authentication
Latest
Adobe pushes TV Everywhere forward with Adobe Pass 2.0, promises easier logins on more devices
No matter what's going on with Flash, Adobe is still pushing other technologies, and one of them is the one that powered NBC's Olympics apps this summer, Adobe Pass. The company counted more than 88 million authenticated streams during the games, and its tech is behind apps for other networks like ESPN and Cartoon Network. Now it says it can make things better for cable companies and their customers to get viewing on mobiles with Adobe Pass 2.0, which includes technology like automatic authentication, which was tested on Comcast and Cablevision customers during he Olympics. We tried it then and it couldn't have been easier, logging in while connected to your home network flips the switch based on IP address or MAC address, and then it worked at home or on the go, no password necessary. Another feature rolling out is "Free Preview" which lets viewers watch before they're finished logging in, while a Server Side API on the way should open up access to more apps on more devices. We're not sure if that's enough to stem the tide of cable cutting, but if it means more and easier to use viewing even when we're not in front of the HDTV, then we're for it. This is all a part of Adobe's "Project Primetime" which it expects to roll out in full across iOS, Android, Windows, Mac OS and other platforms later this year, check the blog post linked below and video after the break for more details.
Dropbox two-step login verification available in experimental build, coming to all accounts soon
Following up on its promise to tighten account security following a recent breach, Dropbox is now offering two-step login authentication to users who install the service's latest experimental desktop build. The team says the functionality will roll out to all users in the coming days, but listed full instructions to forum users who just can't wait. Those who op-in only need to download a new version of the Dropbox desktop software and activate the feature in their account settings. Once set up, Dropbox will require all unrecognized machines to provide a code, culled from an authenticator app or received via text message. The firm also provides an emergency back-up code that'll disable the feature should you lose your phone. Feeling insecure? Check out the source link below to get started. Update: Dropbox just made it official, detailing set up instructions once more on the Dropbox blog.
Twitter's API plans cause trouble for iOS devs, but they're sticking with it
Twitter has announced a series of upcoming changes to its API that could cause problems for developers who use it their apps. There are a number of technical and aesthetic updates, but the biggest change is that certain calls to the API will be rate-limited and governed by authentication tokens, which means that any developers signing in to the Twitter service will need to monitor when they're logging in and how. Also, Twitter is going to be enforcing certain "display requirements" in order to get developers to conform to the service's look and feel. In Twitter apps, these things aren't a big problem. They ask that the "@" symbol is always used with usernames, and that retweet, reply, and favorite buttons are always clear and in the same place. But for apps that use Twitter's API in other ways, that might not be so easy. The good news is that the developers of two big third-party Twitter apps for iOS have already confirmed that they're ready to work with the changes. Tapbots has put up a blog post saying that it shouldn't have a problem complying with either the authentication regulations or the display requirements, and that it will work with Twitter to make sure things go all right on both iOS and Mac. Ged Maheux of Iconfactory has also confirmed that Twitterific should fall within the guidelines. It's completely reasonable that Twitter would want to make sure its service is used responsibly and represented well, but a big part of the service's success is its third-party accessibility and interfaces. It sounds like developers were angry about these changes when they first appeared, but Twitter seems as if it's responding to these changes in a reasonable way.
DARPA-backed Power Pwn is power strip by day, superhero hack machine by night
Call the Power Pwn the champion of white hat hacking. Underneath that Clark Kent power strip exterior, there's a Superman of full-scale breach testing that can push the limits of just about any company network, whether it takes 3G, Ethernet or WiFi to get there. Pwnie Express' stealthy sequel to the Pwn Plug ships with a Debian 6 instance of Linux whose handy hacking tools are as easy to launch as they are tough to detect. There's just one step needed to create a snoop-friendly Evil AP WiFi hotspot, and the box dodges around low-level NAC/802.1x/RADIUS network authentication without any help; in the same breath, it can easily leap into stealth mode and keeps an ongoing encrypted link to give do-gooders a real challenge. The hacker doesn't even need to be in the same ZIP code to crack a firewall or VPN -- the 3G link lets the Power Pwn take bash command-line instructions through SMS messages and doles out some of its feedback the same way. While the $1,295 device can theoretically be used for nefarious purposes, DARPA's blessing (and funding) should help keep the Power Pwn safely in the hands of security pros and thwart more than a few dastardly villains looking for weak networks.
