Frequency Aggregates All Free to Watch Videos, Thinks it is a Big Enough Market

FrequencyKeeping yourself updated on free-to-watch videos on the internet is quite different. You have to subscribe to different channels on different platforms, making it difficult to keep up with the latest videos.

There’s a company just trying to solve that problem. Meet Frequency. Continue reading Frequency Aggregates All Free to Watch Videos, Thinks it is a Big Enough Market

How to Avoid Accidental TV Show Spoilers on Social Media [iOS, Android, Google Chrome]

Game of Thrones is back on TV, and has wasted no time in delivering the shocking game changers that it’s famous for. Over the past three seasons, the show has managed to amass a massive and vocal fan base. The HBO original based on the fantasy books “A Song of Ice and Fire” invariably manages to trend every week soon after it airs. However, for those of us who haven’t read the books and don’t watch the show during its initial broadcast, this poses a big challenge. Short of completely avoiding Twitter and Facebook, it’s almost impossible to remain spoiler free among all the #redwedding and #purplewedding chatter. Thankfully, as always, there’s a better and an easier solution!

Spoiler-Shield-Main

The first option is an Android and iOS app called Spoiler Shield. It is actually a Twitter and Facebook client, which automatically hides everything on your stream about the TV series that you don’t want to get spoiled about. Spoiler Shield also supports NBA, NHL, MLB, NFL, and other sports and live events. It ships with a list of shields, and all you need to do is enable the ones that you want.

Shields-in-Spoiler-Shield

Spoiler Shield is well designed, intuitive, and easy to use. However, quite obviously, it can’t replace dedicated Facebook and Twitter clients. It probably isn’t even meant to do so. You should probably only use it when you’re weary of getting spoiled. For example, the day of the Academy Awards, the day Netflix releases House of Cards, and of course the day Game of Throne airs. All the essential options including tweeting and retweeting for Twitter, and liking and replying for Facebook are included. Blocked posts are replaced with a shield, and in case you can’t hold your curiosity, you can double tap to reveal the hidden content.

Spoiler-Shield-Twitter-Stream

Spoiler Shield promises that a Google Chrome extension is also in the works. However, there’s another similar solution called Silencer that desktop users can use in the meanwhile. Silencer is a Google Chrome extension, which promises to filter spoilers from your social media feed. Like Spoiler Shield, it also comes with pre-configured block lists. Here, they are called Mute Packs. Once again, both TV shows and live events (AFC and NFC matches) are supported. The number of filter packs in Silencer is fewer than Spoiler Shield, but you can manually add terms that you wish to block.

Silencer-Mute-Packs

No automated filtering technology is going to be perfect. However, these two free utilities should make it easier to avoid accidentally spoiling yourself. Take them for a spin, and don’t forget to let us know how well they worked for you.

TruePlex for Android Shows How Risky Your Installed Apps Are

Earlier today, the FTC announced the terms of its settlement with the free torch app “Brightest Flashlight”, which had surreptitiously collected real-time location data of its users and sold to advertisers. Although Android doesn’t allow you to modify the permissions that an installed app has, Google does display the permissions that an app is requesting before you install the app. A privacy breach like the “Brightest Flashlight” incident can easily be avoided by paying attention to the permissions that an app requests. For example, there is no valid reason for a torch app to access your location. If you find that an app requests more permissions than justifiable, it might be best to simply avoid it and pick a less nosy alternative.

The trouble is that if you have been using Android for a while, you must have already installed dozens of apps. Manually reviewing their permissions is a cumbersome process that very few users will be willing to undertake. This is where a new app called TruePlex can help.

Trueplex-Android-App

TruePlex is a new app which does one simply thing. Once installed, it cross-references the apps installed on your phone with its database, and generates a report with a rating (lower is better) for each identified app. The rating is based on the amount of access the app has to private data. A higher rating doesn’t necessarily mean that there is something is wrong, but it does indicate that you should take a closer look at the permissions the app is requesting. Tapping on any of the app icons in the report opens up a new page which lists all the permission an app has. While it makes sense that your SMS app will have access to your messages and contacts, be wary if a random game requests the same permission.

TruePlex-Android-App-Security-Report

TruePlex looks and feels like something hacked together over a weekend. The app basically has a single screen, and all it does is prepare a report of the permissions that apps installed on your device have. Quite appropriately, TruePlex itself doesn’t request any special permission. This will perhaps instantly make it As soon as you hit the “Let’s Go” button, you are taken to your web browser, where your report is displayed. You also have the option of creating an account on the TruePlex website. This will allow you to compare you device score with other users.

TruePlex-Android-Security-Report-Detail

To be fair, the app is very basic, the report is ugly, the website is buggy, and there’s still a lot of work to be done. The database is still small, and not all of your apps are rated. I’m sure that if it gains popularity, we’re going to see a lot more polished app in the coming weeks. I’d definitely want to see it automatically figuring out what permissions my installed apps have, and generating a report even if the app isn’t in the TruePlex database. Nevertheless, the app is already quite useful and worth a download. The app is essentially similar to BitDefender’s Clueful app. However, TruePlex is a lot more lightweight, and requires no permissions for itself. On the flip side, the report lacks the succinct one line summary that Clueful provides.

