April 15, 2014

Are you 'Heartbleeding'?



Are you afraid of the internet security bug CVE-2014-0160, commonly known as “Heartbleed”?. The bug was discovered on 7 April 2014, by Google researcher Neel Mehta and security firm Codenomicon, who were working independently. It affects OpenSSL which is an open-source software package for the Secure Sockets Layer (SSL) protocol. SSL is meant to prevent someone from eavesdropping on you while you are browsing the Internet by encrypting your data. This bug puts many users’ personal information on a multitude of websites at risk.

The Heartbleed bug is a very serious online security breach, since internet browsing and social networking is vastly popular around the globe. This breach allows the hackers to get bits of your personal information without leaving a trace. Unfortunately, there is no way for you to discover if your information has been stolen or not. Websites that handle e-commerce or personal information, including passwords, usernames, and credit card information are naturally riskier. In case you thought that it couldn’t get any worse, this bug also allows attackers to steal a server’s digital keys, allowing them to get access to a company’s internal documents.

You’re probably wondering how this bug works. The Heartbleed bug allows 64 kilobytes (kB) of server memory to be accessed by the attacker. It doesn’t seem like a major problem, but when attackers perform this task repeatedly, they can secure quite a bit of information. It allows them to get not just the usernames and passwords, but also all the cookie data that Web servers use to save log-in information and to identify users. According to the Electronic Frontier Foundation, by repetitively attacking, it could allow attackers to retrieve sensitive information. This information can allow someone to run a fake version of a website and use it to steal all the information like credit card numbers and private messages.


Although many websites can be affected by the bug, there are sites that does not use OpenSSL, or uses the earlier version of the software. The versions of OpenSSL that are affected are 1.0.1 through 1.0.1f. Some tech giants that support Perfect Forward Secrecy (PFS), like Facebook and Google, can prevent this bug from attacking. PFS is designed to prevent attackers from decrypting an encrypted key they retrieve from the bug by generating a new key periodically. If an attacker did get an encryption key out of a server’s memory, they will not have enough time to decrypt the key before the new key is generated. This does not solve the problem, but it does mitigate it.

If you are worried about your personal information getting stolen, you can check which websites are vulnerable to the bug by entering the link to testing sites that have created by developers and companies. LastPass, a password management software developer, has created a nice Heartbleed checker. If the websites were recently patched, the checker would give you a green flag. But you should still proceed with caution, and obviously stop using the red flagged sites until it’s patched. An article written by Mashable included a list of compromised sites, it gives you a general idea of which websites were/are affected, and if you need to change your passwords. Either way, it’s important to change your passwords in case, and to avoid using the same password on multiple sites.

Heartbleed is a serious bug and there might be other security flaws lurking around the Web waiting to hunt you down. You should always watch out on what you do online.

Source - Codenomicon

April 14, 2014

Review: Razer Blackwidow 2014


Razer has refreshed its Blackwidow keyboard series with a model for the new year, the Razer Blackwidow 2014 Edition (no, it’s different, I swear). It shares the same name as its predecessors and similarly, it uses mechanical switches. Unlike previous models, the new Blackwidow doesn’t use Cherry MX keycaps, which are the go-to choice for manufacturers of mechanical keyboards. Instead, the 2014 Blackwidow uses new Razer designed switches. The 2014 edition (hereon, the Blackwidow) comes in three variants: the standard edition, an ultimate edition, and finally, a tournament edition. The tournament addition opts for a smaller form factor by removing the numpad; the ultimate edition gets backlit keys. All three variants are available with green and orange (silent) key switches. Neither of these are to be mistaken for Cherry MX green or orange switches. Razer provided us with the Blackwidow Ultimate for review.


The keyboard comes in standard Razer packaging identical to the previous versions. There is no clear indication that this is the 2014 edition as they didn’t do much to distinguish it from prior Blackwidows. The only indication that this is the newer model is the circle in the bottom right of the box which indicates that the keyboard uses the new Razer key switches which are new to this year’s edition.


Inside the box you find everything you expect to see from Razer. You get the standard assortment of promotional material as well as guides, a certificate, and most importantly, the stickers.


