Android Wear 2.0 is hitting more watches today

Yesterday, Google said that an unspecified bug was delaying the Android Wear 2.0 rollout yet again. It looks like the delay hasn’t been too severe though. The company says that Wear 2.0 is now available for five more watches: the Polar M600, Nixon Mission, Fossil Q Wander, Fossil Q Marshal and Michael Kors Access. That’s in addition to the Fossil Q Founder, Casio Smart Outdoor Watch WSD-F10 and TAG Heuer Connected, which Google said were already receiving the update. All told, that’s almost half of the 19 older watches that’ll get the Wear 2.0 update.

This article is automatically posted by WP-AutoPost Plugin

Source URL:http://www.engadget.com/2017/03/31/android-wear-2-0-is-hitting-more-watches-today/

‘Skylanders’ learns what Amiibo knew all along: Drop the portal

If you buy Skylanders Imaginators on the Nintendo Switch, it won’t come with the series’ iconic “Portal of Power” peripheral. Instead, the game piggybacks off the NFC technology Nintendo built into the console’s controllers. Rather than placing characters on a wired base to transmit figurine data into the game, players merely need to tap their Skylander toys against the thumbstick on the right-hand Joy-Con. That’s it. No more setting up a USB peripheral every time you want to play the game or making sure it’s in reach of the couch. Instead, you just tap and play. Easy.

Although this is a simple, straightforward change that seems like a long overdue evolution of the toys-to-life experience, it wasn’t really something that could be done until now. Not because the technology didn’t exist, but because it wasn’t available on most platforms. Neither the Xbox One or PlayStation 4 have built-in NFC readers, and only one of the Wii U’s controllers (the included GamePad) supported the feature. The Switch is the first console to standardize NFC communication in every controller configuration. Finding another way to scan in the Skylanders toys was also necessary to serve players who use the Switch in portable mode.

While it’s certainly easier to play Skylanders without the cumbersome portal accessory, its absence fundamentally changes the game into a more traditional experience. Changing characters in Skylanders typically meant placing a figure on the portal and leaving it there — but after you scan a character into the Nintendo Switch version of the game, you don’t even need the figure anymore. Scanning a toy more than once turns it into an “Instant Skylander” that can be summoned from the game’s menu at any time. This is perfect for players who want to take the game on the go without toting a bunch of toys, but it calls the entire concept of the series into question. If you can scan your figures once and play the game without them, does Skylanders even need a toy component?

Technically, the game could get away without the physical toys, although that’s not the point. For Skylanders (and other toys-to-life) fans, collecting is part of the fun, and the developer isn’t offering any toy-free options at this time. The portal-free approach doesn’t work for all toys-to-life games, either — LEGO Dimensions features several puzzles that require players to move toys to different portions of its connected figure base, a gameplay element that wouldn’t work with the Nintendo Switch’s single NFC touchpoint.

'Skylanders' learns what Amiibo knew all along: Drop the portal

Still, for Skylanders Imaginators, the change feels like a massive improvement, and a lot like the Amiibo system it’s piggybacking off. By making the figures a little less necessary, Skylanders on Switch now comes close to mirroring Nintendo’s toy-optional approach to the genre. It’s a less tedious experience. It’s still probably not the future of the Skylanders franchise, though.There are far too many figures and portals left over from previous games to expect Activision to nix the conceit of the series on other platforms. But if you’re looking for a more minimalist toys-to-life experience, it can be had on the Nintendo Switch.

This article is automatically posted by WP-AutoPost Plugin

Source URL:http://www.engadget.com/2017/03/31/skylanders-learns-what-amiibo-knew-all-along/

Next-gen RAM will be twice as fast … whenever it arrives

DDR5 memory should have double the bandwidth and density of its predecessor, as well as improved channel efficiency, making it faster and more power-efficient. It will likely find its way into high-end gaming PCs and laptops first, allowing gamers to squeeze every last frame rate out of the most graphically-intensive titles. But a mobile version could also boost battery life and performance in portable devices as well.

JEDEC says it plans to publish the new standards sometime in 2018, which means DDR5 RAM won’t be available to consumers any time soon. Computer manufacturers will need time to build support for the new chips as well, and that could take years. In the meantime, Intel is working on its own memory option called Optane, which combines extremely low latency with the speed of a solid state drive to boost your desktop PC’s performance. ASUS, Dell, HP and Lenovo are already planning to release Optane-equipped systems sometime this year. If it takes off, DDR5 could be obsolete before it steps off the assembly line.

This article is automatically posted by WP-AutoPost Plugin

Source URL:http://www.engadget.com/2017/03/31/ddr5-ram/

When the ‘S’ in HTTPS also stands for shady

But like so, so painfully many great ideas from the tech sector, Let’s Encrypt apparently wasn’t built with abuse in mind. And so — of course — that’s exactly what’s happening.

