Sheets

Home Improvement – Bedding – Sheets

Sony’s PlayStation Home to Close – The Next Web

You know that PlayStation Home feature on your PlayStation 3 that you never used? After years of little traction, Sony has announced that it s closing the virtual world in the USA 1 and Europe 2 on March 31, 2015. This follows last month s announcement of Home s planned closure in Asia 3 .

Sony blames a shifting landscape for the decision and thanks the tens of millions of Home users since its launch in 2008.

New content in Home will cease to be published from November this year ahead of the full closure.

PlayStation Home Update 4 PlayStation Forums, via Engadget ] References ^ USA (community.us.playstation.com) ^ Europe (www.community.eu.playstation.com) ^ closure in Asia (thenextweb.com) ^ PlayStation Home Update (community.us.playstation.com) ^ Engadget (www.engadget.com)

View article:
Sony’s PlayStation Home to Close – The Next Web

The Bash Bug: What you need to know about the latest security flaw …

Right now, security professionals are scrambling to fix a security flaw some are calling Shellshock. It’s a major vulnerability related to Bash, a computer program that’s installed on millions of computers around the world. There’s been a lot of confusion in mainstream media accounts about how the bug works, who’s vulnerable, and what users can do about it.

In this explainer, I’ll first give a high-level explanation of who is vulnerable and what they can do about it.

Then, for those who are interested, I’ll give a more technical explanation of exactly how the Bash bug works.

Who is vulnerable?

Bash (which we’ll discuss more below) is installed on many computers running operating systems derived from an ancient operating system called Unix. That includes Macs, as well as a lot of web servers running operating systems such as Linux.

Whether these computers are actually vulnerable depends on whether they invoke Bash in an unsafe way. We already know that this is true of many web servers, and it’s believed that other types of network services could also be vulnerable.

But it’ll take a while for security experts to audit various pieces of software to check for vulnerabilities.

(Bwana McCall1)

Apple PCs such as MacBooks don’t seem to be running services that use Bash in an unsafe way. That means they are probably not vulnerable to hacks from across the internet. But we won’t know that for sure until security experts have had time for a careful audit.

Most Microsoft software doesn’t use Bash, so users running Windows PCs, people with Windows phones, as well as websites built using Microsoft software, are probably safe from these attacks.

Also, it looks like most Android phones are not vulnerable because they use a Bash alternative.2

What should I do to protect myself?

Unfortunately, there isn’t a ton you can do3 in the short run. Presumably, Apple will release updated versions of their software soon. So keep an eye out for that on your platform’s software update service, and install it as soon as it’s available.

There’s a good chance hackers will use the vulnerability to create a worm that spreads automatically

There has also been some speculation that a service called DHCP4 might be vulnerable, though this is looking increasingly doubtful.

This is a service that allows laptops, tablets, and smartphones to automatically configure themselves when they log into a wifi network. A malicious wifi router could use the bug to hack into users’ laptops and mobile devices. So if you’re a Mac user, it might be prudent to avoid logging into untrusted wifi networks for example, at coffee shops until Apple has released a security update.

But for the most part, the vulnerability affects servers more than users’ own computers.

So most of the heavy lifting needs to be done by security professionals, not the rest of us.

What could attackers do with this vulnerability?

The bug can be used to hack into vulnerable servers. Once inside, attackers could deface websites, steal user data, and engage in other forms of mischief.

There’s a good chance that hackers will use the vulnerability to create a worm that automatically spreads from vulnerable machine to vulnerable machine. The result would be a botnet, a network of thousands of compromised machines that operate under the control of a single hacker.

These botnets which are often created in the wake of major vulnerabilities can be used to send spam, participate in denial-of-service attacks on websites or to steal confidential data.

As I write this, security professionals are racing to update their server software before the bad guys have time to attack it.

How hard will it be to fix the problem?

From a technical perspective, the fix shouldn’t be too difficult. A partial fix has already been made available5, and a full fix should be released soon.

Bash has been around since the 1980s, and it has become an industry standard

The tricky thing will be that, as with the Heartbleed vulnerability6 earlier this year, Bash is embedded in a huge number of different devices, and it will take a long time to find and fix them all.

For example, many home wifi routers run web servers to enable users to configure them using a web browser. Some of these devices may be vulnerable to a Bash-related attack.

And unfortunately, these devices may not have an automatic or straightforward mechanism for upgrading their software. So old IT devices might have lingering vulnerabilities for many years.

OK, let’s get technical. What’s Bash?

Bash stands for Bourne-Again SHell.

