Here is how it works: the wallet connects to your cellphone via Bluetooth. When the two objects are separated by more than 15-30 feet, the wallet will sound an alarm. So, in reality, it is really protecting you from losing two important items. The wallet also features a biometric fingerprint reader that will only open for its owner. On the other hand, if you leave both your cellphone and wallet behind, you are still screwed. Probably even more so since the wallet was so dammed expensive. The wallets are available for pre-order now in several colors, with shipments starting on December 11th. [iwallet via Gear Diary via OhGizmo via DVICE]

At Giz, we only endorse finger vein security (publicly, because privately we'd rely on nothing short of full colonoscopic verification). Sony's FVA-U1, going on sale December 18 in Japan, will be the smallest finger vein reader on the market conveniently operating over USB. [AkihabaraNews]

Of course, it would have also proven whether or not your wife was using the golf club on your face before the incident. The point is that, unlike most vehicle accident cameras, the Car Cam Dually offers a more complete picture of how an accident went down, making it easier to prove who was at fault and what kind of injuries were sustained. To that end, the device also keeps track of your GPS location and the g-force of the impact. [Spy Gadgets via TRFJ via DVICE]

In a response to Computerworld's article on NSA involvement in Windows 7 development, Microsoft stated: "Microsoft has not and will not put 'backdoors' into Windows."

Not to nitpick here, but doesn't this denial leave another "door" open? As in, couldn't the NSA have stuck their own backdoor into Windows 7 while official Microsoft employees turned a blind eye? Or—and this may come as really shocking—could Microsoft have simply lied to us in the interest of national security??

Of course, but if you freak out over this potential lack of digital autonomy, you're clearly a terrorist. [Computerworld via Digg]

According to the NSA's Information Assurance Director, Richard Schaeffer, it's important for the agency to work with Microsoft and other software makers because otherwise the increasing reliance on "private-sector computing products" could put national security at risk. By creating and maintaining high security standards, the agency hopes to reduce the danger of the "rising threat of cyberattacks." Whew. That actually sounds quite reasonable and like a good thing, rather than cause to panic after seeing "NSA" and "Microsoft" in the same sentence. [NPR via Crunch Gear]

Essentially, it's a polyurethane cage full of goodies that you store in the fridge and secure with a combination lock (included). Of course, there's nothing preventing thieves from stealing the entire cage and working on it later with a hacksaw, but that's a lot of trouble to go through for a can of Beefaroni and a bottle of Mtn Dew. [Perpetual Kid via RGS via OhGizmo]

It's not the first time we've seen this; Swiss developerMogo got busted gathering numbers and then calling people to harass them to buy more apps, which is certainly a more brazen move. Storm8 claims that this was a bug, but they're getting sued anyways. It doesn't pay to be shady, devs! [Boing Boing via Kotaku]

The way the test was conducted is that ten viruses were introduced into a clean install of Windows 7 with the UAC settings on system defaults. While only one virus was blocked, two technically did not function properly for whatever reason. Still, this doesn't leave much hope for those who decide to skip automatic patching, firewalls and anti-virus applications. Let's do the whole "Safer Computing" thing, shall we? [Sophos]

There are a thousand gigabytes in a terabyte, a thousand terabytes in a petabyte, a thousand petabytes in an exabyte, a thousand exabytes in a zettabyte, and a thousand zettabytes in a yottabyte. In other words, a yottabyte is 1,000,000,000,000,000GB.

In terms of data on current human scales, a yottabyte is nearly infinite (though I'm sure the NSA will manage to fill the thing in like 2 weeks, and iPods will come with yottabytes in just a few months).

To be fair, the yottabyte figure is just one estimate generated by a Pentagon think tank. The facility could hold a mere hundreds of petabytes. But either way, the prospect is as unsustainable as it is frightening. This one facility will burn through as much electricity as the entirety of Salt Lake City.

