How Apple’s Address Book app could allow the NSA to harvest your contacts

Ashkan Soltani Overlooked in last week’s revelation that the National Security Agency is harvesting hundreds of millions of e-mail address books around the world was this surprising factoid: Apple makes this mass collection easier because the Address Book app that by default manages Mac contacts doesn’t use HTTPS encryption when syncing with Gmail accounts. As a result, addresses that automatically travel between Macs and Google servers are sent as plain text , independent privacy researcher Ashkan Soltani wrote in The Washington Post last Monday. He provided the above screenshot demonstrating that Address Book contents appear in the clear to anyone who has the ability to monitor traffic over a Wi-Fi network or other connection. His observation came 15 months after another Mac user also warned that the Mac app offered no way to enable HTTPS when syncing e-mail address lists with Gmail . “It appears that it’s an Apple issue,” Soltani told Ars, referring to the inability to enable HTTPS when Apple’s Address Book is updated to a user’s Gmail account. “Their other products support Gmail over via HTTPS, so I suspect it would be a three-line fix in the contacts to alleviate this problem.” Read 7 remaining paragraphs | Comments        

View article:
How Apple’s Address Book app could allow the NSA to harvest your contacts

Wikipedia editors, locked in battle with PR firm, delete 250 accounts

Wikipedia founder Jimmy Wales. Flickr user: Niccolò Caranti Wikipedia editors have disabled hundreds of paid Wikipedia editing accounts in recent weeks as part of a campaign against so-called “sockpuppetry.” The efforts were described in a statement published this morning by the Wikimedia Foundation, in which director Sue Gardner acknowledged that “as many as several hundred” accounts belong to editors who are being paid to promote products or services on the site. That’s a violation of Wikipedia policies and terms of use, Gardner noted. “As a result, Wikipedians aiming to protect the projects against non-neutral editing have blocked or banned more than 250 user accounts,” continued Gardner. “The Wikimedia Foundation takes this issue seriously and has been following it closely.” The statement follows reports earlier this month in the The Daily Dot and last week in Vice .  The stories describe the increasing amounts of money flowing toward paid editing of English-language Wikipedia pages. According to both articles, Wikipedia editors attribute the growth in paid edits to a company called Wiki-PR . Read 3 remaining paragraphs | Comments        

View article:
Wikipedia editors, locked in battle with PR firm, delete 250 accounts

Ubuntu 13.10 review: The Linux OS of the future remains a year away

After the customary six months of incubation, Ubuntu 13.10—codenamed Saucy Salamander—has hatched. The new version of the popular Linux distribution brings updated applications and several new features, including augmented search capabilities in the Unity desktop shell. Although Saucy Salamander offers some useful improvements, it’s a relatively thin update. XMir, the most noteworthy item on the 13.10 roadmap, was ultimately deferred for inclusion in a future release. Canonical’s efforts during the Saucy development cycle were largely focused on the company’s new display server and upcoming Unity overhaul, but neither is yet ready for the desktop. Due to the unusual nature of this Ubuntu update, this review is going to diverge a bit from the usual formula. The first half will include a hands-on look at the new Unity features. The second half will take a close look at the Ubuntu roadmap and some of the major changes that we can expect to see over the course of the next several releases. Read 46 remaining paragraphs | Comments        

Read this article:
Ubuntu 13.10 review: The Linux OS of the future remains a year away

New York City is getting wireless EV chargers disguised as manholes

Hevo Power Imagine an electric Pepsi delivery truck in Manhattan. It makes dozens of stops at the same locations, day in and day out. Now what if at each stop—or every other stop—it could wirelessly top up its battery pack as the driver drops off another case of sugar water. That’s what Hevo Power is aiming to do with a new wireless charging system that blends into its surroundings by aping a manhole. “I was walking down the street, pondering how wireless charging could be deployed,” Hevo’s CEO and founder Jeremy McCool told WIRED. “I was standing at 116th and Broadway, and I was looking down and saw a manhole cover and thought, that’s the ticket. There are no cords, no hazards. Everything can be underneath the manhole cover.” The result is a new system of wireless charging stations that Hevo plans to deploy in New York’s Washington Square Park in early 2014, beginning with two Smart ForTwo electric vehicles operated by NYU. Read 8 remaining paragraphs | Comments        

