Snapkeys aims to replace QWERTY keyboards on mobile devices

Snapkeys 2i is a four-key typing system app for mobile devices, that is said to be much more efficient than the standard QWERTY virtual keyboard

At next month's Consumer Electronics Show (CES 2012) in Las Vegas, tech start-up Snapkeys will be attempting to break the Guinness World Record for fastest typing speed. The company will be making its record attempt using volunteers (who it is currently in the process of recruiting), and its new 2i typing system for mobile devices. Unlike traditional systems that utilize a full QWERTY virtual keyboard that takes up much of the screen, 2i incorporates just four onscreen keys ... and they're all invisible.
The system divides up the letters of the alphabet between the four keys - or Snapkeys, specifically - based on their shape. These groupings consist of letters that stand on one point (such as F and I), letters that stand on two points (N, A, etc.), letters that stand on a wide base (L, E, etc.) and letters that include a complete circle in their shape (R, O, etc.). Basic punctuation marks and shapes are also included.

To use the 2i system, users simply thumb the spots on their device's touchscreen that correspond to the regions where the different letters are located within each Snapkey. Although the keys themselves aren't displayed onscreen, a translucent outline of each one does flash up when it's touched, to help guide users.
According to its designers, 2i not only frees up the screen from the clutter of a visual QWERTY keyboard, but it also allows for faster, more intuitive typing. To that end, they have put out an invitation for interested parties to download a trial version of the app from the company website - those people who demonstrate the fastest Snapkeys typing speeds will be invited on an all-expenses paid trip to CES, to make an attempt at the world record.
A commercial version of Snapkeys 2i should be available "soon," via the App Store and Android Market. It will work in a number of different languages, with US English as its default setting.
The system can be seen in use in the video below.

http://www.youtube.com/watch?feature=player_embedded&v=28KEVi5rbcs

Cybercriminals get sneaky with encrypted malware

Malware just got sneaky! Well, sneakier, that is. Attackers in Brazil have found a way to sneak around antivirus programs by using cryptography.
Recently Dmitry Bestuzhev, Kaspersky Lab’s Head of Global Research and Analysis Team for Latin America, was looking over some potentially malicious links from Brazil when he discovered some files with .jpeg filename extensions. At first glance, Bestuzhev thought that they were some form of steganography–the art and science of hiding messages. But upon further inspection, the researcher discovered that they were actually more like .bmp (bitmap) files, than JPEGs.
The data contained within the files themselves was obviously encrypted and contained some kind of malware; Bestuzhev later discovered that the data was in the form of block ciphers–a cryptographic method that encrypts 128-bit blocks of plain text in to 128-bit blocks of cipher text. Since block ciphers can only be composed of 128-bit blocks, they must break up the message into several blocks and encrypt each one individually. A process called modes of operation allows a cryptographer to repeatedly use block ciphers to encrypt an entire program–or piece of malware, in this case.
Modes of operation can use randomization based on an addition input value making it very difficult for any one program or decryter to be able to decrypt the code. When the file is opened, unencryped code–a decryption script in this case–would then run and execute the decrypted malicious code.
Unfortunately for the Web and its users, most antivirus software relies largely on searching for patterns of data that are alike or similar to its virus definitions. Some more advanced programs use heuristics to identify not necessarily problem code but virus structures based on miscellaneous wildcard characters (not A-Z and 0-9) and extra pointless “padding” code. However, even when a program is using heuristics, your virus scanner may only notify you that it’s an untrusted or unknown file.
Even more unfortunate, the wildcard characters could be hidden in another type of seemingly useful file (e.g. .jpeg files) that actually displays an image, and therefore, might not trigger the virus scanner at all. Could it get even worse? Yes, but to my knowledge, most, if not all, virus scanners also are incapable of determining what will happen when the decryption script is run–that is, they don’t actually execute the code to find out what will happen.
According to Bestuzhev the virus writers behind this particular attack publishes new mirrors and new variants of the malware about every 2 days, though the encryption code has remained the same so far. This is certainly scary for anyone out there that values their private information, and I just hope that the antivirus software companies can keep up.
content from : it-networks

Gadget, heal thyself

In the top image, microcapsules full of liquid metal sit atop a gold circuit. When the circuit is broken (center) the microcapsules rupture, filling in the crack and restoring the circuit's functionality (bottom).

