Symantec Is Ditching Antivirus for an All-in-One Norton Security Suite
In May, Symantec's senior vice president for information security, Brian Dye, said something kind of amazing. He bluntly stated that antivirus is dead. But he hadn't gone totally rogue, in spite of the fact that he works for an IT security company best-known for its antivirus products. Symantec as a whole was preparing to shift gears. Now Norton Security is here.
If you've always been kind of confused by the difference between Norton Antivirus, Norton Internet Security and Norton 360 (which comes in Multi-Device and Premier Edition versions) you will never have to learn! That's because Norton Security is an effort to merge Norton products into one subscription service. Instead of paying for different components to protect against different things, it'll all be there in one place.
You'll be able to register as many as five devices on your Norton account across desktop and mobile—Windows, Mac, Android, and iOS will all be supported. And if you want cloud storage for backups you can pay more for Norton Security with Backup. That's it.
Norton Security is still in beta, but CNET reports that the ballpark for pricing is around $80 to $100, comparable to current Norton offerings. Hopefully the new product will be a step toward taking cybersecurity out of the dark ages for home users, and providing easier access to new techniques as cyberdefense strategies continue to evolve. It can't be more annoying than the old Norton.
Imgur, Reddit Team Up for Web Data Research Platform Aptly Named DERP
Since they have such extensive data access, Internet services experimenting on their users isn't really surprising. But as examples of the practice trickle out, people have felt increasingly uncomfortable. Now Imgur, Reddit, FARK, Stack Exchange, and Twitch are all partnering to create a platform where academic researchers can do transparent and publicly accessible data projects.
And it's aptly named the Digital Ecologies Research Partnership ... or DERP!
A statement on the site explains:
It remains difficult to conduct good cross-platform analyses in academic research. By bringing a number of community sites together under a single cooperative effort, we intend to lower the friction of doing so ... DERP will only support research that respects user privacy, responsibly uses data, and meets [institutional review board] approval.
This doesn't preclude companies from keeping a private stash of data if they want to, but DERP is meant as a pipeline for academic inquiries and data requests. A list of DERP fellows includes researchers from Harvard, MIT, Georgia Tech, and other institutions.
Tim Hwang, Imgur's head of special initiatives, told the Guardian that, “In most cases, the data provided through Derp will already be accessible through public APIs. Our belief is that there are ways of doing research better, and in a way that strongly respects user privacy and responsible use of data.”
Hwang points out that DERP can assist with research into things like social interaction and information sharing on the Web, as in Stanford's altruism study on Random Acts of Pizza (a subreddit) that was published in May.
It doesn't change a company's ability to do what it wants with your data, but at least DERP has a chance of making academic Internet study less, well, derpy.
Another Unpronounceable Icelandic Volcano Is Getting Ready to Explode
With a fidgety volcano on their hands, officials in Iceland have begun preparations for what could be a busy week.
An intense earthquake swarm began Saturday deep beneath Bárðarbunga, Iceland’s largest volcano complex. (Here’s how to pronounce it.) As of Tuesday, the Icelandic Met Office cautions there’s no evidence yet of magma moving toward the surface or that an eruption is imminent. Still, Iceland is springing into action, which suggests the threat is real. These people know their volcanoes.
Due to the weekend’s heightened seismicity, on Monday the Icelandic Met Office raised its aviation color code for Bárðarbunga to orange to signify a “heightened or escalating unrest with increased potential of eruption.” (In response, the stock price of Icelandair fell by 4.35 percent.)
Prime Minister Sigmundur Davíð Gunnlaugsson met with civil defense officials on Monday, and roads near the remote volcano have been closed. Iceland Magazine reports that Iceland’s National Commissioner of Police has declared a Civil Protection Uncertainty Phase, increasing surveillance of the volcano and its surroundings. The Icelandic Coast Guard deployed additional seismic monitors by helicopter over the weekend.
The Icelandic National Broadcasting Service has positioned a webcam to keep an eye on the volcano.
How likely is an eruption? And how bad could it be?
Bárðarbunga is a big volcano directly beneath Iceland’s largest glacier. Over the past 10,000 years, it has erupted “more lava than any other volcano on the planet.” Still, not much is known about it, mostly because it sits below so much ice. Plus, the last major eruption here was more than 100 years ago.
In a country so defined by its seismicity, even the politicians are scientists. Geologist Ari Trausti Guðmundsson was a presidential candidate in 2012, and he laid out a broad overview of possible scenarios in a blog post Monday:
It is impossible to predict how the processes will develop. A volcanic eruption could start under the ice east or north of Bardarbunga. In this case it would produce ash and pumice but in unknown quantities and with an unknown force. A large flood (jökulhlaup) is not to be ruled out and the flood path would most likely follow the glacial river Jökulsá á Fjöllum in the northeast of Iceland.
An eruption could, however, commence outside of the Dyngjujökull outlet glacier as a lava-producing event. In that case, air traffic disturbance is highly unlikely.
The third scenario would be a combination of the other two.
GPS measurements from a station just north of Bárðarbunga in recent days show movement well beyond the bounds of readings taken over the last year.
Via an email conversation, Gísli Pálsson, an anthropologist at the University of Iceland agreed that even in Iceland, an earthquake swarm like this is raising eyebrows. “There is a risk of false alarm, but on the other hand we should try to be objective and say something immediately. The alarm signal is orange and rescue teams are preparing for eruption. This could either be outside the glacier, with floods to the north, or under the glacier, with risks for air travel.”
An Icelandic anthropologist at the University of Oslo, Ásdís Jónsdóttir, said that judging by the region’s history, a large-scale event isn’t out of the question:
It is perhaps interesting to note that the theory is that Iceland is formed because a hot-spot and the mid-Atlantic ridge coincide. This part of Iceland (Bárðarbunga-Grímsvötn) is thought to be at the center of the hot-spot. Bárðarbunga and Grímsvötn have fed some of the largest eruptions in Iceland, such as the catastrophic 1783 eruption in Laki (not situated under the glacier) which is the greatest natural disaster in Iceland's history. There are also signs of huge floods from this area in northern Iceland before the settlement—such as the canyons of Ásbyrgi and Jökulsárgljúfur in northern Iceland.
In a post on his blog late Monday, geologist Carl Rehnberg went a step further, saying an eruption is now probable, and a small one may have in fact already begun somewhere deep below the ice. Until we get official confirmation of this, he’s assembled a comprehensive list of ways to track the volcano.
Rehnberg’s (unofficial and admittedly unlikely) worst-case scenario is frightening: “Forget flying for half a year.” His disclaimer? “What I write are just the musings from someone who has read everything ever published on Icelandic volcanism. A lot of what is happening is in unknown territory.”
His team at Volcano Café made a scouting flight over the area on Monday to see what they could see. The photos are stunning.
Should the volcano erupt on Tuesday (and again, there are no official indications an eruption is imminent), upper level winds are aligned such that ash would be transported southwards toward the UK, Ireland, and France. I ran a volcanic ash trajectory model, with results below:
A 2010 eruption of the Eyjafjallajökull volcano shut down most of Europe’s air travel for days. In an interview on Monday with The Conversation blog, British volcanologist Dave McGarvie said a similar eruption today wouldn’t cause nearly as much disruption, thanks to changed guidelines and improved ash forecasting.
He’s been the most active scientist on Twitter covering the volcano:
#Bárðarbunga. Speculation 1. Most quakes outside caldera = likelihood of basalt fissure erupion. If so, good news for air travel.-- Dave McGarvie (@subglacial) August 17, 2014
#Bárðarbunga. Speculation 2. If eruption is under ice - expect meltwater. Basalt can melt x14 times its volume of ice (ideal conditions).-- Dave McGarvie (@subglacial) August 17, 2014
5/5/ #Bárðarbunga didn't get to be so massive by sitting around doing nothing for centuries.... "Good night, and good luck" (E Murrow)-- Dave McGarvie (@subglacial) August 17, 2014
He also shared some stunning photos from his fieldwork:
Thanks to Ben Orlove at Columbia University for arranging the email thread with the Icelandic anthropologists.
Why Do So Many Scams Make It Into Microsoft’s Windows Store?
Sometimes people—like those who work at Slate—make fun of Windows Phone, because Microsoft’s mobile platform has real problems that hold it back. For one thing, the operating system hasn't been able to pick up momentum in terms of attracting developers to submit third-party apps. And it seems that, to try to bulk up the number of apps it does offer, Microsoft has gotten too lax about approvals for the Windows Store. There are scams everywhere.
In an investigation, How-To Geek points out that searching for services like popular media player VLC turns up a number of scams alongside the real app. And the fakes look really similar. In the case of VLC, some dummy versions cost money—even though the real software is free—and once a user pays, the fake app just leads them to the free download, or might install malware instead.
As How-To Geek notes, "Within half an hour we managed to find fake paid versions of Adobe Flash Player, Firefox, Pandora, IMDB, Candy Crush Saga, Wechat, WhatsApp, uTorrent, Picasa, Bluestacks, Minecraft, Spotify, Google Hangouts, Picasa, Clash of Clans, Blender 3D, and a lot more." These are all apps that are supposed to be free (and if you go to the Windows Store now you can try this experiment for yourself). Microsoft hasn't responded to a request for comment. [Now they have. See update below ]
The worst part: It seems that Microsoft is not only letting these apps through its review process, but has been effectively encouraging them—the company ran a promotion in March 2013, for example, offering developers $100 an app up to $2,000. So if you submitted an amazing app that took you months to create you got $100, and if you submitted 20 lousy scam apps you got $2,000. Not exactly an incentive structure that enourages quality. (How-To Geek points to an Archive.org page about the promotion; it's gone from Microsoft's own site.)
In April, Microsoft reported that Windows Phone was boasting 400,000 available apps, but if you search around you'll quickly see how many of those aren't genuine. Just for some perspective, Google and Apple's mobile app counts are both hovering around 1.2 million each right now. Plus both Apple and Google tightly control their stores by putting apps through intensive review and removing anything that gets past them that users later report. Maybe Microsoft is bitter because Windows Phone is the butt of a lot of jokes, but maybe those jokes would die down if the company got better at nurturing its developer community.
Update, August 19, 2014, 3:50 p.m.: A Microsoft spokesperson sent me this statement about the Windows Store spam apps:
We strive to make the Windows Store a high-quality experience for customers and also accessible to the broadest audience of developers. Based on customer and developer feedback, we recently took actions to help users discover the specific app titles they’re searching for and improve the overall Store experience. Those updates provide clear guidance to developers and also improve our ability to identify, audit and remove problematic apps. We recognize that there is more work to do and will continue to re-evaluate our policies to strike a balance between the opportunity for developers and the app quality that our customers expect.
Not exactly a targeted action plan, but at least the company is admitting that there's an issue here.
Chinese Hackers Accessed 4.5 Million People’s Hospital Records
Hospital operator Community Health Systems admitted on Monday in a U.S. Securities and Exchange Commission filing that it was hacked in April and June. The data compromised in the hack was connected to 4.5 million people.
Community Health Systems is working with cybersecurity firm Mandiant to investigate the breach and respond. The SEC filing describes the hackers as “an ‘Advanced Persistent Threat’ group originating from China”—that's the same language Mandiant used to describe alleged hacking by the Chinese Army last year. The filing goes on to describe a sophisticated malware attack that got around CHS's network security. The company functions in 29 states, operating 206 hospitals.
The stolen data is related to patients who were referred to or from physicians connected to CHS. It's quite the little trove of personal data, too, though it's all non-medical. CHS says that patient names, addresses, birthdates, telephone numbers, and Social Security numbers were all compromised. The company is reaching out to everyone whose information was potentially exposed.
CHS has eliminated the malware and is working on shoring up its defenses. It's unclear what motivated the hack, or why the personal data was valuable to the intruders, since CHS told the Wall Street Journal that this hacker group is typically looking for more general industry information. To check whether you've visited a CHS hospital in the past five years, check this map (an interactive version of the one above). CHS is offering identity theft protection to everyone affected by the hack.
Unfortunately, large-scale data breaches like this feel pretty normal these days. CHS even told the Journal that it doesn't think the hack will affect its financial results. Not a great incentive to make security improvements.
Intel Is Launching Fitness-Tracking Earbuds, Hoping 50 Cent Will Make Them Cool
Intel processors are everywhere, but the company isn’t exactly known for lifestyle products. Meanwhile, 50 Cent’s company SMS Audio isn't known for its tech. Bring the two together, though, and what do you have? Well ... another awkward corporate partnership.
The two groups are joining forces to launch earbuds that do biometric tracking and are geared toward fitness. The idea is to reduce the number of gadgets users carry around instead of adding to them with a smartwatch or other wearable. The headphones are wired and draw power through the standard 3.5mm headphone jack to keep the sensors up and running without charging. They measure heart rate and sync to a smartphone app. The price hasn't been announced yet, but other SMS Audio earbuds currently cost between $79 and $399 (unless they’re on sale).
The concept is pretty clever. The headphones use accelerometers to make sure the heart rate data collected by the optical sensor isn’t thrown off by exercise motion, and the app can even choose the songs that come on over the headphones by matching tempos to the user’s heart rate.
"The wearable technology collaboration between SMS Audio and Intel elevates our capability to bring smart exercise to consumers," Brian M. Nohe, the president of SMS Audio, said in a press release.
The Wall Street Journal reports that there isn’t an Intel chip inside the earbuds, but that the company did much of the product engineering and software design. Don't worry, guys, Carmelo Anthony is an investor in SMS Audio. This is gonna be fine.
Hackers Could Use Your Smartphone’s Gyroscope as a Microphone to Listen In
No device is too small to be potentially hackable. Sure, it might be useful for a criminal to gain access to your entire laptop or smartphone, but it could be just as valuable to hack your laptop’s built-in webcam or your Bluetooth keyboard, depending on what the end goal is. And each sensor inside a bigger device is a potential battleground. Even the gyroscopes in smartphones can be taken over by a hacker and used for something else.
Researchers from Stanford and from Israel’s Rafael defense group have found a way to turn a smartphone’s gyroscope—the sensor that uses gravity to orient a smartphone—into a microphone for eavesdropping. The group created an app called Gyrophone that analyzes the soundwaves the gyroscope picks up, and on Android phones there's no way to deny an app access to the sensor.
As Wired explains, smartphone gyroscopes have a small plate inside them that moves when the device moves. But this plate also vibrates, and the researchers used a feature in Android to measure the vibrations at 200 hertz, 200 times per second, enough to pick up human voices. The researchers found that if they ran their custom speech recognition software on a stream from a gyroscope, it could correctly identify 65 percent of numeric digits a person said while in the same room as the smartphone.
The clarity obviously isn’t great, but the technique would only need a little improvement to be a serious problem for anyone reading their credit card number over the phone. And it could be used for other purposes, too, as the technology improves. The researchers’ speech recognition software can already tell what gender a speaker is 84 percent of the time.
Stanford computer security professor Dan Boneh, a member of the group, told Wired, “It’s actually quite dangerous to give direct access to the hardware like this without mitigating it in some way. ... there’s acoustic information being leaked to the gyroscope. If we spent a year to build optimal speech recognition, we could get a lot better at this. But the point is made.”