All of this data comes from the book The Secret Sentry: The Untold History of the National Security Agency by Matthew M. Aid. And while the paranoid among you may read it, I, MARK WILSON, HAVE NO REASON TO FEAR THE NSA'S INVOLVEMENT IN MY LIFE OR INFORMATION AT ALL. [NYBooks via CrunchGear]

In other words, this would be a great, inexpensive home surveillance cam. It's supposed to be a snap to set up, and you can access the feed and control the pan and tilt of the camera from any PC or internet capable cellphone. For $300, Astak also throws in motion detection, night vision, two-way audio and a built-in DVR. I have to believe this is as good a feature set as you will find on a webcam at this price point.

ASTAK INTRODUCES WORLD'S FIRST SELF-CONFIGURING, STANDALONE INTERNET CAMERA IDEAL FOR KEEPING AN EYE ON HAPPENINGS AT HOME

YouTube, Twitter and iPhone ready, the affordable and easy-to-use Mole is the first "do it yourself, view from anywhere" solution for remote viewing and sharing

SAN JOSE, Calif.–October 28, 2009–The lowly mole is a victim of poor PR, but that's about to change with Astak Inc.'s innovative new product, the Mole — a standalone Internet camera for consumers who need an easy and affordable way to capture, view and share unattended video over the Internet. Featuring automatic network configuration, the Mole makes it simple for home or business users to remotely view and share video in real-time from any web browser, social networking site, or Internet-capable cell phone, including the iPhone.

Unlike current webcams that require a PC for use, or IP cameras that are complicated to set up and often require customer software to view, the Mole is the first "do it yourself, view from anywhere" solution for home or business surveillance, health and family care (elder or children), social network sharing, pet or , bird watching, and other unfolding events such as social gatherings. The Mole is also an ideal way to keep an eye on business or home while traveling.

"The Mole will redefine home and business surveillance, and it also opens the door to using a remote camera for sharing unattended video, since it's Web 2.0 ready," said Jason Hsia, CEO of ASTAK. "Internet citizens are already uploading over 20 hours of video to YouTube every minute. When interesting or important events are underway, you can't always be there to see or record them in person. That all changes with the Mole, where motion-detected events can be auto-uploaded to YouTube and a tweet auto-sent to your Twitter feed."

A standalone Internet camera with advanced built-in software, the Mole provides auto-configuration so that the user can set up the camera in just a few easy steps and access their video privately without any network knowledge. Once set up, the Mole allows users to adjust the pan remotely to change the view instantly. While easy-to-use and affordable, the Mole camera includes high-end features such as motion detection activation, night vision, two-way audio, and a built-in DVR. The Mole also features both Ethernet or Wi-Fi connectivity.

The Mole is designed for direct access from any web browser, which lets users watch their video instantly, from anywhere, including the iPhone. The onboard software is specifically tailored for seamless Internet sharing including auto-uploads to YouTube. Users can also choose to receive real-time alerts via email or Twitter sent to their mobile phone or any IP-enabled device.

Available in early November 2009, the Mole will be distributed through Astak's network of retail and distribution partners, including Fry's, Costco, Amazon.com, Walmart.com and Astak.com, with an MSRP of $299.00.

[Astak]

Update: Apparently Time Warner has put a "temporary patch" into place while they figure out a permanent solution. [Wired]

Doubt it? Everything from the belongs-on-a-battleship looks to the AES encryption software to the 6-18 digit PIN screams "you will not get the 1TB of porn inside me."

Even the touchscreen keypad is paranoid, as it changes randomly each time you use it so the spies you think are on your tail can't memorize the PIN. One touch drive erase means the hentai secrets get scrubbed instantly the moment your parents those spies catch you.

Pricing starts at $488 for the 750GB version and $652 for the 1TB. [Slashgear]

Microsoft has deemed the hole to be a "critical" security threat, as it gives webmasters the ability to quietly install software on your PC. Last May, Microsoft released an update that made it possible to uninstall the .NET framework. They also released a patch earlier this week that supposedly fixes the problem. The vulnerability can also be exploited on users running any version of Internet Explorer. Needless to say, Firefox and IE users should employ one of those solutions ASAP. [Computer World Image via rootshell.be]

