Apple's culture of secrecy delays security response -- again

If it wasn't for the news reports of Apple's "goto fail" fix released on Tuesday, you might not have known that there had been a security problem with your Macs.
More than a decade ago, Microsoft was notorious for ignoring security problems. Years of complaints from independent security researchers and industry professionals resulted in big changes in how the company handles security problems.
After Windows security measures repeatedly fell to malicious hackers, and the company was in danger of becoming the laughingstock of the security community, Chairman Bill Gates wrote a now-famous 2002 letter saying security would become the company's top priority. By contrast, neither Tim Cook nor Steve Jobs have ever reformed Apple's mission in the same way.
In today's update that fixes "goto fail," Apple buried the notification of the fix and didn't identify it as being any different from the other security fixes in the update. Apple credited German software developer Roland Moriz for one of the bugs identified, although it appears that the CURL database bug he reported in November is only related to the "goto fail" bug and not identical.
"It looks like Apple may have some problems [rolling] out security patches when they already have another regular release in queue," Moriz wrote to CNET in an e-mail. "After this disaster, Apple should improve the test coverage of certain critical parts (e.g. SecureTransport) and review the existing code base."
The problem may be even worse in this case than it looks. "One interesting aspect of this is that [Mac OS X] 10.9.2 patched a large number of serious security vulnerabilities, not just the notorious "goto fail" one," said longtime Apple software developer Mike Ash, who described the list of bugs as "arguably more significant" than the Transport Layer Security problems in "goto fail."
"Some of them would allow an attacker to compromise your machine just by having you visit a Web site they control," he said, also known as a drive-by attack. Emphasizing that he was speculating on Apple's reasoning for the way that the update was published, Ash said in an e-mail to CNET that Apple may have decided "to roll the TLS fix into 10.9.2 because they needed to put 10.9.2 out soon to fix these other vulnerabilities, and a separate patch would have delayed it."
The evidence points to problems at Apple with alerting its users and fixing flaws in a timely manner. This is problematic because it's not made clear to Mac and iPhone users how important an update is to their security.
By contrast, Google and Microsoft identify security fixes with standard terminology such as Medium, High, and Critical.

"They think that -- except for a small community -- that people don't care about security and privacy. They want to talk more about speed and cup holders and less about airbags," he said, "but it's the airbags that will save you."
--Ashkan Soltani, independent security researcher

It took Apple more than 1,200 days to fix a vulnerability in 2011 exploited by the FinFisher trojan. An App Store flaw that attackers exploited to steal passwords and surreptitiously install malicious apps was remedied by simply turning on basic HTTPS encryption -- nine months after it was initially reported. The Flashback malware infected more than 600,000 Macs, more than 1 percent of all Macs in use worldwide, because Apple took two months longer than Oracle to issue its own Java patch.
When issuing security updates, timeliness matters. Security researcher Ashkan Soltani said he thinks the culture at Apple downplays security concerns.
"They think that -- except for a small community -- that people don't care about security and privacy. They want to talk more about speed and cup holders and less about airbags," he said, "but it's the airbags that will save you."
Part of the problem is that companies like Apple think they can protect users by keeping knowledge of vulnerabilities from the public, said Andrew Sudbury, the chief technology officer at security startup Abine.
"Apple's security is still tied to its image," he said. "You'd think you'd want to push something like this as hard and as quickly as possible, but I personally only found out about it through the news."

"Apple's security is still tied to its image. You'd think you'd want to push something like this as hard and as quickly as possible, but I personally only found out about it through the news."
--Andrew Sudbury, CTO at security startup Abine

Apple could have fixed the "goto fail" problem faster, but didn't. "I don't get the impression that the five-day delay was strictly necessary. Apple has put out quick security updates in the past, and this fix was particularly easy to apply at least in theory," said Ash.
Sudbury added that the bigger issue at Apple is keeping iPhones and iPads secure.
"iOS devices are a consumer device, and there's nothing you as a user can do [to secure them.] Apple takes all their responsibility, and even security companies can't help you," he said.
Soltani didn't mince his words for Cook's crew in Cupertino. "[They] waited until they had all the pieces together for a minor update, 10.9.2. If it were me, the moment something like this was determined, you'd want to roll this out. It was one line [of code required to fix the "goto" bug.]"
"Instead," he said, "they waited an entire weekend or more."
Apple did not respond to a request for comment before this story was published. CNET will update the story when there's more information.
With its history of lengthy response times to critical security problems, Apple is equally long overdue for a serious re-evaluation of how they handle their insecurities.

Read More

Black market lights up with 360M stolen credentials -- report

The cyber black market is busting at the seams with stolen credentials, according to a new report.
Speaking to Reuters in an interview on Wednesday, Alex Holden, chief information security officer at Hold Security, said that over a period of just three weeks his company was able to identify 360 million different account credentials that were available for sale on Web-based black market services. The credentials include user names -- which are often e-mail addresses -- and passwords that in "most cases" are in unencrypted text, according to the report.
Holden told Reuters that his company is working to discover where the credentials came from and what they can access. While the targets of the breach are unknown, Reuters notes that the "discovery could represent more of a risk to consumers and companies than stolen credit card data" because of the wide range of computer systems the credentials could access -- anything from online bank accounts to corporate networks.
E-mail addresses in the credentials are from all major services, including Gmail and Yahoo, and almost all Fortune 500 companies and nonprofit organizations, Holden told Reuters.
That so many credentials are floating around the black market is perhaps no surprise to those who have been keeping an eye on the security space. Late last year, Target was hit with a massive data breach that saw the theft of 110 million people's personal information. It was just one in a long line of breaches that have occurred over the last several years, and only proved to put the issue back on the average person's map.
Perhaps most concerning, however, is that Holden believes that the 360 million credentials are predominantly new to the black market sites, and he believes that the breaches that delivered the credentials into hacker hands have yet to be reported. Holden also believes multiple breaches have combined to hit the 360-million mark. In addition to the credentials, Hold Security said more than 1 billion e-mail addresses are also up for sale on the sites.
As of this writing, Holden has yet to inform affected companies or authorities. He claims that his team is working to identify all the affected companies and will inform them of the breach when the data is collected.

Read More

Why bother to text your girl when BroApp can do it for you?

