Jun 102014
 
random-numbers

 

If someone tapped your Internet connection, what would they find out about you?

It’s been just over a year since Edward Snowden became a household name, and his disclosures about the reach and extent of the National Security Agency’s online monitoring programs led to headlines around the world.

But one big, basic question remains more or less unanswered: What exactly does the NSA’s surveillance reveal?

To try to answer that question, I had my home office bugged. This was an experiment NPR designed to learn what exactly the National Security Agency could see about a person if it cared to look.

Working with Sean Gallagher, a reporter at the technology site Ars Technica, and Dave Porcello, a computer security expert at Pwnie Express, I had the Internet traffic into and out of my home office in Menlo Park, Calif., tapped. We installed something called a Pwn Plug to monitor the data flowing to and from my computer and mobile phone.

The box is a little wireless router that basically captures and copies all the traffic into and out of any device that connects to it. That data were sifted and analyzed by software automatically.So for a little more than a week, Porcello and Gallagher stepped into the role of NSA analysts and spied on my work.

via Project Eavesdrop: An Experiment At Monitoring My Home Office : All Tech Considered : NPR.

 

 

Jun 032014
 
chrome-logo-2011-04-27

A browser is one of the most resource-intensive things you can run on a computer. Start a multi-tab workload and it’s not uncommon to quickly gobble up multiple gigabytes of RAM. To help deal with the Web’s ever-growing thirst for system resources, Google is catching up with the Internet Explorers and Safaris of the world by releasing a 64-bit version of Chrome.

The new version was announced on the Chromium blog, along with a list of benefits that the switch to 64-bit brings to the table. Thanks to compiler optimizations and a more advanced instruction set, Google says it is getting big speed boosts.

via 64-bit Chrome is faster, more stable, and more secure | Ars Technica.

 

 


 

Jun 022014
 

Pixar announced last week that it will be releasing a free, noncommercial version of its Renderman package. All of the many elements that make up Renderman will be made available to download as part of Pixar and Disney’s initiative to set Renderman up as the 3D imaging industry standard.

Renderman comprises a large batch of software and an API, and it works with Autodesk products like Maya to expand on tools for modeling, lighting, texturing, shading, VFX, and animation. Renderman also includes tools for setting up a render farm across multiple computers and servers.

via Pixar will soon release a free version of Renderman | Ars Technica.

 


 

 

 

Jun 022014
 
youtube_logo

youtube_logo

Starting today, internet providers in the United States will finally be held to account for lackluster YouTube streaming speeds. Google has brought its Video Quality Report — first launched in Canada at the start of this year — to the US, and is now ranking ISPs like Cablevision and Verizon FiOS based on the fidelity of their YouTube streams. If you’ve been experiencing buffering issues or playback interruptions despite paying for a speedy internet connection, this monthly report could help answer the lingering question of why.

via YouTube reveals which US internet providers are best and worst at streaming | The Verge.

 


 

Sep 252013
 

amzn_fb-tw_Icon-global

Amazons first trick was selling a tablet so cheap, it was hard not to buy it, despite the shortcomings. Amazons next trick was to build a second, larger tablet, to show it could compete if not necessarily win in the big leagues. Amazons third trick — revealed Wednesday — is to blow past Apple and the Android rivals with flatter, faster tablets that are nonetheless priced insanely low. Weve long known CEO Jeff Bezos was content to sell devices at cost — but we didnt know his company would actually go out and pay for such nice tablets. Here comes Kindle Fire HDX.

Wilson Rothman / NBC NewsThe Origami cover, available in various colors and materials for both the 7-inch and 8.9-inch models.”We make money when people use our devices, not when they buy our devices,” Bezos told NBC News Monday during an in-person product briefing where he showed off the two new tablets.

Major upgrades from last years models, the 7-inch and 8.9-inch HDX models have the highest-resolution screens currently on the market, and the fastest chips ever put in tablets. But specs arent the only step up here: new features let you send video to a smart TV or game console, enter low-power mode while reading books, download subscription movies for offline viewing — and even call for help from a live human technician if you run into trouble.

MORE:  Amazons Kindle Fire HDX tablets pose real threat to iPad dominance – NBC News.com.

 

 


 

Jun 032013
 

 vine1

Android smartphone owners can finally stop trading dirty looks with their iPhone-carrying friends: Twitter’s increasingly popular Vine six-second video and creativity app is finally available on the Android platform.

