Shared posts

31 Mar 12:48

Apple’s A7 Cyclone CPU detailed: A desktop class chip that has more in common with Haswell than Krait

by Sebastian Anthony
Corey Garst

Tens of millions of devices being carried around and no one in the free world knows how the CPUs are designed D:

Apple A7 SoC
Some six months after Apple shocked the world with its 64-bit A7 SoC, which appeared in the iPhone 5S and then the iPad Air, we finally have some hard details on the Cyclone CPU's architecture. It seems almost every tech writer was wrong about the A7: The CPU is not just a gradual evolution of its Swift predecessor -- it's an entirely different beast that's actually more akin to a "big core" Intel or AMD CPU than a conventional "small core" CPU.
25 Mar 21:34

Facebook buying Oculus VR for $2 billion

by Chris Welch
Corey Garst

Noooo!! This must have been auto-posted a week early by mistake!

Facebook plans to purchase Oculus VR, maker of the Oculus Rift virtual reality headset, for $2 billion. The deal is comprised of $400 million in cash and 23.1 million shares of Facebook stock. Facebook announced its surprise purchase via a blog post. CEO Mark Zuckerberg has also revealed Facebook's reasons for the deal. "Oculus's mission is to enable you to experience the impossible. Their technology opens up the possibility of completely new kinds of experiences," Zuckerberg says. "Immersive gaming will be the first, and Oculus already has big plans here that won't be changing and we hope to accelerate."

Zuckerberg says that Facebook will "focus on helping Oculus build out their product and develop partnerships to support more...

Continue reading…

21 Mar 11:00

Grin And Bear It: Bear Simulator Launches Kickstarter

by Graham Smith
Corey Garst


Bear all.

Does a bear shit in the woods? Hopefully, since this is Bear Simulator. It’s a first-person game which aims to simulate being a bear. It’s a Kickstarter campaign which aims to discover just how far the internet’s love of novelty animal sims will stretch, after the resounding success of Goat Simulator. It’s a trailer of an extremely early version, embedded below.

… [visit site to read more]

18 Mar 14:38

Paranoid Android's New Peek Feature Shows Notifications When You Pick Up Your Device

by Ryan Whitwam

bubThe Paranoid Android team is in the process of rebuilding the ROM from the ground up with new features and new takes on existing ones. Peek is a new feature designed to make checking your notifications more convenient. All you have to do is pick up the phone – sound familiar?

Peek is a lot like Active Display from Motorola's newer devices. You pick up your device and the screen comes to life with small, minimalist icons in the center to let you know what notifications await you.

Done With This Post? You Might Also Like These:

Paranoid Android's New Peek Feature Shows Notifications When You Pick Up Your Device was written by the awesome team at Android Police.


12 Mar 14:22

[New Game] Cast Against Civility Adapts Popular NSFW Game 'Cards Against Humanity' Into A Chromecast Experience

by Michael Crider
Corey Garst

Nice! Hopefully they'll support iOS as well to make the concept work for everyone.

unnamedCards Against Humanity is a card game (you know, the kind without monsters or life points) that's been gaining popularity ever since its successful Kickstarter campaign. It's a decidedly inappropriate take on Mad Libs, and part of its charm is that you can get it in a published form or download it and print it out yourself. Thanks to the Creative Commons licensing terms of Cards Against Humanity, the core concept has been adapted into a Chromecast game, creatively titled Casts Against Civility.

Done With This Post? You Might Also Like These:

[New Game] Cast Against Civility Adapts Popular NSFW Game 'Cards Against Humanity' Into A Chromecast Experience was written by the awesome team at Android Police.