(Credit: Graphic by Scott White/University of Illinois at Urbana-Champaign)

The Geek Squad might not like this development, but we're excited about it. Engineers at the University of Illinois have developed a self-healing system for electronics that they say can restore conductivity to failed circuitry in "mere microseconds."
Today's ever-denser chips face more reliability problems due to the increasingly sophisticated demands on electronic devices. When one circuit within an integrated chip fails, the whole chip, and even the whole device (and your pressing deadline, of course) can go down with it.
"In a multilayer integrated circuit, there's no opening it up," Nancy Sottos, a professor of materials science and engineering at the University of Illinois at Urbana-Champaign, said in a statement. "Normally you just replace the whole chip. It's true for a battery too. You can't pull a battery apart and try to find the source of the failure."

University of Illinois researchers minding the circuit gap are (from left) Nancy Sottos, Scott White, and Jeffrey Moore.

(Credit: L. Brian Stauffer)

To get around the need for external intervention and diagnostics (which may not be readily available for spacecraft or defense-based aircraft, for example), the researchers adapted a previous technique they'd developed for self-healing polymer materials.
They placed tiny microcapsules (as small as 10 microns in diameter) filled with liquid metal on top of a gold line functioning as a circuit. When the circuit cracks, the microcapsules break open, releasing the liquid gallium-indium alloy into the gap and restoring electrical flow--up to 99 percent in most cases. The liquid does its bidding in less time than it takes to blink.
"Rather than having to build in redundancies or to build in a sensory diagnostics system, this material is designed to take care of the problem itself," said chemistry professor Jeffrey Moore, a co-author of the team's research paper, "Autonomic Restoration of Electrical Conductivity," which appears in the latest issue of the journal Advanced Materials.
While we probably shouldn't expect to see self-healing tablets and smartphones by CES 2012 (or even 2013), we are intrigued by the promise such gadgets hold for product reliability and reducing e-waste. For now, the researchers are particularly interested in applying their system to improving batteries' safety and longevity, though it's not yet clear just what sort of longevity we're talking about, or how much these little oozing capsules will add to the cost of electronics.

Originally posted at Crave

Invasion of the Body Hackers? Wireless Medical Devices Susceptible to Attacks

Security expert and diabetic Jerome Radcliffe has hacked into the wireless insulin pump he wears on his body around the clock to keep his blood sugar level stable.

Radcliffe talked about the hack in a presentation at the Black Hat Security Conference, held in Las Vegas.
He reportedly detailed how untraceable attacks could be launched against wireless insulin pumps, pacemakers and implanted defibrillators from a distance of half a mile.
The use of wireless technology is improving healthcare, according to a post by the GLG Group that cited a study by Philips (NYSE: PHG).
The Bluetooth Special Interest Group (SIG) said there are more than 40 million Bluetooth-enabled health and medical devices already in the market.
In June, the Bluetooth SIG finalized standards for Bluetooth-capable thermometers and heart rate management products.
It's possible to hack any wireless medical device that's not configured properly, Tim Gee, principal at Medical Connectivity, told TechNewsWorld.
However, doing so is not a simple task.
"Of course, someone with good generalist programming skills can learn to work with kits like this, but they'd need to know a lot more than a control language," David Harley, senior research fellow at ESET, told TechNewsWorld.
"I'm sure this won't come as a complete surprise to the industry, but it's a largely hypothetical situation that largely belongs in the pages of a thriller," Harley added.

About Jay Radcliffe

Radcliffe, who works at SecureConcern, is a Type 1 diabetic. This is a chronic disease previously known as "juvenile diabetes" that is caused by the pancreas not producing enough insulin to control the patient's blood sugar level.
Radcliffe reportedly spent two years trying to hack his pump because he was concerned about the possibility that someone might be able to hack into pumps like his and reconfigure their settings.
He eventually managed to take control of the pump so that he could change the amount of insulin it injected into his body without leaving a trace of what he'd done.
Radcliffe did not respond to a request for comment by press time.

Wireless Technology for Medical Devices

Wireless medical devices use either the MICS band or the ISM band, Medical Connectivity's Gee said.
MICS stands for Medical Implant Communication Service. It uses the 402-405 MHz frequency and is a short-range wireless link used to connect low-power medical devices implanted in patients to monitoring and control equipment.
Such equipment would include pacemakers, defibrillators and neurostimulators.
The ISM, or industrial, scientific and medical band, is reserved for uses other than communications. Such uses include radio frequency process heating, microwave ovens and medical diathermy machines.
Several frequencies ranging from 6.780 MHz to 244-246 GHz are defined as ISM bands by the International Telecommunications Union's Radiocommunication Sector.

The Possible Technology of the Hack

Radcliffe isn't the first to hack a vital piece of medical equipment. Three years ago, a group of academics published a paper about a similar vulnerability in wireless pacemakers.
"It seems to me that the hacking takes place at the transmission link level, in this case, either a WWAN connection, meaning a mobile network, or a WiFi LAN," Harry Wang, director, mobile and health research at Parks Associates, told TechNewsWorld.
It's easier to hack into a network-connected device.
The majority of medical devices aren't connected to networks now, which accords some measure of safety, but that's beginning to change, Wang said.

