18
Technology
Comcast has just been caught in a major security snafu: revealing the passwords of its customers& Xfinity-provided wireless routers in plaintext on the web. Anyone with a subscriberaccount number and street address number will be served up the Wi-Fi name and password via the companyXfinity internet activation service.
Security researchers Karan Saini and Ryan Stevenson reported the issue to ZDnet.
The site is meant to help people setting up their internet for the first time: ideally, you put in your data, and Comcast sends back the router credentials while activating the service.
The problem is threefold:
- You can &activate& an account thatalready active
- The data required to do so is minimal and it is not verified via text or email
- The wireless name and password are sent on the web in plaintext
This means that anyone with your account number and street address number (e.g. the 1425 in &1425 Alder Ave,& no street name, city, or apartment number needed), both of which can be found on your paper bill or in an email, will instantly be given your routerSSID and password, allowing them to log in and use it however they like or monitor its traffic. They could also rename the routernetwork or change its password, locking out subscribers.
This only affects people who use a router provided by Xfinity/Comcast, which comes with its own name and password built in. Though it also returns custom SSIDs and passwords, since they&re synced with your account and can be changed via app and other methods.
What can you do While this problem is at large, itno good changing your password — Comcast will just provide any malicious actor the new one. So until further notice all of ComcastXfinity customers with routers provided by the company are at risk.
One thing you can do for now is treat your home network as if it is a public one — if you must use it, make sure encryption is enabled if you conduct any private business like buying things online. What will likely happen is Comcast will issue a notice and ask users to change their router passwords at large.
Another is to buy your own router — this is a good idea anyway, as it will pay for itself in a few months and you can do more stuff with it. Which to buy and how to install it, however, are beyond the scope of this article. But if you&re really worried, you could conceivably fix this security issue today by bringing your own hardware to the bargain.
I&ve contacted the company for comment and will update when I hear back.
- Details
- Category: Technology
Read more: Comcast is leaking the names and passwords of customers’ wireless routers
Write comment (100 Comments)
When you&re trying to build apps, there is a very tedious point where you have to stare at a wireframe and then laboriously turn it into code. Actually, the process itself is highly repetitive and ought to be much easier. The traditional software development from front-end design to front-end html/css development to working code is expensive, time-consuming, tedious and repetitive.
But most approaches to solving this problem have been more complex than they need to be. What if you could just turn wireframes straight into code and then devote your time to the more complex aspects of a build
Thatthe idea behind a Copenhagen-based startup called Uizard.
Uizardcomputer vision and AI platform claims to be able to automatically turn design mockups — and this could be on the back of napkin —into source code that developers can plug into their backend code.
Itnow raised an $800,000 pre-seed round led by New York-based LDV Capital with co-investors ByFounders, The Nordic Web Ventures, 7percent Ventures, New York Venture Partners, entrepreneur Peter Stern (co-founder of Datek) and Philipp Moehring and Andy Chung from AngelList . This fundraising will be used to grow the team and launch the beta product.
The company received interest in June 2017 when they released their first research milestone dubbed &pix2code& and implementation on GitHub was the second-mosttrending project of June 2017 ahead of Facebook Prepack and Google TensorFlow.
- Details
- Category: Technology
Read more: Uizard raises funds for its AI that turns design mockups into source code
Write comment (93 Comments)Without a chronological feed, it can be tough to tell if you&ve seen all the posts Instagram will show you. That can lead to more of the compulsive, passive, zombie browsing that research suggests is unhealthy as users endlessly scroll through stale content hoping for a hit of dopamine-inducing novelty.
The feature could help out Instagram completists who want to be sure they never miss a selfie, sunset or supper pic. Before Instagram rolled out its algorithm in the summer of 2016, they could just scroll to the last post they&d seen or when they knew they&d last visited. Warning them they&ve seen everything could quiet some of the backlash to the algorithm, which has centered around people missing content they wanted to see because the algorithm mixed up the chronology.
But perhaps more importantly, itone of the appfirst publicly tested features thatclearly designed with the &time well spent& movement in mind. Facebook CEO Mark Zuckerberg has been vocal about prioritizing well-beingover profits, to the point that the network reduced the prevalence of viral videos in the feed so much that that app lost 1 million users in the U.S. and Canada in Q4 2017. &I expect the time people spend on Facebook and some measures of engagement will go down . . . If we do the right thing, I believe that will be good for our community and our business over the long term too,& he wrote.
