Our substance is short yet to the point, and intended to challenge you to live in and nurture with IT technologies. @http://thecorlissreviewgroup.com

Wednesday, April 30, 2014

What You Want, When You Want It: How 3D Printing Appeals to the Everyday Consumer

3D printing continues to be a global spectacle in 2014, making appearances from Las Vegas during International CES and Barcelona during Mobile World Congress.  With the 3D printing industry predicted to reach $10.8 billion by 2021, many are asking how it will change the future of the consumer landscape, much like MP3 players and iPods transformed the music industry.  While the answers may not be obvious, there are a number of ways 3D printing will impact the daily lives of consumers in years to come.

3D printers are able to reproduce
shapes of increasing complexity.
Opening the door to customization
A major appeal to everyday consumers is how 3D printing opens the entryway to customization.  From custom jewelry to food, the possibilities when using a 3D printer are endless.  As 3D printers become more accessible over time, so will the ability to print items that are extremely personalized and tailored to each user.  If we think about most of the products we buy, they are commoditized in some way for the average person; jeans are a certain length and cabinet handles come in standardized sizes.  3D printing allows consumers to create items exactly the way they need or want them – ultimately, letting customers set their own parameters.  Companies like Nokia and New Balance, for example, have taken to the 3D printing trend and now offer online services where consumers can customize their own 3D printed cell phone case or sneakers, respectively.

Creating at home convenience
Beyond the ability to custom 3D print apparel and gadgets, there is massive potential in at-home 3D printing.  The average consumer can easily use a 3D printer to produce everyday items like plates, utensils, and home furnishings.  At its core, 3D printing at home is about being able to conveniently download and print a model of nearly any item a consumer may want to make their living space more comfortable and appealing.

Tech Reviews by The Corliss Group

Tuesday, April 29, 2014

A Smart Way to Replace Your Samsung Galaxy S4 with New Galaxy S5

If you are a gadget enthusiast and aching to have your hands on Galaxy S5 or you just cannot since you have your Galaxy S4 from the previous year, you have a way to work it out. Consider trading your device with your carrier for a credit to your new phone. To get the most of your device, you can sell your phone, which you have lots of options.

Here are some of them:

EBay provides you a marketplace for your items where predictability is less. Auctions can give you more or less earnings. Posting and managing items for sale are quite tedious until eBay introduced My Gadgets which will help you create a listing. You may list what you own and My Gadget will tell you how you can make based on eBay price trends if you sell it. EBay may not be the best choice for making more money with regard to selling your handsets. But it is usually a site where you can locate items which are extremely low or high demand or those which are difficult to find.

Amazon is one of the most convenient ways to sell your old phone with some drawbacks. Find your device on Amazon, click the "Sell on Amazon" button and provide details. You then have a listing and after some time, you will have a buyer. You ship the item, confirm the shipment to Amazon and request the money transfer to your account. On the side, you will be dealing with the buyer through email and get a high-profile listing on Amazon. There will be competition with other sellers though, which can put the prices down. In exchange of convenience, this option may not be the best in terms of monetary benefits.

Craiglist is making local selling possible, easy and fast, although you have to make the bargaining yourself with many buyers. Some do not go to Craiglist for these very reasons and want to avoid a headache. But if your device is highly in demand, you can use Craiglist to the max and have your money immediately.

Facebook Marketplace
The Facebook Marketplace is a mix of the benefits and drawbacks of online and local selling like selling in Craiglist but not limited to the locality. You can post your listing and share it with others. There are sites which you can also sell your smartphone. They offer buyback programs and provide some selling services. Examples are uSell, Cell Circle, Gazelle, Nextworth and UpgradeSwap.

You can make the most money when you take time to explore these options and compare prices. For example, eBay's asking price for Galaxy S4 ranges from $70 to $397 based on the phone's condition while uSell is from $35 to $182. It varies more in Craiglist, which ranges from $180 to $550. Offering in Gazelle is $50 to $193, Nextworth is $33 to $128 and UpgradeSwap is between $85 and $230.

Tech Reviews by The Corliss Group

Foxconn Sells Communications Technology Patents to Google

Tech Reviews by The Corliss Group--Foxconn, which assembles gadgets for companies such as Apple Inc., said it has sold a number of its communications technology patents to Google Inc. for an undisclosed sum.

Taiwan-based Foxconn, officially known as Hon Hai Precision Industry Co., made a name for itself in contract manufacturing by making Apple's iPhones and Sony's PlayStation game consoles. But few know the electronics manufacturer has been developing new technologies and has a sizable patent portfolio. In a statement, the company said it has applied for 128,400 patents and has been granted more than 64,300 patents world-wide.

Photo credited to INDIATIMES.COM
In the highly competitive technology industry, companies are challenging each other to set industry standards, which has led to a few patent cases.

Google, which is battling with Apple for mobile dominance, has continued to strengthen its patent portfolio through acquisitions. The Internet giant's purchase of Motorola Mobility in 2011 gave it a formidable patent portfolio, and protected its Android mobile operating system and partners from legal threat from competitors, including Apple and Microsoft Corp.

