Friday, October 2, 2015

Every Android device is vulnerable to newly discovered bugs



Two major vulnerabilities have been discovered in Google's Android mobile software by the same security company that found a whole series of dangerous bugs earlier this year. Several of the bugs discovered by the security researchers pose a danger to every active Android device out there.
The two new bugs, which can expose people with Android-powered smartphones and tablets to attacks by malicious hackers, are the latest in a "library" of vulnerabilities that have come to be known as Stagefright. Zimperium zLabs initially discovered this class of vulnerabilities in April, but has now found the problem is broader than originally thought.

More than a billion Android smartphones and tablets are at risk of being compromised by the new bugs if their owners even just preview video or audio files that have been specially crafted to exploit the vulnerability, zLabs said. The first of the bugs has the potential to impact almost every Android device going back to version 1.0 of the software, which was released in 2008. The second bug can be used to target all devices running later versions of Google's software, Android 5.0 and up. Google next week plans to release Android 6.0, aka Marshmallow.

Security holes are a serious problem. Depending on the severity, they can let attackers run programs of their own choosing on a computing device, gain access to sensitive documents, monitor network traffic, listen to keyboard activity, turn on a webcam or turn a computing device into a tool that launches attacks on other devices.

Google, based in Mountain View, California, tries to set a good Android example with prompt security updates to its Nexus family of devices, including the just-announced Nexus 6P and Nexus 5X that will come with Marshmallow. But compared to Apple's competing iOS operating system, which powers its iPhones and iPads, the Android market is more vulnerable to security holes.

That's because the vast majority of Android phones get software updates slowly, if ever. That's the case even with mainstream Android phone makers such as Samsung, Huawei, Sony and LG, each of which is responsible for software updates. However, some Android security problems are ameliorated by the fact that some Android components ship in a package called Google Play Services that Google itself updates.

Google told Motherboard it will issue a patch to Nexus users on October 5.
These particular Stagefright flaws would require hackers to trick Android users into opening a dodgy video or audio file within a website or third-party multimedia player. "The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue," zLabs said in its blog post.

zLabs informed Google of the latest Stagefright flaws on August 15 and has praised the company for responding promptly to the threat. A patch to fix the vulnerability will be released next week in an over-the-air update. Google pushes out these security updates to its flagship Nexus devices once a month.

Google said it shared details of the patch with Android device makers on September 10 in the hope that it can be pushed out to all Android users as soon as possible, according to Motherboard.
Google did not immediately respond to a request for comment.
The new Stagefright bugs likely aren't the last. In September, zLabs researcher Joshua Drake tweeted that he's reported 10 Stagefright vulnerabilities to Google.


Thursday, October 1, 2015

Spider bites man on plane; his leg 'bursts open'



A British attorney is suing Qatar Airways after a spider bite he received on a flight in South Africa nearly cost him his leg.

The flesh-eating venom from a brown recluse spider whose bite caused a "small, sharp pain" turned barrister John Hogg's leg black.

Initially, he didn't think much of the injury.

"I turned on the light and clearly saw a spider running across the floor before hearing two stewardesses screaming 'Spider!', but I wasn't sure if I had been bitten as it really wasn't very painful," Hogg told the Telegraph.

But the next day his leg swelled up like a sausage and  turned black. He needed immediate medical attention.

By the time he reached a hospital, the leg was "bursting open" with pus.

Doctors were able to save the limb, but Hogg had to undergo three operations and a skin graft. An avid kickboxer and soccer player, he fears he may never play his sports again.

A British attorney is suing Qatar Airways after a spider bite he received on a flight in South Africa nearly cost him his leg.

The flesh-eating venom from a brown recluse spider whose bite caused a "small, sharp pain" turned barrister John Hogg's leg black.
Initially, he didn't think much of the injury.

"I turned on the light and clearly saw a spider running across the floor before hearing two stewardesses screaming 'Spider!', but I wasn't sure if I had been bitten as it really wasn't very painful," Hogg told the Telegraph.

But the next day his leg swelled up like a sausage and  turned black. He needed immediate medical attention.

By the time he reached a hospital, the leg was "bursting open" with pus.
Doctors were able to save the limb, but Hogg had to undergo three operations and a skin graft. An avid kickboxer and soccer player, he fears he may never play his sports again.

"It was a right mess. They told me if I had been any later I would have lost my leg or even died. It was terrifying," the 40-year-old lawyer said.

The Telegraph included a gruesome photo of the wound. Those with strong stomachs can see it here.
Hogg, on an extended vacation from work, had volunteered at an orangutan sanctuary in Borneo before traveling to South Africa in June to dive with sharks.

He says Qatar Airways has refused to accept responsibility for the spider bite.
Recluse spiders, which have six eyes and a violin marking on their back, can be found around the world, including in the United States. The spider's venom is potentially deadly, but it usually bites only when pressed against the skin, such as when tangled within clothes or bedding.

Indian man lynched over beef rumours




A 50-year-old man in northern India has been killed in a mob lynching allegedly over rumours that his family had been storing and consuming beef at home.

