payment
Source: http://gizmodo.com/5883585/google-wallets-pin-system-has-been-cracked-but-dont-panic-just-yet
The security PIN system that Google Wallet users have to enter to verify transactions has been compromised. Thankfully, the chances of your wallet being used against you is relatively low—assuming you haven’t rooted your phone, that is.
Since Wallet saves your PIN in an encrypted file on the phone itself, rather than the secured NFC chip, if your phone falls into the wrong hands, that person could lift your PIN file from the phone and simply crack it using brute force. From there, he’d have access to—and use of—your Wallet account.
Security firm, Zvelo, discovered and reported the issue to Google, but because Wallet’s security architecture, the change will require a fundamental rejiggering of the security protocols. Man, talk about an oversight. According to Zvelo,
The lynch-pin, however, was that within the PIN information section was a long integer “salt” and a SHA256 hex encoded string “hash”. Knowing that the PIN can only be a 4-digit numeric value, it dawned on us that a brute-force attack would only require calculating, at most, 10,000 SHA256 hashes…This completely negates all of the security of this mobile phone payment system.
So, if you are rooted, be sure to take some additional security steps to protect yourself like activating the lock screen, disabling the USB debugging option in settings, and enabling full-disk encryption. Or maybe not losing your phone in the first place. [Zvelo via Android Central via The Verge]
Source: http://gizmodo.com/5883585/google-wallets-pin-system-has-been-cracked-but-dont-panic-just-yet
The security PIN system that Google Wallet users have to enter to verify transactions has been compromised. Thankfully, the chances of your wallet being used against you is relatively low—assuming you haven’t rooted your phone, that is.
Since Wallet saves your PIN in an encrypted file on the phone itself, rather than the secured NFC chip, if your phone falls into the wrong hands, that person could lift your PIN file from the phone and simply crack it using brute force. From there, he’d have access to—and use of—your Wallet account.
Security firm, Zvelo, discovered and reported the issue to Google, but because Wallet’s security architecture, the change will require a fundamental rejiggering of the security protocols. Man, talk about an oversight. According to Zvelo,
The lynch-pin, however, was that within the PIN information section was a long integer “salt” and a SHA256 hex encoded string “hash”. Knowing that the PIN can only be a 4-digit numeric value, it dawned on us that a brute-force attack would only require calculating, at most, 10,000 SHA256 hashes…This completely negates all of the security of this mobile phone payment system.
So, if you are rooted, be sure to take some additional security steps to protect yourself like activating the lock screen, disabling the USB debugging option in settings, and enabling full-disk encryption. Or maybe not losing your phone in the first place. [Zvelo via Android Central via The Verge]
Source: http://lifehacker.com/5882940/the-best-sites-to-raise-money-and-get-your-ideas-off-the-ground
If you have a brilliant new idea for an mobile app, a handy gadget, a smartphone case that does something cool, an album you want to produce, or even a comic book you want to publish, it’s never been easier to get your idea in front of a lot of people and raise money to make it a reality. There are dozens of free and cheap sites designed to boost new ideas, but not all of them are best for your idea. Here’s how to pick the best one for you.
Sites like Kickstarter and many others all cater to people with ideas they believe can make it big, but who need money to get them off the ground. The community supports the idea, everyone chips in, and with luck and enough interest and the right amount of money, the product gets made and the contributors usually get first cut or a special perk. Still, even though Kickstarter gets a lot of press, it’s not necessarily the best one for your idea.
Photo remixed with an original by dinadesign/Shutterstock.
For The Most Attention: Kickstarter
Kickstarter is the major player in this space, and for good reason. The service gets a lot of media attention, and even though the majority of Kickstarter projects don’t go anywhere, it’s become the go-to destination for anyone looking to crowd-fund their projects thanks to a few high-profile projects that managed to raise a lot of money. It’s not the biggest crowd-funding community, and it’s not even the one with the best track record, but it’s incredibly easy to use, popular with angel investors and people looking for the next big idea to invest in and get behind, and well organized. Idea creators can set up their profiles for free, founders can pledge as much or as little as they choose, and no money changes hands until time runs out or the project is fully-funded. If the project is fully funded, Kickstarter takes 5% off the top, and the rest goes to the inventor or creator to make their idea happen.
