The UpStream

Cheap Tablets Purchased on Black Friday Contain Severe Security Vulnerabilities

posted Sunday Nov 30, 2014 by Nicholas DiMeo

If you ever needed another reason to avoid the cheap $40 tablet from a drug store, here's one that should put your desire to own shoddy hardware to bed. Researchers at Bluebox Labs picked up twelve different budget tablets on Black Friday and have discovered that most of them shipped with exploits, vulnerabilities and security bugs.

The devices purchased were:

$49.99 DigiLand from Best Buy

$39.99 RCA Mercury from Target

$39.99 Mach Speed Xtreme from Kmart

$49.99 Polaroid from Walgreens

$49.99 Zeki from Kohl's

$39.99 Mach Speed JLab Pro from Staples

$49.99 Craig 7 from Fred's Super Dollar

$49.99 Pioneer 7 from Walmart

$49.00 Nextbook from Walmart

$49.99 Ematic from Walmart

$69.99 RCA from Walmart

$47.32 Worryfree Zeepad from Walmart

Bluebox Labs posted its findings on the company blog,

Bluebox Labs purchased over a dozen of these Black Friday 'bargain' Android tablets from big name retailers like Best Buy, Walmart, Target, Kmart, Kohl's and Staples, and reviewed each of them for security. What we found was shocking: most of the devices ship with vulnerabilities and security misconfigurations; a few even include security backdoors. What seemed like great bargains turned out to be big security concerns. Unfortunately, unsuspecting consumers who purchase and use these devices will be putting their mobile data and passwords at risk. We recommend that you avoid conducting online banking, making purchases or storing sensitive data on these devices - if you do, you will be putting your data at risk.

Essentially, these things should be used for two purposes: Bing searching and as a paperweight. So what's the details in the security leaks? Well, according to the results, some of the tablets contained little flaws, like sending information that's supposed to be encrypted as unencrypted. Others, however, still shipped with the Heartbleed vulnerability. Bluebox says that there is a free guide you can use to help fix some of the issues in these cheap tablets, but it won't solve devices that are completely insecure, like the Polaroid tablet at Walgreens.

In the end, so goes the old addage, "you get what you pay for." Did you buy any of these tablets on Black Friday or in the past? Are you planning on still giving them out as gifts or are you heading back to the store for a return? Let us know in the comments section.

FAA to Propose New Rules for Commercial Drone Use

posted Sunday Nov 30, 2014 by Nicholas DiMeo

FAA to Propose New Rules for Commercial Drone Use

Drones are a new and scary thing, at least for the government. It's such a feared technology that the FAA is going to put the kibosh on any plans for online retailers to have same-hour drone delivery in the future.

New federal laws are expected to be passed to restrict the operation of a commercial drone. While nothing is actually official yet, several people who are tied in with the committee for these rules have given out some information on what those rules might be. For starters, operators of these drones will have to have a license to pilot manned aircraft. Flights will be limited to daytime hours only, you must keep the aircraft below 400 feet and, here's the kicker, the drone must remain within the sight of the operator. I'd be curious to know if being able to see the drone through an Internet-based camera would suffice as being within sight of the operator.

Sources also said that identifying the type of aircraft would be key to restricting which drones fall into which categories. For instance, the FAA is rumored to group every drone under 55 pounds into one category and one set of guidelines. This would put the super-tiny drones under 3 pounds in with the bigger guys.

Of course, privacy concerns and other hang-ups are the topic of discussion when it comes to these devices, however many argue that the rules could be too restrictive and yet again step on the innovation in this space. Add to that the requirement that one must have a license in manned aircraft and it severely limits who can operate these devices. Again, these rules would be for commercial drones only, but they could also be used as a stepping stone to more restrictions on personal use of the same aircraft.

It is being said that the FAA should be a proposal by the end of the year and a public period for comments and concerns would follow that, similar to what we saw with Net Neutrality.

Sony Pictures Dealt Critical Hit in Massive Data Breach and Outage

posted Sunday Nov 30, 2014 by Nicholas DiMeo

Sony Pictures Dealt Critical Hit in Massive Data Breach and Outage

Sony Pictures has yet again been targeted for a data breach. Amidst rumors of Sony Mobile's database being hacked, which turned out to be untrue, Sony Pictures has suffered its second data breach in under two years.

Employees of Sony Pictures logging onto their computers this week were welcomed with the image you see on the right. The Guardians of Peace, or GOP, is taking credit for the attack and has watermarked the image to prove it. Employees were unable to access information on their computers or their email, and after some time, the entire system shut down. For almost an entire day, Sony Pictures were unable to restore their servers and other devices to a working state and instead resorted to landline phones and fax machines.

The image on the computers said this,

Hacked By #GOP


We've already warned you, and this is just a beginning.

We continue till our request be met.

We've obtained all your Internal data, Including your secrets and top secrets.

If you don't obey us, we'll release data shown below to the world.

Determine what will you do till November the 24th, 11:00 PM (GMT).

GOP made some demands per the image and displayed links to what data was stolen from Sony. Among that data included usernames and passwords, which appeared to have been stored in Excel files sorted by country. There is also "private key" files titled "Sony - Workday" and "ADP SSH Private Key" in GOP's list. The group also says it has several .zip files that it thinks Sony Pictures wouldn't like out in the wild, like internal financial reports, FTP passwords and Outlook .pst files.

