LG and Google rumored to produce a third Nexus smartphone.
Don’t look now, but the Nexus smartphone rumor mill is churning yet again.
According to a recent Gizmodo Germany (translate) report, Google has tasked LG once again with designing the next-gen Nexus handset.
Details, as is to be expected, are sparse: Allegedly, the device will be a “lightweight” version of the LG G2. Specific hardware that a phone like this might use is anyone’s guess. For what it’s worth, rumors point to a Quad HD (1,440×2,560 pixels) display, a 64-bit processor, and a 16-megapixel rear camera.
Google and LG have become quite cozy over the last few years, resulting in the Nexus 4, Nexus 5, and a Google Play Edition LG G Pad 8.3. Based on this history, and factoring in the new report, it sounds as if LG is the front-runner for the next Nexus.
As to when we’ll actually see this new device is yet another mystery. Google’s Sundar Pichai was recently quoted (translate) as saying the so-called Nexus 6 would not arrive before the third quarter. Keep in mind that the annual Google I/O conference takes place in late June this year. Maybe we’ll see the Nexus handset shown off at this developer conference with promises of availability in the ensuing weeks.
Atari was right! This screenshot from the video game maker’s online version of Asteroids illustrates the way the space rocks break up into smaller and smaller pieces, as recently witnessed by astronomers.
Remember the old Atari Asteroids game and how the space rocks would split into smaller and smaller pieces as your little arrowhead-shaped ship shot tiny balls of light at them? Well, astronomers at UCLA have just seen, for the first time ever they say, that asteroids really do break up that way.
The discovery was made possible by data derived from a team of telescopes. It began when a fuzzy, strange-looking shape was spotted in the skies by the Catalina telescope array, located both outside of Tucson, Ariz., and in Australia, and a Pan-Starrs telescope atop Mount Haleakala on Hawaii’s island of Maui. Astronomers then used the Keck telescopes on the Hawaii Mauna Kea volcano, where they believed they saw three bodies moving together in a cloud of dust that measured roughly the same diameter as that of of Earth.
This series of images from the Hubble Space Telescope shows an asteroid coming apart, likely from forces applied to it by sunlight. (Click to enlarge.)
“The Keck telescope showed us that this asteroid was worth looking at with Hubble,” according to David Jewitt, a professor in the UCLA Department of Earth, Planetary and Space Sciences and the UCLA Department of Physics and Astronomy who led the investigation. So the astronomers aimed the mighty space telescope at the debris and discovered that the dust cloud contained 10 different mini asteroids, with the largest fragments measuring about twice the size of a football field.
The observations, which were published online Thursday in Astrophysical Journal Letters, postulate that the asteroid began coming apart early last year, but that it continues to disintegrate even now.
As we all know, there are no arrowhead-shaped ships in the asteroid belt shooting at these big space rocks, so just how did the asteroid (known as P/2013 R3) begin breaking up?
The researchers ruled out collision with another asteroid because that would have been spectacularly violent and would have instantly smashed the rocks to bits. They also eliminated the idea that interior ice turned to steam and blew the asteroid apart as, according to Jewitt, P/2013 R3 has kept a cool approximate 300-million-mile distance from the sun pretty much since the solar system was born.
But that’s not to say the sun didn’t play a role.
Jewitt postulates that the asteroid is breaking apart due to something called “YORP torque.” “Light is made of photons and photons carry momentum. Not very much, but a finite amount,” he told Crave. “When an asteroid radiates away the heat it receives from the sun, it tends to do so asymmetrically… because the day-side is hot and radiates much more heat than the cold night-side. This results in a net reaction force on the asteroid just like throwing a sack of coal forwards would tend to knock you backwards.” It’s this force that caused P/2013 R3 to fail.
Like many things in the vastness of outer space, Jewitt says the YORP torque process took a very long time to take hold. “Because photon momentum is very weak,” he said, “the time taken to spin up an asteroid is very long. For R3, the time is probably 100,000 or even a million years — it’s actually impossible to calculate without knowing the exact size and shape and surface nature of the asteroid. But that is short compared to the age of the solar system, so YORP can still be effective.”