Mohammad Akhlaq was kicked and beaten with stones by a group of men in Dadri in Uttar Pradesh state on Monday night.

Mr Akhlaq's 22-year-old son was also seriously injured in the attack, and has been admitted to a hospital.

Six people have been arrested in connection with the incident. Police are probing who spread the rumour.

Slaughter of cows is a sensitive issue in India as the animal is considered sacred by Hindus, who comprise 80% of the country's 1.2bn people.

Uttar Pradesh is among a number of Indian states who have tightened laws banning cow slaughter and the sale and consumption of beef.

The beef ban has also provoked outrage with many questioning how the government decides what is on their plate.

Mr Akhlaq's family said the family had stored mutton, and not beef in their fridge. The police have taken the meat and sent it for testing, reports said.

"Some locals spread rumours that Akhlaq had cow meat at his home and engaged in cow slaughter. Following the rumours, they attacked his home," senior local official NP Singh told The Indian Express newspaper.

Senior police official Kiran S told the AFP news agency that the "announcement about the family consuming beef was made at a [local] temple".

The incident happened in a village, barely 50km (31 miles) away from the Indian capital, Delhi, where Mr Akhlaq, a farm worker, lived with his family.


His 18-year-old daughter Sajida told the newspaper that a "group of more than 100 people from the village" reached the house on Monday night.

"They accused us of keeping cow meat, broke down our doors and started beating my father and brother. My father was dragged outside the house and beaten with bricks," she said.
"We had come to know later that an announcement had been made from the temple about us eating beef...There was some mutton in the fridge...The police have taken it for examination."

Reports said local villagers, protesting against the arrests, had clashed with the police, and damaged a number of vehicles.
Eleven states - including Uttar Pradesh - and two union territories (federally-administered regions) in India ban slaughter of cows, calves, bulls and bullocks


This guy bought Google.com from Google for one minute (GOOG, GOOGL)



Ex-Googler Sanmay Ved was the lucky buyer of Google.com, if only for a minute.
Ved told Business Insider he was up late and searching Google Domains, Google's website buying service, when he noticed Google.com was available. Instead of a gray sad face that indicates a domain has an owner, the green happy face showed it was available.

The cost to buy the most-trafficked domain in the world? Only $12

 I used to work at Google so I keep messing around with the product. I type in Google.com and to my surprise it showed it as available," Ved told Business Insider. "I thought it was some error, but I could actually complete check out."

Ved added it to his shopping cart and, surprisingly, the transaction went through.
Instead of receiving the normal "you bought a domain" emails from the company, his Google Search Console dashboard, which has an overview of his other websites, was updated with messages for the Google.com domain owner. He also received emails with internal information, which he's since reported to Google's security team, Ved said.

"The scary part was I had access to the webmaster controls for a minute," Ved said. He frantically took screenshots along the way and detailed the whole ordeal in a LinkedIn post.
His run of Google.com was short-lived though. Google Domains canceled the sale a minute later, saying someone had registered the site before he could, and refunded Ved the $12 that had already been charged.

"So for one minute I had access," Ved said. "At least I can now say I’m the man who owned Google.com for a minute."

Ved is not sure what happened to allow him to purchase the site. It could have been a bug in Google Domains or the company simply failed to renew its domain name when the time came. A Google spokesperson said they are looking into the issue, but aren't currently noticing anything unusual.
Google's not the first to run into weird domain problems. In 2003, Microsoft failed to renew its
Hotmail.co.uk web address, and someone else bought it. While in Google's case it was bought from

Google itself and quickly canceled, Microsoft had to ask the buyer to return it to them.

While Ved's control over Google.com may have been fleeting, he's still surprised that his late night searching led to actually buying the site. He's been a huge fan of the company since he worked there for five-and-a-half years before leaving to get his MBA. His profile picture on Facebook is just a picture of the Google Plus logo.

"I can’t shake that feeling that I actually owned Google.com," Ved said.

Tuesday, September 29, 2015

New technology could help contain spread of Ebola



Ebola may have met its match: a couple of high-tech chips.
A new method developed by California researchers could transform how Ebola is identified, letting medics diagnose the disease in the field instead of sending samples to labs. That could speed containment of the virus in West Africa, which has seen one of the decade's worst disease epidemics because of the difficulty in diagnosing Ebola.

The system relies on two chips: a "microfluidic" chip, used to deposit and prepare the sample, and an "optofluidic" chip, which can detect individual molecules containing the virus. Preliminary tests show the method to be as effective as a conventional lab test, according to a paper published Friday in Scientific Reports.

Since Ebola's outbreak in Guinea in 2013, the disease has killed more than 11,000 people across West Africa, with new cases still occurring in Guinea and Sierra Leone. The disease is hard to stop; symptoms often don't appear for many days, and it can take even longer for diagnostic tests to confirm the virus.

"Diagnostic capacity is especially important, as the early symptoms of Ebola virus disease mimic those of many other diseases commonly seen in this region, including malaria, typhoid fever, and Lassa fever," the World Health Organization said in a situation assessment following the initial outbreak of the disease.