But Instagramleadership had been quiet on the issue until last week, when TechCrunch broke news that buried inside Instagram was an unlaunched &Usage Insights& feature that would show users their &time spent.& That prompted Instagram CEO Kevin Systrom to tweet our article, noting &Ittrue . . .We&re building tools that will help the IG community know more about the time they spend on Instagram & any time should be positive and intentional . . .Understanding how time online impacts people is important, and itthe responsibility of all companies to be honest about this. We want to be part of the solution. I take that responsibility seriously.&
Instagram is preparing a &Usage Insights& feature that will show how long you spend in the app. Image via Jane Manchun Wong
Itreassuring to hear that one of the worldmost popular, but also overused, social media apps is going to put user health over engagement and revenue. Usage Insights has yet to launch. But the &You&re All Caught Up& alerts show Instagram is being earnest about its commitment. Those warnings almost surely prompt people to close the app and therefore see fewer ads, hurting Instagrambottom line.
Perhaps ita product of Facebook and Instagramdominance that they can afford to trade short-term engagement for long-term sustainability of the product. Some companies like Twitter have been criticized for not doing more to kick abusers off their platforms because it could hurt their user count.
But with Android now offering time management tools and many urging Apple to do the same, the time-well-spent reckoning may be dawning upon the mobile app ecosystem. Apps that continue to exploit users by doing whatever it takes to maximize total time spent may find themselves labeled the enemy, plus may actually be burning out their most loyal users. Urging them to scroll responsibly could not only win their favor, but keep them browsing in shorter, healthier sessions for years to come.
- Details
- Category: Technology
Read more: Instagram says ‘you’re all caught up’ in first time-well-spent feature
Write comment (98 Comments)Tuesday is the planned launch for a SpaceX Falcon 9 carrying two payloads to orbit — and this launch will be an especially interesting one. A set of five communications satellites for Iridium need to get to almost 500 miles up, but a NASA mission has to pop out at the 300 mile mark. What to do Just make a pit stop, it turns out.
Now, of course itnot a literal stop — the thing will be going thousands of miles per hour. But from the reference frame of the rocket itself, itnot too different from pulling over to let a friend out before hitting the gas again and rolling on to the next destination.
What will happen is this: The rocketfirst stage will take it up out of the atmosphere, then separate and hopefully land safely. The second stage will then ignite to take its payload up to orbit. Usually at this point it&ll burn until it reaches the altitude and attitude required, then deploy the payload. But in this case it has a bit more work to do.
When the rocket has reached 305 miles up, it will dip its nose 30 degrees down and roll a bit to put NASAtwin GRACE-FO satellites in position. One has to point toward Earth, the other toward space. Once in position, the separation system will send the two birds out, one in each direction, at a speed of about a foot per second.
The one on the Earth side will be put into a slightly slower and lower orbit than the one on the space side, and after they&ve spread out to a distance of 137 miles, the lower satellite will boost itself upwards and synchronize with the other.
That will take a few days, but just 10 minutes after it sends the GRACE-FOs on their way, the Falcon-9 will resume its journey, reigniting the second stage engine and bringing the Iridium NEXT satellites to about 485 miles up. There the engine will cut off again and the rest of the payload will be delivered.
So what are these high-maintenance satellites that have to have their own special deployments
The Iridium NEXT satellites are the latest in a series of deployments commissioned by the space-based communications company; they&re five of a planned 75 that will replace its old constellation and provide worldwide coverage. The last launch, in late March, went off without a hitch. This is the only launch with just five birds to deploy; the previous and pending launches all had 10 satellites each.
GRACE-FO is a &follow-on& mission (hence the FO) to GRACE, the Gravity Recovery and Climate Experiment, and a collaboration with the German Research Centre for Geosciences. GRACE launched in 2002, and for 15 years it monitored the presence and changes in the fresh water on (and below) the Earthsurface. This has been hugely beneficial for climate scientists and others, and the follow-on will continue where the original left off.
The original mission worked by detecting tiny changes in the difference between the two satellites as they passed over various features — these tiny changes indicate how mass is distributed below them and can be used to measure the presence of water. GRACE-FO adds a laser ranging system that may improve the precision of this process by an order of magnitude.
Interestingly, the actual rocket that will be doing this complicated maneuver is the same one that launched the ill-fated Zuma satellite in January. That payload apparently failed to deploy itself properly after separating from the second stage, though because it was a classified mission no one has publicly stated exactly what went wrong — except to confirm that SpaceX wasn&t to blame.
The launch will take place at Vandenberg Air Force Base at 12:47 tomorrow afternoon Pacific time. If itaborted, thereanother chance on Wednesday. Keep an eye out for the link to the live stream of this unique launch!
- Details
- Category: Technology
The specter of Spectre still looms above chipmakers; a new variant of that most dire of chip flaws was disclosed today, and Intel has a patch ready to go. Itissuing the mitigation in tandem with the announcement that may come with a serious performance hit — which is why it will be off by default.
