Shared posts

12 Apr 00:10

Your Clever Password Tricks Aren't Protecting You from Today's Hackers

by Melanie Pinola

Your Clever Password Tricks Aren't Protecting You from Today's Hackers

Security breaches happen so often nowadays, you're probably sick of hearing about them and all the ways you should beef up your accounts. Even if you think you've heard it all already, though, today's password-cracking tools are more advanced and cut through the clever password tricks many of us use. Here's what's changed and what you should do about it.

Blast from the past is a weekly feature at Lifehacker in which we revive old, but still relevant, posts for your reading and hacking pleasure. This week, in the wake of the Heartbleed bug, we though it was time to revive this post and dispel some myths that are still very common.

Background: Passwords Are Easier To Crack Than Ever

Our passwords are much less secure than they were just a few years ago, thanks to faster hardware and new techniques used by password crackers. Ars Technica explains that inexpensive graphics processors enable password-cracking programs to try billions of password combinations in a second; what would have taken years to crack now may take only months or maybe days.

Making matters much worse is hackers know a lot more about our passwords than they used to. All the recent password leaks have helped hackers identify the patterns we use when creating passwords, so hackers can now use rules and algorithms to crack passwords more quickly than they could through simple common-word attacks.

Take the password "Sup3rThinkers"—a password which would pass most password strength tests because of its 13-character length and use of mixed case and a number. Web site How Secure Is My Password? estimates it would take a desktop computer about a million years to crack, with a 4 billion calculations-per-second estimate. It would take a hacker just a couple of months now, Ars says:

Passwords such as "mustacheehcatsum" (that's "mustache" spelled forward and then backward) may give the appearance of strong security, but they're easily cracked by isolating their patterns, then writing rules that augment the words contained in the [2009 hack of online games service] RockYou [...]and similar lists. For [security penetration tester] Redman to crack "Sup3rThinkers", he employed rules that directed his software to try not just "super" but also "Super", "sup3r", "Sup3r", "super!!!" and similar modifications. It then tried each of those words in combination with "thinkers", "Thinkers", "think3rs", and "Think3rs".

In other words, hackers are totally on to us!

What You Can Do: Strengthen Your Passwords By Making Them Unique and Completely Unpredictable

We've suggested plenty of strong password tips over the years, but in light of the faster and newer cracking capabilities, these are worth reviewing.

1. Avoid Predictable Password Formulas

The biggest problem is we're all padding our passwords the same way (partly because most companies limit your password length and require certain types of characters). When required to use mix of upper- and lower-case letters, numbers, and symbols, most of us:

  • Use a name, place, or common word as the seed, e.g., "fido" (Women tend to use personal names and men tend to use hobbies)
  • Capitalize the first letter: "Fido"
  • Add a number, most likely 1 or 2, at the end: "Fido1"
  • Add one of the most common symbols (~, !, @, #, $, %, &, ?) at the end: "Fido1!"

Not only are these patterns obvious to professional password guessers, even substituting vowels for numbers ("F1d01!") or appending another word ("G00dF1d01!") wouldn't help much, since hackers are using the patterns against us and appending words from the master crack lists together.

Other clever obfuscation techniques, such as shifting keys to the left or right or using other keyboard patterns are also now sniffed out by hacking tools. As one commenter wrote in the Ars Technica article, hackers use keyword walk generators to emulate millions of keyboard patterns.

The solution: Don't do what everyone else is doing. Avoid the patterns above and remember the basics: don't use a single dictionary word, names, or dates in your password; use a mix of character types (including spaces); and make your passwords as long as possible. If you have a template for how you create memorable passwords, it's only secure if no one else is using that rule. (Check out IT security pro Mark Burnett's collection of the top 10,000 most common passwords, which he says represents 99.8% of all user passwords from leaked databases, or this list of 500 most common passwords in one page.)

2. Use a Unique Password for Each Site

We'll get back to password creation in a minute, but first: this is the most important security strategy of all. Use a different password for each site. This limits the damage that can be done if/when there's a security breach.

If you use the same password for everything, and someone gets a hold of your Facebook password, they have your password for every site you visit. If you have a different password for every site, they only have access to your Facebook account—so at least all your other accounts are protected.

4. Use Truly Random Passwords

You've probably heard that a random, four-word passphrase is more secure and more memorable than complicated but shorter passwords, as web comic xkcd pointed last year. This is true, but often irrelevant, because like we said: you need to use a different password for every account. If you can remember 100 different four-word passwords, be my guest. But for most of us, it doesn't matter how easy your passwords are to remember—there's just too many of them. (Though the passphrase approach might be good for, say, your computer login or the few cases you need to remember your password.)

Using a variation on the same password for each site isn't a good idea, either. Say you have a password like ro7CSfac2V3p1 for Facebook, and you use the variation ro7CSlif2V3p1 for Lifehacker, and so on for all your other sites. If a hacker gains access to one of those passwords, they can easily guess the others by replacing "fac" with the letters that might match other sites (or figuring out whatever your algorithm is). It's more difficult, but far from impossible, and it isn't secure enough to rely on—if you can remember it, someone else can probably figure it out.

So: The most secure option is to use a password generator and manager. If you want to keep your accounts safe, you need to use a truly random, long, and complex password, and use a completely different one for each account. How do you accomplish this? Use a password manager like LastPass, KeePass, or 1Password. Not only will they save all your passwords for you, but they can generate random passwords for you. It's easier to use and set up than you may think.

For more information, I highly, highly recommend you read our guide on how to audit and update your passwords with LastPass for detailed instructions. Remember, the only secure password is the one you can't remember—and this is the only way to achieve that. Those clever password tricks we used to use just don't cut it anymore.

