Copy Link
Add to Bookmark
Report
Atari Online News, Etc. Volume 17 Issue 34
Volume 17, Issue 34 Atari Online News, Etc. September 11, 2015
Published and Copyright (c) 1999 - 2015
All Rights Reserved
Atari Online News, Etc.
A-ONE Online Magazine
Dana P. Jacobson, Publisher/Managing Editor
Joseph Mirando, Managing Editor
Rob Mahlert, Associate Editor
Atari Online News, Etc. Staff
Dana P. Jacobson -- Editor
Joe Mirando -- "People Are Talking"
Michael Burkley -- "Unabashed Atariophile"
Albert Dayes -- "CC: Classic Chips"
Rob Mahlert -- Web site
Thomas J. Andrews -- "Keeper of the Flame"
With Contributions by:
Fred Horvat
To subscribe to A-ONE, change e-mail addresses, or unsubscribe,
log on to our website at: www.atarinews.org
and click on "Subscriptions".
OR subscribe to A-ONE by sending a message to: dpj@atarinews.org
and your address will be added to the distribution list.
To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE
Please make sure that you include the same address that you used to
subscribe from.
To download A-ONE, set your browser bookmarks to one of the
following sites:
http://people.delphiforums.com/dpj/a-one.htm
Now available:
http://www.atarinews.org
Visit the Atari Advantage Forum on Delphi!
http://forums.delphiforums.com/atari/
=~=~=~=
A-ONE #1734 09/11/15
~ US Cop Goes Wardriving ~ People Are Talking! ~ Sega Financials Poor!
~ System 6.0.3 Released! ~ Internet Freedom Dying ~ China Arrests 15,000!
~ Epson Kills Ink Cart! ~ 'Fallout 4' Will Grow! ~ Mt. Gox'er Arrested!
~ PlayStation Saves Sony ~ No Consent for Win 10? ~ iTunes Illegal in UK!
-* Graphical OS for Atari 8-bit *-
-* Atari Coldfire: The New Series 2015 *-
-* Russian Hacker Group Exploits Satellites! *-
=~=~=~=
->From the Editor's Keyboard "Saying it like it is!"
""""""""""""""""""""""""""
As you've all probably already been reminded countless times
today already, today marks the 14th anniversary of the World
Trade Center tragedy, as well as the carnage at the Pentagon
and in Shanksville, Pennsylvania. The world - especially the
United States - as we knew it, changed forever. I don't think
that any of us who "witnessed" that day's events will ever
forget those tragic scenes. If you haven't already, take a
moment to reflect on that fateful day and remember all of those
who lost their lives needlessly.
Until next time...
=~=~=~=
Atari Coldfire: New Series 2015
Dear All,
Yesterday the 25th preorder arrived our team. So half of the
needed preorders for the new series of FireBee boards are in now!
That's especially great as it is just 2 weeks since we published
the call for preorders. And 80% of the people wanted to make a
prepayment as well. You are great!
So please go on for the next 25 preorders that are needed before
we can go into production. I would like to ask you as well to
update your links to the new website firebee.org at your own
websites, blogs or whatever and perhaps to spread the information
about the new series.
At least it is a kind of community project where nobody earns
anything ;)
Mathias
Atari-coldfire mailing list
Atari-coldfire@lists.lnxnt.org
https://lists.lnxnt.org/mailman/listinfo/atari-coldfire
A Graphical OS for the Atari 8-bit
Atari 8-bit fans have long hankered after a GUI similar to GEOS on
the Commodore 64. Diamond GOS went some way to addressing this
deficiency, and since then there have been several creditable
attempts at implementing a GUI OS on the A8. Now theres another
one in the pipeline: an as yet unnamed project which aims to bring
a pre-emptive multi-tasking graphical operating system to the
8-bit Atari.
The most recent demo version of the GUI OS can be downloaded
below:
http://atari8.co.uk/wp-content/uploads/2015/03/GOS-ROMs.zip
The ZIP file contains ROMs and ATR flashers for a variety of
popular programmable cartridges, and separate versions are
provided for use with Atari ST and Commodore Amiga mice.
Info
The GUI/OS project grew out of a simple mouse demo, based on the
interrupt driven mouse handler by John Maris. However, thanks to
ideas and help from AtariAge members analmux, andym00, and
popmilo, a simulated hi-res hardware sprite pointer was
developed, of which the underlying application is completely
unaware.
Meanwhile, Paul Fisher took on full responsibility for font
design and production (creating a tool-chain for converting BDF
fonts for use with our GUI), and has designed several hundred
icons and dozens of other resources. He is also chief
beta-tester, and without Pauls assistance, this project would
have been an impossible undertaking. Paul has also created
several developmental screen mock-ups which depict how the
finished product is likely to look. The mock-ups are realistic
representations of screen elements currently being implemented.
The completed graphical OS will include:
A pre-emptively multitasking kernel supporting up to 16
processes
Inter-process messaging system, supporting up to 64 open
messages
Completely replaces the Atari OS and DOS
File system drivers supporting FAT12, FAT16 and FAT32
Overlapping, movable, sizeable windows
Cascading pull-down and pop-up menus
Movable desktop icons and shortcuts
Per-process and overall CPU load profiling
Dialogue boxes with a rich control set (list boxes, spinners,
sliders)
256 character fonts from 6 to 32 points
Italic, boldface, and underline, outline, and shadow styles
for all fonts
Smooth, quick and responsive mouse control
Desktop file manager with drag-and-drop support
Comprehensive API and technical documentation for
developers
While it is hoped that the OS will support unexpanded 64KB XL/XE
machines in some minimal way, the realistic base hardware
requirement will be an 8-bit Atari XL/XE with at least 128KB, a
flash cartridge (or Ultimate 1MB/Incognito), and an ST or Amiga
compatible mouse or trackball.
In late 2012, Jörn Mika (aka Prodatron), author of the remarkable
SymbOS Graphical Operating System for the CP/M, MSX and other Z80
platforms, approached me with some suggestions regarding
rendering, window management and multi-tasking. Because of those
pivotal conversations and the insight Jörn provided, the decision
was made to abandon the A8 GUIs right-threaded binary tree
internal object structures (initially modelled after TOS on the
ST), and adopt instead flat window records almost identical to
those used by the SymbOS API. This change immediately yielded
considerable reductions in code complexity and size, and an
increase in efficiency. But yet there was still room for
improvement in other areas.
After a further six months of nagging doubts about the
proprietary window mask technology I had designed, I decided to
take the plunge and do what Jörn had suggested might lead to a
considerable increase in rendering speed: namely, to abandon the
window masks (which, it turned out, might as well have been
called regions), and use a traditional dirty-rectangle window
management system, as used in SymbOS. In summer/autumn 2013 I set
about writing a full implementation of the rectangle-based window
manager. Impressed with the result, I committed to the change and
optimised the whole system to use the rectangles, and this massive
rewrite resulted in a roughly 100 per cent efficiency improvement
when rendering the content of overlapping windows. After further
optimisation of the font renderer, we finally began to see
performance which appeared to approach that of the seemingly
magical SymbOS.
