xvid entertainment news tecnologia e tempo libero

31May/150

Uber will let drivers track your location, but only if you agree

Uber has rewritten its privacy policy to make it easier to grok and added some very important changes. According to the updated guidelines, the ride-sharing app will soon give drivers the power to track your location if you allow it to, so long as it remains running in the background. This, Uber claims, will allow them to pick you up a lot faster than just dropping a pin to signal where you're waiting. Drivers will be able to meet you on the way, for instance, or right out the door you used to exit a large building. Also, the app will start asking for permission to access your contact list, so the service can send promotional materials to your friends and family.

This update comes after an external review of Uber's privacy program, prompted by a series of issues and PR catastrophes involving customer privacy. If you recall, some Uber employees used the "God View" tracker embedded in the app to spy on the whereabouts of a Buzzfeed reporter and a high-profile venture capitalist last year. All its corporate employees (but not its drivers) reportedly had access to God View and could monitor a user's activities. Let's not forget the time an exec made a remark about hiring a team to dig up personal dirt on journalists that criticize the service, as well.

In addition to the aforementioned changes, the new privacy policy lists what kind of data it collects from customers. It makes clear that Uber keeps a record of your transactions (amount, distance traveled, date and time, et cetera) and gathers info about your device (model, OS version, serial number, UDID, mobile network, preferred language and more). Uber can access any call and SMS details between the driver and yourself, as well as see your device's IP address, browser, the website you visited before it, so on and so forth.

The new Privacy Statement will take effect on July 15th, so expect to see the app asking you for permission to switch on real-time tracking and to access your address book by then. If you're not exactly fond of these changes, don't worry: the company told TechCrunch that the app will work just fine even if you choose not to switch them on.

http://www.engadget.com/2015/05/31/uber-privacy-policy-changes/?ncid=rss_truncated

Filed under: Tecnology No Comments
31May/150

Hackers On Demand

On Hackers List, customers search for exploits and hackers.

The basic methods of intrusion are often the same: the age-old technique of tricking a target into installing malware by opening an email attachment or a malicious website. "It just works."

In a report released in March, Europol, the European Union's law enforcement arm, predicts online networking sites and anonymous cash-transfer mechanisms like cryptocurrencies will continue to contribute to the growth of "crime as a service" and to criminals who "work on a freelance basis . . . facilitated by social networking online with its ability to provide a relatively secure environment to easily and anonymously communicate."

The environment isn't always secure. Earlier this month, one security sleuth unmasked the apparent owner of Hackers List as Charles Tendell, a Denver-based security expert. Soon after, Stanford legal scholar Jonathan Mayer crawled the site's data, revealing the identities of thousands of the site's visitors and their requests for hacks.

Mayer found only 21 satisfied requests, including "i need hack account facebook of my girlfriend," completed for $90 in January, "need access to a g mail account," finished for $350 in February, and "I need [a database hacked] because I need it for doxing," done for $350 in April. A majority of requests on the service involve compromising Facebook (expressly referenced in 23% of projects) and Google (14%), and are sparked by a business dispute, jilted romance, or the desire to artificially improve grades, with targets including the University of California, UConn, and the City College of New York.

While most requests "are unsophisticated and unlawful, very few deals are actually struck, and most completed projects appear to be criminal," Mayer wrote on his blog, the requests were a "fair cross-section of the hacks that ordinary Internet users might seek out." Still, he wrote, Hackers List "certainly isn't representative of the market for high-end, bespoke attacks."

Whatever the software or however expert the hackers, the basic methods of intrusion are often the same: the age-old technique of tricking a target into installing malware by opening an email attachment or a malicious website. "It's like we still use gasoline in gasoline-driven engines," says Carr, "'cause it just works."

A Silk Road For Hackers

On the message board site HackForums.net, users openly post ads offering to hack into computers and online accounts, knock servers offline with denial-of-service attacks, and track down strangers' personal information, all for a fee. Hackers are ranked through a rating system, and high-reputation users even offer "middleman" services, holding cryptocurrency payments in escrow until sellers deliver what they've promised.

I dont aks them anything... because I don't care I just give them a warning that using R.A.T.s for iligal purpeses can get them to jail...

"I will Hunt someone for you and get you all the informations of the person. ( emails, IMs, Social accounts, location, phone number, Home address etc)," says one post on the site, which is registered in the Cayman Islands. "I will hack someone for you and get you all the files, key logs, webcam videos, anything from his system. on your need, i can transfer them on your rat/botnet, so you can play with him." A RAT is a remote administration trojan: a piece of software that, once surreptitiously installed on your target's computer, tablet, or phone, allows you to read files, intercept keystrokes, and generally take control of the machine's operations.

One forum user named Hax0r818 said in a Skype chat that his service, which mentors neophyte RAT users, has had about 300 customers in roughly a year. "I just help them get started because R.A.T.s are not for hacking they were made for parents to check what there children are looking on the net," he wrote. "I dont aks them anything I dont because I don't care I just give them a warning that using R.A.T.s for iligal purpeses can get them to jail and I let them agree to my Terms."

Hax0r818, who would say only that he is under 21 and based in Australia, charges $5 a month in exchange for training RAT novices in using the tools and providing a testbed virtual machine for them to practice on.

In addition to websites accessible through the web, a dozen deep web markets—with names like Hell, Agora, Outlaw, and Nucleus, and only reachable through the Tor browseroffer menus of RATs and other hacking software and services, with transactions conducted in Bitcoin.

"Hacking and social engineering is my business since i was 16 years old, never had a real job so i had the time to get really good at hacking and i made a good amount of money last +-20 years," writes the owner of Hacker for Hire, a dark web site that charges 200 euros for small jobs and up to 500 euros for larger ones, including "ruining people, espionage, website hacking." "I have worked for other people before, now im also offering my services for everyone with enough cash here."

Typical prices for RATs—with names like darkcomet, cybergate, predator pain, and Dark DDoser—range from $20 to $50, according to a December Dell SecureWorks report. This represents a significant drop from the previous year, when the tools typically sold for between $50 and $250. (The price drop may have resulted from the recent leak of some RATs source code.) The price for hacking into a website has also dropped, from a high of $300 to $200, according to the Dell report.

Prices of hacking services online.

One RAT-making group called Blackshades took in more than $350,000 over four years selling a $40 RAT on hacker forums and its own website to thousands of buyers around the world, according to a federal indictment unsealed last May in New York. Customers had used the software to steal financial information and spy on unsuspecting victims through their webcams, officials said.

"The RAT is inexpensive and simple to use, but its capabilities are sophisticated and its invasiveness breathtaking," Manhattan U.S. Attorney Preet Bharara said at the time. His investigation, part of an "unprecedented" and ongoing global effort, has so far resulted in more than 90 arrests.

Big Business And Big Crime

Hacking software, which can cost up to $3,000 and more, isn't itself illegal, and can be used for benign tasks like remotely administering servers and monitoring corporate computers. But in practice, these software toolkits and related services are often used for fraud, denial-of-service attacks, or network intrusion.

"If someone is gaining unauthorized access to another computer system, anything digital, that is against the law, that is criminal," says Jonathan Rajewski, a computer forensic examiner and assistant professor at Vermont's Champlain College.

Freelance hacker marketplaces.

Hacking software and exploits exist in a legal limbo.

Hacker marketplaces, meanwhile, exist "in legal limbo," according to Mayer, the Stanford law lecturer. While websites are generally not liable for user misdeeds, there is an exception for federal criminal offenses, including violations of the Computer Fraud and Abuse Act, which governs hacking. That leaves the operators of these markets open to possible accomplice or conspiracy charges, which could land them in prison.

The operator of the Silk Road, where hackers advertised alongside drug sellers, was convicted on hacking conspiracy charges, along with six other counts. A newer dark net marketplace called TheRealDeal Market, also accessible through the anonymized Tor network, focuses specifically on exploit code, though the terms of service say the site allows the sale of anything except child pornography, human trafficking, or "services which involve murder."

Last week, the U.S. Commerce Department published a proposal that would require anyone selling unpublished "zero-day" exploits internationally to have a license, classifying intrusion software, like other "dual use" items, as potential weapons. The number of zero-day exploits discovered in the wild hit an all-time high last year of 24, according to a recent Symantec report.