Death and Device Hacks

However, the chances of a hacker taking over someone's implanted medical device to commit harm or even murder are small.
"The device base is small, and consequences will be much harsher for hackers if they do this," Parks Associates' Wang stated.
"[Radcliffe's hack] will raise the visibility of the issue and may prompt industry and government to act more swiftly," Wang added.
Don't expect a solution soon, because agreeing on one "will involve several parties and the process will be long, particularly if you involve national policy on spectrum allocation," Wang said.

Linux and the Giant Breach

 

Security scares are so commonplace in the tech industry today that it's virtually impossible to keep track of them all. Security scares in the Linux world, however, are still rare enough as to cause at least a small collective gasp of consternation.

That, indeed, is just what happened recently when it was discovered that the Kernel.org site had been breached last month.
"Earlier this month, a number of servers in the kernel.org infrastructure were compromised," read the note that was later posted on Kernel.org. "We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure."
It's since become pretty clear that the site's source code repositories remained intact, thanks largely to Linus Torvalds' Git distributed revision control system. Nevertheless, Torvalds himself last week temporarily moved Linux development to GitHub, and Linux fans around the globe are still shaking off the slight chill that resulted from the scare.

'Not That Big a Deal'

"Seriously people, this is big," wrote Mensa Babe on one of several Slashdot threads on the topic. "I really mean totally freaking big. Thanks to the open source nature of the kernel it is trivial to add a rootkit and make a new tarball. If the attackers were worth their salt then they should do exactly that."
On the other hand, "this security breach is not that big a deal," countered bzipitidoo. "Yes, it is embarrassing for kernel.org, but the damage is not that great. Sure, we'd all like to prevent security breaches from ever happening in the first place, but I have always thought detection and recovery is more important than prevention. Kernel.org has that covered in spades."
Indeed, according to another Slashdot post, the kernel attackers apparently didn't even really "know what they had."
Whatever the case, however, discussion of the event has extended to blogs and forums around the globe; Linux Girl's Quick Quotes Quill has never been so tired.

'Not the End of Linux by Any Means'

"Cause for concern? Yes, but there's no reason to believe that kernel sources were compromised; such a change would be easily detected with diff," Hyperlogos blogger Martin Espinoza asserted, for example.
"I'd sure like someone to show me a 100 percent secure, internet-connected computer...," Espinoza added.
Similarly, "of course this is a serious concern but it's not the end of Linux by any means," agreed blogger Robert Pogson.
"I expect procedures on the servers will be tightened up to prevent/detect a recurrence," Pogson added. "Sometimes it takes a failure to provoke positive changes."
Meanwhile, "the ability of Linus to switch to GitHub running software that he wrote shows the tremendous adaptability of FLOSS," Pogson said.

'This Should Improve Confidence'

Barbara Hudson, a blogger on Slashdot who goes by "Tom" on the site, took a similar view.
"A developer's remote machine co-located on the same network was compromised, their password sniffed, and used to do some monkey business on the kernel servers," Hudson told Linux Girl. "In the end, it looks like no permanent damage was done, and that the existing people, procedures and infrastructure are robust enough to recover cleanly."
In fact, "this should improve, not reduce, confidence in the Linux development process," Hudson opined.

'All Security Is a Balancing Act'

While some are "using the occasion to go into histrionics by characterizing this as a 'surprising failure,' it's not surprising," Hudson added. "It's the nature of networks, and especially of the Internet."
The fact is that "all security is a balancing act, not an absolute," she explained. "The only way to completely avoid these sorts of things is to implement so many security measures that nothing else ever gets done.
"Or unplug the computers ... which defeats the whole purpose of using computers in the first place, unless you like owning an expensive doorstop," Hudson concluded.

'It All Comes Down to Time'

"There is NO SUCH THING as a perfectly secured site, period," echoed Slashdot blogger hairyfeet. "If you can get to it from the net it can be hacked; the only question is how much time will it take and will the admins notice the attempt before they get in."
The past year, in fact, has seen attacks on organizations "from governments to security firms," hairyfeet noted, so "what makes the kernel guys any better? Linux isn't magical, it is an OS. All OSes are extremely complex and nobody knows every inch of them."
The bottom line, then, is that "it all comes down to time, what software they are running, and a little luck," hairyfeet concluded. "It doesn't make them bad, or make the OS lousy, it is just a flaw, flaws get fixed. I'm sure they minimized the damage and restored from a good backup as is sound security practice.

content: technewsworld