You know how you often tell your one true love that she's your one true love?
Does she know that the "one" isn't true, making the "true" not true either?
I only ask because your, um, bros in tech have your back. They understand. Indeed, not only do they understand, but they want to help.
Some tech bros in Australia, you see, have gotten together in solidarity to create BroApp.
This little beauty is Android-only, but it's manly to the core.
BroApp's instructions are so simple that a Neanderthal man can understand them: "Select your girlfriend's number, add some sweet messages, and set the time of day when you want those messages sent. BroApp takes care of the rest."
Don't you wish you had bros who could take care of things for you? Don't you wish that you could get bros to send your lover a text that reads: "Morning, sweet pea. Hope you have a great day"?
The bros at BroApp are so caring and sensitive that they answer your most pressing questions.
"'What if I get caught by my girlfriend?' you ask," asks BroApp.
The answer? "BroApp is smart, taking all possible steps to safeguard the BroApp secret. BroApp's unique detectors integrate advanced Android technologies that ensure your girlfriend never becomes suspicious of your relationship wingman."
You might wonder what these "all possible steps" might be.
Well, it detects your girlfriend's Wi-Fi, so it knows not to send coo-cooing texts when you're actually at her place.
It also has an "Intrusion Detector." Doesn't it know that girlfriends are wily beings, with ways that men don't remotely understand?
Still, BroApp has a third, most useful safeguard: the "Contact Detector." Yes, BroApp can tell when you're sending real texts to your girlfriend, so it stops sending the fake ones.
Personally, I did enjoy the part in the Google App store that rated BroApp "low maturity."
I also enjoyed the reporting of News.com in Australia, which told me that the developers behind this wizard invention will only admit to being called Tom and James.
Tom confessed to News.com that the most painful moment in the app's creation came when he had to turn to his girlfriend (presumably in person) and tell her what he'd been developing for the previous three months.
You might think this invention is impersonal. But you can invent your own caring messages, ones that you can program to be sent just at the time, say, that you know your girlfriend is at the hairdresser's.
She'll never know that you're having a tryst with the hairdresser's best friend, will she? Because she's your one true love, right?

Read More

MTN, Globacom, Airtel fined $4m by NCC

The Nigerian Communications Commission (NCC) has fined MTN, Globacom and Airtel a total of NGN647.5 million (US$4 million) for breaching key performance indicators (KPIs) and providing poor quality of service for the month of January this year.

ThisDay reports letters seen by the newspaper dated February 19, 2014 and addressed by the NCC to each of the three telecoms companies said after collating statistics from the network operating centres of the operators in the month of January, the regulator found services provided fell below the KPIs published in 2013.

Globacom was fined NGN277.5 million (US$1.7 million) for three breaches, while MTN and Airtel were each sanctioned NGN185 million (US$1.15 million) for two breaches. Etisalat, however, was given a clean bill of health.

The NCC said it had set four critical KPIs – Call Setup Success Rate (CSSR), Drop Call Rate (DCR), Traffic Channel Congestion (TCHCONG) and Stand Alone Dedicated Control Channel Congestion (SDCONG) – with MTN, Airtel and Globacom all failing to meet the CSSR target of 98 per cent, scoring 96.85 per cent, 96.99 per cent and 96.89 per cent respectively.

MTN and Globacom both failed to meet the DCR target, while Airtel and Globacom fell short of the SDCONG target. All three of the sanctioned networks, however, met the TCHCONG targets.

The letters are to be delivered to the three operators today.

The NCC last year fined the country’s four major operators US$7.5 million after they failed to meet the minimum Quality of Service (QoS) parameters issued by the regulator for the months of March and April 2012.

Nigerian operators have been at loggerhead with the government and the regulator in recent months, criticising the NCC for offering to support telecoms subscribers planning to drag the networks to court over poor service quality.

The Association of Telecoms Operators of Nigeria (ALTON) has blamed excessive demands by state agencies for poor service quality, and said negative publicity around the Nigerian telecoms sector is bad for the country’s economy.

Read More

Bitflux wins Nigerian spectrum licence bid

Nigeria’s Bitflux Communications has won the 2.3 GHz spectrum band licence auction, beating national mobile operator Globacom, according to a Tweet by Tony Ojobo, director of public affairs at the Nigerian Communications Commission (NCC).

HumanIPO reported yesterday the NCC had approved Bitflux and Globacom as bidders for the spectrum band.

Last month the communications body announced it would be carrying an auction of the 2.3 GHz band for commercial use on a national basis in February, placing a reserve price of US$23 million on the band to be sold to a wholesale provider of broadband services.

The auctioning of the spectrum band is in line with the country’s National Broadband Plan.

“The proposed licensing of 2.3 GHz spectrum has been influenced by the need to provide Retail Service Providers (ISPs and others users) with the requisite wholesale wireless access and bandwidth to provide service to their subscribers in consonance with the National Broadband Plan of 2013,” the NCC said.

Nigerian minister of communications Omobola Johnson said yesterday the targets set out by the National Broadband Plan are achievable.

Read More

Jumia Nigeria giving away one PS4 hourly at 50% discount

Nigerian e-commerce platform Jumia has announced it is giving away one PlayStation 4 (PS4) hourly at a discount of 50 per cent.

The company said the offer means shoppers will be able to purchase the console at the price of NGN64,995 (US$395).

“Jumia will be placing a PS4 randomly in various categories on the website, every hour there will be a countdown to the next discount here. Simply browse through the various categories within the hour and get closer to grabbing this offer. Remember fastest a finger grabs the PS4 at the unbelievable price,” Jumia said.

It is also extending the offer to its fans on Facebook.

“Also fans on Facebook aren’t left out, simply visit the Jumia Facebook page, share the #Jumiamadness post and stand a chance to win a NGN10,000 (US$61) shopping voucher to be used on Jumia.com.ng.,” the company said.

Read More

LinkedIn testing Chinese language site

The firm said the move was aimed at offering a more localised service to its users in China.
It is expected to boost LinkedIn's growth in China - where rival social networking firms such as Facebook and Twitter continue to remain blocked.
China is the world's largest internet market with more than 500 million internet users.
LinkedIn said it was also creating a joint venture with Sequoia China and China Broadband Capital to "help connect more than 140 million Chinese professionals with each other and with our more than 277 million existing members globally".
"Our mission is to connect the world's professionals and create greater economic opportunity - and this is a significant step towards achieving that goal," the firm said in a blogpost.
Censorship worries

Social media platforms have become increasing popular with Chinese internet users keen to voice their opinions and share unfiltered information.

