3.1 C
London
Friday, November 17, 2017
Home Tags Windows Phone

Tag: Windows Phone

The HP Elite x3 happens to be a pretty nice phone if you're into platforms with no future.
Do third-party apps for infotainment systems matter? We ask a developer.
Tweets over the weekend confirm what we long suspected.
Windows could for the first time ever have a bunch of apps that actually look good.
New "design system" will span everything from phones to virtual reality.
You're not high; original game's "definitive edition" lands on Steam on 4/20 for $19.99.
One really addictive facet of Apple’s device ecosystem is how they work together.

AirDrop lets you move files and other data from a Mac to an iPad to an iPhone, in any combination of directions. Your Apple Watch can unlock your Mac.

Any Apple device can control a Keynote presentation on any other Apple device.

Apple’s Handoff lets you start work on one Apple device and pick up where you left off on another.

Bookmarks, contacts, email settings, passwords, and even credit card details can be synced automatically across all your devices. Windows 10 was supposed to do the same, relying on Windows Phones to be take the role of the iPhone in this fluid ecosystem.

But Windows Phone (renamed Windows Mobile) is in cryogenic suspension, waiting for a future miracle cure to bring it back to life.

Thus, Microsoft’s ambitions to copy Apple’s liquid computing have gone unrealized.To read this article in full or to leave a comment, please click here
The taskbar is getting ever so monochrome—even as apps are looking more exciting.
A sizable and dormant Twitter botnet has been uncovered by two researchers from the University College London, who expressed concern about the possible risks should the botmaster decide to waken the accounts under his control. Research student Juan Echeverria Guzman and his supervisor and senior lecturer at the college Shi Zhou told Threatpost that the 350,000 bots in the Star Wars botnet could be used to spread spam or malicious links, and also, more in line with today’s social media climate, start phony trending topics, attempt to influence public opinion, or start campaigns that purport a false sense of agreement among Twitter users. Compounding the issue is a larger botnet of more than a half-million bots that the researchers have uncovered since their initial research.

That research, the two academics said, will be shared in a future paper.
In the meantime, the Star Wars botnet dataset is available for study; the researchers said the data is tens of times larger than any public collection on Twitter bots. The researchers also said they have not shared their data with Twitter yet because they are waiting for their current research to be approved in a scientific journal. “We would also like to give researchers a chance to get the dataset by themselves before they are gone, this is why we have not reported to Twitter directly, but we will as soon as the paper gets accepted,” Echeverria Guzman said. A request to Twitter for comment was not returned in time for publication. The researchers said the botnet was created in 2013 and has remained hidden since then with relatively little activity.

The mundane pace at which the bots tweeted seemed automated and intentional, the researchers said. Most of the content are benign quotes from Star Wars novels and do not include URLs, giving the tweets the appearance of real human language as a means of side-stepping bot detection services.

The user profiles behind the bots also used tactics that would not trigger alerts, such as having real profile pictures. “All the accounts were created in a short window of time, less than two months.

They all behave in exactly the same way, quoting Star Wars novels including the same hashtags (and adding random hashtags to the quote),” Echeverria Guzman said. “All of their tweets are marked as coming from ‘Windows Phone,’ which means that they are likely to be controlled by the API instead of the Twitter site.

For reference, that source accounts for less than 0.1% of tweets normally.” The clincher, however, connecting the hundreds of thousands of bots to the same network comes in the geographic distribution of the host accounts.

Tweets were tagged with geographic locations which, when mapped, fall within neat rectangles plotted over North America and Europe.

The tweets are distributed within the rectangles, even in uninhabited areas.

The researchers describe the plotting in the paper: “These rectangles have sharp corners and straight borders that are parallel to the latitude and longitude lines. We conjectured that the figure shows two overlapping distributions. One is the distribution of tweets by real users, which is coincident with population distribution.

The other is the distribution of tweets with faked locations by Twitter bots, where the fake locations are randomly chosen in the two rectangles – perhaps as an effort to pretend that the tweets are created in the two continents where Twitter is most popular.” Echeverria Guzman said the split between the two rectangles is exactly 50 percent and the tweets are uniform throughout the rectangle. “All of this is almost impossible to have originated from normal users,” he said. The researchers point out previous work demonstrating how Twitter bots have been able to abuse Twitter’s streaming API.

Bots, the researchers said in their paper, are programmed to time tweets so that they are included in the streaming API as much as 82 percent of the time versus the expected 1 percent. “If and when these bots are activated, they can do all of the threats as listed above—but on a large scale with a sudden effect,” Zhou said. “For example it is known that the Streaming API is susceptible to tampering by bots.

The size of the Star Wars botnet is clearly enough to contaminate the Twitter API and the Twitter environment itself, particularly if focused on a single topic. “In other words, it is scary to know there are bad guys and see the terrible things that they have been doing; yet it is much more scary to know there are a lot of bad guys around, but we have no idea what they are up to.” The researchers said they hope others download and analyze the available data.

They’ve also created a Twitter account, @thatisabot, and website, where bots can be reported.
Computer researchers uncover yuuuge dormant army Computer boffins Juan Echeverria and Shi Zhou at University College London have chanced across a dormant Twitter botnet made up of more than 350,000 accounts with a fondness for quoting Star Wars novels. Twitter bots have been accused of warping the tone of the 2016 election. They also can be used for entertainment, marketing, spamming, manipulating Twitter's trending topics list and public opinion, trolling, fake followers, malware distribution, and data set pollution, among other things. In a recently published research paper, the two computer scientists recount how a random sampling of 1 per cent of English-speaking Twitter accounts – about 6 million accounts – led to their discovery. Pursuing an unrelated inquiry, the researchers were examining the geographic distribution of 20 million tweets with location tags in the dataset of 843 million tweets from the account sample, and they noticed an unusual distribution pattern. Some accounts followed the expected distribution pattern, which coincides with population centers in America and Europe. But another set of accounts showed random distribution within those areas, often resulting in tweets from unlikely places such as seas, deserts, and the Arctic. Blue dots at edge of box over Europe, barely visible after image compression, show Star Wars bots When the researchers manually examined the text of these tweets, they found the majority of them consisted of random excerpts from Star Wars novels, and that many of them started or ended with an incomplete word or included a randomly placed hashtag. For example: Luke's answer was to put on an extra burst of speed. There were only ten meters #separating them now. If he could cover t "This quote was from the book Star Wars: Choices of One, where Luke Skywalker is an important character," the paper explains. "We have found quotations from at least 11 Star Wars novels." The manual examination of data associated with 4,942 accounts resulted in the identification of 3,244 bots with consistent characteristics: Tweets only random Star Wars quotes. Uses hashtags associated with follower acquisition or prepended to random words. Never retweets or mentions other Twitter users. Each bot has made only 11 or fewer tweets since its inception. Each bot has between 10 and 31 friends. The bots choose only "Twitter for Windows Phone" as their source application. The bots' user ID numbers fall into a narrow range between 1.5 × 10^9 and 1.6 × 10^9. Given that set of bots, the researchers created a machine learning classifier to hunt for other accounts with similar characteristics. The algorithm identified 356,957 Star Wars bots. The researchers say they were lucky to have spotted the bots, which appear to have been designed to thwart automated detection methods. They note that being human helped make the discovery possible. "The fact that the bots tagged their tweets with random locations in North America and Europe was a [deliberate] effort to make their tweets look more real," the paper explains. "But this camouflage trick backfired – the faked locations when plotted on a map seemed completely abnormal. It's important to note that this anomaly could only be noticed by a human looking at the map, whereas a computer algorithm would have a hard time to realize the anomaly." Curiously, the Star Wars bots have been silent since 2013. The researchers observe that pre-aged bots can be sold for more than newly created bots on the black market, presumably because bot detection methods consider older accounts more likely to be reputable. Twitter declined to comment on the findings, which may be because the company was unaware of them until now. "We have not reported the accounts directly to Twitter (yet)," said Echeverria in an email to The Register. "We are waiting for the paper to be approved by the scientific journal to which it was submitted. We would also like to give researchers a chance to get the dataset by themselves before they are gone, this is why we have not reported to Twitter directly, but we will as soon as the paper gets accepted." Inspired by their success identifying the Star Wars botnet, Echeverria, a research student, and his faculty advisor, senior lecturer Shi Zhou, claim to have identified an even larger botnet numbering half a million accounts. "The larger botnet is part of a subsequent research paper, which is also under review," Echeverria said. "As soon as it gets approved, I will be able to disclose more information about it." Echeverria added that there's now a Twitter account named "@thatisabot" to make it easier for people to report bots to researchers. "Think of it as @spam but for researchers instead of Twitter," he said. "Furthermore, we have a webpage, www.thatisabot.com, which will (soon) also allow people to report bots to researchers." "Commander, tear this ship apart until you've found those plans and bring me the Ambassador. I want her alive!" ® Sponsored: Want to know more about Privileged Access Management? Visit The Register's hub
Illustration by Aurich Lawsonreader comments 19 Share this story Google—as expected—has dismissed the European Commission's charge that the ad giant abused Android’s dominance to block its competitors in the market. The company is accused of using Android’s position as the dominant smartphone operating system in Europe to force manufacturers to pre-install Google services while locking out competitors. Competition commissioner Margrethe Vestager sent a so-called Statement of Objections to Google in April. On Thursday, the multinational corporation defended its position and spoke of the open source nature of the Android operating system.
It also compared a typical Android smartphone to rivals Apple and Microsoft.

