Tinder security flaw granted account access with just a phone number
http://ift.tt/2sHNnRZ
Security researchers at Appsecure found a way to access anyone’s Tinder account via their phone number. The exploit took advantage of a software flaw in both the dating app’s login process as well as the Facebook API that it’s based on. The issues have been fixed since, but represent a pretty big security lapse.
"Both the vulnerabilities were fixed by Tinder and Facebook quickly," wrote Appsecure’s Anand Prakash on Medium. Facebook and Tinder rewarded the company $5000 and $1250, respectively, for its report. This isn’t the first report of Tinder security flaws, either, like when the company failed to encrypt user photos and (back in 2014) exposed users’ exact locations for months.
When you login to Tinder, you have the option of using your phone number, which is then passed along to Facebook’s Account Kit for authentication to Tinder. The Appsecure folks found that they could get a valid access token with an API request to Facebook’s Account Kit using a phone number. In addition, Tinder’s login system wasn’t checking these access tokens to make sure they matched the associated user’s client ID, which means that any valid access token could let someone log in to your Tinder account.
S-Slass, which is available electrified but not yet fully electric, managed a 3-percent rise to 13,359. BMW’s 7-Series dropped 13 percent to 11,735. In the States, Tesla sold 28,800 Model S models, easily topping
, JATO Dynamics analyst Felipe Munoz said, “This is an alarm for the traditional automakers such as Mercedes. It says a smaller but smarter brand such as Tesla can beat them at home.”
European brands do have Tesla-fighters in development, and to use an ice hockey comparison, it’s been easier for Tesla to score into an empty goal; it’ll be more difficult when goalkeepers like the
North Korea’s hacking abilities are even stronger than we thought
http://ift.tt/2GuruaI
Russians accused of information warfare used tech to whip up controversy and cover their tracks
US Special Counsel Robert Mueller (pictured above) has charged 13 Russians and three organizations, including the Internet Research Agency, with alleged interference in the 2016 presidential election.
Misinformation, Inc.: The meddling was widely known,… Read more
US Special Counsel Robert Mueller (pictured above) has charged 13 Russians and three organizations, including the Internet Research Agency, with alleged interference in the 2016 presidential election.
Misinformation, Inc.: The meddling was widely known, but the indictment provides new insights into how it worked. Russians visited the US in 2014 to conduct research and then built a sophisticated operation that included sizable departments handling search optimization, data analytics, and IT. One project had 80 people working on it.
Purple gain: The Russians concentrated on influencing opinion in so-called “purple states,” such as Colorado, Virginia, and Florida, where the electoral gap between Republicans and Democrats was slim.
Virtual Americans: To hide their origins, the Russians rented space on servers based in the US and set up a virtual private network so that it looked as if messages were coming from within the country.
That’s not all, folks: Mark Weatherford, a former senior official at the Department of Homeland Security, says it’s pretty rare for the US to indict foreign nationals for information warfare. But he thinks we’ll see more such cases as technological advances make it easier to work out who’s behind online propaganda efforts.
Tech
via Technology Review Feed – Tech Review Top Stories http://ift.tt/1XdUwhl
A bump fire stock in action. GIF Source: Lisa Jean
Headlines are blaring: “Trump moves to ban bump stocks,” and gun enthusiasts are wasting no time stockpiling for the apocalypse. Slide Fire, the primary manufacturer of the accessory that effectively turns a semi-automatic weapon into a machine gun, has been hit with a flood of traffic and its website is currently down.
Following the murder of 17 people at a high school in Parkland, Florida by a lone gunman carrying a high-powered assault rifle, the Trump administration has offered little comfort and few solutions for the country going forward. Over the weekend, he used the shooting victims as a human shield to create some sort of doubt about the FBI’s Russia investigation, and his staff characterized the tragedy as a “reprieve” from the bad publicity they’d faced over the last week. But as the student survivors have chosen to voice their support for gun control and criticize Trump’s lack of action, he’s apparently now feeling the pressure to at least give the illusion that he takes the situation seriously.
