Tag: Windows Phone
AirDrop lets you move files and other data from a Mac to an iPad to an iPhone, in any combination of directions. Your Apple Watch can unlock your Mac.
Any Apple device can control a Keynote presentation on any other Apple device.
Apple’s Handoff lets you start work on one Apple device and pick up where you left off on another.
Bookmarks, contacts, email settings, passwords, and even credit card details can be synced automatically across all your devices. Windows 10 was supposed to do the same, relying on Windows Phones to be take the role of the iPhone in this fluid ecosystem.
But Windows Phone (renamed Windows Mobile) is in cryogenic suspension, waiting for a future miracle cure to bring it back to life.
Thus, Microsoft’s ambitions to copy Apple’s liquid computing have gone unrealized.To read this article in full or to leave a comment, please click here
That research, the two academics said, will be shared in a future paper.
In the meantime, the Star Wars botnet dataset is available for study; the researchers said the data is tens of times larger than any public collection on Twitter bots. The researchers also said they have not shared their data with Twitter yet because they are waiting for their current research to be approved in a scientific journal. “We would also like to give researchers a chance to get the dataset by themselves before they are gone, this is why we have not reported to Twitter directly, but we will as soon as the paper gets accepted,” Echeverria Guzman said. A request to Twitter for comment was not returned in time for publication. The researchers said the botnet was created in 2013 and has remained hidden since then with relatively little activity.
The mundane pace at which the bots tweeted seemed automated and intentional, the researchers said. Most of the content are benign quotes from Star Wars novels and do not include URLs, giving the tweets the appearance of real human language as a means of side-stepping bot detection services.
The user profiles behind the bots also used tactics that would not trigger alerts, such as having real profile pictures. “All the accounts were created in a short window of time, less than two months.
They all behave in exactly the same way, quoting Star Wars novels including the same hashtags (and adding random hashtags to the quote),” Echeverria Guzman said. “All of their tweets are marked as coming from ‘Windows Phone,’ which means that they are likely to be controlled by the API instead of the Twitter site.
For reference, that source accounts for less than 0.1% of tweets normally.” The clincher, however, connecting the hundreds of thousands of bots to the same network comes in the geographic distribution of the host accounts.
Tweets were tagged with geographic locations which, when mapped, fall within neat rectangles plotted over North America and Europe.
The tweets are distributed within the rectangles, even in uninhabited areas.
The researchers describe the plotting in the paper: “These rectangles have sharp corners and straight borders that are parallel to the latitude and longitude lines. We conjectured that the figure shows two overlapping distributions. One is the distribution of tweets by real users, which is coincident with population distribution.
The other is the distribution of tweets with faked locations by Twitter bots, where the fake locations are randomly chosen in the two rectangles – perhaps as an effort to pretend that the tweets are created in the two continents where Twitter is most popular.” Echeverria Guzman said the split between the two rectangles is exactly 50 percent and the tweets are uniform throughout the rectangle. “All of this is almost impossible to have originated from normal users,” he said. The researchers point out previous work demonstrating how Twitter bots have been able to abuse Twitter’s streaming API.
Bots, the researchers said in their paper, are programmed to time tweets so that they are included in the streaming API as much as 82 percent of the time versus the expected 1 percent. “If and when these bots are activated, they can do all of the threats as listed above—but on a large scale with a sudden effect,” Zhou said. “For example it is known that the Streaming API is susceptible to tampering by bots.
The size of the Star Wars botnet is clearly enough to contaminate the Twitter API and the Twitter environment itself, particularly if focused on a single topic. “In other words, it is scary to know there are bad guys and see the terrible things that they have been doing; yet it is much more scary to know there are a lot of bad guys around, but we have no idea what they are up to.” The researchers said they hope others download and analyze the available data.
They’ve also created a Twitter account, @thatisabot, and website, where bots can be reported.
It also compared a typical Android smartphone to rivals Apple and Microsoft.
According to Google, 39 out of 39 pre-installed apps are from Apple on iPhone 7, and 39 out of 47 pre-installed apps on the Microsoft Lumia 550 are from Microsoft. In a blog post on Thursday, Google general counsel Kent Walker said: "The response we filed today shows how the Android ecosystem carefully balances the interests of users, developers, hardware makers, and mobile network operators.
Android hasn’t hurt competition, it’s expanded it." The 100-plus page response to the commission focuses on metrics in an attempt to add weight to the claim that it hasn't abused any competitive advantage. Walker said: The commission’s case is based on the idea that Android doesn’t compete with Apple’s iOS. We don’t see it that way.
In fact, 89 percent of respondents to the commission’s own market survey confirmed that Android and Apple compete.
To ignore competition with Apple is to miss the defining feature of today’s competitive smartphone landscape. Walker claimed that possible remedies to resolve the case could create fragmentation in the mobile ecosystem. "The commission’s preliminary findings underestimate the importance of developers," he said. Walker continued: The commission argues that we shouldn’t offer some Google apps as part of a suite. No manufacturer is obliged to preload any Google apps on an Android phone.
But we do offer manufacturers a suite of apps so that when you buy a new phone, you can access a familiar set of basic services.
Android’s competitors, including Apple’s iPhone and Microsoft’s Windows phone, not only do the same, but they allow much less choice. Vestager can fine the search behemoth up to 10 percent of its global turnover—around $7.4 billion (£5.9 billion)—if she finds Google guilty of wrongdoing. Google is currently appealing against a similar case in Russia after authorities fined the company approximately 438 million rubles ($6.8 million, £5.25 million) in an almost identical Android antitrust case earlier this year. Yandex, Russia's biggest search engine and the main complainant in that case, is also one of four complainants in the EU case.
Google rivals Microsoft, Nokia, and Oracle—under the Fairsearch umbrella organisation—lodged the first complaint against Android in 2013. Fairsearch said in a statement to Ars: Google says there's no problem because Android is 'open.' The truth is that Android is today a closed operating system, and any claim to the contrary is disingenuous.
Any manufacturer or network operator seeking to differentiate its devices or services is prevented from doing so by the web of Google's contractual restrictions. Google imposes severe sanctions on those who defy its insistence on conformity.
For example, a phone maker that offers even a few phones that do not comply with Google's straitjacket faces a cut-off from all of Google’s branded products. US ad-blocking firm Disconnect and Aptoide, a rival Portuguese Android app store, have also complained. None had responded to requests for comment from Ars at time of publication. Google separately faces antitrust charges on favouring its own search services and price comparison offerings over those of its rivals and for allegedly breaching competition rules with its mammoth ad business. Last week, Google rebuffed both of those charges. This post originated on Ars Technica UK
You've heard the saying, "If it ain't broke, don't fix it." Certainly if your password manager is doing everything it should, you don't necessarily need it to change.
But sooner or later the interface starts to look dated, and the competition comes up with new features.
Accordingly, the free LastPass 4.0 has a bold new online interface, and its new features include a Sharing Center to manage shared passwords and Emergency Access to hand down your passwords to your heirs.
These new features put the free LastPass ahead of even many of its for-pay competitors.
You can use many commercial password managers for free if you accept substantial limitations.
Some, like RoboForm Everywhere 7, limit you to 10-15 passwords before you must pay. Others, like Dashlane 3, are free as long as you stick to one device, no syncing. With such stringent restrictions, these aren't really free products.
When initially released, the free edition of LastPass only let you sync across devices of the same type. You could use it with multiple desktops (Windows, Mac, or Linux), multiple smartphones (Android, iOS, Windows Phone, or BlackBerry), or multiple tablets (Android, iOS, or Windows).
That limitation has been lifted. You can now sync passwords across all your devices, just as you can with LastPass Premium.
Getting Started With LastPass
Setting up a LastPass account is simple.
Start by downloading and installing the free app. You'll be prompted to either sign in to an existing account or sign up for a new one.
As always, you should create a strong password, something that you can remember but that nobody else would guess.
You can add a password hint, but that may not be the best idea.
In June of 2015, hackers apparently stole some data from the LastPass servers.
Thankfully, LastPass's impressive security meaures meant that no actual passwords, master or otherwise, were exposed. Just to be super-safe, the company notified all users to change their master passwords.
The one thing that hackers might have obtained? Password hints.
If you must use a master password hint, make it something cryptic, something only you will understand.
And enable multifactor authentication, as explained below.
Note that nobody at LastPass has access to your data, not without that master password.
In the past, if you forgot your master password and the hint didn't jog your memory, you had no recourse but to start over. Now when you install LastPass on a new device, you get the option to have it save a one-time password for account recovery.
The recovery process requires access to your email account and to the device, so this isn't too much of a security risk.
Even so, I'd be inclined to stick with the master password.
During installation, LastPass offers to slurp up passwords stored insecurely in your browsers.
It also deletes the passwords from unsafe storage and turns off the browser's password capture.
In addition, you can import data from several dozen competing password managers.