The new law could help law enforcement fight hacker black markets, but it would also hinder a number of companies that openly sell intrusion software and software exploits. The French security firm Vupen, which bills itself as a provider of "offensive cyber security," charges clients—including the NSA—up to $100,000 per year for access to techniques letting them compromise widely used software, from Microsoft Word to popular web browsers and Apple's iOS. The Italian company Hacking Team has sold RATs to the FBI. Other firms that buy and sell exploits include Netragard and Endgame, as well as larger defense contractors like Northrop Grumman and Raytheon.

Recent estimates have predicted industrial espionage and other digital crime costs companies hundreds of billions of dollars per year. A new study by the Ponemon Institute found that the average cost of a compromised record for a corporate hacking victim rose to $154 in 2014, up 8 percent over the previous year.

Selling To The Highest Bidder

To Carr, the security researcher, the consumer hacking-for-hire market is only the tip of the iceberg. Now, more sophisticated hacker groups are offering their services to wealthy overseas businesses and governments interested in buying "on demand" hacking. An entrepreneur or a C-level executive might hire a hacker to gain an edge over competitors, for instance, or to "hack back" against cyber intruders, a practice that Sony reportedly employed in its effort to fight websites hosting the company's leaked data.

With so much recent focus on allegations of hacking by government agencies, Carr thinks threats from sophisticated commercial operations have been somewhat overlooked.

Su Bin, a Chinese businessman indicted in the U.S. on hacking charges

"We've completely missed until recently the espionage-as-a-service game, and most likely we've confused these guys with actual government intelligence agencies or government military operations," he said.

Hacker groups will generally find work by exploiting connections to unscrupulous companies, either striking deals to obtain particular data or by stealing valuable information themselves and selling it to the highest bidder they can find, according to a white paper recently released by Carr's firm, Taia Global.

Most likely we've confused these guys with actual government intelligence agencies or government military operations.

Carr pointed to the case of a Chinese businessman named Su Bin, who was arrested in Canada last year on charges he worked with two unidentified hackers to steal and sell trade secrets about the F-35 and other military aircraft from U.S. defense contractors. In one email, one of Bin's alleged accomplices attempts to buy an undetectable copy of "the Poisonivy Program," a well-known RAT tool that is available in encrypted form, from a HackForums.net seller for just a few dollars.

But in spite of widespread reports about hackers stealing secrets for the Chinese government, Bin, who lived and worked in Canada, seemed more motivated by financial rather than nationalistic interests. "These buyers weren't necessarily Chinese companies," according to the Taia Global publication. "One email from Bin . . . indicated that he was unhappy with how cheap one Chinese company's offer was and that he would look for other buyers."

One sophisticated espionage-focused group, dubbed Hidden Lynx by security firm Symantec, used two pieces of custom malware to penetrate hundreds of organizations around the world. Based on the variety of targets the group has targeted, Symantec believes it to be an "adaptable and determined" hacker-for-hire organization.

"We believe they're specifically tasked with going after information and then passing that information to the clients that want it," said Symantec senior threat analyst Stephen Doherty, one of the authors of the paper, who says his firm has been following dozens of similar groups. "Symantec is tracking over 70 groups from all around the world that fit into the various buckets of those involved in direct espionage, those involved in cybercrime, those maybe doing a bit of both," he said.

Hidden Lynx, which Symantec says employs between 50 and 100 hackers operating mostly out of China, breached the servers of security firm Bit9 in 2012, making off with security certificates used to digitally sign software Bit9 has certified as safe. The hackers then gained access to computers belonging to political, defense, and financial organizations in the Boston and Washington areas by penetrating web servers likely to be visited by employees of target companies and using them to distribute malware, some of it signed with the stolen Bit9 credentials.

Playing Defense (And Offense)

As hacker groups have become more sophisticated, defensive efforts by international law enforcement and private security groups have grown more coordinated, with the ultimate goal of making such attacks that much less worthwhile, said Doherty. Last year, the tide against Hidden Lynx changed: A coordinated effort by a number of security vendors helped develop better protections against the malware used by the group, Symantec says. "All our indications are that the activity involved with this group has very much gone underground," he said.

Just because they're your vendor doesn't mean you can trust them.

"I think you're seeing a breakdown of the kind of silos where everyone's fixing their own, or looking after their own client base," said Doherty. Previously, he said, "whether it's an [antivirus] company, or whether it's a bank, they all would have very much worked close to home, but now we're seeing a much broader effort. There's much more visibility into what's going on."

Doherty said people and companies hoping to defend against these kinds of attacks should take traditional online security precautions: Keep up to date with software upgrades and security patches, watch for unusual network activity, and take special care to lock down systems known to store valuable company secrets.

Companies should also take careful stock of which third-party vendors have access to their sensitive information, said Carr. "You also need to do due diligence on all of your supply chain," he said. "You have to be aware of who you're sharing your data with: Just because they're your vendor doesn't mean you can trust them."

One tactic Carr advises against: "hacking back," the risky and legally murky technique of retaliating against the networks of criminals who infiltrate corporate networks.

"That's always a bad idea," he said. "It's like that old saying, never pick a fight with a stranger—you don't know who you're throwing a punch at. It could be a commando."

Article source: http://www.engadget.com/2015/05/31/hackers-on-demand/?ncid=rss_truncated

Filed under: Tecnology No Comments
31May/150

Inhabitat’s Week in Green: Self-driving Audis and free solar panels

Each week our friends at Inhabitat recap the week's most interesting green developments and clean tech news for us -- it's the Week in Green.

California is giving away free solar panels to its poorest residents. Between now and 2016, the state will donate 1,600 free photovoltaic systems -- and each array will save a household $22,800 in energy costs over 30 years. Meanwhile in Southern California, director James Cameron gifted his wife a field of solar sunflowers to power her sustainable school. In other energy news, Tesla's battery-producing Gigafactory is starting to take shape in Nevada -- and this week we took a first look at the gigantic building thanks to an aerial drone.

Speaking of Tesla, the automaker has had a tough time opening stories in some states -- so it's taking its show on the road with a new pop-up store! The compact shop packs into a special shipping container that can be transported on a flatbed truck. Self-driving cars are popping up everywhere lately -- and Audi's latest autonomous vehicle is a stunner. At CES Asia, the automaker unveiled a souped-up self-driving R8 with killer looks and an all-electric powertrain. Even Uber is getting in on the action -- this past week, the company's autonomous driving test vehicle was spotted in Pittsburgh, so fleets of self-driving taxis may be right around the corner. And one Volvo owner experienced the chilling pitfalls of self-driving technology as his vehicle crashed into a crowd of people because he didn't pay for a feature that brakes for humans. Green vehicles also set several records this week -- a poop-powered bus broke a world speed record in the UK, and a Canadian inventor set the record for the world's farthest hoverboard flight.

Before heading out into the sun, you need to check out this latest article. It turns out that 80 percent of popular sunscreens don't protect your skin -- and they may actually be harmful to your health. We rounded up 34 of the worst offenders -- so check your sunscreen and avoid these brands at all costs. In other health and technology news, researchers have developed a new bionic lens could give you perfect vision for the rest of your life. The developer of the painless implant claims that it will allow patients to see three times better than 20/20.

http://www.engadget.com/2015/05/31/self-driving-audis-solar-panels/?ncid=rss_truncated

Filed under: Tecnology No Comments
31May/150

Spotify is my new running mate, even if it doesn’t know me well

Apparently, after all these years, Spotify still doesn't really get me. I've used the service since 2010. Technically I was a subscriber since before it hit US shores. And yet, Spotify clearly has no idea what kind of music I like. I say this because I recently traded in my carefully curated running playlist for Spotify's dynamically generated ones and, not to spoil the rest of the story, it really failed. But let's start at the beginning.

I got up nice and early Sunday morning, left my house and began the slow slog up hill past Silver Lake Park. When I started to hit my stride I pulled out my iPhone and found the new Running option in sidebar of the updated Spotify app. The first stop on my journey was the running specific Hip Hop and RB playlist. A pleasant female voice instructed me to start running and let me know that it was using the phone's sensors to detect my pace. Then, as promised, it spat out songs perfectly matched to the tempo of my run.