In addition to this, Jörn convinced me that pre-emptive
multitasking was possible on the 6502, so in May 2014, I began
the arduous task of converting the existing code to run from a
bank-switched cartridge, while simultaneously designing the
pre-emptively multitasking kernel. As of August 2014, the
cartridge build is working well and the kernel is fully
functional, and we can finally witness multiple tasks sharing
CPU time on the 8-bit Atari, and using a messaging queue for
communication. Thanks to Jörn and many members of the AtariAge
forum, some really inventive techniques of stack and page zero
management have been implemented.
What is especially heartening at this stage is that the 8-bit
Atari can actually run a pre-emptive scheduler, and run it well
in spite of the 6502s fixed stack. And the Ataris custom
hardware has made some other really nice things possible, such
as the calculation of processor usage on a process-by-process
basis, as well as the monitoring of CPU idle time.
To help potential developers, documentation of the API will
continue throughout 2015/2016, and perhaps unsurprisingly
this task becomes easier as the architecture of the system
becomes more clearly defined while its being coded up. Theres
still a lot of work to do (UI controls, file system, SIO driver,
etc), but now that we have a rudimentary multi-tasking graphical
OS and one which is efficient and usable there seems to be
no limit to what is achievable.
Donations
If you want to show your support for this project and help to
ensure its seen through to completion, please consider making a
donation. Progress has been slow because my free time is in
contention owing to the other Atari projects documented on these
pages, but I hope to maintain a clear focus on the GOS project
in the future.
The Source Awakens .. System 6.0.3, A New Release
On the heels of the recent 6.0.2 build of the Apple IIgs System
Disk set, comes the next revision. Many loose ends have been tied
up and documentation has been updated with changes described in
detail.
This release has been packaged as six 800K disk images in BXY
format (Shrinkit Compatible Binary II Encoded), .PO format, and as
a versatile 32MB Live Installer in .PO format that boots to
Finder for immediate access to all portions of the System
Software and installing without the need of mounting multiple
images or swapping floppies. This image can also be installed to
a 32MB partition, CD ROM, etc.
Apple II Technical Notes Apple IIgs #001 and GS/OS #100 have
been updated to reflect the content and organizational changes
in this release.
See the file: Apple_IIGS_6.0.3_Info.txt for the individual image
names/contents.
This is a summary of the visible changes since System 6.0.2 was
released. Be sure to also read the Shortcuts file on the
Live.Install or SystemTools2 disk for more information.
SCC.Manager and the AppleShare FST no longer halt the boot
process with dialogs requiring user intervention when the
machine is not connected to a network. These warnings are still
available by pressing the spacebar during boot to view the text
boot screen.
OpenApple-Up Arrow now selects the folder or volume icon of
the directory from which it was invoked.
A Live Install image is now available, enabling installation of
the System Software from a single disk image rather than the
traditional six 800K floppy disks.
In the Live Install image only, a Customized Installer
application is now available for the use of developers.
Selection, deletion, and traversal of Japanese full-width (double
byte) characters and words is handled correctly when the Japanese
Manager is installed and active.
Word breaks recognized by Option-Left/Right Arrow, and
double-clicking now include punctuation and symbols, rather than
just spaces. Hyphen (-), period (.) and apostrophes ( and
closing single smart quote) are considered word breaks when not
surrounded by alphanumeric characters, but are not considered
word breaks when they are. For example, the following constitute
a single word:
flip-flop?dont?foo.txt
All other non-alphanumeric characters are excluded from words.
Double-clicking on a word break causes it and any surrounding
word break characters to be selected. Traversing a word break
using Option-Left/Right Arrow will pass through any preceding
or following word breaks, stopping at the boundary of the next
word encountered.
TextEdit (document window) and LineEdit (dialog box text fields,
Finder icon rename fields) now use the OpenApple and Option keys
in the same way. Previously, TextEdit used OpenApple for word
navigation and Option for line and page end navigation.
Time control panel?Now follows the US Daylight Savings Time
based on the standard effective March 2006.
FindFile?When used in the Finder, double-clicking any found file
will open a window with the file selected.
Teach 1.1.1 is included, fixing a bug that caused an I-beam
instead of an arrow cursor to display when mousing over the left
border of the scrollbar.
The Thunderclock year table in P8 has been updated for the years
2013-2018. There is also a Clock.Patch file on the SystemTools2
disk that you may use to update P8 (renamed to ProDOS) to include
future year groups.
Apple IIGS Technical Note #100 and GS/OS Technical Note #001 have
been updated for System Software 6.0.3.
=~=~=~=
->In This Week's Gaming Section - How 'Fallout 4' Will Grow and Evolve!
""""""""""""""""""""""""""""" Here's Why The PlayStation Will Save Sony!
SEGA Financials Report Dramatic Decrease in Sales!
=~=~=~=
->A-ONE's Game Console Industry News - The Latest Gaming News!
""""""""""""""""""""""""""""""""""
Here's How 'Fallout 4' Will Grow and Evolve After It Launches
When Fallout 4 arrives on Nov. 10, that's just the beginning.
Developer Bethesda Softworks has big plans for the game
post-release, which are starting to trickle out.
Here's the big ticket reveal: Bethesda plans to release
studio-created add-on content for Fallout 4 in the months after
its release, and it'll be offered in a packaged $30 "Season Pass"
deal. There's no mention of a plan to sell the add-ons
individually, but that's likely an option as well. You'll just be
paying more if you buy everything piecemeal.
"Since were still hard at work on the game, we dont know what
the actual [downloadable content] will be yet, but it will start
coming early next year," a new post on Bethesda.net reads.
"Based on what we did for Oblivion, Fallout 3, and Skyrim, we
know that it will be worth at least $40, and if we do more,
you'll get it all with the Season Pass."
The same post also elaborates a bit on Fallout 4's planned support
for user-created "game mod" modifications. It's a common practice
in the PC gaming world for amateur programmers to tweak and add
different elements to their favorite games, but Fallout 4 will be
one of the first to bring support for those unofficial add-ons to
PlayStation 4 and Xbox One consoles.
Early next year well release for free the new Creation Kit for
the PC," the post continues. "This is the same tool we use in the
studio. You'll be able to create your own mods and share them with
others. Were especially excited these same mods will then be
coming to Xbox One, and then PlayStation 4."
All of this echoes what Fallout 4 game director Todd Howard told
Mashable at E3 back in June: an early 2016 release for the PC
Creation Kit, then on to Xbox One first "The best path for us
is to do it there first," Howard explained and, finally, PS4.
"How those all line up, what's the gap between PC and Xbox, and
Xbox and PS4, is a little fuzzy right now. But that's definitely
the order," Howard told Mashable.
Finally, in what should be no surprise to fans, Bethesda carries
forward the "free content updates" mentality that was born with
its previous game, The Elder Scrolls V: Skyrim. In addition to a
regular flow of patches that fix bugs and other issues, fans can
also look forward to free in-game bonuses in addition to the
planned add-ons.
"For Skyrim, we added things like mounted combat, legendary mode,
kill cams, visual enhancements and more," the Bethesda.net post
said. "Well work with all of you to figure out what new things
youd love to see added to Fallout 4, whether they are small
tweaks or new features."
20 Years Later, Here's Why The PlayStation Will Save Sony
Sonys game console went on sale in the U.S. on Sept. 9, 1995.
Today its a linchpin for the companys future.
Twenty years ago, the Sept. 9, 1995 U.S. release of Sonys
PlayStation ushered in momentous changes to the video game
industryand set the company on a path to becoming a superpower
in the entertainment field.
The system had made its global debut in Japan in December 1994
and was an instant hit there, selling 2 million units in the
first six months. But by launching sales in the larger U.S.
market, the PlayStation became a global phenomenon, ultimately
knocking Nintendo off of its perch as the industry leader and
ushering in a new distribution method for video games that
continues to evolve today.
Sony brought a super friendly and encouraging approach to
developers and third party publishers in a way that Nintendo did
not, says John Taylor, managing director of Arcadia Investment
Corp. Back in the old days, when Nintendo and Sega dominated the
market, there were these things called slots. Publishers were
restricted to releasing a set number of titles.
Sony brought
open arms and a lot of flexibility to the model.
That openness won the PlayStation a lot of support from
third-party publishers, like Electronic Arts EA -1.05% . But the
success of the console ultimately can be traced to two important
firsts. It ushered in the era of 3D graphicsand it was the first
game machine to focus on the CD as a storage medium, rather than
clunky cartridges.
Using CDs greatly reduced manufacturing costswith publishers
paying between $1.50 and $2 per disc at the time instead of $8-$12
for chip-based cartridges. It also gave retailers more flexibility
on close-out pricing, letting them offer deeper discounts on older
games.
Ironically, Sony SNE 0.64% never really wanted to go into the
video game business at least not the way it ultimately did. In
1988, Sony had hoped to partner with market leader Nintendo NTDOY
-0.40% on a CD-ROM player for the SNES. Three years later, Sony
debuted the machine at CES.
But the day after that reveal, Nintendo dropped a bombshell,
declaring it would not work with Sony and would instead partner
with Phillips. Furious at the slight, Sony then-president Norio
Ohga assigned Ken Kutaragi to develop a system that would compete
with Nintendo.
As tempers cooled internally, Sony began to second guess the
directive as officials grew skeptical about the profitability of
the video game industry, but Kutaragi successfully lobbied to keep
the project alive.
The mid-90s were an exciting time for game developers, driven by
the explosion of powerful but affordable 3D graphics rendering
hardware and the birth of many young and adventurous development
studios, said Shuhei Yoshida, president of Sony Computer
Entertainment Worldwide Studios in a blog post last year. The
original PlayStation was meant to embody that sense of adventure
and discovery, that sense that anything was possible.
Today, the PlayStation is a lynchpin in Sonys future plans. The
most recent iteration of the systemthe PS4has sold more than
25 million units life to date.
Sony CEO Kaz Hirai (who ran the PlayStation division during the
glory days of the PlayStation 2) has made it clear that he sees
the console as one of the tentpole divisions that will lead the
company back to prosperity. Since the early 2000s, the company has
been losing ground in many fields. Rivals like Samsung took away
market share from the companys electronics business. Apple and
others dominated the portable music space. And the companys ADR
stock fell below $10 in 2012.
Hirais turnaround efforts are starting to bear fruit. One of the
keys to that is his use of the PlayStation 4 as a way to break
down the companys silo mentalityintegrating marketing efforts
for other units, like film and music, into it to create a more
cohesive entity.
Sony made hay on the Walkman decades ago, says Taylor. And it
made hay on TV sets a decade or two ago. But the one dependable,
bankable division providing both industry leadership and
profitability has been the PlayStation division.
SEGA Financials Report Dramatic Decrease in Sales
Reporting a decrease of 42 percent in net sales, the publisher
reports sales earnings of ¥52.9 billion ($426 million), operating
losses of ¥9.5 billion ($76 million), and net losses of ¥7.9
billion ($63.8 million).
SEGA representatives largely attribute the decrease in sales
figures to global economies, with additional issues arising from
the reported decrease in demand for game software, amusement
centers, and amusement machines in Japan.
"The economy still remained in the condition requiring further
time for full recovery due to uncertainty towards a downswing in
overseas economies arising from factors such as the slowdown of
growth in the economies of emerging countries and European debt
crisis," SEGA said.
The company announced plans of downsizing and relocating its
offices in North America earlier this year, issuing redundancies
in their Japanese, European, and North American offices.
=~=~=~=
A-ONE's Headline News
The Latest in Computer Technology News
Compiled by: Dana P. Jacobson
China Police Arrest 15,000 Suspects for Alleged Cyber Crimes
China Police has arrested nearly 15,000 people on suspicion of
cyber crimes as part of an operation dubbed "Cleaning the
Internet," according to reports.
According to the Chinese Ministry of Public Security (MPS), the
suspects have been arrested for their involvement in cyber
crimes that "jeopardized Internet security."
In July, China launched a six-month campaign codenamed "Cleaning
the Internet" to fight online criminal activities.
Under the program, the police investigated 7,400 cases, including
hacking, online fraud and the illegal sale of personal
information, spread over 66,000 websites, the official website of
the ministry stated.
"For the next step, the public security organs will continue
to increase their investigation and crackdown on cyber crimes,"
according to the Chinese Ministry of Public Security.
The MPS did not clear exactly when the arrests took place but said
the program also took down major online criminal cases as well as
eliminated online gangs.
Police suspended more than 190,000 illegal online websites
featuring vulgar contents including advertisements for
pornography, firearms, explosives, and gambling.
China is considered to be a country that took the Internet as
their virtual territory; a territory that must be ruled by
government's laws and regulations. It's also the country that runs
one of the worlds most sophisticated Internet censorship systems
called The Great Firewall.
Russian Hacker Group Exploits Satellites To Steal Data, Hide Tracks
A Russian-speaking hacking group is using commercial satellites to
steal sensitive data from military and diplomatic agencies in the
United States and Europe, according to Kaspersky Lab.
Washington: A group of sophisticated Russian-speaking hackers is
exploiting commercial satellites to siphon sensitive data from
diplomatic and military agencies in the United States and in
Europe as well as to mask their location, a security firm said in
a new report.
The group, which some researchers refer to as Turla, after the
name of the malicious software it uses, also has targeted
government organisations, embassies and companies in Russia,
China and dozens of other countries, as well as research groups
and pharmaceutical firms, said Stefan Tanase, senior security
researcher at Kaspersky Lab, a Moscow-based cybersecurity firm
with analysts around the world.
Turla has used this technique for at least eight years, which
reflects a degree of sophistication and creativity generally not
seen among advanced hacker groups, Tanase said.