According to Google, 39 out of 39 pre-installed apps are from Apple on iPhone 7, and 39 out of 47 pre-installed apps on the Microsoft Lumia 550 are from Microsoft. In a blog post on Thursday, Google general counsel Kent Walker said: "The response we filed today shows how the Android ecosystem carefully balances the interests of users, developers, hardware makers, and mobile network operators.

Android hasn’t hurt competition, it’s expanded it." The 100-plus page response to the commission focuses on metrics in an attempt to add weight to the claim that it hasn't abused any competitive advantage. Walker said: The commission’s case is based on the idea that Android doesn’t compete with Apple’s iOS. We don’t see it that way.
In fact, 89 percent of respondents to the commission’s own market survey confirmed that Android and Apple compete.

To ignore competition with Apple is to miss the defining feature of today’s competitive smartphone landscape. Walker claimed that possible remedies to resolve the case could create fragmentation in the mobile ecosystem. "The commission’s preliminary findings underestimate the importance of developers," he said. Walker continued: The commission argues that we shouldn’t offer some Google apps as part of a suite. No manufacturer is obliged to preload any Google apps on an Android phone.

But we do offer manufacturers a suite of apps so that when you buy a new phone, you can access a familiar set of basic services.

Android’s competitors, including Apple’s iPhone and Microsoft’s Windows phone, not only do the same, but they allow much less choice. Vestager can fine the search behemoth up to 10 percent of its global turnover—around $7.4 billion (£5.9 billion)—if she finds Google guilty of wrongdoing. Google is currently appealing against a similar case in Russia after authorities fined the company approximately 438 million rubles  ($6.8 million, £5.25 million) in an almost identical Android antitrust case earlier this year. Yandex, Russia's biggest search engine and the main complainant in that case, is also one of four complainants in the EU case.

Google rivals Microsoft, Nokia, and Oracle—under the Fairsearch umbrella organisation—lodged the first complaint against Android in 2013. Fairsearch said in a statement to Ars: Google says there's no problem because Android is 'open.' The truth is that Android is today a closed operating system, and any claim to the contrary is disingenuous.

Any manufacturer or network operator seeking to differentiate its devices or services is prevented from doing so by the web of Google's contractual restrictions. Google imposes severe sanctions on those who defy its insistence on conformity.

For example, a phone maker that offers even a few phones that do not comply with Google's straitjacket faces a cut-off from all of Google’s branded products. US ad-blocking firm Disconnect and Aptoide, a rival Portuguese Android app store, have also complained. None had responded to requests for comment from Ars at time of publication. Google separately faces antitrust charges on favouring its own search services and price comparison offerings over those of its rivals and for allegedly breaching competition rules with its mammoth ad business. Last week, Google rebuffed both of those charges. This post originated on Ars Technica UK

LastPass 4.0

You've heard the saying, "If it ain't broke, don't fix it." Certainly if your password manager is doing everything it should, you don't necessarily need it to change.

But sooner or later the interface starts to look dated, and the competition comes up with new features.

Accordingly, the free LastPass 4.0 has a bold new online interface, and its new features include a Sharing Center to manage shared passwords and Emergency Access to hand down your passwords to your heirs.

These new features put the free LastPass ahead of even many of its for-pay
competitors.

You can use many commercial password managers for free if you accept substantial limitations.
Some, like RoboForm Everywhere 7, limit you to 10-15 passwords before you must pay. Others, like Dashlane 3, are free as long as you stick to one device, no syncing. With such stringent restrictions, these aren't really free products.

When initially released, the free edition of LastPass only let you sync across devices of the same type. You could use it with multiple desktops (Windows, Mac, or Linux), multiple smartphones (Android, iOS, Windows Phone, or BlackBerry), or multiple tablets (Android, iOS, or Windows).

That limitation has been lifted. You can now sync passwords across all your devices, just as you can with LastPass Premium.

Getting Started With LastPass
Setting up a LastPass account is simple.
Start by downloading and installing the free app. You'll be prompted to either sign in to an existing account or sign up for a new one.

As always, you should create a strong password, something that you can remember but that nobody else would guess
.

You can add a password hint, but that may not be the best idea.
In June of 2015, hackers apparently stole some data from the LastPass servers.

Thankfully, LastPass's impressive security meaures meant that no actual passwords, master or otherwise, were exposed. Just to be super-safe, the company notified all users to change their master passwords.

The one thing that hackers might have obtained? Password hints.
If you must use a master password hint, make it something cryptic, something only you will understand.

And enable multifactor authentication, as explained below.

Note that nobody at LastPass has access to your data, not without that master password.
In the past, if you forgot your master password and the hint didn't jog your memory, you had no recourse but to start over. Now when you install LastPass on a new device, you get the option to have it save a one-time password for account recovery.

The recovery process requires access to your email account and to the device, so this isn't too much of a security risk.

Even so, I'd be inclined to stick with the master password.

During installation, LastPass offers to slurp up passwords stored insecurely in your browsers.
It also deletes the passwords from unsafe storage and turns off the browser's password capture.
In addition, you can import data from several dozen competing password managers.

Once the LastPass extension is installed in your browsers, you know the drill. Log in to your secure sites as always, and let LastPass save your credentials. You can assign a friendly name for the site at capture time, and add it to a new or existing folder. LastPass itself suggests folders for well-known sites.

Sometimes you'll run across a website that uses a weird login page, something that LastPass doesn't capture automatically. Like RoboForm and Sticky Password Premium, LastPass can handle these. Just enter your credentials and then, before logging in, select Save All Entered Data from the browser toolbar menu.
Simple!

Clicking the LastPass toolbar button in your browser brings up a menu that includes a menu of all your saved sites.

Each folder becomes a submenu, and you can have nested folders.

The menu of saved logins is a common feature, but LastPass and Sticky Password are among the few that allow nesting.

Password Generator
When you sign up for a new account or change your password for an existing account, LastPass offers to generate a secure password.

By default, the password generator creates 12-character passwords using at least one digit and a mix of capital and small letters. You can crank up the length and include punctuation to get even stronger passwords. On the flip side, if you need to remember the password and can accept a security hit, the Make Pronounceable option gives you passwords like ogypropoitio or morefesticku.

When you do sign up for a new account, LastPass captures your credentials, and it offers to update its saved password when you make a change.

This works whether or not you accept the aid of the password generator.

I wish this component had gotten just a little enhancement in the move to version 4.0.

True Key by Intel Security defaults to generating 16-character passwords using all possible character types. Most users won't bother to change the defaults, so they'll get less-secure passwords from LastPass.

Password Vault
With the move to version 4.0, the online LastPass Vault got a significant makeover.
From the vault, you can view, edit, and organize all of your saved logins. You now have the option to see them displayed in a grid of tiles, much the way Dashlane 3 does. LastPass's tiles are rather large; the new ability to collapse the left-hand menu makes more room for them.

A new multi-purpose Add button lets you add a new folder, secure note, or site, or share an existing item with other users (more about sharing later).
In addition, you can now select multiple items at once and perform bulk actions like moving them all to a folder, sharing them, or deleting them.

Emergency Access
The concept of setting up a way for your heirs to inherit your passwords originated with the Digital Legacy feature in PasswordBox. PasswordBox has since been subsumed into True Key, but the concept lives on.

For example, Dashlane lets you set up any number of emergency contacts to receive all or some of your passwords. With the free LogMeOnce Password Management Suite Premium, you can define one heir for your entire collection and five for individual logons.

Emergency Access in LastPass works almost exactly the same as the similar feature in Dashlane. You enter your recipient's email address and define a waiting period. Recipients must install LastPass, if they haven't already, and accept your connection request. Now if something happens to you, the recipient simply requests access to your account.

Dashlane does let you pass along just a subset of your saved credentials—for example, you might define a co-worker as recipient of your work-specific passwords.

That's not an option in LastPass.

Here's where the waiting period comes in.
Suppose your supposedly trusted recipient decides to jump the gun and get your passwords before you've kicked the bucket.

The initial request for access triggers an email to you, and you can deny the access request at any time during the waiting period.
In a real emergency, your recipient automatically gets access after that time elapses.

Clicking Emergency Access lets you view two pages, People I Trust (your password heirs) and People Who Trust Me (those who've made you their emergency access contact). On the People I Trust page you can delete anyone from the list, or change the waiting period. On the People Who Trust Me page, you can bow out of the emergency access role.

Password Sharing
We normally recommend against sharing your passwords promiscuously, but there are situations that merit sharing. You and your spouse may share a bank account, for example.
If you must share, you should do it safely.

Sharing passwords with other users is a fairly common feature among password managers, though it's found more in commercial products than free ones. 1U Password Manager limits sharing to its mobile app.

Enpass Password Manager 5 sends the credentials as an encrypted data block. Users of the free LogMeOnce can share just five passwords.

That makes LastPass the most flexible free password manager as far as sharing goes. Just point to an item in the vault to reveal the new hover-style choices, click the sharing icon, and enter the recipient's email address. Recipients who already use LastPass will see a notification that a new share has arrived; others will get an email message explaining how to create an account and accept the share.

The recipient can use the shared item to log in; you choose whether or not to make the password visible.

Sharing Center
The new Sharing Center within the online vault lets you easily manage your shared items.

As with emergency access, you can relinquish access to credentials that others have shared with you, or cut off others with whom you've shared passwords.

There's also a tab for managing shared folders. However, if you try to make use of it you'll quickly learn that folder sharing is a Premium-only feature.

Filling Web Forms
When you've got a product that can automatically fill in login credentials, it's just a short step to making it fill personal data into Web forms. However, not many free password managers include this feature. LastPass and LogMeOnce are among the few, along with Symantec Norton Identity Safe.

You can define any number of full identity profiles in LastPass, each of them including a variety of personal and contact information along with one credit card and one bank account.

Those with a certain level of Web-design expertise can define custom fields, meaning that when LastPass encounters a field with a specific internal name, it will fill that field with the selected data.

RoboForm lets you create multiple instances of any form-fill field, and Dashlane stores the various components of personal data (phone numbers, emails, and so on) separately. LastPass's one gesture to the need for multiple fields is the ability to create profiles containing nothing but a credit card. When you go to fill a Web form, you can choose to use a personal data profile or to choose personal data and credit card separately.

In the vault, LastPass represents each profile by analyzing the associated credit card number.
It correctly distinguished the MasterCard, VISA, and American Express numbers I tried.

Dashlane takes this concept a step beyond.
It lets you identify each card with a color and bank logo, and displays replicas of the cards for selection when you're filling a form.

To fill a form using LastPass, you need to find the little icon it adds to one of the fields.

Click that icon, select a profile, and boom! Form filled.
In testing, it proved more accurate than most.

Multifactor Security
It doesn't matter how complex your master password is if a thief gets ahold of it.

From anywhere in the world, the thief can log in as you. LastPass does require email verification the first time you log in from a new device, which might help.

But you can seriously enhance your security by taking advantage of the available multifactor authentication options.

To set up multifactor authentication, you open LastPass's Account Settings dialog, which looks much the same as it did in version 3.0.
In the free edition, LastPass supports Google Authenticator as well as such work-alikes as Duo Mobile and Twilio Authy. Linking your account is just a matter of snapping a QR code using your mobile device.

Thereafter, each time you log in you'll need a one-time code generated by the app as well as your master password.

The free edition also supports authentication via the Toopher and Transakt apps.

These work more simply than Google Authenticator.
Instead of copying a one-time code, you simply accept or reject the connection attempt using your smartphone.

Those without a smartphone can print a wallet-sized authentication grid.

To authenticate, LastPass asks you to enter characters found at specific coordinates on the grid.

Two-factor authentication can get tedious after a while, so LastPass lets you define specific devices as trusted. When you log in from a trusted device, all you need is the master password.
In a similar vein, if you enable mobile device restriction, no login from a mobile device will be accepted if it's not one of your own mobile devices.

Security Challenge
Getting all of your passwords safely stored with LastPass is a good first step, but it's not enough. Now you need to go through those passwords and fix the weak ones, and the ones you've recycled for use on multiple websites.

That's where the Security Challenge comes in.

Click the security challenge icon, re-enter your master password, and get ready to see how good (or bad) your passwords are.

Do note that to get the full advantage of the security challenge, including automated password changing, you must launch it from Chrome.

As part of the analysis, LastPass sifts out the email addresses found among your passwords and offers to check them against known compromised sites. Naturally if you find out that one of these addresses is associated with a breach, you should change all associated passwords immediately.

At the top of the resulting report you get an overall percentage score, your standing within the LastPass community, and a score for your master password.

The overall score is mostly based on whether your passwords are strong and unique, but it includes other factors as well.

For example, you lose 10 percentage points if you haven't enabled multifactor authentication.

If you like, you can follow LastPass's prompts to fix four types of problems: compromised passwords, weak passwords, reused passwords, and old passwords. Note that "old" here is measured from the first time LastPass encountered the password.

You can also scroll down for a full list of all your passwords, along with a password strength rating for each, the time it was last changed, and a button to let you update the password.

For some common sites, LastPass displays an Auto-Change button; click it to have LastPass automatically update the password.

At present LastPass can auto-change about 80 sites, while Dashlane's similar feature supports over 500. You can also check off multiple items and update them all at once.
If the site isn't among those LastPass can handle, a Launch Site button lets you go make the change manually.

Still a Winner
Automated password updates slipstreamed into LastPass 3.0, but Emergency Access is new in version 4.0.

The updated user interface for the online vault is a welcome change, as is the handy Sharing Center.

And the breadth of features in this free password manager is amazing.

The fact that the free edition no longer limits you to syncing across devices of the same type is icing on the cake.

LastPass 4.0 remains an Editors' Choice for free password manager.
It shares that honor with LogMeOnce Password Management Suite Premium, which also packs an impressive feature set into a free product.

Back to top

PCMag may earn affiliate commissions from the shopping links included on this page.

These commissions do not affect how we test, rate or review products.

To find out more, read our complete terms of use.