Like the other Spectre variants, this one has to do with &speculative execution,& a core component of modern computing architecture that predicts what might be required of it in the immediate future and executes on it, either keeping the results if the prediction is right or discarding them if not. Spectre variants basically trick the processor into revealing the data it uses for speculative execution, potentially allowing an attacker to get at even highly protected bits. Unlike Meltdown, which affected Intel primarily, Spectre affects other chip manufacturers as well.
Variant 4 is similar to but distinct from variants 1 through 3, and in this case takes place &in a language-based runtime environment.& JavaScript is such an environment and would be the most obvious place to attempt the exploit. It was discovered by Microsoft and Google researchers, who worked with the chipmakers to develop mitigations.
Variant 1 is the most similar and there are already mitigations in place for it both in browsers and in microcode, which is executed at a much lower level of a computer. But, as Intel puts it, &to ensure we offer the option for full mitigation and to prevent this method from being used in other ways, we and our industry partners are offering an additional mitigation for Variant 4, which is a combination of microcode and software updates.&
OEMs, which make components like motherboards, already have the fix. But like some other patches, this one will be left off by default. Why
Probably because Intel observed a performance hit of &2 to 8 percent& when the fix was enabled. Accordingly, it has chosen in this case to let OEMs and consumers opt into having a slower, safer processor than opt out of it. Since many manufacturers live and die by the performance of their hardware, it seems unlikely they&ll choose the slow option, and few consumers are tech-savvy enough to enable it themselves.
Critics of this choice aren&t hard to find; itarguable that Intel is simply putting performance over safety. But italso arguable that an 8 percent drop in speed just isn&t worth the tradeoff when the problem is already partially mitigated.
&I continue to encourage everyone to keep their systems up-to-date, as itone of the easiest ways to ensure you always have the latest protections,& writes IntelLeslie Culbertson. The easiest way, presumably, is for it to be enabled by default, but her heart is clearly in the right place.
(Update: AMD has a less substantial post describing its own mitigation efforts, which it will also be leaving off by default. No word on what the performance hit will be for AMD processors.)
Whatever your opinion of these decisions, the flaw and the mitigation are now out there, so theoretically the computing world is just a little bit safer. But letnot fool ourselves: Variants 5 through 10 are probably out there too.
- Details
- Category: Technology
Adobe announced today that it was acquiring Magento for $1.68 billion. The purchase gives Adobe a missing e-commerce platform piece that works in B2B and B2C contexts and should fit nicely in the companyExperience Cloud.
It should also help Adobe compete with Salesforce, which offers its own marketing, sales and service offerings in the cloud and whichbought Demandware for more than $2 billion in 2016 to provide a similar set of functionality.
Brent Leary, who owns CRM Essentials and keeps a close eye on the intersection between marketing and CRM, says this fills an obvious hole in AdobeExperience Cloud. &Now they have an offering that allows them to close the loop with consumers, who are able to finalize a digital transaction that started online with digital marketing tools Adobe already offered,& Leary explained.
Leary also sees this deal bringing Microsoft and Adobe, who have already announced partnerships in the past, closer together. &But maybe even more interesting may be how this may further the relationship Adobe has with Microsoft. As they also are missing an e-commerce piece to their customer engagement platform [as well],& he pointed out. Leary speculates this could lead to an even deeper relationship between the two companies as they are each battling Salesforce.
Salesforce is the 10,000-pound gorilla in this space with revenue across its various clouds reaching more than $8 billion last year. The company ison a run rate to exceed $10 billion in 2018. It has set a long-term company goalto reach $60 billion in annual revenue by 2034.
Leary says this isn&t necessarily the perfect deal because up until now Magento has concentrated on SMB customers, whereas Adobetarget audience is clearly the enterprise. If you look at the other players in the space who have already taken the e-commerce platform plunge, Salesforce got Demandware and SAP got Hybris, which were geared more to the enterprise target demographic, but he believes it was simply a case of the best option available.
But Cindy Zhou, VP and principal analyst at Constellation Research says Magento has some big-time customers too. &Magento has become the commerce platform of choice for many big and mid-size companies including Coca Cola. There is great synergy for Adobe to complete the customer journey,& she said. &From my perspective, the marketing-to-sale insight potential is whatexciting,& she added.
This isn&t the first time the company has been acquired. Magento was founded in 2008 and purchased by eBay in 2011 in a deal reported to be just $180 million. The company went private again in 2015 with help from Permira Funds, which sources say paid around $200 million.
Today the company sold for almost $1.7 billion. Thata hefty increase in value since that 2011 purchase and a tidy five times return for Permira, which brought in Hillhouse Capital Group last year as a fellow investor. At the time, Hillhouse invested $250 millionin Magento; presumably, it will see a nice return on its investment in just one year, too.
- Details
- Category: Technology
Read more: Adobe to acquire Magento for $1.68B
Write comment (95 Comments)Page 5330 of 5614