Wednesday, May 6, 2015

Samsung Gallaxy S6 Memory bugs aren't the only issues

Samsung Galaxy S6/S6 Edge bugs pile up

Memory bugs aren't the only issues plaguing Samsung's flagship smartphones. There are plenty of other fixes that need to make their way to the handset. However, until they are fixed, the handset is a bad bet for BYOD.

montjuic-0740.jpg
Image: Josh P. Miller
Memory bugs aren't the only issues plaguing Samsung's flagship smartphones. There are plenty of other fixes that need to make their way to the handset.Along with the memory bug, which causes background apps to be refreshed when they are switched back to because of the aggressive way the handset is managing RAM, there are other issues that affect connectivity and battery life.
The connectivity bugs are similar to the issues that plagued iOS 8 users, where Wi-Fi connectivity is slow and unstable. There are a number of reported workarounds, but just as with bugs that affected iOS, their success is limited and there are plenty of people for whom they don't work.
Then there are the battery issues. While some were predicting battery issues before the S6 and S6 Edge were launched - the battery is smaller than found in the S5, and on top of that it is not user-replaceable - things are worse than imagined. Some users have reported that the handset can't make it through a day without needing a recharge.
Again, there are spells and incantations that you can throw at your new handset, but again the success of these is hit and miss.
Bottom line, these issues - along with a raft of more minor bugs that affect the handsets - will need to wait for official fixes to be sent to the devices. These will come either in the form of official Android updates or patches coming direct from Samsung.
In the meantime, I recommend holding off on the S6 and S6 Edge, especially for BYOD. It's bleeding-edge tech and teething troubles are to be expected. It doesn't make sense to use a buggy device that could cost you or your business time and money.
 
Credit:-
Adrian Kingsley-Hughes

Thursday, April 30, 2015

Self-learning systems to replace humans in manufacturing

Self-learning systems to replace humans in manufacturing

Summary:New self-learning systems are bringing increased speed and efficiency to manufacturing processes. They may also reduce reliance on humans during ramp-up.

Robots are cracking eggs and making ice cream sundaes. These aren't just party tricks. The way robots learn to do complex tasks is changing, and that has profound implications for the future of manufacturing.
self-learning-robot-diagram.png
The egg-cracking robot comes courtesy of researchers at the University of Maryland and NICTA, an information and computer technology research center in Australia. Their robotic system learns processes by watching YouTube videos. "Our ultimate goal is to build a self-learning robot that is able to enrich its knowledge about fine grained manipulation actions by watching demo videos," writes the project's lead researchers. The robot utilizes object and grasping type recognition, along with a deep-learning framework that allows it to compile an ever-growing bank of skills and functions. It can recognize what a person is holding in a video, learns how they're holding it, and converts their actions into repeatable steps.

It's not difficult to see how systems like this might be utilized to improve automated manufacturing or bring new automation systems to areas of production that haven't seen much automation yet. An investment in a single robotic system capable of learning a variety of tasks without specialized programming would be attractive to small manufacturers that do short production runs, for example. A bot that can learn from watching other people could also fine tune its own actions through trial and error, essentially learning from its mistakes. That's what researchers at Lappeenranta University of Technology (LUT) in Finland had in mind when they developed a self-adjusting welding system. The welder uses sensors controlled by a neural network program to detect mistakes in the welding process and calculate other errors that are likely to arise. It fixes its own mistakes while learning how to avoid future slip-ups. In effect, the system gets better and more efficient on its own, without needing intervention and optimization from a technician.
welding-bot.jpg
LUT's self-learning welder
The LUT system was specifically developed for welding high strength steel, a material used in extreme conditions and one that's difficult to work with. "In the Arctic, welds must be of higher quality than in warmer regions," says Project Manager Markku Pirinen. "In the North, errors would have catastrophic consequences. For example, the welds must be able to withstand temperatures of up to -60 °C, and they must be flawless." Pirinen points out that the smart welding system will bring significant savings by eliminating the need for post-welding checks and repairs.
The potential for fully automated, self-learning, and self-aware manufacturing systems led a consortium of businesses and institutions led by the University of Nottingham to undertake the Fast Ramp-Up and Adaptive Manufacturing Environment (FRAME) project a few years back. "The aim of the FRAME project is a paradigm shift from the conventional human-­driven ramp-­up and system integration process to fully automated, self-­learning and self­aware production systems," according to a report issued at the conclusion of the investigation. Ramp-up is necessary anytime a manufacturing device is moved, deployed, or constructed, and it typically entails an intensive and person-centered process of fine-tuning and optimization. Oftentimes technicians rely on trial-and-error to move devices toward their maximum sustainable output, and this ends up costing manufacturers significant downtime. It also adds as much as 65% to the underlying cost of a manufacturing system.