"For us, it was very surprising," he said in a phone interview
from Bucharest, Romania. "We've never seen a malicious operation
that hijacked satellite" connections to obtain data and to cover
its tracks. "This is the first group that we believe has done it.
It allows you to achieve a much greater level of anonymity."
Although Kaspersky has not linked Turla to the Russian
government, other security firms have done so.
The Turla malware originated from a "sophisticated
Russian-government-affiliated" hacker group that "we call
Venomous Bear," said Dmitri Alperovitch, co-founder and chief
technology officer of CrowdStrike, an Irvine, California-based
cybersecurity technology firm.
Turla specialises in diplomatic and military targets in the
United States, Europe, Middle East and Central Asia to gain
political and strategic intelligence, he said. Turla is not the
Russian group that is believed to have hacked the State
Department, White House and Pentagon over the past year,
Alperovitch said. That group was dubbed Cozy Bear by CrowdStrike.
Turla's tactic exploits the fact that older satellites do not
encrypt data streaming to Earth, and it relies on unsuspecting
users of satellite internet service providers around the world,
Tanase said.
Here's how the scheme works: Turla infects a target's computer
by planting malicious software on a website that the group knows
the user frequents. When the user visits the site, his computer
is compromised. This is called a "watering hole" attack.
Once Turla has gained control of the user's computer and
identified data of interest, the hacker instructs the infected
computer to send the stolen data to the internet address of an
innocent satellite user - someone who is online using internet
service provided by the satellite company.
Turla then hijacks the stream of data as it is being sent down
from the satellite to the innocent user's computer by spoofing
the user's internet address. The data is sent to a command server
controlled by Turla, but the location is effectively hidden as it
can be anywhere in the range of the satellite beam, which can be
thousands of kilometres.
Moreover, Tanase said, Turla tends to use satellite internet
connections in Middle Eastern and African countries. He thinks
this is an effort to avoid the scrutiny of researchers and law
enforcement.
To use such connections, Tanase said, the hackers need to have at
least an antenna and a computer there. "They must have people
posted in these countries" for technical support, he said. He
noted that the group has exploited satellite internet providers
located in Afghanistan, Congo and Libya, among others.
Tanase said Kaspersky has asked the satellite service providers
whether they could block the malicious traffic, but they said
their hands were tied. "This is a limitation of the technology,"
he said.
The problem will be solved over time as these satellites are
replaced with new ones, he said. "But until then," he said,
Turla's data hijacking "will still be possible."
US Cop Goes Wardriving To Sniff Out Stolen Gadgets by MAC Address
When it comes to sniffing out unsecure Wi-Fi networks, you can
take your pick of vehicle to drive around: we've had warbiking,
feline warprowling (with bonus mouse catching!), and warstrolling
(with high heels packing Wi-Fi hacking tools, no less!).
Now, a US cop has reverted to the plain old vanilla mode of
wardriving in a car, but he's not looking for hotspots or routers
that lack passwords.
Nor is he sniffing out routers using the creaky, old, easily
cracked WEP encryption protocol.
Rather, Iowa City police officer David Schwindt is stalking
stolen gadgets.
Specifically, he's cooked up some software and rigged up a thumb
drive sized-antenna that plugs into the USB port of his squad car
laptop to sniff out the media access control (MAC) addresses from
a database of known stolen items.
MAC addresses are unique identification numbers that act like a
device's digital fingerprint.
Researchers have confirmed they also link to your real identity,
and, according to Edward Snowden, the National Security Agency
(NSA) has a system that tracks the movements of everyone in a
city by monitoring the MAC addresses of their electronic
devices.
Schwindt says his software product, which he's calling L8NT -
that's a leet-speak/acronym hybrid that stands for latent
analysis of 802.11 network traffic - wont be used to find the
occasional stolen iPod or laptop.
Neither will the tool give police access to personal or private
information included in MAC packets, he told The Gazette.
Rather, he has his eye on bigger cases:
If your cellphone is stolen from a bar ... thats not
necessarily what L8NT is intended for. But, if your home is
burglarized and your cellphone is stolen, now, as a police
chief, Im interested [in that technology.]
The device - which has a range of about 300 feet - scans for MAC
addresses, looking for matches to known stolen items.
The L8NT can also be attached to a directional antenna to allow
police to determine where the signal is coming from and to
obtain a warrant.
However, the device does not work in all circumstances.
If you walk around with Wi-Fi enabled on your phone, it will
broadcast its MAC address indiscriminately and, unlike an IP
address which changes over time or when you switch networks, a
MAC address is constant (though it can be spoofed, either for
legitimate purposes or by a thief who wants to hide it).
But if a device is powered down, or if Wi-Fi has been disabled,
the L8NT won't be able to sniff it out.
Nor will it do much good if legitimate device owners haven't
bothered to record the MAC addresses of their devices.
Then again, it might also prove useless in the case of Apple's
iOS 8 devices.
Apple introduced a random MAC address generator in iOS 8 last
year, in an effort to help users fend off marketers' ability to
recognize their devices and thereby ID them at will.
That randomisation isn't constant, mind you: As Paul Ducklin
noted at the time, randomisation only happens before you connect,
when your Wi-Fi card is scanning for networks.
When your iGadget finds an access point with a name that matches
one of your known networks, it tries to connect by using your
real, rather than your random, MAC address.
So the coffee shop you visit regularly won't have any trouble
recognising you, though a shopping mall you merely walk through
won't be able to ID you.
But while there are cases where the officer's L8NT won't work,
Schwindt still has big plans, he's developed a proof of concept,
has a provisional patent on the device, and plans to apply for a
full patent this fall.
In the meantime, he's sent out surveys to law enforcement
agencies to test the waters and see if they might be interested.
Mt. Gox Founder Mark Karpeles Arrested - But Not Over Missing Bitcoinage
From a marketing point of view, 2014 could have been a much better
year for the cryptocurrency known as Bitcoin.
Bitcoin isn't really a currency, at least in the traditional
sense, because there's no central regulatory authority that issues
coins and banknotes or controls the total amount of the currency
in circulation at any time.
In the Bitcoin world, "coins" are "minted" (or, more accurately,
mined) by getting lucky in what is effectively an arithmetic
lottery based on cryptography.
In place of an issuing authority with a list of all the banknote
serial numbers that exist, Bitcoin revolves around a public,
distributed database called the block chain that keeps a record of
which "coins" have been mined so far, and how they've been spent.
The arithmetic in the Bitcoin system limits the total number of
bitcoins that can ever be mined to about 21,000,000. The block
chain acts as a pseudo-anonymous register of all bitcoins mined so
far. This prevents two people coming forward and claiming to "own"
the same coin, or part thereof. The block chain therefore acts as
the Bitcoin ecosystem's arbiter to stop people saying, "Hey, I
never got paid," or, "Hey, I never spent that amount, it still
belongs to me."
Ironically, that means Bitcoins are much safer under your
metaphorical mattress than stored in an online account.