Oh ED, you're a lifesaver! A general who lead an infantry division in Iraq recently said that of the 155 men killed in combat, 122 could have lived if autonomous robots were doing the shooting instead. (Strangely, the other 33 would have died whether robots were around or not.) Replacing infantrymen with robots is a no brainer if you want to save your own boys, but Smokey from The Big Lebowski would probably say if nothing did the killing, even more lives would be spared. [Wired]

Am I reading this right? Slashdot says the entire domain .se—a million souls, I mean sites—up and vanished from the internet. Some didn't deliver successful replies for more than a day. Maybe I need to call Tim Berners-Lee for interpretation, but I don't get why more people aren't freaked out that an entire country up and disappeared, even if it was just for a moment. [Slashdot]

[Edit: This has been one of the most traumatic moments in my life. J.D.]

Someone did a comprehensive study of 836 people to see how people managed to keep username/password logins straight in their head. The test noted that only 4.4% of people showed no "deviations" from the ideal password rules, deviations including jotting down the password, reusing it time and again, using a deliberately short password or—and here's probably where most people failed-having no mix of characters and symbols. Having "best practices" that insanely rigid probably upped the failure rate substantially, but I think the important thing here—as Ars points out—is that the username/password system is a joke to begin with. [Ars Technica]

The 23-year-old guy who founded the International Church of Jediism obviously needs to watch Star Wars a few more times. The other day, he wore his hood into a supermarket and got yelled at something fierce. His very Jedi response? To run to the press and cry like a little bitch:

They said: 'Take it off', and I said: 'No, its part of my religion. It's part of my religious right.' I gave them a Jedi church business card.

No lightsabers, no waving of the hand in the air, not even "Lightning bolt! Lightning bolt! Lightning bolt!" Just a business card? He continues:

They weren't listening to me and were rude. They had three people around me. It was intimidating.

"Intimidating"? For a Jedi? Just remember, intimidation leads to anger. Anger leads to hate. Hate leads to suffering. Don't look now, but I think someone's headed for the Dark Side. [Guardian UK]

As you might suspect, the case is watertight, dust-proof and impact resistant. Plus, the foam interior can be shaped to snugly fit whatever gadget you are trying to protect. Also features a carrying handle, pressure release valve and padlock loops. HW models take the overkill one step further with a pull out handle and wheels. [Odyssey via Core77]

Too bad if you've got a sore leg, right? Thankfully, they're still investigating what level of uncomfortable shuffling would be deemed suspicious enough to call for a secondary screening.

The project is called Future Attribute Screening Technology (FAST), and has also developed machines to measure the interval between heartbeats, and how deeply someone inhales.

It's still all research, but one of the researchers told CNN the program is "doing significantly better than chance." I'm all for better security, but it sounds pretty invasive. As Joe Stanley of the ACLU is quoted saying: "Nobody has the right to look at my intimate bodily functions, my breathing, my perspiration rate, my heart rate, from afar."

Unless you're entering the U.S perhaps. Welcome to the possible future of travel. [CNN via Kotaku]

"123456" was the most popular password, appearing 64 times. Yes, that's but one digit away from this famous Spaceballs clip:

Other trends? The next top 20 most popular passwords were Spanish names, just under half the population used all lower case letters, and only six percent of the population used an alphanumeric combination.

Also, about 20% of the passwords were only six characters long...though the longest password was the awesome "lafaroleratropezoooooooooooooo". [The Inquirer]

The New York Times says Microsoft, Google and Yahoo have confirmed the addresses are real, and that they're helping affected users recover their accounts.

Even though you generally have to be pretty damn gullible to fall for one of these fake sites (or open strange-looking email attachments), now might be a good time to change your Web mail password...something you should be doing every now and then anyway. [BBC via New York Times]

The technique, called variance-based radio tomographic imaging, processes signals from a 34-node IEEE 802.15.4 wireless network. It's the protocol for personal area networks used by home automation systems such as ZigBee.

The basic idea is straightforward. The signal strength at any point in a network is the sum of all the paths the radio waves can take to get to the receiver. Any change in the volume of space through which the signals pass, for example caused by the movement of a person, makes the signal strength vary. So by "interrogating" this volume of space with many signals, picked up by multiple receivers, it is possible to build up a picture of the movement within it.

They were able to detect movement in a room to within a meter or so, which is pretty good. They won't be able to see what you look like in the shower, however, so I'm going to call this a good advancement. But be careful, researchers. Don't try anything sketchy. [Technology Review via Slashdot]

Apparently, US government officials have been advising frequent business travelers to keep separate electronics for use in China that they only use there. This includes computers and cellphones. And if you used your normal phone over there, it may be time to toss it.

It's all about corporate espionage, as one bugged phone or computer in the hands of a powerful exec could end up costing millions of dollars if info falls into the wrong hands.

It's both totally nuts and completely sensible at the same time. This is the age we live in, friends. [Geek.com]

The locks allow remote status checks and changes, so anywhere you've got a secure internet connection, you can lock and unlock the door at will. It's also got a ton of extra features, like turning on customized lighting when you enter the door or notifying you via email of anyone going in and out of your house. This is all done by Kwikset's marginally paranoid Connect4 system, and it's likely to cost a pretty penny. But I'd definitely pay a premium to be able to know for sure whether I locked the door. [Kwikset via Engadget]

This video was captured using Logitech's WiLIfe line of security cameras and submitted to the company as part of a weekly contest that rewards customers with the best videos. Awesome—perhaps they can use any money they won to buy a gun or throw into the pot on a down payment on a place in the city. At any rate, the second and third place videos are also pretty amusing.

[WiLife]

Software sold under the Sentry and FamilySafe brands can read private chats conducted through Yahoo, MSN, AOL and other services, and send back data on what kids are saying about such things as movies, music or video games. The information is then offered to businesses seeking ways to tailor their marketing messages to kids.

"This scares me more than anything I have seen using monitoring technology," said Parry Aftab, a child-safety advocate. "You don't put children's personal information at risk..."

EchoMetrix, formerly known as SearchHelp, said companies that have tested the chat data using Pulse include News Corp.'s Fox Broadcasting and Dreamworks SKG Inc. Viacom Inc.'s Paramount Pictures recently signed on.

Well, that's about as scummy as you can possibly get. Selling IM transcripts of children? This feels like it's got to be illegal, doesn't it? In any case, it's another reason to personally monitor your kid's internet usage rather than leaving it in the hands of some questionable software. [AP via Boing Boing]

Two things the video misses:
1. Trying out a bunch of standard passwords before getting bored and moving on.
2. That asshole at every airport pulling the "Free Wi-Fi" ad-hoc network scam. You'll get online, but they'll swipe your passwords. Sort of like a pimp not making you pay, but filming and selling a video of it without you knowing.

By the way, am I the only one that thinks free Wi-Fi looks kinda like Juliette Lewis? Who woulda thunk it.

The updated rules also make agents better inform you about what's going on. It's worth noting the searches are not standard practice: the DHS says that U.S. Customs and Border Protection (CBP) has dealt with over 220 million travelers over the last 10 months, but only 1000 laptops were searched in that time.

I guess I'm OK with them searching laptops at the border (in principle), but it's ridiculous if they don't need to suspect anything to do so. Especially when innocent folks can have the tool they use to make a living snatched away for 30 days. Supposedly it's the terrorism and kiddy porn stuff they're after. I hope so, because personally, I gotta have my Divx movie rips on long haul flights.

"Keeping Americans safe in an increasingly digital world depends on our ability to lawfully screen materials entering the United States," DHS Secretary Janet Napolitano said in a statement. "The new directives announced today strike the balance between respecting the civil liberties and privacy of all travelers while ensuring DHS can take the lawful actions necessary to secure our borders."

It's still a huge invasion of privacy, and thankfully The American Civil Liberties Union (ACLU) filed suit for more information on the searches earlier this week. As many do, it believes the DHS policy violates the U.S. Constitution's Fourth Amendment against unreasonable search and seizure.

What do you think? Were you one of those 1000 searched since October last year?

[DHS via Wall Street Journal]

"They can't seem to secure my account," Mitnick told The Register. "And then instead of doing something about it, they try to kill the messenger and want to boot me off their network when all I want them to do is to secure my account so no one gets access to my phone records."

