Hasta La Gadget!

Apple introduced two-factor authentication (or two-step verification if you’d like to call it that) with iCloud back in March, adding an extra layer of security to its cloud backup system. However, security researchers say that iCloud is still vulnerable to a break-in if your password is stolen.

ElcomSoft, a company that specializes in password-cracking software, says that there are security holes in Apple’s two-factor authentication process, saying that “Apple’s implementation does not apply to iCloud backups, allowing anyone and everyone knowing the user’s Apple ID and password to download and access information stored in the iCloud.” When you log in to your iCloud account, you’ll have “full information to everything stored there without being requested any additional logon information.”

The company says that they were able to download an iCloud backup using login details without ever using two-factor authentication, and the physical iOS device that the backup came from wasn’t needed for credential purposes. Of course, this doesn’t mean your iCloud data is out in the open. As long as your password is secure, no one can access your iCloud backup.

ElcomSoft also mentions another security issue, which is the fact that Apple sends verification codes directly to an iOS device’s lockscreen. This means that the verification code is exposed to whoever can turn on the display and look at the lockscreen, meaning that you don’t need to unlock an iOS device in order to see the code. ElcomSoft says that the code should obviously not be displayed on the lockscreen, but rather require users to unlock the device first in order to see it.

However, two-factor authentication does prevents hackers from resetting a user’s Apple ID password, but it doesn’t keep hackers from copying or deleting files that are stored in iCloud. ElcomSoft thinks that Apple’s two-factor authentication “does not look like a finished product,” and “it’s just not as secure as one would expect this solution to be.”

VIA: Ars Technica

SOURCE: ElcomSoft

iCloud not protected by Apple’s two-factor authentication, say researchers is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

There has been a lot of confusion surrounding the various new features of the Xbox One, but one of those features seems to have been settled. The Kinect sensor that many people feared would always be listening to your conversations can actually be turned off when not needed. Otherwise, you can use the Kinect to tell it to turn on your fancy new console.

According to Kotaku, a Microsoft rep confirmed that the Kinect sensor “is not always watching or always listening,” and users will be able to “turn the system completely off.” During the unveiling of the new console, Microsoft said that you can turn on the console using a voice command, which proves that the console isn’t actually completely off, but more in a stand-by mode listening for such voice commands.

Of course, this stirred up some big controversy about privacy issues, and that the console would always be listening to your conversation to hear for an “Xbox on” command that would turn on the console. It wouldn’t be listening in on your living room conversations just for the fun of it, but enough people have been worried that there could be a secondary use for the listening-in.

Microsoft says that they’ll have more information in the future as far as different methods for turning off the Xbox One, but we’re guessing that — as most people would suspect — that the power button on the console will actually shut down the Xbox One completely, while shutting down the console using the controller or sensor through the software will only shut it down partially, where at that point the Kinect would be on and listening for voice commands.

However, it seems Microsoft says that users have no reason to be concerned. The company notes that they are “designing the new Kinect with simple, easy methods to customize privacy settings, provide clear notifications and meaningful privacy choices for how data will be used, stored and shared.” Of course, though, if you’re really concerned about Microsoft spying on you while you’re not playing games, there’s always the power cord that you can rip from the wall.

SOURCE: Kotaku

Xbox One can shut down entirely to prevent always-listening Kinect is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Remember when you were a kid and you had this secret diary that your little brother would always try to sneak a peek at? Well, probably only the girls can relate, and while I had no brother, I did have a sister who constantly snooped around my stuff.

So if you have a little girl in the house and want to save her the trouble of having to fight for her privacy, you might want to get her the iHeart Locket. That’s if she already has an iPad.

The iHeart works in conjunction with the iHeart Locket Diary app for iOS. The app is essentially a digital diary that lets your little girl write her deepest thoughts and secrets. The app also lets her insert images and scribble down notes and doodles when she feels like it.

The locket functions as the diary’s key. It transmits a unique code that keeps the diary private, so only its wearer can read the diary. In addition, if anyone comes along, a button on the locket can be pressed and anything written on the screen will be kept hidden away from prying eyes.

The iHeart Locket is being sold for $24.95(USD), while the app can be downloaded for free from the iTunes App Store.

