The Motorola VivaLnk Make Temporary Tattoo Can Unlock Your Phone

Motorola has teamed up with a company called VivaLnk to make a temporary tattoo that can unlock a smartphone, no PIN required. Slap it on your skin, hold your phone up to it, and bam — phone unlocked.

Who needs gestural passwords or face recognition when you can unlock your phone like a time-traveling space wizard?

So how does it work? It’s an ultra-thin NFC circuit, wrapped up in medical-grade 3M adhesive that won’t (or, at least, shouldn’t) freak out your skin.

A 10 pack of tattoos will set you back $10 bucks. Motorola says these things should stand up to swimming and other exercise and should last for up to five days — so that 10 pack would optimally last you a bit over a month and a half.

Before you go and order a pack, there’s one catch: these tattoos only work with the Motorola X right now (because nothing helps test a wacky niche product concept like severely limiting the potential customer base). If you’ve got any other Android phone, you’re stuck unlocking your phone manually like a chump.

Read full Article…

Google Apps Users Can Now Get End-to-End Email Encryption

Google on Thursday announced a new partnership that will bring full scale encryption to Google Apps.

Working with email data protection company Zix, Google has launched a new commercial product for Google Apps accounts dubbed Google Apps Message Encryption (GAME).

Although Google already supports secure, encrypted messages within its servers, email messages sent to other systems are not encrypted.

Organizations or users can use various workarounds to add PGP (public-key cryptography) to their messages, but those solutions are kludgy and not ideal for an organization with lots of users.

With GAME, Google and Zix are hoping to change that. GAME is available for $35 a year per user and allows Google Apps admins to configure encryption settings and routes from the Google Apps dashboard.

In a post-Snowden world, it's easy to think email encryption is primarily useful to keep prying eyes (such as the NSA) from intercepting messages. For regulated industries however, encrypted communications are an important part of doing business.

Many of Zix's customers are hospitals, banks and government organizations and its product for compliance with federal regulations such as HIPAA, Sarbanes-Oxley and PCI-DSSS.

This isn't the first time Google has offered a message encryption product for its enterprise customers. GAME is a successor to another Zix-powered product, Google Message Encryption (GME). GME was part of the Postini suite of tools for email and web security. Unlike GAME, however, GME was never directly integrated with Google Apps. Instead, Google Apps admins had to login to the Postini dashboard to set-up policies and rules.

Since 2012, Google has been in the process of transitioning its Postini services to the Google Apps platform. GAME is the result of that transition that works natively with the Google Apps.

For organizations that need to send end-to-end encrypted messages, having an option built directly into Google Apps is a great feature. With any luck, we might eventually see this option trickle-down to traditional Gmail users.

Read full Article…

Even Homeland Security Says Not to Use Internet Explorer

How scary is the latest Internet Explorer security vulnerability? Even the U.S. government says not to use IE until the browser is fixed.

The flaw, which affects Internet Explorer versions 6 and up, allows bad guys to gain complete access to a PC via a malicious website. Dubbed "Operation Clandestine Fox" by the security firm FireEye, the threat is real. And dangerous.

The U.S. Department of Homeland Security doesn't issue security alerts for computer software very often, but this time, it made an exception. Many agencies within the U.S. government use versions of IE.

Homeland Security recommends that users or administrators "enable Microsoft EMET where possible" and to "consider employing an alternative web browser until an official update is available."

That's good advice. Microsoft's next schedule "Patch Tuesday" isn't until May 13, although the company may push out an unscheduled update earlier. If you're using an unsupported version of Windows — like Windows XP — don't expect to get any updates.

For Windows XP users, the best course of action is to move to Google Chrome or Mozilla Firefox now.

Read full Article…

Microsoft Web Browser Security Bug Could Impact Millions of Users

Microsoft issued a security advisory on Saturday warning users of a vulnerability in its Internet Explorer web browser that could allow malicious "remote code execution."

The vulnerability affects all versions of the browser and, as of this writing, there is no patch available to fix the issue.

Revealing the vulnerability on its website, Microsoft stated:

The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

FireEye, the security firm taking credit for finding the vulnerability, posted a notice on its website alerting users to the issue. "Threat actors are actively using this exploit in an ongoing campaign which we have named 'Operation Clandestine Fox,'” reads the statement on FireEye's website.

Security firm Symantec issued its own alert regarding the issue, highlighting the fact that Windows XP users are particularly susceptible, stating, " especially XP users are not safe anymore and this is the first vulnerability that will be not patched for their system."

This last point is no small issue as Microsoft officially ended support for Windows XP earlier this month, which means no more security updates for the millions still using the operating system.

According to NetMarketshare, Internet Explorer accounts for roughly 58% of the world's desktop browsers.

At present, the safest option might be to use another browser until Microsoft issues a security patch.

For its part, Microsoft says that at the completion of its investigation it will "take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs."