That has resulted in increased scrutiny and censorship by authorities.
LinkedIn's chief executive Jeff Weiner acknowledged that "as a condition for operating in the country, the government of China imposes censorship requirements on internet platforms".
He added that expanding the firm's presence in China had raised difficult questions for the firm, not least because of these restrictions.
"LinkedIn strongly supports freedom of expression and fundamentally disagrees with government censorship.
"At the same time, we also believe that LinkedIn's absence in China would deny Chinese professionals a means to connect with others on our global platform," he said.
The firm said it had decided to implement the following guidelines to address censorship concerns:

• Government restrictions on content will be implemented only when and to the extent required
• It will be transparent about how it conducts business in China and will use multiple avenues to notify members about its practices
• It will undertake extensive measures to protect the rights and data of members

While the firm did not specify what restrictions it would implement, some reports indicated that it had dropped the group discussion feature from the Chinese language site to avoid censorship issues.

 

LinkedIn's chief executive Jeff Weiner says expanding in China has raised difficult questions for the firm

'Start-up phase' LinkedIn's English language site has been available in China for over a decade. It already has four million users in the country.
LinkedIn said the Chinese language site would incorporate features aimed at helping local users drive more value from the service.
It has integrated Sina Weibo, China's largest Twitter-like service, into the platform that would allow members to import their Weibo contacts to their LinkedIn profile.
Members would also be allowed to link their LinkedIn account to their WeChat account, one of China's most popular mobile messaging services.
LinkedIn said that despite being present in the country for such a long period it was still in a "start-up phase" in China.
"We believe that the experience of our local team, combined with the considerable market expertise of our joint venture partners, position us well to explore our growth options in China," it said.

Read More

Top Bitcoin exchange MtGox goes offline

The exchange has been hit by technical issues and recently halted all customer withdrawals of the digital currency after it spotted what it called "unusual activity".

The move is a setback for backers of Bitcoin, who have been pushing for greater adoption of the currency.
Meanwhile, six other major Bitcoin exchanges issued a joint statement distancing themselves from MtGox.

The move by MtGox to halt withdrawals had resulted in a sharp decline in the value of Bitcoin

"This tragic violation of the trust of users of MtGox was the result of one company's actions and does not reflect the resilience or value of Bitcoin and the digital currency industry," the exchanges, including Coinbase and BTC China, said in a statement.
"As with any new industry, there are certain bad actors that need to be weeded out, and that is what we are seeing today.
"We are confident, however, that strong Bitcoin companies, led by highly competent teams and backed by credible investors, will continue to thrive, and to fulfil the promise that Bitcoin offers as the future of payment in the internet age," they added.
Lost Bitcoins? MtGox halted transfers of the digital currency to external addresses on 7 February.
The Tokyo-based firm said it had found a loophole that thieves could use to fool the transaction process into sending double the correct number of Bitcoins.
The issue also left it vulnerable to attacks, which slowed down the rate at which coins could be bought and sold.

The loophole was also thought to have been exploited by thieves, who stole about $2.7m in Bitcoins from the Silk Road 2 website earlier this month.

However, last week, the exchange said that customers would be able to starts withdrawals "soon".
So far, MtGox has not issued any statement about reasons behind the site going offline and whether it would be back.
However, one report claimed that the exchange had become "insolvent" after losing 744,408 Bitcoins - worth about $350m (£210m) at Monday's trading prices.
'Re-establish trust' Unlike real currencies, Bitcoins are not regulated by any central bank or government financial institutions.
They are created as part of a technique called "mining", which is used to process transactions.
With only a limited number or Bitcoins in circulation, their price has risen significantly in recent months driven by a variety of factors.
Some have been betting that the digital currency may get the backing of regulators as a legitimate financial service and have been investing in it.
Their popularity has also been driven in part by it being difficult to trace transactions carried out using Bitcoins, and the currency has been linked to illegal activity online.
Its growing popularity has seen backers of the currency push for greater mainstream adoption. They have had some success with a few firms starting to accept Bitcoins as a form of payment.
However, there have also been concerns over the currency's long-term future, not least due to a lack of proper regulation and laws.
At the same time, some have warned that the rapid surge in Bitcoin's price was merely due to speculation and was not sustainable.
The latest development with MtGox is likely to trigger fresh concerns over the digital currency.
However, other Bitcoin backers said they were working together to "re-establish" trust among users and were "committed to the future of Bitcoin".
They said they "will be coordinating efforts over the coming days to publicly reassure customers and the general public that all funds continue to be held in a safe and secure manner".

 