[ Download TruePlex ]

The Heartbleed FAQ – Everything You Should Know About It

Heartbleed The interwebs is awash with reports and speculations about the Heartbleed. Post-Y2k it’s difficult to recall any occasion when a security vulnerability managed to gain such widespread attention. But, exactly what is Heartbleed? Here’s a quick summary of everything you need to know about Heartbleed.

What is Heartbleed?

Heartbleed is a critical vulnerability in the OpenSSL library. The official designation of this bug is CVE-2014-0160. SSL stands for Secure Sockets Layer and is a standard security technology for establishing an encrypted link between a web server and a browser. This bit of technology essentially ensures that no one can peek into the data sent between you and the webserver. Every website with an URL that begins with https:// (often indicated by a padlock in your browser’s address bar) uses SSL to keep data, including the authentication information that you key in, private. OpenSSL is an extremely popular open source implementation of this protocol.

Heartbleed is a bug in the OpenSSL code, which can be theoretically be leveraged by an attacker to gain access to data transmitted between you and the webserver. This means that theoretically the attacker can see all of the data that you enter into an affected website, including your username and password. There has also been speculation that the bug can enable the attacker to gain access to a server’s private key. This would essentially allow the attacker to impersonate any web service and conduct MTM (man in the middle) attacks. This would force every affected website to revoke and reissue their certificates. However, there’s still debate about whether this worst case scenario is possible or not. CloudFlare has declared that after extensive testing it has been unable to grab private SSL keys by exploiting Heartbleed.

Update: The CloudFlare challenge has been cracked. So, it’s possible to access a server’s key with this exploit.

How did this happen?

Contrary to the conspiracy theories buzzing around the social media websites and discussion boards, there is a very simple explanation behind how the Heartbleed vulnerability was introduced. It was a simple coder oversight.

The bug was introduced by Dr Seggelmann, a German contributor to the OpenSSL project. He was working on patching existing bugs and adding new features. Unfortunately, in one of the new features, he forgot to validate a variable containing a length. The same mistake was also overlooked by the code reviewer Dr Stephen Henson, and thus the bug made its way into the production code of OpenSSL.

How does this exploit work?

As mentioned earlier, the Heartbleed vulnerability is due to a missing validation on a variable size. One of the reasons why the bug has been named as Heartbleed is that it occurs in the heartbeat stage of the protocol. A heartbeat is essentially a technique that enables a computer at one end of the SSL connection to double check that the recipient is still alive. The following XKCD comic does a pretty good job at explaining the issue in simple terms. Essentially, the hearbeat mechanism sends a key and requests a response from the recipient to confirm that the recipient is still active. However, the length of the request isn’t validated. So, you can send a key that is just 3 characters long, but request an acknowledgement that is up to 65536 characters long. Since, the server isn’t checking the length of the response requested, it would send you all of the requested characters, which will include whatever characters that are stored in the memory after your key. With some luck and persistence, you can exploit this oversight to gain access to confidential information.

XKCD-Explains-Heartbleed-Bug

Who discovered it?

The Heartbleed bug was introduced two years ago; however, in a strange co-incidence, it was discovered and reported by two parties on the same day. One of those parties was Google’s Neel Mehta, who quietly reported the bug to OpenSSL. The other party was a Finnish security research firm called Codenomicon. Realizing that the discovered bug was extraordinary in its impact and severity, Codenomicon decided to create a campaign to make sure everyone took notice of the issue. They registered the domain heartbleed.com, came up with the compelling name, designed a logo, and created the initial narrative. Both researchers collaborated with OpenSSL to ensure that the vulnerability wasn’t disclosed before an official patch was released.

What can you do?

To be honest there isn’t much you can do. A fix for the vulnerability has already been issued by OpenSSL. Most major websites, including banks and other financial service providers, have already updated their OpenSSL installation. Given the massive publicity this bug has received, it’s likely that most websites will implement the patch in the coming days. Mashable has published a massive list of popular websites affected by this vulnerability. It’s wise to change your password at any website that was affected by the bug, but you should do so only after that website has patched the vulnerability. Otherwise, you risk exposing yourself further. As always, folks using unique passwords are considerably safer.

Lastpass, one of the most popular password managers, has updated its Security Challenge tool to include Heartbleed related information. It automatically scans websites in your vault and lists all the websites that have been affected. It also lets you know which websites have been patched, so that you can go ahead and change your password.

