Intel 310 mSATA SSD knows that size matters, fits 80GB into less space than a credit card originally appeared on Engadget on Wed, 29 Dec 2010 15:46:00 EDT. Please see our terms for use of feeds.
Permalink | | Email this | Comments
Olympus XZ-1 and other pre-CES camera rumors from Sony and Panasonic originally appeared on Engadget on Wed, 29 Dec 2010 20:44:00 EDT. Please see our terms for use of feeds.
Permalink
SlashGear | 
4/3 Rumors, Sony Alpha Rumors | Email this | Comments
Continue reading HEX ships iPod nano watch band, dares you to destroy it (video)
HEX ships iPod nano watch band, dares you to destroy it (video) originally appeared on Engadget on Wed, 29 Dec 2010 10:27:00 EDT. Please see our terms for use of feeds.
Permalink |
HEX | Email this | Comments
At the end of the year, it's always fun to look back at the places you've gone and things you've done in the past 12 months, and if you log your comings and goings with apps like Foursquare or Twitter, doing that year in review is even easier.
To use Where Do You go, you've got to log in with your Google Account and authorize it to index your Foursquare check-ins, which gave me pause, since I keep my Foursquare history private. But, the app doesn't publish check-in details, just your past whereabouts in aggregate. You can delete all your data from the app if you want to just try it and bail. If you keep your account, the map updates with each new check-in, but only displays check-ins which are more than 24 hours old for privacy reasons. It's fun to see what areas of different cities you favor most—apparently I rarely travel above 34th street in Manhattan—and it can give you even more motivation to visit areas you normally don't, even in your home city. Someday I hope to get a similar heatmap view in ThinkUp for posts from Twitter and Facebook, too.
In order to keep down your credit card fees, SwipeGood rounds up every purchase you make to the nearest dollar, adding the change from that purchase to your donation, which it makes at the end of the month (instead of after every purchase). If you have a specific charity you'd like to donate to, you can switch your charity any time you want, and they're always adding new ones. And, while in this case it's a good thing that the change from your purchases adds up quickly, you can always set a monthly limit for your roudups so you don't end up donating more than you can afford. Hit the link to read more.
HTC EVO Shift 4G headed for a January 9th launch at $150, according to RadioShack leak originally appeared on Engadget on Wed, 29 Dec 2010 08:10:00 EDT. Please see our terms for use of feeds.
Permalink |Android Central | Email this | Comments
After suffering a massive outage last week, Skype CIO Lars Rabbe has now detailed what went wrong.
One of the root causes? A bug in the Skype for Windows client (version 5.0.0152).
Rabbe kicks off by explaining that a cluster of support servers responsible for offline instant messaging became overheated on Wednesday, December 22.
A number of Skype clients subsequently started receiving delayed responses from said overloaded servers, which weren’t properly processed by the Windows client in question. This ultimately caused the affected version to malfunction.
Initially, users of Skype’s newer and older Windows software, as well as those using the service on Mac, iPhone and their television sets, were unaffected.
Nevertheless, the whole system collapsed as the faulty version of the Windows client, 5.0.0.152, is by far the most popular – Rabbe says 50% of all Skype users globally were running it, and the crashes caused approximately 40% of those clients to fail.
The clients included roughly a third of all publicly available supernodes, which also failed as a result of this issue.
From the blog post:
A supernode is important to the P2P network because it takes on additional responsibilities compared to regular nodes, acting like a directory, supporting other Skype clients and establishing connections between them by creating local clusters of several hundred peer nodes per each supernode.
Once a supernode has failed, even when restarted, it takes some time to become available as a resource to the P2P network again. As a result, the P2P network was left with 25–30% fewer supernodes than normal. This caused a disproportionate load on the remaining available supernodes.
Rabbe goes on to explain a lot of people who experienced crashing Windows clients started rebooting the software, which caused a huge increase in the load on Skype’s P2P cloud network. He adds that traffic to the supernodes was about 100 times what would normally be expected at the time of day the failure occurred.
A perfect storm in the P2P clouds, so to speak.
To learn how Skype supported the recovery of its supernode network, and what they’ll be doing to prevent this from happening again, I suggest you go read the full blog post.
And major kudos to the company for being so prolific in explaining what happened.
LVX System launches visible light communication in the US, finally originally appeared on Engadget on Wed, 29 Dec 2010 05:48:00 EDT. Please see our terms for use of feeds.