05 Mar 15:18

Sounding Rocket Launches Into Aurora Over Venetie, Alaska

On March 3, 2014, at 6:09 a.m. EST, a NASA-funded sounding rocket launched straight into an aurora over Venetie, Alaska. The Ground-to-Rocket Electrodynamics – Electron Correlative Experiment (GREECE) sounding rocket mission, which launched from Poker Flat Research Range in Poker Flat, Alaska, will study classic curls in the aurora in the night sky. The GREECE mission seeks to understand what combination of events sets up these auroral curls as they're called, in the charged, heated gas – or plasma – where aurorae form. This is a piece of information, which in turn, helps paint a picture of the sun-Earth connection and how energy and particles from the sun interact with Earth's own magnetic system, the magnetosphere. > Read more Image Credit: NASA/Christopher Perry
04 Mar 15:10

The Next Batman Game Is Arkham Knight, And No, There Won't Be A Wii U Version

Corey Garst

Looks very cool. Would have been interesting to play on Wii U, but PC works.

News: The Next Batman Game Is Arkham Knight, And No, There Won't Be A Wii U Version

Or a PS3 or 360 edition, for that matter

27 Feb 12:00

Aftermath (2014)

Corey Garst

Coolest one he's done in a while

I've added an updated render of "Aftermath" to the gallery this morning. I've brightened things a bit, added some more fire and generally tried to make the scene look a bit less "flat".

Yesterday's render can still be found in the Pickle Jar. Improvement?

27 Feb 18:42

RSA Conference Mobile Application Marred by Security Vulnerabilities

by Brian Donohue

The official mobile application for the ongoing RSA Conference contains a half-dozen security vulnerabilities, according to an analysis performed by researchers from the security service provider IOActive.

IOActive chief technical officer Gunter Ollmann claims the most severe of the vulnerabilities could give an attacker the ability to perform man-in-the-middle attacks, injecting malicious code and stealing login credentials.

“If we were dealing with a banking application,” Ollmann writes, “then heads would have been rolling in an engineering department, but this particular app has only been downloaded a few thousand times, and I seriously doubt that some evil hacker is going to take the time out of their day to target this one application (out of tens-of-millions) to try phish credentials to a conference.”

While Ollmann notes that the man-in-the-middle vulnerability mentioned above is the most severe, he says the second most sever bug is actually more interesting. The application apparently downloads a SQLite database file that is then used to populate the app’s user interface with various conference information, like speaker profiles and schedules. Seems innocuous enough, but that database – for reasons that remain a mystery to Ollmann – contains the first and last names, employers, and titles of every user that has downloaded and registered with the application.

Ollmann admits he’s taking a bit of potshot at one of the premiere security industry conferences, but the point he is really trying to make, he claims, is a bigger one.

“Security flaws in mobile applications (particularly these rapidly developed and targeted apps) are endemic, and I think the RSA example helps prove the point that there are often inherent risks in even the most benign applications,” he said.

28 Feb 12:30

One Man Is Bringing The N64 Kicking And Screaming Into The HD Generation

News: One Man Is Bringing The N64 Kicking And Screaming Into The HD Generation

Ever wanted to run your N64 through HDMI, DVI or VGA?

24 Feb 21:09

Why Microsoft lost Ford Sync: Too costly, too slow, and too hard to use

by Bill Howard
Corey Garst

I think sync would have been fine if they had committed to reasonable software updates. Holding software updates behind a firewall and only putting on newer car years with the same hardware is shit.

Ford expected to shift to industry leader QNX. Don't fret too hard for Microsoft -- it still has a dozen Windows Automotive clients -- but this isn't a good sign for the software giant's mobile efforts.
26 Feb 12:00

Titanfall To Take Up Titanic Amounts Of Hard Drive Space

by Nathan Grayson
Corey Garst

48GB, wow.

Whoever wins, your hard drive loses

Man, giant robots are such a hassle. They break everything, have no regard for my pristine white polar bear rug, and – oh yeah – they’re really goddamn big. Too big to fit in closets, on airplanes, or, apparently, on hard drives. That’s the only explanation I can muster for Titanfall‘s whopping 48 gigabyte hard drive requirement, given that it’s multiplayer-only, not exactly the nexest of “next-gen” games from a graphical standpoint, and isn’t utterly ridden with cut-scenes like, say, Max Payne 3. But then, maybe I’m jumping the sedan-sized gun on this one. After all, the exact nuts and bolts of Titanfall’s multiplayer story are still shrouded in mystery. Which is to say, a giant robot is standing in front of them, and it won’t get out of the way.

… [visit site to read more]

14 Feb 16:11

Kenguru is a tiny electric hatchback for wheelchair users

by Ellis Hamburger
Corey Garst

This is pretty awesome

Kenguru's electric car has no seats, and you drive it by putting your hands on motorcycle-style handlebars. It's built for wheelchair users, who can roll right through the rear hatch of the car into the driver's area. The Austin-based company is preparing to launch its first product, which has an estimated range of 60 miles on an eight-hour charge. When it finally goes into production in 12-18 months, the vehicle will cost you $25,000, but that's before factoring in green energy and mobility tax incentives from the government.

Kenguru, which is Hungarian for "kangaroo," was founded in Hungary but moved to the US when it struggled to find venture capital. No word yet on the actual safety credentials of the car, which at 7 feet by 5...

Continue reading…

13 Feb 14:29

Why you should be scared of Comcast and Time Warner Cable merging

by Bryan Bishop
Corey Garst

So the Comcast CEO stated: "It is pro-consumer, pro-competitive, and strongly in the public interest."

How the hell is do those words come out of someone's mouth?

After rumors broke late last night, Comcast announced this morning that it had reached an agreement to acquire rival Time Warner Cable in a deal worth around $45 billion. The news brings months of machinations to a close: Comcast ended up besting the efforts of the much smaller Charter Communications, which had been trying to advance its own hostile takeover of Time Warner as recently as yesterday.

But with the prospect of a combined Comcast and Time Warner on the horizon, the question turns to what a merger would actually mean — both for consumers and the industry at large. If the move is approved by federal regulators, it could cement the kind of monolithic monopolies that have plagued cable subscribers all along, raising concerns...

Continue reading…

12 Feb 20:21

[Hands-On] Nine Is A Clean And Attractive Email Client Aimed At Exchange Users And Very Few Others

by Bertel King, Jr.
Corey Garst

Looks pretty decent, first third party Exchange app I've seen that doesn't have a terrible interface.

Nine-ThumbTwo days ago I took a look at CloudMagic's Android email client, and I have to admit, it's a well-designed piece of software. Its blazing fast searching is its claim to fame, but even without this functionality, it's an attractive, holo-friendly app with support for multiple accounts and a unified inbox. But - and for many, this is a big but - the app indexes your mail on CloudMagic's servers.

Done With This Post? You Might Also Like These:

[Hands-On] Nine Is A Clean And Attractive Email Client Aimed At Exchange Users And Very Few Others was written by the awesome team at Android Police.


12 Feb 21:36

Windows XP Could Be Infected Within 10 Minutes of Support Ending

Corey Garst

I'm sort of expecting a shortage of cash bills in the country after people get all of the ATMs cleaned out on April 8th.

Hackers may be sitting on exploits and waiting for Windows XP's support to stop.
13 Feb 10:47

Google brings Windows apps to Chrome OS in latest Microsoft attack

by Tom Warren
Corey Garst

Hmm, interesting.

Google’s intentions with its Chromebooks have always been clear: disrupt Microsoft’s Windows monopoly. The approach of low-cost devices and a modern cloud-powered OS has left Microsoft a little nervous, but Google is now launching the next stage of its continued attack: the enterprise. In a deal announced quietly this week, Google is partnering with VMWare to bring traditional Windows apps to its Chromebooks. The apps will appear in Chrome OS "similarly to how they run today" according to Google, and VMWare’s cloud-based infrastructure will help companies run their essential apps on servers and stream them to Chrome OS and other devices. The announcement comes just days after Google announced a Chrome-powered teleconferencing...