Foxconn, which also sold some head-mounted display technology patents to Google for an unspecified amount last year, was one of the top 20 U.S. patent owners in 2013, according to Manhattan-based patent advisory company Envision IP.

"Foxconn can make use of its immense U.S. and global patent portfolio, and possibly offer commercial licenses to its customers," said Maulin Shah, managing director at Manhattan-based patent advisory firm Envision IP said. "The company could charge a premium by offering patent licenses integrated with manufacturing contracts, a luxury which many of its competitors may not have."

Foxconn said it would continue to invest in technology research and development, "transforming such investments into valuable intellectual property assets." It declined to provide further details.

Google declined to provide immediate comment.

Monday, April 28, 2014

Hong Kong Making Efforts to Become Tech Hub, Welcomes Canadians Entrepreneurs

I recently finished a trip to Hong Kong to attend the International ICT Expo as part of a Canadian Trade Mission. The trip really opened my eyes to the focus and resources that Hong Kong is putting behind becoming a big player in the tech space.

Historically, Hong Kong has been a prosperous shipping port due in part to its deep water access for large vessels. It has also become a key financial center for the region. Just as a reminder, control of Hong Kong reverted back to China (from the UK) in 1997. However, the Chinese have wisely implemented a 50-year transition period to ensure stability until the move is completed.

The local government and residents alike lovingly refer to this period for Hong Kong as “One Country with Two Systems." Of course, those two systems are the Chinese legal system and the UK influenced international legal system used in Hong Kong for the past several decades. It will be interesting to see the amount of influence that China will exert on HK in the near future, but even more interesting will be how much influence HK can exert and make changes in Chinese system.

Fortunately, I was sitting by the window as we prepared to land in Hong Kong. Seeing the beauty of the outlying islands on approach reminded me why over seven million people find this a great place to live. After the 14-hour flight from Vancouver, all I could think about was getting to my hotel. When there, I fought the urge to sleep, showered and headed to the Dim Sum restaurant right there in my hotel. For someone like me from North America, it was a big deal to have a dim sum place that close, but I soon found out that dim sum was on almost every corner in Hong Kong’s Central district.

Hong Kong has long been known as the gateway to China, but here are a few fun facts about the state of technology in Hong Kong:

·         Hong Kong has over 7.15 million inhabitants, and is one of the most densely populated cities in the world.

·         Its ICT sector has roughly 17,000 companies that generate CAD $197.4 billion in revenue, representing 6.1% of Hong Kong’s GDP.

·         There are 20,000 public Wi-Fi access points covering 426 square miles of the metropolis.

·         The Hong Kong government will spend nearly CAD $1 billion on IT expenditures during 2013-2014.

·         4G LTE was rolled out by all five mobile network providers in 2012.

·         87% of homes have broadband with an average speed of 60 Mbps, ranked as one of the world’s highest in a recent report by Akamai Technologies. In some cases, the speed reaches 1,000 Mbps, and provides inhabitants with access to over 700 TV channels in this metropolitan market.

The International ICT Exhibition was held in conjunction with a huge consumer electronics show. It was Asia’s version of the annual CES show in Las Vegas. The first day of the show was Sunday, and tens of thousands of Hong Kong’s residents visited the Convention Center that day to see the latest gadgets. There was a sea of young people that packed the aisles that day of the show. I even saw young families with their kids making a Sunday afternoon excursion to attend the show.

Tech Reviews  by The Corliss Group

Friday, April 25, 2014

Corliss Group Tech Review: Dating App Tinder Infected by Dangerous Bots

Swipe right, chat to a fake user and your personal data could be stolen.

A series of bots have invaded dating app Tinder and are spreading dangerous downloads after luring users with tempting profiles and pictures, an antivirus developer has discovered.

Bitdefender Labs is currently investigating both the Android application and the bots that seem to have stolen pictures from an Arizona-based photography studio. Some of these images are also being used for fake Facebook profiles.

Catalin Cosoi, chief security strategist at Bitdefender, said: "After users swipe the right button on Tinder to indicate that they like a profile, the bots engage users in automated conversations until they convince them to click on a dubious link.

"The name of the URL gives the impression of an official page of the dating app and for extra legitimacy scammers also registered it on a reputable .com domain."

Bitdefender warns users to be aware of this risk, and advises that a typical bot message reads: "Hey, how are you doing? I'm still recovering from last night? Relaxing with a game on my phone, castle clash. Have you heard about it? Play with me and you may get my phone number."

The scam is geo-specific: British users are lured to fraudulent surveys and dubious competitions for ASDA and Tesco vouchers, while Tinder users in the US are brought to the 'Castle Clash' game download.

Castle Clash developer IGG has said that this issue is currently looked in to. IGG's Jiayan Wu, commented: "We are aware of this issue and we are currently investigating into it. We are also being victimized in this issue therefore we are grateful for being informed." Bitdefender has also notified the photography studio where the bots' pictures were stolen from.

This is not the first time that the dating app has come under attack from bots spreading dubious or malicious links. To guard against this threat, Bitdefender recently published a security and privacy guide to help users "tinder" more safely.

