Month: February 2015

On Monday, the US Federal Trade Commission announced that it reached settlements with two companies that marketed apps claiming the ability to diagnose melanoma. Two marketers of MelApp and Mole Detective were charged with “deceptively claiming their mobile apps could detect symptoms of melanoma, even in its early stages,” the FTC wrote in a press release. Two additional marketers of Mole Detective did not settle, and the FTC is still pursuing charges against them.

These melanoma apps and others like them work by asking the user to take a picture of the problematic skin area and then analyzing the picture to see if the risk for melanoma is low, medium, or high. “The FTC alleged that the marketers deceptively claimed the apps accurately analyzed melanoma risk and could assess such risk in early stages,” the FTC wrote.

Applications such as these could pose a serious risk to consumers. In 2013, Ars wrote about a study of the results of these kinds of apps, published in JAMA Dermatology, which found that the four apps that the researchers tested at the time misdiagnosed 30 percent of malignant melanoma as being benign. That kind of result could give someone an excuse to put off a visit to their doctor until it’s too late.

Echoing the concerns many US-based technology companies have about US-led surveillance programs, Yahoo Chief Information Security Officer Alex Stamos asked the director of the National Security Agency some pointed questions concerning proposed or existing backdoors placed in encryption technologies. The responses from NSA Director Adm. Mike Rogers only underscored the growing divide.

The frank exchange occurred Monday at the Cybersecurity for a New America conference in Washington DC. It came 17 months after materials leaked by former NSA subcontractor Edward Snowden documented NSA-engineered backdoors were built into widely used cryptography technologies so that government agents could decrypt communications. Critics have since warned that the policy could backfire on US citizens, since backdoors can be exploited by governments of a variety of countries. Rogers clearly disagreed, but his denials were notable for a lack of technical detail.

What follows is an excerpt of the exchange, as first provided by website Just Security:

In the wake of last week’s Lenovo’s Superfish debacle, at least one person has filed a lawsuit against the computer manufacturer and its notorious software partner, and one class-action investigation has begun.

San Diego blogger Jessica Bennett filed a lawsuit in federal court last week, charging Lenovo and Superfish with violating state and federal wiretap laws, trespassing on personal property, and violating California’s unfair competition law. In addition to this, a Pennsylvania law firm put out a press release on Friday that asked Lenovo customers to participate in a class action lawsuit investigation regarding the presence of Superfish on their computers.

Lenovo found itself in hot water last week when researchers discovered that pre-installed adware from a company called Superfish was making users vulnerable to man-in-the-middle attacks. The adware installed self-signed root HTTPS certificates that made it easy for Superfish (as well as low-skilled hackers) to intercept users’ encrypted Web traffic.

Lenovo’s top technical executive apologized once again for pre-installing laptops with software that intercepted customers’ encrypted Web traffic, and the company has gone on to outline plans to ensure that similar mistakes don’t happen again.

“This software frustrated some users without adding value to the experience so we were in the process of removing it from our preloads,” Lenovo CTO Peter Hortensius wrote in an open letter published Monday afternoon. “Then, we saw published reports about a security vulnerability created by this software and have taken immediate action to remove it. Clearly this issue has caused concern among our customers, partners, and those who care about Lenovo, our industry and technology in general. For this, I would like to again apologize.”

Hortensius went on to enumerate the ways affected customers can remove Superfish software, which installs a dangerous Secure Sockets Layer credential in the root certificate authority folder of affected PCs. In addition to an automated removal tool created and distributed by Lenovo, antivirus software from Microsoft, McAfee, and Symantec will also detect and remove the threat. Hortensius said that Lenovo plans to release an updated system for addressing software vulnerabilities and security threats. Options include creating a “cleaner PC image,” working with customers and security professionals to create a better policy for pre-installed software, and “soliciting and assessing the opinions of even our harshest critics” as they relate to product security.

Update (2/23/2015): New beta releases of OS X 10.10.3 and iOS 8.3 have filled in previously empty placeholder icons with new emoji, as seen above. Faces and body parts that were previously light-skinned are now a Simpsons-esque shade of yellow by default, but if you keep your finger on the screen the emoji picker will offer up five different skin tones for you to choose from.

Original story: Photos for OS X is the biggest change introduced in the first beta build of OS X 10.10.3, but the folks at MacRumors have discovered another: preliminary support for better diversity in emoji.

The implementation looks like the one laid out in a Unicode Consortium draft proposal published in November. That proposal calls for a selection of five color swatches, which, when combined with a “base” emoji like a man or woman’s face, can change that emoji to display different skin and hair colors. Apple’s early implementation is full of blank and placeholder images, but it looks like certain emoji are getting a dropdown menu that will allow users to choose from among several versions of the same basic emoji.