Alongside the accessories, you find the keyboard itself. When it’s off, the exterior is identical to the previous 3 versions of the Razer Blackwidow. Like they say, “if it ain’t broken, don’t fix it”. The keyboard has a matte black finish on it with soft-ish touch plastic which fends away fingerprints, unlike glossy keyboards. On the least-looked-at part of the keyboard, the bottom, we find 5 rubber anti-slip pads distributed around the corners and bottom edge of the keyboard. There are also two additional feet that fold out for additional height which also have a rubber tip on them.


On the right side of the keyboard, we find a USB 2.0 pass-through as well as two 3.5 mm jacks for a headphone and a microphone.


Once the keyboard is plugged in, we find that it shares the same green backlight as last year’s model. The keyboard also has a green metal backplate which helps to even out the green glow, which is already good, as each key has its own LED, with the exception of the spacebar and the FN key. The Blackwidow offers 22 steps of brightness adjustment so there will certainly be a level that is comfortable for you.


As far as multimedia controls go, we find the audio controls (mute, volume up/down), media controls (next, play/pause, back), gaming mode, sleep, macro recording, and keyboard backlight brightness controls. All media control keys share the same key as the F1-12 keys so the function (FN) key will need to be pressed to use them.


Keeping in line with Blackwidow tradition, there are 5 programmable macro keys on the extreme left edge of the keyboard.


Taking a look behind the keys, we find the new Razer key switches which come in a green variant, as well as an orange variant. The green variant is a loud clicky version similar to the Cherry MX Blues and the orange variant is a quieter version similar to the Cherry MX Reds. Although they are quite similar visually and mechanically, they are quite different. Razer’s new switches use the same Costar stabilizers and plus-shaped keycap mounts, so you can mount Cherry MX keycaps on them. As shown in the graph below, the Razer switches have a shorter actuation point. That means means that a shorter distance of key travel is needed to actuate the key, which will reduce the time before you can press the same key again.

Like many other Razer products, the Blackwidow takes advantage of the Razer Synapse 2.0 software. If you already own a Razer product, installation is as simple as plugging in the keyboard and letting Synapse take care of the rest. If not, then Synapse can be downloaded off the Razer website. 

The first tab allows you to customize the keys on your keyboard. You can also set your Blackwidow up so that the profile automatically changes for a specific application. You can also assign macros to any key on the keyboard. 

The second tab allows you the change the backlight’s brightness. You can also set the keyboard to “pulsate”, which fades the lights in and out.. Similarly, lighting can be automatically changed for specific programs.

The last tab refers to the gaming mode available on the keyboard which allows you to disable certain keys on the keyboard such as the Windows key.


The new Razer switches do build upon the complaints from Cherry switches in regards to gaming. There is a noticeable difference while gaming, as the new Blackwidow allows for faster repeated key presses. Razer stays true to its word - the key switches were designed solely with gaming in mind, so typing quality does suffer. The keyboard has a different feel while gaming and typing in comparison to the Cherry key switches, which depending on how you use your keyboard may be in your favour. Razer claims a 10-key rollover which is more than enough considering you only have 10 fingers, two of which are resting on the spacebar, but I found that up to 14 keys can be pressed without an issue. The keyboard is extremely rigid thanks to its metal backplate. As a result, the keyboard doesn’t flex when twisted. It has a solid feel which matches its price and feels like it will last, with Razer quality drastically improving from past lows. During gaming sessions, the keyboard feels good to use but the lack of a wrist rest may cause strain during long periods. I found it easier to not bottom out the keys thanks to the shorter actuation distance, which results in less audible typing. First time mechanical keyboard users may have to get used to the taller keys, larger travel distance, heavier actuation force, and sound, but the Blackwidow is a step up from it’s predecessors and competitors thanks to the new Razer switches. Aside from its learning curve, I have no complaints. I would highly recommend this to gamers who are looking for a new keyboard and do more gaming than typing.

April 1, 2014

Happy April Fools' Day!

It's April Fools' Day (again), and that means that it's time for a ton of hilarious and entertaining jokes from your favourite technology companies!

 Screenshot_2014-03-31-21-38-53[1].pngScreenshot_2014-03-31-21-39-55[1].pngScreenshot_2014-03-31-21-40-15[1].png

Become a Pokémon Master!