But unless you can find other people who are willing to trade
bitcoinage with you directly, a Bitcoin stash isn't very liquid
- with some notable exceptions, you can't simply jump online and
spend it, or go into a shop and make an impulse purchase.
This has led to a proliferation of Bitcoin exchanges, where you
can trade bitcoinage for regular currency, albeit at rather
volatile rates.
Of course, that means that an exchange actually has to have real
currency available for the times that customers want to convert
some of their bitcoins into regular money.
It also means, if you want quick and easy access to your bitcoin
account, that the exchange needs to keep at least some of your
stash of digital money in what is known as hot storage
essentially, accessible online where a determined hacker might
very well be able to get at it.
With little or no regulation, and no central authority to
repudiate disputed transactions or ownership, you aren't going to
get your hot wallet back if a crook makes off with it.
Responsible exchanges keep some, most, or even all, of your
bitcoins (usually, you can choose how to divvy up your stash) in
cold storage.
Cold wallets are supposed to to be offline, for example saved to
removable storage devices and locked in a vault, just as the
majority of the cash on hand might be be at a regular bank.
That doesn't protect you against bitcoin crime entirely: an insider
could steal your bitcoins, or an exchange's idea of "offline
storage" might not be quite as far removed from remote network
access as you might like.
And, with little or no regulation, we've seen a procession of
Bitcoin exchanges that have lost some or all of the digital
assests in their possession, such as:
May 2012. An exchange called Bitcoinica allegedly had $225,000
stolen, followed by another $90,000 later the same year.
September 2012. $250,000 was stolen from boutique exchange
Bitfloor after an encryption lapse during a server upgrade.
November 2013. Small exchanges in Australia, China and Denmark
"vanished along with the money" after claiming they'd heen
hacked.
March 2014. Poloniex lost $50,000 due to a coding error (known
as a race condition) in its Bitcoin withdrawal database.
March 2014. Flexcoin closed down after hackers processed a
fraudulent transfer of $600,000, with reports suggesting that was
everything that Flexcoin had on deposit, gone in one shot.
But the Big Daddy of Bitcoin implosions was that of Mt. Gox,
pronounced "Mount Gox," although originally a domain name that
was short for MTG Gathering Online Exchange, a website devoted to
the fantasy trading card game Magic: The Gathering.
And, just like magic in reverse, early in 2014, Mt. Gox, based in
Japan, filed for bankruptcy.
The reason was the rather significant problem that the company
had managed to "lose" about $500,000,000's worth (half a billion
dollars!) of its customers' bitcoins.
What happened is still not clear, although a person claiming to
be "Mt. Gox's first employee" has recently commented at some
length on Reddit what he claims is a partial explanation of how
the company came to run out of money.
(NB. The Reddit thread makes fascinating reading, but there is no
way to verify any of it, so: reader beware.)
Of course, running out of money by spending too much is not the
same as losing 650,000 bitcoins.
The vanishing bitcoins still haven't been explained, although a
Japanese newspaper openly suggested, on New Year's Day 2015, that
99% of the loss was an insider job: cybercrime committed by a
person or persons inside the company.
Mt. Gox founder Mark Karpeles has always denied any wrongdoing,
but he's just been arrested anyway.
Apparently, Karpeles is not being charged over the missing
bitcoins, but rather for overstating his financial position by
US$1,000,000 back in February 2013.
The 650,000 missing bitcoins remain just that: missing.
Black Hat Keynote Speaker Says Dream of Internet Freedom Is Dying
The dream of a free and open Internet is slowly being killed by
overregulation, censorship and bad laws that don't stop the right
people, a top computer crime defense lawyer says. The annual Black
Hat computer security conference in Las Vegas kicked off Wednesday
with a keynote address from Jennifer Granick, director of Civil
Liberties at the Stanford Center for Internet and Society. Granick
said that while the Internet needs to be reasonably safe in order
to be functional, it's no longer the revolutionary place it was
20 years ago.
No one is murdering the dream of an open Internet, she said, but
it's withering away because no one is prioritizing its protection.
On top of that, new Internet users are coming from countries whose
citizens aren't protected by a Bill of Rights or a First
Amendment. "Should we be worrying about another terrorist attack
in New York, or about journalists and human rights advocates
being able to do their jobs?" she asked.
Granick also railed against the federal Computer Fraud and Abuse
Act, which carries sentences of up to 10 years in prison for a
first-time offense. It does nothing to prosecute countries like
China that launch state-sponsored attacks against the U.S.
government and major companies, along with other dangerous
hackers based overseas, she said. But, she added, it often hits
small-time American hackers with unfairly harsh prison
sentences.
In a separate briefing later Wednesday, Leonard Bailey, of the
Department of Justice's Computer Crime and Intellectual
Property section, said that in most cases, prosecutions of
computer crimes are very "reasonable" and not "prosecutors gone
wild." "But all it takes is one flogging in the public square
and there's a chilling effect," he says. "So, we have to try to
get this right."
A slew of hackers and information security professionals were
slated to speak at Black Hat, including Charlie Miller and Chris
Valasek, who gained fame recently by hacking into and taking
control of a Jeep Cherokee, prompting Fiat Chrysler to recall
1.4 million vehicles to fix the problem.
iTunes Is Illegal Under UK Copyright Law
The High Court recently overturned private copying exceptions
introduced last year by the UK Government, once again outlawing
the habits of millions of citizens. The Intellectual Property
Office today explains that ripping a CD in iTunes is no longer
permitted, and neither is backing up your computer if it
contains copyrighted content.
Late last year the UK Government legalized copying for private
use, a practice which many citizens already believed to be legal.
The UK Intellectual Property Office noted that the changes were
in the best interest of consumers and that they would bring
copyright law into the 21st century.
However, the new regulation was short-lived. Fearing a loss of
income several music groups objected at the High Court, which
subsequently agreed that the new legislation is unlawful.
As a result the changes were overturned last month and the
previous limitations were reinstated. To find out what the public
can and cant do under the law, TF reached out to the UK
Intellectual Property Office, which provided some very clear
answers.
It is now unlawful to make private copies of copyright works you
own, without permission from the copyright holder this includes
format shifting from one medium to another, a spokesperson
informed us.
The IPO specifically notes that copying a CD to an MP3 player is
not permitted. This means that iTunes popular ripping feature,
which Apple actively promotes during the softwares installation,
is illegal.
Also, under the current law iTunes is actively facilitating
copyright infringement by promoting their CD-ripping
functionality. This means that the company could face
significant claims for damages.
There is more though, as the law affects much more than just
ripping CDs. Simply copying a song in an automated computer
backup or storing a copy on a private cloud hosting service is
also against the law.
it includes creating back-ups without permission from the
copyright holder as this necessarily involves an act of copying,
we were informed by the Government spokesperson.
Strictly speaking this means that UK citizens are not allowed to
make a backup of their computer. After all, pretty much every
computer contains copyrighted media. Needless to say, this turns
almost the entire country into outlaws.
The Government is not happy with the High Court decision but it
hasnt decided whether it will propose revised private copying
exceptions in the future.