Read More

Samsung adds biometrics to latest Galaxy smartphone

In a similar way to Apple's iPhone 5, the main button on the front of the device doubles as a fingerprint scanner used to unlock the device.
The S5, which is water and dust-resistant will be available in April.
South Korea-based Samsung, the market leader in smartphone sales worldwide, also claimed to have made the "world's fastest" auto-focusing camera.
In addition to two smartwatches announced on Sunday - the Gear and Gear 2 Neo - Samsung also added the Gear Fit, a smartband that is focused on fitness.
Security focus Security has been a major theme at Mobile World Congress in Barcelona.
Earlier on Monday, the Blackphone, made by Silent Circle, was launched. It included a range of specialised security apps offering encrypted communication.
And for Samsung, it was security features that provoked applause from those in attendance at its characteristically-flamboyant launch event at Mobile World Congress in Barcelona.
As well as unlocking the device, the fingerprint scanner will be used to power payments. Samsung has partnered with Paypal to offer payment-by-finger.
The scanner is also able to enable "private mode", a way of storing sensitive information accessible only by using the scanner.
"Consumers already worried about the security of established payment mechanisms are likely to view a new technology and process with suspicion," commented Eden Zoller, principal analyst at Ovum.
"On the positive side, Samsung is a hugely popular smartphone brand with global reach, while PayPal is a trusted payments service provider. This is a powerful combination."
Another feature impressing the crowd was the device's black-and-white mode - designed to save battery life by limiting the power used by the screen and disabling all but essential features such as text and calls.
"Samsung appears to have cherry-picked the most crowd-pleasing features available from other manufacturers," said Ernest Doku from uSwitch.com.
"A fingerprint ID sensor and an attractive gold model like Apple's iPhone 5s, a water and dust-resistant body like Sony's Xperia Z2, and photography credentials to challenge the best from Nokia."
No Tizen Samsung is by far the dominant player in smartphones globally.
According to Strategy Analytics, 452 million Samsung devices were shipped in 2013 - far greater than Apple's 153 million.
But sales of the S5's predecessor, the S4, were seen as disappointing compared to the growth achieved by the S3.
The company also faces a growing threat from emerging Chinese manufacturers such as Xiaomi, ZTE and Lenovo.
Some had speculated before the event that Samsung would eventually drop Google's Android software in favour of a fledgling system known as Tizen.
However, while the company's new smartwatches will use Tizen rather than Android, the flagship smartphone is, for now, sticking with Google's system.
This is likely to be of relief to the search giant - it is Samsung's enormous market share that makes Android the most popular mobile operating system.
"What perhaps is the most interesting aspect of the device is what Samsung did not announce, effectively putting to bed a number of rumours," said Ovum analyst Nick Dillon.
"These included suggestions at both ends of the scale that that the device would be running Tizen OS and that it would be using a 'pure' Google version of Android.
"That it has neither tells us both that Tizen is unlikely to see a major handset launch this year and that Google and Samsung are still operating at arm's length."

Read More

'Smart' toothbrush grades your brushing habits

If you're tired of nagging your kids (or another member of your household) to brush their teeth, you have a new ally.

A French company has introduced what they're calling the world's first connected electric toothbrush, which syncs wirelessly with a smartphone to track brushing habits, announce whether you, or your kids, have brushed thoroughly enough and reward you for good oral hygiene.

For extra motivation, or shaming, the brush can share information with your social network or even your dentist.

It's called the Kolibree toothbrush, and it was unveiled this week at the International Consumer Electronics Show in Las Vegas, where some attendees asked if they could test prototypes on their pearly whites right there (for sanitary reasons, the answer was no).

The device will cost from $99 to $200, depending on the model, and will be available for pre-order this summer through Kickstarter or another crowdfunding site.

"It works just like a regular toothbrush," said Kolibree spokesperson Renee Blodgett in a phone interview. "The only difference is that all the data is stored on your phone so you can see how you're brushing."

Users download a mobile app and connect via Bluetooth, and the Kolibree documents every brushing via three sensors that record 1) how long you brush, 2) whether you brush all four quadrants of your mouth, and 3) whether you brush up and down (good) instead of just side to side (bad).

The data automatically syncs to your Android phone or iPhone, telling you whether you brushed long enough and reached all the crucial areas of your teeth and gums. The Kolibree app charts your progress and scores your brushing technique to encourage you, or your kids, to improve brushing habits.

In this way, the device turns a mundane daily activity into a game, which its makers hope will engage people -- especially kids -- and encourage them to brush longer and more often.

"You create this incentive around brushing," Blodgett said.

The brushing data also will be available via an API to let third-party game designers develop new apps for the Kolibree system.

The Kolibree toothbrush was invented by Thomas Serval, a French engineer and a leader in that country's tech industry. He was inspired to design it after suspecting that his children were lying to him about whether they had brushed their teeth.

It's not the first "smart" toothbrush on the market, however: The manual, $25 Beam Brush went on sale about a year ago. The Beam also connects to phones via Bluetooth and records brushing time, although unlike the Kolibree it cannot track the brush's movements in the mouth.

Read More

Bitcoin ATMs coming to the U.S.

Bitcoin, the emerging if still somewhat mysterious digital currency, may be coming soon to a high-tech ATM near you.

Kiosks that allow people to buy the virtual coins, or exchange them for cash, will be installed within the next month or so in Seattle and Austin, Texas, according to Robocoin, the Las Vegas-based company that makes the machines.

They will be the first such ATMs in the United States. Robocoin has installed machines in Vancouver, British Columbia, with more in Canada, Hong Kong, Europe and Asia in the works.

The emergence of public ATMs, the company says, is a step toward making Bitcoin, a currency that's not backed by a government or bank and has no physical assets to prop up its value, a more comfortable buy for mainstream users outside the Webcentric circles where it currently thrives.

"We think it's a huge breakthrough when it comes to bringing accessibility to the consumers," Robocoin CEO Jordan Kelley said.

Since its inception in 2009, Bitcoin has fluctuated wildly in value. Currently, a single Bitcoin is worth about $636. That value was as high as $1,000 in December as investors began leaping into the currency.

Some traditional businesses, including online retailer Overstock.com, some Subway sandwich shops and Richard Branson's Virgin Galactic, have begun accepting Bitcoin.

But the anonymous nature of the currency also has linked it with less reputable outlets. Bitcoin and other digital "cryptocurrencies" have been the de facto payment system on underground websites that deal in drugs, weapons and other illegal merchandise.

Last week, the anonymous owners of black-market website Silk Road announced that hackers had stolen $2.7 million worth of Bitcoin. In separate incidents, several online Bitcoin exchanges have been taken down by hackers who exploited a flaw to create fake transactions.

Kelley wants his company's machines to help the currency shed its shadier associations, even if that means alienating some supporters who like the mostly anonymous nature of Bitcoin exchanges.

"We're trying to move Bitcoin, put it in the mainstream, bring it to the masses," he said. "To do that, some things have to go by the wayside, and one of them is anonymity."

To create a Robocoin account, a user enters their mobile phone number at one of the kiosks. The machine sends a code to that phone and, after the user enters the code, they are asked to scan the palm of their hand.

"Your phone is your user ID and your palm is your password," Kelly said.

The user is then asked to insert a driver's license or other government-issued ID, further personalizing their account as well as providing Robocoin an opportunity to verify the user's name against government watch lists for terrorists or others who may not legally do business in the machine's home country.

Then, the user takes a photo at the kiosk, which must be verified as a match with the picture on their ID card.

Once their account is verified, a process Kelley said takes two to five minutes, they are free to buy Bitcoins at the kiosk. Customers may either transfer them to an account, using a private code the machine dispenses, or use a smartphone app to store them on their phone.

Robocoin sells the machines for $20,000. Owners make money by charging a small transaction fee to use them, Kelley said.

Read More

Feeling glum, happy, aroused? New technology can detect your mood

A long distance drive can be lonely with only a radio for company, and if the driver is stressed or tired it becomes dangerous.

A car that could understand those feelings might prevent an accident, using emotional data to flag warning signs. Sensors could nest in the steering wheel and door handles to pick up electric signals from the skin. Meanwhile a camera mounted on the windshield could analyze facial expressions.

Alternatively, if the driver exhibits stress, the vehicle's coordinated sensors could soften the light and music, or broaden the headlight beams to compensate for loss of vision. A distressed state could be broadcast as a warning to other motorists by changing the color of the vehicle's conductive paint.

This empathic vehicle is the goal of AutoEmotive, a research project from the Affective Computing group at MIT's media lab, who are focused on exploring the potential of emotional connections with machines. 'AutoEmotive' is their latest and most integrated project, following successful efforts to make interfaces of everything from bras to mirrors.

Researchers believe the concept is destined for the mainstream, and have fielded interest from manufacturers. "We have already tested most of these sensors", says Javier Rivera, MIT researcher and project leader. "The hardware required could easily be built into cars. Most cars have cameras anyway; you just have more to capture the physiology. It could be done unobtrusively."

Not time like the present

But we don't have to wait for emotion sensors. They are flooding into a new market, using a growing range of mood metrics to suit diverse applications. Voice recognition app Beyond Verbal can tell you if you flirt too much in just 20 seconds. A sweater that detects skin stimulation to color code your feelings is available for pre-order.

The fastest-developing method is facial recognition, led by Affectiva, a start-up that spun off from MIT's Affective Computing group three years ago. In that time, the company has amassed a database of over a billion facial expressions, which it uses to train algorithms to recognize and classify basic emotions such as happiness or anger, with over 90% accuracy.

Their flagship technology, Affdex, has been swiftly adopted by advertisers, who use it to test reactions to their campaigns, and modify them accordingly. Market research partners Millward Brown have standardized its use for Fortune 500 clients including PepsiCo and Unilever.

"In the past this technology was confined to laboratories because of high cost and slow turnaround," explains Nick Langeveld, Chief Executive Officer of Affectiva. "We've cracked those issues; the cost is very low as the service is over the web, and it can be turned around almost immediately after the data is collected."

Competitor Emotient also specializes in face recognition, but its primary target is the retail sector. Their software is on trial in stores, pinpointing 44 facial movements to monitor emotional reactions of staff and shoppers, as well as demographic information including age and gender. From customer satisfaction to employee morale, the benefits to business are obvious, and Emotient claim major retail partners plan to make the system permanent.

Medical applications

It is also time to bring these tools into clinical practice, believes Dr. Erik Viirre, a San Diego neurophysiologist. "While so many medications list suicide risk as a possible side effect I think we have to use biosensors, and there is a big push within psychiatry to bring them in. Thought disorders could be picked up much quicker and used to determine treatment."

Viirre has studied headaches extensively and found that contributing factors build up days before they strike, including mood. He argues a multi-sensor approach combining brain scans, genetic tests and emotion sensing could dramatically improve treatment.

But emotion sensors are currently limited in their capacity to differentiate nuanced expression, says Tadas Baltrušaitis of the University of Cambridge Computer Laboratory, who has published research on the subject.

"It is easy to train a computer to recognize basic emotions, such as fear or anger. It is more difficult to recognize more complex emotional states, that might also be culturally dependent, such as confusion, interest and concentration."

But there is scope for rapid progress: "The field is relatively new, and only recently has it been possible to recognize emotions in real world environments with a degree of accuracy. The approaches are getting better every year, leading to more subtle expressions being recognizable by machines."

Baltrušaitis adds that combined sensors -- as with 'AutoEmotive' -- that pick up signals from skin, pulse, face, voice and more, could be key to progress.

Buyers beware

I think variations are already being used in places like airports and we would never know
Chris Dancy, futurist

In this post-NSA climate, companies are keen to head off privacy concerns. Affectiva and Emotient are vehement that all their data has been gathered with permission from the subjects, while the latter defend their use of recognition software in stores by saying it does not record personal details.

But the technology is prone to abuse, according to futurist and information systems expert Chris Dancy. "I think variations are already being used in places like airports and we would never know", he says. "I can't imagine a system to take value readings of my mind for a remote company being used for good. It's a dark path."

Producers claim they strictly control the use of their sensors, but facial recognition technology is proliferating. UK supermarket Tesco could face legal action for introducing it in stores without permission, while San Diego police have been quietly issued with a phone-based version.

Ironically, Dancy -- a leading proponent of the Quantified Self movement -- is pursuing many of the same insights into emotion as advertisers, but by alternative means and for personal goals. He keeps himself connected to sensors measuring pulse, REM sleep, blood sugar and more, which he cross-references against environmental input to see how the two correlate, using the results to give him understanding and influence over his mind state.

'Moodhacking' has become a popular practice among the technologically curious, and has given rise to successful applications. Members of London's Quantified Self Chapter created tools such as Mood Scope and Mappiness that help the user match their mental state to external events. Hackers and makers will have an even more powerful tool in March, when the crowd-funded OpenBCI device makes EEG brainwaves available to anyone with a computer for a bargain price.

For all the grassroots hostility towards corporate use of emotion sensors, there may be convergence. Affectiva are keen to market to Quantified Self demographics and an Affdex app for android is imminent. As the machine learning develops, and different industries combine to join the dots, we can all expect to be sharing a lot more.

