Anti-Google Glass attack in San Francisco highlights tension over wearables

San Francisco social media consultant Sarah Slocum says she was attacked this weekend for using Google Glass in a local bar. On her Facebook profile, Slocum said she was “verbally and physically assaulted” by bar patrons who jeered at her for using Glass and, she alleges, snatched the device off of her face. Slocum also said that she was robbed after leaving her purse in the bar as she pursued her alleged attackers.

She has posted a video of part of the incident to YouTube, though it doesn’t show the all the details of the alleged attack:
>

Another video, shared with San Francisco television station KRON4, shows one of the alleged attackers telling Slocum that people like her are “destroying” the city of San Francisco — a comment that ties this incident into a growing backlash against tech companies such as Google, Twitter and others in the city.

San Francisco Police Department Officer Albie Esparza confirmed that a woman reported being involved in an altercation over Google Glass after they believed she was recording them without their consent in a bar Saturday at 1:45 a.m. He said that no suspects are in custody.

Wearable technology is moving people into a brave new world with new rules about how to use evermore ubiquitous gadgets. The path to acceptance, however, is not a smooth one. Google’s head-mounted Glass computer, for example, faces a long road ahead to convince the general public that smart glasses will eventually be as accepted as camera-phones and earbuds. The device has many of the same functions as a smartphone, but lets users read e-mail, see notifications, get directions and take calls via a screen on their faces rather than on their smartphones.

The San Francisco incident follows a handful high-profile reports of negative, sometimes violent reactions that Google Glass users have reported as the new technology causes rifts with restaurant owners, law enforcement officials and movie theater owners.

From a legal standpoint, those fights have largely come out in Google’s favor. A San Diego court dismissed a case against a woman pulled over for using Glass last month. But more cases could be on their way, as a handful of states have also discussed legislation to ban Glass behind the wheel amid worries that having a small screen hovering in users’ peripheral vision will pose a danger on the roads.

Education has been the main tool in Google’s arsenal as it faces questions about the implications Glass has for privacy, distracted driving, piracy and a general unease among some folks who see a person walking around with a head-mounted computer.

The firm, which has already taken the tech for demonstrations on Capitol Hill, has also been touring the country and showing Glass to mayors, state legislators and the general public in order to let people know more about the benefits it sees in the technology.

Google has also placed considerable weight on its beta testers — which it calls Explorers — to act as ambassadors for the technology. Last week, Google released a list of dos and don’ts for Explorers to give them basic etiquette and safety tips on using the device and to remind them to be respectful when facing Glass doubters.

“New technology raises new concerns which is why educating Explorers and those around them is a top priority for the Glass team,” Google said in a statement. “The point of the Explorer program is to get Glass in the hands of people from all walks of life and see how they use it out in the world. Our Explorers provide us with continuous feedback and on the whole, they act as positive ambassadors for Glass on a daily basis. While Glass is currently in the hands of this small group, we find that when people try it for themselves they realize Glass connects people more with the world around them than distracts them from it.”

Joseph White, a Rockville-based consultant and Explorer, said that he’s only faced one negative reaction to his use of Glass since he started using it in December — and it was not nearly as confrontational as Slocum’s alleged encounter.

“The closest experience that I have had to [Slocum’s] is someone coming up to me at an Organizing for America event . . . and asking me ‘What are you recording right now?’ ” he said. White, who is in his 60s, said that while he’s had some conversations with people about the privacy implications of Glass, those same people have also asked to try on the device and have their picture taken with him.

“I have never been asked to take them off,” he said. “And I have been in restaurants, some bars — just out in public at different functions.”

What You Need to Know About Mt. Gox and the Bitcoin Software Flaw

Here’s what a terrible week looks like in the world of Bitcoin: Two of the most trafficked Bitcoin exchanges, Mt. Gox and Bitstamp, temporarily halt trading and suspend bitcoin withdrawals in the midst of a distributed denial of service attack (DDoS). On exchanges that are still open for business, the value of the currency takes a brutal, sudden hit and then continues to tumble. Bitcoin users notice strange errors in their wallet balances after making routine transactions. Rumor spreads that the Bitcoin protocol is critically flawed. And where rumor is lacking, conspiracy theories abound.

All this, and it’s barely Thursday.

Some of it is true. Some of it is half true. Some of it is completely false. Here is what’s really going on.

Mt. Gox, which until recently was the most trafficked of the Bitcoin exchanges, is at the center of this mess. Whether they actually caused it is a separate question and still up for debate. Either way, they’ve been in the Bitcoin doghouse for at least a year now, during which time they have been reliably generating bad Bitcoin press. Many traders who frequent the online exchange choose to leave some of their money (both bitcoin and fiat) in an account set up by the company. Keeping the money on site allows clients to do quick trades, but people are beginning to wonder whether Mt. Gox can be trusted to be responsible with the funds they have.

Last May,confidence was shaken by the news that the Department of Homeland Security had seized the Dwolla e-payments account of Mt. Gox CEO Mark Karpeles and accused him of operating without the proper license. After the loss of this currency conduit, customers began reporting long delays withdrawing dollars from their Mt. Gox accounts. Poor communication fomented a deep mistrust in the exchange and people began to wonder whether Mt. Gox might have squandered its clients’ money. And now, as of last Friday, Mt. Gox customers can’t even withdraw bitcoins.

In a statement on its website, Mt. Gox claimed that it had identified a serious flaw in the Bitcoin protocol, one that behooved it to cease transactions until developers could find a solution. Conspiracy theories immediately followed. Several people implored Mt. Gox to somehow verify the solvency of their exchange. (One guy even staked out the office in Japan to confront Karpeles himself.) But the mob lowered its pitchforks after core Bitcoin developers announced that the flaw Mt. Gox outlined does indeed exist. It’s called transaction malleability, and according to Bitcoin developers, it does need to be fixed.

“Generally, malleability is a design flaw in Bitcoin, albeit a very subtle one. So we can forgive Satoshi for overlooking it,” says Mike Hearn, a developer who works on the Bitocin protocol. (Satoshi Nakamoto is the pseudonym for the inventor of the Bitcoin protocol.)

In order to understand transaction malleability, you need to know that the balances of all Bitcoin addresses are maintained on a public ledger and that the changes made to this ledger are what constitute the transfer of funds.

When a transaction is broadcast to the network, it is relayed with a digital fingerprint that identifies it. Bitcoin miners then scoop it up, verify it, and send it on to the rest of the network for confirmation. Once the transaction has been confirmed, there is no way for that same person to spend those same bitcoins because they are being checked against the public ledger.

The malleability feature allows a person to intervene, right after the transaction request has been sent, modify the fingerprint and create a duplicate transaction. So, now you have two unconfirmed transactions flying around the network. They are both for the exact same payment, but they have different fingerprints and only one of them can be added to the public ledger. “The first one that is confirmed will be accounted for in the blockchain and will become the definitive record,” says Andreas Antonopoulos, the chief security officer for the Blockchain.info Bitcoin wallet. “The other will be dropped as a double spend attempt.”

It’s when the mutated version gets added that we start to have problems. It turns out that when Mt. Gox needs to verify that a transaction has gone through, it scans the public ledger for confirmations on the fingerprint that the transaction generated. If its software doesn’t see it, it assumes that the payment was not successfully sent. There are other, more reliable ways to set up the accounting, but from the little explanation Mt. Gox has given, this seems to be how its running its operation.

Using transaction malleability, it seems that some Mt. Gox customers were able to pull off a version of refund fraud, says Antonopoulos. Mt. Gox is claiming that some customers requested a bitcoin transaction and were able to quickly change the fingerprint on the transaction, making it looks like it hadn’t gone through. When they returned to Mt. Gox to complain, the exchange would agree to send payment again.

But it’s not just a headache for the exchanges. Malleability can also cause problems for people who conduct multiple Bitcoin transactions in rapid succession, causing some transactions to be voided and wallet balances to get out of sync with what’s reflected in the network. In essence, however, this is an accounting problem. It is not possible to use this flaw to steal or misdirect Bitcoins that you do not own.

“What these are are phantom transactions that don’t effect the balance but can fool your wallet into thinking that it has less than it has—which is scary but harmless,” says Antonopoulos.

If you are using Bitcoin right now, it’s quite possible that this will effect you. Shortly after Mt. Gox shined a spotlight on the problem, someone rushed to capitalize on it. The whole network is now experiencing a massive DDoS attack from a collection of rogue nodes that are working to change transaction fingerprints.

Every wallet will deal with this differently. Antonopoulos’s Blockchain.info wallet (which Apple just yanked from the iOS app store) interprets the event as a double spend attempt and alerts users accordingly. But, in all cases, the effects can be mitigated by simply waiting ten minutes between each payment.

Hearn says that coming up with a complete fix is a long-term goal. In the meantime, exchanges will have to change their implementation to account for mutated transactions—something which some exchanges already do. Antonopoulos says he expects Bitstamp to be up and running by next week.

It will be very interesting to see what happens when Mt. Gox re-opens. With all of the mischief they’ve created and ill-will they’ve inspired, a lot of people are going to be looking to get out as soon as they have the chance, and I expect them to do everything they can to avoid a bank run.

“They have to handle their return path very carefully,” says Antonopoulos. “They’ve burnt the credibility that would give them enough breathing room to do it right.”

But when it comes to the Bitcoin protocol and the currency itself, Antonopoulos is not worried at all. In fact, he says, “attacks make it more resilient.”

Hackers hit Tesco as over 2,200 accounts compromised

Tesco, an international supermarket chain, has been forced to deactivate online customer accounts after hackers took aim at its systems.
The company confirmed to The Guardian on Friday that over 2,200 of its accounts were compromised. Interestingly, it’s believed that the hackers didn’t actually break into its systems, but instead used data collected from other hacks to see if they could get any hits. The affected accounts used the same username and password combination as those in previous hacks, allowing the hackers to break in.
Rather than snoop around, however, the hackers posted the compromised accounts online, giving both personal details and usernames and passwords.
The Tesco hacks comes just a couple of months after a massive data breach at Target left up to 110 million people with personal information open to hackers. Target is still investigating that breach and has closed down the gaps that allowed the hackers in. Still, it’s possible that the data leaked to the Web by those hackers is being used in a fashion similar to the way Tesco data was stolen.
According to Tesco, it has contacted the affected customers. The company has not said when the online accounts will be reactivated.

Kickstarter hacked, user data stolen

Hackers hit crowd-funding site Kickstarter and made off with user information, the site said Saturday.
Though no credit card info was taken, the site said, attackers made off with usernames, e-mail addresses, mailing addresses, phone numbers, and encrypted passwords.
“Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one,” the site said in a blog post, adding that “as a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password.”
The site said law enforcement told Kickstarter of the breach on Wednesday night and that the company “immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.” The site also said “no credit card data of any kind was accessed by hackers” and that “there is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.”
You can read additional information about resetting a password here. We’ve contacted Kickstarter for more info on the attacks and will update this post when we hear back.

HTC performs a u-turn, says ‘actively exploring’ Android 4.4 KitKat update for One X

HTC on Friday hosted an AMAA (Ask Me Almost Anything) on Reddit with its North America product management team. While the team did not answer questions of upcoming products and service issues, it did shed light on the software update process for some of its older phones.
We have seen that HTC hasn’t had the best track record when it comes to updating flagship devices in a timely manner and during the Q&A session, the company admitted as much and made a promise to fasten its device update process.

HTC’s product management said on Reddit, “We don’t have a perfect track record regarding updates along with almost every phone manufacturer, but we’re dedicated to bring more transparency to the process and doing our best to deliver updates as quickly as we can.”

The company also said it was a lack of support from NVIDIA that caused them to drop support for future updates for HTC One X and HTC One X+ which runs on the NVIDIA Tegra 3 chipset.

But now it appears that the company has taken a U-turn as during the AMAA session, the company’s product manager confirmed that HTC is “actively exploring” the possibility of Android 4.4 KitKat for the HTC One X.

HTC further announced that it will support all future flagship devices with major updates for two years after their release.

“Today we are making a commitment to support all new North America flagship devices going forward with all major Android updates for 2 years after their release date,” HTC’s team added.

If you are a HTC 8X user, there’s good news for you as well. HTC confirmed that the company is working with Microsoft to provide the Windows Phone 8.1 update to the smartphone later this year.

HTC has been talking about updates quite a bit recently, having recently published a complicated infographic and software updates page that details how the company updates the software on their phones. The page share timeline and other details about forthcoming software updates.