Google is now offering a new job, the Pokémon Master! They only hire the best of the best; those who catch all 150 pokemon hidden throughout Google Maps. If you think you have what it takes, head onto Google Map and “Press start” in the search bar. You may need to update to the latest version of Maps, if you havent already.

To find the right person to become Pokémon masters, the tech giant has prepared "the most rigorous test known to man". You and your trusty iOS or Android phone will have to wander through various terrain to find and catch all the wild Pokémons around the world. They could be hiding anywhere; in cities, up in the sky, in vast fields, deep in caves, and even underwater.

Google’s New “Magic Hand”

Google_Magic_Hand_01

The Japanese Google team has been hard at work to bring you the Magic Hand for your touchscreen device. Its convenient solution has you using the joystick to control a customizable plastic hand to touch the screen for you. They even included two USB inputs for a keyboard when your thumb gets too tired! In the works is a portable tie version for portable usage.

Nest Announces Partnership with Virgin America


Strap on your seatbelts ladies and gentlemen, your flying experience is about to get a whole lot better. Nest, a Google company, has partnered with Virgin America to bring “Total Temperature Control”. This allows the passenger to select any kind of temperature they desire, such as ‘Tropical Paradise’ or ‘Chicago Polar Vortex’.

In a YouTube video, Nest CEO Tony Fadell and Virgin Chairman Richard Branson shows how Total Temperature Control is being implemented fleetwide on Virgin America.

Gmail Shelfies

Gmail_Shelfie

In 2012, Google released customizable inbox themes, which allowed Gmail users to make their inbox their own. Users were deeply disappointed when they found out they could not share the beautiful pictures of themselves for their inboxes. Google responded quickly they will be unveiling sharable selfies (hence, shelfie) this year!

Selfies are so last year, share your shelfies today!


This article was co-written with Benson Pan.

March 23, 2014

Gmail increases encryption to keep the NSA out

After what they referred to as "last summer's revelations", nodding to whistleblower Edward Snowden's leak, Google has ramped up encryption for Gmail. Since 2010, Gmail has used an encrypted HTTPS connection to connect your device to their servers. Now every message will also be encrypted when moving between Google's data centers around the world.

NSA Google Leak
Leaked document indicating the NSA's methods of accessing Google.
One of the ways the National Security Agency (NSA) was able to breach security measures was to intercept messages as they moved between data centers. Previous emails were not encrypted during these transfers. This new measure to increase privacy should thwart at least one of the methods the NSA has in it's arsenal for accessing email messages. Google claims that "no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you're using public WiFi or logging in from your computer, phone or tablet."

Nicolas Lidzborski, the Gmail Security Engineering Lead, said on Thursday that increasing email privacy and security is "something we made a top priority". He also went on to mention that Gmail was available 99.978% of the time in 2013. While Google did not mention anything about other services such as Drive or Calendar, they seems to be heading the charge in the fight for privacy, especially in comparison to Microsoft, who recently accessed Hotmail accounts to identify an intellectual property leak.

Source - Google

Cheaper 8GB iPhone 5C Surfaces

8GB iPhone 5C
The new 8GB model will still be available in all of the original colours.
This past week, a lower-capacity, 8GB iPhone 5C has gone on sale in the United Kingdom, France, Germany, Australia, and China.

This even cheaper phone is currently being sold unlocked for £429 ($798) in the United Kingdom. In France and Germany, the phone goes for €559 ($873) and for A$679 ($690) in Australia. Not surprisingly, the lower-cost iPhone 5C’s are also on sale in China for ¥4088 ($740).

The 8GB iPhone 5C has half of the storage than the previous cheapest iPhone 5C (16GB). But for only £40 more, you can double the iPhone 5C’s storage. Another option is the iPhone 4S, which is still available for purchase. While the iPhone 4S is Apple’s cheapest smartphone at the moment (£349), the iPhone 5C is the most affordable phone from Apple that offers 4G connectivity.

The 8GB iPhone 5C may be great for a buyer with a really tight budget, but a better buy for those with a more flexible budget would be paying that extra £40 more for the 16GB model.

No one knows exactly why a lower-cost model was released but statistics suggest that it was due to the poor iPhone 5C sales around the world. Unlike the iPhone 5 and 5S, which saw record breaking sales months after their releases, the iPhone 5C is still having trouble selling.

The lower-capacity phone has yet to be seen in North America.