FRAME targeted the medical device, automotive, and aerospace industries, which present unique manufacturing challenges and constraints. The aim of the project was to develop a system that would reduce time-to-market and time-to-volume for newly configured machines by 30 percent. Researchers sought to do this by creating a system that first learned from humans. By correlating operator actions to changes in productivity, the FRAME system could begin to solve problems without the need for further human intervention. Like LUT's welding machine, the system could also identify errors and take significant action on its own to correct them.
In trials, the FRAME project demonstrated a 30 percent decrease in failure rates, a 64 percent increase in ideal outputs, and a 12 percent improvement in cycle time. The research is now being adapted for use beyond the FRAME target industries. It's a safe bet that high skilled jobs related to systems optimization will soon be imperiled by the technology, and with increased efficiency and adaptability, self-learning systems are sure to increase the prevalence of automation within and beyond heavy manufacturing.

credit:-Greg Nichols 

Tuesday, April 28, 2015

Thousands of iOS apps left open to snooping thanks to SSL bug

 Thousands of iOS apps left open to snooping thanks to SSL bug



Researchers have uncovered around 25,000 iOS apps that use old versions of a popular networking library, leaving them open to attackers on the same network viewing encrypted traffic.

The bug affects Secure Sockets Layer (SSL) code in AFNetworking, a networking library developers can use to build components of iOS apps. The framework has been updated three times in the past six weeks, addressing numerous SSL flaws that leave apps vulnerable to man-in-the-middle attacks.

The latest version of AFNetworking, 2.5.3, fixes a weakness in the library's domain name validation process. SourceDNA, the security firm that discovered the recurrent flaw, said on Friday that at least 25,000 apps are still running an outdated version.

"If you are using AFNetworking (any version), you must upgrade to 2.5.3," SourceDNA said. "Also, you should enable public key or certificate-based pinning as an extra defense. Neither of these game-over SSL bugs affected apps using pinning."

Explaining the bug, SourceDNA added: "Domain name validation could be enabled by the validatesDomainName flag, but it was off by default. It was only enabled when certificate pinning was turned on, something too few developers are using."

The net result for end users is that an attacker on the same wi-fi network could fairly easily view data in transit, which should otherwise have been encrypted. "Because the domain name wasn't checked, all they needed was a valid SSL certificate for any web server, something you can buy for $50," Source DNA said.

Somewhat oddly, the bug appears to have crept back into the 2.5.2 release despite the same issue being addressed in a prior version.

As per AFNetworking's update on GitHub last week, the library's default security policy now validates the domain name and doesn't validate against pinned certificates or public keys.
The bug in the 2.5.2 release was discovered by a security engineer at Yelp, one of many companies that use the library. Security researchers looking at previous SSL bugs in the library have noted that other popular apps such as Pinterest, Heroku, and Simple used it for OS X and iOS apps.

Monday, April 27, 2015

Turn your iPhone or Android smartphone into a satellite phone

Turn your iPhone or Android smartphone into a satellite phone


The modern smartphone is a wonder of modern technology, and in combination with the carrier network can allow you to make calls from the densest urban jungle to Mount Everest. But despite the amazing global coverage of the carrier networks, sometimes it just isn't enough.

