The UpStream

Starbucks Admits Mobile App is Knowingly Insecure

posted Sunday Jan 19, 2014 by Scott Ertz

Starbucks Admits Mobile App is Knowingly Insecure

Starbucks released an update to their mobile app this week after reports surfaced about private information being stored in the clear. The information being stored was email, username and password and was accessible to anyone who connected the phone to a computer. Obviously, a stolen phone with the Starbucks app on it could give direct access to a user's credit card information from any device.

Starbucks made the decision to not encrypt the data in a misguided attempt to make the app easier to use. They claim that they believed storing the data directly would require the user to login each time, which is, of course, not correct. We have all used apps that do not require us to login each time, but do not store our secure information insecurely.

Let's take, for example, Facebook. We all use this app on our mobile devices every day and we never seem to have to log in, unless we abandon it for an extended period. Somehow, even with this seemingly identical scenario, Facebook does not store your data in the clear.

So, what is the real scenario here? Laziness on the part of the development team. Lee Cocking of security firm Fixmo said,

Any app that stores usernames and passwords should be protecting their users by encrypting their data - especially applications oriented towards financial transactions. The risk of not protecting sensitive information is significant data leakage and potential financial losses.

In addition to making the application and any data contained within, such as payment ability, insecure, this breach of the public's trust also makes other information insecure. Since so many people use the same or very similar password across multiple systems, by gaining access to the Starbucks data, a hacker could gain access to other sensitive information.

The moral of the story here is that you should be weary of the information that you give to mobile applications. Just because the company is well-known doesn't mean it can be trusted in the mobile space. In fact, ask Target about how a trusted retailer can breach the public's trust even without their own knowledge.

Gaming Industry Sees Slight Overall Decrease for 2013, Increase in Digital Sales

posted Sunday Jan 19, 2014 by Nicholas DiMeo

Last month, I promised that after I reported Black Friday sales numbers for both the Xbox One and PlayStation 4, that I would bring you the full holiday numbers once they became available. This week, I have December numbers and financials for the entire year for the gaming industry, so I guess those will have to do. All of these numbers are for the US.

We'll start with the total sales for the year, and while the overall gaming industry dropped over two percent compared to last year, things are still looking up for all parties involved. Digital sales saw a huge boost this year, going up almost $1 billion to $24.67 billion, compared to $23.97 billion from last year. Retail sales on the whole, as mentioned, were down to $12.97 billion from $13.27 billion the year prior. Hardware sales were naturally up by five percent to $4.26 billion. Console and portable game sales are lumped together and saw a drop of 9 percent year-over-year to $6.12 billion and accessories were up 3 percent to $2.6 billion. It should also be noted that the loving, caring bunch of PC enthusiasts saw their overall sales drop from $7.09 billion to $6.34 billion this year, an 11 percent decrease.

For video game sales, it should be no shock to anyone that GTA V took home the top spot, with COD: Ghosts and Madden NFL 25 rounding out the top three. Also on that list were Battlefield 4, Assassin's Creed IV, NBA 2K14, COD: Black Ops II, Just Dance 2014, Minecraft: Xbox 360 Edition and Disney Infinity. Skylanders was left off the top ten this year.

And now for the console sales, which took center stage as the "Flame War of the Year," consuming the Internet from June through Christmas. The top selling hardware for the month of December was, you guessed it, the Nintendo 3DS. Oh, you wanted Xbox One versus PlayStation 4? Both consoles experienced issues in the distribution chain and would sometimes have trouble keeping up with supply. Some would argue this was done intentionally, but regardless of the reasoning, customers sometimes left stores empty-handed. Here's what we know, though. Microsoft moved 908,000 Xbox Ones in December and 643,000 Xbox 360s. Sony has not yet provided specific numbers, and has only said that its moved 4.2 million PS4 worldwide, leaving out how many sold here in the States for comparison. However, Dan Race, a spokesman for Sony, said that,

According to the latest NPD report, PlayStation 4 remains the cumulative leader for next-gen console sales in the U.S. since its launch on Nov. 15. We sold every PS4 available at retail in the U.S. and were out of stock in December due to overwhelming consumer demand. It's clear that the PS4's gaming and entertainment features are resonating with large audiences and we're doing our best to provide additional inventory in all of the 53 countries where it's available.

So, there's that. I was certainly hoping for more well-rounded and definitive numbers from all parties involved here but I guess we will have to wait a bit longer to find out who came out the true winner. It is interesting to read that Sony has come out with worldwide numbers, after first attacking Microsoft for doing the same when it came to the Xbox One's first week sales report. So, until we see more official statements from these two, I guess I'll end this in the way most things go lately: Everyone's a winner!

Google Chrome Becoming Hot Target for Malware

posted Sunday Jan 19, 2014 by Scott Ertz

Google Chrome Becoming Hot Target for Malware

Self-updating apps have become quite popular, with most major web browsers (except Apple's Safari) updating themselves and even Windows 8.1 introduced self-updating applications from the store, meaning you never have to deal with actively maintaining your computer - a task best left to the computer itself. That is, until those updates introduce new, undesired features into your overall computing experience.

Enter Chrome extensions - add-ons to the Google Chrome browser that are designed to add specialized functionality without a specialized application. It turns out that, in the case of these extensions, non-obtrusive updates might just be a huge problem. As the popularity of these extensions has grown, so has the desire for malware and adware companies to purchase said extensions and add "functionality" such as inserting ads into webpages or adding damaging code.

Now, the fact that Google allows the browser to interact outside of the browser is a security topic for another day. Today we are only discussing the security issue related to the transfer of ownership and "enhancements" to these extensions without the knowledge of the user. Adding and removing features from a stand-alone application is common, but the application is used within a closed environment and only affects the experience of that single set of content. With this, unexpected additions are affecting the user's entire experience online.