Biological Nanodots Enable Smartphone Battery To Recharge in 30 Seconds

The Microsoft ThinkNext symposium at Tel Aviv might be the launching pad for a future in which we spend more time using our smart devices rather than charging them. StoreDot, an Israeli startup, has demonstrated their brand new model of electrodes which can help charge a smartphone battery in flat out 30 seconds. Take a look at their video here:

Batteries take a long time to charge because you need to reverse the chemical reactions that fuel it. If you rush this reversal process, you run the risk of damaging the electrodes and also depleting the chemical fluid, called the electrolyte. For the sake of longevity of the battery, you need to spend hours every day charging everything from your laptop battery to your cell-phones. And that can be a painful wait, especially without coffee.

Enter Nanodots

What StoreDot has going for it are tiny biological particles called nanodots. These are tiny synthetic bio-molecules – chemically synthesized peptides – which radically improve electrode capacitance and electrolyte efficiency. They make this process of reversal much faster than earlier.

At the ThinkNext symposium, StoreDot demonstrated their new technology on a Samsung Galaxy S3, but said that they would definitely widen their reach to other big names, like the iPhone.

Samsung Galaxy S3 charged in under 30 seconds. Photo Courtesy: StoreDot
Samsung Galaxy S3 charged in under 30 seconds.
Photo Courtesy: StoreDot

In an interview to Gizmag, StoreDot CEO Doron Myersdorf said:

In essence, we have developed a new generation of electrodes with new materials – we call it MFE – Multi Function Electrode. On one side it acts like a supercapacitor (with very fast charging), and on the other is like a lithium electrode (with slow discharge). The electrolyte is modified with our nanodots in order to make the multifunction electrode more effective.

On their own website, StoreDot touches upon the fact that their new technology is not only revolutionary, but also eco-friendly. They plan to replace all cadmium and lead based technologies with their biomolecules, making them easier to dispose off as well. It won’t be too costly either – StoreDot claims that the chargers will cost only about twice that of regular chargers we have today.

Of course, the spillover into other areas like laptop batteries and, even, electric cars is inevitable. StoreDot seeks two more years to perfect its technology – 2016 is the year to watch out for.

Discovered: Liquid Water Beneath Surface of Saturn’s Moon Enceladus

Saturn’s moon Enceladus may have liquid water hidden away at its South Pole. Or so say NASA’s Cassini, the spacecraft dedicated to map out different aspects of the beautiful planet Saturn.

Enceladus, as mapped by Cassini. Look at the craters and the ravine-like structures.  Photo Courtesy: NASA/Cassini
Enceladus, as mapped by Cassini. Look at the craters and the ravine-like structures.
Photo Courtesy: NASA/Cassini

Enceladus is a tiny moon of Saturn, barely measuring 500km across. It’s been a curious object for many years, since it shone brightly in reflected sunlight, the surface being covered by a white layer of water-ice (meaning, frozen water). The surface is fractured into various patterns, indicating erosion in the past. Much of the surface is cratered; objects, mostly small rocky bodies, pulled in by Saturn’s gravity slam into Enceladus. A spectacular display is seen at the South Pole of the moon, where giant plumes of liquid and gaseous water rise, after penetrating the fractured surface. These shine in the Sun’s rays and also provide material to Saturn’s E-ring.

Cassini picks up the plumes of water vapour and liquid water towards the south pole of the moon.  Photo Courtesy: NASA/Cassini
Cassini picks up the plumes of water vapour and liquid water towards the south pole of the moon.
Photo Courtesy: NASA/Cassini

How Cassini Discovered Water

Cassini has made several flybys past Enceladus, in 2010 and in 2012, mapping its surface in great detail as it flew less than 100 km from the surface. It has also mapped the gravitational field of the object and this is what led to the discovery of a possible liquid water reservoir right beneath the surface. During these flybys, the trajectory of Cassini changes slightly due to the gravitational field of the moon. Being a light object, Cassini is quite sensitive to local gravitational fields, and corrects its path accordingly. This means that one can use this information to map out the gravitational field of the moon. If there is a major concentration of mass, like a large mountain, we can feel a positive addition to the field, while a hollow will show up in a negative way.

Artists' impression of what Enceladus might look like on the inside.  Image Courtesy: NASA/Cassini,
Artists’ impression of what Enceladus might look like on the inside.
Image Courtesy: NASA/Cassini,

Cassini, mapping the gravitational field in the South Pole of Enceladus, found that there was a mass deficit on the surface, but a large mass excess abut 30-40 km below the surface. This ‘subsurface anomaly’, meaning a deviation from the standard mass distribution found below the surface, is, ‘compatible with the presence of a regional subsurface sea’, says the paper on the subject.

Life?

The next obvious question is this: does this sea of liquid water harbour life? The answer is that we don’t know. For a long time, Jupiter’s Europa was a happy hunting ground for alien-hunters; this status might be usurped by Saturn’s tiny Enceladus. A good, though quite a bit technical, answer can be found in a paper co-authored by Carolyn Porco, head of the Cassini mission here. This, however, predates the recent Cassini discovery and hinges its arguments on the plumes of liquid water seen emerging from the South Pole.

A nice video on the subject by JPL and NASA can be found here:
http://saturn.jpl.nasa.gov/multimedia/flash/Enceladus/enceladus.html

Know your technology head on