For App-Builders, Game Designers, and Developers: IndieGoGo
IndieGoGo is actually larger than Kickstarter, and more people there use it for more types of projects. The site takes 4% off the top of your fundraising if you reach your funding goal, and encourages creators and developers to offer perks to the community for funding their projects. Unlike some of its competition, IndieGoGo also has its doors open to charities and non-profits. The site is particularly popular with software and app developers, although all sorts of creative projects are up on the site for funding, including documentary and independant films, education projects, and international aid projects. IndieGoGo also has the benefit of being a global site, available to users around the world.
For Inventors and Gadget Creators: Quirky
Quirky has an excellent track record, and some of our favorite gadgets started as Quirky ideas. The process of getting your idea in front of the Quirky community is a bit more involved than at other sites. You submit your idea, the community weighs in first on whether or not it’s an idea that could be made into an actual product before it goes in front of the world for fundraising. That’s the key, while other sites focus on creative endeavors, most Quirky projects are tangible products that can be manufactured and sold. The Quirky community is active and engaged in idea building and product design and development, and a lot goes on long before the idea ever gets on the site for presale fundraising. Pricing is on a sliding scale—people who get in early can get lower prices than people who get in later, and once the product is made, Quirky can work to manufacture it themselves, or work with a major retail partner to get it on store shelves everywhere.
For Musicians: Bandcamp
We touched on this topic a bit in our previous story on how to release music online so music-lovers can get to it, but while SoundCloud was one of our favorite options for releasing your music for free, allowing people to remix it, and comment on it, Bandcamp is another great solution for musicians looking to set up a free storefront on the web to allow people to buy and download their music directly. Artists and fans both love Bandcamp, and the service handles the entire payment platform, from set-your-own-price albums and songs to artists with a mix of free and paid songs in their discography. Artists can also sell merchandise through their stores, and Bandcamp takes a slice off the top depending on the artist’s sales. Fans and music lovers on the other hand get a social platform where they can follow and interact with their favorite artists, get alerts when new music is released, and discover new artists through their friends.
For Crafty Types: Etsy
Crafty types are already well aware of Etsy and how the platform works. When people who made their own hand-made goods, arts, and custom crafts wanted an online storefront that catered more to their needs than a general auction site like eBay, Etsy was born. The site has dozens of categories, including clothing, art, jewelry, household accessories, and more. While most people know Etsy as a craft-lovers haven, the site is also home to a number of stores that manufacture products you wouldn’t associate with “arts and crafts,” like wall decals, custom motorcycle helmets, and even edible crafts like homemade cookies and beef jerky. Where other similar sites help you get seed money for an idea, Etsy is more of a traditional store, meaning you have to have your idea off the ground and your product ready for sale—even if it’s a single item—before you can sell it.
For Global Users: RocketHub
Many of these sites limit their membership to users in the United States, but RocketHub is one of the largest global communities dedicated to crowd-funding new ideas. RocketHub combines a traditional crowd-funding site where individuals can promote and raise money for their own ideas and pet projects with a funding bank where people with inspired ideas can connect with sponsors, non-profits, and funding groups who are willing to share some cash with a particularly motivated or passionate individual. The service works much like Kickstarter or IndieGoGo—sign-ups are free, and the site takes a 4% cut.
Different crowd-funding sites have different goals and different audiences. Depending on the type of idea you have and the audience you want to reach, you have an array of sites to choose from, and this is just the beginning. For example, if you have a random request or want to get the crowd’s help in funding a life event like a wedding or a vacation, you can try GoGetFunding, and if you’re an industrial designer, Yanko Design is a great resource for like-minded designers.
Whichever site you choose to get your ideas off the ground, make sure it’s one where the community is aligned with and supportive of your ideas, and you’ll have no trouble raising the funds needed to make it a reality. Have you used any of these sites to crowd-fund a project or idea? Share your experiences in the comments below.