Sony suspends PlayStation Store for PS3 in Korea, blames new law about selling to minors
Sony has been caught unawares by a legal change in South Korea, which prevents under-18s from being asked for their names or ages for the purpose of account authentication. No sooner had the company announced a half-price sale at its PS Store and then it was forced to pull the whole thing down in order re-work the interface and make it compliant. It's expecting to reopen it sometime "this year," but in the meantime the Store is strangely still accessible to PSP and Vita users of any age, while multiplayer and other PSN functions will continue to run on PS3. There must be a lawyer somewhere for whom this all makes complete sense, and hopefully they work for Facebook.
Nuance's Dragon ID voice login could leap from Android to iOS
As jailbreak aficionados are quick to point out, the stock version of iOS isn't the most customizable mobile platform out there. Certain hooks are simply unavailable to App Store applications, while users of Brand X phones can take advantage of third-party tools to enable face unlock (or, if they're among the 7.1% of the installed base running the up-to-date Android 4.0 Ice Cream Sandwich, the built-in face unlock feature). If you want to go all Sneakers and have your voice be your passport on your handheld device, however, your choices are more limited. Voice authentication has been around for a long time (it came to the Mac back in OS 9, for you graybeards) but reliability and side noise concerns have kept it firmly on the sidelines for phone access. That's why Nuance's announcement today of the new Dragon ID framework is so interesting. The leader in voice tech is offering its underlying "voice biometrics" magic directly to Android OEMs with an eight-language kickoff, and more languages expected this year. Device manufacturers that license Dragon ID will be able to offer quick login, customized app launchers/home screens and more with just a brief passphrase uttered by the owner. Nuance already claims more than 20 million enrolled voiceprints for its technology, used by businesses and government agencies to provide voice security. Nuance isn't yet saying anything specific about iOS integration for Dragon ID -- "We aren't providing details yet, but we're in discussions with several of the top OEMs," was the word via the company's PR rep -- but then again, it doesn't have to advertise its intimate relationship with Apple's mobile offerings (and prudence dictates that it oughtn't do so, in any event). Aside from its standalone dictation, search and notetaking apps, the key voice-related patents and technology owned by Nuance are known to be the chatty power behind Apple's flagship iPhone 4S feature/beta test, Siri. Speculation only at this point, but.... Given the timing of the Dragon ID announcement, and the Star Trek factor of having a phone that permits or denies access with the sound of your voice, it's easy to imagine that Apple will carve out a bit of iOS 6 time at WWDC to show off an oddly similar feature to Dragon ID. Here's a video demo of the unlocking technology from Nuance: [hat tip to Phonescoop]
NBC lays out 2012 London Olympics broadcast plan on TV, internet, apps and in 3D (video)
Love it or hate it, we're stuck with NBC as our Olympics broadcaster in the US, and the company recently laid out its full plans for the 2012 Olympics in London this summer. The good news first: NBCOlympics.com will live stream every single event (they'll even be on YouTube, and in the UK the BBC has its own plans) for the first time ever including streams of each of its channels, encompassing 3,500 total hours and the awarding of all 302 medals. The bad news is that if you're not a cable subscriber, many of those hours will not be available to you, and even if you are, you're looking at a (likely convoluted) authentication sign-in process. That's a little bit of pain, sure, but it should mean what we've been asking for -- the ability to watch all Olympics events as they happen, not tape delayed for prime time after viewing grainy bootleg streams over the internet. Also new for the internet are multiple streams for the same event, so for example, viewers can select a particular gymnastics apparatus or track and field event at will. On mobile devices, NBC also has plans for two different apps on phones and tablets, with one that brings live video streams and another with highlight clips. It didn't specify what platforms they would be available for, but we'd assume the usual suspects (iOS, Android) will be first up. On pay-TV cable, satellite and telco providers it's also providing dedicated channels for basketball and soccer, although it's up to your provider to pick them up. The same goes for the 242 planned hours of 3D coverage it's producing in partnership with Panasonic, which will unfortunately air on 24 hour tape delay, just like the HD broadcast was back in 2004 (we've got chips.... and salsa!). For the full breakdown of all 5,535 hours of coverage across NBC, MSNBC, CNBC, Bravo, Telemundo and everything else check out the press release after the break, plus an Olympics preview trailer. While there are some limits for cord cutters, sports fans with pay-TV should be ready to experience the best Olympics coverage ever with the ability to watch what we want, instead just what's on the TV schedule.