Read More

AT&T follows Verizon, offers free global texts with Mobile Share

The next battleground for carriers is shaping up to be international calling and text messages.
AT&T is the latest to fire a shot, saying Tuesday that it would throw in free international text messages from the US to the world for anyone signed up with a Mobile Share data plan. Current members will get the benefit too.
In addition, AT&T introduced a new World Connect Value plan that allows members to make phone calls to more than 35 countries for 1 cent per minute. The plan limits calls to only 1,000 minutes a month. Both go into effect on February 28.
The move comes after Verizon highlighted its international access as a critical component of its "More Everything" plan. These plans appeal to customers who still have family overseas and want to keep in touch. T-Mobile earlier this month introduced its own $15 global plan that offered unlimited mobile-to-mobile calls to more than 30 countries and 1,000 minutes to Mexico, alongside an existing $10 plan that also includes unlimited text messages to overseas numbers.
Verizon's plan also offered free international text messages from the US to the world. More Everything members get its global calling plan for free for the first three months. Under Verizon's plan, a call to Mexico or Canada would cost 1 cent a minute, while a call to Latin America would cost 5 cents a minute.
Under AT&T's World Connect plan, these are the countries that fall under the penny-a-minute category: Anguilla, Antigua and Barbuda, Aruba, Bahamas, Barbados, Belize, Bermuda, Bonaire, British Virgin Islands, Cayman Islands, Colombia, Costa Rica, Curacao, Dominica, Dominican Republic, El Salvador, Grenada, Guadeloupe, Guatemala, Haiti, Honduras, Jamaica, Martinique, Montserrat, Nicaragua, Panama, Saba, St. Barthelemy, St. Eustatius, St. Kitts and Nevis, St. Lucia, St. Maarten, St. Martin, St. Pierre and Miquelon, St. Vincent and the Grenadines, Trinidad and Tobago, Turks and Caicos Islands, and Venezuela.
The plan costs $5 a month, just like Verizon's own international plan.
AT&T's old World Connect plan cost $4 a month and offered a range of discounted rates, although they remain fairly high, with a call to a Mexico landline costing 9 cents a minute, and 25 cents for wireless. AT&T's old Latin America Talk and Text plan previously cost $10 a month and offered unlimited messaging to eight Latin American countries. It would also get discounted rates, including a penny a minute for Mexico, and 9 cents a minute for any of the other countries.
Verizon and AT&T have been going at it with dueling promotions, but its recent fight has been triggered by T-Mobile. It all began last year with T-Mobile, which waived fees for text messages and data services while abroad. Like AT&T and Verizon, T-Mobile has been pushing its international story aggressively.

Read More

Apple promises to fix OS X encryption flaw 'very soon'

Apple said it will fix a bug "very soon" that allows hackers to spy on financial, e-mail, and other personal data on computers from its Mac desktop and notebook lineup.
The Cupertino, Calif.-based technology giant confirmed in an e-mail to Reuters that it was aware of the issue and already has a software fix that will be released likely in the next few days.
The severity of the bug was significant enough for Apple to issue an iterative update to its more popular iOS 7 software -- version 7.0.6, released on Friday -- instead of waiting for a larger update as the company does with minor or insignificant design changes.
But its desktop and notebook range of Macs was left vulnerable to man-in-the-middle (MITM) attacks, which could allow a hacker to snoop and surveil sensitive data due to a bug in the security layer.
Such attacks would undermine the encryption between the user and a Web site, allowing financial or password data to be collected and used against the individual.
The bug, disclosed by security researchers shortly after the iOS update, drew suspicion from the hacker community for being a simple mistake.
Some believed the bug was either indicative of poor quality assurance on Apple's part, or in the age of US government surveillance disclosures perhaps a result of infiltration or creating a deliberate weakness.
Similar attacks were reportedly used against Belgium's largest telecom provider, Belgacom, which was exploited by the US National Security Agency (NSA) through faked LinkedIn and Slashdot pages.
The bug fix, which will be pushed through OS X's automatic update facility, will likely be issued this week to address the issue. The flaw has been present for months, according to researchers who tested earlier versions of the desktop and notebook operating system.
Daring Fireball's John Gruber, an Apple expert and insider, questioned in a blog post on Saturday whether or not this had been exploited by the NSA.
He suggested there was "purely circumstantial" evidence to suggest the NSA had access to secure data through the controversial leaked PRISM program, to which Apple was "added" in October 2012, just one week after iOS 6 -- the first version of the mobile software that contained the bug. "But the shoe fits," he added.
Matthew Green, a cryptography teacher at Johns Hopkins University, is "sure the Apple bug is unintentional," he wrote on Twitter on Friday. "But man, if you were trying to sneak a [vulnerability] into SSL, this would be it," he added.

Read More

Quixey's mobile search lets you dig deep into apps for results

Quixey thinks it can do mobile search better.
The Mountain View, Calif., startup on Tuesday showed off the capability to run mobile searches and bring up results straight from apps -- including apps that aren't even on the phone. The company believes these kinds of deeper searches will make it a go-to tool on smartphones.
For example, run a search for an Italian restaurant, and Quixey will not only bring up listings, but also utilize apps to bring up information such as ratings or even table and reservation availability. You wouldn't just get links, but real-time information and the option to make reservations on the spot.
"The idea is to lower borders and make apps comfortable," Quixey CEO Tomer Kagan said
It's the next step in Quixey's quest to shake up the mobile search business. In October, the company launched an app on the Google Play store that lets you find other apps based on questions you type in normal language, a departure from the status quo of searching for apps by name or looking through app stores for the most popular selections.
Quixey's latest capability adds another level of usefulness to its search, breaking what it calls the "walled garden" of data within each application, and coming up with the most relevant results regardless of source. Quixey will be able to draw upon information from select apps that aren't even on your phone, which would provide an incentive for you to download that app.
Now, searching for data locked up in apps isn't as simple as casting a wider net, and Quixey is starting small with its announcement at Mobile World Congress. The company will start with restaurant search results, folding in data from apps in that area.

Get recipes straight from the app.

