Archives for March 31, 2019

Google users can sign into Firefox and Edge with a security key

by

USB stick on keyboard – caption Security

You still need Chrome to add a key in the first place, though.

Until now, you’ve had to use Chrome to sign into your Google account with a security key. You won’t have to be quite so choosy going forward, though. Google has transitioned to using the new Web Authentication standard for hardware-based sign-ins, making your key useful in Firefox, Edge and other browsers that rely on the format. That could be particularly helpful if you want to check your Gmail on an unfamiliar PC and would rather not install Chrome or punch in a password.

There’s just one gotcha: as the key registration process still relies on the older Universal Second Factor standard, you’ll have to use Chrome to add a key to your account. It’ll “take some time” before you can rely solely on a third-party browser, Google’s Christiaan Brand said. Still, that support is at least on the way. It might not be too much longer before you can simply assume that your key will work anywhere there’s a spare port or Bluetooth connection.

Facebook axed its bird-size internet drones before they even flew

by

House sparrows.

The experiment was codenamed Catalina, and it would’ve used flying machines the size of sparrows.

Facebook’s Aquila wasn’t the company’s only experimental project meant to boost slow mobile internet speeds. According to a Business Insider report, the social network also explored the use of fixed-wing bird-size drones to provide people in remote locations the capability to stream data-intensive content such as videos and photos. The project called Catalina started sometime in 2017 and shut down after Aquila did in mid-2018. It was named after the California island, which used to rely on pigeons to carry messages to the mainland and back. In fact, Facebook called Catalina’s pseudo-internet “pigeonet,” though the drones were apparently closer in size to sparrows.

It’s not entirely clear how pigeonet would’ve worked, but the report says the drones were designed to carry small solid-state drives filled with media. That suggests that they were meant to relay information between traditional mobile infrastructure from afar and people’s phones. What’s crystal is that Facebook didn’t conceptualize the technology as a complete replacement for people’s mobile networks.

If users aren’t streaming videos or loading data-heavy images, their phones will keep on using their slower connections. It was meant to give more people a way to watch videos and view photos, which makes sense, seeing as the company most likely conjured up the project in an effort to find more users for its platform. Facebook even wanted to test pigeonet by giving its first users access to the company’s core apps, including Messenger. Eventually, the service’s capabilities would’ve expanded with the addition of other applications, like YouTube and Netflix.

The company is no stranger to rolling out products created to lure more people into using its apps, including the controversial Free Basics service. Free Basics offers limited access to websites outside of Facebook, so the social network has become synonymous with the internet itself for a lot of people in developing regions. That’s a problematic notion when fake news continues to circulate on the platform and people have no way to check and verify information on their own.

Junked Teslas still held unencrypted video recordings

by

Its built-in data recorders mean there is more information to find than in most cars.

An experiment conducted by white hat hackers and reported by CNBC show that Tesla vehicles store more information than you might think — and they even keep your data unencrypted. It’s normal for cars to keep some information from the cellphones you pair with them via Bluetooth, such as contact numbers. But a Tesla computer can also store videos, locations and navigational data, since the company’s vehicles have built-in dashcams, data recorders and other features meant to gather information. In the event of a crash, the video could even include exactly what happened leading to the accident.

One of the researchers who uses the pseudonym GreenTheOnly told CNBCthat he managed to extract all sorts of data from salvaged Model X, Model S and Model 3 cars in the past. To take a closer look at what Tesla computers can reveal, he teamed up with another white hat hacker named Theo and purchased a totaled Model 3 late last year for research purposes.

The result? They found unencrypted information from at least 17 different devices, including the number of times they were paired to the vehicle, as well as 11 phonebooks’ worth of contact information. The researchers also found calendar entries with descriptions of planned appointments, along with the e-mail addresses of those invited. In addition, they unearthed the 73 last locations (and navigation information) the car went to and even successfully extracted the video of the crash itself.

The fact that the automaker doesn’t automatically delete such information could be a double-edged sword. Yes, it could be helpful for investigators, but someone with the technical knowledge can hack into a salvaged or a reconditioned Tesla’s computer and extract data. They don’t even have to worry about having to break any kind of encryption.

A Tesla spokesperson told CNBC:

“Tesla already offers options that customers can use to protect personal data stored on their car, including a factory reset option for deleting personal data and restoring customized settings to factory defaults, and a Valet Mode for hiding personal data (among other functions) when giving their keys to a valet. That said, we are always committed to finding and improving upon the right balance between technical vehicle needs and the privacy of our customers.”

Those options, however, might not be enough. A former employee from at least one automotive auction company that Tesla uses to recondition used cars admitted that they don’t factory reset the vehicles they sell. And as the researchers proved, it’s possible to extract information from cars that go to the junkyard after a crash. If owners try to modify their cars’ software on their own, they risk getting software updates much later than everyone else. Apparently, the company flags owners as hackers if they modify or even analyze their vehicle’s system.

The Chief Security Officer at BugCrowd, which manages Tesla’s bug bounty program, explained to the publication that the company can’t just wipe cars automatically. There “could be a forensic need to contain and retain the data,” he said. “But I would think that what they will want to work on is a way to have all that stored data encrypted, as it would be on your cell phone,” he added.

Apple Music code hints at Chromecast support

by

You could stream the service to all kinds of Google-powered devices.

Whether or not Apple Music is coming to Google Home, there are signs you might get to use it with some Google-powered devices. The 9to5Google team has found multiple lines of code in Apple Music’s Android app that reference Chromecast support, including some added through recent updates. While there’s no guarantee this would be implemented any time soon, it suggests you could soon pipe Apple’s latest Drake exclusive to a compatible Chromecast dongle, speaker, smart display or TV.

There are no guarantees Apple will integrate Chromecast support soon, if at all. However, the mounting volume of code suggests it could be more a matter of when than if. Also, Apple’s software has become more Google-friendly as of late — it added support for the app on Chromebooks just days ago. Apple has made clear that it (usually) wants its services to be as widely available as possible, and that means bringing them to platforms that were previously off-limits.

The 5 worst pieces of financial advice that will cost you time, money and sanity

by

It doesn’t take much time on the internet to see that financial tips are a dime a dozen. Everyone’s got advice on how you can make more and spend less.

Some of these tips can be useful, but there are also quite a few ideas that are just plain bad. After scouring the web, here’s the financial advice you should avoid at all costs, along with how you can rework it to actually help you.

1. Open your windows instead of using AC

It’s the money-saving tip courtesy of all the people who have never lived somewhere that gets above 80 degrees. Like the San Fernando Valley of Los Angeles, where I’ve seen it reach 116 degrees in the summer and where I probably would’ve died if it wasn’t for my AC.

There’s also the cold-weather version of this advice – bundle up instead of using your heating in the winter. Again, this may work well in some climates, but not in places where it gets absolutely freezing.

Instead of making yourself suffer when it’s extremely hot or cold, plan ahead by saving some extra money during milder months when you’re not spending as much. For homeowners, you can also get the insulation in your home checked or go with more energy-efficient heating and cooling.

2. Generate passive income by writing books

When you see someone suggesting writing as some sort of get-rich-quick scheme, you can safely assume that they:

  • Have never written a book.
  • Have no idea how much authors get paid for book sales.

Sure, plenty of authors do end up making solid passive income, but there are far more who don’t. If you want to be among the chosen few who succeed, you’re looking at hundreds of hours of work writing that book.

If you want to generate extra income, your best bet is to use the talents and passions you already have. That could be writing for some, but for others, it may be something entirely different, such as web design or marketing.

3. Try to win radio contests for quick cash

Yes, I actually read a column recommending this. As advice goes, it’s about as useful as suggesting that you hit the blackjack tables or buy scratcher tickets to make some extra cash.

Winning radio contests almost always comes down to luck, so they’re definitely not a reliable way to make money. Even if you win one, it’s not something you can replicate in the future.

If you want to have a more productive commute, you could use that time to listen to podcasts or audiobooks.

4. Save your loose change

Many a family has gone this route, putting a giant change jar in the house and tossing in their extra coins every night. It’s a common recommendation for people who have trouble saving money, but it’s far from the most effective way to save.

There are two glaring flaws with saving your loose change. The first is that to get anywhere saving money this way, you’ll need to pay in cash all the time. Credit cards are a more secure payment method, and there are plenty of excellent credit cards that can earn you rewards on your spending.

The other issue is that the money you save would be much better off in a bank account. In one of the best bank accounts, your money can earn some interest, and it will be safer than it would be lying around in your home.