On Tuesday, Trump claimed that he sent a memo to the Justice Department “directing the attorney general to propose regulations that ban all devices that turn legal weapons into machine guns.”
While there are a number of legal devices on the market that can make a semi-automatic weapon act as if it were fully-automatic, “bump fire stocks” are the most well known. These devices replace the stock on a gun and simulate automatic fire rates with a sliding mechanism that takes advantage of the gun’s natural recoil. The shooter keeps their finger in place and lets the motion of the gun do the pulling.
You might recall that bump stocks were a big topic following the shooting in Las Vegas last October that left 58 people dead and 851 others injured. Even conservative lawmakers like Paul Ryan seemed open to a ban on bump stocks. The NRA called for the ATF to “review whether these devices comply with federal law.” They do comply with current US law, and—as the NRA acknowledged in its statement— the ATF has confirmed this twice before. Lawmakers and gun organizations successfully deflected and nothing has been done.
Now we’re onto a new mass shooting, but this one didn’t involve bump stocks. But that old ban people wanted? Well, it’s suddenly back in the news. And the ceaselessly terrified crowd that hoards guns every time it hears the phrase “background check” is bombarding Slide Fire’s site to get its hands on the apparently soon-to-be-banned device. Considering that Slide Fire was just running a President’s Day promotion with the coupon code “MAGA,” it seems safe to say that this time the push for a ban will be as real as the last one.
Shadow virtualizes a high-end gaming PC on your desktop clunker
http://ift.tt/2EW9UiE
In the early days of computing, local storage and processing weren’t actually a thing. Instead, your individual computer acted as a terminal, pulling data from a central processing server. Well, the French startup Blade likes it that way and has released a similar system but with a 21st-century twist. Its cloud-computing system, dubbed Shadow, can impart the performance of a $2,000 high-end gaming rig onto any internet-connected device with a screen. And now the company is bringing Shadow to California.
The Shadow system has already found widespread adoption throughout France and most recently made its US debut at CES last month. The idea is relatively simple: instead of having to buy, maintain and upgrade your own hardware, you pay Blade a monthly subscription to use theirs. It’s a concept similar to what NVIDIA did with its GeForce NOW cloud service, Parsec or HP’s Omen PCs, save for the fact that those three are dedicated to gaming while Shadow enables users to run everything from Steam to Photoshop to a host of other business-related applications.
The company has partnered with Microsoft, NVIDIA, AMD and Equinix to create a remote Windows 10 PC that you can access over the internet. At the remote server farm, each of these systems boasts a dedicated NVIDIA graphics card capable of handling 1080p at 144Hz or 4K at 60Hz. For processing, the system relies on eight dedicated threads on an Intel Xeon processor (the equivalent of an Intel Core i7) as well as offering 12GB of RAM and 256GB of storage.
Therefore, it doesn’t matter what hardware you’re using to access the service. Shadow can run on Macs, Chromebooks, Windows PCs, Android, iOS, and a variety of smart TV platforms. However, this does lead to a paradox. Sure, Shadow can deliver 4K quality video streams over the internet, but if you’re trying to watch it on an old 720p monitor, you’re going to be watching that stream in 720p.
Luckily, that doesn’t seem to apply to the rest of the capabilities. Since the Shadow system is, in essence, a remote desktop, it doesn’t matter how old, underpowered or decrepit the device is you’re running it on, just how good the screen is. In fact, at CES, Blade managed to run the Shadow service on Razer’s new phone, running full PC games (e.g., Battlefront II) on the device at 2K resolution and 120 Hz.
What’s also cool is that you’re able to switch back and forth between operating systems on the fly. Say you’re virtualizing the Shadow’s Windows 10 desktop on your Mac. Since the Windows 10 OS is running remotely (only using the Mac’s video driver to decode signal), it doesn’t take up any of the Mac’s other local resources. There is no slowdown in the macOS due to the Windows 10 desktop (and vice versa) and you can toggle between them instantly.