Downloading an untrusted app is one thing, but Wired points out that you could even be at risk by navigating to unsecure webpages in Firefox’s mobile browser. Safari and Chrome for Android limit gyroscope readings to 20 hertz, but Firefox allows the whole 200 hertz.
iOS devices are slightly more protected from the gyroscope hack. iOS still lets any app access the gyroscope without user permission, but apps can only get 100 hertz readings from the gyroscope, which lowers the chance of being able to overhear anything.
The research will be presented at the Usenix security conference next week and could motivate changes in Android if Google feels so inclined. This is fixable! But it certainly feels like there will always be something.
The Global Internet Is Being Attacked by Sharks, Google Confirms
The Internet is a series of tubes ... that are sometimes attacked by sharks.
Reports of sharks biting the undersea cables that zip our data around the world date to at least 1987. That’s when the New York Times reported that “sharks have shown an inexplicable taste for the new fiber-optic cables that are being strung along the ocean floor linking the United States, Europe, and Japan.”
Now it seems Google is biting back. According to Network World’s Brandon Butler, a Google product manager explained at a recent event that the company has taken to wrapping its trans-Pacific underwater cables in Kevlar to guard against shark bites.
Google confirmed to me that its newest generation of undersea cables comes wrapped in special protective yarn and steel wire armor—and that the goal is to protect against cable cuts, including possible shark attacks. Here's an old video of what that looks like, in case you were wondering:
To digress for a moment, it’s not clear that the coating Google is using is actually Kevlar, per se. A little searching on Google’s own handy website reveals that the company actually holds a patent of its own for a material called “polyethylene protective yarn.”
It makes sense that Google would be investing in better ways to protect transoceanic data cables. Over the years there have been several instances in which damage to undersea lines resulted in widespread disruptions of Internet service. Dependable network infrastructure has become increasingly essential to Google’s business, which relies on ultra-fast transmissions of information between its data centers around the world.
On Monday, Google infrastructure czar Urs Holzle announced that the company is helping to build a new trans-Pacific cable system connecting the United States to Japan at speeds of up to 60 Tbps. “That’s about 10 million times faster than your cable modem,” Holzle noted. Google’s partners on the project include China Mobile and SingTel.
Why are sharks attracted to undersea data cables? Unclear. Several outlets have pointed out that sharks can sense electromagnetic fields, so perhaps they’re attracted by the current. Alternatively, a shark expert from Cal State-Long Beach suggested to Wired, they may just be curious. Anyone with a dual expertise in chondrichthyan behavior and electrical engineering is warmly invited to offer a more compelling explanation in the comments below.
Regardless, it’s clear their powerful bites can cause real problems. Popular Science dredged up a 2009 UN Environmental Program report that includes the following rather convincing background information:
Fish, including sharks, have a long history of biting cables as identified from teeth embedded in cable sheathings. Barracuda, shallow- and deep-water sharks and others have been identified as causes of cable failure. Bites tend to penetrate the cable insulation, allowing the power conductor to ground with seawater.
Forget Google vs. Apple, Google vs. Amazon, and Google vs. Facebook. My new favorite tech rivalry is Google vs. shark.
Previously in Slate:
The Creator of Pop-Up Ads Issues a Public Apology
We've suffered. We’ve cried out in despair. We’ve given up and gone to bed in defeat. We know outrage. We lived through the pop-up riddled Internet of the late ’90s and early 2000s. And we are changed because of it.
But hearing an apology helps.
In an essay for the Atlantic, Ethan Zuckerman, the director of the MIT Center for Civic Media, makes a stunning admission: “I wrote the code to launch the window and run an ad in it. I’m sorry. Our intentions were good.” Zuckerman details his time at Tripod.com, a startup that perpetually and wildly reinvented itself during the dotcom bubble until it found an approach—advertising—that got it funded and later acquired.
As Tripod and other companies floundered around looking for a way to monetize the Web, turning to advertising was a natural but not inevitable choice, Zuckerman argues. “I have come to believe that advertising is the original sin of the web,” he writes. “The fallen state of our Internet is a direct, if unintentional, consequence of choosing advertising as the default model to support online content and services.”
Zuckerman goes on to outline the problems he sees with an ad-based Web. Whether or not you end up agreeing with him, it’s useful to have someone do the leg work to organize a thesis and lay everything out. Online advertising is such a vast topic that most users would rather ignore it than grapple with it, even though they make privacy concessions and view targeted ads every day.
Zuckerman writes, “There is no single ‘right answer’ to the question of how we pay for the tool that lets us share knowledge, opinions, ideas, and photos of cute cats ... but 20 years in to the ad-supported web, we can see that our current model is bad, broken, and corrosive.”
Thanks to pop-up blockers pioneered by companies like Netscape, browsing the Web doesn’t produce the soul-crushing volume of windows it once did. And we probably all thought that we started to move on years ago. But the emotional scars are still there. Now that we have Zuckerman's apology, the real healing can start.
Pro Sports Leagues Cracking Down on Videos Shot From the Stands
Around the world, professional sports leagues are beginning to see certain social media posts in a new light: lost profits. And for smartphone-wielding fans hoping to capture a historic goal or a game-winning home run from their spot in the stands, things are about to change. A spokesperson from the U.K.’s English Premier League announced this week that the soccer behemoth is developing new technologies to scour the Web for video content taken at matches and issue takedown requests in their wake. The reason behind it may seem unfair at first, but it’s not personal. It’s business.
In an interview this week with BBC’s Newsbeat, English Premier League director of communications Dan Johnson explained that the new crawlers will start by detecting videos of goals scored at the league’s soccer matches. A crawler is an automated program that continually browses certain Web pages, indexing its findings along the way. Those being used by the EPL will first set their sights on social media sites including Vine. Crawler algorithms may also be modified to focus on specific file types or content. Inasmuch, the EPL also announced that they plan to target GIFs, a not-so-subtle swipe at sports-GIF forums on sites like Reddit. "I know it sounds as if we're killjoys but we have to protect our intellectual property,” explained Johnson.
Fans may not see the harm in sharing a goal online with friends. After all, they paid good money to go to the match and presumably want to boast that they were there. (If you’ve ever stayed at home during an epic playoffs matchup while a friend tweets photos from the big game, you know that sports FOMO is the worst FOMO.) But broadcasters are paying a whole lot more than the price of a seat: In 2012, Sky Sports and BT Sport agreed to a three-year, $4.86 billion broadcasting contract with the Premier League. In the United States, NBC Sports chipped in a measly $250 million for the same content rights.
But that’s not all! U.K. newspapers the Sun and the Times (both owned by Rupert Murdoch’s News UK) purchased the online content rights to Premier League matches for a little more than $50 million. For a weekly subscription fee, Sun+ users can access every goal from their computers and mobile devices. (Never mind that some of those devices are banned at pro sports stadiums.) And like many other professional sports leagues, the English Premier League is very clear about its copyright infringement policies.
In the United States, Major League Baseball is notorious for its fierce protection of its copyrights. Rules regarding photography and videography vary widely from park to park, but almost all of them are very clear about distributing said content. While stadium selfies probably won’t be targeted, they’re still (technically) fair game if MLB believes they’re infringing on their copyright.
In other words, the days where making your friends green with envy by posting video of a game-winning home run/goal/touchdown/basket may be drawing to a close. New technology will continue to make it more difficult, and blockbuster broadcast deals will only hasten that process. But maybe that’s for the better. Sports—like meals, movies, museums, and concerts—are best enjoyed free from our digital tethers. Imagine a critical at-bat uninterrupted by hordes of uplifted iPhones. Imagine the sheer joy of a 100-plus-yard kick return, unadulterated by your smartphone screen. Then imagine paying $5 to see it again afterward. Who said you could have your cake and eat it too?