WatchESPN finally streams to Comcast customers, but not on Android
The short list of TV and internet providers that support ESPN's TV Everywhere play, WatchESPN, just grew by one with the addition of Comcast to a list that already included Time Warner, Bright House and Verizon. Part of a deal reached back in January, ESPN has managed to tie its live streaming service in with Comcast's Xfinity TV protocols, similar to the adjustments made by HBO to open up HBO Go streaming on the Xbox 360. One downside however is that for the moment Comcast customer access is restricted to the website (XfinityTV.com access is coming soon) and iPad / iPhone apps (an update is required first). The Android app that launched a year ago is, for the moment, not supported, although access there is promised "in the coming months." As we heard in January this just the beginning, as similar Watch services will be rolling out for Disney Channel, DisneyXD and Disney Junior as part of the mouse company's TV+ program. For now those live feeds of ESPN, ESPN2, ESPNU and ESPN3.com (Buzzer Beater and Goal Line are available in their respective seasons) will have to do however, as the channels and cable services try to add more features and access to keep subscribers happy, or at least still paying, whether they're at home or away.
PlayThru hopes to kill text captchas with game-based authentication
At their worst, captchas are impossible to decipher; at their best, they're... fun? A startup called Are You a Human has developed PlayThru, an alternative to text-based authentication. Instead of requiring the user to type some blurry, nonsensical word, PlayThru has them play a mini-game, such as dragging and dropping a car into an open parking spot. The startup says this method is more secure than word captchas -- since automated bots have a harder time solving these image-based puzzles -- and more fun, because users generally have a better time when their ability to identify letters isn't called into question. PlayThru has been in beta for several months and is currently available as a free download. On May 21st, the solution will officially launch on both PCs and smartphones. Click through to the source link to try out the captcha alternative for yourself.
Sony prepping power outlet that demands payment, identification
We're already counting down the days until these bad boys find themselves in your local cafe and airport terminal. Sony is working on power outlets that are able to identify a user and determine their permissions at that particular socket. With the quick tap of a card, phone or other NFC device your authentication info is passed to a server over the powerline itself. The tech could be used to manage power consumption or prevent theft, but the more obvious and immediate use will be to make a quick buck. The chips at the heart of the platform are compatible with Sony's FeliCa NFC payment system -- which means travelers waiting at Narita International Airport could soon be paying for both WiFi and to keep their laptop juiced when their flight is inevitably delayed. On the other hand, perhaps being able to charge for a charge will convince New York City Starbucks to give us our outlets back. Check out the source link for some machine translated PR.
EasySignMobile enters the Facebook fray for iPhone and iPad
Need to sign a contract, like, now? There's an app for that. Several actually, but the folks who create EasySignMobile have gone and made their service a bit more accessible to the unwashed masses with an updated version that supports Facebook authentication. The new feature is currently available only for iOS, although we'd imagine Android users will find similar love in the near future, as the company released its first version for Google's platform last October. Also on deck for iPhone and iPad fans, the latest version of EasySignMobile offers integration with Dropbox and Box.net for easy file storage and retrieval. So next time you need to make your mark, perhaps you can reach into your pocket rather than rummage for a pen. Those interested will find the full PR after the break.
