Menu

Timesdelhi.com

May 26, 2019
Category archive

computing

Thousands of vulnerable TP-Link routers at risk of remote hijack

in california/computing/cybercrime/Cyberwarfare/Delhi/dns/dyn/gps/Hardware/India/Politics/Router/search engines/Security/spokesperson/telecommunications/United Kingdom/United States by

Thousands of TP-Link routers are vulnerable to a bug that can be used to remotely take control the device, but it took over a year for the company to publish the patches on its website.

The vulnerability allows any low-skilled attacker to remotely gain full access to an affected router. The exploit relies on the router’s default password to work, which many don’t change.

In the worst case scnario, an attacker could target vulnerable devices on a massive scale, using similar mechanism to how botnets like Mirai worked — by scouring the web and hijacking routers using default passwords like “admin” and “pass”.

Andrew Mabbitt, founder of U.K. cybersecurity firm Fidus Information Security, first discovered and disclosed the remote code execution bug to TP-Link in October 2017. TP-Link released a patch a few weeks later for the vulnerable WR940N router, but Mabbitt warned TP-Link again in January 2018 that another router, TP-Link’s WR740N, was also vulnerable to the same bug because the company reused vulnerable code between devices.

TP-Link said the vulnerability was quickly patched in both routers. But when we checked, the firmware for WR740N wasn’t available on the website.

When asked, a TP-Link spokesperson said the update was “currently available when requested from tech support,” but wouldn’t explain why. Only after TechCrunch reached out, TP-Link updated the firmware page to include the latest security update.

Top countries with vulnerable WR740N routers. (Image: Shodan)

Routers have long been notorious for security problems. At the heart of any network, any flaw affecting a router can have disastrous effects on every connected device. By gaining complete control over the router, Mabbitt said an attacker could wreak havoc on a network. Modifying the settings on the router affects everyone who’s connected to the same network, like altering the DNS settings to trick users into visiting a fake page to steal their login credentials.

TP-Link declined to disclose how many potentially vulnerable routers it had sold, but said that the WR740N had been discontinued a year earlier in 2017. When we checked two search engines for exposed devices and databases, Shodan and Binary Edge, each suggested there are anywhere between 129,000 and 149,000 devices on the internet — though the number of vulnerable devices is likely far lower.

Mabbitt said he believed TP-Link still had a duty of care to alert customers of the update if thousands of devices are still vulnerable, rather than hoping they will contact the company’s tech support.

Both the U.K. and the U.S. state of California are set to soon require companies to sell devices with unique default passwords to prevent botnets from hijacking internet-connected devices at scale and using their collective internet bandwidth to knock websites offline.

The Mirai botnet downed Dyn, a domain name service giant, which knocked dozens of major sites offline for hours — including Twitter, Spotify and SoundCloud.

Read more:

Backed by LG, AmazeVR is hoping to resurrect virtual reality’s consumer dreams

in AOL/ceo/chief technology officer/computing/content creators/Delhi/digital media/India/Kakao/Los Angeles/Netflix/new media/Politics/Smilegate Investment/TC/Technology/Training/video creators/Virtual Reality/virtual world/VR by

For over 100 years entrepreneurs have come to Hollywood to try their luck in the dream factory and build an empire in the business of storytelling.

Propelled by new technologies, new businessmen have been landing in Los Angeles since the invention of the nickelodeon to create a studio that would dominate popular entertainment. Over the past five years, virtual reality was the latest new thing to make or break fortunes, and the founding team behind the Korean company AmazeVR are the latest would-be dream-makers to take their turn spinning the wheel for Hollywood fortunes.

Despite billions of dollars in investment, and a sustained marketing push from some of the biggest names in the technology industry, virtual reality still doesn’t register with most regular consumers.

But technology companies keep pushing it, driven in part by a belief that maybe this time the next advancement in hardware and services will convince consumers to strap a headset onto their face and stay for a while in a virtual world.

There are significant economic reasons for companies to persist. Sales of headsets in the fourth quarter of 2018 topped 1 million for the first time and new, low cost all-in-one models may further move the needle on adoption. Hardware makers have invested billions to improve the technology, and they’d like that money to not go to waste. At the same time, networking companies are spending billions to roll out new, high speed data networks and they need new data-hungry features (like virtual reality) to make a compelling case for consumers to upgrade to the newer, more expensive networking plans.

Sitting at the intersection of these two market forces are companies like AmazeVR, which is hoping to beat the odds.

Founded by a team of ace Korean technologists who won fame and fortune as early executives of the multi-billion dollar messaging service Kakao (it’s the Korean equivalent of WhatsApp or WeChat), AmazeVR is hoping it can succeed in a marketplace littered with production studios like Baobab Studios, Here Be Dragons, The Virtual Reality Company, and others.