PermalinkAP | LVX System | Email this | Comments
MSI reveals mad Sandy Bridge motherboard with eight PCIe slots, eight USB 3.0 ports, and three BIOS chips originally appeared on Engadget on Wed, 29 Dec 2010 06:26:00 EDT. Please see our terms for use of feeds.
PermalinkSemiAccurate | | Email this | Comments
Continue reading LG's LW6500 Cinema 3D TV is certified flicker-free, launching at CES
LG's LW6500 Cinema 3D TV is certified flicker-free, launching at CES originally appeared on Engadget on Wed, 29 Dec 2010 07:06:00 EDT. Please see our terms for use of feeds.
PermalinkC! runchGea r | Newswire | Email this | Comments
Speaking at the Chaos Computer Club (CCC) Congress here today, a pair of researchers demonstrated a start-to-finish means of eavesdropping on encrypted GSM cellphone calls and text messages, using only four sub-$15 telephones as network "sniffers," a laptop computer and a variety of open source software.
While such capabilities have long been available to law enforcement with the resources to buy a powerful network sniffing device for more than $50,000 (remember The Wire?), the pieced-together hack takes advantage of security flaws and short-cuts in the GSM network operators' technology and operations to put the power in the reach of almost any motivated tech-savvy programmer.
"GSM is insecure, the more so as more is known about GSM," said Security Research Labs researcher Karsten Nohl. "It's pretty much like computers on the Net in the 1990s, when people didn't understand security well."
Several of the individual pieces of this GSM hack have been displayed before. The ability to decrypt GSM's 64-bit A5/1 encryption was demonstrated last year at this same event, for instance. However, network operators then responded that the difficulty of finding a specific phone, and of picking the correct encrypted radio signal out of the air, made the theoretical decryption danger minimal at best.
Naturally this sounded like a challenge.
Working the audience through each process step, Nohl and OsmocomBB project programmer Sylvain Munaut demonstrated how the way in which GSM networks exchange subscriber location data, in order to correctly route phone calls and SMSs, allow anyone to determine a subscriber's current location with a simple Internet query, to the level of city or general rural area.
Once a phone is narrowed down to a specific city, a potential attacker can drive through the area, sending the target phone "silent" or "broken" SMS messages that do not show up on the phone. By sniffing to each bay station's traffic, listening for the delivery of the message and the response of the target phone at the correct time, the location of the target phone can be more precisely identified.
To create a network sniffer, the researchers replaced the firmware of a simple Motorola GSM phone with their own alternative, which allowed them to retain the raw data received from the cell network, examine more of the cellphone network space than a single phone ordinarily monitors. Upgrading the USB connection allowed this information to be sent in real time to a computer.
By sniffing the network while sending a target phone an SMS, they were able to determine precisely which random network ID number belonged to the target. This gave them the ability to identify which the myriad streams of information they wanted to record from the network.
All that was left was decrypting the information. Not a trivial problem, but made possible by the way operator networks exchange system information with their phones.
As part of this background communication, GSM networks send out strings of identifying information, as well as essentially empty "Are you there?" messages. Empty space in these messages is filled with buffer bytes. Although a new GSM standard was put in place several years ago to turn these buffers into random bytes, they in fact remain largely identical today, under a much older standard.
This allows the researchers to predict with a high degree of probability the plaintext content of these encrypted system messages. This, combined with a two-terabyte table of precomputed encryption keys (a so-called rainbow table), allows a cracking program to discover the secret key to the session's encryption in about 20 seconds.
This is particularly useful, the researchers said, because many if not most GSM operators reuse these session keys for several successive communications, allowing a key extracted from a test SMS to be used again to record the next telephone call.
"There is one key used for communication between the operators and the SIM card that is very well protected, because that protects their monetary interest," Nohl said. "The other key is less well protected, because it only protects your private data."
The researchers demonstrated this process, using their software to sniff the headers being used by a phone, extract and crack a session encryption key, and then use this to decrypt and record a live GSM call between two phones in no more than a few minutes.
Much of this vulnerability could be relatively easily addressed, Nohl said. Operators could make sure that their network routing information was not so simply available through the Internet. They could implement the randomization of padding bytes in the system information exchange, making the encryption harder to break. They could certainly avoid recycling encryption keys between successive calls and SMSs.
Nor is it enough to imagine that modern phones, using 3G networks, are shielded from these problems. Many operators reserve much of their 3G bandwidth for Internet traffic, while shunting voice and SMS off to the older GSM network.
Nohl elicited a laugh from the audience of hackers when he called the reprogrammed network-sniffing phones "GSM debugging devices." But he was serious, he said.
"This is all a 20 year old infrastructure, with lots of private data and not a lot of security," he said. "We want you to help phones go through the same kind of evolutionary steps that computers did in the 1990s."
It's a scene from an as-yet-unmade thriller – across a country, tens of thousands of cell phones all blink white at the same, and turn themselves off. Calls are lost, phones are rendered useless, and the affected mobile operator is forced to pay a ransom or lose customers.
It hasn't happened yet. But speaking at the Chaos Computer Club Congress here, German researchers showed how vulnerabilities in some the simplest, but most common phones in the world could conceivably lead to just such a scenario.
Mobile phone security has been a growing concern due to the increasing popularity of smart phones, whose Web-browsing and app-running capabilities offer attackers similar to those offered by computers. Yet more than 85 percent of the world's cell phones remain so-called feature phones – simple devices with the ability to play MP3s or browse the Web, but without the power of the iPhone or Android-based handsets.
Vulnerabilities have been found in this type of phone before, but new open-source tools allowing individuals to set up their own private GSM networks have allowed researchers to find a host of bugs ranging from pesky to serious in many of the world's most common handsets.
"With the openness in the GSM on the network side, we can look at the closed stuff now," said Collin Mulliner, a researcher at Berlin's Technical University. "And if we're able to look at closed stuff, it usually breaks."
Mulliner and colleague Nico Golde set up their own GSM network in their lab, allowing them to freely test the effects of sending SMS messages containing a variety of potentially damaging payloads.
The result was bugs, and plenty of them. Popular models of phones from Nokia (the S40 and related models, except for the very newest release), Sony Ericsson (w800 and several related models), LG (LG 320), Samsung (S5230 Star and S3250) Motorola (the RAZR, ROKR, and SVLR L7) and India's Micromax (X114) all proved susceptible to what researchers termed an "SMS of death."
The exact results differed for each phone. In the worst cases, including the Nokia and Sony Ericsson, the message would disconnect the phone and force it to reboot, without registering the fact of the message's receipt – in most cases forcing the operator's network to continue sending the message and triggering the shut-down cycle again. Fixing the problem required putting the SIM card into a new, unsusceptible phone.
In the other cases, the payload-laden messages forced the phones' interfaces to shut down, and disconnected the devices from the network. The researchers stressed that other phones likely had similar problems, but their research had focused on these common models.
At first glance, these problems appear to be relatively minor compared to the botnet or trojan susceptibilities of smartphones. But these simple attacks could cause serious problems, potentially for a single well-chosen target, or – more disturbingly – if launched on a large scale.
This could be relatively easily done, Mulliner said. In Germany, for example, mobile phone number prefixes are associated with specific operators, allowing large-scale attacks to be mounted on a single operator's customer base relatively easily. Bulk SMS messages tailored to attack specific common phones by the thousands could be sent using commercial SMS spam services, by activating botnets hiding on mobile phones, or even by an insider at a telephone company.
This kind of large-scale attack potential raises the possibility that a telco itself could be held hostage by an outsider threatening to flood its customers with reboots or even broken phones, researchers said.
Alternately, some police forces around the world rely on cell phones to communicate in areas where their two-way radios function poorly. An attack on a common model used by a police force could disrupt communications at a critical time.
The problem is these problems aren't easy to fix. Inexpensive "feature phones" rarely if ever receive firmware updates today. But the potential for abuse of bugs that are becoming easier to find means this practice might have to change, the researchers said.
"Manufacturers need to find a way to do firmware updates, and make sure to advertise them," Mulliner said.
Continue reading MSI Wind U270 netbook emerges with 1.6GHz AMD Zacate processor
MSI Wind U270 netbook emerges with 1.6GHz AMD Zacate processor originally appeared on Engadget on Tue, 28 Dec 2010 17:30:00 EDT. Please see our terms for use of feeds.
Permalink |YouTube (Mini PC Pro), Netbook News | Email this | Comments
Disney imagineering long lines out of theme parks with military-grade monitoring systems originally appeared on Engadget on Tue, 28 Dec 2010 18:16:00 EDT. Please see our terms for use of feeds.
Permalink |The New York Times | Email this | Comments
HTC Thunderbolt with LTE for Verizon pictured ahead of CES unveiling? originally appeared on Engadget on Tue, 28 Dec 2010 18:35:00 EDT. Please see our terms for use of feeds.
Permalink |Droid Life | Email this | Comments
Wired.com has been expanding the hive mind with technology, science and geek culture news since 1995.
Posts