Lastly, make sure you turn on two-factor authentication for all sites that support it! It is, by far, one of the best ways to secure your accounts against hackers—even if they get your password, they won't be able to get access.

11 Apr 21:13

"It Is Far Better to Have More Time Than Money"

by Thorin Klosowski

"It Is Far Better to Have More Time Than Money"

It's easy to spend months saving up money for vacations, but as traveler Kevin Kelly reminds us, money's not as important as we think. Time is the commodity we should be watching.

Money can buy you all kinds of luxuries that make a vacation easier, but it can also cause you to miss out on all types of things. Kelly explains:

Here is what I learned from 40 years of traveling: Of the two modes, it is far better to have more time than money.

When you have abundant time you can get closer to core of a place. You can hang around and see what really happens. You can meet a wider variety of people. You can slow down until the hour that the secret vault is opened. You have enough time to learn some new words, to understand what the real prices are, to wait out the weather, to get to that place that takes a week in a jeep.

Money is an attempt to buy time, but it rarely is able to buy any of the above. When we don't have time we use money to try to get us to the secret door on time, or we use it avoid needing to know the real prices, or we use money to have someone explain to us what is really going on. Money can get us close, but not all the way.

This idea isn't anything new, but it's still a healthy reminder that sometimes it's best to just go on vacation without worrying about affording luxuries.

More time is better than more money. | Kevin Kelly via Shawn Blanc

Photo by David~O.

11 Apr 19:51

NSA Accused Of Exploiting Heartbleed For At Least Two Years; Agency Denies It

by Selena Larson

The National Security Agency exploited the massive security vulnerability called Heartbleed for the past two years, and used the flaw in OpenSSL to intercept private data, according to a new report from Bloomberg.

Heartbleed is a newly-discovered flaw in OpenSSL that makes your private information—usernames, passwords, bank statements, etc.—vulnerable to potential hackers, and apparently, government snoops.

Update: The NSA denied any knowledge of Heartbleed before it was made public this week. The National Security Council released an official statement on Friday afternoon, saying claims that the NSA had prior knowledge of Heartbleed are wrong. 

Statement: NSA was not aware of the recently identified Heartbleed vulnerability until it was made public.

— NSA/CSS (@NSA_PAO) April 11, 2014

Image by Flickr user Erokism

11 Apr 16:14

Price Items in Terms of Hours Worked to Make Better Spending Decisions

by Kristin Wong on Two Cents, shared by Whitson Gordon to Lifehacker

Price Items in Terms of Hours Worked to Make Better Spending Decisions

Want to buy something, but not sure if it's truly worth it? To make better spending decisions, consider valuing an item in terms of hours worked.

Finance blog Making Sense of Cents suggests pricing an item in terms of how many hours of work it would take for you to pay for it. First calculate your hourly take home pay, then calculate how many hours it takes to pay for the item.

Writer Michelle S uses the example of dining out: If a restaurant meal with your partner costs fifty bucks, you might initially think it's worth the splurge. But when you consider it takes three hours of your hard work to pay for that meal, you might think twice about its value.

If you waver with spending decisions, this is a great, simple trick to help figure out the worth of something. After all, your time is valuable, too. Michelle offers two more interesting tips for making better spending decisions. Check out her full post.

Do You Value Items In Terms of Hours Worked? | Making Sense of Cents

Photo by Oxfordian.


Two Cents is a new blog from Lifehacker all about personal finance. Follow us on Twitter here.
11 Apr 16:12

Big lineups for the Galaxy S5 at UK Samsung Stores

by Richard Devine

There's one type of phone folks line up for every year, but with the launch of the Samsung Galaxy S5 it looks like there's another. This particular photo shows the line up outside the flagship Samsung Experience Store in Stratford, London, right before the 6 p.m. availability last night. And there's a ton of people.

Folks who pre-ordered at one of these stores throughout the UK were able to go and collect their shiny new Galaxy S5 the day before general release. It sounds like the other stores experienced similar line ups, with many people eager to be first to get their hands on the Galaxy S5.

It's no iPhone line, sure. But it's still damned impressive.

Get your Galaxy S5 yet? Be sure to swing by our Galaxy S5 forums!








11 Apr 15:06

Heartbleed security flaw may not be as dangerous as thought

by Russell Brandom

After this week's massive Heartbleed bug, one of the biggest concerns was that the bug might leak a website's private SSL keys, the key to the green lock that secures data sent to users. It's especially dangerous because, if an attacker did access the keys, they could be used even after the server was patched, allowing attacks months or even years in the future.

"If it is possible, it is at a minimum very hard."

But today, the content distribution network CloudFlare has announced Heartbleed may not allow access to those private keys after all. In two weeks of testing, the company has been unable to successfully access private keys with Heartbleed, suggesting the attack may not be possible at all. "If it is possible, it is at a minimum...

Continue reading…

11 Apr 15:05

Facebook's latest government report reveals which countries censor its News Feed

by Chris Welch

Facebook today released its second global government transparency report, covering the period between July and December of last year. Apart from the regular numbers pertaining to government requests for user data, the social network is now — for the first time — revealing how often countries have restricted or had content removed from the site "on the grounds that it violates local law." India easily ranks as the worst offender here, with 4,765 content restrictions. Facebook says most of those related to laws "prohibiting criticism of a religion or the state." And India is no small market for Facebook. The country recently reached 100 million monthly active users..

Turkey is second; it had 2014 pieces of content restricted. Both...