5. Read self-help books and go to seminars

There’s always a new flavor-of-the-month self-help system people are raving about. “The Secret.” “Rich Dad Poor Dad.” And a million others, generally with some combination of the words “wealth,” “power,” and “success” in the title.

What these all have in common is that they’re designed to appeal to as many people as possible, so they really just find new ways to package extremely general advice and philosophies, such as:

  • Put your money into assets that increase in value.
  • Avoid debt.
  • Have a positive mindset.

Self-improvement is a worthwhile goal, but you’re better off focusing on specific skills over wasting money on one-size-fits-all programs.

Separating the good advice from the bad

Those are just a few of the worst offenders, and they’re proof that you should take financial advice with a grain of salt. Before you follow any supposedly slam-dunk money tips, make sure the potential reward is worth the effort.

Social Security Scams Abound. Watch Out for This One.

by

Benjamin Franklin famously said that nothing is certain but death and taxes. To that, he could have added Social Security scams.

Fraudsters have long been calling Social Security benefit recipients and telling them their Social Security number is being suspended for criminal or fraudulent activity — and that the government is taking action against them. The action ranges from an arrest warrant to an active lawsuit.

To end this supposed action, victims are told to call another number. When they do, folks running the scam will ask them to pay a fine (often through gift cards). They will also be asked personal information, such as their bank account numbers, date of birth, and so on. If they supply it, fraudsters can utilize it to take money from their accounts.

With a Social Security number and a date of birth, it’s even possible to sign up for benefits (if the rightful Social Security account holder hasn’t yet) or, if they have, to divert benefits to another address and bank account. Scam artists can simply contact the Social Security Administration (SSA) and ask to change the address or bank account. The first indication the rightful recipient would have is the failure of their benefits to arrive.

A new spin

But a new wrinkle in this venerable scam was recently reported. In this one, recipients of a call are told that their Social Security number has been suspended due not to their own actions but to more general “suspicious activity.”

Instead of being given another number to call, the victims are told to simply press 1, and they’ll be connected with a Social Security agent. Instead, they are connected to a fraudulent agent, who may ask them to verify their Social Security number. Once they verify it, the fraudster has it. Fines and bank account numbers are part of this one, too.

Senior citizens are targets

Unfortunately, Social Security fraud is all too frequently perpetrated against senior citizens. Most senior citizens rely on Social Security for at least part of their income, and many rely on it for a sizable percentage of it. They may be very frightened of a possible suspension of the number and hence the benefit.

Senior citizens also often don’t realize how easy it is to imitate even an agency of the U.S. government. In the past, scam artists have set up phone numbers with 202 area codes (the one used in Washington, D.C.) and email accounts with ssa.gov as part of the address — which is part of the actual online address of the SSA. They have set up fake SSA websites that look very convincing.

This time of year, there may be a third wrinkle. Tax returns, refunds, and the Internal Revenue Service (IRS), another federal agency, are in the minds, computers, and mailboxes of many people. Senior citizens and the rest of the population might be more likely to believe that someone from the U.S. government is actually contacting them about suspicious activity during this period than any other.

Take precautions if you’re contacted

It’s important not to react if someone contacts you saying they’re from the SSA by phone or email. Instead, take three precautions.

1. Know the SSA’s policies

In general, the SSA and its agents will not suddenly call or email someone. The SSA, like the IRS, communicates by letter. It may at times call or email to follow up on an issue, but the original contact will come by letter.

2. Don’t give out any information

Once you know that the real SSA is not going to make such a serious charge as fraud or suspicious activity over the telephone, the next step is easy.

Don’t engage with the caller. Don’t give out any information of any kind. Don’t fall for one of their favorite tricks — verifying a Social Security or bank account number they already have part of. They can use it once they have it.

It’s a good idea, in fact, to hang up on the call. Some fraudsters record and use the victim’s voice, particularly saying “yes.” They can then use the recording to verify and authorize transfers from bank and other accounts.

3. Report the incident

If this scam happens to you, report it to the SSA. The SSA maintains a Fraud Hotline at 1-800-269-0271. If you’re hearing impaired, call 1-866-501-2101 (TTY).

The government alerts people to these scams based partly on the number of reports. It’s important to public safety to keep the public aware.