[via C|NET]

If you’re still laughing at Google+, and at Google Glass, then it might be time to stop; Google has just shown that they’re its next route to digitally understanding everything about you, and it slipped that through in the guise of a simple photo gallery tool. Highlights is one of the few dozen new features Google+ gained as of I/O this past week, sifting through your auto-uploads and flagging up the best of them. Ostensibly it’s a bit of a gimmick, but make no mistake: Highlights is at the core of how Google will address the Brave New World of Wearables and the torrent of data that world will involve. And by the end of it, Google is going to know you and your experiences even better than you know them yourself.

Lifelogging isn’t new – Microsoft Research’s Gordon Bell, for instance, has been sporting a wearable camera and tracking his life digitally since the early-2000s – but its component parts are finally coalescing into something the mainstream could handle. Cheap camera technology – sufficiently power-frugal to run all day, but still with sufficiently high resolution and bracketed with sensor data like location – has met plentiful cloud storage to handle the masses of photos and video.

More importantly, the public interest in recording and sharing memorable moments has flourished over the past few years, with Facebook over-sharing going from an embarrassment to commonplace, and Twitter and Tumblr evolving into stream-of-consciousness. For better or for worse, an event or occasion isn’t quite real enough for us unless we’re telling somebody else about it, preferably with the photos to prove it.

Into that arrives Glass. It’s not the only wearable project, and in fact it’s not even trying to immediately document your every movement, conversation, and activity. Out of the box, Glass doesn’t actually work as a lifelogger, at least not automatically. However, it hasn’t taken long before Explorer Edition users have tweaked the wearable to grant it those perpetual-memory skills, though we need to wait for Google’s part of the puzzle before we see the true shift take place.

Kickstarter project Memoto, which raised over half a million dollars for its wearable lifelogging camera that fires off two frames a minute all day, every day, isn’t really a hardware challenge – though the startup might disagree with that somewhat, given the slight delays caused by squeezing power-efficient camera tech into a tiny little geek-pendant – but a software one. The issue isn’t one of taking photos, or of storing them: it’s of then organizing them in a way that’s anywhere near manageable for the wearer.

Think about your last set of holiday photos. You probably took many more than you did in the days of traditional film cameras. Maybe you synchronized them with iPhoto, or uploaded them to a Dropbox or Picasa gallery. Perhaps they went on Facebook, either sorted through or – more likely, maybe – simply dumped en-masse. How many times have you looked through them, or shown them to somebody else?

Now, imagine having a whole day’s worth of photos to deal with. We’ll be conservative and assume you’re sleeping for eight hours – lucky you – and maybe have a couple of hours “privacy” time during which you’re showering, getting changed, or otherwise not camera-ready. Fourteen hours when you could be wearing your Memoto, then, or some other camera: 840 minutes, or 1,680 individual photos. In the course of a week, you’ve snapped 11,760 shots.

“By the end of the year you’ve got over four million photos”

By the end of the year, you’ve got over four million of them. Sure, plenty of them will be of the same thing, or blurry because you were running across the road at the time, or too dark to make out details. Many, many of them will just be plain dull. But they’ll all be there, sitting in the cloud waiting to be looked at.

Nobody is going to sift through four million photos. And so the really clever thing the Memoto team is working on is the relevance processing all of those images are fed through. The exact details of the algorithm haven’t been confirmed – in fact it’s still something of a work-in-progress, and likely will be even when the first units start shipping out to Kickstarter backers – but it takes into account the location each image was taken at (there’s geotagging for each shot), the direction you’re facing, what interesting things are in the frame, and more.

That way, you get the best of both worlds, or at least in theory. “All photos are stored and organized for you,” Memoto promises. “None are deleted, but the best ones are more visible.”

As Memoto sees it, that all amounts to about thirty frames per day. Thirty potentially review-worthy shots out of more than sixteen-hundred. Now, there’s no way of knowing quite how well the system will actually operate, and we’re bound to miss out some gems and have out attention drawn to some duffers, but make no mistake: we need this layer of abstraction if lifelogging is to be more than just a boon for those selling hard-drives.