And if you don’t want to deal with your own hardware at all but still have a solid monitor, the company also offers a standalone Shadow device (think: a Roku-like box that streams computing capability instead of video), which can be hooked up to said monitor. Then all you need is a keyboard, a mouse, and a Steam account.
And a baller internet connection. That’s the other drawback of this system. In order to work, the Shadow needs a steady 15Mbps connection, preferably via ethernet. So if you’re like me and are hamstrung by slow internet speeds in your apartment complex, you simply can’t use this service. The company is working on expanding its capability to serve slower internet connections, but at this time does insist that you be running at 15 Mbps or higher. Unfortunately, the Shadow system does not yet support multi-monitor displays either, nor can it currently handle VR applications.
Then there’s the price. Shadow will cost you $35 a month with a year-long contract, $40 a month with a three-month commitment, or $50 to use it for a month with no strings attached. That’s a pretty hefty fee for the ability to remotely rent someone else’s computer.
Still, if the idea of ditching your PC for the cloud sounds like a win to you, it’s a service worth checking out. I was afforded early access to the service as part of my demo and used it to play a few rounds of Dragon Ball FighterZ on my MacBook Pro using a Bluetooth Xbox controller. I was blown away by both the visual quality (see gallery above) and the control’s responsiveness. It’s like I was playing it on my PS4 — crisp clean graphics, with zero lag, jittering or stuttering.
But big whoop, right? The 2018 MBP is a pretty beefy laptop anyway, what with its Retina display. So, I loaded the Shadow service on my older Nexus 6P and launched the game again. The results were the same (see below): crisp graphics, smooth animations, and zero lag. It honestly looked better than the last few episodes of Dragon Ball Super I’ve streamed from Crunchyroll.
Shadow launches on February 21st in California and will expand throughout the continental US by summer of 2018 as the company completes construction on seven server farms localized throughout the nation.
Unlimited Plan Comparison: Verizon vs. AT&T vs. T-Mobile vs. Sprint (Feb 2018 Update)
http://ift.tt/2CaqDxK
Now that we’re a full year into the return of unlimited data on almost all US wireless carriers, it’s time for an update on the current unlimited data plans from Verizon, AT&T, T-Mobile, and Sprint. Like we did last February and then again in August, we’ve got it all laid out for you in a comparison table below.
Unlimited Data Plans Comparison
Verizon
AT&T
T-Mobile
Sprint
Price
Go Unlimited: $75 for 1 line, $65/line for 2 lines, $40/line for 4 lines
Beyond Unlimited: $85 for 1 line, $80/line for 2 lines, $50/line for 4 lines
Autopay required
Taxes and fees not included
Unlimited Choice: $60 for 1 line, $115 for 2 lines, plus $20 for lines 3-10
Unlimited Plus: $90 for 1 line, $145 for 2 lines, plus $20 for lines 3-10
Autopay required
Taxes and fees not included
T-Mobile One: $70 for 1 line, $120 for 2 lines
T-Mobile One Plus: Same price + $10/line/mo
T-Mobile One Plus International: Same price + $25/line/mo
Autopay required
Taxes and fees included
Unlimited Freedom Promo: $60 for 1 line, $100 for 2 lines, $0 for line 3-5
Unlimited Freedom (in 12 months): $60 for line 1, $100 for 2 lines, $30 per line 3 and 4
Autopay required
Data
Go Unlimited: Unlimited data with throttling in congested areas per line any time
Beyond Unlimited: Premium Unlimited data with throttling in congested areas per line after 22GB
Unlimited Choice: Unlimited data at 3Mbps max speed
Unlimited Plus: Unlimited data with throttling in congested areas per line after 22GB
Unlimited data with network management per line after 50GB
Unlimited data with throttling in congested areas per line after 23GB
-Music streaming throttled to 1.5Mbps
-Gaming throttled to 8Mbps
Hotspot
Go Unlimited: Unlimited at 600kbps
Beyond Unlimited: 15GB 4G LTE speeds per line; 600kbps after
Unlimited Choice: No tethering
Unlimited Plus: 10GB 4G LTE per line; 128Kbps speeds after
T-Mobile One: Unlimited at 3G speeds (512kbps)
T-Mobile One Plus: 10GB 4G LTE per line; 3G speeds after
T-Mobile One Plus International: Unlimited 4G LTE data
10GB 4G LTE data per line; 2G speeds after
Video Quality
Go Unlimited: DVD-quality (480p)
Beyond Unlimited: HD-quality (720p)
Unlimited Choice: Up to 480p
Unlimited Plus: Stream video in HD quality, when available; customer can throttle with Stream Saver
T-Mobile One: Up to 480p
T-Mobile One Plus and Plus International: Unlimited HD+ video streaming
Up to 1080p video
Canada and Mexico Roaming
Go and Beyond Unlimited: Unlimited calling and texting to and from, plus 512MB/day 4G LTE data in either country (2G after)
Unlimited Choice and Plus: Unlimited calling, texting, and data to and from; need to turn on free Roam North America feature.