I kind of think NASA should put out a new video game called YORP where you spin asteroids to death. But I want part of the royalties.Read More
I knew remarkably little about him when we first met. Alex is not his real name — it’s a pseudonym to protect his identity. But everything else about him is very real. He travels to our New York newsroom and our San Francisco office from his home near Charlotte, N.C., where he lives with his family.
Alex is one of a growing population of “privacy ambivalent” users. He keeps his Social Security number close to his chest, and rarely gives out his personal e-mail address unless he has to. But he isn’t clued up on the latest Facebook privacy options, and doesn’t particularly mind who reads his tweets.
Because Alex is — like myself — a British expat, he and I chat now and then about the differences between life in the UK and here in the US. Last month, we fell into conversation about the “backward approach” of online banking security in America.
Both of our US banks require an alarmingly vague offering of details to access our bank accounts over the phone, such as our home addresses, our dates of birth, and now and then the last four digits of our Social Security numbers. In contrast, British banks rarely ask for anything less than username, password, three-digit, variable drop-down boxes of codes, memorable names, iris scans, fingerprints, the exact weight of your first-born child, and the name of your dog that you always forget even though he was your “best friend” growing up in the suburban bliss of outer London.
Court rules cell phone upskirt pics are legal
FreedomPop’s ‘Snowden phone’ encrypts your calls and data
Daughter’s Facebook foghorn blows dad’s $80,000
Yahoo, ICQ chats still vulnerable to government snoops
British spy agency stored Yahoo Webcam images, report says
Sharing personal anecdotes of how lax US banks appear to be with our life savings compared to British banks left us both a little shaken.
He asked me: “Wouldn’t it be interesting to see how much information there was on me out there? Like, what you can find out from the Internet and try to get on the phone with my bank?”
Yes, Alex. Yes, it would.
Based on just his name and his employer, would that be enough to steal his identity and take over his life?
The bet was laid and the plan we formulated was simple enough: to gather enough intelligence about Alex to convince his call center operator at his bank that I was him. Like something out of a “Mission: Impossible” film, I would have to bypass the automated phone system, steer through the security questions, and — armed with a fictional and empathy-driven sob story — socially engineer my way into his bank account.
And then, out of nowhere and in a chilling moment of awkwardness, I forgot his surname — despite the fact we’d met before and shared a pint in the pub over the road.
I was mortified.
But, being British and all, one doesn’t beat about the bush. On the verge of asking him, I stumbled over my words — I admitted I didn’t know, but also didn’t want to know — stopping him as he was about to mutter, “Oh, it’s…”
In just half an hour, I walked back into his office and read out a five-digit number.
“That’s my house number… How the f**k did you get that?”
Because the less I knew, the better.
I took him up on his offer, and we agreed on a strict set of rules.
For one, I would be acting the “civilian” hacker, rather than a journalist. (Journalists often have access to paid-for accounts that would churn out public records and other data.) Because of this, I was not allowed to use CBS’ internal tools to find out any information on him, or strap down and waterboard our human resources director into handing over information.
The hacker’s toolbox I had nothing but the Web to use as my hacker’s toolbox.
In as little as half-an-hour later, I walked back into his office and announced a five-digit number that made Alex’s smile loosen and his jaw drop.
“That’s my house number,” he said. His face was mixed with shock, terror, and awe. “How the f**k did you get that?”
One single innocuous tweet sent more than a year ago let him down.
I sat down at my desk after our bet first began and immediately turned to Google. No matter which social network you use, Google is a better engine for finding keywords — even keywords within those social networks. I knew his first name, and I knew the company he worked for. I bashed in “Alex” and “CBS Interactive,” the owner of ZDNet and CNET, and behold, his LinkedIn page (and surname) landed at the top of the list.
His LinkedIn account confirmed his full name, his position, and his employer. I found his Twitter account on his LinkedIn profile, but the other top three Google search results also churned out his handle.