The company was formed and financed with $6.3 million from its founding team of Kakao co-founder and co-chief executive, JB Lee, who serves as Amaze’s chief product officer; its head of strategy, Steve Lee, AmazeVR’s chief executive; Jeremy Nam, the chief technology officer at AmazeVR and the former senior software engineer of Kakao; and finally, Steve Koo, who led KakaoTalk’s messaging team and is now head of engineering at AmazeVR.

“What we saw as the problem is the content creation itself,” says Lee.

Encouraged by the potential uptake of the Oculus Go and spurred on by $7 million in funding led by Mirae Asset Group with participation from strategic investors including LG Technology Ventures, Timewise Investment, and Smilegate Investment, AmazeVR is looking to plant a flag in Hollywood to encourage producers and content creators to use its platform and get a significant library of content up and running. 

For LG, it’s strategically important to get some applications up on its newly launched 5G subscription network back in Korea, and AmazeVR is already rolling up new content for its VR platform.

In fact, AmazeVR has already partnered with LG U+, the telecommunications network arm of LG to produce virtual reality content. LG U+ will host AmazeVR content on its service use the company’s proprietary content generation tools to make VR production easier as it looks to roll out 1500 new pieces of virtual reality “experiences”.

AmazeVR sells its content as a $7 per-month subscription, with 3 month bundles for $18 and 6 month bundles for $24. So far, they’ve got more than 1,000 subscribers and expect to add more as consumers start opening their wallets to pick up more devices. The company already has 20 different interactive virtual reality experiences available and is in Los Angeles to connect with top talent for additional productions, the company said.

“We believe cloud-based VR is the future, and AmazeVR has developed elegant technology that enables users to create and share interactive content very easily,” said Dong-Su Kim, CEO of LG Technology Ventures, in a statement. “We are incredibly excited about how the AmazeVR platform will enable innovative, quality content to be generated at unprecedented scale and speed.”

AmazeVR uses a proprietary backend to stitch 360-degree video and provide editing and production tools for content creators in addition to building its own cameras for video capture, the company said.

As it builds out its library, AmazeVR is giving video creators a cut of the sales from the company’s subscriptions and individual downloads of their virtual reality experiences.

“We see no reason that VR content shouldn’t be compelling enough to support a Netflix model. To get there, we must devise mechanisms to inspire, assist, and reward content creators,” said Steve Lee, CEO of AmazeVR. “Our approach, commitment to quality, industry-leading technology, and strategic investors provide a path forward to make VR/AR the next great frontier for entertainment and personal displays.”

Microsoft makes a push for service mesh interoperability

in alpha/Cloud/cloud computing/cloud infrastructure/computing/Delhi/Docker/encryption/Enterprise/Google/HashiCorp/IBM/India/Istio/Kubernetes/Linkerd/Lyft/micro services/microservices/Microsoft/Politics/red hat/TC/vmware by

Services meshes. They are the hot new thing in the cloud native computing world. At Kubecon, the bi-annual festival of all things cloud native, Microsoft today announced that it is teaming up with a number of companies in this space to create a generic service mesh interface. This will make it easier for developers to adopt the concept without locking them into a specific technology.

In a world where the number of network endpoints continues to increase as developers launch new micro-services, containers and other systems at a rapid clip, they are making the network smarter again by handling encryption, traffic management and other functions so that the actual applications don’t have to worry about that. With a number of competing service mesh technologies, though, including the likes of Istio and Linkerd, developers currently have to chose which one of these to support.

“I’m really thrilled to see that we were able to pull together a pretty broad consortium of folks from across the industry to help us drive some interoperability in the service mesh space,” Gabe Monroy, Microsoft’s lead product manager for containers and the former CTO of Deis, told me. “This is obviously hot technology — and for good reasons. The cloud-native ecosystem is driving the need for smarter networks and smarter pipes and service mesh technology provides answers.”

The partners here include Buoyant, HashiCorp, Solo.io, Red Hat, AspenMesh, Weaveworks, Docker, Rancher, Pivotal, Kinvolk and VMWare. That’s a pretty broad coalition, though it notably doesn’t include cloud heavyweights like Google, the company behind Istio, and AWS.

“In a rapidly evolving ecosystem, having a set of common standards is critical to preserving the best possible end-user experience,” said Idit Levine, founder and CEO of Solo.io. “This was the vision behind SuperGloo – to create an abstraction layer for consistency across different meshes, which led us to the release of Service Mesh Hub last week. We are excited to see service mesh adoption evolve into an industry level initiative with the SMI specification.”

For the time being, the interoperability features focus on traffic policy, telemetry and traffic management. Monroy argues that these are the most pressing problems right now. He also stressed that this common interface still allows the different service mesh tools to innovate and that developers can always work directly with their APIs when needed. He also stressed that the Service Mesh Interface (SMI), as this new specification is called, does not provide any of its own implementations of these features. It only defines a common set of APIs.

Currently, the most well-known service mesh is probably Istio, which Google, IBM and Lyft launched about two years ago. SMI may just bring a bit more competition to this market since it will allow developers to bet on the overall idea of a service mesh instead of a specific implementation.

In addition to SMI, Microsoft also today announced a couple of other updates around its cloud-native and Kubernetes services. It announced the first alpha of the Helm 3 package manager, for example, as well as the 1.0 release of its Kubernetes extension for Visual Studio Code and the general availability of its AKS virtual nodes, using the open source Virtual Kubelet project.

 

Chat app Line is adding Snap-style disappearing stories

in Apps/Asia/computing/Delhi/Facebook/food delivery/India/Indonesia/instagram/Japan/japanese/Media/messaging apps/Messenger/operating systems/photo sharing/Politics/Snap/snap inc/social media/social network/Software/taiwan/Thailand/United States/WhatsApp by

Facebook cloning Snap to death may be old news, but others are only just following suit. Line, the Japanese messaging app that’s popular in Asia, just became the latest to clone Snap’s ephemeral story concept.

The company announced today that it is adding stories that disappear after 24-hours to its timeline feature, a social network like feed that sits in its app, and user profiles. The update is rolling out to users now and the concept is very much identical to Snap, Instagram and others that have embraced time-limited content.

“As posts vanish after 24 hours, there is no need to worry about overposting or having posts remain in the feed,” Line, which is listed in the U.S. and Japan, wrote in an update. “Stories allows friends to discover real-time information on Timeline that is available only for that moment.”

Snap pioneered self-destructed content in its app, and the concept has now become present across most of the most popular internet services in the world.

In particular, Facebook added stories to across the board: to its core app, Messenger, Instagram and WhatsApp, the world’s most popular chat app with over 1.5 billion monthly users. Indeed, Facebook claims that WhatsApp stories are used by 500 million people, while the company has built Instagram into a service that has long had more users than Snap — currently over one billion.

The approach doesn’t always work, though — Facebook is shuttering its most brazen Snap copy, a camera app built around Instagram direct messages.

China’s top chat app WeChat added its own version earlier this year, and while it said in its earnings this week that users upload “hundreds of millions of videos each day” to its social platforms, it didn’t give numbers on its Snap-inspired feature.

Line doesn’t have anything like the reach of Facebook’s constellation of social apps or WeChat, but it is Japan’s dominant messaging platform and is popular in Thailand, Taiwan and Indonesia.

The Japanese company doesn’t give out global user numbers but it reported 164 million monthly users in its four key markets as of Q1 2019, that’s down one million year-on-year. Japan accounts for 80 million of that figure, ahead of Thailand (44 million), Taiwan (21 million) and Indonesia (19 million.)

While user growth has stagnated, Line has been able to extract increase revenue. In addition to a foray into services — in Japan its range covers ride-hailing, food delivery, music streaming and payments — it has increased advertising in the app’s timeline tab, and that is likely a big reason for the release of stories. The new feature may help timeline get more eyeballs, while the company could follow the lead of Snap and Instagram to monetize stories by allowing businesses in.

In Line’s case, that could work reasonably well — for advertising — since users can opt to follow business accounts already. It would make sense, then, to let companies push stories to users that opted in follow their account. But that’s a long way in the future and it will depend on how the new feature is received by users.

Reality Check: The marvel of computer vision technology in today’s camera-based AR systems

in animation/AR/ar/vr/Artificial Intelligence/Augmented Reality/Column/Computer Vision/computing/Delhi/Developer/digital media/Gaming/gif/Global Positioning System/gps/India/mobile phones/neural network/Politics/starbucks/TC/Virtual Reality/VR by

British science fiction writer, Sir Arther C. Clark, once said, “Any sufficiently advanced technology is indistinguishable from magic.”

Augmented reality has the potential to instill awe and wonder in us just as magic would. For the very first time in the history of computing, we now have the ability to blur the line between the physical world and the virtual world. AR promises to bring forth the dawn of a new creative economy, where digital media can be brought to life and given the ability to interact with the real world.

AR experiences can seem magical but what exactly is happening behind the curtain? To answer this, we must look at the three basic foundations of a camera-based AR system like our smartphone.

  1. How do computers know where it is in the world? (Localization + Mapping)
  2. How do computers understand what the world looks like? (Geometry)
  3. How do computers understand the world as we do? (Semantics)

Part 1: How do computers know where it is in the world? (Localization)

Mars Rover Curiosity taking a selfie on Mars. Source: https://www.nasa.gov/jpl/msl/pia19808/looking-up-at-mars-rover-curiosity-in-buckskin-selfie/

When NASA scientists put the rover onto Mars, they needed a way for the robot to navigate itself on a different planet without the use of a global positioning system (GPS). They came up with a technique called Visual Inertial Odometry (VIO) to track the rover’s movement over time without GPS. This is the same technique that our smartphones use to track their spatial position and orientation.

A VIO system is made out of two parts.

1 2 3 58
Go to Top