Once the LastPass extension is installed in your browsers, you know the drill. Log in to your secure sites as always, and let LastPass save your credentials. You can assign a friendly name for the site at capture time, and add it to a new or existing folder. LastPass itself suggests folders for well-known sites.
Sometimes you'll run across a website that uses a weird login page, something that LastPass doesn't capture automatically. Like RoboForm and Sticky Password Premium, LastPass can handle these. Just enter your credentials and then, before logging in, select Save All Entered Data from the browser toolbar menu.
Clicking the LastPass toolbar button in your browser brings up a menu that includes a menu of all your saved sites.
Each folder becomes a submenu, and you can have nested folders.
The menu of saved logins is a common feature, but LastPass and Sticky Password are among the few that allow nesting.
When you sign up for a new account or change your password for an existing account, LastPass offers to generate a secure password.
By default, the password generator creates 12-character passwords using at least one digit and a mix of capital and small letters. You can crank up the length and include punctuation to get even stronger passwords. On the flip side, if you need to remember the password and can accept a security hit, the Make Pronounceable option gives you passwords like ogypropoitio or morefesticku.
When you do sign up for a new account, LastPass captures your credentials, and it offers to update its saved password when you make a change.
This works whether or not you accept the aid of the password generator.
I wish this component had gotten just a little enhancement in the move to version 4.0.
True Key by Intel Security defaults to generating 16-character passwords using all possible character types. Most users won't bother to change the defaults, so they'll get less-secure passwords from LastPass.
With the move to version 4.0, the online LastPass Vault got a significant makeover. From the vault, you can view, edit, and organize all of your saved logins. You now have the option to see them displayed in a grid of tiles, much the way Dashlane 3 does. LastPass's tiles are rather large; the new ability to collapse the left-hand menu makes more room for them.
A new multi-purpose Add button lets you add a new folder, secure note, or site, or share an existing item with other users (more about sharing later).
In addition, you can now select multiple items at once and perform bulk actions like moving them all to a folder, sharing them, or deleting them.
The concept of setting up a way for your heirs to inherit your passwords originated with the Digital Legacy feature in PasswordBox. PasswordBox has since been subsumed into True Key, but the concept lives on.
For example, Dashlane lets you set up any number of emergency contacts to receive all or some of your passwords. With the free LogMeOnce Password Management Suite Premium, you can define one heir for your entire collection and five for individual logons.
Emergency Access in LastPass works almost exactly the same as the similar feature in Dashlane. You enter your recipient's email address and define a waiting period. Recipients must install LastPass, if they haven't already, and accept your connection request. Now if something happens to you, the recipient simply requests access to your account.
Dashlane does let you pass along just a subset of your saved credentials—for example, you might define a co-worker as recipient of your work-specific passwords.
That's not an option in LastPass.
Here's where the waiting period comes in.
Suppose your supposedly trusted recipient decides to jump the gun and get your passwords before you've kicked the bucket.
The initial request for access triggers an email to you, and you can deny the access request at any time during the waiting period.
In a real emergency, your recipient automatically gets access after that time elapses.
Clicking Emergency Access lets you view two pages, People I Trust (your password heirs) and People Who Trust Me (those who've made you their emergency access contact). On the People I Trust page you can delete anyone from the list, or change the waiting period. On the People Who Trust Me page, you can bow out of the emergency access role.
We normally recommend against sharing your passwords promiscuously, but there are situations that merit sharing. You and your spouse may share a bank account, for example.
If you must share, you should do it safely.
Sharing passwords with other users is a fairly common feature among password managers, though it's found more in commercial products than free ones. 1U Password Manager limits sharing to its mobile app.
Enpass Password Manager 5 sends the credentials as an encrypted data block. Users of the free LogMeOnce can share just five passwords.
That makes LastPass the most flexible free password manager as far as sharing goes. Just point to an item in the vault to reveal the new hover-style choices, click the sharing icon, and enter the recipient's email address. Recipients who already use LastPass will see a notification that a new share has arrived; others will get an email message explaining how to create an account and accept the share.
The recipient can use the shared item to log in; you choose whether or not to make the password visible.
The new Sharing Center within the online vault lets you easily manage your shared items.
As with emergency access, you can relinquish access to credentials that others have shared with you, or cut off others with whom you've shared passwords.
There's also a tab for managing shared folders. However, if you try to make use of it you'll quickly learn that folder sharing is a Premium-only feature.