The banking industry often employs two-step security measures—similar to Google Authenticator—as an added layer of protection against password theft and fraud. Unfortunately, those systems have just been rendered moot by a highly-advanced hack.
The attack, know as the Man in the Browser method, works like this. Malicious code is first introduced onto the victim’s computer where it resides in the web browser. It will lay dormant until the victim visits a specific website—in this case, his bank’s secure website. Once the user attempts to log in, the malware activates and runs between the victim and the actual website. Often the malware will request that the victim enter his password or other security pass into an unauthorized field, in order to “train a new security system.” Once that happens, the attacker has full access to the account.
Luckily, the method is only a single-shot attack. That is, the attacker is only able to infiltrate the site once with the user-supplied pass code. But, once in, the attacker can hide records of money transfers, spoof balances and change payment details. “The man in the browser attack is a very focused, very specific, advanced threat, specifically focused against banking,” Daniel Brett, of malware testing lab S21sec, told the BBC.
Since this attack has shown that the two-factor system is no longer a viable defense, the banking industry may have to adopt more advanced fraud-detection methods similar to what secure credit cards. When compared to having your account silently drained, standing in line for the teller suddenly doesn’t seem like that much of a hassle. [BBC News via Technology Review]
Image: jamdesign / Shutterstock
What Is SOPA? [Sopa]
Source: http://gizmodo.com/5877000/what-is-sopa
If you hadn’t heard of SOPA before, you probably have by now: Some of the internet’s most influential sites—Reddit and Wikipedia among them—are going dark to protest the much-maligned anti-piracy bill. But other than being a very bad thing, what is SOPA? And what will it mean for you if it passes?
SOPA is an anti-piracy bill working its way through Congress…
House Judiciary Committee Chair and Texas Republican Lamar Smith, along with 12 co-sponsors, introduced the Stop Online Piracy Act on October 26th of last year. Debate on H.R. 3261, as it’s formally known, has consisted of one hearing on November 16th and a “mark-up period” on December 15th, which was designed to make the bill more agreeable to both parties. Its counterpart in the Senate is the Protect IP Act (S. 968). Also known by it’s cuter-but-still-deadly name: PIPA. There will likely be a vote on PIPA next Wednesday; SOPA discussions had been placed on hold but will resume in February of this year.
…that would grant content creators extraordinary power over the internet…
The beating heart of SOPA is the ability of intellectual property owners (read: movie studios and record labels) to effectively pull the plug on foreign sites against whom they have a copyright claim. If Warner Bros., for example, says that a site in Italy is torrenting a copy of The Dark Knight, the studio could demand that Google remove that site from its search results, that PayPal no longer accept payments to or from that site, that ad services pull all ads and finances from it, and—most dangerously—that the site’s ISP prevent people from even going there.
…which would go almost comedically unchecked…
Perhaps the most galling thing about SOPA in its original construction is that it let IP owners take these actions without a single court appearance or judicial sign-off. All it required was a single letter claiming a “good faith belief” that the target site has infringed on its content. Once Google or PayPal or whoever received the quarantine notice, they would have five days to either abide or to challenge the claim in court. Rights holders still have the power to request that kind of blockade, but in the most recent version of the bill the five day window has softened, and companies now would need the court’s permission.
The language in SOPA implies that it’s aimed squarely at foreign offenders; that’s why it focuses on cutting off sources of funding and traffic (generally US-based) rather than directly attacking a targeted site (which is outside of US legal jurisdiction) directly. But that’s just part of it.
…to the point of potentially creating an “Internet Blacklist”…
Here’s the other thing: Payment processors or content providers like Visa or YouTube don’t even need a letter shut off a site’s resources. The bill’s “vigilante” provision gives broad immunity to any provider who proactively shutters sites it considers to be infringers. Which means the MPAA just needs to publicize one list of infringing sites to get those sites blacklisted from the internet.