Read More:
New York City is getting wireless EV chargers disguised as manholes

Square drastically simplifies Internet cash transfers

The screen where users enter their debit card information. Financial startup Square launched a new arm of its business Tuesday that allows two parties to transfer cash between themselves using only their debit card numbers and e-mail. Square Cash may trump similar services like PayPal in ease of use in that it doesn’t require extra bank info, and transactions can happen directly via e-mail. Competitors like PayPal have been able to handle direct debit transactions for some time, though setup is a bit more of a hassle. Users have to enter their checking account numbers and routing numbers and then verify their accounts with two small deposits, so the process can take a few days. With Square Cash, the process begins in e-mail : users send an e-mail to the person they want to pay, cc cash@square.com, and enter the amount in the subject line. If it’s their first transaction, Square sends a second e-mail that leads the user to a screen where they enter their debit card number, expiration date, and ZIP code. Once the person on the other end gets the e-mail and fills out the same form, the transaction is completed in 1-2 days. Read 2 remaining paragraphs | Comments        

View original post here:
Square drastically simplifies Internet cash transfers

Intel’s next-generation Broadwell CPUs delayed due to yield problems

Intel’s next-generation CPUs will arrive slightly later than expected. Intel During the company’s third quarter earnings call yesterday, CEO Brian Krzanich announced that production of Intel’s next-generation Broadwell CPUs would be delayed slightly due to manufacturing issues. CNET reports that a “defect density issue” in the new 14nm manufacturing process was causing lower-than-expected yields, and that Intel’s first round of fixes didn’t improve the yields by the expected amount. Krzanich expressed “confidence” that the issue had been fixed and that it was just a “small blip in the schedule,” and that the CPUs would begin mass production in the first quarter of 2014 rather than the fourth quarter of 2013 as expected. Broadwell’s successor, codenamed Skylake and due in 2015, will apparently not be affected by the delay. Broadwell is a “tick” on Intel’s CPU roadmap, a refined version of the current Haswell architecture built on a new manufacturing process. Intel typically doesn’t introduce a new architecture and a new manufacturing process simultaneously to reduce the likelihood and severity of manufacturing issues like these. Even with the delay, Intel will still be producing 14nm chips while most of its chipmaking competitors (including TSMC and Samsung) are rolling out their 20nm processes. Intel hasn’t gone into much detail on what Broadwell will bring to the table, but smart money says that it will further reduce power usage over Haswell while also increasing CPU and integrated GPU performance incrementally. The company announced at its Intel Developer Forum this year that it was seeing a ” 30 percent power improvement ” over Haswell in early production samples, a number which may stand to improve as the process matures and yields get better. Read 1 remaining paragraphs | Comments        

More:
Intel’s next-generation Broadwell CPUs delayed due to yield problems

New effort to fully audit TrueCrypt raises over $16,000 in a few short weeks

For nearly a decade now, TrueCrypt has been one of the trusty tools in a security-minded user’s toolkit. There’s just one problem, though. No one knows who created the software, and worse still, no one has ever conducted a full security audit on it—until now. Since last month, a handful of cryptographers have newly discussed problems and alternatives to the popular application, which lead on Monday to a public call to perform a full security audit on TrueCrypt. As of Tuesday afternoon, that fundraiser reached over $16,000, making a proper check more likely. Much of those funds came from a single $10,000 donation from an Atlanta-based security firm. “We’re now in a place where we have nearly—but not quite enough—to get a serious audit done,” wrote Matthew Green , a  well-known cryptography professor at Johns Hopkins University, on Twitter. Read 3 remaining paragraphs | Comments        

See original article:
New effort to fully audit TrueCrypt raises over $16,000 in a few short weeks