Surely there were Github or browser scripts that could have scraped his entire Twitter account, which confirmed in his profile that he lived in Charlotte, N.C., along with more than 1,500 tweets and the occasional uploaded photo. But instead, I took the raw viewing approach, by scrolling down to his very first tweet and began to search through the stream. It was quick and lazy, but easily searchable within my browser
What I was ultimately after were possible or even specific security questions that a bank might ask for. Armed with those, I could — in theory — take over almost every aspect of his life.”
There were a few scatterings of location-based tweets. Some from New York, some from San Francisco, and a few others from places where we have offices around the world. A few search terms later, I found one single search term reference to “NC,” or North Carolina. From just one tweet buried in the midst of innocuous tweets, a new tab opened and Google Maps pinpointed his suburban home address — at least, so I assumed — with ground-level Street View imagery on demand.
I was even able to tell him what color his front door was. He slumped back in his chair, clearly taken back.
But I didn’t stop there. He authorized me to look further.
What I was ultimately after were possible or even specific security questions that a bank might ask for. Armed with those, I could — in theory — take over almost every aspect of his life.
Uncovering personal data Public records showed how much he paid for his home and when. This gave me the very first personal data reference, which could be a PIN code or security question that I may use later. There were also North Carolina public records, which churned out tax receipts and other information that pointed me to his wife’s name, who we shall call Sarah.
The amount of information available from their mercilessly open Facebook pages was nothing short a hacker’s dream. From photos, status updates, the “about” page, and other check-in and location data, I was able to determine intimate details of his family — his child’s name and date-of-birth, and the anniversary of his marriage to Sarah — which I saw as the second, third, and fourth personal data references.
I was a little sickened with how much data I had collected on this man’s life and family by this point. I was already bordering on what felt like the side of unethical behavior — the fact he had authorized me to keep going was the only thing that encouraged me to continue.
A few more further keyword searches yielded Alex’s birthday, a date in mid-June, from a written confirmation from one of his tweets — something he likely thought nothing about at the time. I could guess his age, but it wasn’t enough for a fifth data reference that could be used as a security question or code.
Facebook would once again hold the answer, or at least part of it. What came next took logic and variable plugging.
I knew his personal username from his Facebook account URL, but the hacker in me — admittedly with the restraint of a saint — could have garnered even more personal and sensitive information if I were to access his personal e-mail account without his authorization. At least, that was the assumption I was going with.
By opening an incognito window, removing my own cookies and Facebook account from the equation, I plugged his information into the site’s password reset facility.
Thrown back at me was: a*****9@g*********.com.
I tested with my own account. Facebook masks the exact number of characters from any e-mail addresses provided. It took a smidge common sense guess to identify he had a legacy Gmail account with a @googlemail.com address. The next step in determining his e-mail address would not be easy, and would take multiple attempts and plugging in possible variables, but Facebook’s password reset facility would be enough to fill in the blanks based on at least two hours’ worth of guesswork.
Read: Change your Facebook privacy settings with a click
With the first and last character — the first being the letter “A” and the latter being a number — I assumed it was his full first name, with space for the first letter of his surname, perhaps, the last two digits of his year of birth.
After about three hours, I plugged in multiple combinations, unmasked the asterisks, and on my screen was his Facebook account. And yes, as I suspected, 1979 was his birth year. I now had his full date-of-birth, which tied in with the rough timing of his academic history from his LinkedIn account.
Armed with his full personal e-mail address, I next hit Gmail’s password reset facility. Although Google’s security and validation system for inaccessible e-mail accounts is better than most e-mail providers, Alex’s own security questions let him down. Often the weakest link in the security chain is the person in question.
I was already walking on thin ice. Though I had uncovered his security question, I refrained from attempting to answer it. Suffice to say, I probably could have.
By this point, I had already discovered at least five pieces of data that could be used as a security answer or code with his bank. But in order to get access to his checking or savings account, I would almost certainly require his Social Security number. Many banks require a full bank account, or credit or debit card number. Accessing his physical cards would be nigh on impossible. When no card details are given, a Social Security number is almost always used as a fallback.
But how would I get his Social Security number? Two hours of searching some of the Web’s darker hacker forums was leading me nowhere.