Continue reading…

04 Feb 16:00

Go West, Young Rover

Corey Garst

Those mountains on the landscape.. wow

The team operating NASA's Curiosity Mars rover will likely drive the rover westward over a dune and across a valley with fewer sharp rock hazards than alternative routes. A final decision on whether to pass through this valley will ride on evaluation of a short drive planned this week toward the top of the dune that lies across "Dingo Gap." The dune is about 3 feet (1 meter) high at its center, tapered off at both sides of the gap between two low scarps. A color view assembled from images taken by Curiosity's Mast Camera (Mastcam) on the east side of the dune shows details of the valley that the rover may traverse this month. NASA's Mars Science Laboratory Project is using Curiosity to assess ancient habitable environments and major changes in Martian environmental conditions. JPL, a division of the California Institute of Technology in Pasadena, built the rover and manages the project for NASA's Science Mission Directorate in Washington. > Full Image and Caption Image Credit: NASA/JPL-Caltech/MSSS
29 Jan 05:00


Corey Garst

Much easier to digest

Changing the names would be easier, but if you're not comfortable lying, try only making friends with people named Alice, Bob, Carol, etc.
27 Jan 00:17

ET deals: 4K Dell P2815Q 28-inch monitor for $629

by Tim Supples
Corey Garst

Wow.. cheap.

Dell made waves at CES this year when it announced it would have a 4K monitor available for well below the $1,000 mark, actually hitting a supposed $699.99 MSRP. Not only did Dell achieve this, but this new display just went on sale and we found a coupon that works for it.The new P2815Q is…
27 Jan 16:58

The Red Nexus 5 Surfaces In Leaked Photos, May Actually Be A Real Thing [Update: More Pics]

by Ryan Whitwam
Corey Garst

I'd be surprised if this colored Nexus thing was profitable.. Doesn't seem like the right mix of demographics.

rn5Google has long offered Nexus devices in black, with only occasional white options. The Nexus 5 is the first one that has been available in both colors from the start. Perhaps because of this, rumors of different colors for the Nexus 5 have been circulating for a while now, but a new cache of photos is the best evidence yet that a red version of Google's flagship is on the way.

Done With This Post? You Might Also Like These:

The Red Nexus 5 Surfaces In Leaked Photos, May Actually Be A Real Thing [Update: More Pics] was written by the awesome team at Android Police.


27 Jan 20:00

Gender Swap Is A Fascinating Use Of Oculus Rift (NSFW)

by John Walker
Corey Garst

Oh god. Nothing good can become of this.

I’ve yet to put on some Oculus Rift goggles, which rather annoys me. I imagine March’s GDC will see that cherry popped for me, but I suspect not in a way as innovative or intriguing as is offered by Gender Swap. As part of The Machine To Be Another, an ongoing experimental art project, this uses the virtual reality headset to give users the experience of being someone else – and in this case, someone of a different sex.


22 Jan 15:11

Performance Reviews Are Not Useful; Feedback Is

by Managing Product Development

I have received some wonderful feedback from some of my managers. Back when I was a young engineer, one of my managers gave me the feedback at an annual review that I didn’t quite finish my projects.

“Oh, you mean on the project I just finished last week?” I wanted to know if it was just that one. I thought I could go back and finish it.

“No, I mean the one 9 months ago, the one 6 months ago, the one 3 months ago, and the one last week,” my boss said.

I became angry. “Okay, I understand why you saved last week’s project for my performance review. That’s okay. Why on earth did you “save” my feedback for the other three projects?? I could have fixed them!”

He shrugged. “I thought I was supposed to wait for the performance review.”

“Don’t wait that long!” I told him. I vowed that when I became a manager, I would never surprise people with feedback.

I now know about finishing projects. As I said, it was great feedback.

I’ve also received feedback about how I needed to let people on a project come to me with bad news. That was really helpful, and I didn’t receive it at a performance review, thank goodness. That would have been way too late. I was able to change my behavior.

When I became a manager, I had to write performance evaluations for my staff. I didn’t like it, but I did it. I thought it was crazy, because, even though we weren’t agile back then, the people worked in cross-functional teams where the people on the teams knew more about what “my” people did than I did. Yes, even though I had one-on-ones. Yes, even though I asked everyone for a list of accomplishments in advance. But, it was the way it was. Even I thought I couldn’t buck city hall.

But now, agile has blown the idea of performance evaluations wide open. And ranking people? Oh my.

I one worked in an organization where a new VP wanted to rank everyone in the Engineering organization, all 80 people. I thought he wasn’t serious, but he was. He wanted to rank everyone from 1 to 80. Us directors had to take an entire day to do this. What was he going to do with the ranking? Cut the bottom 10%. This was serious.

I asked him, “Who’s going to rank us?”

He answered, “I will.”

I asked, “Based on what information?” He’d been there a week.

He replied. “I have my sources.”

Yeah, I bet he did.

The results of that ranking exercise? He managed to take a team of directors who had worked together well before that day, and make us a group of individuals. We were out for ourselves, because this was a zero-sum game.

At the end, no one was happy. Everyone was unhappy with the ranking, with the process, with everything about the day. This was no way to run an organization where people have to work together.

I’ve been a consultant for almost 20 years now. I have not received a formal performance review in that time. I’ve received plenty of feedback. Even when I haven’t enjoyed the feedback, I have liked the fact that I have received it.

And, that is the topic of this month’s management myth, Management Myth 25: Performance Reviews Are Useful.

Remember, I was inside organizations for almost 20 years. I received fewer than 15 performance reviews. Somehow, my bosses never quite got around to them. They hated doing them. I know that one of my bosses wrote them with help of Scotch; he admitted it.

Feedback is useful. Performance reviews? Not so much.

P.S. I know there is a comment on that article already. I am writing a response. The comment deserves more than an off-hand reply.

22 Jan 20:01

New Android Malware Steals SMS Messages, Intercepts Calls

by Chris Brook
Corey Garst

Neat, emulator evasion.

A new strain of Android malware has been spotted that masquerades as an Android security app but once installed, can steal text messages and intercept phone calls without the device’s owner being any the wiser.

Dubbed Android.HeHe, the malware has six variants according to a blog post yesterday by Hitesh Dharmdasani, a mobile malware researcher with FireEye.

The malware apparently comes disguised as a security update (“Android Security”) for the phone’s operating system and once it’s set in place, it contacts the command-and-control server and conducts surveillance on incoming SMS messages. The command-and-control server responds with a list of phone numbers that “are of interest to the malware author,” according to Dharmdasani. If one of those numbers sends an SMS or makes a call to a compromised device, the malware intercepts it, refrains from sending the device a notification and removes the message from the SMS history.

While text messages are logged and sent to the C&C, phone calls are outright silenced and rejected.

Other information, like the phone’s International Mobile Station Equipment Identity (IMEI) number, its phone number, SMS address and channel ID are also collected, converted into JSON, then a string and sent off to the C&C as well.

Further information like the phone’s model, operating system version, associated network (GSM/CDMA) are sent off to the C+C in the same fashion.

While the C&C has since gone offline, FireEye researchers were still able to analyze how the server processed responses.

While FireEye’s blog post goes into the malware much more in depth, including a technical discussion of the malware’s “sandbox-evasion tactic,” it’s further proof that threats against Android – and even more variants of those threats – are continuing to stack up.

24 Jan 11:12

This is How I Feel Every Time I Talk With Any Vendor. Ever.

by The Nubby Admin

It never fails. No matter what vendor I’m talking to. Storage, DNS, printers, mobile development, PAPER CLIPS. This is what I end up feeling like within roughly ninety seconds:

I’d love to credit the original artist of the Samuel L. Jackson piece on the left, but can’t find any information. I certainly had nothing to do with it. I just tossed the text up in GIMP. Click the image for a sufficiently large version that could be used for a desktop background. Image ratios might be skewy. Also, if you use it, be a dear and send me a pic of it in the wild so I can have a giggle.

And seriously, folks. Stop with the cloud already.

24 Jan 13:19

Android Open Kang Project Founder Roman Birg Joins Cyanogen Incorporated

by Michael Crider
Corey Garst

This is starting to feel weird..

aokp thumbThe Android custom ROM community is a relatively small one, but it's about to be shaken up in a big way. Roman Birg, founder and leader of the Android Open Kang Project (better known as AOKP), has been hired by Cyanogen Inc., the company that's now formally developing and promoting the CyanogenMod ROM. The move has been confirmed on AOKP's homepage.


AOKP founder Roman Birg, via Google+

Birg hasn't said what he'll be doing for Cyanogen Inc., though the company has been advertising job openings for software engineers.

Done With This Post? You Might Also Like These:

Android Open Kang Project Founder Roman Birg Joins Cyanogen Incorporated was written by the awesome team at Android Police.


24 Jan 19:27

PSA: Do Not Blame Your ISP This Time - Gmail, Google+, And Other Google Services Are Down Or Very Slow [Update: Back Up]

by Artem Russakovskii
Corey Garst

Coincidentally, the Google Site Reliability Engineering team did an AMA this afternoon during the outage. They mentioned an issue that occurred in the past that was very interesting:

"A particularly tricky problem to debug was the time that some of our serving jobs became unresponsive intermittently. At certain times of the day they would block for awhile, and then start serving again, stop, and start, and so on. After a long and tricky debugging process, we found that a big MapReduce job was firing up every few hours and, as a part of its normal functioning, it was reading from /dev/random. When too many of the MapReduce workers landed on a machine, they were able read enough to deplete the randomness available on the entire machine. It was on these machines that our serving binaries were becoming unresponsive: they were blocking on reads of /dev/random! This is when I realized that randomness is one of the finite and exhaustible resources in a serving cluster. Embracing randomness and trickiness is part of the job as an SRE!"

Deplete the randomness? Woah..

imageIf you tried reaching one of Google's popular services, such as Gmail, Google+, or Play Music in the last 30 minutes and failed because they're either unavailable, very slow, or have broken in some other way, don't go blaming your ISP - it's one of those rare occasions when Google itself is having some major hiccups.

The company finally updated the Apps Status Dashboard after a surprisingly long delay of over 20 minutes showing all green and is now looking into the issues:

1/24/14 11:12 AM

We're investigating reports of an issue with Gmail.

Done With This Post? You Might Also Like These:

PSA: Do Not Blame Your ISP This Time - Gmail, Google+, And Other Google Services Are Down Or Very Slow [Update: Back Up] was written by the awesome team at Android Police.


20 Jan 14:15

Asus Now Lists Wired And Wireless Charging Docks For 2013 Nexus 7 Online, No Word When You Can Buy One

by Ryan Whitwam
Corey Garst

You'd think Asus would really want to gouge people at launch. They can't be making more on Nexus devices than they could on the accessories.

fl90s1NWcNQsrkHO_500Nexus devices might be a great deal compared to other devices in the market, but you pay the price when it comes to accessories. They're either horrendously expensive or take so long to go on sale it's almost time for a new version of the device. We might be lining up for the second one here, as Asus has just now posted English listings for the wired and wireless charging docks for the 2013 Nexus 7.

Done With This Post? You Might Also Like These:

Asus Now Lists Wired And Wireless Charging Docks For 2013 Nexus 7 Online, No Word When You Can Buy One was written by the awesome team at Android Police.


20 Jan 16:44

Android Vulnerability Enables VPN Bypass

by Brian Donohue

A vulnerability in the Android mobile operating system could allow hackers to write applications that would bypass a secure virtual private network connection and redirect traffic in clear text to an attacker.

Researchers from Israel’s Ben Gurion University claim that the vulnerability can be exploited by a specially crafted, malicious application that bypasses a VPN configuration and redirects device traffic to separate network address.

In a write-up on the university’s cyber security blog, Dudu Mirman, the department’s chief technical officer, writes that a potentially malicious application capable of bypassing a VPN would not require root permissions. Furthermore, he claims, there is no indication to the user that his or her data is being captured during the exploit process.

In a video demonstration, the researcher tests his exploit on a Samsung Galaxy S4 device, though he says he tested the exploit on a number of devices from various vendors. In the background of the video, the researcher is running a packet capturing tool on a desktop machine connected to the same network. As Mirman opens his malicious application, presses the exploit button, turns on the VPN, and sends an email, you can see computer monitor in the background begin collecting information in transit from the Android device.

The vulnerability will reportedly leak transport layer security (TLS) and secure sockets layer (SSL) traffic as well, though that information will remain encrypted after it is captured. Mirman says that the bug is confirmed on the most widely deployed Android version: 4.3 Jelly Bean. The researchers are in the process of testing the exploit on the newer, 4.4 KitKat variety of Android.

Mimran says he reported the vulnerability to Google’s Android security team on Jan. 17 and that he will publish the full bug details as soon as Google resolves the issue. A request to Google to confirm the existence of the flaw was not returned by the time of publication. This research is part of Ben Gurion University Cyber Security Labs’ ongoing effort to uncover mobile security vulnerabilities. Late last year, another researcher there uncovered a serious security flaw in Samsung Knox.

Below is a video demonstration of the hack:

15 Jan 19:03

Starbucks App Stores User Information, Passwords in Clear Text

by Chris Brook
Corey Garst

Nice! I wonder if there was actually some support logic about including the CLSLog methods in production release.

A vulnerability in Starbucks’ mobile app could be putting coffee drinkers’ information–including their usernames, email addresses and passwords–at risk.

The problem stems from the way session.clslog, the Crashlytics log file, handles those credentials in the event of a crash. Within the file there are “multiple instances” where the credentials are stored in clear text, something that could allow attackers to recover and later leverage the information to access a users’ account, either on the device in question or online at Starbucks’ account log-in page.

The vulnerability exists in the most recent build of the app, version 2.6.1 for iOS.

Starbucks’ app lets users connect their Starbucks card to their smartphone, reload funds via Paypal or credit card and allows them to treat the device like cash in stores worldwide. Ardent java fans can manage their card through the app and accrue Rewards with each purchase.

Daniel Wood, a Minneapolis-based security researcher and pen tester discovered the vulnerability last year, reported it to Starbucks in December but has yet to hear from the company regarding a fix.

It wasn’t until Monday however that Wood went public and published his findings on’s Full Disclosure.

According to Wood, the file, which can be found at /Library/Caches/, contains more than just the user’s login information.

In re-testing the vulnerability last night Wood discovered that the user’s full name, address, device ID and geolocation data are all being stored in clear text as well. This information popped up after Wood reinstalled the app and monitored the session.cslog file during user signup.

Wood also found the app’s OAuth token and the OAuth signature attached to the device in question.

“It contains the HTML of the mobile application page that performs the account login or account reset. session.clslog also contains the OAuth token (signed with HMAC-SHA1) and OAuth signature for the users account/device to the Starbucks service,” Wood said in his write-up.

It’s unclear if a fix is in the works for the app but Starbucks hasn’t released an update since May 2, 2013.

Wood, a member of Open Web Application Security Project (OWASP), recommends future versions of the app adhere to best practices.

In this case, Starbucks should filter and sanitize data upon output “to prevent these data elements from being stored in the Crashlytics log files in clear text, if at all,” Wood writes in his disclosure.

When reached Wednesday, Crashlytics, a Boston-based firm that specializes in crash reporting solutions, couldn’t comment on specific customers but did reiterate that the firm doesn’t recommend developers log sensitive information.

Crashlytics Cofounder Wayne Chang said via email that the issue appears to involve one of the service’s plaintext logging features and that Crashlytics doesn’t collect usernames or passwords automatically. The feature, CLSLog, is an “optional feature that developers can use to log additional information.”

Wood admits he’s only done static analysis of the application so far and has yet to examine network traffic but suspects there is a privacy issue.

“During my static analysis I noticed some JSON requests which contain some sensitive data in the request,” Wood said, suggesting a vulnerability could be present.

Maggie Jantzen, a spokeswoman for Starbucks claimed the company was aware of Wood’s research and what it has deemed “theoretical vulnerabilities” but insisted Wednesday that there isn’t a direct impact to its customers at this time.

“To further mitigate our customers’ potential risk from these theoretical vulnerabilities, Starbucks has taken additional steps to safeguard any sensitive information that might have been transmitted in this way,” Jantzen said.