Continue reading…

11 Apr 14:08

Dropping Dropbox - what's a replacement?

by Mark Frauenfelder

I loved Dropbox and Mailbox. I was paying for a 200GB account. But after learning that Iraq war starter, torture promotor, and warrantless wiretapper Condoleezza Rice will be joining Dropbox's Board of Directors I deleted my account (Dropbox doesn't issue refunds, so I lost about $100. They can keep it.). I also deleted the Mailbox app from my phone.

Now I want a Dropbox replacement. Something that offers cloud syncing. The website Drop Dropbox has a few suggestions: Box.com, Microsoft OneDrive, SpiderOak, and Google Drive. I'd like to hear from Boing Boing readers who've had experience with alternatives to Dropbox. Please post your comments in the BBS!






11 Apr 14:06

Sue Townsend, R. I. P.

by Bill Crider
BBC News: Novelist Sue Townsend, best known as the author of the highly successful Adrian Mole series of books, has died, a family friend confirms to the BBC.
10 Apr 22:23

Fresh Trailer For How To Train Your Dragon 2

Fresh Trailer For How To Train Your Dragon 2

There's a whole other world of dragons out there...

Fresh-Trailer-For-How-To-Train-Your-Dragon-2

How To Train Your Dragon won plenty of fans when it soared into cinemas in 2010, so naturally there is a lot of anticipation for the sequel, which promises to expand the world of Hiccup (Jay Baruchel), Toothless and co. We’ve had a couple of trailers already, but here comes the latest, courtesy of the team over at Apple.

When we catch up with the island of Berk, five years have passed. The residents now leave in peace with the dragons, and while Astrid, Snoutlout and the rest of the gang are challenging each other to dragon races, the now inseparable Hiccup and Toothless journey through the skies, charting unmapped territories and exploring new worlds. When one of their adventures leads to the discovery of a secret ice cave that is home to hundreds of new wild dragons and the mysterious Dragon Rider, the two friends find themselves at the centre of a battle to protect the peace. {New How To Train Your Dragon 2 Poster}

As with at least one of the other promos, there is a fairly hefty plot point that DreamWorks Animation and Fox don’t seem to be too concerned with giving away, so keep that in mind if you were planning to stay unspoiled for the film’s opening. The trailer’s release date relates to the US; the UK will see How To Train Your Dragon 2 on July 4.


10 Apr 22:10

Amazon Acquires Digital Comic Book Store Comixology

by Greg Kumparak
comixology Amazon has just announced that they will acquire comiXology, a service that offers digital versions of comics from Marvel, DC, and many others. If you’ve never used it, it’s probably easiest to think of comiXology as a sort of iTunes/Kindle Store for comic books. You buy a comic through their online store, then read it either on the web or through the company’s iOS/Android apps.… Read More
10 Apr 22:10

Twitter Makes In-Browser Notifications Official

by Ingrid Lunden
Twitter today officially announced that it would start to offer in-browser notifications — as we wrote yesterday, noticing a test of the feature. “When you’re logged in on twitter.com, you will receive notifications if someone has replied, favorited or retweeted one of your Tweets. You can also receive notifications for direct messages and new followers,” Michael Ducker of… Read More
10 Apr 22:10

Advertisers are spending more money on the internet than on TV for the first time ever

by Nathan Ingraham

Internet ads are as old of the internet itself, but broadcast television always remained the place advertisers spent most of their money — despite the millions and millions spending hours every day online. However, that balance has been upset for the first time: according to the Interactive Advertising Bureau (IAB), internet ad revenues for 2013 hit $42.8 billion, surpassing broadcast TV ad revenues of $40.1 billion.

While ubiquitous search ads still makes up the largest piece of that spending, advertisers are increasingly targeting your smartphone. The IAB says that mobile ads revenue experienced triple-digit growth for the third year in a row — in 2013, it was up 110 percent compared to 2012, reaching just over $7 billion in...

Continue reading…

10 Apr 22:09

Kim Dotcom Goes Head to Head With The MPAA’s Top Lawyer

by Ernesto

mpaa-restrictedEarlier this week the MPAA filed a lawsuit against Megaupload, Kim Dotcom and two former employees of the defunct file-storage service.

In their complaint the movie studios repeat many of the claims that were laid out in the criminal case while demanding millions of dollars in damages.

But according to Dotcom the lawsuit is just a desperate attempt at an asset-grab by the MPAA because the criminal case against Megaupload is going to fail.

“The criminal case is failing. There will be no extradition. They are now trying to get at our seized assets with civil forfeitures. It’s a move of desperation,” Dotcom tells TF.

MPAA General Counsel Steven Fabrizio disagrees, and has told his side of the story to many news outlets this week. Dotcom and Fabrizio are usually not heard at the same time, but in a rare interview with Radio New Zealand the two bumped heads.

Fabrizio was seemingly under the impression that he was doing a solo interview, but that changed when the reporter informed him that Dotcom was listening in on a second line. When she asked the MPAA lawyer whether he wanted to discuss the case with Dotcom there was a brief silence, but he eventually agreed.

First MPAA’s General Counsel had the opportunity to explain what Megaupload did wrong and why. In line with their complaint, Fabrizio described the file-storage site as a business that was set up to facilitate and encourage copyright infringement.

“Megaupload was never a cloud storage service to begin with,” Fabrizio noted. “From its birth to its death, it was a service that was designed to profit from copyright infringement, and in fact, it did profit handsomely from copyright infringement.”

“The proof of the pudding that it was not a storage service, is that almost 98 percent of the people who used Megaupload were not premium users. If you weren’t a premium user, and your content wasn’t downloaded frequently enough, then Megaupload would delete it,” he added.

Dotcom, who in private refers to the MPAA’s counsel as “Fabricatio,” because he is “script writing and ‘fabricating’ Hollywood’s science fiction lawsuits”, later refuted the claim that Megaupload deleted files uploaded by free users.

“That is a blatant lie,” Dotcom said. “We have not purged any files from Megaupload for many years. If you were a non-premium user and you had an account with us that was free, your files would not be deleted.”

Fabrizio’s second argument was that Megaupload offered a rewards program which encouraged people to share large video files. Again, Dotcom contested this claim by pointing out that people only got paid for files smaller than 100 megabytes. Megaupload’s founder conceded that users could circumvent the limits by uploading split archives, but he stressed that the restriction was specifically put in place to discourage copyright infringement.

The third allegation Fabrizio made was that Megaupload employees had private conversations where they allegedly discussed the “pirate” status of their work.

“Internally they referred to themselves as modern pirates. Some of the employees and some of the co-defendants actually uploaded infringing popular movies themselves, so that they could be downloaded by others,” the MPAA’s top lawyer noted.

Again, Dotcom disagreed and explained that the “pirates” the employee referred to were Steve Jobs and Bill Gates.

“Yeah, well that’s complete nonsense, right. One of our employees who was admin staff and a developer has chatted with our CTO and he watched a documentary called Pirates of Silicon Valley. That was a movie about Steve Jobs and Bill Gates and how they stole the ideas from each other,” Dotcom said.

“He then made this remark to [the CTO] saying we are modern-day pirates, comparing himself to the attitude those guys had, simply because they were copying from each other and we were copying from our competitors and vice versa,” he added.

Responding to the reporter’s question on why he wouldn’t go to the U.S. voluntarily to stand trial, Dotcom said that he offered to do so, but only on the condition that he would get access to his funds as well as bail, which the Department of Justice refused.

The reporter then switched back to Fabrizio, who didn’t seem to believe much of what Dotcom was saying.

“Mr. Dotcom can talk all he wants about his excuses, but the reality is that you can say anything you want if you’re not constrained by the truth of the facts that you’re saying,” Fabrizio said.

Of course, the same also applies to the MPAA and Mr. Fabrizio…

The interview is an intriguing face-off, and the first time ever that the MPAA and Dotcom have gone head-to-head. It probably wont be the last time either, although the venue will very much depend on how the criminal proceedings and the civil case progress.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

10 Apr 19:35

Shortcut Debuts A Siri-Like App For The “Internet Of Things”

by Sarah Perez
shortcut2 Addicted to home automation and other web-connected gadgetry, such as Lockitron or Unikey door locks, Nest or EcoBee smart thermostats, Belkin wemo switches, Dropcam, Fitbit, Jawbone, Sonos and more? Then you're going to like this: A recently launched mobile app called Shortcut is offering you a way to control your devices using voice. As co-founder Duy Huynh puts it, it's like "a Siri for the… Read More
10 Apr 19:35

How do you fix two-thirds of the web in secret?

by Russell Brandom

When word of the Heartbleed bug first came out, news spread like a fire alarm — but it didn’t spread evenly. The vulnerability was spread across as many as two out of every three servers, which made a standard disclosure impossible. Companies like Google and Facebook got the news early, and were already patched when Monday’s news broke, while others, like Amazon and Yahoo, were left scrambling to protect themselves. But why did some companies have advanced warning while others got left in the cold? How did Facebook find out while Yahoo was left out of the loop?

"Antitrust laws do not stand in the way."

From a certain angle, it seems like picking favorites — so much so that the FTC issued a statement this morning "making it...

Continue reading…

10 Apr 19:33

Following Spotify, Deezer Goes Freemium On Mobile

by Romain Dillet
Speaker Music streaming startup Deezer just revamped its free offering across the board in order to become more competitive with Spotify, Rdio and others. Mobile users will now be able to listen to smart radios for free. Like on the web, your music will be interrupted by audio ads every now and then. The company also dropped its listening cap of 10 hours per month on all platforms. Deezer presented a beta… Read More
10 Apr 17:12

Google steps up Android security with regular malware scans

by Rich McCormick

Google is rolling out a new update to Android that means its operating system will start continually checking its host device for harmful apps.The company says the update will enhance Android's Verify Apps service to make sure apps installed both inside and outside of Google Play are "behaving in a safe manner." Prior to the update, Verify Apps, which was introduced to Android in 2012 and Google says has been used more than 4 billion times, only scanned apps during their installation.

Android users who apply the update will see a warning on their device if they have a potentially dangerous app. These warnings may be seen more regularly by people who sideload software or download apps from unregulated marketplaces, but Google says most...

Continue reading…

10 Apr 17:12

Top 10 new Android games this week: The Walking Dead, Impossible Road

by Nick Sarafolean

Welcome back to Android Gaming Weekly, our weekly recap of new game releases. We still plan to cover upcoming releases and games we’re playing, but this column is dedicated to new games that you can start playing right now. Check out our top picks and let us know in the comments section if you have any suggestions for next week’s post.

The Walking Dead: Season One

Description: The Walking Dead is a five-part game series (Episode 2-5 can be purchased in-app) set in the same universe as Robert Kirkman’s award-winning series. Play as Lee Everett, a convicted criminal, who has been given a second chance at life in a world devastated by the undead. With corpses returning to life and survivors stopping at nothing to maintain their own safety, protecting an orphaned girl named Clementine may offer him redemption in a world gone to hell. Experience events, meet people and visit locations that foreshadow the story of Deputy Sheriff Rick Grimes. A tailored game experience – actions, choices and decisions you make will affect how your story plays out across the entire series.

 

Groundskeeper 2

Description: Groundskeeper2 throws you in the middle of a war–one with supernatural robots from outer space. Yeah. We went there! Every time you play this game you will get further and have a better chance at surviving. You’ll unlock new weapons like the machine-gun, laser-gun and  rocket-launcher; and tools like all-destroying lightbeams, shields, time-slowdowns and more! What’s more important, you’ll unlock new worlds and hopefully become a true hero for the resistance. Or die a quick death and try again.

 

15 Coins

Description: 15 Coins is a deceptively difficult minimalistic arcade game with one goal: collect 15 Coins before you are killed by your clones. Your ship is always moving forward and all you have to do is tilt or tap to turn left and right to collect 15 Coins. The only things standing between you and victory are endless clones that follow the path you’ve traveled. Crash into a clone and it’s game over. You’re not alone, though; you can collect a power-up to temporarily freeze the clones and smash into them to destroy them! Can you avoid your clones long enough to collect 15 Coins?

 

Millie

Description: A joyful, casual puzzle game that will tease both your wits and your memory! You’ve always dreamt of flying. Roaming high in the clouds, free from all worries. Just gliding through the air like a bird. Unfortunately, you were born as a millipede, and your best chance of launching to the sky is probably in some crows mouth… or is it? Rumor has it that the local Aviation School is accepting new recruits for a pilot course. Seeing an opportunity to make your dreams come true, you seize the moment and embark on the journey of your life. Your path is full of dangers, mazes and obstructions, but the end goal is more than worth it! So rise on your feet, all 100 of them, and get going! Control a millipede, roaming through over 90 diverse levels. Solve the elaborate mazes laying on your way. Gather and use a multitude of power-ups that will help you with your struggles. Enjoy three types of immersing mini games. Grow bigger and bigger and remember: try not to eat your tail.

 

Iron Force

Description: Take part in epic, explosive multiplayer tank battles in Iron Force. Join forces with your friends in team-based battles, or have a free-for-all.

 

Impossible Road

Description: Guide THE VESSEL down the roller coaster-like track at speed, scoring for each gate you make it through. Navigate hair-pin bends, jumps, banked curves and adverse camber in the quest for the perfect line. And when you learn how to cheat the game, and you discover that it is rewarded not punished, the leaderboards will belong to you. [sic]

 

War Agent

Description: A war between two nations is imminent. There is opportunity to make profit out of the incoming war. War Agent is a high score, fast paced resource management game that puts the player in the place of a war profiteer. The game explores the world of war profiteering and how greed can lead to unforeseen consequences on a global scale.

 

Bouncing Zombie

Description: Bounce around and eat as many brains as you can in this fun and addicting arcade Zombie game. Dangerous Obstacles and Rotten Brains (red) will try to stop your way to the Tops of the Leaderboard. Can you beat the Highscore?

 

Fling!

Description: Fling! is an addictive puzzle-game based on a simple, unique concept, which is at the same time infinitely challenging. Ideal for all ages. Featuring over 100,000 unique puzzles, no two puzzles you encounter are ever the same. Split into 35 levels of gradually increasing difficulty, Fling guarantees you many long hours of puzzling fun! Each puzzle has a single, unique solution and is solved by simply flinging (pushing) the furballs and watching them bump each other off the edge of the screen until only one is left.

 

First Strike

Description: A nuclear armageddon is no one’s dream scenario. So choose your steps carefully. It’s a small path between war and peace. FIRST STRIKE is a great strategy simulation featuring snappy gameplay and an intuitive interface that makes dropping the big one as easy as ABC. But be sure to take the right measures to guarantee your people’s safety.

 

10 Apr 17:11

This List Reveals the Heartbleed-Affected Passwords to Change Now

by Melanie Pinola

This List Reveals the Heartbleed-Affected Passwords to Change Now

By now you've probably heard about the massive Heartbleed security bug that may have compromised the majority of the world's web sites. Everyone should change their passwords on the affected sites—but only after those sites have patched the issue. Mashable is maintaining and updating a list of the most popular sites you should change your passwords for ASAP.

LastPass users have a built-in Heartbleed checker for their accounts, but that doesn't help those of us who don't use LastPass or even new LastPass users. (I imported over 800 accounts into LastPass yesterday and this morning and was told I didn't need to take any action, probably because the tool saw all my passwords as new.)

Mashable reached out to the major email, social, finance, and other sites on the web to create this chart showing which sites have been affected, if they've patched it, and if the sites recommend you change your password now.

So you can see at a glance that you should change your Facebook password, but not necessarily your Microsoft one. Google, interestingly, says they patched its services and you don't "need" to change your password, but you probably should (better safe than sorry).

You'll probably want to keep monitoring the Mashable list for those companies (like Apple) who haven't responded yet, and your email inbox for notices from companies that aren't on the list.

Happy change your passwords week.

Update: This list unfortunately doesn't specify if the companies have revoked and reissued their security certificates, which is important for the utmost precaution for them to do before you change your passwords. Most of the companies' statements say they've patched the issue or applied the appropriate fixes, but the certificate status is unclear. So even if the sites are saying everything's fixed, it's better to wait until you know for sure if the certificates have been updated. If you're a LastPass user, they have that data or you can check sites individually at https://lastpass.com/heartbleed/(and it looks like LastPass is starting to roll out info for new users, but it's very incomplete as of this writing). For further reading, see Troy Hunt's post or this one from 1Password.

The Heartbleed Hit List: The Passwords You Need to Change Right Now | Mashable

10 Apr 13:57

Record Labels Lose Big as Court Declares File-Sharing Tools Legal

by Andy

In 2008, Universal, Sony, EMI, Warner and “Spanish RIAA” Promusicae (Productores de Música de España) joined forces to sue MP2P Technologies, a company created by Pablo Soto, the brains behind Blubster, the “Spanish Napster” file-sharing software.

The record companies said that Soto had designed his Blubster, Piolet and Manolito software with the intent of providing a platform for users to pirate music while he generated profit. This, the labels said, amounted to unfair competition in the market. Soto should pay them 13 million euros ($18m) in damages, the labels argued.

Following years of litigation, in 2011 a Madrid court handed defeat to the labels by declaring Soto’s technology neutral. While his users may have infringed copyright, Soto was not responsible for that, the court said. Furthermore, since Soto wasn’t in the record business and the labels weren’t in the file-sharing business, the unfair competition claim was also dismissed.

After investing so much time in the case, the labels weren’t prepared to concede defeat. The case went to the Madrid Court of Appeals which has just made its decision public. It’s a decisive win for Soto and a big loss for the labels.

“[Soto's] activity is not only neutral, and perfectly legal, moreover it is protected by article 38 of our Constitution,” the Court wrote in its ruling.

Speaking with TorrentFreak, Soto says that the Court saw no problem with sharing technology and discovered no plan “to sink or unbalance the recording industry” or obstruct the development of its business.

“The court affirmed — yet again — that [the creation of sharing technologies] is not an act of looting, unfair competition or unfair benefit from others’ effort,” Soto informs TF.

The Spaniard, who has been developing software since he was 16 years old, adds that the win is not only good news for him, but also for others seeking to innovate.

“This clears the path for more opportunities to bring leading edge technologies to the marketplace and no longer be distracted by misguided legal tactics from the copyright conglomerates. We really appreciate and thank our loyal following, especially among the readers at TorrentFreak.”

Soto’s lawyer, David Bravo, who described the ruling as having a “very strong foundation”, said developers will now be able to go about their business free from “inventive legal interpretations that define the very creator of a file-sharing tool as the responsible of copyright infringement.”

In celebration of the victory, Soto has released a brand new version of his Blubster software, for the first time powered by BitTorrent.

“While we have continued innovating with Torrents.fm, we can now also focus once again on further creating and offering advanced P2P technology across our other networks with this new version of Blubster just launched today,” Soto told TF.

Traditionally Windows only, Blubster will soon debut on both Linux and Mac.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

10 Apr 13:56

Sonos Adds Support For Google Play Music, Including Casting From Play Music Android App

by Ryan Whitwam

sSonos released a beta app a few weeks back that is much less... unattractive. The company isn't stopping with the looks, though. Sonos is getting official support for Google Play Music today, allowing you to stream tunes directly to your Sonos speakers from Google's cloud.

Screenshot_2014-04-10-08-23-56 Screenshot_2014-04-10-08-29-31

Sonos-enabled Google Play Music

Screenshot_2014-04-10-08-59-01 Screenshot_2014-04-10-08-59-59

Left: Updated Sonos 4.3. Right: Sonos 5.0 beta

Sonos already supports a few dozen music services around the world, but Google Play is particularly big for Android users.

Done With This Post? You Might Also Like These:

Sonos Adds Support For Google Play Music, Including Casting From Play Music Android App was written by the awesome team at Android Police.



10 Apr 12:34

What's The Best Personal Finance Tool?

by Alan Henry

What's The Best Personal Finance Tool?

Managing your money and staying on top of your finances is important. This week, we want to know which apps and services you use to keep track of your accounts, see where your money is going, and keep an eye on your financial health.

It's been a while since we asked you this question, and back then we split it up into desktop and mobile personal finance tools. Since most tools now have mobile apps that work with them, it may not make sense to break them up anymore, but we're still curious—what with all the new, improved apps that do the job—which ones you prefer. Leave your vote in the discussions below!

Let's hear your vote in the discussions below! To cast your vote, follow these guidelines:

  1. Follow this format for your vote, including the bold print. If you don't, it won't be counted:
    A PHOTO OR SCREENSHOT OF THE BEST PERSONAL FINANCE TOOL

    Vote: [BEST PERSONAL FINANCE TOOL]

    Why: Why is this app the one you trust with your money? Maybe it's available on all of your devices, or you can log in and check multiple accounts with it. Maybe it has other tools, like budgeting tools and savings planners. Make your case! Try to keep it to a single paragraph, maybe two.

  2. Don't duplicate nominations! Instead, if someone's nominated your pick, star (recommend) it to give it a boost, and reply with your story instead.
  3. Please don't leave non-entry, direct comments on this post. They'll just get pushed down. Save your stories for others' submissions!

If you're not sure what we mean, just check out the nominations by our writers below. We'll give you a head start, and they should all be in the proper format, so you can just follow our lead.

The Hive Five is our weekly series where you vote on your favorite apps and tools for any given job. Have a suggestion for a topic? Send us an email at tips+hivefive@lifehacker.com!

Photo by Keith Cooper.
10 Apr 12:31

U.K. Healthcare E-booking Platform, Zesty, Adds Another $2M+ To Its Seed Funding

by Natasha Lomas
Zesty U.K. healthcare startup Zesty, which much like ZocDoc in the U.S. offers an online platform to locate and book healthcare appointments at short notice, has topped up its seed investment with more than $2 million in new funding coming from two new VC firms, TA Ventures and ABRT Fund. Read More
09 Apr 22:58

Fresh Meat: 10 new Android apps worth checking out

by Nick Sarafolean

New apps need lovin’ too, right? Every day there are thousands of additions to the Google Play Store, but many go unnoticed and never receive the attention they deserve. We’ve shown in the past that this community can discover great apps and propel them to new heights. Our weekly Fresh Meat column highlights new apps with fewer than 100,000 installs. Browse our new Android app picks below and let us know which ones you enjoy.

Watchup: Your Daily Newscast

Watchup

Description: Watchup is the smartest way to watch video news because it builds your personalized newscast from a growing number of local, national and international news channels. Just turn it on to watch your newscast play continuously. Schedule an alert to receive your newscast at your preferred time. Need more context? Read text articles related to the video you are watching

 

AutoCast

AutoCast

Description: AutoCast is a Tasker plugin that gives you full control over your Chromecast. It not only enables you to cast images, audio and video from Tasker, but you can also cast and control many other local or web contents, like YouTube videos and playlists, notifications, voice, and web pages! You can also take over other apps that are being cast and control their playback!

 

Inkling eBooks – Beta

Inkling eBooks

Description: Inkling’s interactive eBooks are designed to help you learn, study, and discover just about anything, whether it’s for school, work, or play. Our books cover the gamut from anatomy to photography and travel to cooking.

 

Javelin Browser

Javelin Browser

Description: Javelin is a GORGEOUS Android browser built focused on the mobile experience of surfing the web. #1 mobile browser with built-in adblock. First Android browser with reading mode (Similar to Readability/Pocket app). One-touch navigation for everything

 

Knock Lock

Knock Lock

Description: Knock Lock is simple application that allows you to select area on your display to enable “knock to sleep” feature. Also in app you can select size of area available for knocking.

 

Automatic

Automatic

Description: Automatic is your Smart Driving Assistant. It wirelessly connects your car and your Android using Bluetooth®. With Automatic, you can: Drive smarter and save big on gas. Get feedback on your driving style with subtle audio cues when you do things that waste gas. Know what that check engine light means and clear it with a tap. Track your trips and drive score. Always remember where you parked. Get emergency assistance in a serious crash. (Coming soon)

 

Samsung Smart Home

Samsung Smart Home

Description: Samsung Smart Home Application enables people to easily connect with various Samsung home devices including refrigerators, washing machines, air conditioners, ovens, vacuum cleaners, lighting and more through your smart phones and wearable devices. Using the Smart Home app, you can access your home devices from anywhere and includes convenient services such as check status, control, home view, and connect to service centers. Convenience, easy remote access, and other practical features are all part of the compelling Samsung Smart Home experience.

 

Downtyme

Downtyme

Description: Downtyme is the fastest, most convenient way to get together with friends in your free time. Scheduling your free time has to start with knowing when you’re busy. Easily import or input your commitments and Downtyme will figure out the rest. Downtyme uses intelligent algorithms to accurately determine who you’re most likely to spend your free time with. Of those friends, Downtyme filters out the ones that are too far away and shows you the ones nearby.Select one (or many) of your friends who are also free and ask to hang out, eat, or even shop. It’s all up to you!

 

Distiller

Distiller

Description: Distiller is your companion, guide, and collection as you grow the whiskey side of your life. Get a personalized whiskey recommendation for any situation, whether you’re at a bar with your friends, growing your personal collection, discovering a new flavor, or giving a gift. We go beyond the label to offer suggestions based on your tastes matched with the unique characteristics of each bottle.

 

Huey – Camera for Philips Hue

Huey Camera for Philips Hue

Description: Watch your lights come to life with Huey! The first camera application for the Philips Hue that allows you to create amazing “point and shoot” ambient light effects with no effort. Why spend money on expensive and complicated ambient light systems when all you need is this app coupled with a pair of Philips Hue lights? With Huey, you can create gorgeous ambient light effects when watching your favorite movies or TV shows, by simply pointing your camera to your screen, it’s that simple!

 

09 Apr 22:56

Condoleezza Rice, surveillance and torture fan, joins Dropbox board

by Rob Beschizza

You don't need Mike Judge to remind you how dumb the valley is. Buried on page 3 of a Businessweek story by Brad Stone and Ari Levy, via Sam Biddle at Valleywag:

Dropbox has also added a prominent fourth member to a board of directors that Houston has until now kept small—Condoleezza Rice. The former secretary of state’s consulting firm, RiceHadleyGates, has been advising the startup on management issues for the last year. Now she’ll help the company think about such matters as international expansion and privacy, an issue that dogs every cloud company in the age of Edward Snowden and the NSA. “As a country, we are having a great national conversation and debate about exactly how to manage privacy concerns,” Rice says about her new position. “I look forward to helping Dropbox navigate it.”

Rice joining Dropbox is the insult, not the injury, which is in the firm's DNA: customer privacy as a feature, not a principle.






09 Apr 22:13

How To Find Out Which Foods Are Making You Sick

by Amy Shah MD

How To Find Out Which Foods Are Making You Sick

Although food allergies are still rare (affecting about five percent of the population), food intolerances are quite common. I see patients for food intolerances every day with symptoms like constipation, difficulty swallowing, heart burn, bloating, and headaches. But how do you figure out which foods might be affecting you?

For many allergic and food intolerance issues, I ask patients to go on a food restriction diet ranging from one week to one month. After following this plan, many of them experience weight loss, fewer menopausal or PMS symptoms, a decrease in acid reflux, better energy, better sleep, a clearer complexion, and more. Even I was surprised at first.

After seeing so many of my patients experiencing these positive side effects, I decided to try it myself. One month later, I concluded that I was going to take out some of these foods for good because I was feeling so fantastic. It's important to note, however, that food allergies and food intolerances are two very different things.

Food Allergy vs. Food Intolerance

A food allergy is an immediate immune reaction usually resulting in throat tightening, hives, and even anaphylaxis. Even a microscopic amount can elicit a life-threatening reaction. If you think you have a food allergy, consult a doctor and do not try to diagnose yourself.

A food intolerance is usually a delayed reaction that can cause intestinal issues or other symptoms. This is an area where much research is being conducted about the immune system and other mechanisms. In fact, we are finding more and more conditions that are affected by the food we eat. So, in short, these food intolerances can be causing all kinds of symptoms that range from headaches to bloating.

To figure out what food intolerances you may have, I have an eight step food elimination plan that you can do yourself. This is really is the gold standard—even better than those expensive blood tests. In fact, blood testing for food intolerances is not FDA approved and research on any type of food intolerance blood testing is controversial at best.

Remember, because these foods the most common culprits, the FDA requires labeling of these food groups by all manufacturers. Therefore, except for corn and additives, you will always be able to read labels to identify hidden sources of these foods.

  1. Try to stay off dairy, wheat, soy and eggs for 2-3 weeks. This includes yogurt, cheese, whey, and processed foods with eggs as an ingredient.
  2. Add them back one item at a time separated by 3 days.
  3. Then, remove peanuts, shellfish, corn for 2-3 weeks. Remember to read labels and ask for ingredients at restaurants.
  4. Add them back one item at a time separated by 3 days.
  5. Remove tree nuts (i.e. almonds, walnuts, cashews), and all fish for 2-3 weeks.
  6. Add them back one item at a time separated by 3 days.
  7. Eliminate any foods or drinks with preservatives such as MSG, artificial sugars, and artificial dyes for 1 week. This is probably the hardest part because it includes sodas, most alcoholic drinks, and snacks, but it's only a week!
  8. Add back each (if you want) separated by 3 days.

Now you are done! You should permanently remove the foods that caused your symptoms such as bloating, joint pain or swelling, brain fog, or constipation.

The theory behind this plan is that certain foods cause inflammation of the intestines, joints, or stomach. Now if you add the offending food back, you will notice that your symptoms are back, sometimes with a vengeance!

Usually, I find that it takes at least 2 weeks to notice any difference in your symptoms. That's way we try avoidance for 2-3 weeks. In fact, the longer you do avoidance the better the results. Food additives and preservatives usually don't even take that long.

If you think you may have a life threatening allergy or you are still confused, visit a board certified allergist immediately. But if you are able to identify your food triggers that cause uncomfortable issues, your body with thank you.

Amy Shah MD is a physician, Board Certified In Internal Medicine and Allergy Immunology.


Image remixed from ayelet-keshet (Shutterstock) and moonkin (Shutterstock).

Want to see your work on Lifehacker? Email Andy.

09 Apr 22:13

LastPass Now Tells You Which Heartbleed-Affected Passwords to Change

by Whitson Gordon

LastPass Now Tells You Which Heartbleed-Affected Passwords to Change

This week, a giant security hole came to light that affects a large portion of the internet. As different sites recover, you'll need to change your passwords, and now LastPass tells you when to do so.

Due to the nature of the Heartbleed bug (read more here), you'll need to wait until affected sites update their infrastructure before you change your passwords. LastPass' ever-useful Security Check tool now includes recommendations for Heartbleed, letting you know which sites have closed the hole, when, and if you should update yet.

To run the tool, just click on the LastPass extension and head to Tools > Security Check. After running the tool, you'll get the results (shown above) so you know what passwords to change. Hit the link to read more.

LastPass Now Checks If Your Sites Are Affected by Heartbleed | LastPass Blog

09 Apr 22:12

Use Google Maps Instead of Bing for Contacts in Outlook

by Rob Rogers

Use Google Maps Instead of Bing for Contacts in Outlook

Among its many awesome features, Microsoft Outlook allows you to easily map a contact's address using Bing Maps, making it simple to find their location. If you would rather use Google Maps instead, a simple registry edit will fix that.

Here's what you need to do:

  1. Close Outlook, open up the start menu, and type regedit. Press Enter to open the Registry Editor.
  2. If you're using Outlook 2010, go to: HKEY_CURRENT_USER\Software\<wbr>Microsoft\Office\14.0\Outlook\Options\General If you're using Outlook 2013, go instead to: HKEY_CURRENT_USER\Software\<wbr>Microsoft\Office\15.0\Outlook\Options\GeneralIf the key does not exist, create it by clicking on its parent folder and going to New > Key.
  3. In the right-hand pane, right-click on an empty space and go to New > String Value. Name it MapScriptURL.
  4. Double-click on the MapScriptURL key and give it this value: http://maps.google.com/?q=<0s>, <1s>, <2s>, <3s>, <4s>
  5. Close the Registry Editor, re-open Outlook, and try to map a contact. If all goes well, it should use Google Maps.

If you want to switch back to Bing Maps at any time, just follow the above steps using this value in step 4: http://www.bing.com/maps/?where1=<0s>, <1s>, <2s>, <3s>, <4s>

09 Apr 22:10

Automattic Acquires Longreads, The App For Discovering And Reading Long-Form Content Online

by Colleen Taylor
mark-armstrong1 Automattic, the parent company of WordPress.com, has acquired Longreads, the platform for discovering and reading long-form writing content on the web. Financial terms have not been disclosed. In an email to TechCrunch, Longreads founder and CEO Mark Armstrong (pictured here) said that the Longreads service will continue to function exactly as it did before the acquisition. Joining Automattic, he… Read More