Copyright holders previously suggested allowing private copying
in exchange for a tax on blank CDs and hard drives.
As this is a complex area of law, the Government is carefully
considering the implications of the ruling and the available
options, before deciding any future course of action.
As reassurance, the Government notes that that people shouldnt
be too concerned because copyright holders are not known to come
after people who make a backup of their computers.
The Government is not aware of any cases of copyright holders
having prosecuted individuals for format shifting music solely
for their own personal use, the IPO spokesperson says.
However, copyright holders can take people to court over both
CD-ripping and computer backups, if they want to.
Epson Kills the Printer Ink Cartridge
It was after midnight, and I was facing a ticking-clock real
estate transaction. All I had to do was print 15 pages of
black-and-white contract, sign it and fax it back. Only halfway
through, my printer ran out of inkmagenta ink! Thus began a
chain reaction culminating in my nearly throwing the printer out
the window. I ended up at Kinkos.
We all have a printer story. They run out of ink at the worst
possible time, or worse, nag us about running low on ink when
theres plenty left. So how much would you pay for a printer that
doesnt run out?
Epson, the maker of my nightmare printer, has finally put an end
to the horror of ink cartridges, at least for people willing to
throw cash at the problem up front. The five new EcoTank series
printers look like normal models, only they have containers on
their sides that hold gobs and gobs of ink. How much? Years
worth. Enough that your childrenor at least minecould go on a
two-hour coloring-page-printing bender and you wouldnt even
notice.
Printer technology has been pretty static for years. Epson and
competitors Hewlett-Packard, Canon and Brother make frame-worthy
photos and spit out page after page of text at a decent clip.
Its now standard for them to connect to Wi-Fi networks and work
with mobile devices.
Most people buy printers by price: $100 is the magic number for
anybody but a photo enthusiast, and printer makers like it that
way. They lose money on the hardware and make it up on ink.
We dont love paying through the nose for the ink, and the
arrangement means that at the first sign of printer trouble, many
of us just dump the thing and buy a new one. But weve continued
this way for years.
Now, though, ink alternatives throw ink-onomics off balance.
Major retailers such as Amazon and Wal-Mart sell off-brand inks
dirt cheap. Printer makers say this ink can cause printing
problems and bring down the quality of printouts, but the price
differences are staggering.
A basic Epson model, the Expression XP-420 all-in-one
scanner/printer, lists for $100 and sells for as little as $60.
A set of standard replacement ink cartridges, however, costs
around $40. Epsons XL cartridges give you a little breaknearly
three times the ink for around $80 a set.
But in a search for XP-420 ink on Amazon, most results are for
off-brand competitors selling XL cartridges for a third of
Epsons price, and sometimes even less.
As a parent who doesnt want to padlock the printer, I turned to
off-brand ink. And while I have had one of their cartridges fail,
the economics still favors the knockoffs.
Epsons new move is a sly one. Rather than compete on price, the
printer maker is dropping the cartridge issue entirely. When you
buy an EcoTank printerfor instance, the ET-2550, which closely
resembles Epsons XP-420you fill up its four-chambered reservoir
with ink from plastic containers included with the printer.
Theres a satisfying feeling of dumping all of that ink into the
tubs. You then let the printer prime itself and your ink worries
are over.
Fast forward two very print-productive years. You and your family
have churned out more than 35 black-and-white and 60 color pages
every week. Finally, you need more ink. Epson will sell you a
whole set of replacement canisters for $52. That same amount of
Epson ink, in XL cartridges, would cost more than 10 times as much.
The old model is out the window. Epsons not trying to make money
on ink this time around, because its charging you up front for
the printer. The ET-2550 costs $400; its big brother, the ET-4550,
which has a fax, a sheet feeder and Ethernet, costs $500.
I asked John Lang, president and CEO of Epson America, why his
company was the only one that could do this. After all, it seems
like an obvious strategy.
The answer, he said, has to do with hardware: Epsons advantage is
its permanent mechanical print heads, as opposed to the
disposable thermal ones used by its chief competitors. Because
Epsons print heads are always connected to the printer, ink can
be piped to them from anywhere a cartridge or a tank on the side
of the printer. More important, because theyre mechanical and not
thermal, they can operate for years without requiring replacement
and are less likely to clog.
Epsons biggest competitor, Hewlett-Packard, has a different
answer to the ink problem: subscriptions. Ranging from $3 to $10
a month, you can get automatic shipments of ink cartridges based
on the pages you print. You pay more if you go over your limit,
and can roll over ink if you dont use it all. But it favors
printers with very predictable use. H-Ps ink subscription may
make sense for small-business owners, but even then, Epsons
alternative is worth calculating out. To me, the thought of an
ink subscription is sickening. Its worth paying a lump sum to
avoid a continuing relationship with my printer maker.
Testing these printers has been reassuringly anticlimactic. The
ET-2550 and ET-4550 all-in-one scanner/printers behaved normally,
and the print output looked almost exactly like what came out of
the nearest comparative model, Epsons XP-420. Theres a slight
difference in the inkthe XP-420 uses a pigment-based ink, which
means it is waterproof when it dries, while most of the EcoTank
printers use dye ink, which makes for nice photos, but may run if
wet.
Photographers looking for precision photo printers should shop up
Epsons line a bit, to the Artisan or Stylus series. People who
just want black-and-white pages should consider a laser printer.
EcoTank printers are meant to be all-purpose workhorses.
Epsons ink gambit doesnt make all printer annoyances go away.
Paper is the other part of the equation. There are still the
occasional sheet-feeding issues, where two pages get pulled in
instead of one. Which is to say, its still a printer. Thats why
Epson offers a two-year warranty on the hardware: If anything goes
wrong during that time, Epson will swap it out for a new one.
After that, youre on your own.
That made me a little sad. After all, we live in an age when its
de rigueur to trash our electronics when they conk out. Buying a
printer for $400 rather than $100 should mean planning to keep it
longer, and maybejust maybepaying to repair it rather than
throwing it out. Epson says it has no system for printer repairs
in the U.S., but that if people keep their printers longer,
perhaps third-party providers will seize the opportunity.
There is another earth-conscious aspect to this: No more plastic
cartridges ending up in the landfill. Youre supposed to bring
your cartridges in when buying new ones, but most of us (myself
included) just toss them in the garbage. With 20 times the ink
that comes in a set of cartridges, the ET-2550 EcoTank printer
automatically saves you from about 80 little pieces of plastic.
If Epson starts selling these printers by the millions, the
planet may be spared whole mountains of spent ink cartridges.
But for most people, its more about the checking account.
Heres the math: If you play by Epsons rules, a $100 printer
using Epson ink could cost you as much as $800 over two years,
so the EcoTank model is just half that. But paying full price
for ink cartridges is a broken concept. If you only buy
off-brand ink for your $100 printer, your total cost, even after
two years, is less than $200.
The decision boils down to this: Will you pay less and deal with
the annoyance of changing ink cartridges and the potential
bootleg ink failures? Or would you pay a few hundred dollars
more up front for a printer that eliminates ink hassles
entirely? (At least for a while.)