Obviously these extensions can be removed if they violate your privacy knowingly, but many are performing tasks outside of your view. It would be easy for one of these things to have once been just a way to quickly post photos to Tumblr by dragging them to the menu bar, but now to enter your Gmail contacts and report them back to the new owner, or to initiate spam messages right from your browser without your knowledge.

This is one of the main issues with public add-ons for common Internet software, such as browsers, especially when the publisher has no policy for quality protection. Google has implemented new rule within the past few weeks requiring an extension to only perform a single task, but my guess is that this rule will be followed about as well as Android.

NetZero Announces 3G Enhancements and 4G LTE Rollout, Courtesy of Sprint

posted Sunday Jan 19, 2014 by Nicholas DiMeo

NetZero Announces 3G Enhancements and 4G LTE Rollout, Courtesy of Sprint

While FreedomPop may be offering extremely attractive deals to get customers to sign up to its service, there's other competition in the freemium mobile hotspot space, and one of the other sheriffs in town is NetZero. The company announced this week that it has deployed an even bigger broadband service that will cover over 276 million people, using Sprint's 3G network, and 4G rollout is expected very soon.

You might remember back in July when United Online announced a 4G ISP off the heels of a merger between NetZero and Juno. Well, now the company is using its previous agreement signed with Sprint to enhance the network and service even further. Those using previous WiMAX devices will still have coverage and support by NetZero moving forward but the former "insert this CD now for 100 hours of free internet" provider has now said it will be using its partnership with Sprint to rollout 4G LTE to its customers by the third quarter of this year. The expansion to 4G LTE now gives NetZero three solid options for service depending on the customer's location, and considering WiMAX is slowly fading in Sprint, that option can be very useful for those who won't be able to receive 4G LTE when it becomes available on the devices.

On the expansion, Rusty Taragan, president of NetZero, said,

Expanding the availability of our mobile broadband service over the Sprint network gives us a much more robust presence nationally, allowing us to offer coverage to millions of additional customers. There have always been a lot of great reasons to use NetZero Mobile Broadband and this expanded coverage adds another to the list. We launched our NetZero Mobile Broadband service in 2012 with a variety of value-priced monthly plans that did not require contracts or commitments and gave our customers the ability to change their plan at any time. And now, along with all those great features, we are able to serve customers in additional areas of the country that are covered by Sprint's 3G network. This new coverage expands our NetZero Mobile Broadband coverage to more than 276 million people.

NetZero currently offers both month-to-month and one-year commitment plans. Their free 200MB per month option is essentially a one-year trial, requires an upgrade at the end of a year, and doesn't come with a discount on a device. While the higher plans range from $10 to $50 a month for up to 4GB and is usually paired with a device for half-off, or sometimes, completely free.

The End of Film - Paramount Begins Distributing via Digital Exclusively

posted Sunday Jan 19, 2014 by Scott Ertz

The End of Film - Paramount Begins Distributing via Digital Exclusively

We knew that Anchorman 2: The Legend Continues was going to be funny, but I don't think anyone expected it to be historic. Paramount Pictures has decided to make it just that, however, announcing that the film will be the last one the studio distributes on film. Starting now, if a movie theatre would like to show a Paramount movie, it will have to be done in a digital theater.

Starting with The Wolf of Wall Street, 35-mm reels have been unavailable to theater owners in most major countries. This is a huge change for the industry as 35-mm has been the format of choice for over a century. UCLA Film & Television Archive directors, Jan-Christopher Horak, said,

It's of huge significance because Paramount is the first studio to make this policy known. For 120 years, film and 35 mm has been the format of choice for theatrical presentations. Now we're seeing the end of that. I'm not shocked that it's happened, but how quickly it has happened.

This will not be the only studio announcement we hear on the subject; possibly not the only one we hear this year. With Paramount breaking ground on the digital front, it is expected that the other major studios will follow closely behind. Several studios have issued similar warnings previously, but without a set timeline for implementation. 20th Century Fox said "within a year or two" in 2011 and Disney said about the same. Lions Gate was expected to be the first with The Hunger Games: Catching Fire, but that didn't come to pass, either.

So, why the delay past the initial announcements? 35-mm is still viewed as "pure" to many Hollywood elites, including many critics, and studios were all reluctant to be the first to receive derision from these so-called purists. However, with only about 8% of US screens remaining 35-mm only, Paramount must have decided that the loss of box office revenue and the opinions of the critics had finally been outweighed by the cost savings of digital distribution.

Are you sad to see 35-mm retired? Let us know in the comments.

Living in Digital Times - Real Products for Real People (PLuGHiTz Live - Special Events)

posted Monday Jan 6, 2014 by Guest Blogger

Living in Digital Times - Real Products for Real People (PLuGHiTz Live - Special Events)

Jeffrey Powers decided to start the show off right by talking with Robin Raskin, a former PC Magazine editor now with Living in Digital Times, who has brought products that people really need to CES 2014.

Canary is a home automation hub, in a similar vein to Nexia, but with the added bonus of temperature monitoring, noise detection and other less automation-focused sensors.

Through their focus on families, Living in Digital Times also showed off Kurio, a smartphone for kids without the full smartphone price tag. In addition, the phone sports some family-friendly features, such as app-specific time limits so parents can turn off games at 8pm and texting at 9pm.

Robin also discusses a product to help coaches better determine whether players should stay on the field or not after a hit.

Interview by Jeffrey Powers of Geekazine

Hit the break to see the video.

We're live now - Join us!



Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats