It marks the first case of Heartbleed actually being used to hack companies
The infamous Heartbleed Internet security flaw that exposed half a million secure servers to password theft was used by Chinese hackers to steal data from American hospitals, according to a report.
Citing anonymous sources, the data security company TrustedSec told TIME Wednesday that the Heartbleed vulnerability allowed hackers to steal secret keys used to encrypt user names, passwords and other information from Community Health Systems, the second-biggest for-profit U.S. hospital chain. They then used the keys to swipe 4.5 million patients’ data. The attack marks the first known breach of a company by hackers using Heartbleed.
Community Health Systems, which operates 206 hospitals in 29 states, said in an SEC filing Monday that the attackers bypassed its security systems and stole data that included birth dates, names, social security numbers and addresses for 4.5 million patients.
“The initial attack vector was through the infamous OpenSSL “heartbleed” vulnerability which led to the compromise of the information,” TrustedSec said in a blog post. TrustedSec cited three “trusted” and anonymous sources close to the Community Health investigation.
Though the recent attack on Community Health Systems is the first that’s known to have used the Heartbleed vulnerability, it is likely just one of many instances that did, security experts said. Hackers had a wide window for mischief in the period between Heartbleed’s disclosure in early April and companies’ installation of patches to defense against the exploit, which in some cases took days or weeks.
“You had a lag time of a week to several weeks before patches were implemented, so if attackers were scanning companies, there must have been countless situations where hackers used Heartbleed to gain access,” TrustedSec CEO David Kennedy said. “This is just the beginning of many that have either not been discovered, or cases in which companies are working on responding and disclosing now.”
Kennedy said the hospital incursion happened about a week after Heartbleed was first made public.
Most of the well-known attacks attributed to Chinese hackers have targeted valuable intellectual property, particularly telecommunications or defense companies, or large industrial companies. But the recent attack against Community Health instead targeted social security numbers and customer data, signifying a different approach by Chinese cyber criminals, if the attacks indeed came from China.
“The attack against Community Health Systems might not have been for espionage or industrial espionage,” said Nir Polak, the co-founder of security company Exabeam. “The attackers might have just wanted to monetize on cybercrime,” Polak said, which is often the goal of non-governmental cybercrime groups.
Forget curved displays and head-tracking cameras. The award for this year’s most interesting phone goes to the Sharp Aquos Crystal, which has practically no bezel around the sides or top of the display.
We’ve seen bezels get narrower over the years — the LG G3’s side bezels are particularly slim — but no one’s managed to remove them completely until now. With the exception of the extra-large chin on the bottom of handset, the Aquos Crystal is nearly all screen.
And oddly enough, Sprint and Sharp aren’t using this neat trick to justify jacked up prices. The Aquos Crystal is a mid-range device, and it’s priced like one at $240 off-contract.
That price gets you a 5-inch, 720 display, a 1.2 GHz quad-core processor, 1.5 GB of RAM, 8 GB of storage, a microSD card slot, an 8-megapixel rear camera and a 2-megapixel front camera. (Sharp also makes a high-end Aquos Crystal with a larger display and faster processor, but there’s no word on a U.S. launch.)
Removing the bezels does have a couple of inherent drawbacks. Because there’s no room above the screen for a front-facing camera, Sharp had to put it in an awkward spot on the bottom bezel. The lack of top bezel also precludes a proximity sensor to detect when you’re holding the phone up to your ear. As The Verge reports, the phone’s display simply locks up when you’re on a call.
In other words, going bezel-free might not be the course of action for most handset makers — at least not until they can solve the above issues (or until people stop taking selfies). But as a one-off way to stand out from dozens of similar-looking phones, the Aquos Crystal will be tough to beat.
“Earn extra money simply by doing the things you do every day!”
Let’s be honest: You have good reason to be skeptical of “free money” claims. But there really are a small handful of legitimate advertising-powered smartphone apps that offer you money in exchange for being able to advertise to you.
That’s right, the following three apps won’t save you money — they’ll actually pay you money. None of them will make you a millionaire, but they could put an extra $20 or more in your pocket each and every month. And that’s not too bad just for playing around with your smartphone, right?
Would you subject yourself to extra advertising if it meant more money in your pocket? If the concept seems appealing to you, check out the Android app Fronto.
Fronto works by placing ads and curated links to content on your smartphone’s lock screen. Every time you interact with this content, you earn points. Unlock your phone while an advertisement is being shown, for example, and you might earn 20 points. Download an app that Fronto suggests for you, and you might earn 100 or more. Fronto also doles out points for referring friends.
Points do take a while to accumulate, especially if you don’t take Fronto up on any of its special offers. But that’s okay – here, it’s worth the effort. Every 25,000 points can be exchanged for $10 in cold, hard cash, payable directly to your PayPal account.
Want to take your earnings beyond the lock screen? Then check out Perk, a series of apps, browsers, search tools and more that converts virtually everything you do on your phone into points, redeemable for cash.
There are a lot of different apps in the Perk universe: Perk Shopping, Perk Search, Perk Screen, Perk Browser, Perk TV and Perk Pop Quiz. Each offers a function along with a small reward for using it. Search using Perk and you’ll get a few points. Watch an ad on Perk TV and you’ll get a few more. Buy something on 1-800-Flowers and other similar retailers via the Perk Shopping app and you’ll earn a ton.
Like with Fronto, Perk points can be redeemed for cash via PayPal. You’ll get the most bang for your points by redeeming them for gift cards instead. Minimum payouts with Perk are $5.
You can find out more about and download the Perk family of apps at Perk.com.
Walking around your local mall may be a good way to get a little extra exercise, but it can also be a way to get a little bit of extra money, too. That’s the idea behind Shopkick, an app that rewards you simply for visiting stores.
When you open the Shopkick app at your local mall (or really, whenever), you can see a list of nearby stores that are willing to offer you “kicks” (points) just for walking through the doors. Most of the stores tempting you with points are the type you might walk into anyway, like Walmart, Macy’s, Target or Crate & Barrel. Once you’re in the store, the app might offer you a few challenges (e.g., find and scan a certain item) to earn bonus points. You can even link a credit card to the app to earn points for completing a purchase in-store.
You can rack up enough points to get a reward in a single trip, given the right mall. The minimum reward with Shopkick is a $2 Target gift card, yours for redeeming just 500 points.
This article was written by Fox Van Allen and originally appeared on Techlicious.
More from Techlicious:
The Big Tab is aiming to replace video game consoles and TVs for kids' entertainment
Family game night is going digital — a new super-sized tablet for kids is aiming to replace the classic board game, the Xbox and maybe even the television.
The Big Tab, developed by fast-growing startup Fuhu, boasts a massive screen of either 20 or 24 inches, depending on the model. That’s a big jump from the company’s popular Nabi 2 tablet, which has a seven-inch screen. But Fuhu founder Robb Fujioka says the big screen size will encourage children to collaborate and socialize when they use their device, rather than tuning out the rest of the world.
To make the tablet into a social hub, Fuhu has developed a large suite of multiplayer games, from classics like checkers and Candyland to internally developed titles. A feature called “Story Time” offers 35 interactive e-books that utilize animated illustrations. Kids can also utilize video editing software, a Pandora-like radio service and educational software.
There are also tools for adults on the Android-powered device. A separate Parent Mode allows adults to download apps from the Google Play or Amazon stores. Parents can also set limits on which apps their children can access and for how long they can use them. Like Fuhu’s other devices, the Big Tab also boasts a virtual currency system that lets parents pay their kids when they complete chores or use educational apps for a certain amount of time.
The device, which also lets parents track their kids’ usage patterns, could appeal to adults looking to guide their children toward more productive forms of entertainment. Fujioka says he replaced the television in one of his children’s rooms with the Big Tab and uses it to keep track of whether his kid is playing educational games or watching Netflix. “It’s not just a boob tube,” he says. “It’s an interactive device.”
Though the tablet market is only a few years old, the devices have been embraced by parents in a big way. Tablet usage among children between ages two and 12 increased from 38% to 48% over the last year, according to research firm NPD. Juli Lennett, head of the toys division at NPD, said it’s a combination of safety, durability and kid appeal that has led to the quick popularity of children’s tablets. “When the price point is $99, on top of being a real functional tablet, these additional features are tough to beat,” Lennett told TIME via email.
The challenge for Fujioka and Fuhu will be convincing parents to pony up for a high-end tablet. The Big Tab will cost $449 for the 20-inch model and $549 for the 24-inch when it launches this fall, far more than the $180 the Nabi 2 goes for. And while the larger size means the Big Tab can be used by multiple people at once, it also makes the device less portable than its smaller cousins, eliminating one of the original selling points of the tablet form factor. “The beauty of these tablets is you throw them in your bag and you go,” says Gerrick Johnson, an equity research analyst at BMO Capital Markets who follows the toy industry. “A [24-inch] tablet becomes a little more difficult.”
Still, Fuhu is well positioned to prove skeptics wrong. The company sold 1.5 million of its normal-sized kids’ tablets in 2013, says Fujioka. This year, Fuhu is leading the children’s tablet market in the U.S., according to NPD, beating out competitors like Samsung and KD interactive. The question now is whether others will follow their lead in developing kids’ devices that cost as much as an iPad or a video game console.
“We think there’s a big market out there,” Fujioka says. “We believe we’re defining a new category of tablet products for the family.”
We’re almost to the point, technologically, where you won’t have to remember a single thing.
This newfangled padlock — called Noke — has no keys, keyhole or combination for you to remember, instead relying on your iOS or Android device to unlock it via Bluetooth. Get within 10 feet of the thing, keep your phone in your pocket and you’ll be able to unlock it. You can share access with other people as well, turn off the auto-unlock-within-10-feet feature and receive alerts whenever Noke is unlocked by someone else.
“But what if I lose my phone?!” you bellow, your face red with Internet nerd rage, your hammy fists pounding against your desk until they leave C-shaped sweat rings. You can unlock the lock by pumping the doohickies in a Morse code-like fashion you set in advance, like so:
The padlock has a battery, which lasts a year and can only be removed when the padlock’s unlocked. If you manage to run it dry, there’s an emergency backup feature as well. It’s water resistant, and there’s a special bike cable available for $20.
This is a Kickstarter project that’s been fully funded, with the promise of the padlocks being shipped out early next year. Early backers can get a padlock for $59; the final retail price is set to be around $89.
Hint: It does't go well for Mr. Brosnan.+ READ ARTICLE
Want to see Jimmy Fallon square off with James Bond actor Pierce Brosnan (playing as his digital Bond-ian self) in Nintendo’s Goldeneye 007? Wish granted for roughly two minutes if you click the video above.
It’s weird watching someone like Brosnan, who I’m guessing isn’t a routine gamer, play a game like Goldeneye 007 on national TV. And that’s the point: It gives you little sense of what it’s like to play a fan-beloved game plenty would call Rare’s magnum opus, but then you’re watching to see how merciless a relatively serious gamer like Fallon’s going to be (relatively merciless), whether Brosnan’s going to be a good sport about it (a very good one), and what the audience is going to make of Fallon’s trademark sputtering and faux-obsequiousness.
Why was Brosnan on Fallon last night? To talk up his new film, The November Man, a spy flick about an ex-CIA agent drawn into the thick of an agency coverup.
This is why mysterious tweets are showing up in your Twitter timeline
If you’ve noticed tweets from people you don’t follow popping up on your Twitter timeline, you’re not going crazy.
Twitter has updated its help document with information explaining why new tweets, in addition to sponsored tweets and ads, now show up in your timeline, in addition to the regular digest of tweets from Twitter accounts that you follow.
“When we identify a Tweet, an account to follow, or other content that’s popular or relevant, we may add it to your timeline. This means you will sometimes see tweets from accounts you don’t follow. We select each Tweet using a variety of signals, including how popular it is and how people in your network are interacting with it. Our goal is to make your home timeline even more relevant and interesting,” says the updated document.
Importantly, favoriting something is not the sole decider in whether the new tweet shows up on your timeline.
TIME could not immediately confirm with Twitter what, exactly, qualifies a tweet as “popular or relevant,” but it seems to involve how many retweets and favorites something gets–meaning that the once relatively impotent little star next to a tweet has just been given new–if rather ambiguous–life.
Security researchers in Michigan reveal vulnerabilities in crucial roadway infrastructure
In the 1969 classic The Italian Job, Michael Caine and crew commit a major gold heist by hacking into the traffic light system of Turin, Italy, to cause a massive traffic jam, giving the robbers a perfectly synced path to escape through the gridlock.
As it turns out, this piece of high-action Hollywood theatrics is not merely screenwriter fantasy. According to cyber security researchers at the University of Michigan, pulling off a caper like that wouldn’t even be difficult today.
“Our attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage,” writes the research team led by computer scientist J. Alex Halderman.
“With the appropriate hardware and a little effort, [a hacker] can execute a denial of service attack to cripple the ﬂow of trafﬁc in a city, cause congestion at intersections by modifying light timings, or even take control of the lights and give herself clear passage through intersections,” according to the researchers’ findings.
The Michigan team identified three main weaknesses in traffic control systems in the U.S.: use of unencrypted wireless communication signals, default usernames and passwords, and the use of a traffic controller—the machine that interprets sensor data and controls lights and walk signs, etc.—that is vulnerable to known hacks.
Traffic signals that were at first use isolated machines have evolved into the interconnected systems we have today, which facilitates big improvements in traffic flow and safety. Unfortunately, it also leaves traffic control systems vulnerable to a system-wide attack that would have been impossible in a pre-computerized era.
Researchers also identified some relatively easy fixes for the vulnerabilities they found, but added that “the real problem is not any individual vulnerability, but a lack of security consciousness in the field.”
Here’s a clip of the traffic hack scene from the 2003 remake of The Italian Job. Computers really have come a long way.
Just note the fine print: Limited-time promotions may lead to higher prices around the corner.
We have truly entered the Bizarro World of wireless service, in which carriers keep inventing new ways to slash prices instead of further gouging their customers.
Verizon and Sprint are the latest to retool their plans, with promotional pricing for the former and permanent price changes for the latter.
If you’re a new subscriber to Verizon on an individual plan, you can now get 2 GB of data, unlimited talk and unlimited text for $60 per month. And if you sign up for Verizon Edge, which lets you trade up to a new phone for free once per year, the plan drops to $50 (plus the monthly installments on the phone itself). Either way, the new plan is $30 cheaper than before.
Some caveats apply: Verizon says this pricing is “promotional,” but doesn’t say when the promotion will end. And it’s only good for single-line, 2 GB plans. If you need more data or more lines, you get the same pricing as before. Also, existing subscribers can only get the reduced pricing when they upgrade to a new phone.
As for Sprint, the carrier is offering new shared data plans that are cheaper in many scenarios than plans from AT&T and Verizon. Like its larger rivals, Sprint is offering a single bucket of data shared across all phones and tablets, but the baseline data prices are less expensive.
For instance, Sprint charges $100 per month for 20 GB of shared data, while AT&T and Verizon charge $150 per month for the same data allotment.
On top of that data charge, you also have to pay per line. If you’re going with a standard two-year contract and subsidized phone, Sprint’s per-line prices are the same as its rivals, at $40 per month.
Alternatively, you can pay the full price of the phone in monthly installments. This provides a discount on the per-line fee, and lets you trade up to a new phone for free every 12 months. AT&T and Verizon have an edge here, as they both charge $25 per line for plans with less than 10 GB, and $15 per line for plans with 10 GB or more. Sprint makes the $15/$25 cutoff at 20 GB, so its plans tend to work out best for families who need a lot of data.
To kick off the new family plans, Sprint is offering a promotion that waives all per-line fees “through 2015,” and tacks on another 2 GB for each line. That means you could put a family of five on a 20 GB plan and pay only $100 per month, and you’d actually have 28 GB to play with through next year. But you have to sign up by September 30, and the plan would increase to $175 per month starting in 2016.
If you’re wondering about Sprint’s “Framily” plans, which offered higher discounts as you added more people, Re/code reports that they’ll still be available. It’s just that Sprint won’t market them as much.
Sprint hasn’t been much of a competitor lately, even as T-Mobile, AT&T and Verizon all dropped prices to keep up with one another. But after abandoning its attempted T-Mobile takeover and bringing on a new CEO, it seems that Sprint is ready to rejoin the price wars. Things are only going to get weirder from here.