Filling Web Forms
When you've got a product that can automatically fill in login credentials, it's just a short step to making it fill personal data into Web forms. However, not many free password managers include this feature. LastPass and LogMeOnce are among the few, along with Symantec Norton Identity Safe.
You can define any number of full identity profiles in LastPass, each of them including a variety of personal and contact information along with one credit card and one bank account.
Those with a certain level of Web-design expertise can define custom fields, meaning that when LastPass encounters a field with a specific internal name, it will fill that field with the selected data.
RoboForm lets you create multiple instances of any form-fill field, and Dashlane stores the various components of personal data (phone numbers, emails, and so on) separately. LastPass's one gesture to the need for multiple fields is the ability to create profiles containing nothing but a credit card. When you go to fill a Web form, you can choose to use a personal data profile or to choose personal data and credit card separately.
In the vault, LastPass represents each profile by analyzing the associated credit card number.
It correctly distinguished the MasterCard, VISA, and American Express numbers I tried.
Dashlane takes this concept a step beyond.
It lets you identify each card with a color and bank logo, and displays replicas of the cards for selection when you're filling a form.
To fill a form using LastPass, you need to find the little icon it adds to one of the fields.
Click that icon, select a profile, and boom! Form filled.
In testing, it proved more accurate than most.
It doesn't matter how complex your master password is if a thief gets ahold of it.
From anywhere in the world, the thief can log in as you. LastPass does require email verification the first time you log in from a new device, which might help.
But you can seriously enhance your security by taking advantage of the available multifactor authentication options.
To set up multifactor authentication, you open LastPass's Account Settings dialog, which looks much the same as it did in version 3.0.
In the free edition, LastPass supports Google Authenticator as well as such work-alikes as Duo Mobile and Twilio Authy. Linking your account is just a matter of snapping a QR code using your mobile device.
Thereafter, each time you log in you'll need a one-time code generated by the app as well as your master password.
The free edition also supports authentication via the Toopher and Transakt apps.
These work more simply than Google Authenticator.
Instead of copying a one-time code, you simply accept or reject the connection attempt using your smartphone.
Those without a smartphone can print a wallet-sized authentication grid.
To authenticate, LastPass asks you to enter characters found at specific coordinates on the grid.
Two-factor authentication can get tedious after a while, so LastPass lets you define specific devices as trusted. When you log in from a trusted device, all you need is the master password.
In a similar vein, if you enable mobile device restriction, no login from a mobile device will be accepted if it's not one of your own mobile devices.
Getting all of your passwords safely stored with LastPass is a good first step, but it's not enough. Now you need to go through those passwords and fix the weak ones, and the ones you've recycled for use on multiple websites.
That's where the Security Challenge comes in.
Click the security challenge icon, re-enter your master password, and get ready to see how good (or bad) your passwords are.
Do note that to get the full advantage of the security challenge, including automated password changing, you must launch it from Chrome.
As part of the analysis, LastPass sifts out the email addresses found among your passwords and offers to check them against known compromised sites. Naturally if you find out that one of these addresses is associated with a breach, you should change all associated passwords immediately.
At the top of the resulting report you get an overall percentage score, your standing within the LastPass community, and a score for your master password.
The overall score is mostly based on whether your passwords are strong and unique, but it includes other factors as well.
For example, you lose 10 percentage points if you haven't enabled multifactor authentication.
If you like, you can follow LastPass's prompts to fix four types of problems: compromised passwords, weak passwords, reused passwords, and old passwords. Note that "old" here is measured from the first time LastPass encountered the password.
You can also scroll down for a full list of all your passwords, along with a password strength rating for each, the time it was last changed, and a button to let you update the password.
For some common sites, LastPass displays an Auto-Change button; click it to have LastPass automatically update the password.
At present LastPass can auto-change about 80 sites, while Dashlane's similar feature supports over 500. You can also check off multiple items and update them all at once.
If the site isn't among those LastPass can handle, a Launch Site button lets you go make the change manually.
Still a Winner
Automated password updates slipstreamed into LastPass 3.0, but Emergency Access is new in version 4.0.
The updated user interface for the online vault is a welcome change, as is the handy Sharing Center.
And the breadth of features in this free password manager is amazing.
The fact that the free edition no longer limits you to syncing across devices of the same type is icing on the cake.
LastPass 4.0 remains an Editors' Choice for free password manager.
It shares that honor with LogMeOnce Password Management Suite Premium, which also packs an impressive feature set into a free product.
PCMag may earn affiliate commissions from the shopping links included on this page.
These commissions do not affect how we test, rate or review products.