Monthly Archives: June 2018

Verizon launches a third unlimited plan

Verizon is launching a new service plan today called Above Unlimited, which is the third unlimited plan the carrier currently offers. As the presence of three “unlimited” plans might indicate, none of these plans really offer unlimited data, but Above Unlimited at least offers the most not-unlimited data out of the three plans: you’re only subject to throttling after using 75GB of data a month, or 20GB of usage as a hot spot. After those limits, your plan is subject to throttling “in times of congestion” until your allotment resets.

The new plan starts at $95 per month for a single line. That’s $10 more than the Beyond Unlimited Plan, which offers 22GB of data and 15GB of hot spot usage before throttling, and $20 more than Go Unlimited, in which you are subject to throttling immediately, all video is compressed down to 480p quality, and hot spot speeds are limited to 600Kbps. Clearly, Verizon’s worried about streamers (at least the ones who aren’t using Go90).

I’m not actually clear on how often or how substantially Verizon throttles Unlimited subscribers who go beyond their cap, but the fact that Verizon is offering this third tier suggests it must be doing enough to cause people problems. It’s good that Verizon is at least offering a larger data option for those who need it, though it could be clearer about what “unlimited” really means.

The carrier is announcing another helpful update today: for families using unlimited plans, it’ll now allow different phones to have different versions of the plan, instead of requiring every line to use the exact same service option. That might allow parents, for instance, to put their kids on the cheaper plan, while they opt for a more expensive one for themselves. Those changes and the new Above Unlimited plan will all become available on June 18th.

Customers of Verizon’s Go Unlimited Plan are subject to throttling immediately, without reaching any kind of cap. This article initially said the plan “doesn’t appear to have a cap,” which was technically right… but not in the way I meant it.


via:  techtends

Google is hiring people to work on improving visits to the doctor’s office with voice and touch technology

Google is hiring people to work on improving visits to the doctor’s office with voice and touch technology

Google is beefing its healthcare-focused Brain research team to build the “next gen clinical visit experience,” according to internal job postings.

The team already has a study with Stanford Medicine that aims to use artificial intelligence and voice recognition to automatically generate electronic health records.

Google is beefing up an early-stage research project called Medical Digital Assist as it explores ways to use artificial intelligence to improve visits to the doctor’s office.

In particular, it wants to use voice recognition to help physicians take notes.

Four recently posted internal job openings viewed by CNBC describe building the “next gen clinical visit experience” and using audio and touch technologies to improve the accuracy and availability of care.

The project falls under falls under the healthcare group on Google Brain, part of its Google AI division, and is sometimes referred to internally as “Medical Brain.” It has the “ambitious goal” of deploying tests with an external health-care partner by the end of the year, according to one job listing.

The project would likely take advantage of the complex voice technologies Google already uses in its Home, Assistant, and Translate products.

Late last year, the healthcare-focused Brain team, co-founded by product manager Katherine Chou, launched a “digital scribe” study with Stanford Medicine to use speech recognition and machine learning tools to help doctors automatically fill out electronic health records, or EHRs, from patient visits. For physicians, it can be a laborious, frustrating process: Doctors spend nearly two hours on documentation per hour of direct patient care, according to a recent study.

Dr. Steven Lin, the Stanford physician spearheading the research with Google, told CNBC the challenge is an AI-powered speech recognition system needs to accurately “listen in” to a patient visit and simultaneously parse out the relevant information into a useful narrative.

“This is even more of a complicated, hard problem than we originally thought,” he said. “But if solved, it can potentially unshackle physicians from EHRs and bring providers back to the joys of medicine: actually interacting with patients.”

Accuracy is another big issue because a simple mistake like a computer notating “hyper” versus “hypo” can be potentially life-threatening, especially if the doctor doesn’t thoroughly check the note.

The first phase of the Brain study will conclude in August. Lin said both parties plan to renew the collaboration for a second phase for at least another year.

Google’s recent job postings indicate that the company is looking to further build its team and invest more resources. One opening for a medical assist product manager looks for someone who can advance its research by driving business deals, including commercial and legal terms.

A Google spokesperson declined to comment on the job postings but pointed CNBC to its study with Stanford. Brain’s healthchare team has also worked with top hospitals to use its machine learning expertise to predict when patients might get sick.

Vision vs. reality

Lin and Google have not discussed the commercialization of any tool that could eventually result from their research, but he’s optimistic about how smart EHRs could cut down on doctor burnout.

“If something like this actually existed, I think you’d have practices and hospitals tripping over themselves to get it at whatever cost,” he said.

Alphabet isn’t the only technology company tackling this problem.

A start-up called Augmedix is arming doctors with Google’s Glass headset to capture interactions with their patients. Remote scribes in Bangladesh will write up what they see through the device’s camera so it can be quickly stored in the medical record.

Augmedix CEO Ian Shakil pointed to another challenge with relying on AI, without humans involved: “Real-world patient conversation is meandering, goes off topic, includes a lot of non-verbal (cues) and so on.”

In addition, Microsoft is collaborating with the University of Pittsburgh Medical Center on its own Intelligent Scribe system. Amazon is also working on technology to take unstructured data from electronic medical records to identify an incorrect code or the misdiagnosis of a patient, CNBC has reported.

Venture capitalists have backed a slew of start-ups like SayKara, Notable and Suki, which are all trying to bring Alexa-like voice assistants into doctor’s offices, too.


via:  techtends.

Apple Banned Cryptocurrency Mining; Where is the Outcry?

Apple has added new language to its App Store review guidelines related to cryptocurrency. Under the Hardware Compatibility section, Apple now states that “apps, including any third party advertisements displayed within them, may not run unrelated background processes, such as cryptocurrency mining.”

In addition, an entire section on cryptocurrencies states the following (bold added by us for emphasis):

Apps may facilitate virtual currency storage, provided they are offered by developers enrolled as an organization. “In addition, apps may not mine directly for cryptocurrencies, unless the mining is performed in the cloud or otherwise off-device. Apps may “facilitate transactions or transmissions of cryptocurrency on an approved exchange, provided they are offered by the exchange itself,” although apps facilitating Initial Coin Offerings (“ICOs”) must originate from “established banks, securities firms, futures commission merchants (“FCM”), or other approved financial institutions.” And finally, cryptocurrency-related apps “may not offer currency for completing tasks, such as downloading other apps, encouraging other users to download, posting to social networks.

The obvious implication here is Apple doesn’t want mining performed on the device itself as mining in the cloud is OK. The company is obviously concerned about battery life and device performance.

There has been tremendous growth in mining because users have interest in doing so. This restriction, being put in place after devices were bought, is unfair to consumers who were not aware this change would happen.

The decision is arbitrary and doesn’t seem to serve a purpose.
In order to get around this restriction, users will be forced to jailbreak their devices.

For an alternative perspective, we reached out to Ivan Likov the Founder and Lead Developer at Phoneum. His company has developed a specialized algorithm that mines for cryptocurrency on a mobile device but they do it efficiently. In fact, in an interview, Ivan said there is only 14% drain over 24 hours on newer devices. The algorithm monitors battery and device temperature and stops mining if needed.

He also mentioned it is more efficient to mine Phoneum than bitcoin. In fact, Phoneum was developed exclusively for mobile devices – allowing the power of mining, blockchain and cryptocurrencies to come to the smartphone.

In our discussion, he pointed out that there are many applications which can drain far more battery and resources than his particular application.
Apple takes the experience of its users very seriously – enough to secretly slow down the processor on their older phones so the battery life would increase. When they were caught doing so they were faced with 59 class-action suits and decided to lower the cost of battery replacements for a year and
introduced new battery settings in iOS that would allow users to prevent speed throttling.

Although this is a different situation, the idea is the same. Apple changed the rules, after the fact. Moreover, they clearly feel there are no ethical issues with crypto mining as they allow it to take place in the cloud… They have just decided that on their end-user devices, it will no longer be allowed.

This is the week where Net Neutrality was repealed and the head of the FCC is facing death threats because consumers think it may one day be possible for an ISP to slow or stop the transmission of certain websites. Apple just cut off over a billion devices from taking advantage of one of the most popular tech trends of the last decade – will there be equivalent concern? Should there be? What do you think?


via:  tmcnet

Apple Removes IPhone USB Access Feature, Blocking out Hackers, Law Enforcement

Apple said an upcoming iOS software update will remove the infamous iPhone USB access feature, blocking out both hackers – and law enforcement – from accessing a locked phones’ data via the device port.

Apple confirmed that new upcoming default settings will disable the iPhone’s Lightning port, its charging and data port, an hour after the iPhone has been locked.

“At Apple, we put the customer at the center of everything we design,” an Apple spokesperson told Threatpost in an email. “We’re constantly strengthening the security protections in every Apple product to help customers defend against hackers, identity thieves and intrusions into their personal data.”

This means that users can still charge their phones, but will not be able to continue to transfer data to and from their device until they enter the passcode.

The move blocks off several devices (some of which have been used by federal law enforcement agencies) that have been designed to hack into iPhones via the Lightning port.

One such device, called the GrayKey box, has been known to unlock iPhones using the Lightning port to install software that cracks the passcode of an iOS device. Reports have found that several federal agencies – such as the FBI – have used the device, made by a company called Grayshift, to unlock up-to-date iPhones.

The move may also protect against Cellebrite’s UFED devices, forensic tools for iPhones and iPads that can reportedly unlock iOS devices.

“The fact is that this method of access presents a vulnerability, and Apple has made a calculated decision that they’ll see a better return on fixing that vulnerability than continuing to allow it to be exploited,” Tim Erlin, VP product management and strategy at Tripwire, said in an email to Threatpost.

In beta versions of iOS 11.4, Apple had first introduced a rudimentary version of the feature called USB Restricted Mode. This feature disabled USB access to the Lightning Connector after seven days.

In the case of USB Restricted Mode, the Apple spokesperson told Threatpost the company  learned that possible vulnerabilities exist in how iOS handles USB devices, and thus commenced a thorough review of the code, improving the security of many pieces of the USB stack.

The Apple spokesperson said additional mitigation was added which would remove the USB as an attack surface when customers don’t need it, without negatively impacting the user experience.

Apple told Reuters it will be permanently available in a forthcoming OS release.

Apple’s Rocky Past With FBI

Apple has had a long bumpy history with federal law enforcement when it comes to unlocking iPhones.

That conflict escalated in 2016, when Apple refused to comply with an FBI request to unlock the iPhone of the San Bernardino gunman who killed 14 people in 2015.

Apple CEO Tim Cook at the time said in an open letter: “Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”

When it comes to the new USB security measure, meanwhile, Apple said in a statement to Reuters that the move is directed toward hackers and bad actors instead of law enforcement.

“We have the greatest respect for law enforcement, and we don’t design our security improvements to frustrate their efforts to do their jobs,” the Apple spokesperson told Threatpost in an email.

Despite Apple’s assurances, the move may continue to sour the relationship between the phone giant and the government, experts say.

“This move shows that Apple is putting the consumer’s privacy first, at least in this instance,” Troy Kent, threat researcher at  Awake Security,  told Threatpost. “It’s better for the general consumer and also likely for organizations. Will it sour the relationship between Apple and the law enforcement in the future?  I’m sure.  But that doesn’t mean there won’t be another exploit out sometime soon that doesn’t require a USB connection.”

Erlin, for his part, said that law enforcement in the U.S. will certainly be impacted by this most recent move by Apple.

“This isn’t the first time that we’ve seen tension between Apple and law enforcement,” Erlin told Threatpost. “While Apple’s position is that addressing this vulnerability is for the benefit of customers in countries where there are fewer legal protections around seizing devices, there’s no doubt that it will impact law enforcement in the United States as well.”


via:  threatpost

Consumers Choose Easy Login over Passwords

A majority of consumers who participated in a recent study said that if they had their druthers, they would prefer account logins that do not require passwords. According to a study conducted in April 2018 by research firm Blink and authentication technology company Trusona, over 70% of consumers would opt for alternative authentication logins rather than traditional usernames and passwords, reflecting the evolution of user behavior with regard to password practices.

Between 1 April and 21 April, 148 people took part in the study. Without knowing the full extent of what information was being collected on them, consumers agreed to participate and interacted with a gift-idea–generation site. They were required to log in to the site three times a week, but they were given two different login options, “easy” and “classic.” The classic login required entering a username and password, while the easy option allowed customers to log in with alternative authentication factors that did not require a username and password.