The antivirus software company has also discovered a similar ad campaign targeting National Geographic mobile users with scare ware saying they have been infected with malware. The ad "technique" abusively redirected users to a Google Play app that would clean their Android device.

Thursday, April 24, 2014

Corliss Group Tech Review on which is better: AVG vs. Avast?

Protecting yourself against harmful and life threatening viruses, its best to choose the antivirus by brand name. But each Antivirus download that you can find on the internet is dependent on what is most important to the user in terms of variables. Some are more dedicated to filtering through malware and spyware; some systems pride themselves on being the most reliable, or adaptable to the constant change of cyberspace gunk that’s floating around.  So with all these choices, how’re we supposed to know which program is suited to our professional needs?

We hope to address those concerns and point the potential onlooker in the right direction for a potential download, or perhaps full-on purchase of the bundled software. For the moment we’ll be looking at Avast! and AVG which are both free antivirus downloads available for your computer on reliable online websites.

Avast! Free Antivirus Software: The Basics

Chances are if you’re looking to get in on the ground floor to check if Avast! is right for you, then you’ll be looking into the coverage that the free antivirus download is going to offer. Avast! is ranked as one of the top antivirus programs in the market with 17% of users in the entire market share of protection services. Which is pretty far up there with McAfee, Bitdefender, and other potential competition. The website itself assumes that over 200 million+ users rely on Avast! to safeguard their PCs, Macs, and mobile devices.

An overall range of what exactly these bundles can offer are found Avast!’s official website.  Listed below are what the first set of antivirus protection will offer you as well as what it’ll establish for your computer’s health in the long run.

Intelligent Antivirus – Hosted with DynaGen software, the antivirus package is going to keep your device in tip-top shape no matter what virus are currently circulating. It prides itself on being a program that’ll adapt to the appropriate measure depending on what your computer might be faced with when surfing the internet.

Anti-malware Protection – Plus anti-spyware and anti-rootkit. Meaning that no one can gather your personal information, infect you with malware, or be anywhere near your private credentials without you being aware of it.

Safezone – If you bank online, this’ll be one of the deciding factors as it’ll promise epitome protection for secured payments and banking.

AVG Antivirus Software: The Basics

In comparison to Avast! the folks at AVG are a little behind in their numbers at 170 million+ having entrusted their computer’s health to the program. But the software itself is secure and accessible on their website. AVG have won an array of awards for their antivirus software, and can be considered a lively competitor to Avast! and other protection bundles. Being relatively new to the scene in comparison to the older programs such as McAfee or others; its rise in the market can be attributed only to their accumulating success. Not to mention that their entire bundle of protection (if you’re looking for a long-term commitment) is around half of what McAfee’s full bundle is going to cost you. At $39.99 the initial test might eventually lead into your purchase of an entire AVG software kit. Which won’t run you into the drain, considering the average price of compiled bundles.

Below is what you can safely assume that you’ll be getting in AVG’s antivirus software.

Antivirus, malware and spyware protection – The basics of each, really. You’ll be safe from being caught off-guard with numerous viruses or potential malware. Or threatened with collection of your personal information.

Blocks phishing scams – Consider all deceptive attempts to gather up your credit card information, personal information, email and passwords all null and void. This program will assure that no matter what, you’ll be able to scan in accordance to legitimate websites and block the fraud.

Wednesday, April 23, 2014

5 File Sharing Dangers by the Corliss Group Tech Review

Sharing files with colleagues and clients should be easy and convenient. What it shouldn't be is a security risk — but it frequently is. Because many small businesses don't have the right file-sharing systems and policies, many turn to unsafe practices that often put both their business's and clients' privacy in jeopardy.

Is your business guilty of engaging in dangerous file sharing habits? Here are five you need to watch out for and what you can do about them.

1. Sharing files via email

The most obvious dangerous habit is sharing files via email. Just the other day I received a design document from a client as an email attachment. Email is not designed to be secure. Anyone with access to an intermediate mail server or with the ability to sniff network traffic between our mail servers would see this design document. If I needed to sign a non-disclosure agreement to see this information, they probably did not want random folks on the Internet to see this information. Instead, senders should encrypt files and use secure file sharing services. — Susan Hinrichs, chief of engineering at SafelyFiled

2. Using consumer-grade cloud solutions

Workers around the world are putting themselves and their employers at risk by indiscriminately using unauthorized file sharing services on their mobile and desktop devices — to the tune of $2 billion. With more workers joining the bring-your-own-device (BYOD) revolution and turning to insecure file sharing services like personal Dropbox and Google Drive accounts, the threat is greater than ever. Employees need to demand Dropbox-like solutions for enterprise tools, bringing the productivity of Dropbox into the secure world of enterprise–sanctioned resources. Employees need to work with IT to adopt a consumer-grade experience with enterprise-grade security. Without IT buy-in, end users will continue to choose between engaging in risky file sharing behavior with consumer-centric alternatives, or taking a productivity hit through clunky legacy enterprise file sharing systems. — David Lavenda, vice president of product strategy at harmon.ie