Potential for abuse is rampant. As Public Knowledge points out, Google could easily take it upon itself to delist every viral video site on the internet with a “good faith belief” that they’re hosting copyrighted material. Leaving YouTube as the only major video portal. Comcast (an ISP) owns NBC (a content provider). Think they might have an interest in shuttering some rival domains? Under SOPA, they can do it without even asking for permission.
…while exacting a huge cost from nearly every site you use daily…
SOPA also includes an “anti-circumvention” clause, which holds that telling people how to work around SOPA is nearly as bad as violating its main provisions. In other words: if your status update links to The Pirate Bay, Facebook would be legally obligated to remove it. Ditto tweets, YouTube videos, Tumblr or WordPress posts, or sites indexed by Google. And if Google, Twitter, WordPress, Facebook, etc. let it stand? They face a government “enjoinment.” They could and would be shut down.
The resources it would take to self-police are monumental for established companies, and unattainable for start-ups. SOPA would censor every online social outlet you have, and prevent new ones from emerging.
…and potentially disappearing your entire digital life…
The party line on SOPA is that it only affects seedy off-shore torrent sites. That’s false. As the big legal brains at Bricoleur point out, the potential collateral damage is huge. And it’s you. Because while Facebook and Twitter have the financial wherewithal to stave off anti-circumvention shut down notices, the smaller sites you use to store your photos, your videos, and your thoughts may not. If the government decides any part of that site infringes on copyright and proves it in court? Poof. Your digital life is gone, and you can’t get it back.
…while still managing to be both unnecessary and ineffective…
What’s saddest about SOPA is that it’s pointless on two fronts. In the US, the MPAA, and RIAA already have the Digital Millennium Copyright Act (DMCA) to request that infringing material be taken down. We’ve all seen enough “video removed” messages to know that it works just fine.
As for the foreign operators, you might as well be throwing darts at a tse-tse fly. The poster child of overseas torrenting, Pirate Bay, has made it perfectly clear that they’re not frightened in the least. And why should they be? Its proprietors have successfully evaded any technological attempt to shut them down so far. Its advertising partners aren’t US-based, so they can’t be choked out. But more important than Pirate Bay itself is the idea of Pirate Bay, and the hundreds or thousands of sites like it, as populous and resilient as mushrooms in a marsh. Forget the question of should SOPA succeed. It’s incredibly unlikely that it could. At least at its stated goals.
…but stands a shockingly good chance of passing…
SOPA is, objectively, an unfeasible trainwreck of a bill, one that willfully misunderstands the nature of the internet and portends huge financial and cultural losses. The White House has come out strongly against it. As have hundreds of venture capitalists and dozens of the men and women who helped build the internet in the first place. In spite of all this, it remains popular in the House of Representatives.
That mark-up period on December 15th, the one that was supposed to transform the bill into something more manageable? Useless. Twenty sanity-fueled amendments were flat-out rejected. And while the bill’s most controversial provision—mandatory DNS filtering—was thankfully taken off the table recently, in practice internet providers would almost certainly still use DNS as a tool to shut an accused site down.
…unless we do something about it.
The momentum behind the anti-SOPA movement has been slow to build, but we’re finally at a saturation point. Wikipedia, BoingBoing, WordPress, TwitPic: they’ll all be dark on January 18th. An anti-SOPA rally has been planned for tomorrow afternoon in New York. The list of companies supporting SOPA is long but shrinking, thanks in no small part to the emails and phone calls they’ve received in the last few months.
So keep calling. Keep emailing. Most of all, keep making it known that the internet was built on the same principles of freedom that this country was. It should be afforded to the same rights.
—
drag2share – drag and drop RSS news items on your email contacts to share (click SEE DEMO)
iPhone Owners Download Twice As Many Paid Apps As Android Owners (GOOG, AAPL)
Source: http://www.businessinsider.com/chart-of-the-day-apps-iphone-ipod-android-2010-6
Apple iPhone owners are downloading almost twice as many paid applications as Google Android users, according to data from Google‘s mobile ad company AdMob. AdMob included this chart in its monthly mobile stats report.
