- Verizon GALAXY S 4 bootloader unlocked before release -
rlocone shared this story from Android Community.
For those who have been following the ongoing news regarding Samsung’s GALAXY S 4 and the bootloader, we have good news. After AT&T’s model was found to be locked down tight a few developers quickly addressed the problem and hacked the bootloader on the GALAXY S 4. Now just days before Verizon‘s flavor hits the streets the same dev has already got custom recoveries up and running on the handset. Rejoice Android modders.
The popular developer Dan Rosenberg confirmed this should work on Verizon’s model but didn’t release the method so the carrier couldn’t close the loophole. Now that the phone is out and in the wild, shipping to those who’ve pre-ordered, and in the hands of a select few he’s already tested and confirmed the method works.
The news was announced yesterday on Twitter but Dan isn’t making too big of a deal over it. Once Verizon’s GALAXY S 4 goes up for sale Thursday, the 23rd, he’ll probably release a one-click unlock method for everyone to enjoy. From here we can load a custom recovery, hack our devices, flash CyanogenMod and other ROMs with ease. So this is certainly good news.
So for those who ordered the Verizon GS 4 and have one coming soon, or if you plan to run down Thursday to a local shop and get your own, you’ll be able to rest easy knowing the bootloader can be unlocked. For now at least. Most likely an update will be coming shortly that will close it. If rooting and unlocking the bootloader matters to you, you probably will want to wait on updates once you have the handset. Stay tuned and we’ll update once the details and method have been released.
– Thanks to all who sent this in!
- Busted: 5 Common Myths About Web Security -
rlocone shared this story from OpenDNS Blog - Latest Comments.
Despite your best efforts to educate employees on the hazards of the Web, does it still seem like there are a few users who end up clicking where they shouldn’t? There are many security myths that still get passed from user to user, rendering your education tactics less effective than you’d hope, and placing heavy responsibility for security on your malware protection solution, firewall and AV. We created this infographic to highlight the 5 troublesome myths that our friends who work in IT and security hear most often.
We hope you’ll share it with your users, and let us know your feedback in the comments. Hint: Click on the image for a full-size version.
- How Do I Know If My VPN Is Trustworthy? -
rlocone shared this story from Lifehacker.
I've read about why I really should use a VPN and I've been looking into different providers, but there's one thing I'm worried about. Can't a VPN provider just look at my traffic all they want and see what I'm doing? Don't I just have to trust them not to spy on me? If that's true, how do I pick one I can trust, when they can all see what I'm doing?
Watching the Watchers
Dear Watching the Watchers,
To a certain extent, you're right. You do have to trust that your VPN service provider has your best interests at heart, because you're relying on them to secure your connection, keep everything encrypted, and to protect your activity from prying eyes. You're connected to their network and their servers, and you have to trust that when they say your exit IP is in Sweden, for example, it really is and they're not just obfuscating something else. It's true—when you sign up for a VPN, you put a lot of trust in the company you sign up with.
Why Trust In Your VPN Provider Is Important
Not all VPN service providers are worth your trust. Some diligently log your connection times, dates, IP addresses, keep track of how long you're connected, and some even keep an eye on the types of traffic that you send through their networks while you're logged in. They'll tell you it's in order to make sure you're not doing anything illegal, or anything that would damage their network, but that level of snooping does kind of go against the whole purpose of a VPN, doesn't it?
The best ones keep as few logs as possible, and aren't interested in what you do while you're connected at all. Some don't even track when you're logged in or out, and even if they do have to keep some logs, they purge them periodically in order to protect your privacy. After all, the reason you pay for a VPN is for privacy and security, and if they keep their own data, they're the weak link in that chain. Here's are some tips on how to research a VPN and decide whether they're a good match for you.
Ask Yourself: What Are You Using a VPN For?
Whether you have a VPN provider already or you're searching for a good one, the first thing you should ask yourself is why you want one in the first place. Now, we've made the case for why most people should have one and what types of people need a VPN, but ultimately most needs boil down to two things: Security and privacy, or some combination of the two.
If security is all you're concerned with, and you have a VPN provided to you by your school or company, you're already set. In fact, almost any VPN will cover you from the security angle, because you're only really concerned about protecting your activity from prying eyes, presumably on the same network that you're on—like a hotel, coffee shop, or airport's free Wi-Fi. Of course, you still need to make sure that your VPN provider isn't just sniffing your traffic themselves and making themselves the security issue, but we'll get to that in a moment.
If privacy is your concern, you have more to consider. Privacy-minded VPN users have to trust that their provider isn't watching what they're doing or willing to roll over and hand off their activity, logs, and personal data to whoever comes calling with a fancy-looking letter written in legalese. They also have to worry about what information the VPN provider themselves are keeping, and whether that information can be turned against them, sold to third parties, used for marketing, or just kept forever just in case someone comes calling. In either case, all it takes to either allay your fears or warn you off of a VPN provider is a little research. Here's how to go about it.
Do Your Homework
Services we've mentioned, like previously mentioned HotSpot Shield, CyberGhost VPN, and HideMan, another service we like, are all great examples of free VPN providers that don't log, go out of their way to say so, and that support their free services by also offering premium and paid plans that offer more features (in the case of HotSpot Shieldf and CyberGhost) or more hours of use (in the case of Hideman).
Paid VPN providers are a different matter. Ideally, because you pay for their service, they should cater to both the privacy and security minded, but that's not true at all. Some providers are security minded, not privacy minded, and market themselves as such: You can use their services to stay safe online, but don't come with an expectation of privacy. If someone comes with a subpoena or a Cease and Desist, they'll cancel your account and turn over your data to whoever's asking for it, and they're not afraid to admit it. Here are some quick tips to help you research paid VPN services:
- Don't be afraid to ask outright. if you don't get the answer you want from simple searches, contact them and ask what their logging and data retention policies are. Again, this is something you'd want to do with premium providers more than free ones—you don't want to spend your money unless you're sure what you're getting.
- Don't fall for the geography trap. Some people swear only by VPN providers outside their country for privacy. They're convinced that their local laws are privacy unfriendly, or that a provider in their country can be manipulated by other companies, legal wrangling, or law enforcement, and they'll just roll over and hand off whatever private data they have on their users. Trust us: geography won't save you. Living under the assumption that because a VPN provider is in another country it's immune to your local laws or will defend you when pressured is a false sense of security.
Both law enforcement and private industry groups can exert authority and pressure anywhere in the world they choose, and in most cases they'll get the results they want if they push hard enough. Otherwise, they'll just pressure the government in that jurisdiction to act on their behalf. Put simply: Don't assume that because you live in the US and you use a VPN provider in The Netherlands that you're immune from the law, or that a VPN provider in your own country wouldn't fight harder for your privacy than one overseas. In some cases this is true, but logging, privacy policies, and the general philosophy of the company are generally more important than physical location. This thread at Wilder Security is essential reading on the topic.
- Pay attention to technology. When asked back in 2008 by CNET about WiTopia's privacy stance and technology, WiTopia president Bill Bullock explained that a number of single-server, fly-by-night VPN providers were beginning to pop up, making big privacy and security promises without actually having the technology to back them up. Since then, the number has only grown—it doesn't take much to set up a VPN concentrator anymore, and all it really takes is a few friends in a few different cities and countries willing to run their own servers to build a small network.
However, if the company doesn't have the right technology on the back-end, they could be putting both your security and your privacy at risk, or wind up being victims of data theft, hacking, or spying themselves. When you're researching VPN providers, make sure they're above board with the level of encryption they offer, the security features they provide, and are open about who's reviewed them and the press they've gotten. Then double-check those reviews and look for independent opinions of their service, just to be sure.
VPN services are thriving, and new subscriptions are big money. It's not uncommon for a VPN provider to play dirty, whitewash their issues, and put on a good face to attract customers. When we did our last Hive Five on VPN providers, we saw the ugly side of the business so clearly that we decided to do our own independent analysis to clear the air and make our own recommendations.
The best thing you can do is to take everything a provider themselves says with a grain of salt. If they're good, they'll back up their own claims, and welcome you to do as much additional research into them as you'd like. In addition to our guide to the topic, our friends at TorrentFreak recently updated their guide as well, and it's worth reviewing.
Take Matters Into Your Own Hands
VPNs aren't perfect. One thing you should always remember is that in general, traffic between your VPN exit node or exit server and your eventual destination is unencrypted—so while someone snooping on the other end may not get all the way back to your computer or location, if your data is unencrypted or sent in the clear (sites not using HTTPS, encrypted passwords, etc) it can be easily intercepted anyway. Using a VPN is no excuse for lax personal security.
Remember, whatever VPN provider you choose, you can always use additional privacy tools in conjunction with it. We've discussed some of those tools in detail, but it makes sense to keep them running. You could always combine services, like Tor and a VPN (although you really shouldn't use Tor for file-sharing traffic, if that's your goal) for extra anonymity, even if it doesn't offer any additional security. If you want to go that route, this thread at Wilder Security discusses the issue in detail. Similarly, TorrentFreak has an excellent guide to making your VPN even more secure.
Finally, you can always roll your own VPN if you have an always-on device at home, or a router that supports OpenVPN. You could even turn a $35 Raspberry Pi into a personal VPN you can connect to while you're on the go. Of course, this option is for the security-minded, not the privacy minded (as your traffic is only encrypted between a user and your home VPN server or personal router, and then unencrypted as it goes out to your ISP) but it's always an option, and add-ons like Privoxy (which we've shown you how to set up) can offer some anonymity for your home VPN.
We know it's a tricky topic, but you are right, Watching the Waters: Ultimately you have to trust your VPN provider has your best interests in mind, but the only way to get that level of trust is to do your homework, verify their promises and services are legit, and then take additional steps to protect yourself even if they're not, or they fail you somehow. There are good providers out there committed to your security and your privacy (we've mentioned some of them) that are worth your trust.
Have a question or suggestion for Ask Lifehacker? Send it to email@example.com.
- Make Password Management Easier on Android with These Tips -
rlocone shared this story from LastPass : The last password you'll have to remember.
A great question, since the mobile experience is inherently different than the desktop experience. Because the mobile platforms are more closed, we can't integrate into the mobile browsers and apps as easily. This means that LastPass can't "see" into those other browsers and apps in order to fill your data there, unless you're using Dolphin Browser or Firefox Mobile on Android, for which we do offer addons. The LastPass app does allow you to login, view your stored data, and tap an entry to launch it within the LastPass app, where LastPass can fill the data and you can login to your sites."I would like a lot more detail on how to make the LastPass Android app work with apps that require logons and passwords. I love how LastPass works on my laptop and desktop machines; using it here has been second nature to me. But I find myself logging onto my phone's LastPass app and cutting and pasting. Surely there's a better way?" - Keith K.
Copy-paste is one option for logging in on other apps or browsers. On Android, if you long-tap on a site entry in your LastPass app vault, you can choose the "copy username" or "copy password" options to then multitask back to another browser or app and paste there.There are, however, a few other alternatives on Android that may be more useful for your workflow.
LastPass Copy Notifications
There are two ways to activate the copy notifications:
- In the LastPass app, tap and hold on a site entry and select "copy notifications"
- The username and password fields will appear as notifications in your phone's notification bar
- Drag down the bar to tap the "copy username" notification
- Paste your username in the browser or app where you want to fill your data
- Repeat those copy-paste steps with the password
LastPass Input Method
The LastPass input method allows you to switch to a LastPass keyboard that has a special button for autofilling your passwords in other apps or browsers. To get started:
- Enable the LastPass Input method in your LastPass app Preferences menu
- Multitask to the app where you want to login
- Long-tap in the app field, and select "Input"
- Tap the LastPass option to switch your keyboard
- Tap the asterisk button in the keyboard to display any matching logins
- Select the entry you want to use, and submit the login for the app
We continue to look at ways to expand the feature set on mobile, and to expand integration with other browsers and keyboards (for example, we're waiting on Google to provide support for addons in Chrome mobile). Hopefully these tips will help improve your workflow on Android!
Have a question for the LastPass team? Let us know in comments or send us a note at marketing[at]lastpass.com. If we choose your question, you'll get a Tshirt!
- 8 Ways Hardware Manufacturers Are Deceiving You -
rlocone shared this story from How-To Geek.
Sure, everyone involved can come up with a variety of excuses — they aren’t technically misleading customers, it’s all in the fine print, and these are the standard ways the industry operates — but hardware has been advertised in many misleading ways.
We’re not the only ones calling these marketing gimmicks misleading. Some of these tricks have even been the subject of class-action lawsuits for misleading consumers. Today we will look at 8 ways hardware manufacturers attempt to pull the metaphorical wool over the consumer’s eyes.