Since then, Sony has done some interesting things. First, the initial response from the company was that it is "investigating an IT matter." Sony has gone on record to say it may take "weeks" until everything is fully restored. Sound familiar? Now, Sony Pictures is investigating whether or not North Korea is behind this attack. While this may sound crazy up front, Sony has caught a lot of flack from the country ahead of the release of The Interview, which stars James Franco and Seth Rogen as journalists who are hired by the CIA to kill Kim Jong-un.

Beyond that, several Sony Pictures titles have been leaked to the web this week, too. Four of them have not been released yet and one of them, Fury, is still shown in movie theaters. While the GOP has not taken credit for this, it does seem a bit coincidental and furthers the damage done to Sony as a whole. Can Sony Pictures rebound from this crucial blow?

Reed Hastings Speaks About Nielsen's Plans for Measuring Viewership

posted Sunday Nov 30, 2014 by Scott Ertz

Reed Hastings Speaks About Nielsen's Plans for Measuring Viewership

Earlier in the month, the Wall Street Journal reported that Nielsen had plans to start measuring streaming viewership. This was a big deal for the producers of content, which have had a lot of trouble knowing exactly how their content is doing on streaming services. This is especially problematic for the producers of programs like Orange Is the New Black, which is available exclusively through streaming. It could also be important for the streaming services themselves, as an independent count of streaming can help with negotiations.

The program will run in a similar manner to how standard Nielsen ratings work: specific people's viewing habits will be averaged to a national number. The content's audio will be parsed as it is played, similar to how Shazam and Cortana identify music, and the viewings will be logged. There is a problem with the program however, as Reed Hastings points out,

It's not very relevant. There's so much viewing that happens on a mobile phone or an iPad that (Nielsen won't) capture.

The inability to count mobile views is a big problem. For me, a lot of my viewing happens on a tablet or phone, and I know that I am not the exception. Losing independent rating of mobile content will make the numbers a little less than useful for Netflix, Hulu or Amazon. That is, unless Netflix can show a correlation between home and mobile numbers on their own servers, and convince content producers that the numbers are accurate.

This is a difficult task, as trusting a company's own numbers on a topic which is vital to the company's existence and can't be corroborated can be dubious. The desire to play with said numbers can be overwhelming, and companies in broadcasting, which streaming technically fits into, have been known to do just that. This is where Nielsen comes normally comes in with broadcast, cable and satellite, though all of those views are counted equally.

Hastings also had something to say about traditional television,

It's kind of like the horse, you know, the horse was good until we had the car. The age of broadcast TV will probably last until 2030.

While he was referring specifically to broadcast television, we have had conversations in the past about the end of the appointment television era as a whole, and we believe that this prognosis is fairly accurate. The biggest hurdle will be getting Nielsen to count all views, not just home.

Bing and Yahoo Implement Right to be Forgotten Support in EU

posted Saturday Nov 29, 2014 by Scott Ertz

Bing and Yahoo Implement Right to be Forgotten Support in EU

After Google's loss to the European Union earlier in the year, they were forced to implement an ability for EU citizens to have search results removed from the index. That system was released to the public in June and has seen an incredible number of requests. In fact, the request count has been high enough that the EU is now considering requiring that this index removal be expanded to the rest of the world.

This week, Google, as well as other search providers, were dealt a new blow, as the drafted search breakup resolution was passed through the European Parliament. While the resolution is far from binding or legal, it does indicate the direction of the EU. Clearly they are concerned about the influence search providers have on the general population.

In a likely related move, Microsoft and Yahoo have both implemented the same Right to be Forgotten index scrubbing that Google was forced to implement in June. Neither company has gone into detail about their plans, but both released statements about their intents.


We will carefully evaluate each request with the goal of balancing the individual's right to privacy with considerations of the public's right to information.


While we're still refining that process, our goal is to strike a satisfactory balance between individual privacy interests and the public's interest in free expression.

Microsoft has received 699 requests, and has rejected 79. 77 of those rejections were requests for Microsoft to remove content from a social network, which it clearly cannot do. Those individuals were directed to contact said network. Google and Yahoo has not been as open about their rejection numbers, or the reasons for said rejections.

Sony to Give Refunds Over PlayStation Vita False Advertising

posted Saturday Nov 29, 2014 by Scott Ertz

Sony to Give Refunds Over PlayStation Vita False Advertising

Do you remember when Sony announced the PS Vita? How about when they made a big deal about cross-platform playability of games? Have you enjoyed playing all of those games cross-platform on your PlayStation 3 and PS Vita? If you answered yes to all 3 of those questions, you are in a VERY small majority.

As it turned out, Sony made a big deal about the cross-platform playability of games without making it clear that very few games could be played that way. In fact, so few games had the capability that the Federal Trade Commission got involved in complaints of deceptive marketing. The FTC gave an example, saying,

For example, with respect to 'MLB 12: The Show,' consumers could only save the game to the PS Vita after finishing the entire nine-inning game on their PS3. In addition, Sony failed to inform consumers that to use this feature, purchasers had to buy two versions of the same game-one for their PS3 and one for the PS Vita.

Sony responded, saying,

Although we have a strong difference of opinion with the FTC as to the message that PS Vita purchasers took from that advertising, we decided to settle the FTCs inquiry in order to focus on the PlayStation 4s momentum into this holiday, where PlayStation Vita continues to play an important role.

The settlement mentioned involves money being returned to PS Vita owners. Anyone who purchased a Vita before June 1, 2012 is entitled to $25 cash or $50 in game credit. If our former co-host Jon Wurm had ever gotten his Vita, he would be a little happier right now. As it is, many Vita owners will finally get a bit of their $250 purchase price back.

We're live now - Join us!



Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats