Ransomware is one of the nastier types of malicious software to emerge in the last few years. It's not exclusive to mobile, but the basic gist is that it locks down either specific files or an entire machine until the user sends money to a shady, untraceable online account to get their digital life back in order. The combination of easily-exploited security vulnerabilities, relatively small payments spread out over thousands of devices, and users reliance on their phones or computers has proven incredibly lucrative for malware developers.
When certain things finally happen, they make us want to search for that hidden ladder that takes people up to the rooftop and scream "Hallelujah," religious or no. This is one of those things. Google apparently no longer requires people with two-factor authentication enabled to sign in twice when setting up a new Android device or adding another account. Better yet, this change doesn't require Android L or anything fancy. Here's a video of the magic taking place on an HTC One M8.
Previously, after typing in an email address and password for the first time, Google would kick people with two-factor authentication enabled out to a web prompt where they could type in the code that they had received from either an app or a text message.
Just a quick update for Samsung device owners who, like me, found that the LastPass app fill was unable to fill any passwords after the very exciting 3.2 update. The latest version 3.2.3, which just popped up on the Play Store, specifically addresses this bug:
Fix app fill on Samsung devices. Please contact our support staff if you still have issues.
I've confirmed that the fix indeed works by successfully logging into both the Amazon app and the Amazon site in Chrome Beta on my Note 3:
Unfortunately, the Nexus 5 Chrome fill is still plagued with another bug that prevents it from working completely and results in very odd behavior.
An international mega-corp like Google buys companies like the rest of us buy coffee. Google's latest latte is SlickLogin, a startup that aims to make authentication simpler and safer by using sonic login codes on phones. The details of the purchase aren't public just yet, but SlickLogin's site confirms that "the [team] is joining Google."
SlickLogin's system is unique: it uses a cell phone as an authentication key with the help of nearly-silent audio codes sent via computer speakers. When you access a site or service with SlickLogin, your computer speakers send out a series of tones and pitches. Your phone picks up the nearly inaudible signal, then confirms the code with SlickLogin's servers.
For serious web addicts, sometimes Chrome just doesn't do it. Dolphin is one of the more popular and, more importantly, more consistent browsers available on the Play Store. But some Nexus 5 owners weren't happy to see that their favorite alternate browser had a killer KitKat bug: it couldn't zoom in with the standard pinching gesture. After a bit of time in beta, the fix has now been applied to the stable build in version 10.1.2.
But wait, there is indeed more. Long-time Dolphin Browser users will be happy to hear that the "night mode" feature is back, courtesy of this official browser plugin app.
Earlier today, the Nexus and KitKat crowds almost had collective heart attacks when they saw that kitkat.com/android was now password-protected and likely hiding something behind the locked gates. Possibly even all the complete KitKat details we've been dying to see (or whatever is left of them anyway). Could it be? Did the site go down for the big update, and the launch is imminent? Not so fast.
While the page does indeed pop up a login dialog, the revelation doesn't really mean anything just yet. You see, the sites that we've actually been visiting all this time are android.com/kitkat and kitkat.com, not kitkat.com/android.
When Google launched the Android Device Manager in early August, I applauded the initiative because we finally got a much-needed security solution that was built into every Android devices that ships with Google's services. Rather, it was a good start, since the functionality was so limited: location, remote wipe, and alarm.
For the last two days, I've been digging around the new Google Play Services APK 3.2.64 that started rolling out to Android devices everywhere. If you remember, Google Play Services is the company's secret weapon to combat lack of device updates, as Google can push new functionality to everyone without the need for OS patches.
We don't often cover Kickstarter campaigns – after all, the platform is flooded with entries that may not be worth mentioning, or are dead on arrival. Sometimes, though, a gadget comes through that exceeds expectations, and the myIDkey is one of those.
myIDkey is a voice-activated secure USB drive that manages your passwords. Across all devices. Oh, and it has a fingerprint scanner. The project has absolutely demolished its $150,000 funding goal, reaching (at the time of writing) $164,126 with twenty seven days left to go.
The handy USB device looks to give you a "key to all your devices," connecting directly through USB to your PC or via Bluetooth to your mobile device(s).
Before you panic, you should know that this isn't a huge deal, and Comcast is aware of the situation and has promised a fix "within a week or two." There, feel better? Good, because if you use the XFINITY app, any other app that has permission to read logs can read your Comcast username and password (aLogCat, for example).
The details, courtesy of aBSuRDiST, who discovered the issue:
My system log shows <userName>MYUSERNAME@comcast.net</userName> and <password>MYPASSWORD</password> on a line that starts with "D/HTTPManager". I read the log using aLogcat (app available in the market). Open aLogcat, press menu and filter for "password".