Hasta La Gadget!

We had a feeling that Square wouldn’t let VeriFone call it out without issuing some sort of statement, and CEO Jack Dorsey has responded to the claims of a gaping security hole in the form of an open letter on the company’s website. Dorsey calls its competitor’s accusations “not fair or accurate” and says that many of the necessary security measures are already built-in to your credit card itself. He also points out that this sort of credit card number thievery is possible every time you hand your plastic over to a waiter or salesperson, and that its partner bank, JPMorgan Chase, stands behinds all aspects of the service. To us, it seems like Verifone is more than a little scared at the prospect of Square undercutting its fees and potentially upending the POS business — but we’re just theorizing. One thing is for sure though, we’ll be hearing a lot more about this as the mobile payment war heats up in the future.

Square’s Jack Dorsey calls VeriFone’s vulnerability claims ‘not fair or accurate’ originally appeared on Engadget on Thu, 10 Mar 2011 14:07:00 EDT. Please see our terms for use of feeds.

Permalink Electronista  |  Square  | Email this | Comments

Next time you forget the combination to your locker, you might turn to a team of students at Olin College of Engineering. Instead of using the brute-force method of hammer and cold-chisel preferred by tough-guys such as me, they opted to be egg-heads, and built a robot that will solve any Masterlock combination un under two hours.

If you know one or more of the numbers in your combination, the robot will crack the code much quicker. Quick enough for you to open “your” locker, grab whatever you came for, and get out, undetected.

The robot consists of a clamp, which hold the lock in place using a thumb-screw, and a puller, a solenoid-controlled grabber which yanks the loop of the lock to try to open it, and a stepper-motor which actually turns the knob and dials in the combinations.

Once the lock is in place, you fire up the companion software called LockCracker. You input the numbers you know, hit start, then go out behind the bike-shed to smoke an illicit cigarette. The software — written in Python — runs through all possible combinations in turn, trying the lock each time (so it really does use brute-force after all). Eventually, it will pop, and you’re in. It will even tell you the combination so you can do it yourself next time.

Like any powerful invention, the LockCracker can be used for good or evil. Or just demonstrations. Seeing as you would have to drag a computer, workbench and the robot itself into the locker room, this may be a little unwieldy for your criminal capers. Perhaps that hammer and chisel will be useful after all?

The LockCracker [Olin. Thanks, Jessica!]

See Also:

• Theft Proof Bike: A Conceptual Red Rag To a Bull
• Lock Pick Business Card
• Kwik-Pick Now Opens Doors for $20

When 21 rogue apps started siphoning off identifying information from Android phones and installing security holes, Google yanked the lot from Android Market, and called the authorities to boot. But what of the 50,000 copies already downloaded by unwitting users? That’s what Google’s dealing with this week, by utilizing Android’s remote kill switch to delete them over the air. But that’s not all, because this time the company isn’t just removing offending packages, but also installing new code. The “Android Market Security Tool March 2011” will be remotely added to affected handsets to undo the exploit and keep it from sending your data out, as well as make you wonder just how much remote control Google has over our phones. Yes, we welcome our new Search Engine overlords and all that, so long as they’ve got our best interests at heart, but there’s a certain irony in Google removing a backdoor exploit by using a backdoor exploit of its own — even one that (in this case) will email you to report what it’s done.

Google flips Android kill switch, destroys a batch of malicious apps originally appeared on Engadget on Sun, 06 Mar 2011 13:19:00 EDT. Please see our terms for use of feeds.

Permalink Phone Scoop  |  Google Mobile Blog  | Email this | Comments

[photo by Flickr user gillyberlin]

Finally, it looks like someone has managed to pick the perfect hardware upgrade for all the embattled hedge-fund managers out there. Researchers have found that garbage collection methods on SSDs can often make data completely unrecoverable using available forensics techniques. According to an article published by Macworld, garbage collection purged all but a small percentage of 316,666 test files placed on the hard drive by researchers only three minutes after they were deleted. In a standard spinning drive, all of these files were recoverable.

Even after connecting a write blocker, a device designed to stop a hard drive from purging or writing over files, almost 20 percent of the contents of the drive were unrecoverable. According to the article, this is the first time write blockers have been ineffective in preserving the disk for future analysis.

Forensics experts are worried about the potential impact this has for investigating crimes, especially when the growing capacity of USB sticks and other solid-state media may one day lead to similar garbage collection being implemented there. Add that to the fact that it’s difficult or impossible to tell if this data wiping is done intentionally as a way to cover up evidence or if the average user just wanted more space for their Blu-Ray rip of Inception, and you’ve got a bunch of very nervous security professionals.

[via Macworld]

Joining AT&T and Verizon in offering some software-based data security for owners of its handsets, Sprint is today introducing its Total Equipment Protection app. Funnily enough, it uses the same Asurion software as the aforementioned other carriers, which would be why its functionality mirrors them so closely. With the TEP app, you’ll be able to track your phone via a web interface, force it to sound an alarm even if muted, lock it, and finally wipe your contacts (which can later be restored once you get your handset back). The app itself, compatible with Android and BlackBerry devices, is free, however you’ll need to be signed up to Sprint’s Total Equipment Protection program, which costs $7 a month. You’ll find more details in the press release after the break.

Continue reading Sprint’s Total Equipment Protection app searches out lost Androids and BlackBerrys

Sprint’s Total Equipment Protection app searches out lost Androids and BlackBerrys originally appeared on Engadget on Mon, 28 Feb 2011 09:03:00 EDT. Please see our terms for use of feeds.

Permalink   |  Sprint.com/protection  | Email this | Comments