Wednesday, February 19, 2020
Get Adobe Flash player

LG’s official site has just spilled a few extra tidbits about the G Watch, which is due out in the summer and will be based on Google’s Android Wear platform. For a start, there’ll be two color options: “stealth black” or “champagne gold,” both with plain rubbery straps and slab-like faces that are meant to look “timeless.” Fortunately, though, the G Watch will have the time written all over it during actual use, because LG is promising that the screen will never go to sleep — unlike Samsung’s Gear 2, where you have to wake up the display with a movement of your arm. One last important detail is a confirmation that the device will be water- and dust-resistant — something that, strangely, still can’t be taken for granted in the smartwatch market.

Google’s future phone: The modular Project Ara

Posted by Rattana_S On April - 21 - 2014 ADD COMMENTS

(CNN) — Google is jumping into its next futuristic hardware project. This time it’s a modular smartphone dubbed Project Ara that can be customized by swapping out individual pieces, such as the battery and the camera.

The company previewed the very early-stage project at a developer event in Santa Clara, California, this week. Google said the first version of the phone will likely be available in early 2015. Though the company didn’t mention a sale price, it said the devices would cost anywhere from $50 to $500 to manufacture, depending on the model.

The phone will come in three sizes, ranging from mini to “phablet,” and it will run on a future version of the Android mobile operating system. A frame called the Endo will hold the interchangeable components together with magnets.

The idea is to allow smartphone owners to customize and update their phones on their own — say, popping out an old battery or broken display for a new version, and thereby creating a device that lasts longer than current smartphones.

Because the Ara project is open-source, the fun will be adding third-party modules or even printing your own with a 3D printer. Instead of relying on a single hardware manufacturer, people could shop around and add unusual elements made by startups, cameras produced by camera companies, or custom hardware for highly specialized work phones.

The modules will be sold much like apps are now, through a custom Google online store and possibly even physical pop-up stores.

An Ara device could be used for five to six years. That lengthy lifespan (for a smartphone) could cut down on electronic waste and shake up the planned obsolescence that seems common with current mobile gadgets.

Instead of dropping a still-working Galaxy S4 for the S5, you could just upgrade the parts you care about, like adding a fingerprint sensor or a better camera.

Project Ara is the brainchild of Google’s Advanced Technology and Projects group (ATAP). When Google bought Motorola’s mobile division for $2.9 billion, it also picked up ATAP, its experimental lab where employees work on futuristic projects. Google is already selling Motorola Mobility to Lenovo, but it’s hanging on to ATAP and its leader, former DARPA director Regina Dugan.

What is Heartbleed, anyway?

Posted by Nuttapon_S On April - 13 - 2014 ADD COMMENTS

If you’re an IT professional, gadget blogger or token geek in your circle of friends, chances are, you’ve been hounded relentlessly over the past couple of days about “this Heartbleed thing.”

“Do I need to update my antivirus?”

“Can I login to my bank account now?”

Google already fixed it, right?”

We’ve heard them all, but the answers aren’t all that clear or simple. In an attempt to take the pressure off — it is the weekend after all — we’ve put together a primer that should answer all of those questions and a few more. Next time someone asks you about that “Heartbleed thing,” just shoot them our direction.


The problem affects a piece of software called OpenSSL, used for security on popular web servers. With OpenSSL, websites can provide encrypted information to visitors, so the data transferred (including usernames, passwords, and cookies) cannot be seen by others while it goes from your computer to the website.

OpenSSL is an open source project, meaning it was developed by really talented volunteers, free of charge, to help the internet community. It happens that version 1.0.1 of OpenSSL, released on April 19, 2012, has a little bug (a mistake introduced by a programmer) that allows for a person (including a malicious hacker) to retrieve information on the memory of the web server without leaving a trace. This honest mistake was introduced with a new feature implemented by Dr. Robin Seggelmann, a German programmer who often contributes security code.

Heartbleed exploits a built-in feature of OpenSSL called heartbeat.

Heartbleed exploits a built-in feature of OpenSSL called heartbeat. When your computer accesses a website, the website will respond back to let your computer know that it is active and listening for your requests: this is the heartbeat. This call and response is done by exchanging data. Normally when your computer makes a request, the heartbeat will only send back the amount of data your computer sent. However, this is not the case for servers currently affected by the bug. The hacker is able to make a request to the server and request data from the servers memory beyond the total data of the initial request, up to 65,536 bytes.

The data that lives beyond this request “may contain data left behind from other parts of OpenSSL” according to CloudFlare. What’s stored in that extra memory space is completely dependent on the platform. As more computers access the server, the memory at the top is recycled. This means that previous requests may still reside in the memory block the hacker requests back from the server. Just what might be in those bits of data? Login credentials, cookies and other data that may be exploitable by hackers.


Because this feature is so specific, the number of servers actually affected is significantly fewer than many thought originally. In fact, while some estimates mentioned that 60% of all Internet servers had the Heartbleed bug, Netcraft says the number should be much lower, and under 17.5% (well, that’s still a lot of servers, but still less than 60).

After the discovery of the bug, the OpenSSL software was rapidly patched, and as of version 1.0.1.g the problem no longer exists. Even before that, if the OpenSSL software was installed without the heartbeat extension, the server never would have been vulnerable.

If you need the TL;DR, here it is: do not panic.

Now, the important question is if you should worry about this problem? The short answer is: “yes, but don’t panic”. You should definitely change your passwords at least for the services confirmed as vulnerable and have now been fixed, such as Google and Yahoo. But you should be changing your passwords regularly no matter what. If you have trouble remembering your passwords, you can always use a password manager such as LastPass or 1Password(remember: don’t ever write down your passwords on a Sticky note next to your monitor, a notepad, or a document inside the computer).