Alex is a British expat, likely in the country on a visa or a green card. When he married Sarah, a US citizen based on her Facebook profile, it’s possible that he had obtained permanent legal residency through a marriage-acquired green card. But, that was based on assumptions. Even if he submitted a green card application at the time he was married, would he have even received it by now? I was guessing, and going down this path of thinking likely wouldn’t yield any definitive answers.
I needed his Social Security number, but my options were fading fast.
Hours later, my eyes lit up. What is one of the first things you get if you relocate to a foreign country? A cell service plan.
Most cell service providers — AT&T, Verizon, and Sprint, among others — require you to present certain forms of identification, often including a Social Security number, before you can sign up.
In theory, the next challenge seemed easy enough. In reality, I would rely on sheer luck.
If I could find his cell phone number, and if he used a cell provider that required a Social Security number, I could then, in theory, acquire at least a few of those golden government digits from his cell provider through similar social engineering techniques I would reserve for his bank.
It turned out that sooner rather than later, I would have to use those very techniques directly on my target.
How exactly would I get his phone number? By asking for it — directly or indirectly — by sending him an e-mail asking for it. Knowing his work and what he does for a living, I would need to throw out the “phishing” line by pretending to be a potential client. And for the purposes of this exercise, I would want to talk to him on the phone about it.
Though I already had his personal Gmail account, I needed to send him a note through his work e-mail. I already had knowledge of his work’s e-mail address naming scheme, but after a few searches it was clear that it was, like many organizations, it followed the “firstname” dot “lastname” at the company’s domain scheme.
In a matter of minutes, I created a full-name personal e-mail address with Gmail, and, with knowledge of his work and expertise, carefully crafted an e-mail that would not only get his attention, but also surely warrant a reply.
Hi Alex. We’re a B2B startup based in Mountain View, and we’re looking to advertise. I’m traveling for the next couple of days, could you email me back letting me know how might be the best approach going forward? –John
I sent the e-mail, and waited. The next day, he replied. Behold, in his e-mail signature, was his cell phone number. I didn’t need to continue the thread any further. I plugged the phone number into a popular cell provider lookup Web site. His cell phone provider was Verizon.
I was unthinkably close to acquiring the golden goose: at very least the final 4-digits of his US government-issued identifier, or at most the full 9-digit figure.
And that’s where I stopped.
Going too far? I geared back into “journalism mode,” and set up a call with Alex to discuss my findings. Every shred of my being wanted to fight until the bitter end and see how far I could go. The thirst for this data reached such levels that I was uncomfortable in how I was acting. There was a line in the sand though that I would not cross. I would not impersonate him without him being physically there in our New York office — a place he rarely visited.
How I would have loved to have told you how I stood in his office with his phone on speaker, with him watching over me as I read aloud his personal and sensitive data, playfully chatting with a call center operator at his bank, joking along and chuckling about how my wife had “spent a bit too much on the kids again,” and wanting to review my current checking account balance.
Alas, that call I had longed to make for days never came to fruition.
We discussed my findings at length. I explained that going any further would be unethical, and possibly illegal. Enough was enough, and my point was made.
I knew more about Alex than most of our other colleagues’ did. I had his home address, date of birth, the date of his wedding anniversary, and his child’s date of birth — all of which may have served as security answers to his various real-world accounts. I also had his personal and work e-mail address, his cell phone number, his employment status and history, and even a good guess at his immigration status.
We agreed that this was a good time to stop.
All that from a workplace wager and a single, innocuous tweet? It wasn’t bad for just shy of two days of work.”
The information I had would have, as it turns out, been enough to socially engineer my way through to the Verizon customer call center. Whether or not the operator would have divulged his Social Security number to someone they thought was in fact him, we will never know. But if that were the case, there would have been a strong possibility that I could have, with that 9-digit number, accessed his bank account.
But all that from a workplace wager and a single, innocuous tweet? It wasn’t bad for just shy of two days of work.
Because the information I collected on Alex was so sensitive, it was inputted and stored on a locked-down computer. It was disconnected from the network and required a complex alphanumeric password to unlock it. That data was encrypted in a document that was also protected with a different, strong alphanumeric password. The information was subsequently obliterated with an erase tool once it was no longer needed.