Read full Article…

Google Starts Scanning All Android Apps For Malware

Google is taking new steps to ensure Android users are protected from malware and other harmful apps.

The company announced Thursday it is expanding its app verification service to monitor all the apps on users' devices — including those downloaded from the Google Play Store.

Previously, when the Verify Apps service was enabled, only apps from third-party app stores were scanned, and only upon installation. Now Verify Apps will check every app before it is installed — and will regularly check that all of a user's installed apps are "behaving in a safe manner."

"Because potentially harmful applications are very rare, most people will never see a warning or any other indication that they have this additional layer of protection," said Android security engineer Rich Cannings in a blog post. "But we do expect a small number of people to see warnings (which look similar to the existing Verify apps warnings) as a result of this new capability."

Google already has a system, codenamed "Bouncer," that analyzes each app uploaded to the Google Play Store for malware. But this service doesn't check apps from third-party stores or applications that have already been downloaded.

The Verify Apps setting, found under the security settings menu on most versions of Android, is enabled by default on Android smartphones and tablets.

IMAGE: GOOGLE

Read full Article…

Report: Android Malware Is Mining Bitcoin While You Recharge

Some Android users have noticed their phones and tablets are charging slowly and heating up quickly while plugged in. They actually may have a major issue on their hands.

A new strain of malware found in various popular apps is reportedly stealing digital currency, taxing the device's processor and battery while it charges, according to a researcher at antivirus firm Trend Micro. It's believed the malware has affected "thousands of devices."

The malware — called ANDROIDOS_KAGECOIN.HBT — has been detected in Android apps coming from the Google Play store, including Songs, Football Manager Handheld and TuneIn Radio.

"This malware uses a victim’s phone resources to 'mine' crytpocurrencies like Bitcoin," Christopher Budd, Trend Micro's threat communications manager, told. "In essence, the victim’s phone is put to work to make money for the attacker."

The malware could result in shorter battery life, increased wear and tear and lead to a shorter device lifespan. Budd said users should uninstall the affected apps immediately.

"This show that mobile is becoming as dangerous — if not more dangerous than the PC. Malware focused on cryptocurrency has been a problem on the PC-platform for some time and PC-based threats are now migrating to the mobile platform."

The apps were infected with CPU mining code from an Android cryptocurrency mining app. To hide the code, the cybercriminal modified the Google Mobile Ads portion of the app, the report said.

"Clever as the attack is, whoever carried it out may not have thought things through. Phones do not have sufficient performance to serve as effective miners," a Trend Micro researcher said in a blog post. "Users will also quickly notice the odd behavior of the miners — slow charging and excessively hot phones will all be seen, making the miner’s presence not particularly stealthy. Yes, they can gain money this way, but at a glacial pace."

Read full Article…

Kickstarter: We Were Hacked, User Information Exposed

Kickstarter, a leading crowdfunding site, revealed it was hacked last week. In a blog post published Saturday, Kickstarter said law-enforcement officials contacted the company Wednesday night, and alerted it to unauthorized access by hackers.

No credit-card data was stolen, but hackers did manage to access some user information, Kickstarter CEO Yancey Strickler wrote in the post.

"Accessed information included usernames, email addresses, mailing addresses, phone numbers and encrypted passwords," he wrote. "Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one."

Following the breach, Kickstarter is recommending that all users change their passwords.

In response to the hack, Strickler said Kickstarter has already taken steps to improve its security, and is currently "working closely with law enforcement" to prevent a similar incident in the future.

And while Kickstarter has certainly garnered good will with users over the years, some may question why the crowdfunding site waited nearly four days before informing them about the hack, and instructing them to change their password information.

"For everyone’s security, we wanted to be sure the breach was fully secured before notifying all of our customers," according to a company message.

A Kickstarter spokesperson did not immediately respond to a request for comment.

IMAGE: KICKSTARTER/FACEBOOK

Read full Article…

Miggo Camera Strap Protects Your Gear, Too, So You Don’t Need A Bulky Camera Bag

A new Kickstarter project takes a useful thing and makes it even more useful, by offering a strap that not only carries your DSLR but also protects it when not in use. It’s the perfect way to minimize your equipment when you’re out shooting on a trip and don’t need your full camera bag and gear, and it’s so deceptively simple, it’s a wonder it doesn’t already exist.

The Miggo strap is designed by Israel-based industrial designer Ohad Cohen, who was a founder of professional camera bag maker Kata, which remains one of the leading makers of bags for pros and hobbyists. Cohen was the first product designer at Kata, then later was in charge of R&D, so he knows a thing or two about creating camera gear.