Ebola diagnosis has typically relied on a test known as PCR (polymerase chain reaction), which involves virus samples being sent to a lab so genetic material can be studied. It's a complicated process because the method relies on examining DNA molecules. Unfortunately, the Ebola virus is not made up of DNA, but of RNA. While RNA is similar, it has a different structure and serves another purpose in the body. DNA copies of the RNA must be made before testing can begin.
"Compared to our system, PCR detection is more complex and requires a laboratory setting," said the paper's senior author, Holger Schmidt, a professor of optoelectronics at the University of California, Santa Cruz. "We're detecting the nucleic acids directly, and we achieve a comparable limit of detection to PCR."

The method described by the researchers from Santa Cruz and UC Berkeley is relatively simple, making it a "user-friendly technology for point-of-use diagnosis, especially in resource-limited settings," the researchers wrote in the paper. The system involves examining single molecules one at a time as they pass through a tiny, fluid-filled channel on a chip.
Initial tests have been carried out on viral samples, but the next step involves tests with raw blood samples, which will need to take place in a facility with a higher biosafety level.
Schmidt said his team is working on ways to use the same system to detect other diseases.

Samsung Galaxy Tab S2



The Good The Samsung Galaxy Tab S2 9.7 has bright and vividly colorful screen. Its rail-thin design is comfortable and ultracompact. It comes with 32GB of storage, a microSD card expansion slot and fingerprint scanner. Battery life is long.

The Bad Unlike previous models, there's no IR blaster. In smaller hands, it's not as easy to use as the 8-inch model.

The Bottom Line The large, sharp screen of the 9.7-inch Samsung Galaxy Tab S2 is great for watching media and playing games at home or on the road.



Like its 8-inch counterpart, the Samsung Galaxy Tab S2 9.7 is a divinely designed Android tablet with a stunning screen. Starting at $500, it's a high-end model with premium specs that rival the best tablets out there. However, it packs more internal storage inside of a slimmer and lighter body, all for the same price as the similarly sleek Dell Venue 10 7000 and Apple iPad Air 2.
The 9.7-inch Samsung tablet boasts an eye-watering Super AMOLED screen that's sharp, rich in color and vibrant. As the bigger model in the Galaxy Tab S2 lineup, the larger screen is better for playing games and watching video than the 8-inch version. Otherwise, it boasts the same specs.
Tablets with a sharp screen, smooth performance and slim design are a dime a dozen, but the Samsung Galaxy Tab S2 9.7 is the thinnest and lightest yet. With dimensions and performance comparable to its best competition, its slimmer size, brilliant screen and generous internal storage are small but significant differences that set it apart.

Google wants to make your living room devices smarter



Google has already staked out spots in your living room with its Nest thermostat, Chromecast video-streaming device and Android TV software. Now it wants more.

On Tuesday, the Mountain View, California, company is expected to unveil a music-streaming device, akin to its Chromecast video-streaming stick. The gadget will take its name from its older sibling, according to 9to5Google, with the moniker Chromecast Audio.

Chromecast Audio -- assuming that's the name -- is said to plug into a sound system's headphone jack and lets you stream music from your phone by way of a wireless signal.
The device is part of Google's two-pronged strategy for getting its technology into your home. Some of Google's gear, such as its Nest thermostat, are on the cutting edge of connected home devices. Others, like Chromecast, turn devices like the television already in your living room or bedroom into smart gadgets.

"Google realizes there are so many dumb devices in people's homes," said Sameet Sinha, an analyst at the investment bank B. Riley and Co. "In the interim, you give them these cheaper devices people will get used to."

At an event on Tuesday, Google is also expected to unveil the latest members of its Nexus family of smartphones, as well as an updated Chromecast stick, a $35 video-streaming device that lets you beam content from services like Netflix to your TV from a mobile device or laptop. The audio stick will likely be an extension of Google's Chromecast brand.
It's unclear what the price of the audio-streaming device will be.

As the Internet begins to touch every aspect of consumers' lives, the biggest companies in technology, including Apple, Amazon and Google, have become enamored with getting more Web-enabled devices into people's homes. For example, Apple's Homekit, a software package on iPhones and iPads, lets you turn your living room lights on and off, while its Apple TV lets you call out to your television when you want to watch an episode of "Game of Thrones." Google and Amazon have offerings with similar functions.

Of course, smart homes are far from mainstream. In 2014, 34 percent of US consumers said they were interested in a digital system to control all the lights in their house, according to Forrester Research, but only 1 percent actually had such systems. Only 2 percent had tried a digitally remote-controlled energy management system. Cost was a big roadblock, Forrester said.
Chromecast's low price point could help ease that concern.

"For Google, price trumps everything else," Jan Dawson, chief analyst at Jackdaw Research, said about the Chromecast. "It's almost a no-brainer purchase."
Google isn't the only company to take this approach. Other companies, like Amazon, have followed Google's lead and released their own streaming sticks. Motorola unveiled a product similar to the expected audio device last year, which also plugs into speakers through a headphone jack.

AddToAny