This is when you need to rely on satellite coverage. And believe it or not, you can add satellite capability to your existing iPhone or Android smartphone. Yes, that's right, you no longer need a dedicated satellite phone. What you need is a Thuraya SatSleeve.

In addition to offering support for calls and SMS messaging, the latest SatSleeves also have satellite data functionality for emails, instant messaging, browsing and so on.

Just slide on the sleeve, and BINGO! You have a satellite phone. Yes, calls and data are going to cost you an arm and a leg (don't be surprised if it adds up to several dollars a minute depending on where you want to use your handset).

The SatSleeve comes in two flavors:

  • SatSleeve for iPhone: Adaptor for iPhone 5/5s is inside the package (adaptors for iPhone 4/4s and iPhone 6 are available separately from Thuraya Service Partners)
  • SatSleeve for Android: Adaptor for Samsung Galaxy S4 is inside the package (adaptors for Samsung Galaxy S3 and S5 are available separately from Thuraya Service Partners)
The SatSleeve isn't cheap -- around $499 -- but if you need coverage where there isn't a ground-based carrier service, this could very well be what you need.

See the Video
 Follows us for More Information

Saturday, April 25, 2015

Apple security features can be easily bypassed, says researcher

Apple security features can be easily bypassed, says researcher





Security tools baked into Macs designed to protect users from malicious content can be easily bypassed, according to one security researcher.


In a talk at the RSA Conference in San Francisco on Thursday, Synack director of research Patrick Wardle described how two OS X security tools can be bypassed to run malware.
"It's trivial for any attacker to bypass the security tools on Macs," said Wardle, according to ThreatPost. "If Macs were totally secure, I wouldn't be here talking."
Those two security features, Gatekeeper and XProtect, were added in the more recent versions of OS X in response to a rising threat of malware aimed at the alternative operating system.
Gatekeeper, added in OS X 10.8 "Mountain Lion," restricts which apps can be opened and run on a computer. Most have it set to apps verified through the Apple App Store, or from verified developers. XProtect, a rudimentary malware scanner for the Mac introduced even earlier in OS X 10.6 "Snow Leopard," can block certain apps and plugins from running if there are known vulnerabilities.
"Gatekeeper doesn't verify extra content in the apps," said Wardle. When the app is opened, either Gatekeeper knows where it's from and allows it, or it doesn't and it shuts the app down. But it doesn't continually check the app, which Wardle said can be a problem. "So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper," he said.




(Image: Patrick Wardle/Synack)
He also said XProtect was "trivial" to bypass.
By recompiling a known malware sample to change its hash, Wardle could sneak the malware past XProtect and run it on the target computer. Although he called XProtect's sandboxing feature "strong," it can be bypassed with a number of known vulnerabilities at the kernel level, which he said undermine its security.
We reached out to Apple for comment, but did not immediately hear back.


Thursday, April 23, 2015

write your search terms with your finger instead of typing the words on the keyboard

 Write your search terms with your finger instead of typing the words on the keyboard


You can write your search terms with your finger instead of typing the words on the keyboard. As you write, your handwritten text converts into words in the search box.

https://www.youtube.com/watch?v=uyeJXKfAcpc

Turn Handwrite on or off

  1. Visit the Search settings page from your phone or tablet. 
  2. Go to the Handwrite section.
  3. Select Enable to turn on and Disable to turn off.
  4. At the bottom of the page, touch Save.
Note: You might need to refresh your browser to see the changes you've made.

How to search using Handwrite

  1. Once Handwrite is turned on, visit google.com on your mobile device.
  2. In the lower right corner of the screen, touch the Handwrite icon .
  3. Use your finger to start writing your search terms anywhere on the screen. As you write, your handwritten text converts into typeface in the search box.
  4. Touch the search icon to start your search .

Tips and tricks

  • Delete letters: Touch the backspace icon at the bottom of the page .
  • Start over: Touch X in the search box at the top of the page.
  • Clarify characters: When you type a character that could be mistaken for another, like 0 (the number) and O (the letter), a list of options might appear at the bottom of the screen.
  • Use predictions: To help save you time, a list of predicted search terms might appear in the search box as you write. Touch a prediction to search for that term, or touch the arrow to the right of a query to explore related searches .
  • Include symbols: Try symbols and special characters like +, @, &, and $.

Availability

You can use Handwrite on these devices:
  • Android 2.3+ phones
  • Android 4.0+ tablets
  • iOS 5+ phones & tablets

how to crash an iPhone with a wireless DoS attack

 crash an iPhone with a wireless DoS attack


In today’s RSA Conference presentation, (Tuesday, April 21, 2015 | 3:30 PM – 4:20 PM | West | Room: 2001) Adi Sharabani, CEO and my fellow co-founder at Skycure,  and I covered the lifecycle of vulnerabilities and vendor pitfalls. We also shared some details about a vulnerability our team recently identified in iOS 8 — a vulnerability that we are currently working with Apple to fix.
In this post, I’d like to share a few anecdotes from our vulnerability research process:

How it all started
Skycure is a leader in mobile threat defense solutions. As offense is a crucial part of any defense solution, our research team frequently performs experiments to check how mobile devices behave in various scenarios. One day, during preparation for a demonstration of a network-based attack, we bought a new router. After setting the router in a specific configuration and connecting devices to it, our team witnessed the sudden crash of an iOS app.

After a few moments, other people started to notice crashes. Pretty quickly, we realized that only iOS users were suffering from crashes.

QA Issue or Security Exposure?
To many, the iOS app crashes may seem simply like a quality issue. In most cases, people would just install a different firmware and move on.
However, we needed to dig deeper. We believe that incidents dismissed often as QA issues sometimes underlie an actual threat. Elisha and Roy from our research team started to analyze the crashes further and identified the source of the problem. Basically, by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will. With our finding, we rushed to create a script that exploits the bug over a network interface. As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses.

Again, we’ve reported the issue to Apple per our responsible disclosure process. As the vulnerability has not been confirmed as fully fixed yet, we’ve decided to refrain from providing additional technical details, in order to make sure iOS users are not exposed to the exploit caused by this vulnerability.

Impact on iOS
An even more interesting impact of the SSL certificate parsing vulnerability is that it actually affects the underlying iOS operating system. With heavy use of devices exposed to the vulnerability, the operating system crashes as well. Even worse, under certain conditions, we managed to get devices into a repeatable reboot cycle, rendering them useless.

The aforementioned is interesting in particular, as it puts the victim’s device in an unusable state for as long as the attack impacts a device. Even if victims understand that the attack comes from a Wi-Fi network, they can’t disable the Wi-Fi interface in the repeated restart state as shown in the video.

No iOS Zone
In 2013, we disclosed another vulnerability, which we called WiFiGate. In a nutshell, the impact was that an attacker could create their own network, and force external devices to automatically connect to it. Combining techniques such as WiFiGate or Karma attacks with this new discovery can allow an attacker to form a iOS . Envision a small device, which automatically captures any iOS device in range and gets it to join a fake network. Then, it issues the attack and crashes attacked iOS devices again and again. Victims in range cannot do anything about it. Think about the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants. The results would be catastrophic.

Fortunately, we keep a close eye on all the mobile threats and exploits around the world using our Mobile Threat Intelligence platform and have not yet seen any exploit related to this vulnerability. Users can always download a free version of Skycure available on both platforms (iOS and Android) to detect any active threat or attack on their device.


Remediation
Users might be able to avoid this vulnerability exploit in a number of ways:
  1. Users should disconnect from the bad Wi-Fi network or change their location in case they experience continuous crashing or rebooting.
  2. The latest iOS 8.3 update might have fixed a few of the mentioned threats–users are highly advised to upgrade to the latest version.
  3. In general, users should avoid connecting to any suspicious “FREE” Wi-Fi network.


Acknowledgements

Thanks to Elisha and Roy in the Skycure research team for their continued great work. I would also like to thank Apple’s security team for their cooperation and continued commitment to the security of Apple’s user base.