Facebook to rip search opt-out from under those who were using it

Here’s the dialog you’ll see if you were opted out of search, when Facebook gets around to opting you back in. Facebook If you checked that box saying you don’t want to appear in Facebook search results, get ready: soon, that choice is going away. Facebook announced in a blog post Thursday that it’s removing the ability to opt out of appearing in search results, both for friends and globally, for those who’ve had it enabled. Facebook actually removed the search opt-out for everyone who didn’t have it enabled early this year, around the time it introduced Graph Search . Now, ten months later, Facebook is giving the boot to anyone who actually cared enough to opt out, referring to the checkbox as an “old search setting.” Facebook claims that less than one percent of users were taking advantage of the feature. In simpler times, Facebook was smaller and easier to navigate, and everyone had a privacy setting asking “Who can look up your timeline by name?” Now that there are so many profiles that users become confused when they know they have a friend or know someone in a group, but try to find them by search and they don’t appear, says Facebook. Read 1 remaining paragraphs | Comments        

See the article here:
Facebook to rip search opt-out from under those who were using it

Obamacare site hits reset button on passwords as contractors scramble

Getting to this page on the Healthcare.gov site is just the start of the battle for would-be insurance customers. Sean Gallagher Amid all the attention, bugs, and work happening at Healthcare.gov in light of the Affordable Care Act, potential registrants talking to phone support today have been told that all user passwords are being reset to help address the site’s login woes. And the tech supports behind Healthcare.gov will be asking more users to act in the name of fixing the site, too. According to registrants speaking with Ars, individuals whose logins never made it to the site’s database will have to re-register using a different username, as their previously chosen names are now stuck in authentication limbo. The website for the Affordable Care Act (aka “Obamacare”) launched just last week. With all the scrutiny and debate happening, if ever there was a website launch that was “too big to fail, ” this was it.  So, of course, it did—depending on how you define “failure.” The inability of Obamacare portals to keep up with the traffic demands initially put upon them has been seized by politicians and conservative pundits as evidence that Obamacare “is not ready for prime time” in the words of Sen. Orrin Hatch (R-Utah). Now, a week later, the site appears to be stabilizing, with waiting times dropping dramatically for those who haven’t been able to register before. A test of the site this morning had me waiting four minutes to get to the signup page; others got on instantly. But problems persist beyond the front door. The contractors responsible for the exchange—CGI Federal for the website itself, Quality Software Systems Inc. (QSSI) for the information “hub” that determines eligibility for programs and provides the data on qualified insurance plans, and Booz Allen for enrollment and eligibility technical support—are scrambling to deploy more fixes. Technical support call center operators continue to handle an onslaught of calls from users who can’t get back into the system after registering. Read 13 remaining paragraphs | Comments        

Continue reading here:
Obamacare site hits reset button on passwords as contractors scramble

Meltdowns at NSA spy data center destroy equipment, delay opening

The NSA’s Utah Data Center. Swilsonmc A massive data center being built by the National Security Agency to aid its surveillance operations has been hit by “10 meltdowns in the past 13 months” that “destroyed hundreds of thousands of dollars worth of machinery and delayed the center’s opening for a year, ” the  Wall Street Journal reported last night . The first of four facilities at the  Utah Data Center  was originally scheduled to become operational in October 2012, according to project documents described by the  Journal . But the electrical problems—described as arc fault failures or “a flash of lightning inside a 2-foot box”—led to explosions, failed circuits, and melted metal, the report states: The first arc fault failure at the Utah plant was on Aug. 9, 2012, according to project documents. Since then, the center has had nine more failures, most recently on Sept. 25. Each incident caused as much as $100, 000 in damage, according to a project official. It took six months for investigators to determine the causes of two of the failures. In the months that followed, the contractors employed more than 30 independent experts that conducted 160 tests over 50, 000 man-hours, according to project documents. The 1 million square foot data center is slated to cost $1.4 billion to construct. One project official told the  Journal that the NSA planned to start turning on some of the computers at the facility this week. “But without a reliable electrical system to run computers and keep them cool, the NSA’s global surveillance data systems can’t function, ” the newspaper wrote. Read 2 remaining paragraphs | Comments        

More:
Meltdowns at NSA spy data center destroy equipment, delay opening