Vine, which Twitter snapped up late last year has quickly blossomed into a surprisingly versatile (and popular, Twitter reports 13 million users) app for creating not only six second video clips, but also amazing animation creations. The latter capability is all thanks to Vine’s most unique feature: the ability to stop and start recording video with a tap on the screen. Expert users manage to turn six seconds into dozens of taps for smooth, engaging animated tales (see the example below).

To download Vine for Android now, we suggest searching for “Vine Co.” in the Google Play store — it’s been otherwise difficult to locate and it still doesn’t show up as the first result.

MORE:   Vine for Android Finally Arrives.

 

 


 

Jun 032013
 

 HTML5_Logo_512

Old habits can die hard. But don’t worry, Paul Wyatt and Joseph Luck are here to guide you through launching a site in HTML – with traditional Flash sensibilities.

For years Flash has been a great creative tool for websites, animation and even broadcast work, but it’s becoming increasingly necessary to look at new ways to build websites and display content.

A key personal motivation behind this tutorial was a folio website, originally designed seven years ago as a showcase of the ‘campaign website’ flavour – with a filing cabinet dropping from the sky and displaying content with animations and transitions in between seemingly everything. Over seven years this website had been updated but failed to keep up with career and work changes, and the demands on it to display different types of content. Something that was easy to update, would work on everything and also serve as a ‘shop window’ for work was required.

But Flash and the showman go hand in hand, and those sensibilities endure. The new site was to have a resizable image-based homepage showcasing full browser width and height images to their best. The aim was for this to rotate and transition from one image to the next and on the sub-homepages have a cut-down version. Clean, bold typography and clear labelling were also key.

MORE:   Apply Flash principles to HTML | Tutorial | .net magazine.

 

 


 

May 292013
 

150px-Ruby_on_Rails.svg

Attackers are exploiting an extremely critical vulnerability in the Ruby on Rails framework to commandeer servers and make them part of a malicious network of hacked machines, a security researcher said.

Ars first warned of the threat in early January, shortly after Rails maintainers issued a patch for the vulnerability. Ars warned at the time that the vulnerability gave attackers the ability to remotely execute malicious code on underlying servers. Criminals’ success in exploiting the bug to make vulnerable machines join a botnet suggests that many server administrators still haven’t installed the critical update more than four months after it was issued.

Servers that have been exploited are infected with software that caused them to join an Internet Relay Chat (IRC) channel on one of at least two servers, security researcher Jeff Jarmoc said in a post published Tuesday to his personal website. Attackers can force servers to download and execute malicious code and join new IRC channels from there.

MORE:   Critical Ruby on Rails bug exploited in wild, hacked servers join botnet | Ars Technica.

 

 

 

May 292013
 

 facebook

A new scam going around Facebook recently begins with a message to page owners about a new “Fan Page Verification Program.” From there, users are prompted to share their Facebook email and password, which is part of a phishing scam.

Similar to another scam that targeted page admins in the past, the message purports to be from Facebook Security and is designed to trick users into sharing their Facebook login information. This latest scam, detailed by Hoax-Slayer, tells page owners that they qualify for a new security feature and must choose a 10-digit security code by May 30, otherwise their page could be suspended. The message includes a link to a site with form fields for their page URL, email address, password and a “transferring code” of their choice.

MORE:   ‘Fan Page Verification’ scam goes after Facebook page admins.

 

 


 

 

May 282013
 

 random-numbers

In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do.

Imagine no more. We asked three cracking experts to attack the same list Anderson targeted and recount the results in all their color and technical detail Iron Chef style. The results, to say the least, were eye opening because they show how quickly even long passwords with letters, numbers, and symbols can be discovered.

The list contained 16,449 passwords converted into hashes using the MD5 cryptographic hash function. Security-conscious websites never store passwords in plaintext. Instead, they work only with these so-called one-way hashes, which are incapable of being mathematically converted back into the letters, numbers, and symbols originally chosen by the user. In the event of a security breach that exposes the password data, an attacker still must painstakingly guess the plaintext for each hash—for instance, they must guess that “5f4dcc3b5aa765d61d8327deb882cf99″ and “7c6a180b36896a0a8c02787eeafb0e4c” are the MD5 hashes for “password” and “password1″ respectively. (For more details on password hashing, see the earlier Ars feature “Why passwords have never been weaker—and crackers have never been stronger.”)

While Andersons 47-percent success rate is impressive, its miniscule when compared to what real crackers can do, as Anderson himself made clear. To prove the point, we gave them the same list and watched over their shoulders as they tore it to shreds.

MORE:  Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331” | Ars Technica.