It’s a computer program that allows users to type commands and executes them. If you’re a Mac OS X user, you can check it out out yourself. Go to the Finder, open the Applications folder (from the “Go” menu), then the Utilities folder, and then open “Terminal.” It looks like this:

You can see in the menu bar that it says “bash,” indicating that the program running inside this terminal window is the Bash shell.

The Bash shell understands a wide variety of commands. For example, “cd” stands for “change directory,” and tells the Bash shell to navigate to a new folder on your hard drive. Typing “ls” lists the contents of the current directory, while “echo” prints out text to the screen.

Bash has been around since the 1980s, and it has become an industry standard.

To this day, it’s one of the most popular ways for systems administrators, computer programmers, and other tech-savvy users to execute complex commands on computers.

Because the Bash shell is entirely text-based, it’s particularly useful for administering a computer remotely. Running a Bash shell on a server halfway across the world feels exactly the same as running the Bash shell on your local computer. IT professionals use remote shells like Bash extensively to configure, diagnose, repair, and upgrade servers without having to physically travel to their location.

As a result, Bash is a standard feature on almost all servers that run an operating system not made by Microsoft.

What’s the bug in Bash that people discovered this week?

Bash has a feature where users can set “environment variables” and retrieve them later. It works like this:

That’s a trivial example, but environment variables turn out to be an extremely useful feature when executing complex commands.

So what’s the bug? Here’s a slight variation on the previous example:

The “env” command sets an environment variable (in this case COLOR=red), and then executes a command based on that environment.

Here, it’s executing a second Bash shell which in turn echoes the string “My favorite color is $COLOR.” Because the shell was running in an environment where COLOR=red, it prints out “My favorite color is red.”

The exploit works like this:

Notice that the command “echo I hate colors” doesn’t use the $COLOR variable at all. So if Bash were working correctly, the command “echo vulnerable” should be ignored it’s just random text in a variable that never gets used. So the word “vulnerable” shouldn’t be in the output.

But the malicious string ‘() :;; echo vulnerable” takes advantage of a bug in the way Bash handles environment variables to trick it into treating the string “echo vulnerable” as a command rather than just a string of letters.

Even worse, it does this automatically, even if it’s evaluating a command (like “echo I hate colors”) that doesn’t use the $COLOR variable at all!

Of course, in a real attack, the bad guys would do something a lot scarier than printing out the word “vulnerable.” They’d use this same mechanism to tell your computer to run spyware, send your private files to a remote server, send out spam, or do other bad stuff.

Wait, doesn’t an attacker need to have physical access to my computer to pull this off? That doesn’t sound very scary.

If Bash were only a mechanism for accepting commands from human users, this wouldn’t be such a big problem. The problem is that Bash has also become a popular way for computer programs to invoke other computer programs.

For example, when you load a website with dynamic content on it, the server handling the request may be using Bash commands to access the information you requested.

So while most people never use Bash directly, we’re all using it constantly indirectly as we’re browsing the web.

The problem is that Bash hasbecome a popular way for programs to invoke other programs.

Even worse, when a computer program uses Bash to invoke another computer program, it often uses environment variables to pass along user inputs. For example, when you visit a website, your browser sends the server a variable known as the “User Agent,” which tells the server something about which browser you’re running. (In my case, I’m running Chrome.)

Web servers often set this user-agent string as an environment variable before using Bash to execute code that generates the web page the user asked for. That allows the server to generate a different website for mobile and desktop browsers, for example.

But malicious parties can manually change their user-agent variable to contain, not a textual description of their browser, but a snippet of malicious code.

And if they then visit a server that invokes a vulnerable version of Bash, the server will automatically execute this code, allowing the attacker to hack into the server.

Is anyone actually taking advantage of this bug?

Yes. Malicious software exploiting the vulnerability has already begun to appear7 online.

Correction: I originally stated that mobile devices running Android and iOS run Bash, but that appears to have been incorrect. Most Android phones ship with a competitor8 that, so far, does not appear to be vulnerable.

I’ve updated the article accordingly.

Also, I stated that a software patch to Bash would fix the problem, but it has since been discovered9 that the fix is incomplete.

References

  1. ^ Bwana McCall (www.flickr.com)
  2. ^ Bash alternative (en.wikipedia.org)
  3. ^ isn’t a ton you can do (twitter.com)
  4. ^ service called DHCP (blog.erratasec.com)
  5. ^ made available (seclists.org)
  6. ^ Heartbleed vulnerability (www.vox.com)
  7. ^ begun to appear (arstechnica.com)
  8. ^ competitor (en.wikipedia.org)
  9. ^ discovered (access.redhat.com)

If It’s Heat Your Phone Seeks, Try a Thermal Camera | Re/code

The smartphone camera has come a long way from the days when blurry phone photos would only suffice if a dedicated camera wasn t available.

