Apple Patent Reaffirms Rumors of Pressure-Sensitive Touchscreens:
Last year, Bloomberg reported that Apple was working on enhanced sensors capable of detecting different levels of pressure. Then, a patent popped up adding weight to the rumor. Now, a second patent lends the idea of pressure-sensitive touchscreens yet more credence.
Read more...
Subscribe via email
Friday, January 31, 2014
How I Lost My $50,000 Twitter Username
How I Lost My $50,000 Twitter Username:
I had a rare Twitter username, @N. Yep, just one letter. I've been offered as much as $50,000 for it. People have tried to steal it. Password reset instructions are a regular sight in my email inbox. As of today, I no longer control @N. I was extorted into giving it up.
While eating lunch on January 20, 2014, I received a text message from PayPal for one-time validation code. Somebody was trying to steal my PayPal account. I ignored it and continued eating.
Later in the day, I checked my email which uses my personal domain name (registered with GoDaddy) through Google Apps. I found the last message I had received was from GoDaddy with the subject "Account Settings Change Confirmation." There was a good reason why that was the last one.
The GoDaddy representative suggested that I fill out a case report on GoDaddy's website using my government identification. I did that and was told a response could take up to 48 hours. I expected that this would be sufficient to prove my identity and ownership of the account.
I soon realized, based on my previous experiences being attacked, that my coveted Twitter username was the target. Strangely, someone I don't know sent me a Facebook message encouraging me to change my Twitter email address. I assumed this was sent from the attacker but I changed it regardless. The Twitter account email address was now one which the attacker could not access.
The attacker tried to reset my Twitter password several times and found he couldn't receive any of the reset emails because it took time for the change of my domain's MX record, which controls the email domain server. The attacker opened issue #16134409 at Twitter's Zendesk support page.
I later learned that the attacker had compromised my Facebook account in order to bargain with me. I was horrified to learn what had happened when friends began asking me about strange behavior on my Facebook account.
I received an email from my attacker at last. The attacker attempted to extort me with the following message.
A coworker of mine was able to connect me to a GoDaddy executive. The executive attempted to get the security team involved, but nothing has happened. Perhaps because of the Martin Luther King Jr. holiday.
Then I received this follow-up from the attacker.
I received this response.
If you are using your Google Apps email address to log into various websites, I strongly suggest you stop doing so. Use an @gmail.com for logins. You can use the nicer custom domain email for messaging purposes, I still do.
In addition, I also strongly suggest you to use a longer TTL for the MX record, just in case. It was 1 hour TTL in my case and that's why I didn't have enough time to keep receiving emails to the compromised domain after losing the DNS control. If it was a week-long TTL for example, I would have had a greater chance to recover the stolen accounts.
Using two-factor authentication is a must. It's probably what prevented the attacker from logging into my PayPal account. Though this situation illustrates that even two-factor authentication doesn't help for everything.
To avoid their imprudence from destroying your digital life, don't let companies such as PayPal and GoDaddy store your credit card information. I just removed mine. I'll also be leaving GoDaddy and PayPal as soon as possible.
Naoki Hiroshima is the creator of @Cocoyon, developer for@Echofon, a father of two, and a Harley and Chopin Lover.
This post originally appeared on Medium and was republished with permission.
I had a rare Twitter username, @N. Yep, just one letter. I've been offered as much as $50,000 for it. People have tried to steal it. Password reset instructions are a regular sight in my email inbox. As of today, I no longer control @N. I was extorted into giving it up.
While eating lunch on January 20, 2014, I received a text message from PayPal for one-time validation code. Somebody was trying to steal my PayPal account. I ignored it and continued eating.
Later in the day, I checked my email which uses my personal domain name (registered with GoDaddy) through Google Apps. I found the last message I had received was from GoDaddy with the subject "Account Settings Change Confirmation." There was a good reason why that was the last one.
From: GoDaddy
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 12:50:02 -0800
Subject: Account Settings Change Confirmation
Dear naoki hiroshima,
You are receiving this email because the Account Settings were modified for the following Customer Account:
XXXXXXXX
There will be a brief period before this request takes effect.
If these modifications were made without your consent, please log in to your account and update your security settings.
If you are unable to log in to your account or if unauthorized changes have been made to domain names associated with the account, please contact our customer support team for assistance: support@godaddy.com or (480) 505-8877.
Please note that Accounts are subject to our Universal Terms of Service.
Sincerely,I tried to log in to my GoDaddy account, but it didn't work. I called GoDaddy and explained the situation. The representative asked me the last 6 digits of my credit card number as a method of verification. This didn't work because the credit card information had already been changed by an attacker. In fact, all of my information had been changed. I had no way to prove I was the real owner of the domain name.
GoDaddy
The GoDaddy representative suggested that I fill out a case report on GoDaddy's website using my government identification. I did that and was told a response could take up to 48 hours. I expected that this would be sufficient to prove my identity and ownership of the account.
Let The Extortion Begin
Most websites use email as a method of verification. If your email account is compromised, an attacker can easily reset your password on many other websites. By taking control of my domain name at GoDaddy, my attacker was able to control my email.I soon realized, based on my previous experiences being attacked, that my coveted Twitter username was the target. Strangely, someone I don't know sent me a Facebook message encouraging me to change my Twitter email address. I assumed this was sent from the attacker but I changed it regardless. The Twitter account email address was now one which the attacker could not access.
The attacker tried to reset my Twitter password several times and found he couldn't receive any of the reset emails because it took time for the change of my domain's MX record, which controls the email domain server. The attacker opened issue #16134409 at Twitter's Zendesk support page.
N, Jan 20 01:43 PM:
Twitter username: @nTwitter required the attacker to provide more information to proceed and the attacker gave up on this route.
Your email: *****@*****.***
Last sign in: December
Mobile number (optional): n/a
Anything else? (optional): I'm not receiving the password reset to my email, do you think you could manually send me one?
I later learned that the attacker had compromised my Facebook account in order to bargain with me. I was horrified to learn what had happened when friends began asking me about strange behavior on my Facebook account.
I received an email from my attacker at last. The attacker attempted to extort me with the following message.
From: SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 15:55:43 -0800
Subject: Hello.
I've seen you spoke with an accomplice of mine, I would just like to inform you that you were correct, @N was the target. it appears extremely inactive, I would also like to inform you that your GoDaddy domains are in my possession, one fake purchase and they can be repossessed by godaddy and never seen again D:
I see you run quite a few nice websites so I have left those alone for now, all data on the sites has remained intact. Would you be willing to compromise? access to @N for about 5minutes while I swap the handle in exchange for your godaddy, and help securing your data?Shortly thereafter, I received a response from GoDaddy.
From: change@godaddy.com
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 17:49:41 -0800
Subject: Update [Incident ID: 21773161] — XXXXX.XXX
Unfortunately, Domain Services will not be able to assist you with your change request as you are not the current registrant of the domain name. As the registrar we can only make this type of change after verifying the consent of the registrant. You may wish to pursue one or more of the following options should you decide
to pursue this matter further:
1. Visit http://who.godaddy.com/ to locate the Whois record for the domain name and resolve the issue with the registrant directly.
2. Go to http://www.icann.org/dndr/udrp/appr... to find an ICANN approved arbitration provider.
3. Provide the following link to your legal counsel for information on submitting legal documents to GoDaddy: http://www.godaddy.com/agreements/sho... GoDaddy now considers this matter closed.My claim was refused because I am not the "current registrant." GoDaddy asked the attacker if it was ok to change account information, while they didn't bother asking me if it was ok when the attacker did it. I was infuriated that GoDaddy had put the burden on the true owner.
A coworker of mine was able to connect me to a GoDaddy executive. The executive attempted to get the security team involved, but nothing has happened. Perhaps because of the Martin Luther King Jr. holiday.
Then I received this follow-up from the attacker.
From: SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 18:50:16 -0800
Subject: …hello
Are you going to swap the handle? the godaddy account is ready to go. Password changed and a neutral email is linked to it.I asked a friend of mine at Twitter what the chances of recovering the Twitter account were if the attacker took ownership. I remembered what had happened to @mat and concluded that giving up the account right away would be the only way to avoid an irreversible disaster. So I told the attacker:
From: <*****@*****.***> Naoki Hiroshima
To: SOCIAL MEDIA KING
Date: Mon, 20 Jan 2014 19:41:17 -0800
Subject: Re: …hello
I released @N. Take it right away.I changed my username @N to @N_is_stolen for the first time since I registered it in early 2007. Goodbye to my problematic username, for now.
I received this response.
From: SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 19:44:02 -0800
Subject: RE: …hello
Thank you very much, your godaddy password is: V;Mz,3{;!'g&
if you'd like I can go into detail about how I was able to gain access to your godaddy, and how you can secure yourselfThe attacker quickly took control of the username and I regained access to my GoDaddy account.
PayPal and GoDaddy Facilitated The Attack
I asked the attacker how my GoDaddy account was compromised and received this response:From: SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 19:53:52 -0800
Subject: RE: …hello
- I called paypal and used some very simple engineering tactics to obtain the last four of your card (avoid this by calling paypal and asking the agent to add a note to your account to not release any details via phone)
- I called godaddy and told them I had lost the card but I remembered the last four, the agent then allowed me to try a range of numbers (00-09 in your case) I have not found a way to heighten godaddy account security, however if you'd like me toIt's hard to decide what's more shocking, the fact that PayPal gave the attacker the last four digits of my credit card number over the phone, or that GoDaddy accepted it as verification. When asked about this, the attacker responded with this message:
recommend a more secure registrar i recommend: NameCheap or eNom (not network solutions but enom.com)
From: SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 20:00:31 -0800
Subject: RE: …hello
Yes paypal told me them over the phone (I was acting as an employee) and godaddy let me "guess" for the first two digits of the cardBut guessing 2 digits correctly isn't that easy, right?
From: SOCIAL MEDIA KING
To: <*****@*****.***> Naoki Hiroshima
Date: Mon, 20 Jan 2014 20:09:21 -0800
Subject: RE: …hello
I got it in the first call, most agents will just keep trying until they get itHe was lucky that he only had to guess two numbers and was able to do it in a single call. The thing is, GoDaddy allowed him to keep trying until he nailed it. Insane. Sounds like I was dealing with a wannabe Kevin Mitnick—it's as though companies have yet to learn from Mitnick's exploits circa 1995.
Avoid Custom Domains for Your Login Email Address
With my GoDaddy account restored, I was able to regain access to my email as well. I changed the email address I use at several web services to an @gmail.com address. Using my Google Apps email address with a custom domain feels nice but it has a chance of being stolen if the domain server is compromised. If I were using an @gmail.com email address for my Facebook login, the attacker would not have been able to access my Facebook account.If you are using your Google Apps email address to log into various websites, I strongly suggest you stop doing so. Use an @gmail.com for logins. You can use the nicer custom domain email for messaging purposes, I still do.
In addition, I also strongly suggest you to use a longer TTL for the MX record, just in case. It was 1 hour TTL in my case and that's why I didn't have enough time to keep receiving emails to the compromised domain after losing the DNS control. If it was a week-long TTL for example, I would have had a greater chance to recover the stolen accounts.
Using two-factor authentication is a must. It's probably what prevented the attacker from logging into my PayPal account. Though this situation illustrates that even two-factor authentication doesn't help for everything.
Conclusion
Stupid companies may give out your personal information (like part of your credit card number) to the wrong person. Some of those companies are still employing the unacceptable practice of verifying you with the last some digits of your credit card.To avoid their imprudence from destroying your digital life, don't let companies such as PayPal and GoDaddy store your credit card information. I just removed mine. I'll also be leaving GoDaddy and PayPal as soon as possible.
Naoki Hiroshima is the creator of @Cocoyon, developer for@Echofon, a father of two, and a Harley and Chopin Lover.
This post originally appeared on Medium and was republished with permission.
Thursday, January 30, 2014
According to the Wall Street Journal, Amazon is planning to equip third-party brick-and-mortar retai
According to the Wall Street Journal, Amazon is planning to equip third-party brick-and-mortar retai:
According to the Wall Street Journal, Amazon is planning to equip third-party brick-and-mortar retailers with checkout systems built around Kindle Fire tablets and credit card readers. Just like all those stores that already use iPads in the same way?
Read more...
According to the Wall Street Journal, Amazon is planning to equip third-party brick-and-mortar retailers with checkout systems built around Kindle Fire tablets and credit card readers. Just like all those stores that already use iPads in the same way?
Read more...
Apple’s success in enterprise market “unbelieveable,” with more to come, promises Cook
Apple’s success in enterprise market “unbelieveable,” with more to come, promises Cook:
Business Insider highlighted Cook’s celebration of Apple’s success in the enterprise market in the analyst call following its quarterly earnings report.
Apple is believed to have made significant gains in iPhone adoption as a result of the implosion of Blackberry, once the default choice of corporate smartphone, and has been actively pushing the iPad as a business tool.
While the focus of the comments was on iOS devices rather than Macs, Apple Stores are also promoting to businesses the ease with with Macs can run Windows as well as OS X, making the switch an easier one.
But, Cook added, there is much more to come.
Filed under: AAPL Company, Enterprise Tagged: AAPL, Apple, business, Cook, corporate, enterprise, Fortune 500, Global 500, iOS, iPad, iPhone, Mac
For more information about AAPL Company, Apple, and iPhone continue reading at 9to5Mac.
What do you think? Discuss "Apple’s success in enterprise market “unbelieveable,” with more to come, promises Cook" with our community.
Business Insider highlighted Cook’s celebration of Apple’s success in the enterprise market in the analyst call following its quarterly earnings report.
It’s up to unbelievable numbers. The iPhone is used in 97% of the Fortune 500, and 91% of the Global 500, and iPad is used in 98% of the Fortune 500 and 93% of the Global 500 [...] 90% of tablet activations in corporations are iPads. And 95% of total app activations were on iOS …Cook noted a recent IDC report on market share in smartphone and tablet in the U.S. enterprise market, putting the iPhone at 59 percent and iPad at 78 percent.
Apple is believed to have made significant gains in iPhone adoption as a result of the implosion of Blackberry, once the default choice of corporate smartphone, and has been actively pushing the iPad as a business tool.
While the focus of the comments was on iOS devices rather than Macs, Apple Stores are also promoting to businesses the ease with with Macs can run Windows as well as OS X, making the switch an easier one.
But, Cook added, there is much more to come.
I think the road in enterprise is a longer one. … And I think we’ve done a lot of the groundwork as you can tell from these numbers that I’ve given you, and I would expect that it would have more and more payback in the future.
Filed under: AAPL Company, Enterprise Tagged: AAPL, Apple, business, Cook, corporate, enterprise, Fortune 500, Global 500, iOS, iPad, iPhone, Mac
For more information about AAPL Company, Apple, and iPhone continue reading at 9to5Mac.
What do you think? Discuss "Apple’s success in enterprise market “unbelieveable,” with more to come, promises Cook" with our community.
Lenovo on Moto aquisition: Our mission is to surpass Apple and Samsung
Lenovo on Moto aquisition: Our mission is to surpass Apple and Samsung:
Lenovo CEO Yuanqing Yang spoke to CNNMoney about his company’s recent acquisition of Motorola from Google today. In the interview, Yang was asked if his goal for Lenovo was to eventually catch up with more established competitors in the mobile space, such as Apple and Samsung.
The branding choice combined with the infrastructure and personnel from the Moto buyout could help propel the company to the top of the market, but it will be a hard road to the level of success that Yang is after—especially with Apple and Samsung already locked in a fierce, years-long battle for the top spot.
Throughout the interview, Yang continued to note that several decisions still need to be made with regards to how phones will be branded in certain countries and whether the Lenovo name will be associated with Motorola at all. It will certainly be interesting to see how Yang uses the Motorola brand to push Lenovo forward.
Filed under: Tech Industry Tagged: acquisition, buyout, Google, Lenovo, Motorola, Smartphones
Continue reading more about Tech Industry, Google, and Smartphones at 9to5Mac.
What do you think? Discuss "Lenovo on Moto aquisition: Our mission is to surpass Apple and Samsung" with our community.
Lenovo CEO Yuanqing Yang spoke to CNNMoney about his company’s recent acquisition of Motorola from Google today. In the interview, Yang was asked if his goal for Lenovo was to eventually catch up with more established competitors in the mobile space, such as Apple and Samsung.
With Motorola, Lenovo will be the No. 3 smartphone maker worldwide. Do you think your company can catch up with Apple or Samsung, who are still far ahead of you? And how long will it take?Yang says that Lenovo’s smartphones will probably be released under the Motorola banner, a smart branding decision given Motorola’s existing name recognition and popularity in the U.S. and other countries.
Definitely, over time. Our mission is to surpass them.
The branding choice combined with the infrastructure and personnel from the Moto buyout could help propel the company to the top of the market, but it will be a hard road to the level of success that Yang is after—especially with Apple and Samsung already locked in a fierce, years-long battle for the top spot.
Throughout the interview, Yang continued to note that several decisions still need to be made with regards to how phones will be branded in certain countries and whether the Lenovo name will be associated with Motorola at all. It will certainly be interesting to see how Yang uses the Motorola brand to push Lenovo forward.
Filed under: Tech Industry Tagged: acquisition, buyout, Google, Lenovo, Motorola, Smartphones
Continue reading more about Tech Industry, Google, and Smartphones at 9to5Mac.
What do you think? Discuss "Lenovo on Moto aquisition: Our mission is to surpass Apple and Samsung" with our community.
Subscribe to:
Posts (Atom)