3. Peer-to-peer (P2P) file sharing

P2P sharing is a great technology used to share data over peer networks. It's also great software to get hacked. Installing P2P software allows anyone, including criminal hackers, to access your client's data. This can result in business security breaches, credit card fraud and identity theft. This is the easiest form of hacking. There have been numerous reports of numerous government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked. For instance, blueprints for President Obama's private helicopters were recently compromised because a Maryland-based defense contractor's P2P software had leaked them to the wild, wild Web. Instead, have P2P security policies in place not allowing the installation of P2P software on your workplace computers or employee laptops. Also, a quick look at the "All Programs Menu" will show nearly every program on your computers. If you find an unfamiliar program, do an online search to see what it is you've found. You should also set administrative privileges that prevent the installation of new software without your knowledge. — Robert Siciliano, personal security and identity theft expert and CEO of IDTheftSecurity

4. Using flash drives

Flash drives are the easy tool of choice for infection since they bypass network security. If an infected file is on a flash drive and inserted into a system, it can start an infection spread from the PC. Some systems are set to autorun flash drive contents which can give the malware administrator permissions which allow all kinds of havoc to happen. These habits are not normally considered risky, but represent easy and unexpected infection or breach methods. The simplest and standard defensive actions are using up-to-date antivirus tools that stop autorun and scan any USB-attached device and their files. Encryption also should be applied. — Duane Kuroda, product and marketing at NetCitadel

5. Lack of visibility

The danger starts when employees take matters into their own hands and engage a file sharing service on their own. The individual making a one-off decision is not going to be thinking of the bigger picture of organization-wide requirements. What may look like the easiest, cheapest solution may be completely bereft of critical functions such as persistent control and auditability, and may inadvertently place the data at risk. Employees that engage a solution on their own may also be tempted to mix personal data with organizational data. Visibility provides important insights into who is using the data, when and how many times. In regulated environments, this visibility provides the required audit information needed for compliance. — Jim Ivers, chief security strategist at Covata.

Tuesday, April 22, 2014

Corliss Group Tech Review on 6 iPhone/iPad Apps You Need Now

Welcome to Gadget Review's new weekly app review column. We are starting out with iOS apps only, but in the future we will extend to other OSS ecosystems. If you have an app to recommend, please do so in the comments or via our social media channels.

1. Mynd

Calendar apps have come and gone, and nothing has yet replaced the tried and true calendars from Google, Apple and Microsoft. Enter Mynd, an "intelligent mobile calendar" from Alminder Inc. This, loyal readers, is the game changer.

This native app syncs to any existing calendars you have (so you can still manage them from your desktop email client), but transforms the boring box format into an intuitive demographic and mutl-tab display that allows for easy information integration. Just from the launch screen, you can tell what your next schedule item is, how long until it occurs, who is scheduled to attend (plus their LinkedIn profile data), and even a recommended departure time based on traffic conditions.

2. FTL: Faster Than Light

Though more and more people are playing games on their iOS devices, most of those games are pretty basic and, for self-identifying gamers, extremely boring. If you've been looking for a real-deal game to sink your thumbs into, buckle up for Faster Than Light.

A beloved PC game for years, FTL is finally available on second generation or later pagodas. The premise is simple: you’re the captain of an intergalactic space ship, voyaging through an unknown (and awesome randomized) universe. From there, things get more interesting, as you control every aspect of your ship and crew, navigating both enemy and friendly encounters and making snap decisions that can spell doom or glory.

3. Sleep Cycle Alarm Clock

In my humble opinion, the worst part of the day is setting an alarm for the next morning. But it doesn't have to be that way anymore, thanks to Sleep Cycle, an intelligent alarm clock from Northcube AB.

When I first heard about "intelligent" alarm clocks, all I heard was "alarm clock." But there really is a difference. Sleep Cycle measures your, well, sleep cycles, using the iphone built in accelerometer (see, it isn't in there for nothing!) and wakes you up at just the right moment, as you enter your lightest sleep cycle. This way, you aren't snapping out of a deep sleep, and rather gradually slipping into wakefulness, which leads to a far more refreshed and ready feeling.

4. Data Count

In an era of data caps, we could all use a tool to help us avoid the additional charges that accompany all those streaming overages. Data Count, from Creo, is just the ticket.

Nothing complex here, just a simple tool that monitors your cellular (LTE/4G/eg) and wi-fi data and notifies you when youre approaching your limit. It's optimized for iOS 7 and perfectly matched to the Apple aesthetic. Clean, beautiful, and easy.

5. Monument Valley

Sometimes, apps transcend ones and zeros. They usher in a new way of life, perhaps, or offer a major social improvement. And, in rare cases, they become true art.

Monument Valley, a stunning new game from ustwo, is Art with a capital A.

Users guide a ghostly princess figure through mind-bending puzzle worlds using finger swipes, and none of the puzzles are particularly difficult. Turn back now if your looking for days and days of challenging gameplay.

6. Pinnacle Studio for iPhone

Heres one for the pros. Or anyone who takes a lot of photos. Which is just about everyone with an iPhone.