Its small build boasts features like optical image stabilization1, face detection and burst mode for shooting fast-moving subjects. Yet, it still can t do anything crazy like telling how hot or cold an object is just from looking at it.

Or can it?

This week, I tested a seriously cool (and hot) device: The Seek thermal camera. It weighs half an ounce, measures just three inches long and plugs into an iPhone or Android smartphone so you can see in the dark.

You do this by holding up your phone with the Seek thermal attached, aiming it at an object in front of you and seeing hot or cold represented by colors on your screen. An on-screen button lets you toggle between still photos and video.

Starting today, this tiny camera is sold online2 for $200. This price is pretty remarkable, considering that industrial versions of thermal cameras used by firefighters, police and contractors cost between $3,000 and $5,000 and those prices are lower than ever in the past 10 years.

I ve been testing the iPhone version of the Seek thermal camera, and I found it fun to use.

It s more of a niche product and, in my life, worked mostly as a parlor trick.

I used it to snap a thermal shot of my boss, Walt Mossberg, holding a chilly iced coffee.

Jump to Link in ArticleJump to Link in Article

He returned the favor with a lovely shot of me, which portrays me as a cartoon character with cold lips.

Jump to Link in ArticleJump to Link in Article

When I snuck into my son s nursery to check on him at night, as I usually do, I used the Seek thermal camera instead of my flashlight, and saw a hot glow coming from his crib.

Jump to Link in ArticleJump to Link in Article

The Seek thermal camera also works for more functional purposes. For example, if you had raccoons in your neighborhood and your dog didn t get along with those raccoons, you could hold your Seek thermal camera up and scan your backyard for raccoons before letting your dog out at night. You could hold it up to the ceiling to figure out exactly where water was pooling.

Or you could scan a parking lot for people before walking out to your car alone in the dark.

Seek Thermal, a Santa Barbara-based startup, collaborated with Raytheon and Freescale Semiconductor to build this tiny camera. It s competing against an existing alternative the $349 Flir One3 from Flir Systems, a well-known company in the thermal-imaging world. Along with its comparatively higher price, the Flir One is limited by design: Its thermal camera is housed in a phone case that currently only fits the iPhone 5 or 5s.

Both Flir Systems and Seek Thermal have made their technology workable with other devices, so we may see thermal functions built into smartphone cameras sometime in the not-so-distant future.

This would let people skip the step of plugging in a thermal camera, like Seek, or putting the phone in a special case, like the Flir One.

The Seek thermal camera s corresponding app is well done, but I only tested a prerelease version of it; it s expected to be released in the Google Play and Apple App Store in about two weeks.

Jump to Link in ArticleJump to Link in Article

My three favorite features in the app were an on-screen temperature indicator that shows the hottest and coldest temperatures in any shot, a slider that lets you glimpse something with or without thermal detection, and the app s variety of 16 thermal-camera colors.

Since you won t want to keep the Seek thermal camera plugged into your phone, it comes with a hard case that can attach to a keychain.

Most people will do what I did, taking this camera out once in a while for short spurts of time.

That s a good idea, because the Seek thermal camera uses your phone s battery to operate.

Jump to Link in ArticleJump to Link in Article

In the company s extreme use-case scenario test, which kept the iPhone display on and the camera on and plugged into an iPhone 6 with Wi-Fi, Bluetooth, GPS, cellular and cellular data on, and screen brightness at 50 percent, the iPhone battery died after three hours and 42 minutes.

In Re/code tests, the iPhone 6 battery lasted 14 or 15 hours in normal use-case scenarios without any cameras attached.

For now, the Seek thermal camera is fun for a little while, but most people will be frustrated by having to take it out and plug it into their smartphones.

Unless you have a specific use case for this technology, you won t mind waiting to use its features when they are built into smartphone cameras.

References

  1. ^ optical image stabilization (www.apple.com)
  2. ^ sold online (thermal.com)
  3. ^ $349 Flir One (www.flir.com)

Login

Categories

157687
Visit Today : 467
Visit Yesterday : 584
This Month : 16132
This Year : 142626
Total Visit : 157687
Hits Today : 20888
Total Hits : 5152945
Who's Online : 25