For a while, Google didn’t seem to have given managing the extra photos from wearables like Glass much consideration. In fact, the first evidence of photo sharing – automatically uploading to Google+, and being posted out with the generic #throughglass tag – was one of the more half-baked of the company’s implementations. That all changed, though, at I/O this week.

Google+ is the glue for Google’s ecosystem – what I call the “context ecosystem” – not least Glass; you may not want to use it as a social network, replacing or augmenting Facebook and Twitter, but if you want Google services or hardware you’re going to end up a Google+ user on some level. The new Highlights feature in Google+ is the key to unlocking Glass’ usefulness as a lifelogger.

“The Highlights tab helps you find photos you’ll want to share by automatically curating the images you upload to Google+ photos” Google explained. “Highlights works by de-emphasizing duplicates, blurry images, and poor exposures while focusing on pictures with the people you care about, landmarks, and other positive attributes.”

For the moment, for most users, Highlights is a way of quickly cutting out duplicated shots. Take three or four pictures of your kids in the park, just to make sure they were all looking at the camera at the right time? Google+ Highlights will make sure you only see one, not all of the nearly-identical frames. No need to delete the others, just – as Gmail taught us with achive-not-delete email, a privilege of copious space and effective search – hide them from regular sight.

As the flow of photos into Google+ turns into a torrent, fueled not least by wearables, those vague “other positive attributes” Google mentions will become most important, however. Highlights is going to become not only a curator of your galleries, but of how you reminisce; how you look back on what you did, where you did it, and who you did it with.

Google can already identify buildings, and locations, and people. It knows who your friends are. Factor in Events, and the communal photo sharing feature, and that will help Google+ fill in even more of the gaps. If it knows you were with your best friend, and your best friend was in Paris at the time, and what a number of famous Parisian landmarks look like, it’ll be able to do a pretty good job at piecing together a curated “holiday memories” album that’s probably more detailed than your own recollection of the trip.

“The comfort levels reported at I/O show this is not just old- versus new-school”

If you’re clenching various parts of your anatomy over fears about privacy, you’re probably right to. Even with only about 2,000 Glass Explorer Edition headsets made, the degree of controversy over what the rights and responsibilities around having photos taken in public and in private are is already exponentially greater. Those at Google I/O this past week are undoubtedly a tech-savvy, open-minded bunch, but the range of comfort levels reported about being in the Glass gaze is a telling sign that there’s more to this than just old-school versus new-school.

The discussion is going to be broader than Google, of course – a Memoto camera is arguably more discrete, clipped to your coat or shirt, and it’s almost certainly not going to be the last wearable camera – but how the companies involved process the data created is likely to be the biggest factor, and Google has a track-record of giving privacy advocates sleepless nights.

If Glass – and wearables along with lifelogging in general – is to succeed, however, this is a discussion that will have to be settled. We’re not talking about “how okay” it is for your email account to talk to your calendar account. If the EU decides there should be a clear division between those in the name of user privacy, then you might have to manually create appointments based on email conversations; if the huge and inevitable rush of photos and video that wearables will facilitate aren’t addressed, then Glass and its ilk will stumble and fail. Our new digital brain needs permission to work its magic, but we’re still in the early days of seeing just how magical that might be.

Google+ and Glass just got the upgrade for lifelogging everything is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Those of you familiar with the Nissan Leaf will know about its Carwings system, which lets you check the vehicle’s charge, turn on the AC, rate your driving efficiency against others and even read RSS feeds out loud — all over an always-on cellular data connection. In fact, the RSS functionality raised some privacy concerns when it was discovered that Carwings embeds location and other data in the URL it sends to public servers (something that can thankfully be disabled by the owner). Nissan announced today that it plans to make telemetry data from the Leaf available to third-party developers for a fee — with the owner’s consent, of course. The company already uses telemetry data for vehicle maintenance and products like Carwings, but it hopes to broaden the ecosystem with apps. Examples include smart-grid integration (supplying power to a building for a reduced parking fee) and location-based services (real-time coupons as you drive by restaurants). It’ll be interesting to see if there’s enough interest from both developers and Leaf owners for Nissan to successfully monetize this idea.

Filed under: Transportation

Comments

Source: Nikkei (subscription required)