Official Touchscreen Display Joins Raspberry Pi Range
The Raspberry Pi is very low cost, but all you get for your money
is the actual bare-bones device itself. You will still need to
add an SD card, cables, a USB keyboard and mouse, and a screen
before you can use it some of which you will likely already
have lying around at home.
There are numerous add-ons available to buy too, including an
official case, and today the Raspberry Pi Foundation introduces
one more addition to its range a superb (and affordable) 7 inch
touchscreen display.
Priced at $60/£48, the 800 x 480 screen only requires two
connections to the Pi power from the GPIO port and a ribbon
cable that connects to the DSI port. The Pi sits behind the
screen, and its a really well thought out design.
Drivers, which support 10-finger touch, and an on screen
keyboard, will be integrated into Raspbian OS, so just grab the
latest version and youre good to go.
The technical specs of the new screen are as follows:
7-inch Touchscreen Display.
Screen Dimensions: 194mm x 110mm x 20mm (including standoffs)
Viewable screen size: 155mm x 86mm
Screen Resolution 800 x 480 pixels
10 finger capacitive touch.
Connects to the Raspberry Pi board using a ribbon cable
connected to the DSI port.
Adapter board is used to power the display and convert the
parallel signals from the display to the serial (DSI) port on
the Raspberry Pi.
The display is compatible with all three of the latest Pi models
the Raspberry PI Model A+, Raspberry Pi Model B+, and
Raspberry Pi 2 Model B. If you have an older model, you might
want to think about upgrading to a new one. It wont break the
bank after all.
Office 2016 for Windows Launches on September 22
iOS isnt the only operating system getting a big Office update
this month. Microsoft will release Office 2016 for Windows on
September 22nd, offering a number of small but notable updates to
the productivity suite. Some of the highlights include real-time
editing by multiple people within the desktop apps, as well as new
design themes. Theres a dark theme and a colorful theme, which
basically just makes the apps look like they already do on
basically every other platform, with big blue, green, red, or
purple bars streaming across the top of each app to correspond
with its icon color.
As Microsoft notes in a blog post, its also releasing new tools
for businesses to manage Office and how its rolled out. That
isnt exactly an exciting Office update, but the implication is
that it should be easier for businesses to stay relatively up to
date.
Microsoft Pushes Windows 10 Upgrade to PCs Without User Consent
Microsoft today confirmed it has been pre-loading the Windows 10
installation bits onto devices whose owners have not "reserved" a
copy or expressed interest in the new OS.
The move has upset some users of Windows 7 and Windows 8.1, who
have complained that the unsolicited downloads have caused them to
exceed their Internet providers' data caps or seized storage space
without their consent.
In a statement, Microsoft acknowledged the practice, which was
first reported by The Inquirer on Thursday.
"For those who have chosen to receive automatic updates through
Windows Update, we help customers prepare their devices for
Windows 10 by downloading the files necessary for future
installation," a company spokeswoman said in an email. "This
results in a better upgrade experience and ensures the customer's
device has the latest software. This is an industry practice that
reduces time for installation and ensures device readiness."
If Windows 7 or Windows 8.1 device owners have Windows Update set
to the default - and Microsoft-recommended - option that lets the
operating system download and install security and other bug
fixes automatically in the background, Microsoft will push the
Windows 10 upgrade files to the drive.
The upgrade, which can range in size from more than 3GB to nearly
6GB, is placed in the hidden "$Windows.~BT" folder, a long-used
destination for Windows upgrades. It will sit there, presumably
until the user expresses some kind of desire to install
Windows 10.
Microsoft has been pre-loading the Windows 10 upgrade on systems
since late July, but it was thought that the practice had been
limited to PCs whose owners had accepted Microsoft's free offer
and "reserved" a copy through an app the Redmond, Wash. company
automatically installed this spring and early summer on virtual
all consumer PCs running Windows 7 Home and 8.1 Home, and on
many machines powered by Windows 7 Professional and Windows 8.1
Pro.
After the Windows 10 upgrade was downloaded to the device, the
user was notified through the app that it was ready to install.
This new scheme, however, is vastly different in that the bits
are downloaded to the device even though the user has not asked
for the upgrade.
Not surprisingly, among the first to notice the
I-did-not-ask-for-this upgrade were people who have data caps
mandated by their Internet service providers (ISPs), particularly
those who relied on a cellular connection to the Internet.
Several commenters in a long thread on Slashdot claimed that they
had exceeded their caps because Microsoft downloaded the massive
upgrade to their hardware without their approval.
"I had to travel recently, so I took a laptop with [a] clean
Windows 8.1 Pro install," wrote one such user, identified only as
"X.25" on Slashdot. "At my destination, I purchased a SIM (they
only had 1GB data packages) and put it into the 3G/W-Fi router I
carry. I powered the laptop, connected to [the] Internet via
said router, checked [a] few things, then went away for [a] few
hours. When I got back to [the] apartment, my data package (and
Internet connectivity) was killed because [the] Microsoft idiots
decided to start downloading Windows 10 even though I have
explicitly closed/rejected all the 'offers.'"
Others didn't appreciate the unwelcome guest that dropped into
their limited storage space. Anyone with a 128GB SSD (solid-state
drive), for example, would be concerned if 5% of their storage
capacity was occupied without their okay.
Some also wondered whether Microsoft would take the next logical
step by either dunning users with notifications urging them to
apply the already-installed upgrade, or make the much more
unlikely move of automatically triggering the upgrade.
The former would, frankly, not be that different from what
Microsoft has already done with those who accepted the free
upgrade and reserved a copy. It's possible that many on the
receiving end of such notifications would approve the upgrade,
and even appreciate the fact that they did not have to wait for
a long download to complete before upgrading. The latter,
however, would be unprecedented, and would almost certainly fuel
a firestorm of protest.
Microsoft did not immediately reply to follow-up questions about
its intentions.
What is also interesting about the upgrade-prep is Microsoft's
defense, that it's an "industry practice."
Although that may be true in limited instances - Google's Chrome
browser, for example, regularly pre-loads updates, which are then
automatically installed the next time the application is launched
- as far as Computerworld knows, it's never been done with either
an operating system or software that demands installation files
of this size. The most common practice for operating systems, by
far, is to begin downloading an upgrade only after the user has
been notified, and then approved the procedure.
Wes Miller, an analyst with Directions on Microsoft, agreed.
"I've seen some tiny apps do it for updates. But not for an OS
upgrade," Miller said in an email answer to a question asking
whether he recalled any similar examples.
Yet Another Thing Exposed in The Ashley Madison Hack:
Ridiculously Bad Passwords
When data from the massive Ashley Madison hack first leaked
online, one tiny bright spot was that researchers said the
company appeared to use a strong algorithm to encrypt users
passwords. But now one group says it already decoded more than
11 million passwords because programming errors in how that
encryption was applied left the information less secure than
originally thought.