Corel Inc. 's Pinnacle Studio is the perfect solution for people who need quick, easy video, audio and photo editing capabilities on the go. Its suite includes montage templates, transitions, title templates, slow/fast motion, clip splitting, and much more. And with easy import, export and sharing controls, on-the-go creative work can be finalized on the big machine at home. Oh, and the video outputs at full HD (1080p)

Monday, April 21, 2014

Windows Phone 8.1 Corliss Group Tech Review

Android, iOS, Windows Phone. Each of these mobile platforms had to start somewhere, and none were anywhere near perfect on the first try. Fortunately, each OS gets better with every iteration until, at some point, it all just clicks. Arguably, Windows Phone just came of age with its latest update, version 8.1.

Even before today, Windows Phone only had a few big holes remaining and indeed, 8.1 appears to fill those gaps. In particular, the OS now has a fancy notification center in addition to those signature Live Tiles; the keyboard now allows for swipe gestures; and last but not least, it now has Cortana, a virtual assistant to take on Siri, Google Now and Samsung S Voice. The 8.1 update is a fairly significant one, and I got the opportunity to take it for a spin ahead of the official developer preview's launch. It may not be perfect yet, but it's clear Windows Phone has finally grown up.


Windows Phone included a search option from the beginning, and though it was useful at the time, rivals like Siri, S Voice and Google Now have quickly turned the tide, rendering Microsoft first "voice assistant" completely obsolete. Thankfully, the 8.1 update introduces a personal assistant named Cortana to help bring Windows Phone into the modern era.

Named after Master Chiefs trusty AI sidekick in Halo, Cortana is designed to help you do whatever you do on a phone. Think: scheduling appointments, alerting you to upcoming flights, telling you the weather, offering up directions, dictating messages, opening apps and adjusting settings. She even tells jokes and responds in humorous ways to (most) silly questions. Those are all givens these days, so let's instead move on to the more unusual things she can do.

First, much like a real-life assistant, Cortana has a notebook, which she uses to gather information about you. She learns about your dining preferences, travel needs, daily routine and news stories your keeping track of (I'm hooked on the hunt for MH370 right now, so Cortana keeps that front and center). Often, these things will even pop up on Cortana's Live Tile on the home screen.

Sunday, April 20, 2014

Corliss Group Tech Review: Is Google Chromecast worth its low price?

It weighs just 34 grams, is 72 x 35 x 12 mm in size, and costs only the $39: The Google Chromecast looks and feels like a USB flash drive with a glandular problem.

Cheap, easy to set up and even easier to use, there’s really nothing to dislike about the Google streaming device, except for one thing: Canadian content (which we will get to in a moment).

The Chromecast is so small that once it's plugged into an HDMI port in the back of a television set, there’s almost no indication that it's a part of your home theatre setup. Only its power cord, which can either be plugged into a wall socket or available USB port, gives a hint that it’s even there. Unlike other streaming media devices like the Apple TV or Roku 3, Google Chromecast doesn't come with a remote control, or in fact, any onboard applications or content. Everything, from setting up the device to watching a video from your personal media collection or browsing YouTube, is done through the use of apps on an Android phone or tablet, iOS device or via Google Chrome browser on a Chrome OS, Windows or Mac PC.

No matter which device you use with the Chromecast, setup is a cinch. Simply power the device, plug it into an available television HDMI port and follow the Chromecast's onscreen prompts. The device will walk you through the process of connecting it to a Wi-Fi network, pairing with your choice of source device and downloading any available firmware updates. Even with the lousy Internet speeds I suffered while testing the hardware in rural southwestern Ontario I was setup and ready to start streaming content to my Chromecast in under 10 minutes.

Sending content from your computer Chrome browser requires the download of a browser extension. Once it was installed, I was able to send content displayed in Chrome to the Chromecast with a click of my mouse. Video I purchased and rented from The Google Play store streamed smoothly, albeit at lower than HD resolutions. I was also able to access and watch movies via Netflix and YouTube just as easily, and I found that Rio, my online music streaming service of choice, worked well via Android, iOS and Chrome for Mac as well.

However, I quickly discovered that the Chromecast doesn't play well with all in-browser content: while I was able to send The Globe and Mail's website to my TV to read on the big screen, there was a noticeable second-long lag between the clicks made on my laptop to when the commands given would be displayed by the Chromecast on my TV. On the Android side of things, I found sending Netflix content, as well as video and audio stored on Nexus 7, to be a seamless experience. The same can be said for firing content over from an iPhone or an iPad, although you’ll need to download Google free Chromecast app from the iTunes App Store in order to do so.

The pain point here is the limited number of content options it provides to its Canadian users. When compared to what is available to other streaming media devices here in Canada, the content options available on a Chromecast seem pretty slim. Apple TV users in this country enjoy the largest selection of movies, TV and music to purchase or rent of any service available today. Roku users have access to hundreds of channels worth of content, in addition to Netflix and even a handful of games. Here in Canada, thanks to a lack of licensed services and content, the Chromecast can only provide access to Netflix, Google Play Video, YouTube and select content dished up from your computer browser tab. By way of contrast, in the U.S. Chromecast hardware provides users with access to such paid services as HBO Go, Amazon Prime Video and Pandora. This makes the device a much more attractive buy south of the border than it is up here. More apps and compatible services are sure to be on the way, but that doesn't help early adopters of the device.