T-Mobile One and One Plus: Unlimited calling and texting; up to 5GB 4G LTE
T-Mobile One Plus International: Unlimited talk, text, and 4G LTE data
Free text and data up to 2G speeds
Other Bonuses
Verizon Up rewards program
Unlimited Choice: Free HBO; Save $15/mo on DirecTV Now
Unlimited Plus: Free HBO; Save $15/mo on DirecTV Now
T-Mobile One: Unlimited texting and 1 hour free WiFi on GoGo flights; Free Netflix (with 2+ lines)
T-Mobile One Plus and International: Unlimited in-flight WiFi on GoGo flights
I’m not sure if this is good news or not, but there are few changes since that last update. In fact, the only notable changes were to pricing from a couple of carriers (T-Mobile and Sprint) that were likely the result of promo pricing expiring. Verizon and AT&T both stayed the same since that last comparison.
Outside of pricing, we’ve got a clearer breakdown of T-Mobile’s Canada/Mexico roaming, as well as their hotspot availability and caps depending on which version of T-Mobile ONE you subscribe to.
I can tell you that as someone who tests networks a lot, I use both Verizon and T-Mobile. I like both. In Portland, T-Mobile has been better for me, mostly because of where I live. But when I leave the city, I often make sure I grab my Verizon phone because I know their network reach is the best there is. I know that doesn’t help you much, I’m just pointing out that those ideas about each network that have persisted for years are still very much a part of the equation.
In terms of value, they are all pretty similar. T-Mobile’s ONE plan starts out low, but as you upgrade to ONE Plus for the 4G LTE hotspot, you start creeping up quickly to Verizon and AT&T’s top tier plans. Your best bet to decide is to find the phone you want at the best price and then see which carrier has the best coverage map for the areas you live in. Coverage will always be king.
Uber will save you a few bucks if you just walk up the road
http://ift.tt/2FjuJT2
Uber
On Wednesday, Uber announced a new feature, where riders “wait a few minutes before their trips begin, and then walk a short distance to a nearby spot for pick up and drop off.” If that sounds awfully similar to a bus, you’re not entirely wrong.
Uber calls it “Express Pool,” an offshoot of an Uber option known as simply, “Pool,” which allows Uber riders to save a few bucks by sharing rides (thus usually taking a little more time).
Express Pool, meanwhile, simply calculates what is ostensibly a more efficient route and asks the rider to walk a few minutes away.
When Ars tried it from one residential neighborhood of Oakland to downtown (just a few miles away), it shaved about $1.50 off of what otherwise would have been a $7 Pool ride or an $8.90 UberX ride. By comparison, a local bus ride for the same route is $2.25.
“Walking and waiting help us make more optimal matches and provide better, straighter, faster routes with fewer detours, delivering an even more affordable and consistent option than POOL to consumers,” Uber wrote in a blog post on Wednesday morning.
The company says the service has been tested in San Francisco and Boston; it is also available in Los Angeles, San Diego, and Denver as of Wednesday. Miami, Philadelphia and Washington, DC will be added Thursday, with more cities to follow.