AdMob doesn’t provide any explanation for this phenomenon, so here are our guesses:
- iTunes has a smooth purchasing/payment process. Google’s marketplace might not be as good.
- iTunes does a good job of highlighting popular paid apps. Android isn’t as good at that.
- There are probably more paid apps on a relative basis for iPhone than Android.
- The iPhone is positioned as a premium phone. Verizon offers some Android phones for free, same with T-Mobile. If you get your phone for free, you might be less willing to spend for applications. (Or be the type of users who buys paid apps.)
Follow the Chart Of The Day on Twitter: www.twitter.com/chartoftheday
Join the conversation about this story »
See Also:
Digital Consigliere
Collaborators – Digital Profs
Pages
Popular Posts
- What is Web 3.0? Characteristics of Web 3.0
- The JKWeddingDance video was real; the viral effect was MANUFACTURED - Post 1 of 2
- Facebook advertising metrics and benchmarks
- The Grand Unified Theory of Marketing(tm) - Digital String Theory
- Samsung 52 inch HDTV $9.99 at BestBuy - purchase receipt below (6:21a eastern time August 12, 2009)
- Marketing Costs Normalized to CPM Basis for Comparison
- Digital Footprint Score (tm)
- Netflix vs Blockbuster - Perfect example of an industry replaced by a more efficient version of itself
- Social Media Is Changing How Supply And Demand Works For Big Brands
Tags
Prototype Web Services
- drag2share – quickly share news items by drag and drop on email addresses
- LivePhotoFrame – upload and remotely manage a digital photo frame via unique URL
- MedleyTuner – create a continuous listening experience by uploading mp3s
- MusicSamplr – discover new artists and music, listen to samples
- SharedMost – what links on ANY webpage are shared most?
- Signatory – sign and date a document and verify it hasn't been altered since that exact time.
- WebTeleprompter – just what it says it is
Archives
- February 2016 (2)
- January 2016 (6)
- October 2015 (2)
- September 2015 (7)
- August 2015 (6)
- July 2015 (2)
- June 2015 (5)
- May 2015 (4)
- April 2015 (32)
- March 2015 (57)
- February 2015 (79)
- January 2015 (86)
- December 2014 (69)
- November 2014 (98)
- October 2014 (150)
- September 2014 (109)
- August 2014 (44)
- July 2014 (92)
- June 2014 (118)
- May 2014 (173)
- April 2014 (130)
- March 2014 (247)
- February 2014 (167)
- January 2014 (222)
- December 2013 (167)
- November 2013 (111)
- October 2013 (116)
- September 2013 (214)
- August 2013 (210)
- July 2013 (200)
- June 2013 (87)
- May 2013 (87)
- April 2013 (70)
- March 2013 (114)
- February 2013 (89)
- January 2013 (136)
- December 2012 (96)
- November 2012 (130)
- October 2012 (147)
- September 2012 (93)
- August 2012 (93)
- July 2012 (112)
- June 2012 (71)
- May 2012 (82)
- April 2012 (80)
- March 2012 (122)
- February 2012 (114)
- January 2012 (129)
- December 2011 (60)
- November 2011 (54)
- October 2011 (29)
- September 2011 (17)
- August 2011 (30)
- July 2011 (18)
- June 2011 (19)
- May 2011 (22)
- April 2011 (23)
- March 2011 (52)
- February 2011 (69)
- January 2011 (108)
- December 2010 (82)
- November 2010 (67)
- October 2010 (68)
- September 2010 (44)
- August 2010 (101)
- July 2010 (61)
- June 2010 (28)
- May 2010 (28)
- April 2010 (26)
- March 2010 (33)
- February 2010 (21)
- January 2010 (13)
- December 2009 (4)
- November 2009 (2)
- October 2009 (14)
- September 2009 (6)
- August 2009 (19)
- July 2009 (34)
- June 2009 (11)
- May 2009 (4)
- April 2009 (6)
- March 2009 (13)
- February 2009 (32)
- January 2009 (25)
- December 2008 (1)
- October 2008 (1)
- June 2008 (1)
- November 2007 (1)