You can argue that this lack of content can be sidestepped through VPN tunneling or downloading PLEX – a Chromecast-compatible computer program designed to collect streaming online channels and user-owned content into one interface, which can then be streamed to mobile devices or TV hardware like the Chromecast. But setting up and tweaking either of these options may be beyond the capabilities of many of the Chromecast's potential users.

The Final Verdict:

The Google Chromecast provides computer, tablet and smartphone owners an affordable, easy to use means to push Netflix, YouTube video, movies purchased or rented from the Google Play Store and music from select streaming services to their HDMI-equipped TV. Unfortunately, a lack of additional content options keep this low-cost, merely adequate device from being great.

Thursday, April 17, 2014

Corliss Group Review Heart Bleed Bug Test: Three Things One Can Do Yahoo, Facebook, Gmail, eBay, TurboTax, Twitter, Chase, Wells Fargo, Citibank Affected?

The Heartbleed security bug can be tested here and theere's a list of websites affected.(Screenshot Heartbleed.com)

The Heartbleed bug isn’t a “virus,” but a security error. The bug can be tested on Github and a website was set up to test out whether the bug affects a certain website, including well-known ones.

AP Update: 3 things you can do to protect from Heartbleed

The “Heartbleed” bug has caused anxiety for people and businesses. Now, it appears that the computer bug is affecting not just websites, but also networking equipment including routers, switches and firewalls.

The extent of the damage caused by the Heartbleed is unknown. The security hole exists on a vast number of the Internet’s Web servers and went undetected for more than two years. Although it’s conceivable that the flaw was never discovered by hackers, it’s difficult to tell.

There isn’t much that people can do to protect themselves completely until the affected websites implement a fix. And in the case of networking equipment, that could be a while.

Here are three things you can do to reduce the threat:

— Change your passwords. This isn’t a full-proof solution. It’ll only help if the website in question has put in place required security patches. You also might want to wait a week and then change them again.

— Worried about the websites you’re surfing? There’s a free add-on for the Firefox browser to check a site’s vulnerability and provide color-codes flags. Green means go and red means stop. You can download it here: https://addons.mozilla.org/en-US/firefox/addon/heartbleed-checker/https://addons.mozilla.org/en-US/firefox/addon/heartbleed-checker/

— Check the website of the company that made your home router to see if it has announced any problems. Also be diligent about downloading and installing and software updates you may receive.

Earlier AP Update:

NEW YORK (AP) — It now appears that the “Heartbleed” security problem affects not just websites, but also the networking equipment that connects homes and businesses to the Internet.

A defect in the security technology used by many websites and equipment makers have put millions of passwords, credit card numbers and other personal information at risk. The extent of the damage caused by Heartbleed isn’t known. The threat went undetected for more than two years, and it’s difficult to tell if any attacks resulted from it because they don’t leave behind distinct footprints.

But now that the threat is public, there’s a good chance hackers will try to exploit it before fixes are in place, says Mike Weber, vice president of the information-technology audit and compliance firm Coalfire.

Two of the biggest makers of networking equipment, Cisco and Juniper, have acknowledged that some of their products contain the bug, but experts warn that the problem may extend to other companies as well as a range of Internet-connected devices such as Blu-ray players.

“I think this is very concerning for many people,” says Darren Hayes, professor of security and computer forensics at Pace University. “It’s going to keep security professionals very busy over the coming weeks and months. Customers need to make sure they’re getting the answers they need.”

Here’s a look at what consumers and businesses should know about Heartbleed and its effects on networking devices.

— How is networking equipment affected?

Just like websites, the software used to run some networking equipment — such as routers, switches and firewalls — also uses the variant of SSL/TLS known as OpenSSL. OpenSSL is the set of tools that has the Heartbleed vulnerability.

As with a website, hackers could potentially use the bug as a way to breach a system and gather and steal passwords and other sensitive information.

— What can you do?

Security experts continue to advise people and businesses to change their passwords, but that won’t be enough unless the company that created the software in question has put the needed fixes in place.

When it comes to devices, this could take a while. Although websites can be fixed relatively quickly by installing a software update, device makers will have to check each product to see if it needs to be fixed.

Both Cisco Systems Inc. and Juniper Networks Inc. continue to advise customers through their websites on which product is still vulnerable, fixed and unaffected. Owners may need to install software updates for products that are “fixed.”
Hayes praises Cisco and Juniper for being upfront with customers. He cautions, though, that many other companies make similar products that likely have the bug, too, but haven’t come forward to say so.

As a result, businesses and consumers need to check the websites for devices that they think could have problems. They must be diligent about installing any software updates they receive.

Weber says that while there are some checks companies can do to see if their networking equipment is safe, they’re largely beholden to the device makers to let them know what’s going on.

Companies also need to make sure that business partners with access to their systems aren’t compromised as well.
— Are other devices at risk?

Hayes says the bug could potentially affect any home device that’s connected to the Internet, including something as simple as a Wi-Fi-enabled Blu-ray player.

He also points to recent advances in home automation, such as smart thermostats, security and lighting systems.

“We simply don’t know the extent of this and it could affect those kinds of devices in the home,” he says.

Wednesday, April 16, 2014

Corliss Group Review Android devices await Heartbleed fix

Android logo
Version 4.1.1 of Android Jelly Bean was released in 2012

Millions of Android devices remain vulnerable to the Heartbleed bug a week after the flaw was made public.

Google announced last week that handsets and tablets running version 4.1.1 of its mobile operating system were at risk.

The search giant has since created a fix, but it has yet to be pushed out to many of the devices that cannot run higher versions of the OS.

It potentially places owners at risk of having sensitive data stolen.

In addition security firms warn that hundreds of apps available across multiple platforms still need to be fixed.
These include Blackberry's popular BBM instant messaging software for iOS and Android.

The Canadian firm has said that it will not issue a fix until Friday, but said there was only an "extremely small" risk of hackers exploiting the bug to steal its customers' data.

In the meantime the program remains available for download from Apple's App Store and Google Play.

Data theft 

News of the vulnerability with recent versions of the OpenSSL cryptographic software library was made public last Monday after researchers from Google and Codenomicon, a Finnish security firm, independently discovered the problem.

OpenSSL is used to digitally scramble data as it passes between a user's device and an online service in order to prevent others eavesdropping on the information.

It is used by many, but not all, sites that show a little padlock and use a web address beginning "https".
The researchers discovered that because of a coding mishap hackers could theoretically access 64 kilobytes of unencrypted data from the working memory of systems using vulnerable versions of OpenSSL.

Although that is a relatively small amount, the attackers can repeat the process to increase their haul.

Furthermore, 64K is enough to steal passwords and server certificate private keys - information that can be used to let malicious services masquerade as genuine ones.

Press reports initially focused on the risk of users visiting vulnerable websites, but attention is now switching to mobile.

At-risk handsets

UK versions of the HTC One S handset cannot currently be upgraded beyond Android 4.1.1
Google's own statistics suggest that fewer than 10% of Android devices currently run version 4.1.1.
However, since close to one billion people currently use the OS that is still a significant number.
Some of those device owners can protect themselves by upgrading Android to a more recent version.
But several machines are unable to be upgraded higher than 4.1.1.
Customer websites indicate these include Sony's Xperia E handsets, HTC's One S, Huawei's Ascend Y300 and Asus's PadFone 2.
"Privacy and security are important to HTC and we are committed to helping safeguard our customers' devices and data," said the Taiwanese firm.
"We're currently working to implement the security patch issued by Google this week to the small number of older devices that are on Android 4.1.1."
Asus said its device was "expecting an update imminently". Sony and Huawei were unable to comment.

Tab grab
Sony Xperia E and Huawei Ascend Y300
Sony and Huawei were not able to say when they planned to patch vulnerable devices

Google has now created a fix to address the problem. However, manufacturers still need to adapt it for their devices and this software will need to be tested by the various operators before they release it.

Users can check which edition of Android they are running by going to the "about phone" or "about tablet" option in their Settings app.

Alternatively several free apps have been released that can scan phones and tablets to say if they are vulnerable.

Lookout - a security firm behind one of the products - explained how hackers might take advantage of a vulnerable handset.

"Someone could build a malicious website or advert designed to steal data from your memory," Thomas Labarthe, the firm's European managing director, told the BBC.

"If you happen to be browsing it and have other tabs opened in your browser, it could take data from a banking site - for example.

"No-one could steal a whole document - they can only take 64K of data - but that's still enough to steal your credentials."

'Forgotten about'

Blackberry aims to offer safe versions of its BBM app on Friday
Another security firm, Trend Micro, has focused on the issue of vulnerable apps.

These can affect any mobile operating system because the problem is caused by the servers that send data to the apps not having been updated to the latest version of OpenSSL.

Trend Micro said it was currently aware of 6,000 such risky apps, including shopping and bank-related services. That is 1,000 fewer than its figure for Friday - suggesting some server operators are addressing the problem.

But it acknowledged that it was hard for members of the public to know which of the hundreds of thousands on offer were safe to use.

"Some of these are services that were set up and then forgotten about," said senior malware researcher David Sancho.

"There's no way from using an app you can know if it's good or bad.

"So, for the moment, the best thing to do is use the ones from the major vendors that we know have been patched... but for the minor ones that have said nothing, be wary."

Tuesday, April 15, 2014

Corliss Review Group 'Heartbleed' bug can't be simply blamed on coders

Illustration of the word 'password' pictured on a computer screen
The Heartbleed coding error may have been around for three years,
affecting two-thirds of computer servers. Photograph: Pawel Kopczynski/Reuters

Human error is behind the latest threat to website security but giant corporations need to take their share of the blame

Were you a thriller writer seeking a name for an apocalyptic software security flaw that threatened the future of civilization as we know it, then "Heartbleed" would be hard to beat. Last week saw the discovery of such a flaw, and Heartbleed was the name assigned to it.