Because it’s now free and easy to add HTTPS to your site, criminals who exploit trusting internet users think Let’s Encrypt is pretty groovy. When a site has HTTPS, not only does the user know to trust they’re on an encrypted connection, but browsers like Google’s Chrome display an eye-catching little green padlock and the word “Secure” in the address bar. What’s more, privacy and security advocates, from the EFF and Mozilla (who founded it) to little people like yours truly have done everything possible to push people to seek these out as a signifier that a website is safe…

When the 'S' in HTTPS also stands for shady

The fact that Let’s Encrypt is now being used to make phishing sites look legit is a total burn for us, and a potential house fire for users that rely on simple cues like the green padlock for assurance. According to certificate reseller The SSL Store, “between January 1st, 2016 and March 6th, 2017, Let’s Encrypt has issued a total of 15,270 SSL certificates containing the word PayPal.”

Keep in mind that The SSL Store is a provider of those incredibly overpriced certificates, so Let’s Encrypt’s mission isn’t necessarily in their interests. Even still, their post points out that the “vast majority of this issuance has occurred since November – since then Let’s Encrypt has issued nearly 100 “PayPal” certificates per day.” Based on a random sample, SSL Store said, 96.7 percent of these certificates were intended for use on phishing sites.

The reseller added that while their analysis has focused on fake PayPal sites, the firm’s findings have spotted other SSL phishing fakers that include Bank of America, Apple IDs, and Google.

This problem isn’t new (it’s just getting worse). Back in January, security firm Trend Micro raised a semaphore convention’s worth of red flags about a malvertising campaign that targets sites that use those free Let’s Encrypt certificates.

Researchers at Trend Micro had uncovered a malicious ad campaign in December 2016 that sent surfers to websites hosting the Angler Exploit Kit. If you’re unfamiliar, Angler infects you with malware when you visit a web page invisibly and seamlessly, meaning that you won’t know and you don’t even need to have clicked on anything. Researchers found that over 50 percent of Angler infections turn into ransomware, where all your files are locked until you pay, well… a ransom.

When the 'S' in HTTPS also stands for shady

Trend Micro found that the malvertisers using Let’s Encrypt for HTTPS had created subdomains that looked real enough to fool the average web surfer. The criminals used Let’s Encrypt certificates that had been specifically obtained for the subdomains, making the poisoned sites look valid and secure.

“Any technology that is meant for good can be used by cyber criminals, and Let’s Encrypt is no exception,” Trend Micro fraud researcher Joseph Chen wrote on the TrendLabs Security Intelligence blog.

So why can’t Let’s Encrypt just revoke what are obviously fake PayPal certificates?

Because they believe it’s just not their problem.

Josh Aas, executive director of the Internet Security Research Group, told InfoWorld back in January that giving a toss about what happens to certificates after Let’s Encrypt issues them “would be impractical and ineffective.” (ISRG is the group managing the Let’s Encrypt project.)

Aas echoed his 2015 Let’s Encrypt blog post disavowing responsibility for the massive HTTPS trust issue the org has facilitated, telling press the certificate-issuing system is not the appropriate mechanism for policing phishing and malware on the Web.

The post, which explained “The CA’s Role in Fighting Phishing and Malware” might as well have been titled “¯/_(ツ)_/¯” for all the interest it had in addressing the monster it was most certainly enabling.

In it, Let’s Encrypt officially pushed the problem off onto the browser security teams at Google, Firefox, Safari and others. Aas said that browsers’ anti-phishing and anti-malware protections were “more effective and more appropriate” than anything issuers like Let’s Encrypt can do.

But even if Google flags malicious HTTPS phishing domains, Let’s Encrypt won’t revoke their certificates.

Thus begins the unraveling of the work we’ve done getting people to trust HTTPS and that little “Secure” green padlock.

Now we say, you should always use HTTPS, but you shouldn’t always trust it as a marker for your safety. Because now people really, really need to know that HTTPS doesn’t equal legitimate safety, as they’ve been led to believe. It’s important to remember that checking the link they click for validity, spelling, and malfeasance needs to take priority over the need to check against making sure Chrome says “Secure.” Because it’s not.

You’d think that when it becomes well-documented that criminals are obtaining and using that green padlock, it would undermine the whole purpose of getting people to trust them.

But this is the world of cybersecurity, and so you would be wrong.

Images: adrian825/Getty (HTTPS); Getty Images/iStockphoto (Ransomware)

This article is automatically posted by WP-AutoPost Plugin

Source URL:http://www.engadget.com/2017/03/31/when-the-s-in-https-also-stands-for-shady/

German law urges parents to rat out kids’ illegal downloads

The precedent-setting decision by the Federal Court of Justice (BGH) charged the parents of three children with a €3,500 fine after someone in the home illegally downloaded Rihanna’s 2010 album “Loud.” The father stated that Germany’s Basic Law protects family members from testifying against each other and refused to out which child did the deed. The court didn’t force him to reveal the perpetrator, but held him liable in their stead.

If parents refuse to name the guilty party, the decision establishes, whoever gets the bill for internet service is ultimately responsible to pay the fine. But nobody will be forced to “deliver their children at knifepoint,” state prosecutor Christian Rohnke reportedly said.

This article is automatically posted by WP-AutoPost Plugin

Source URL:http://www.engadget.com/2017/03/31/german-law-urges-parents-to-rat-out-kids-illegal-downloads/

Apple Music signs up ‘Carpool Karaoke’ as a new show

The segment will continue to appear on Corden’s show but it has been a viral hit online, thanks to guests like Justin Bieber, Adele — the clip embedded above is its most-viewed ever with over 119 million views — and most recently First Lady of the US Michelle Obama. Apple seems to think this kind of exclusive content will be enough to wrangle a few more months of music subscriptions that could otherwise go to competitors like Spotify, Google Play Music or Tidal. Hey, speaking of Tidal…

This article is automatically posted by WP-AutoPost Plugin

Source URL:http://www.engadget.com/2016/07/26/apple-music-cbs-carpool-karaoke/

Pornhub adds HTTPS to keep your kinks hidden

HTTPS uses encryption to secure the connection between your browser and the server and while it won’t make you invisible on the internet, it will conceal any traffic beyond the top domain level. HTTPS can also speed up page loads, keep out malware and prevent sketchy ads from hijacking the page, which can be fairly common in some of the seedier corners of the internet. In the case of HTTPS-enabled adult sites like Pornhub, your ISP (or anyone monitoring your connection, really) will be able to see that you’ve visited the site, but not what data is being transferred. While the protocol is not perfect, your dirty searches and video views will be kept in the dark.

“With this Internet communication protocol we can ensure not only the security of our platform, but also that of our users,” Pornhub VP Corey Price said in a statement. “At the end of the day, we want every single one of them to feel safe and secure on our platform while enjoying our library of over 5 million videos.”

This article is automatically posted by WP-AutoPost Plugin

Source URL:http://www.engadget.com/2017/03/31/pornhub-adds-https-security-keep-your-kinks-hidden/

The government plans to crack down on sketchy advertorial

In print, that usually is achieved with a label on the header or footer of the page saying it’s advertisement. And, in addition to that, there’s usually a writing staff focusing solely on native advertising that the editorial side would never touch. Because ethics. To sidestep this, some online publications have rushed to label themselves as “entertainment” rather than news and have moved such articles under that label. But when you ask the people running such websites, the delineation between ads and genuine editorial becomes murky.

Refinery 29 WWD

Both WWD and The Fashion Law use examples from places like Refinery29 and Vogue, but you can find this type of stuff all over the web. The problem arises when readers or social followers can’t tell the difference between independent opinions and paid advertising, and that’s what the FTC hopes to end.

This article is automatically posted by WP-AutoPost Plugin

Source URL:http://www.engadget.com/2017/03/31/the-government-plans-to-crack-down-on-sketchy-advertorial/

Spotify’s karaoke-style lyrics are gone, for now

In a Medium post this week, Musixmatch explained that as of the end of May, its lyrics would no longer be available in the Spotify app. Musixmatch’s library is still available through its own apps for Android, iOS, a Chrome app for YouTube and the web. “We don’t want to run the risk of Musixmatch no longer existing, CEO and Founder Max Ciociola explained. “We would eventually like to offer this experience to third parties, however only if the economic value is recognized.”

Spotify did confirm that the partnership was ending, but didn’t elaborate on any future plans. “It was a great partnership and there is mutual respect between both companies as our business strategies move us each in different directions,” a Spotify spokesperson told Engadget.

This article is automatically posted by WP-AutoPost Plugin

Source URL:http://www.engadget.com/2016/06/02/spotify-lyrics-musixmatch/

Amazon is making Twitch a destination for original shows

The media and retail company first aired pilots on Twitch late last year. We’re guessing this won’t be the last time it’ll promote new shows on the streaming service it purchased in 2014, especially since Twitch has been expanding its repertoire. In fact, it’s gearing up to show its own studios’ first original mini-documentary on April 7th, 5PM Eastern. Entitled Ironsights, it tells the story of Big Buck Hunter champ Sara Erlandson, as she makes her way to the arcade hunting game’s World Championship in Austin, Texas. The mini-docu will air right after Twitch Weekly concludes and might only be the first in a series of originals produced by Twitch Studios.

This article is automatically posted by WP-AutoPost Plugin

Source URL:http://www.engadget.com/2017/03/31/amazon-spring-pilots-original-shows-twitch/