Facebook has disclosed the discovery of new accounts engaging in “inauthentic behavior,” according to newly released statements from the company. These accounts were present on both the Facebook and Instagram platforms, the oldest dating to early 2017 and the newest to May 2018. Facebook, which says it is still in the early stages of its investigation, explains that one page … Continue reading
Yesterday, an issue that’s been simmering below the surface of Steam for a few weeks came to a head: Unscrupulous developers were releasing games that contained dummy items masquerading as Team Fortress 2 and DoTA 2 rarities that sell for hundreds of dollars. Now Valve has addressed the issue.
Lyft has announced a new subscription called Personal Plan that enables frequent riders to lock in a specific price for a specific route. A rider who takes a car to work every morning, for example, can use the plan to make sure they’re paying the same rate every morning, making it easier to budget for the transportation. There’s one important … Continue reading
Eyes really do tell a story.
Using machine learning, earlier this year scientists discovered a connection between people’s personalities and their eye movements. They then deployed artificial intelligence to track and analyze the eye movements of 42 students. They announced the results last week.
Of course, the scientists found a correlation, because why wouldn’t AI figure out how predictable humans are?
The new technology can detect four of the “Big Five” basic personality traits: agreeableness, conscientiousness, extroversion, and neuroticism. It could not judge openness to experience.
The good news, according to one of the researchers, is that this finding could improve how humans and machines interact. If the machine can interpret what a person is like, the thought is, it can act accordingly. Read more…
The company borrowed $5m to keep the service running
In what amounts to one of the simplest but most baffling forms of social engineering, hackers from China have taken to sending CDs full of malware to state officials, leading the Multi-State Information Sharing and Analysis Center, a government security outfit, to release a warning detailing the scam.
The trick is simple: a package arrives with a Chinese postmark containing a rambling message and a small CD. The CD, in turn, contains a set of Word files that include script-based malware. These scripts run when the victims access them on their computers, presumably resulting in compromised systems.
“The MS-ISAC said preliminary analysis of the CDs indicate they contain Mandarin language Microsoft Word (.doc) files, some of which include malicious Visual Basic scripts,” wrote security researcher Brian Krebs. “So far, State Archives, State Historical Societies, and a State Department of Cultural Affairs have all received letters addressed specifically to them, the MS-ISAC says. It’s not clear if anyone at these agencies was tricked into actually inserting the CD into a government computer.”
While it should be obvious that you shouldn’t stick unrequested storage media into your computer, clearly this scam seemed feasible enough for someone to spend a little cash to make and ship these little CD ROMs. Now they just have to target victims who still use CD readers.
Today, we are happy to introduce support for the Web Authentication specification in Microsoft Edge, enabling better, more secure user experiences and a passwordless experience on the web.
With Web Authentication, Microsoft Edge users can sign in with their face, fingerprint, PIN, or portable FIDO2 devices, leveraging strong public-key credentials instead of passwords.
A web without passwords
Staying secure on the web is more important than ever. We trust web sites to process credit card numbers, save addresses and personal information, and even to handle sensitive records like medical information. All this data is protected by an ancient security model—the password. But passwords are difficult to remember, and are fundamentally insecure—often re-used, and vulnerable to phishing and cracking.
For these reasons, Microsoft has been leading the charge towards a world without passwords, with innovations like Windows Hello biometrics and pioneering work with the FIDO Alliance to create an open standard for passwordless authentication – Web Authentication.
We started this journey in 2016, when we shipped the industry’s first preview implementation of the Web Authentication API in Microsoft Edge. Since then, we have been updating our implementation to as we worked with other vendors and the FIDO alliance to develop the standard. In March, the FIDO Alliance announced that the Web Authentication APIs have reached Candidate Recommendation (CR) status in the W3C, a major milestone for the maturity and interoperability of the specification.
Authenticators in Microsoft Edge
Beginning with build 17723, Microsoft Edge supports the CR version of Web Authentication. Our implementation provides the most complete support for Web Authentication to date, with support for a wider variety of authenticators than other browsers.
Windows Hello allows users to authenticate without a password on any Windows 10 device, using biometrics—face and fingerprint recognition—or a PIN number to sign in to web sites. With Windows Hello face recognition, users can log in to sites that support Web Authentication in seconds, with just a glance.
Users can also use external FIDO2 security keys to authenticate with a removable device and your biometrics or PIN. For websites that are not ready to move to a completely passwordless model, backwards compatibility with FIDO U2F devices can provide a strong second factor in addition to a password.
We’re working with industry partners on lighting up the first passwordless experiences around the web. At RSA 2018, we shared a sneak peak of how these APIs could be used to approve a payment on the web with your face. Passwordless authentication experiences like this are the foundation of a world without passwords.
We’re excited to get implementation into the hands of more developers to see what you build. To get started with Web Authentication in Microsoft Edge, check out more information on our implementation in the Web Authentication dev guide, or install Windows Insider Preview build 17723 or higher to try it out for yourself!
– Angelo Liao, Program Manager, Microsoft Edge
– Ibrahim Damlaj, Program Manager, Windows Security
Windows 10’s antivirus does a good job overall, but it lets crapware through. A hidden setting intended for organizations will boost Windows Defender’s security, making it block adware, potentially unwanted programs, PUPs, or whatever you want to call this junk.
A new horror comic series called ‘Star Wars: Tales from Vader’s Castle’ will hit shelves this October.
The number of mobile payments users who tap to pay using a contactless payment solution provided by their mobile device’s maker will grow to 450 million people worldwide by 2020, according to a new forecast from Juniper Research. This includes mobile payment solutions like Apple Pay, Samsung Pay, Google Pay, and others. By this time, Apple Pay will have amassed the largest audience, with Apple accounting for 1 in 2 of these “OEM Pay” users globally – meaning those using wallets provided by the original equipment manufacturer, as opposed to a third-party app.
The forecast includes newcomers to the market, like Fitbit’s odd entry with Fitbit Pay, offered with select editions of its Versa smartwatch, for example. But not surprisingly, the analysts don’t believe these alternatives will amass much market share over the next few years.
“We believe that growth over the next five years will continue to be dominated by offerings from the major OEM players,” said the research’s author Nitin Bhas, referring to companies like Apple, Google, and Samsung. “Additionally, we now have the likes of Huawei Pay and Fitbit Pay launching in several markets; this is now included in Juniper’s contactless forecasts,” he noted.
By 2020, “OEM Pay” wallets will account for over $300 billion in transactions, representing 15 percent of the total number of contactless in-store transactions.
However, the contactless payments market will still be dominated by contactless card payments, not mobile wallets. Contactless card payments are most popular in parts of Asia, including China, where they account for nearly 55 percent of global contactless payments. Combined, all contactless payments in-store will reach $2 trillion by 2029, which is 15 percent of the total point-of-sale transactions.
Notably, contactless payments will exceed $1 trillion for the first time in 2018 – one year earlier than previously estimated.
Meanwhile, by 2022, Juniper forecasts nearly 10 billion mobile contactless ticketing transactions will take place, with North America leading other regions, followed by parts of Asia, including China.
What’s interesting about this new research report is that Apple Pay has such a large following, given how it’s Android-based smartphones, not iPhones, that dominate the worldwide smartphone market. Android’s scale is thanks to Google’s carrier partnerships and the lower cost of some Android phones, which have allowed Android to make inroads in developing regions as well. Android today accounts for around 85-86 percent of the global smartphone market, compared with Apple’s iOS’s 14-15 percent, according to various measurement firms.
Of course, Android has to contend with something Apple does not – OEMs like Samsung running their own mobile wallets to compete with Google Pay (previously called Android Pay.) That fragmentation could account for, in part, why Apple Pay will soon account for 1 out of every 2 contactless mobile wallet user.