This password changing recommendation is nothing but a precaution, because even if hackers knew about the problem (something that hasn’t been confirmed –- aside from by our friends at the NSA, apparently), the chances of them getting your password, and being able to match up that data to your username are pretty slim. Some people claim that the encryption certificates for servers (a technology that allows us to confirm that a website is in fact what it says it is) could have been stolen, but the company CloudFlare has said it’s very difficult to do. It published a challenge to whoever could steal this key, and it appears that someone did, during a server reboot. Regardless of the probability, companies are changing encryption keys so new data is not vulnerable if somebody was able to obtain the old keys.


If you need the TL;DR, here it is: do not panic. Simply, change the passwords of the services you consider more important (email, banking, shopping) and continue with your life. While doing so, follow good security practices: don’t use the same password across services, select passwords with 10 or more characters and use at least upper and lower case letters, in addition to numbers.

The Internet sure is fun!

(CNN) — Gmail doesn’t cost any money to use, but it’s not free.

Google’s popular online e-mail service, which turns 10 Tuesday, may not charge for its Gmail accounts. But the company is still collecting payment in the form of massive amounts of personal information about the people who use it.

With an estimated 500-plus million users, Gmail has grown to dominate the Web-mail world. It has also repeatedly found itself in hot water over privacy. Gmail is facing multiple privacy lawsuits in the United States and Europe, some accusing the company of illegal wiretapping for scanning the content of e-mails.

Google reported $16.86 billion in revenues for the last quarter of 2013 alone. One way it makes money from Gmail is by automatically scanning and indexing messages and using the data it mines to show relevant ads to its users.

Users in the U.S.Users in the U.S.

“The basic premise of Gmail is, we’ll give you a robust e-mail service and in exchange we want to display ads alongside our e-mail and we’re scanning your e-mail to decide what ads are most relevant,” said Eric Goldman, a professor at the Santa Clara University School of Law.

Scanning and ads

Gmail looks for keywords that identify topics of discussion based on things such as frequency and context, then matches the e-mail up with related ads. A conversation thread about meeting up at a spinning class, for example, might trigger an ad for a weight-loss product.

Data gathered through e-mail scanning can also be used to create user profiles for future ad targeting.

What many consumers don’t consider is that companies such as Google can create a comprehensive profile of each user based on information from different products such as search, maps, e-mail and Google+, its social network.

“Nothing in life is free, and as a result it is important for people to understand what value they bring to a free service of any kind,” saidBehnam Dayanim, a partner at the law firm Paul Hastings LLP in Washington.

When people send and receive messages using a free e-mail service, they are sharing details about their interests, who their connections are and what their finances look like. That information might seem mundane on the surface, but when extracted and organized, it’s incredibly valuable to marketers and advertisers.

All the major e-mail providers, including Microsoft Outlook and Yahoo, benefit one way or another from offering a free service. The provider might serve up general or targeted ads, generate a user base for marketing other services, or just use the e-mail service to build brand recognition.

And while Gmail may have popularized it, targeted ads based on user data has become the primary business model for many tech companies. It’s how social media companies such as Facebook and search engines such as Bing make money as well as a huge number of apps that scrape contact and location information from users. It’s also led to a number of similar privacy lawsuits against other companies, including LinkedIn, Yahoo and Facebook.

Any company that collects personal information has to advise its customers what it is doing with their information and comply with any relevant privacy laws, Dayanim said. These are usually laid out in the lengthy terms and conditions and privacy policies that customers barely skim before hitting “agree.”

However, many of the details about how exactly Google’s program works have been kept confidential. And critics say the service doesn’t adequately disclose what it is doing with customers’ information.

Legal action

When Gmail made its debut in 2004, it was upfront about the fact that it would show contextual ads targeted to match the topic of e-mail threads. People still lined up to be accepted as early beta users of the service because it was slickly designed, included ample amounts of storage, and was excellent at filtering out spam. And it didn’t cost anything to sign up.

One problem is that not all the people affected have agreed to Google’s privacy policy. One group of plaintiffs in a recent class-action lawsuit were non-Gmail users who sent messages to Gmail accounts. Google responded that non-Gmail customers had no expectations of privacy when sending e-mails to people who did use the service.

Google has defended its e-mail scanning program by pointing out that it’s automated and handled by computers picking out keywords. Google’s employees aren’t personally reading through e-mails for the latest lovers’ spat.

Google also says the scans are necessary to cut down on malicious e-mails and spam, and for features such as Priority Inbox and the tabbed view that filters e-mails into different categories.

A federal judge dealt a blow to the case this month, ruling it couldn’t proceed as a class-action lawsuit because the different groups weren’t cohesive enough. A class-action lawsuit could have cost Google trillions of dollars in damages.

A changing landscape

When Gmail debuted in 2004, the rules for collecting user information were looser. But the privacy landscape has changed drastically over the past 10 years.

Several U.S. states have passed laws that restrict the use of personal information, the Federal Trade Commission has been more active pursuing privacy violations, and the industry has adopted best practices about what’s acceptable.

One thing that hasn’t changed is the federal law with the biggest impact on how and when companies can share data with third parties. The Electronics Communication Privacy Act is a dusty piece of legislation passed in 1986, long before the era of cloud-based e-mail. Many legislators and technology companies (including Google) have lobbied to have the law updated to reflect the times.

Meanwhile, consumers must increasingly weigh the value of using a free e-mail service such as Gmail against their personal privacy.