The first batch of tracks got me up the steep slope, but almost none of the artists were recognizable to me. And honestly, most were not particularly good; there was a reason I had never heard most of these songs before. The final nail in the playlist's coffin was Immortal Technique's The Cause of Death. Whether you're a fan of his or not, I think we can all agree that listening to the Harlem-based MC rap about how 9/11 was an inside job doesn't make for an enjoyable run.

The trouble is that, while Spotify supposedly takes my taste into account when building these playlists, you'd never know it. Neither the Upbeat Run or Mood Booster Run playlists fared any better. And, after suffering through Bleachers and Demi Lovato's Unbroken, I gave up. It seems that the combination of Spotify's beat matching algorithm and its human curators just couldn't make me happy.

There was one other place I might find running nirvana, however. Spotify has a selection of running specific original tracks. These aren't collections of songs, they're long pieces of instrumental music designed specifically for you to listen to and zone out while you keep those legs moving. There are six pieces to choose from: The Chase, Blissed Out, Lock the Flow, Seasons, Epic and Burn. Honestly, those first five aren't great. In fact they sound like they were pulled from a library of nondescript royalty-free music. But, like the playlist options, if you're just looking for something to help you keep pace, they do the job.

Burn is different. It's created by Dutch DJ and producer Tiësto, and it's pretty much perfection. I'm not normally a huge fan of Tiësto; he's the sort of artist that plays best in a club when you're pumped full of ecstasy... or so I thought. Burn, once it locks into your rhythm, ebbs and flows with the right amount of energy to keep you running for about 45 minutes, uninterrupted. In that way, it's not unlike LCD Soundsystem's 45:33. But where that song is about simply locking into a groove, Burn is constantly building and shifting to keep you moving and engaged. It feels like it constantly wants you to go faster. When it finally reaches a crescendo, however, it backs off to let you enjoy that runner's zen for a bit before pushing you again with filtered drum buildups. It's cheap shot after cheap shot, but it works beautifully for a nice long run.

Spotify definitely has some work to do with its running feature. I never want to hear Demi Lovato again, and songs about government conspiracies aren't really motivating me to push myself. That being said, the technology part works quite well. I do wish that the running originals and playlists would sample your pace multiple times over the course of a run, rather than stick to a steady pace (I can't help but start to slow down around mile five). But the songs selected rarely failed to lock to my tempo. If the company can get more expertly crafted originals like Tiësto's Burn, it will have something truly special on its hands. For now, I'll be putting my running playlist on the shelf and sticking to Spotify, exclusively because of that track.

http://www.engadget.com/2015/05/31/spotify-is-my-new-running-mate/?ncid=rss_truncated

Filed under: Tecnology No Comments
31May/150

Tesla loses its shot at direct car sales in Texas

If you want to buy a Model S in Texas, you're going to have to jump through some hoops for at least the next couple of years. Bills that would let Tesla sell cars directly to customers aren't going to get a vote before the state's legislative session wraps up on June 1st, leaving the electric vehicle maker high and dry until the next session kicks off in 2017. This doesn't mean that you're completely out of luck if you want Tesla-made transportation in Austin (see above for proof), but you can't simply pick one up.

The setback isn't completely surprising given how fiercely dealership lobby groups fight to protect their business model, but Texas poses some additional challenges. A lot of the state's political clout rests in rural areas, where dealerships are more vital to the community in terms of both jobs and sponsorships. Representatives are more likely to support these local businesses than a California company trying to up-end the dealership model, even if it would help both competition and the environment.

[Image credit: the author, Flickr]

http://www.engadget.com/2015/05/31/tesla-loses-shot-at-direct-sales-in-texas/?ncid=rss_truncated

Filed under: Tecnology No Comments
31May/150

The US will protect Japan against cyberattacks

The US knows that it's not enough to protect its own networks against cyberattacks -- its allies have to be safe, too. Appropriately, it's agreeing to shield Japan from digital assaults against its military and critical systems. The move gives the island nation a big security boost (its online defense unit has a mere 90 people) and hopefully reduces the chances that less-than-sympathetic neighbors China and North Korea will compromise a strategically vital country. While it's doubtful that the pact will deter many hacking attempts, it could make any local cyberwarfare campaigns that much tougher.

[Image credit: AP Photo/Eugene Hoshiko]

http://www.engadget.com/2015/05/31/us-protects-japan-against-cyberattacks/?ncid=rss_truncated

Filed under: Tecnology No Comments
31May/150

Apple says the Watch’s irregular heart rate tracking is intentional

When Apple trotted out its first update for the Watch, fitness mavens were alarmed at the suddenly inconsistent heart rate tracking. Did Cupertino break one of its wearable's signature features? Well, not quite. Apple has posted an updated support page that indicates the change in heart tracking was intentional. Instead of getting your beats per minute every 10 minutes regardless of what you're doing, its new default behavior is to check only when you're staying still. You can still make the Watch check on the move by using the heart rate Glance (above) or starting an activity in the Workout app, but the change risks creating gaps when you're strolling down the street.

It's not clear why Apple changed its device's monitoring habits. There's speculation that the company did this to improve the Watch's battery life, but it's not clear that this is the case -- it could be for the sake of accuracy, for example. We've reached out to Apple for an explanation, and we'll let you know if it has more to say.

http://www.engadget.com/2015/05/30/apple-watch-heart-rate-update-explained/?ncid=rss_truncated

Filed under: Tecnology No Comments
31May/150

Which portable hard drives are worth buying?

With all our computers, phones and cameras, we create a lot of data. And while there are plenty of cloud-based options for storing all the information you generate, many people prefer something they can physically touch. A portable hard drive can give you plenty of control, while still making it possible to carry your data around in your bag. But which drives make it easy to transfer files to them in the first place? And which ones will survive the trips you take them on? We've taken a look at some of the better portable drives available now to find out which ones have the right stuff.

Best portable hard drives

http://www.engadget.com/2015/05/30/portable-hard-drive-review-roundup/?ncid=rss_truncated

Filed under: Tecnology No Comments
31May/150

Solar Impulse begins its sun-powered flight across the Pacific

Solar Impulse has already shown the potential for sun-based aviation in its attempt to fly around the world, but it just embarked on its most ambitious trip yet. Pilot Andre Borschberg has taken off from Nanjing, China on a cross-Pacific flight whose first leg ends in Kalaeloa, Hawaii -- 5,061 miles away. That's about 120 hours in the air, and should set records for both the longest single-seat flight ever as well as the first transpacific flight by a solar-powered aircraft. And did we mention that this leg is even more dangerous than previous parts of the journey? After a certain point, Borschberg's only choice in an emergency will be to bail over the Pacific and hope that his rescue goes smoothly.

There's still a long way to go after this. The next phase will see Solar Impulse travel "just" 2,917 miles to Phoenix, Arizona, and there are still four legs after that -- the last two of which may take nearly as long as the China-to-Hawaii run. It'll be worth the effort if Borschberg and fellow pilot Bertrand Piccard can raise awareness about renewable energy, but this eco-friendly globetrotting definitely isn't for the faint-hearted.

[Image credit: Johannes Eisele/AFP/Getty Images]

http://www.engadget.com/2015/05/30/solar-impulse-begins-cross-pacific-flight/?ncid=rss_truncated

Filed under: Tecnology No Comments
31May/150

Google Calendar won’t send you text alerts after June 27th

We hope you didn't lean too heavily on Google Calendar's text message alerts in order to keep your life organized. Google is warning that Calendar's SMS notifications will vanish for regular users (education, government and work are safe) after June 27th. The search firm argues that they're no longer needed in an era when smartphones give you a "richer, more reliable" heads-up. It's true that modern mobile devices render SMS a bit redundant. With that in mind, this isn't good news if you can't justify a smartphone on your budget, or prefer to keep most notifications off -- you may remain blissfully unaware of an event change until you reach a computer.

[Thanks, Kristy]

http://www.engadget.com/2015/05/30/google-calendar-dropping-sms-notifications/?ncid=rss_truncated

Filed under: Tecnology No Comments