Miggo is designed around the philosophy that while there’s plenty of interest in photography since the advent of smartphones, people avoid high-quality cameras and gear because of the convenience factor of using their mobile devices. To alleviate that, the Miggo combines a sling strap to secure your camera with a wrap that protects it when not in use. It also comes in a grip variety for those who prefer tying their camera to their wrist to prevent drops. Both versions quickly tie around both camera lens and body to provide a secure protective layer, which then allows you to chuck the camera into a shoulder bag or backpack along with all your other stuff, instead of having to use a segmented, padded camera bag designed specifically for protecting gear.

It has a tripod mount adapter built-in so you don’t have to remove it to take time-lapse or other stabilized shots, and there are versions for both standard DSLRs and smaller-bodies compact mirrorless interchangeable lens cameras, like Sony’s NEX series. Early backers can pre-order for $30 while supplies last, at which time it goes up to $35 for the Grip + Wrap or $40 for the Strap + Wrap.

Image: Kickstarter

Read full Article…

Blackphone Could Be the First NSA-Proof Phone

An upcoming smartphone called Blackphone aims to put privacy in your hands, protecting you from anyone wanting to snoop into your private data — even the NSA.

A Switzerland-based join venture between Silent Circle and Geeksphone, the project is backed by several important figures in the fields of computer security, including Phil Zimmermann, creator of data encryption protocol PGP (Pretty Good Privacy).

Blackphone is powered by a "security-oriented" Android build called PrivatOS. It's carrier- and vendor-independent, and enables users to make and receive secure phone calls and video chats, exchange secure texts as well as transfer and store files.

Exact specifications of the phone haven't been revealed, but Silent Circle CEO Mike Janke claims it'll be a "high-end" smartphone.

The No. 1 priority of Blackphone isn't its specs, however: It's protecting users' privacy, claims Zimmerman.

"Blackphone provides users with everything they need to ensure privacy and control of their communications, along with all the other high-end smartphone features they have come to expect," said Zimmermann.

The two companies behind the project make an interesting match. Silent Circle is a U.S.-based company focused on encryption; Geeksphone is a Spanish company behind Firefox OS developer devices.

Blackphone will be unveiled at the Mobile World Congress (MWC) in Barcelona on Feb. 24.

UPDATE, Jan. 15, 12:01 p.m. ET: Silent Circle's CEO Mike Janke told Mashable that the project will be "open source all the way," and confirmed that the Android OS build that the phone will run will be open source as well.

The company has been criticized before for not providing access to its products' source code in a timely fashion. The company has since published some of its source code on GitHub.

"It may take us a few months to put it all out there, but it will be," he said.

The company is withholding any other details on the project until the phone's launch at MWC.

Image: Blackphone

Read full Article…

Forget Fingerprints: EyeLock Myris Brings Eye Scanning to Devices

Fingerprint scanning is all the rage ever since Apple put it at everyone's fingertips in the iPhone 5S, but one company has an arguably better take on biometric security. EyeLock is a company that develops iris scanners for security checkpoints, and now it's putting that tech into a consumer device.

The myris is computer mouse-size device that scans your eye. You plug it into the USB port on your computer, tablet or some other device. Pick it up, flip it over, look at it, and the sensor will immediately scan your eye to verify your identity.

Why would you ever want to do that? Because your iris is the ultimate master password: While a fingerprint has a one in 10,000 chance of resulting in a false positive, according to EyeLock, with an iris it's more like one in 1.5 million. Verify with two eyes (not an option for Nick Fury or the Governor, we admit), and the chance of error goes down to one in 2.25 trillion.

"Iris, as a human part of the body, is second only to DNA in terms of its ability to authenticate someone with certainty," says Anthony Antolino, chief marketing officer for EyeLock. "No two people on the planet have the same iris texture. Not even identical twins."

Once your eye has been scanned and recorded, EyeLock's software acts as a password manager. When it's time to log in somewhere, you can just look at the scanner, and the software will use your iris to unlock the password of whatever service you're trying to access. The myris is compatible with Windows PCs, Macs and even Chromebooks. It supports up to five different users.

"You really have the ability to have a friction-free, touchless, very high secure, very high convenient method of protecting your identity," says Antolino. "The world we live in is a digital environment. We're reliant on these devices as vessels to everything that we do — our laptops, our smartphones, our tablets. And everything we do requires an authenticator."

Of course, things would be extremely bad if the tiny file that contains your iris scan ever fell into the wrong hands, but EyeLock says the system is designed to ensure that the files can't be used to "hack" a person's eye-dentity. Not only do the files never leave the device, but the scanners themselves simply aren't designed to receive data from a file rather than a live scan. So even if a hypothetical hacker got your scan, they couldn't do anything with it.

So what about the unthinkable hack — removing someone's eye and using it to impersonate them, à la Wesley Snipes in Demolition Man? That won't work either, Antolino says, since EyeLock's tech can immediately tell if the eye scanned is alive or dead, just as the iPhone's fingerprint scanner can tell a severed finger from a live one.

EyeLock plans to release myris later this year to both consumers and enterprise customers. No price has been set.

Image: EyeLock:Myris

Read full Article…