unencrypted
Latest
Sony confirms PS4 gesture and voice control, HDMI capture for games (update)
Looking for more PlayStation 4 news? Here's a bit now that Sony's Tokyo Game Show keynote address is over. A couple of features we'd hoped to hear more about have been confirmed, and the first is that the PS4 camera will support both voice and gesture control. It's no surprise that the system will take full advantage of the add-on's dual cameras and four mics for people who want to wave at their TVs, but it's nice to have that confirmed. Second, in a move that will mostly benefit game reviewers and YouTube video walkthrough experts (thanks for your help on these GTA V missions, all of you), the PlayStation 4 will allow unencrypted HDMI output for games. On the PS3 it didn't, treating games the same as Blu-ray movies, so anyone capturing video in HD needed to use component cables. That's on top of the console's "Share" button that sends clips of gameplay straight to Ustream, Facebook or PSN. Check out our liveblog for everything else discussed tonight including the PS4's mobile apps, indie gaming and Vita TV. Update: Sony Worldwide Studios head Shuhei Yoshida tells us via Twitter that HDMI capture on PS4 won't be available at the console's launch this November, but "in the future."
Researchers use children's toy to exploit security hole in feds' radios, eavesdrop on conversations
Researchers from the University of Pennsylvania have discovered a potentially major security flaw in the radios used by federal agents, as part of a new study that's sure to raise some eyebrows within the intelligence community. Computer science professor Matt Blaze and his team uncovered the vulnerability after examining a set of handheld and in-car radios used by law enforcement officials in two, undisclosed metropolitan areas. The devices, which operate on a wireless standard known as Project 25 (P25), suffer from a relatively simple design flaw, with indicators and switches that don't always make it clear whether transmissions are encrypted. And, because these missives are sent in segments, a hacker could jam an entire message by blocking just one of its pieces, without expending too much power. What's really shocking, however, is that the researchers were able to jam messages and track the location of agents using only a $30 IM Me texting device, designed for kids (pictured above). After listening in on sensitive conversations from officials at the Department of Justice and the Department of Homeland Security, Barnes and his team have called for a "substantial top-to-bottom redesign" of the P25 system and have notified the agencies in question. The FBI has yet to comment on the study, but you can read the whole thing for yourself, at the link below.
Netflix, Foursquare, LinkedIn, and Square apps expose your data
Here's a little tip for app developers: encrypt everything, especially passwords. Security firm viaForensics fed some popular iPhone and Android apps through its appWatchdog tool and found that Netflix, LinkedIn, and Foursquare all stored account passwords unencrypted. Since the results were first published on the 6th, Foursquare has updated its app to obscure users' passwords, but other data (such as search history) is still vulnerable. While those three were the worst offenders, other apps also earned a big fat "fail," such as the iOS edition of Square which stores signatures, transaction amounts, and the last four digits of credit card numbers unencrypted. Most of this data would take some effort to steal, but it's not impossible for a bunch of ne'er-do-wells to create a piece malware that can harvest it. Let's just hope Netflix and LinkedIn patch this hole quickly -- last thing we need is someone discovering our secret obsession with Meg Ryan movies.
Skype for Android update adds US 3G calling, fixes personal data hole
Verizon Android users have had 3G Skype calling since this time last year, but the latest app release -- v1.0.0.983 for those of you keeping tabs -- brings 3G calling to the masses, without the need for a VZW-sanctioned app. The update also patches a rather significant security hole discovered last week, which could let third-party apps get hold of your personal information. We're glad to see that's no longer the case, and who's going to object to free calling as part of the deal as well? Make sure your phone's running Android 2.1 (2.2 for Galaxy S devices) and head on over to the Android Market to get updated.
Skype for Android vulnerable to hack that compromises personal info
If you didn't already have enough potential app privacy leaks to worry about, here's one more -- Android Police discovered that Skype's Android client leaves your personal data wide open to assault. The publication reports that the app has SQLite3 databases where all your info and chat logs are stored, and that Skype forgot to encrypt the files or enforce permissions, which seems to be a decision akin to leaving keys hanging out of the door. Basically, that means a rogue app could grab all your data and phone home -- an app much like Skypwned. That's a test program Android Police built to prove the vulnerability exists, and boy, oh boy does it work -- despite only asking for basic Android storage and phone permissions, it instantly displayed our full name, phone number, email addresses and a list of all our contacts without requiring so much as a username to figure it out. Android Police says Skype is investigating the issue now, but if you want to give the VoIP company an extra little push we're sure it couldn't hurt.
Your office photocopier could help steal your identity
While we've seen just how to have a Sharp miracle in your office, it now seems that Sharp copiers (along with Xerox and a smorgasbord of others) could become a miraculous find for identify thieves. Given that many all-in-one "bizhubs" of today feature some sort of internal storage device to capture copies, scans, and faxes in case you need to resend the file a week or two later, it's not too surprising to think how such a convenience could be exploited by ill-willed individuals to extract personal information about you and your office mates. Pointing at tax time in particular, it has been suggested that many Americans photocopy sensitive documents that contain all the information needed to jack your ID without even realizing how vulnerable they've made themselves. Both Sharp and Xerox, however, have both released security kits that encrypt the internal data stored on its machines, but if you're using some off-the-wall copier and have noticed something peculiar about that fellow across the hall, stay sharp.