Google demos QR code Gmail access, claims something better in store
What's the big G up to here, then? It seems the Gmail team has been tinkering with a new secure method of accessing your precious email. Type your credentials into your phone, then scan a QR code in the browser to log in. It's ideal for public machines where typing your password might gift your credentials to any key-logging software. Sadly though, it seems the venture was just an experiment, with Google employee Dirk Balfanz confirming so on his Plus account. So, we might not be accessing our Gmail sans keyboard anytime soon, but with said staffer also teasing that his team are working on something "even better" who knows how we'll be logging on in the near future -- let's just hope it's not this.
Inside Secure announces NFC chips to help distinguish knockoffs from the real thing
If you can't tell if a Rolex or a knockoff Prada bag is fake, your NFC-enabled smartphone will be able to. Toking on a long-standing problem with counterfeiting, French company Inside Secure has released the Vault150 security module, a NFC-based chip that can be embedded into any product a retailer might wish to have authenticated by prospective buyers. This could become as easy as literally embedding the chip, as NFC chips require no power source, can collect RF energy from an NFC reader such as a smartphone and complete an authentication request for a potential buyer. For more intricate products where the chip might have to be buried deeper, Inside Secure has also offered several antenna options that allow the chip to be placed well within an item and still communicate with an NFC reader. In cases where a module needs to be embedded in items like a bottle of wine or pair of shoes, the chip can use a slew of voltage, frequency or temperature change sensors to sense if someone has tried to alter the chip's information and return a warning from there. Along with authentication purposes, the devices could also ping a shopper's handset (in addition to doing cool things like opening doors) when they came within a certain range of a product, informing them as to the savings they might be about to pass by. Final pricing and availability has yet to be announced and there's no guarantee that this will spot every fake, but it'll probably be better at the task than the current champ (yes, Chumlee).
SD Association aims to provide authentication services with standardized smart-chip technology
The SD Association has already embraced some authentication measures to provide things like secure ebooks, but it's now looking to go the extra mile with a little help from GlobalPlatform. The two have announced today that they're collaborating on a standardized smart-chip technology for SD and microSD cards, which they hope will let the memory cards be used for everything from mobile payments and personal ID -- including near-field communication -- to things like mobile television subscriptions and other customized services. Of course, that's all still in the earliest stages, and there's no indication of a timeline for any of it just yet. The official press release is after the break.
iPass wants a world of interconnected WiFi, a roaming 'renaissance'
Some ideas are undeniably sensible, and zero-click WiFi roaming across carriers and countries is one of them. That's why iPass has set itself the unenviable but likely profitable task of convincing global telecoms giants to overlook their differences and form an "Open Mobile Exchange" based on its cloud-based authentication technology. It won't be the first to embark on such a voyage of persuasion: Skype is already on the case and Boingo is too (at least, sort of), but there are still plenty of fragmented hotspot services out there waiting to be crushed and blended by an effortless roaming technology. We just hope iPass has perfected its pleading email template: "Dearest Carrier, have you considered...?" Full PR after the break.
RSA SecureID hackers may have accessed Lockheed Martin trade secrets, cafeteria menus (update: no data compromised)
RSA SecureID dongles add a layer of protection to everything from office pilates class schedules to corporate email accounts, with banks, tech companies, and even U.S. defense contractors using hardware security tokens to protect their networks. Following a breach at RSA in March, however, the company urged clients to boost other security methods, such as passwords and PIN codes, theoretically protecting networks from hackers that may have gained the ability to duplicate those critical SecureIDs. Now, Lockheed Martin is claiming that its network has come under attack, prompting RSA to issue 90,000 replacement tokens to Lockheed employees. The DoD contractor isn't detailing what data hackers may have accessed, but a SecureID bypass should clearly be taken very seriously, especially when that little keychain dongle is helping to protect our national security. If last month's Sony breach didn't already convince you to beef up your own computer security, now might be a good time to swap in 'Pa55werD1' for the rather pathetic 'password' you've been using to protect your own company's trade secrets for the last decade. [Thanks to everyone who sent this in] Update: According to Reuters, Lockheed Martin sent out a statement to clarify that it promptly took action to thwart the attack one week ago, and consequently "no customer, program or employee personal data has been compromised." Phew! [Thanks, JD]
RIFT bringing out a new authentication service today - but not yet
Authenticators are one of the most popular forms of account security around, giving players an extra layer of defense against hackers and keyloggers. RIFT has been dealing steadily with account security issues since launch, so the upcoming authenticator service is no surprise to players. Using a digital authenticator service, players will very soon be able to use their Android mobile devices for authentication services -- but carefully note the "soon," as the service isn't yet ready for prime time. Currently, using the authenticator will prevent players from logging in, as the code for using said authentication isn't yet in place. A new launcher will be put into place for the game later today, allowing players with Android devices use of the authentication service. While the current release is only for the Android platform, code for the iOS is being finalized, meaning that iPhone and iPad users won't be left out in the cold. So if you're playing RIFT and want to have a little more random number to go with your login, you'll soon be able to do just that. (But not quite yet.) [Thanks to Puremallace for the tip!]
Player identifies "huge security hole" in RIFT's authentication system, Trion seals it
Hacking and account hijacking have been severe issues for RIFT ever since launch, even though Trion Worlds anticipated the onslaught from the beginning. Yesterday we saw Trion implement the so-called Coin Lock patch to prevent hackers from selling other players' items in-game, which some see as a novel (partial) solution to the problem. However, this may not be enough to stop the truly malicious invaders from getting into RIFT accounts. One player, identified as "ManWitDaPlan" on the forums, claims to have circumvented the account login completely, leaving a "huge security hole" for hackers to exploit: "I have verified the authentication system can be bypassed by successfully logging into another account without needing its credentials. Worse, all it took was about thirty seconds of time once I got all of the details locked down. I did trigger Coin Lock, but I was fully able to access that handy delete-character button, so this exploit is a griefer's dream. I will not post details on how to do this (so don't ask), but I'm positive that I can reproduce this at will and likely on any account on the system." Later in the thread, a Trion representative added: "We have some things in the works right now and have been passing on your feedback, concerns, and thoughts throughout the day (no matter how radical or unlikely). Sharing sensitive information about our actions (no matter how broad) naturally also informs those carrying out these attacks. This puts us in a tight spot with how much information we can provide, and the questions we can answer." And it looks as though the problem may be fixed, as ManWitDaPlan posted late last night: "Got word back from Steve Chamberlin, the development lead for Rift. This hole is sealed."
RSA hacked, data exposed that could 'reduce the effectiveness' of SecurID tokens
If you've ever wondered whether two-factor authentication systems actually boost security, things that spit out pseudorandom numbers you have to enter in addition to a password, the answer is yes, yes they do. But, their effectiveness is of course dependent on the security of the systems that actually generate those funny numbers, and as of this morning those are looking a little less reliable. RSA, the security division of EMC and producer of the SecurID systems used by countless corporations (and the Department of Defense), has been hacked. Yesterday it sent out messages to its clients and posted an open letter stating that it's been the victim of an "advanced" attack that "resulted in certain information being extracted from RSA's systems" -- information "specifically related to RSA's SecurID two-factor authentication products." Yeah, yikes. The company assures that the system hasn't been totally compromised, but the information retrieved "could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack." RSA is recommending its customers beef up security in other ways, including a suggestion that RSA's customers "enforce strong password and pin policies." Of course, if security admins wanted to rely on those they wouldn't have made everyone carry around SecurID tokens in the first place. [Thanks to everyone who sent this in]
Microsoft's OneVision Video Recognizer can detect, identify, and track your face on video... so smile!
Here's your classic case of "just because you can, doesn't mean you should." Microsoft's Innovation Labs have just demonstrated a OneVision Video Recognizer algorithm that's powerful enough to perform face detection duties on a running video feed. It can recognize and track humanoid visages even while they're moving, accept tags that allow auto-identification of people as they enter the frame, and can ultimately lead to some highly sophisticated video editing and indexing via its automated information gathering. Of course, it's that very ease with which it can keep a watchful eye on everyone that has us feeling uneasy right now, but what are you gonna do? Watch the video after the break, that's what.