(Credit: Quixey)

But as of the interview, Quixey only counted Allthecooks Recipes and Spotify as participants, but the startup was looking to nail down a few more partners. For now, the results will bring up recipes and information on artists and tracks based on those two apps. If you click on the play button in the search results of Quixey, your phone will switch over to the Spotify app or ask you to download it. The company is working with developers to explore more interactive results.
At the conference, Quixey showed off a platform that allows app developers to allow the search engine to access its info. The hope is that Quixey's search results will bring up critical data from an app, enticing someone into downloading it.
Quixey will run a beta test with a larger group of partners after the show, and hopes to launch in late March or early April, according to Kagan.
Kagan compares Quixey's smarter results to the kind of results you get when using Google on a PC. Type "foreign currency exchange" into Google, and you won't just get links to currency exchange Web sites, but also a foreign currency calculator. You want to travel to Las Vegas? Google it and you'll get a list of available flights you can purchase straight from the site.
Quixey believes that same kind of easy access can be had on a mobile device, but acknowledges it will take time.
"This is not a simple challenge," he said. "It's enormous for us."
Indeed, while Quixey powers some well known app search engines, including Sprint's app store and Ask.com, it has had limited success as its own Android app. Kagan says it has crossed six figures in downloads and is on its way to seven figures, and noted that half of the people who install it are regular users.
"It's doing okay," Kagan said.
A majority of the nearly 600 reviews of the app found in the Google Play store were overwhelmingly positive, so it has slow, but enthusiastic, traction.
The deep search feature introduced at the show will trickle out to the consumer app, as well as its partners, so they all get the same benefit.

Read More

BlackBerry CEO confirms Foxconn-made Q20 and Z3 phones

BlackBerry CEO John Chen confirmed two new phones were on their way this year.
The first, codenamed "Jakarta," but known as the BlackBerry Z3 will launch first in Indonesia in April before moving to other markets. It will retail for less than $200.
The second phone, the BlackBerry Q20 (which Chen dubbed "BlackBerry Classic" because of its keyboard) is designed for big business and government clients and will launch by the end of the year. It was also designed by Foxconn.
"We are definitely here to compete and make up some lost ground," Chen said during a press conference here on Tuesday.
Foxconn Chairman Terry Gou was also on hand, and expressed his confidence that the company will be able to deliver BlackBerry phones to the market.
While phones can take up to a year to be developed, Foxconn only spent 3 months on the products, and both Gou and Chen were able to hold up demo units of the touchscreen Z3.
BlackBerry has previously said it was working with Foxconn to produce a BlackBerry 10-powered

smartphone that could sell for less than $200. It's part of Chen's strategy of maintaining and hopefully building on its still relatively strong market share position in the emerging markets.
The Jakarta phone will be 3G, but Chen said there are plans to create an LTE version that will be sold to different markets.
Chen also teased a number of flagship-class devices in the works, but didn't provide any further details.

Read More

Freescale Semiconductor's Kinetis KL03 processor, shown here nestled inside a dimple of a golf ball.

(Credit: Freescale Semiconductor)

Freescale Semiconductor, a maker of small processors called microcontrollers, has a tinier new one it hopes will help companies jump aboard the "Internet of things" bandwagon.
The microchips used in computers cost tens, hundreds, and sometimes thousands of dollars. But the Kinetis KL03 is an entirely different class for devices that aren't nearly so big and brawny: it measures just 1.6x2.0mm and costs 75 cents -- for customers buying them 100,000 at a time.
The 48MHz chip is 15 percent smaller than the earlier KL02, the company said. It's just right for something like a car key that could tell a person how much fuel the car has, but Freescale also expects to sell it for use in mobile devices, portable medical equipment, cars, and appliances.
Its size makes Freescale's chip "the world's smallest ARM-based microcontroller," the company said. ARM licenses chip designs to many manufacturers, an approach that simplifies programming because software more likely can be reused to reach different devices.
Freescale announced the ship at the Embedded World Conference show in Nuremburg, Germany, but the "Internet of things" is a big deal at the Mobile World Congress show here, too. The mobile show focuses primarily on mobile phones, but is expanding to connected cars, homes, city infrastructure, wearable computing devices, and other domains as electronic brains and network connections spread ever farther.
The KL03 is designed to work in very low-power devices that need less than 2KB of memory, Freescale said. The KL02 is designed for somewhat more powerful devices with more RAM.
The KL03 also includes 32KB of flash memory and 2KB of RAM. Freescale will release samples next month and plans to reach full production in June.

Freescale Semiconductor's Kinetis KL03 processor viewed close up.

(Credit: Freescale Semiconductor)

Read More

T-Mobile's losses widen as the carrier promotes 'UnCarrier'

 





T-Mobile's "UnCarrier" promotions may be winning the fourth
largest nationwide wireless operator new customers, but it's
coming at a cost.
For the fourth quarter of 2013, the company's losses grew to $20 million, or 3 cents per share. This was up from a loss of $8 million, or 1 cent per share, during the same quarter in 2012. The losses were primarily a result of the company's higher spending on promotions.
Revenue increased by 39 percent year over year to $6.83 billion.