“Because of the masked nature of this study, careful consideration needed to be made in designing the study and methodology to ensure participants were not aware of the actual purpose of the study,” the report stated. For the purposes of this use case, the end customer already had the Trusona Gifts service app installed and had a username and password for the service.

Of the total participants, 84% chose easy at least once, while only 47% chose classic at least once. There were a combined total of 1,704 login attempts, with 1,331 being successful, indicating a 78% successful login rate. “Among Classic logins, there were 370 failed attempts out of 847 total attempts to log in for a success rate of 56%,” the report said.

“This report shows that consumers are ready to move beyond passwords and usernames to more secure authentication methodologies,” said Robert Capps, VP and authentication strategist for NuData Security. “Using a multilayered authentication framework that combines behavioral analytics with biometrics allows companies to verify users accurately without adding unnecessary friction and detect any unauthorized activity before it enters the environment.”

“Multilayered solutions that include these technologies analyze hundreds of data points throughout a session and create an evolving profile of a user across the sessions,” Capps continued. “Passive biometrics and behavioral analytics are technologies that can provide this level of monitoring without adding friction to legitimate users, thus creating more convenient experiences for users.”


via:  infosecurity-magazine.

3 Common Online Scams People Still Fall For In 2018

It’s 2018 and you’d think humanity would have stopped falling for online scams. After all, when you get an email from a Nigerian prince, you send it straight to your trash, right? Unfortunately, the truth is that if no one was still falling for that particular scam, you wouldn’t still be receiving those emails.

But even those more savvy among us, there are still common online scams we fall for. Yes, even people who work in the tech industry sometimes make stupid mistakes, which is why online scamming is still going strong in this day and age.

What exactly are people falling for? Here are 3 common scams still prevalent in 2018.

The common phishing scam

Phishing has been around for a while, but it’s somewhat understandable that people still fall for it. If you’re not familiar with what exactly phishing is, this refers to when an email or website sends you to a login page that looks like a site you frequent. When you enter your login details, you give them straight to the scammers.

Even if you’re well aware of phishing scams, it’s still possible to fall for them. When done well, the scammers create a landing page that looks exactly like the one they’re emulating. The email that leads you there is sent from a legitimate-seeming email address and has none of the usual spelling mistakes.

You can prevent yourself from falling for phishing scams by using a password manager, which will only input your details if it can verify the site. This way, you’re safe from your own self-destruction! Take a look at Bestonlinereviews for a comparison of the best password managers.

The CEO scam

Depending on what work you do, you may send hundreds of emails off every day. Some of them are simple intra-business responses, with important information or just a reply to a meeting request. Because of this, it’s not that difficult to fall for what some call the CEO scam.

This scam is carried out by people who know exactly what they’re looking for. They send you an email purportedly from your boss, from an email address that looks legitimate. Since you send so many emails of this kind, you reply with the sensitive information or documents they have requested.

Avoiding this scam requires you to be more vigilant. Before you send any sensitive information, make sure you’re sending it to the same email address you always use for the recipient.

Online dating scams

Online dating scams have evolved over the years, and there’s a number of reasons they still work. The first is that people on dating sites are lonely and more primed to responding to attention from attractive potential partners. The second is that until you meet face-to-face, intimacy can be easily faked. We all hate to admit it, but text messaging portrays very little of you or the person you’re talking to. Even charming phone calls can be faked, although less easily.

Meeting in person sooner rather than later is the best way to avoid this scam. Otherwise, you might get fooled into lending some money to someone you think you know. Alternatively, you’ll waste time getting to know someone and when they ask for money, you’ll be disappointed and furious with yourself.

Watch out for these and other scams whenever you are online.


via:  404techsupport

Maintaining Security and Privacy in Today’s Online Environment

This is a topic with huge scope so we will break it up into several articles. In this article we will focus on your IP address – the single-most piece of information that ties your internet browsing to your personal identity.

Why hide your IP address?

Regardless of your intent or lack thereof, every step you take on the Internet, whether it’s browsing your favorite sites, or buying from an online store, or commenting in a forum – each step leaves traces in the logs of Internet servers.

Once you launch your browser and start browsing online, your browser voluntarily informs all servers who request it, of your IP address, as well as the type of operating system that you are running, and a host of other information about your computer .

Maybe for you this information is useless, but for a person with IT skills and malicious intent, it is the door to your computer, they just need to pick the right “keys” (and this is just a matter of technique).

Aside from hackers gaining access to your computer there are other reasons why you would want to hide or mask your IP address.

For example, you may want to hide your geographical location to access content that may not be available in your location. You may want to prevent tracking of your activities on the web. Or you may want to get around various restrictions interfering with your ability to access content that you’re interested in.

Hiding your IP allows you to accomplish this.

How You Can Hide Your IP Address

There is a number of options available to you; most requiring very little technical expertise.

Listed below are four ways you can hide your IP address and maintain a higher level of anonymity when browsing the Web.

  • Use a VPN Service
  • Use the Tor Browser
  • Use a Proxy Server
  • Use Free/Public WiFi

Covering each of the listed options is outside the scope of this article, but the information presented above should be enough to get you thinking about your privacy online, the reasons why you may want to hide your IP and the different ways that you can do so.


via:  404techsupport

How to get the most cloud security

User education is more effective than the best security technology alone.

One of the leading causes of data breaches is internal negligence due to poor training, according to the Ponemon Institute.

But when the staff is educated and instructed on the proper practices, the risk of cyberattacks or data leaks can be reduced. Infact, you can reduce your risk more this way than with just the use of modern cloud security software and best security practices.

Unfortunately, most companies just try to toss technology at security problems. Even when they do an amazing job locking up their cloud-based systems, they still run a high risk because staffers are now the biggest security hole, and the only way to plug that hole is through training.

Training incudes issues as rudimentary as not giving out user IDs and passwords when somebody calls or emails. Or having with policies around the storage of company data on laptops that can be easily stolen, and security policies that should be followed by all.

If you send out simulated phishing emails, you’ll find that about 3 to 5 percent of your employees will send back sensitive security credentials, thinking that it’s a legitimate source. Evenmore will respond and provide their current credentials if they are sent to a fake site to “change their passwords.”

Security training is not sexy. But it’s one of those things that needs to be done; otherwise the best cloud security won’t work.

This training should be funded by IT, and not by human resources departments. If IT does not have skin in the game, not much is accomplished, and the likelihood is that the training loses steam over time. This training should be routine, consistent, and ongoing.


via:  infoworld

Why Using a VPN is a Smart Move

A VPN is a Virtual Private Network, and it is used to protect your Internet traffic from anyone who wants to intercept your data and monetize your personal information. The ubiquity of online transactions processing today is such that everyday folks cannot afford to be without a VPN. Most every payment, and online communication is conducted over the Internet. This is rapidly gaining momentum in developing countries too.

The Internet is peppered with security challenges, not least of which are cyber criminals and government snooping around in your personal data. Privacy is being challenged on every level, and it behooves folks to take all necessary precautions to guard against such activity. This type of nefarious activity is easily achieved when users do not take the necessary precautions against third parties. Antivirus software is one thing, but that does not shield your online browsing activity against hackers who are trying to intercept your personal data.

Your online footprint is something that can be masked from prying eyes. If there are no traces of where you have been, it’s virtually impossible to identify you personally. VPNs create what is known as an encrypted tunnel whereby all your online communications are masked by remote servers and VPN services. Think of the tunnel as a shield against anyone seeing what you’re doing. When you use a VPN service to mask your traffic, your computer assumes the identity of the VPN server.

In other words, you could redirect your traffic flow from your current location in position X to another location with a VPN server located in position Z. Your data connects with the VPN server somewhere else around the world, and when it exits that VPN server, your IP address is cloaked by the IP address of the VPN server. While you’re still using your computer and its IP address to connect to the VPN server, the only traffic that will be ‘seen’ will be coming from the VPN server address.

Why Is a VPN Service Essential to Your Online Browsing Activity?

One of the most obvious benefits of using a VPN service is when you are utilizing public Wi-Fi at the airport, a hotel, a library, coffee shop, on an airplane etc. Anyone on that public network can easily intercept your communications and steal sensitive personal information. It’s impossible to know what the intentions are of everyone using public Wi-Fi – there are nefarious actors in the mix. Sometimes, it’s difficult to know if the Wi-Fi network that is being provided is a legitimate Wi-Fi network, or simply one created by a cybercriminal designed to hack into your personal information.

