Tag: Branding

Lego and Alexa Team Up For Storytelling Through Device

In terms of toys, what could possibly be better than LEGOS?  How about LEGOS, combined with Alexa?  That’s the latest idea from Amazon, who has paired the unlikely duo in a newly announced service called “LEGO Duplo Stories.”  The new service (“skill,” in the parlance of Alexa) will be available on any device that offers Alexa support including Echo Dot and Amazon Echo. It provides a selection of stories with audio prompts that guide children in the construction of something with their LEGO Duplos that ties in with the story being told.

The stories are quite inventive, and change based on the responses of the children listening and interacting.  For example, one story involves going on vacation via plane, and based on what the children say they want to pack, the vacation destination will be either to a warm or a cool place, with various build instructions being introduced along the way.

According to the company, the goal is to use these interactive stories as a means of developing color recognition, social, and cognitive skills.

It’s an innovative approach, and an excellent use for a technology that is becoming increasingly common in American homes.  To access the stories, simply say “Alexa, open LEGO Duplo Stories,” then follow the prompts to begin the interactive experience.

Currently, the stories span ten different themes and work in tandem with existing Duplo sets.  It should be noted that you can still interact with the skill even if you don’t own a set of LEGOS, or don’t have all the required pieces (although obviously this will make it even more interactive).

James Poulter, the Head of emerging Platforms and Partnerships at LEGO, had this to say about the new offering: “Voice is such a powerful tool for play as it is one of the most human ways of interacting.  Long before we can type, read or control a device, we listen and speak.”

An exciting development, and it is available right now.

Hulu To Soon Offer Episode Downloading and Offline Streaming

Hulu recently announced that it would join both Netflix and Amazon Prime in allowing its users to download content to watch offline, but in Hulu’s case, it comes with a twist.

If you subscribe to the $7.99 a month tier, in addition to downloading the content you want to watch, you’ll also be downloading the advertising associated with that content.  It’s an important distinction because Hulu is structured quite differently from Netflix and Amazon Prime.

Much of Hulu’s programming is available on regular network television, and often airs the same day it does on the regular networks.  Consequently, ads on Hulu tend to command more of a premium than ads on the other two companies.

Combine that with the fact that Hulu gets most of its revenue from advertising, and you begin to see the appeal and the necessity of such a strategy from Hulu’s perspective.  Netflix and Amazon prime both have a deep bench of their own, unique programming which acts as a draw. However, Hulu is currently dependent on content licensed from others, which is why ad revenue is of utmost importance to them.

It should be noted that if you subscribe to the company’s $11.99/month plan, you can download ad-free content.

Either way, the ability to watch content offline is a big deal. This is especially important to frequent travelers who often find themselves in places with patchy internet service, or no connectivity at all.  In those cases, having access to offline content can be a real godsend that can mean the difference between a tolerable trip and a miserable one.

Kudos to Hulu for joining the ranks of Amazon and Netflix, and although there have been a few grumblings about having to endure ads, it really is a small price to pay for the flexibility and convenience.

Fitbit and Google Partnership May Raise Privacy Concerns

Depending on which side of the privacy debate you’re on, you’re either going to love or hate this announcement:

“Fitbit intends to use Google’s new Cloud Healthcare API to help the company integrate further into the healthcare system, such as by connecting user data with electronic medical records.”

Rarely has a single sentence been so fraught with risk, while simultaneously promising such great opportunity.

On the plus side, the potential for innovation is virtually unlimited, and this new partnership will no doubt be a boon for the still-struggling wearables market. There are also potential increases in health care delivery efficiency, but the privacy concerns surrounding the issue are very real.

One has to only think back to the recent Allscripts fiasco, in which some 1,500 healthcare providers found themselves impacted by a nasty ransomware attack.

Google already collects copious amounts of data on its users, and with Fitbit angling to tap into healthcare records, the amount of private and personally identifiable information collected on users is bound to grow exponentially.

In addition to that, depending on exactly what data Fitbit attempts to link, it could very well make them a “business associate” from a HIPAA perspective. This can expose one or both companies to increased liabilities and vastly stricter standards on how the data can be used, and the steps that must be taken to safeguard it.

Right now, those details are very much in the air, and the issue could go either way. But there are some legal experts who believe that Google and Fitbit will be able to skirt the issue sufficiently so that they will not gain the “business associate” classification.

For Fitbit’s part, the company had this to say: “We have a longstanding commitment to privacy and data, and our data practices will continue to be governed by the Fitbit Privacy Policy.  We are not sharing our user data with Google, we are partnering with Google to host Fitbit user data, similar to other cloud/hosting service providers.  We take our obligation to safeguard users’ personal information very seriously and are committed to protecting the privacy and security of our users, while being transparent about our data practices.”

Comforting words, but they have done little to allay the concerns of privacy advocates, who see any number of negative outcomes associated with the new partnership.  This is a debate that will no doubt be continuing for quite some time to come.

High Speed Wireless Coming To Laptops Next Year

If you’re in the market for a new laptop but can milk a little more life out of the one you’ve got, 2019 will be the year to buy.  The reason?  5G.  AT&T is slated to become the first carrier to offer 5G network connectivity to small segments of its customer base this year (starting in Atlanta, Dallas, and Waco, and then slowly spreading to other areas).

While they’ll be the first, it’s not hard to imagine that their competitors will be hot on their heels, and all the major PC and laptop manufacturers are keenly aware of this.  That’s why Microsoft, Lenovo, HP, Dell, and Intel have all announced that the first 5G-enabled PCs will become available sometime in mid to late 2019, in a bid to take advantage of the awesome new capabilities that 5G promises to make a reality.

While Intel missed the 4G opportunity, the company has every intention of being front and center in the 5G revolution.

In fact, the company had this to say when it made its announcement earlier this week:

“Intel is investing deeply across its wireless portfolio and partners to bring 5G-connected mobile PCs to market, with benefits for users like high quality video on-the-go, high-end gaming, and seamless connections as users traverse WiFi and Cellular networks.”

All true, and a widespread 5G network would truly be a game changer.  The problem though, is that 5G has a bit of an image problem.  It has long been considered the Holy Grail of wireless networking, and Intel and other companies have been hyping its many advantages for years.

The difference of course is that now, companies have the technical capabilities to make it all real, and have firm timetables in place for a rollout, neither of which were true in the past. Even so, 5G now has to swim against a bit of a tide of its own making as it draws closer to becoming reality.

Intel Releases New Patch For Spectre Chip Issue

By now, you’ve probably heard more than you ever wanted to hear about the critical Intel security flaw known as “Spectre.”  The flaw is massive in scope and scale, impacting every chip that Intel has released over the past decade, and if exploited, would allow a hacker to take complete control over the vulnerable system.  Needless to say, once discovered, the company got to work right away on a fix for the issue.

Unfortunately, there were problems.  Whatever form the fix ultimately took, it was going to mean a performance hit to any machine receiving the update.  Early estimates were that performance could be degraded by between 17 and 24 percent.

As it turns out, things were worse than expected.  Intel’s first attempt at patching the issue can only be described as a catastrophic failure, causing updated systems to spontaneously reboot multiple times a day and ruining performance.  The problem got so bad that the company formally recommended not installing the patch and waiting for a better one to be developed.

That better patch is now available, and has been extensively tested to avoid the problems that plagued the release of the first patch.  If you’re running a machine that uses Intel’s sixth, seventh, or eighth generation processor (Kaby Lake, Coffee Lake, or Skylake), or if you’re using a machine running an X-series processor, you should have already received the update via OEM firmware push.  If not, now is the time to grab it.

While it’s true that we’ve seen worse bugs and flaws than Spectre, this is as bad as anything we’ve seen recently. Given how many Intel-based machines there are out there in the wild, the problem posed by Spectre couldn’t get much bigger.  Don’t leave yourself vulnerable.  Get the update today.

Mi-Cam Baby Monitor Video Feeds Vulnerable To Hacking

Do you have a Mi-Cam in your home?  Even if you don’t have kids, you may have one. They’re a highly popular, inexpensive means of keeping tabs on the comings and goings inside your home when you’re not around.

As with so many such devices these days, users have the option of installing either an Android or iOS app on their phones so they can peek in remotely, any time they like, and therein lies the problem.

It’s no secret that the IoT is filled with “smart” devices that don’t live up to their name when it comes to security, and the Mi-Cam is no exception.  Security researchers have discovered that the communications between the company’s cloud servers where the video feeds live and the smartphones of the product’s user based are not secure.

So far, six different vulnerabilities have been identified, all of them critical. Any one of them would allow a hacker to hijack the window into your video feed and use that to scroll through literally every video feed on the company’s cloud, regardless of who owns it.  All told, that’s more than fifty thousand video feeds, accessible from a single point of entry.

It gets worse.  The attack is trivial to perform, because no SSL certificate is needed.  All that’s required is a copy of either the Android or iOS mobile app.

The manufacturer of the Mi-Cam has been notified of these critical security flaws, but as of now, none have been addressed. The company has not released any information about when they might be.  In light of that, if you have one, your best bet is to simply stop using it until the company can at least employ some rudimentary security protocols.

New Android OS To Improve Lower End Phones

Google has another new product out.  A slimmed down, streamlined version of the Android OS called “Go.”  Unfortunately, it’s release didn’t gather as much press as you’d expect when a new OS is released.  The reason for that is simple.  The new, slimmer, sleeker Android Go was designed for low-end phones with limited storage capacity, which don’t typically get much press either.

Despite the relative lack of fanfare, Android Go is an interesting app that deserves some attention, even if you don’t own a low-end phone.  At first glance, it’s got a lot going for it, although it remains to be seen if users will embrace it and make full use of its capabilities.

The first major noteworthy difference between Go and the standard Android OS is the fact that it doesn’t take up nearly as much space.  Counting the OS itself and the Android default apps, the entire package requires just over 3GB, which is a significant space savings. This makes a real difference on low-end phones, which typically have no more than 8GB of storage to begin with.

Second, it comes with an app called “File Go” that offers users suggestions on files that can be moved to the cloud or safely removed altogether.  Another app known as “Datally” makes tools available to manage how much data other apps on the phone are using, especially helpful for people who have limited data plans.

Third, there’s a special “YouTube Go” version of the standard YouTube app that gives users three different video streaming options: basic, standard, and high quality. This comes with information about how much data each of the three options will eat up.

In addition to those changes, Google has added a special section to its Play Store, highlighting apps that don’t require a lot of space.

Android Go is aimed specifically at users in developing nations, as this is where the highest concentration of low-end smartphones can be found.  As to how successful the new OS will be, only time will tell, but early indications are encouraging.

Another 2.4 Million Users Hacked In Equifax Breach

It looks like it’s going to be another bad month for Equifax.  The company just can’t seem to get out of its own way.

In 2017, the company announced a massive data breach that (it initially claimed) impacted some 140 million users.  Several months after the official announcement, the company was forced to revise the number of impacted users upward, as the forensic investigation into the breach continued.

Now, the company has announced a further upward revision of 2.4 million, bringing the total number of impacted users to slightly more than 148 million.

Equifax CEO Paulino do Rego Barros Jr. had this to say about the announcement, which raised more than a few eyebrows:

“This is not about newly discovered stolen data.  It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, making connections that enabled us to identify additional individuals.”

As it did originally, the company has also announced that it would notify the newly identified consumers and offer them free credit monitoring and identity theft protection at no cost.

After last year’s congressional hearings on the matter, this portion of the announcement tends to illicit eyerolls. The company is in the credit monitoring business, and the way the company offers its “free” protection is that at the end of the free period, it automatically rolls into a paid plan unless the user cancels the service.

Of course, as with most such schemes, a high percentage of users won’t think about it until they get their first bill. One of the more acidic comments made during last year’s hearings was that the company actually seems to be profiting from their own data breach.  That makes the CEO’s statement that “We are committed to regaining the trust of consumers, improving transparency, and enhancing security across our network” ring a bit hollow.

Trustico CEO Leaks HTTPS Certificate Keys Through Email

The CEO of Trustico, a TLS certificate reseller based in the United Kingdom, finds himself at the center of a controversy that raises a number of disturbing questions about browser-trusted security certificates.

The email in question was sent to Jeremy Rowley, an executive Vice President at DigiCert.  The catalyst that prompted the fateful email was that officials at Trustico notified DigiCert that 50,000 certificates originally issued by Symantec and resold by Trustico had been compromised and should be mass revoked due to security concerns.

Mr. Rowley, not wanting to take such drastic action without proof, asked for it.  In response, Trustico’s CEO emailed the private keys of 23,000 certificates, an action which drew shocked reactions from security professionals around the world when news of the email became public.

If you’re not familiar with the inner workings of browser-trusted certificates, there are a few problems here.  First, there’s no good reason why a reseller should have a copy of the private keys to begin with.  Second, even if that were the norm, to simply email them to a third party shows incredibly poor judgement, especially given that there’s no evidence the email in question was encrypted.  Third, customers used Trustico’s website to generate their private keys, which is a service that should never even have been offered.

To make matters even worse, not long after news of the email hit the internet, Trustico’s website went dark, when a security expert posted details about a critical vulnerability on the company’s website.  The flaw resides in a site feature that allows customers to confirm that certificates are properly installed.  Unfortunately, Trustico’s website had been compromised and any time a user would use the feature, the hackers could use the opportunity to run malicious code.  It’s a tangled web, and it paints everyone involved in a very bad light.

Facebook Post Removals May Soon Get An Appeals Process

There are some big changes coming to Facebook, which may have some serious unintended consequences.

In a recent interview, Mark Zuckerberg indicated that he’s considering allowing users to independently appeal to the content moderation team if their posts get taken down for violating various community policies.

On the surface of it, this seems like it would be a good thing. Zuckerberg said that the move is designed to give people in the Facebook communities what they want, rather than reflecting short-term, profit-driven wishes of the shareholders.

It’s a significant change because as of right now, Facebook only allows for appeals if content was removed for violation of copyright laws. In addition, the appeal must be made via a DMCA (Digital Millennium Copyright Act) notification, which makes it a somewhat daunting process.

Zuckerberg describes the new approach as follows: “So maybe the folks at Facebook make the first decision based on the community standards that are outlined, and then people can get a second opinion.  You can imagine some sort of structure, almost like a Supreme Court, that is made up of independent folks who don’t work for Facebook, who ultimately make the final judgement call on what should be acceptable speech in a community that reflects the social norms and values of people all around the world….I think we can build that internally as a first step.”

All of that looks good on paper, but there are some major problems with this approach.

First,  the company will struggle to find enough volunteers to monitor content and appeals to keep pace with demand.  Given the size of Facebook’s footprint on the web, that’s a very real concern. The new, easier appeal policy is certain to cause the number of appeals to explode.

Second, if not done with great care and forethought, it could further polarize the platform. It could lead to the development of more estranged “information silos,” which runs counter to what the company ultimately wants its global network to be.  In addition to that, it could easily lead to a massive backlash against the company.

Time will tell, but the coming months should be interesting indeed.