Dr. Bill | The Computer Curmudgeon

Yes, they ARE tracking you, if you open your email! Be aware, and be safe!

A Clever Way to Tell Which of Your Emails are Being Tracked

Wired – By: Brian Barrett – “While you’ve likely never heard of companies like Yesware, Bananatag, and Streak, they almost certainly know a good deal about you. Specifically, they know when you’ve opened an email sent by one of their clients, where you are, what sort of device you’re on, and whether you’ve clicked a link, all without your awareness or consent.

That sort of email tracking is more common than you might think. A Chrome extension called Ugly Mail shows you who’s guilty of doing it to your inbox.

Sonny Tulyaganov, Ugly Mail’s creator, says he was inspired to write the ‘tiny script’ when a friend told him about Streak, an email-tracking service whose Chrome extension has upwards of 300,000 users. Tulyaganov was appalled.

‘[Streak] allowed users track emails, see when, where and what device were used to view email,’ he recalled to WIRED. ‘I tried it out and found it very disturbing, so decided to see who is actually tracking emails in my inbox.’ Once the idea for Ugly Mail was born, it only took a few hours to make it a reality.

The reason it was so easy to create is that the kind of tracking it monitors is itself a simple procedure. Marketers—or anyone who’s inspired to snoop—simply insert a transparent 1×1 image into an email. When that email is opened, the image pings the server it originated from with information like the time, your location, and the device you’re using. It’s a read receipt on steroids that you never signed up for.

Pixel tracking is a long-established practice, and there’s nothing remotely illegal or even particularly discouraged about it; Google even has a support page dedicated to guiding advertisers through the process. That doesn’t make it any less unsettling to see just how closely your inbox activity is being monitored.

Using Ugly Mail is as simple as the service is effective. Once you’ve installed it, the code identifies emails that include tracking pixels from any of the three services mentioned above. Those messages will appear in your inbox with an eye icon next to the subject heading, letting you know that once clicked, it will alert the sender. Tulyaganov also confirmed to WIRED that Ugly Mail also doesn’t store, save, or transmit any data from your Gmail account or computer; everything takes place on the user’s end.

Ugly Mail appears to work as advertised in our test, but it has its limitations. It’s only built for Gmail (sorry… Outlookers?) and is only available for Chrome, although Tulyaganov says that Firefox and Safari versions are in the works. And while it’s effective against Yesware, Bananatag, and Streak, those are just three pixel-tracking providers in a sea of sneaking marketers. Tulyaganov has indicated that Ugly Mail will continue to add more tracking services to its list, but it’s not clear yet how long that might take. The onrush of users after receiving top billing on Product Hunt may help speed up the process.

If you’d like take take the extra step of just blocking pixel tracking altogether, another Chrome extension called PixelBlock—also referenced on Product Hunt—automatically prevents all attempts, instead of Ugly Mail’s more passive strategy of simply informing you that they’re happening.

Pixel tracking isn’t going away any time soon, and Ugly Mail is an imperfect way to prevent it. But it still offers a valuable glimpse at the marketing machinations we’re all exposed to every day, whether we’re aware of them or not.”

This year, everyone got hacked! It was an awesome event!

HP Awards $240K for Firefox, IE, Chrome and Safari Exploits

eWeek – By Sean Michael Kerner – “On March 19, the second day of the Hewlett-Packard Zero Day Initiative (ZDI) sponsored Pwn2Own hacking challenge at the CanSecWest conference in Vancouver, B.C., security researchers were able to successfully exploit Mozilla Firefox, Microsoft Internet Explorer, Google Chrome and Apple Safari.

HP awarded the researchers a total of $240,000 in prize money on the second day, bringing the two-day award total to $557,500.

On the first day of the Pwn2Own event, HP awarded $317,500 for exploits against Adobe Flash, Adobe Reader, Microsoft IE 11 and Firefox. The second day saw no new Adobe exploits, as researchers turned their attention back to the browsers, with new exploits reported against Firefox, IE, Chrome and Safari.

A security researcher identified by HP only as ilxu1a delivered the first exploit of the day with an out-of-bounds memory vulnerability in Firefox that took less than one second to execute. For his efforts, ilxu1a was awarded $15,000.

All told, Mozilla Firefox was exploited twice at the Pwn2own 2015 event, with exploits demonstrated on both days of the event, for a total payout of $70,000. Mozilla is no stranger to Pwn2Own and is often the first vendor to patch issues that are first disclosed at a Pwn2own event.

‘We are on-site and have gotten the bug details from HP,’ Daniel Veditz, principal security engineer at Mozilla, told eWEEK. ‘The details have been filed, and Mozilla engineers back home are working on patches.’

Veditz said that while the flaws were first demonstrated on March 18 and 19, Mozilla’s plan is to release updates for Firefox Desktop, Firefox for Android and Firefox ESR (Extended Support Release) on Friday, March 20.

Both the exploits against Firefox at Pwn2Own 2015 were executed in less than one second, but that doesn’t necessarily indicate that the exploits were easy to develop. Veditz said that the exploits were certainly not created in a second.

‘Contestants showed up to claim all the prizes offered at Pwn2Own, and given the expense of travel to the conference, it is not surprising they have working exploits before coming,’ Veditz said. ‘Computers are very fast, and it is not surprising that a well-crafted exploit written in advance would not take much execution time.’

The second day of Pwn2Own also saw security researcher JungHoon Lee, also known as lokihardt, demonstrate three different browser exploits against IE 11, Chrome and Apple Safari.

Lee’s successful exploit of Microsoft’s IE 11 earned him a $65,000 award, while the Apple Safari exploit yielded a $50,000 award. Lee was also able to successfully exploit Google Chrome for $75,000 as well as earning a bonus of $25,000 for demonstrating a privilege-escalation bug. HP also awarded a bonus of $10,000 to Lee for demonstrating his Chrome exploit on a beta version of Chrome.

Overall, Brian Gorenc, manager of vulnerability research for HP Security Research, said that one of the surprises at the Pwn2Own 2015 event was the amount of Windows kernel vulnerabilities that showed up, though he noted that HP, in a way, expected it.

‘We put a premium on system-level privilege escalations,’ Gorenc said. ‘We believe they are the most interesting, and potentially dangerous, bugs that come through Pwn2Own.’

At the 2015 event, every browser was exploited, even though all the browsers had been patched by their respective vendors. Although all the browsers were exploited, Gorenc noted that it’s important to remember that the people who come out to compete at Pwn2Own are some of the best security researchers in the world.

‘Every year, we run the competition, the browsers get stronger, but attackers react to changes in defenses by taking different, and sometimes unexpected, approaches,’ Gorenc said. ‘One of our goals with the contest is to get this information to the vendors so they can make their browsers more secure and even harder to hack the next year.'”

Impulse Drive from Star Trek is here! Awesome sauce!

NASA successfully tests engine that uses no fuel, violates the laws of physics

Examiner – By: Wan Hu – “Very quietly, NASA has tested a space drive that does not use propellant and according to the laws of physics should not work, according to a Thursday story in Wired.UK. The problem is that the drive, called the ‘Cannae Drive’ by its inventor Guiddo Fetta, did work in the NASA directed test. If the efficacy of the drive is confirmed, the implications for space travel are profound. It seems that another technology from Star Trek may be about to become reality.

The Cannae Drive is apparently based on the work of a British scientist named Roger Shawyer called the EMDrive. It is said to work by bouncing microwaves in an enclosed chamber and thus creating thrust. Despite having built a number of demonstration models, Shawyer has not been able to get anyone interested in his device. Critics reject his relativity explanation for how it works and point out that it violates the conservation of motion.

However it appears that the Chinese quietly tested their own version of the EMDrive up to about 72 grams of thrust, enough to be a satellite thruster. The test was not widely reported in the West, possibly because few if any people believed it was possible. That seems to have changed thanks of the test of the Cannae Drive.

The Cannae Drive seems to have been developed independently of the EmDrive, though it seems to have a similar mechanism. The NASA test, which was presented at the 50th Joint Propulsion Conference in Cleveland, Ohio, showed that the Cannae drive was able to produce a thrust of less than one thousandth of the Chinese model. Nevertheless it constitutes a third test of a working propellant-less engine.

What are the physics behind these devices? NASA’s explanation follows:

‘Test results indicate that the RF resonant cavity thruster design, which is unique as an electric propulsion device, is producing a force that is not attributable to any classical electromagnetic phenomenon and therefore is potentially demonstrating an interaction with the quantum vacuum virtual plasma.’

In other words, no one knows for sure. Wired speculates that the process involves ‘pushing against the ghostly cloud of particles and anti-particles that are constantly popping into being and disappearing again in empty space.’ But finding out for sure and determining whether this kind of drive can be scaled up to something that can propel a spacecraft will be the work of some years.

But what if it does work and can be scaled up? Much of the weight of a spacecraft, whether it is propelled by a chemical rocket, an ion thruster, or nuclear thermal engines consists of fuel. If something like the EMDrive or the Cannae Drive becomes practical, larger spacecraft can be launched into space without the added weight of fuel and because the thrust is low but constant, like an ion rocket, trip times throughout the Solar System suddenly become weeks instead of months.

This is not the warp drive from Star Trek (a different project at NASA.) It does look a lot like impulse power that propelled the USS Enterprise when the warp engines were down. It would be enough to open the solar system for exploration and eventual colonization.”

So, tomorrow is officially Pi Day! And, on what only happens once per century: 3-14-15 At 9:26:53 it will official be Pi Day!

Microsoft is celebrating Pi Day with an Xbox Music Pass deal

The Verge – By: Lizzie Plaugic – “Tomorrow, March 14th, is Pi Day. While some will celebrate by eating lots of pie, or waking up at exactly 9:26:53 AM, Microsoft is paying homage to the mathematical constant with a deal that doubles as a play on the pi digits. For 24 hours tomorrow, you’ll be able to buy a 12-month pass to Xbox Music for just $31.41.

A year-long pass for the service usually costs $99, which means the Pi Day price will save you almost $70. The offer is good for new subscriptions and renewals of existing subscriptions.

Microsoft started charging for the music streaming service at the end of last year, so if you gave up once the free ride was over, now might be a good time to reconsider.”

Oculus Rift is going to be so cool!

Oculus founder: ‘Everything is going horribly right’

c|net – By: Dara Kerr – “Austin, Texas — It’s still unclear if the consumer version of the Oculus Rift virtual-reality headset — special goggles that let users view simulated 3D worlds — is going to hit stores in 2015. But that doesn’t mean something is awry.

‘Nothing is going horribly wrong,’ said Oculus founder Palmer Luckey on Friday. ‘Everything is going horribly right.’

Luckey was speaking during an ‘Ask Anything’ panel discussion at the South by Southwest festival here, which brings together technorati, filmmakers and musicians. The festival also has a massive presence from the video game industry, with hundreds of developers showing off their products at the so-called SXSW Gaming Expo.

It’s been rumored that the Oculus goggles would be hitting stores this year, but the company has repeatedly declined to comment on specific dates.

Just a couple of years ago, the idea of virtual-reality headsets seemed like a pipe dream, but now several companies are planning to bring these special goggles to the public. Facebook spent $2 billion to buy Oculus last year, and in just the past 12 months, others including HTC, Valve and Sony have unveiled competing devices as well.

Oculus Vice President of Product Nate Mitchell, who was also speaking on the panel at SXSW, said the company wants everything to be perfect before Oculus finally lands on store shelves.

‘We’ve been determined to release our own consumer virtual reality for some time,’ Mitchell said. ‘We want to launch this thing as soon as we possibly can, but with absolutely no compromises.'”

It is hard to believe that it has been thirty years since the first domain name was registered!

The Dot-Com as You Know It Is 30. This Is How It’s Changed the World

Yahoo! Tech – By: Daniel Howley – “Exactly 30 years ago, on Sunday, March 15, 1985, a computer company in Massachusetts registered the world’s first dot-com domain: Symbolics.com. And with that, the dot-com era officially began.

By the end of 1985, Symbolics.com was still one of just a small number of registered domains. Today, of course, there are hundreds of millions of domains floating around the Internet.

The domain system is a key foundation of the World Wide Web, which was born in 1991, at the European Organization for Nuclear Research (CERN). Sir Tim Berners-Lee was the father of that idea, but it wouldn’t have gone far without a universal address network like the domain system.

The dot-com’s 30th birthday got us thinking about the Internet’s past. And that got us thinking about all of the dot-coms that came online in the past 30 years. And some that went.”

The first domain? Symbolics.com

And, it is still up, but not owned by the same folks, the site says:

“Symbolics.com is owned by a small investor group in Dallas, Texas. This site offers unique and interesting facts pertaining to business and Internet history.
Symbolics.com also offers a few unique advertising opportunities for select companies. Contact us if you have interest.

— Symbolics.com History —

So. How did I come to own the first domain name registered on the Internet? Symbolics.com was registered on March 15, 1985. I was 5 years old. I like to tell everyone that I had incredible foresight as a toddler. But that’s not the case.

Let me tell you a bit about the Symbolics Computer Corporation. These are the people who registered the name in 1985, and they were a company way ahead of its time.

The original Symbolics company pioneered computer development. Symbolics designed and manufactured a line of Lisp machines, single-user computers optimized to run the Lisp programming language. The Lisp Machine was the first commercially available ‘workstation’ (although that word had not yet been coined). Symbolics also made significant advances in software technology, and offered one of the premier software development environments of the 1980s and 1990s. **

Enter me, in 2009. I had always known (well, since the late 90s) that Symbolics.com was the first domain name registered on the Internet. It was a goal of mine to acquire one of the first few names ever registered. I know that others before me had reached out to Symbolics, and inquired about the purchase price of the domain name. For whatever reason, my timing was perfect (thank you Lord) and I contacted Symbolics right about the time they actually started considering selling the asset.

Today, Symbolics.com remains the first, and oldest, registered domain name out of approximately 275,000,000 domain names in existence. Of these 275 million domain names, approximately 120 million are of the .com extension. VeriSign reports that between 25 million and 30 million new domains are registered each year. There is a 72% – 75% renewal rate among .com domains – so approximately 3/4 of new registrations are renewed the following year. VeriSign reports that 87% of .com domains resolve to an active website (13% are inactive).

For me, personally, I am excited (and honored) to hold the first .com ever registered. Since domain names are my business, I am happy to be the owner of this fantastic piece of Internet history.

– Aron”

OK, this is truly wierd… I don’t think I would let a child have one!

Eavesdropping Barbie is “downright creepy,” privacy advocates say

Mashable – By: Elif Koc – “Mattel’s new ‘Hello Barbie’ has more tricks up her sleeve than just saying hello.

With the press of a button, Barbie’s embedded microphone turns on and records the voice of the child playing with her. The recordings are then uploaded to a cloud server, where voice detection technology helps the doll make sense of the data. The result? An inquisitive Barbie who remembers your dog’s name and brings up your favorite hobbies in your next chitchat.

The doll, which made her debut at the 2015 American International Toy Fair, has privacy activists demanding its removal.

‘Kids using Hello Barbie aren’t only talking to a doll,’ said Susan Linn, director of Campaign for a Commercial-Free Childhood. ‘They are talking directly to a toy conglomerate whose only interest in them is financial.’

The Campaign for a Commercial-Free Childhood, which has launched a petition against Mattel, worries that the toy leaves children entirely vulnerable to sneaky advertorial efforts from the giant toy company.

‘In Mattel’s demo, Barbie asks many questions that would elicit a great deal of information about a child, her interests, and her family,’ Angela Campbell, a faculty adviser at Georgetown University’s Center on Privacy and Technology, said. ‘This information could be of great value to advertisers and be used to market unfairly to children.’

Despite bringing in $7.1 billion in 2013 toy sales, Mattel’s profits have been on the decline, and the company faces growing competition with digital games and toys.

Mattel partnered with ToyTalk, a San-Francisco based start-up, to give Hello Barbie her voice. ToyTalk, which has created iPad games where children can converse with digital animals, describes itself as ‘an award-winning, family entertainment company that creates conversational characters.’

ToyTalk CEO Oren Jacob insists that the toy will not use the audio recordings for marketing purposes. ‘The data is never used for anything to do with marketing or publicity or any of that stuff. Not at all,’ he told the Washington Post.

Yet beyond the scope of a mega-corporation having a portal to a child’s inner thoughts, the voice-recognizing toy brings up a host of concerns for privacy advocates, especially because parents can get weekly e-mails with audio files of the child’s conversations with Hello Barbie.

While Jacob explained that feature was to ensure that ‘parents are in control of their family’s data at all times,’ that extra layer of transparency is ‘troubling,’ to Linn.

‘Children confide in their dolls,’ she said. ‘When children have conversations with dolls and stuffed animals, they’re playing, and they reveal a lot about themselves.’

As voice recognition technology has become increasingly reliable, we’ve grown comfortable with seeing it in our devices, from affable mobile assistants like Siri to Amazon’s new smart-home gadget Amazon Echo.

But there’s a difference between an adult knowingly giving their information to a company and a child unknowingly playing with a data-collecting toy.

Golan Levin, an associate professor at Carnegie Mellon University who studies new modes of interactive expression, is also concerned with the doll’s data collection. ‘This is actually downright creepy,’ he told Mashable. ‘The difference between Siri and this toy is that I’m an adult. I’ve consented to give my information to Apple.’

Mattel told the Post that they are ‘committed to safety and security, and Hello Barbie conforms to applicable government standards.’

But with the recent high-profile threats to online data, not everyone’s convinced.

‘They’re toy makers, not a cyber security company,’ Levin said. ‘Why don’t they talk to Sony about cyber security vulnerabilities?’

Keep an eye (and ear) out for Hello Barbie, who plans to hit shelves this fall at $74.99.”