Another issue to take into account is the sensitivity of your information – login data, browsing history, files, folders, bank records etc. With a VPN service, nobody can intercept that information since they don’t know what your IP address is. Anyone can name a Wi-Fi network anything that they want to – this doesn’t legitimize it in any sense of the word. For example, JFK Airport Internet or Hilton Hotels Internet, or Holiday Inn Express Wi-Fi may not the de facto Wi-Fi networks for these places – they could be fake names created to trick you. And then there’s the issue of why a VPN service is especially beneficial to your browsing activity. A great place to start on your VPN quest is an aggregator site that reviews the pros and cons of each service. For example, this HMA VPN review lists all the attributes of Hide My Ass, one of the most popular pay-to-use VPN services on the market today.

HMA is a user-friendly service that you can use to access content that is only available outside of your country. Maybe you’re looking for the latest rugby or cricket broadcast from a domestic competition, and you are based outside of the UK, in the US. You could reroute your Internet traffic through a UK server and access that information free, such as live streaming news updates, live sports broadcasts etc. In countries like China the Internet is severely limited, and this necessitates the use of VPN services to access information. Since VPNs are designed to encrypt traffic, they are identity protecting tools. The VPN you choose to use may be designed expressly for Mac operating systems or Windows Operating Systems, and often there are differences between them. When it comes to mobile Internet security, VPNs work a little differently, and a greater level of sophistication is needed to encrypt your data.

Who Is Spying on Our Data?

It’s hard to say who is or isn’t actively spying on data, recording data, or monitoring online communications. One thing is certain – your online browsing activity is always more readily accessible when you don’t use a VPN service. Whether the NSA, FBI, CIA, Secret Service, local law enforcement, or criminals are viewing your data is less important than the fact that they can snoop around in your private business if they want to. However, if you use a VPN service that does not maintain logs, your Internet traffic is encrypted against all advances.

Be advised that not all VPN services are cut from the same cloth. Most of these are profit-seeking organizations that will willingly cooperate with the authorities if required. That means they will hand over logs if subpoenaed. Certain VPN servers are operational in countries where the long arm of the law does not have any reach, such as Panama. VPNs are not failsafe since they don’t remove cookies from Web services – but that’s a story for another day.


via:  404techsupport.

WhatsApp users targeted by homoglyph attack peddling free tickets to theme park

WhatsApp users targeted by homoglyph attack peddling free tickets to theme park

Do you see anything suspicious in the message displayed above in this article’s featured image?

Alton Towers is giving away 5 free tickets to 500 families

Many WhatsApp users would probably view it as innocent enough, appearing to offer free tickets to a British theme park. Indeed, some might be so convinced that the message is legitimate that they forward it on to their own friends and family via WhatsApp, hoping to increase the chances of their loved ones enjoying a free day out at Alton Towers.

But the truth is that clicking or sharing the link could put you, or your nearest and dearest, at risk of being scammed by internet fraudsters.

The message should not only be treated with caution because it seems too good to be true but also because when examined closely there’s evidence that the message isn’t all it claims to be.

The clue is in the URL, reported The Sun.

Do you see the dot above the “o” in The “o” is in fact an “ȯ” – a regular “o” with a dot, or diacritic mark, placed above it.

It’s not a character that many of us are used to seeing, but it is used in some central European languages, and for that reason, it’s supported by Unicode. Unfortunately, technology’s admirable ability to handle a wide variety of languages comes at a price – fraudsters are able to abuse the feature to trick you into believing that you are reading something different from what is being shown.

This is known as a homoglyph attack in that it exploits the close similarity between two different characters. For years, scammers have been duping unsuspecting internet users into clicking on dangerous links by using the simple technique.

Most users will never notice the dot, especially if it’s displayed on a screen as small as a smartphone, and so may think it is perfectly safe to click through to the website where they will be encouraged to take an online survey and forward the message to 20 of their friends.

And once on the bogus website, they may believe that they are on the real and think nothing of entering personal information for the empty chance to win a family day our on the rollercoasters.

Scam website

It’s not a new method of attack, but it’s a remarkably effective one. And until messaging apps like WhatsApp begin to apply some of the methods that desktop browser users can use to protect against homoglyph attacks, we’re likely to see more and more of them.

Users should also familiarize themselves with common phishing attack types so that they are less likely to click on a suspicious link, email attachment or text message.


via:  tripwire