The company said last month that it added a total of 1.6 million customers in the fourth quarter. That compares with 1.02 million additions in the third quarter. It has added a total of 4.4 million customers for the year; 2 million of them were on its postpaid service. In the fourth quarter a year earlier, T-Mobile lost 515,000 customers. In total, T-Mobile ended the fourth quarter of 2013 with 46.7 million customers.
About 869,000 new customers in the quarter were "branded postpaid" additions. Another 112,000 were "branded prepaid" customers. T-Mobile also reported that it has reduced its churn rate, or the rate at which customers leave its service to 1.7 percent for the quarter. Compared with the third quarter, the churn rate has remained relatively stable, but it is a huge improvement from the fourth of quarter of 2012 when the churn rate was 2.5 percent.
T-Mobile CEO John Legere, who has been on the job for about a year and a half, said the strong subscriber growth shows that the company's strategy is working.
"Customers are fed up with the old ways and are voting in favor of choice, innovation and doing business with a company that cares about them and is willing to earn their business," he said in a statement. "For shareholders, we transformed the company into a fierce, growing competitor that is changing the wireless industry and creating significant value."
The cost of 'UnCarrier'
T-Mobile's subscriber growth comes in large part due to the company's new UnCarrier strategy, which has resulted in T-Mobile getting rid of service contracts and phone subsidies, adding a new upgrade program, offering free international data roaming, and giving away 200MB of free data for tablet customers. Earlier this year, the company announced it would pay early termination fees for customers switching to T-Mobile from any of the other three major US wireless operators.
But T-Mobile's aggressive tactics to win new customers is costing the company. Even though revenue was on the rise due to the fact that T-Mobile is now servicing more customers, the average revenue per user, or ARPU, dropped from the third quarter to the fourth quarter. T-Mobile reports that postpaid customers in the fourth quarter spent $1.50 less than they did the previous quarter. This is a drop of 2.9 percent for an average spend of about $50.70 each month.
The main reason for this decrease in average revenue per user is because customers are moving to T-Mobile's lower cost Value and Simple Choice plans, which cost less compared to the older, traditional service contract plans, which bundled equipment and service plans. On the prepaid side, the average customer spend per month increased slightly by 13 cents or 0.4 percent to $35.84 compared to the third quarter of 2013.
The company also spent more money to acquire each customer that it added to its service. According to T-Mobile, the cost of adding a new subscriber increased by $10 to $317. The company attributed this increase to promotional expenditures during the holiday season as well as higher equipment losses from an increase in sales of higher priced smartphones.
T-Mobile has said that it is determined to continue to move forward with its UnCarrier strategy. Legere says he isn't done shaking up the industry. And the company stated in its press release that it expects to add between 2 million and 3 million new postpaid customers in 2014. And the company also believes that by the end of 2014, roughly 85 percent to 90 percent of its postpaid customers will be on its new Value/Simple Choice plans.
T-Mobile's efforts have indeed shaken things up. Its competitors -- AT&T, Verizon Wireless, and Sprint-- have each responded with competing offers. AT&T, which has been the most targeted by T-Mobile in its marketing, has responded the most aggressively. To better match T-Mobile's offers, AT&T has also unbundled the cost of new devices from its service plans. What this means is that customers who buy their own phone or who bring a used phone to the AT&T network, get a discount on their monthly service. The company has also responded with a revamped pricing schedule that provides more value for customers.
Even Verizon has begun responding to T-Mobile's market shakeup. Big Red is now offering customers more data for the same price. It's also added a lower cost tier of data service and it revamped its early upgrade program.
T-Mobile's efforts have also not gone unnoticed by regulators, who now are much less likely to allow competitor Sprint to acquire T-Mobile. As a result, it looks like T-Mobile will continue to forge ahead alone in its strategy. But the big question is whether it will be able to survive as its aggressive moves continue to take a toll on the bottom line.
The company is hosting a conference call to discuss results at 6 a.m PT today.

Read More

Microsoft's hardware chief changes roles

Microsoft executive Julie Larson-Green announced Monday she is leaving her role as leader of hardware development to lead the My Life & Work team inside the Applications and Services Group.
Larson-Green, who announced the move in an internal memo obtained by GeekWire, also will serve as chief experience officer for the division, which oversees online services such as Bing, Outlook.com, MSN, and SkyDrive. She will report to Qi Lu, who runs the Applications and Services Group.
Before taking over development of hardware such as the Xbox and Surface last July, Larson-Green was tapped to lead all Windows software and hardware engineering upon the sudden departure of Microsoft President Steven Sinofsky in 2012. She also has served as corporate vice president of program management for the Windows client.
The move comes ahead of the imminent return of former Microsoft exec Stephen Elop, the ex-Nokia CEO who is rejoining the software giant as part of its $7.2 billion acquisition of Nokia's devices and services business. Larson-Green is expected to remain chief of the company's Devices & Studios Group until the Nokia deal closes, which is expected to happen this quarter.

Read More

Curved Samsung Gear Fit Review

With the Gear Fit, Samsung has delivered a very fitness focused wearable that is super light and has a sexy style all its own. While very much being focused on those who want to get out and run like the wind, the Gear Fit still delivers all the notification benefits you'd expect when keeping it paired with your Samsung Galaxy phone.

Design

Where the Samsung Gear 2 is all about looking as much like a stylish watch as is technically possible, the Gear Fit runs with a thin and curved design that is so light it just blends into your wrist and stays out of your way. But that curved Super AMOLED 1.84-inch screen is an absolute stunner, its 432x128 resolution screen just popping with colour. The default wallpapers and layouts offer many styles to suit different tastes, plus when you sync your Gear Fit to your phone you can also crop any image to create your own wallpaper to go fully custom.

Samsung Gear Fit, hands-on (pictures)

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

The Gear Fit sits comfortably against your wrist, with the curved design holding snug against your skin — which itself is important to maintain good contact for the constant heart rate monitoring feature. It doesn't feel strange or uncomfortable, and the curved screen also ensures the design feels well conformed to its function.
The Gear Fit itself is a small device that is fitted into a rubber strap. The strap can be easily detached and Samsung suggests new strap design options will be available. It's good for any fitness product to have swappable straps to ensure you can swap in something clean and fresh after it gets scummed up through extended sweaty use.
The settings are easily controlled with swipes and taps and the widescreen style gives you the ability to add extra information to the default view alongside the watch mode, like your step counter or your next calendar appointment.

Core Features

The Samsung Gear Fit is a Bluetooth 4.0 LE device and is IP67 rated for excellent dust and water resistance. A heart rate sensor is on the underside which can be left active over extended periods. It also features general activity tracking for all your pedometric and gyroscopic needs.

The underside of the Gear Fit reveals the sensors used to monitor your heart rate.

(Credit: Andrew Hoyle/CNET)

The Gear 2 advantage will be the app integration that is hitting that device for this second-generation launch. Here on the Gear Fit you'll get your notifications for calls, e-mail, SMS, alarm and the S-Planner. Samsung also says the platform is open to third party app notifications as well.
The Gear Fit includes personal fitness coaching options which integrate with the heart rate monitor to ensure you keep up the right pace to hit your targets.
For those who love a good spec, the Gear Fit is 23.4mm by 57.4mm by 11.95mm and weighs in at a tiny 27g.
Battery expectation is three to four days "typical usage" and five days of "low usage."

Outlook

Samsung has now created a family of wearables that already seem far more practical than last year's efforts, with different models to suit different tastes and interests. The lack of a camera doesn't seem a major loss here on the Gear Fit, but the extra app integration appearing on the Gear 2 may give some buyers pause here. The Gear Fit might be fitness focused, but the Gear 2 has a new Runkeeper app which would sway some people in that direction.
The Super AMOLED screen is gorgeous and the form factor feels fresh and well suited to the fitness focus. If the price is right, the Gear Fit could lay waste to many of the other wrist-bound fitness trackers out there this year.

Read More