Alex is not a chief executive, a rock star or a celebrity, or a government employee with access to state secrets. This was an authorized “vendetta.” This was personal. I wanted to break into his life and crack it open to see what I could find. It’s atypical from a black hat hacker who might scrape out personal information from a hack or data breach in order to siphon off money.
In that respect, it wasn’t the average intelligence gathering exercise.
But it threw him off his privacy pedestal. And the results certainly put chills up and down my spine.
This story originally appeared as “How this one innocuous tweet could hack a bank account” on ZDNet.
Feelings, nothing more than feelings.
If you happen to believe that Google Glass is a fine idea in search of a use, I have finally found one for you.
For a wise and forward-thinking company called Emotient has created a
Google Glass app that tells you how other people are feeling.
One of the characteristics of many Google Glass Explorers is that they seem not to care a whit what others might feel.
They become disoriented when, say, asked to leave a restaurant for refusing to remove their goggles.
How thoughtful, then, of Emotient to release its “Sentiment Analysis” prototype app.
Actually, it’s not quite so thoughtful. Emotient seems to have corporations in my mind, rather than people. (Yes, I know corporations are people too, but they generally don’t have feelings.)
In a press release, Emotient’s CEO Ken Denman expressed himself like this: “It’s a breakthrough technology that allows companies to aggregate customer sentiment by processing facial expressions anonymously. We believe there is broad applicability for this service to improve the customer experience, particularly in retail.”
More Technically Incorrect
Court rules cell phone upskirt pics are legal
Judge: We can’t have kids suing parents for an iPhone or Xbox
Winklevii buy Galactic tickets with bitcoin (because pioneers!)
Artist seeks crowdfunding for normal-looking Barbie
11 percent of Americans think HTML is an STD, study says
The software allegedly processes the finest elements of people’s faces and deduces what they’re really saying.
You’ll be wondering whether this fine software records you secretly and keeps your image on file. Allegedly not. The idea is merely to produce some kind of aggregate emotion.
Yes, your store might be under-performing because everyone who walks in there immediately feels angry and miserable. So paint the walls bright purple!
Still, how much more helpful this software would be if individual Google Glassers could gauge the sentiment of those around them.
Human misinterpretation is reaching epidemic, dangerous levels. No one understands anyone else, least of all Google Glassers.
Please imagine how society would benefit if a Glasser walked into a bar and realized: “Oh, these people are angry. These people are disgusted. Ergo, these people think I’m a Glasshole.”
Federal Reserve chief Janet Yellen.
(Credit: BRENDAN SMIALOWSKI/AFP/Getty Images)
If Bitcoin owners were hoping for regulatory help from the Federal Reserve, Chair Janet Yellen disabused that notion in testimony before Congress on Thursday.
“To the best of my knowledge there’s no intersection at all in any way between Bitcoin and banks that the Federal Reserve has the ability to supervise and regulate,” Yellen said. “So the Federal Reserve simply does not have authority to supervise or regulate Bitcoin in any way.”
The last week has been one of the most tumultuous in Bitcoin’s brief history with the seeming disappearance of one of the major Bitcoin exchanges, Mt. Gox, which acknowledged a major theft that it described as a “tragic violation of the trust of users of Mt. Gox.”
On Wednesday, Sen. Joe Machin (D-W.Va.) called on the US government to issue an outright Bitcoin ban, characterizing the virtual currency as encouraging “illicit activity” as well as being “highly unstable and disruptive to our economy.”
Separately, the Manhattan District Attorney’s office reportedly sent subpoenas to Mt. Gox and other Bitcoin exchanges and businesses that deal in the virtual currency. The investigation is said to be focused on the recent distributed denial-of-service attacks that forced Mt. Gox and other exchanges to suspend withdrawals.
But while keeping out of the political scrum over Bitcoin, Yellen noted that “it certainly would be appropriate I think for Congress to ask questions to what the right legal structure would be.”
Yellen didn’t offer an policy prescriptions, however, adding that “it’s not so easy to regulate Bitcoin because there is no central issuer or network operator to regulate.”