And the passwords unearthed by the decoding hobbyists, known as
CynoSure Prime, so far suggest that many who were seeking thrills
on the infidelity-focused site had poor digital hygiene.
The top password uncovered so far: 123456, according to Ars
Technica. The other passwords that made the top five aren't much
better: 12345, password, DEFAULT, and 123456789.
But those (awful) passwords shouldn't be too surprising: By some
surveys, "123456" has been the most popular password uncovered in
data breaches during the past two years.
As a quick reminder, using super common passwords makes it much
easier for bad guys to just guess their way into your accounts.
And it's a bad idea to reuse passwords, too -- otherwise, a
malicious hacker might be able to leverage a password uncovered
in one breach to break into one of your other personal accounts.
How To Keep Track of Your Passwords Without Going Insane
In light of recent cyber security breaches, here are the best ways
to protect your passwords.
We can probably all agree that the password system, as it stands
today, just isn't working. With the constant security breaches in
the headlines, we're told regularly to beef up our passwords. But
even if we know how to make strong passwords, it's a pain to keep
track of them all between every bank account, retailer and app
demanding its own unique log-in.
So how can you escape password hell? Or at least snap out of your
apathy before a hacker steals your information? We've ranked your
options from the most low-maintenance to the most rigorous - for
people who want to go the extra mile.
Password managers such as Dashlane - which runs on Mac, Windows
iOS and Android - are one way to navigate through password hell.
None of the following suggestions are perfect, by any means - just
tips for staying sane in a crazy system. But it turns out that
there are some surprisingly easy solutions for this very modern
problem. And whatever you do, remember: Anything is safer than
using the same password over and over again. Even if it's a really
good one.
Easy (aka, lazy) methods
1. Write them down.
Alright. This might sound crazy right off the bat. But one really
easy way to keep track of your passwords is to write them down -
on paper. Yes, conventional wisdom has said for years that that's
a bad idea, and you're in huge trouble if you lose your list. But
with so many accounts to juggle nowadays, chances are that you'll
be tempted to reuse your passwords if you can't remember all of
them. So, writing them down isn't so nutty.
Ideally, you should memorize your most important passwords. But
even security expert Bruce Schneier has recommended writing down
passwords and treating that list like you would any other
valuable document, which is to say with a high degree of
security - no sticky notes on your monitor that say
"conglomeratebank.com: jdoe/password123."
As illustrated above, there are definitely bad ways to do this.
Getting into an account normally means having to know three
things: the location of the account, a username and a password.
If you can manage it, don't put all three of these pieces of
information in the same place. Similarly, don't do silly things
like keeping your bank account password next to a credit or
debit card that has your bank's name on it.
What if you want to write everything on a spreadsheet stored on
your computer? The same rules and risks apply. And if you want
to put that file in the cloud, the stakes are even higher. A
cloud spreadsheet is not the place for your most sensitive
accounts. If you must do this, confine your
cloud spreadsheet to
the accounts you would be reasonably okay with getting hacked.
And at a minimum, name the file something other than
"Passwords."
2. Rely on a major company such as Facebook, Twitter or Google
to log-in.
Another easy option is to place your faith in a company like
Google, Facebook or Twitter and use their networks to log in to
other sites whenever possible. You know those "Log in with
Facebook" buttons?
That's what we're talking about here. It won't work for every
site, but social network log-in is widespread enough that it could
definitely cut down the amount of passwords you have. If you do
opt for this method, though, make sure that the password you use
for your social network of choice is rock-solid.
3. Reset your password - every time.
And finally, one simple - admittedly inconvenient - method is to
go through the "Forgot your password?" spiel each time you log
into some sites. That's too much of a pain for sites you use
frequently, such as your e-mail or your bank. But it's not a bad
fallback strategy for those services you use less often and are
most likely to forget anyway - such as the account you made at a
retailer's Web site to get free shipping that one time.
Advanced
1. Password managers
There are a number of services that will help you manage your
passwords, such as 1Password, LastPass or Dashlane, though you'll
have to pay a fee for some features. These services all differ
slightly but work on the same basic principle: Each is an online
storage locker of your passwords, all hidden behind a single
password that only you know (meaning you can't recover your
master password from anywhere but your brain). Password managers
also offer other perks, such as a place to store secure notes,
credit card numbers or information for filling in Web sites. You
just have to install the programs into your Web browsers to
record your login information as you surf.
LastPass is free, but costs $12 a year if you want to sync
passwords on multiple devices, such as between your phone and
computer. It runs on a variety of platforms, including Mac,
Windows, iOS, Android and Blackberry. (Courtesy of LastPass)
Password managers are convenient, and will even randomly generate
strong passwords, such as "eG7nIs0daud3Taw," for your accounts
and then remember those crazy things for you in their vaults. To
access your various passwords as you surf, all you have to do is
click on a handy button on your browser and choose which account
you need to fill in your information.
Each has its strengths and weaknesses. Dashlane is probably the
easiest to use and the prettiest to look at. LastPass is
compatible with a wide range of devices. And 1Password is
comprehensive but expensive.
How much do they cost? 1Password has a one-time $50 cost for Mac
or Windows, $18 for iOS and $10 for a full version of the app on
Android devices. LastPass and Dashlane are free, but if you want
to sync across multiple devices - say your cellphone and your
computer - you'll need to upgrade to the premium versions.
LastPass costs $12 a year; Dashlane costs $30 a year.
1Password, by AgileBits, has versions for iOS, Android, Mac and
Windows.
The two main downsides to password managers are that one, yes,
you're still storing everything in one place and depending
heavily on that service's security. And second, you're helpless
if you don't have access to your locker for some reason - for
example, if your employer doesn't let you download software onto
your work computer.
2. Isolate your information.
Not that into paying? Another option is to create an e-mail
account that's linked to just your most sensitive online accounts
- financial accounts, namely - and don't use it for anything
else. The fewer ways that criminals can link your various
accounts to build a profile of you, the better. Having a separate
e-mail account makes it harder for criminals to connect the dots
they need to crack security questions, like those that ask for
your maiden name or your pets' name. So maybe they won't figure
out that the Judy Smith whose banking password they just
obtained is the same as the Judy Smith who lists her maiden name
and pets' names in her Facebook profile.
=~=~=~=
Atari Online News, Etc. is a weekly publication covering the entire
Atari community. Reprint permission is granted, unless otherwise noted
at the beginning of any article, to Atari user groups and not for
profit publications only under the following terms: articles must
remain unedited and include the issue number and author at the top of
each article reprinted. Other reprints granted upon approval of
request. Send requests to: dpj@atarinews.org
No issue of Atari Online News, Etc. may be included on any commercial
media, nor uploaded or transmitted to any commercial online service or
internet site, in whole or in part, by any agent or means, without
the expressed consent or permission from the Publisher or Editor of
Atari Online News, Etc.
Opinions presented herein are those of the individual authors and do
not necessarily reflect those of the staff, or of the publishers. All
material herein is believed to be accurate at the time of publishing.