Most security flaws are of interest only to specialists, but this one was different. Why? Because it's been around for something like three years, during which time it could have exposed the passwords and credit card numbers that countless millions of people had provided to online stores and other services. Heartbleed would enable attackers to eavesdrop on online communications, steal data directly from services and users, and impersonate both services and users. It could have affected up to two-thirds of the world's internet servers. And unlike some earlier such problems, the solution isn't as simple as immediately changing one's password. It was, said Bruce Schneier, a security expert not much given to hyperbole, a "catastrophic" flaw. "On the scale of one to 10," he wrote, "this is an 11."

Heartbleed is a flaw in the computer code that encrypts your personal data while it's in transit from your computer to an online service. When you buy something from Amazon, say, or proceed to the checkout on any reputable site, then the URL you're dealing with will change from one prefixed by "http" to one prefixed by "https". This indicates that the Secure Sockets Layer (SSL) protocol has been invoked and that your personal data will now be transmitted only in encrypted form.

SSL is an essential component of the global e-commerce system, and the most common implementation of it is an open-source version called OpenSSL. Any flaw in it could indeed be catastrophic – which is why there was such a furore a while back when it was revealed that the National Security Agency had apparently been working actively to weaken the cryptographic protection that SSL offered. Not surprisingly, therefore, the default assumption when the Heartbleed story first surfaced was that the NSA must be behind it. But this comforting conjecture was rapidly discounted when it was realized that the flaw was most probably the result of a relatively mundane programming error.

It turns out that within OpenSSL there is something called the "heartbeat" protocol. This is needed to ensure that communications between user and site are kept alive even when the line goes quiet. What seems to have happened is that when one of the programmers who works on OpenSSL was doing a software update in 2011, he made a coding error which then – unusually for open-source software – went undetected for several years.

The implications of this are both intriguing and troubling. It's possible that the flaw – and the opportunities it provided for undermining the protections offered by SSL – was indeed undetected by anyone and that therefore the world of online commerce was safe even though the door to the safe was swinging open in the breeze. But most security people are unwilling to make that bet. Instead they are assuming that some people knew about Heartbleed and have been either quietly exploiting the vulnerability or using it to hoover up personal data for later nefarious uses.

An equally troubling implication is that huge online companies, instead of developing their own SSL code, simply lifted the OpenSSL code and just bundled it into their web-service software. They are perfectly entitled to do this, provided that they adhere to the terms of open-source licensing. But in behaving as they did they have in effect been free-riding on the public domain.

Most open-source software – and Open SSL is no exception – is produced voluntarily by people who are not paid for creating it. They do it for love, professional pride or as a way of demonstrating technical virtuosity. And mostly they do it in their spare time. Responsible corporate use of open-source software should therefore involve some measure of reciprocity: a corporation that benefits hugely from such software ought to put something back, either in the form of financial support for a particular open-source project, or – better still – by encouraging its own software people to contribute to the project.

If the giant internet companies had taken the latter approach to OpenSSL, then they might have spotted the Heartbleed vulnerability earlier. In which case we wouldn't be in the mess that we are in now. Sometimes the ethical thing to do turns out also to be the prudent thing to do.

Monday, April 14, 2014

Corliss Group Review Millions of Android Phones Could Be Affected by the Heartbleed Bug

Check to See if Yours Is One of Them

Disturbing news: The now-infamous Heartbleed security flaw might reach further than your favorite websites. It could affect your mobile device, too.

According to an announcement by Google, smartphones and tablets running a specific version of Android were affected by the widespread web security bug, which could potentially spill your sensitive login information (like passwords).

The company assured Android owners in a blog post April 9 that most versions are not affected by the flaw. However, as Bloomberg notes, Google added that a version called 4.1.1 Jelly Bean is a “limited exception.”

That version of Android was released in 2012 and is likely to be running on older Android smartphones. According to the most recent statistics released by Google, about 34 percent of Android devices use a version of the 4.1 Jelly Bean software. Though the company said that fewer than 10 percent of devices in use are vulnerable, a Google spokesperson confirmed to Bloomberg that millions of devices still run 4.1.1 Jelly Bean.

So how can you check to see if your device is affected? You’ll need to go to the Settings menu of your phone and find your way to the About Phone section. There you’ll be able to learn what version of Android you’re running and see if any updates are available.

There’s also a free Android app available that will tell you if your device is vulnerable to the bug.

Whether there is an immediate update to patch this bug is still unclear. Google’s blog post says that “patching information for Android 4.1.1 is being distributed to Android partners.” A Verizon spokesperson told Bloomberg that the company was aware of the “security vulnerability referred to as ‘Heartbleed,’ ” and that the company was “working with our device manufacturers to test and deploy patches to any affected device on our network running Android 4.1.1.”

We’ve reached out to Google for comment. In the meantime, fingers crossed that you’re not affected.