your battery life. As odd as it sounds, this minor yet demonstrable harm is what will allow their lawsuit to go forward. A federal judge ruled that the claim "requires a heavily and inherently fact-bound inquiry." That means there's a good chance we're about to get a look into the ins and outs of Google's advertising backbone: what information is shared with whom, and when.
Firefox

Firefox 31 Released 172

Posted by Soulskill
from the baskin-robbins-edition dept.
An anonymous reader writes Mozilla has released version 31 of its Firefox web browser for desktops and Android devices. According to the release notes, major new features include malware blocking for file downloads, automatic handling of PDF and OGG files if no other software is available to do so, and a new certificate verification library. Smaller features include a search field on the new tab page, better support for parental controls, and partial implementation of the OpenType MATH table. Firefox 31 is also loaded with new features for developers. Mozilla also took the opportunity to note the launch of a new game, Dungeon Defenders Eternity, which will run at near-native speeds on the web using asm.js, WebGL, and Web Audio. "We're pleased to see more developers using asm.js to distribute and now monetize their plug-in free games on the Web as it strengthens support for Mozilla's vision of a high performance, plugin-free Web."
Handhelds

NVIDIA Launches Tegra K1-Based SHIELD Tablet, Wireless Controller 42

Posted by timothy
from the pretty-high-resolution-there dept.
MojoKid (1002251) writes NVIDIA just officially announced the SHIELD Tablet (powered by their Tegra K1 SoC) and SHIELD wireless controller. As the SHIELD branding implies, the new SHIELD tablet and wireless controller builds upon the previously-released, Android-based SHIELD portable to bring a gaming-oriented tablet to consumers. The SHIELD Tablet and wireless controller are somewhat of mashup of the SHIELD portable and the Tegra Note 7, but featuring updated technology and better build materials. You could think of the SHIELD Tablet and wireless controller as an upgraded SHIELD portable gaming device, with the screen de-coupled from the controller. The device features NVIDIA's Tegra K1 SoC, paired to 2GB of RAM and an 8", full-HD IPS display, with a native resolution of 1920x1200. There are also a pair of 5MP cameras on the SHIELD Tablet (front and rear), 802.11a/b/g/n 2x2 MIMO WiFi configuration, GPS, a 9-axis motion sensor, and Bluetooth 4.0 LE. In addition to the WiFi-only version (which features 16GB of internal storage), NVIDIA has a 32GB version coming with LTE connectivity as well. NVIDIA will begin taking pre-orders for the SHIELD Tablet and wireless controller immediately.
Cellphones

Why My LG Optimus Cellphone Is Worse Than It's Supposed To Be 290

Posted by samzenpus
from the no-sir-I-don't-like-it dept.
Bennett Haselton writes My LG Optimus F3Q was the lowest-end phone in the T-Mobile store, but a cheap phone is supposed to suck in specific ways that make you want to upgrade to a better model. This one is plagued with software bugs that have nothing to do with the cheap hardware, and thus lower one's confidence in the whole product line. Similar to the suckiness of the Stratosphere and Stratosphere 2 that I was subjected to before this one, the phone's shortcomings actually raise more interesting questions — about why the free-market system rewards companies for pulling off miracles at the hardware level, but not for fixing software bugs that should be easy to catch. Read below to see what Bennett has to say.
Ubuntu

MicroxWin Creates Linux Distribution That Runs Debian/Ubuntu & Android Apps 42

Posted by samzenpus
from the all-in-one dept.
An anonymous reader writes VolksPC who developed MicroXwin as a lightweight X Window Server has come up with their own Linux distribution. Setting apart VolksPC's distribution from others is that it's based on both Debian and Android and has the capability to run Debian/Ubuntu/Android apps together in a native ARM experience. The implementation doesn't depend on VNC or other similar solutions of the past that have tried to join desktop apps with mobile Android apps. This distribution is also reportedly compatible with all Android applications. The distribution is expected to begin shipping on an ARM mini-PC stick.
Businesses

Lenovo Halts Sales of Small-Screen Windows 8.1 Tablets Due To "Lack of Interest" 125

Posted by samzenpus
from the do-not-want dept.
DroidJason1 writes Microsoft has attempted to compete in the small-screen tablet market with Windows 8.1 and Windows RT, but it looks like the growing adoption of small-screen Android tablets are just too much for Lenovo to handle. Lenovo has slammed the brakes on sales of small screen Windows tablets in the United States, citing a lack of interest from consumers. In fact, Lenovo has stopped selling the 8-inch ThinkPad 8 and the 8-inch Miix 2. Fortunately, these small-screen Windows tablets have seen some success in Brazil, China, and Japan, so Lenovo will focus on efforts there. Microsoft also recently scrapped plans for the rumored Surface Mini.
Android

Want To Ensure Your Personal Android Data Is Truly Wiped? Turn On Encryption 91

Posted by samzenpus
from the getting-it-clean dept.
MojoKid writes We've been around the block enough times to know that outside of shredding a storage medium, all data is recoverable. It's just matter of time, money, and effort. However, it was still sobering to find out exactly how much data security firm Avast was able to recover from Android devices it purchased from eBay, which included everything from naked selfies to even a completed loan application. Does this mean we shouldn't ever sell the old handset? Luckily, the answer is no. Avast's self-serving study was to promote its Anti-Theft app available on Google Play. The free app comes with a wipe feature that overwrites all files, thereby making them invisible to casual recovery methods. That's one approach. There's another solution that's incredibly easy and doesn't require downloading and installing anything. Before you sell your Android phone on eBay, Craigslist, or wherever, enable encryption and wait for it to encrypt the on board storage. After that, perform a wipe and reset as normal, which will obliterate the encryption key and ensure the data on your device can't be read. This may not work on certain devices, which will ask you to decrypt data before wiping but most should follow this convention just fine.
Hardware

Slashdot Asks: Do You Want a Smart Watch? 381

Posted by timothy
from the does-it-shoot-deadly-darts? dept.
Watches that do more than tell the time have been around for a long time. (And in fiction, James Bond, Dick Tracey, and Michael Knight all had notably high-tech watches.) The new smart watches from Samsung and LG, without a phone connected via Bluetooth as backhaul, can still serve to show the time and to serve as alarms (and Samsung's can measure your pulse, too), but all the magic features (like searching by voice via the watch) do require a connection. They can't play MP3s or take pictures on their own, and they don't have built-in GPS. Even so, compared to the polarizing Google Glass, the new breed of smart watches are wearables that probably are an easier sell, even if this far the trend has been to replace watches with smart phones. (Android Wear has gotten a lot of attention, but Microsoft has their own upcoming, and Apple almost certainly does, too.) Are you interested in a smart watch, and if so, what uses do you want it for? If they have no appeal to you now, are there functions that would make you change your mind on that front?

"Trust me. I know what I'm doing." -- Sledge Hammer

Working...