Mitnick said the cellular account has been repeatedly breached over the years, despite a wide range of countermeasures he's followed to prevent the attacks. In recent years, he's committed the password to memory and has deliberately not shared it with anyone or kept it stored on a computer. ...

"There are so many ways into these networks," he said. "They have to take some responsibility, not just silence the people that are filing complaints."

An AT&T spokeswoman didn't immediately have a comment. She said she would have to check whether customer passwords are encrypted when stored on AT&T servers.

Oh, how comforting! Nice to know security is AT&T's top priority.

Update: And here's AT&T's response:

We investigated Mr. Mitnick's claims and determined they were without any foundation. We refused Mr. Mitnick's demands for money, but did offer to let him out of his contractual obligations so that he could find a carrier that he would be comfortable with.

We require that any systems containing sensitive information regarding passwords encrypt the data. In addition, we send reminders to our customers explaining the importance of using complex, hard to guess passwords and changing them frequently.

Good to know about encrypted passwords, but what's this about demands for money? They didn't even really address the main issue here. [The Register via Boing Boing Gadgets]

The idea is simple—police park this hulking monstrosity in pockets of high crime activity and just leave it there as a deterrent. It sticks out like a sore thumb, and if it's parked in front of your house the whole world knows your nasty business. Despite the fact that police don't spend much time reviewing surveillance footage, the truck has been remarkably successful. Law-abiding citizens have described the changes in their communities as like "night and day."

Law enforcement has been leaving empty cruisers around and setting up radar gun platforms for years now, and the Armadillo seems like the natural extension of the concept. Perhaps the fleet of Armadillos will expand and take on different, recognizable forms that tie into the offense—like parking an armored ice cream truck in front of the homes of known sexual offenders. [WSJ]

You can watch the whole insincere deletion process play out above, but here's a handy guide so you can follow along at home. Turn off your device radio and Wi-Fi connection for maximum OH GOD:

1.) Find a message with a memorable subject line, and delete it.
2.) Go to your trash, and remove the message from there.
3.) Check whatever IMAP folders may be listed on your device—this works with POP too—and make sure your message is really not
there.
4.) Flick over to the main Spotlight search screen, and search for the subject line on that message that shouldn't exist
5.) Be shocked and confused when you find that not only can you see the subject line in a simple search—you can still view the entire message. Your email-based illicit affairs are ruined.

I've tested this, and it works. I even restarted my iPod for good measure, and the message was still in the index, and still accessible by search, despite not appearing anywhere in the main Mail interface. As far as I can tell, there is no way to completely delete emails from iPhone OS 3.0, which isn't just strange, it's a disastrous security flaw.

Still, a few things don't really add up here. The video submitter says he can find emails from months ago, but surely this would result in creeping storage consumption, and has to stop sometime. I mean, doesn't it? And even if these messages are just hiding out in some secret folder or something, and can be deleted by some obscure method, this isn't how a mail client should behave, at all.

Try this yourselves and see if you can find any clues as to what's going on here: I'm as alarmed as I am stumped.

UPDATE: An internal tipster has provided us with proof that Apple is fully aware of this issue and will probably be including a fix in iPhone OS 3.1. Additionally, there are a number of ways to delete the messages from the index—for some, waiting works; for me, even restarting didn't—but the fact remains that deleted emails are left, for some time, fully accessible.

Richard from 148Apps has this workaround, which seems to work fine:

From my messing around with email, the message actually disappears after viewing it a few times. At first I thought the email disappeared after deleting it a few times but I simply viewed the messages about 3 or 4 times and it disappeared.

UPDATE 2: Also, current 3.1 betas don't seem to suffer from this bug, so yeah, a fix is essentially imminent. [CultOfMac]

The illiterate low-life went on to mock:

"I have the laptop, phones ok but a bit scratched itll do, tv was rubbish so I left it , ds was a bonus, now to the porn shop, thankyou toshiba is my favourite make".

The sick scenario is a cautionary true tale to think twice about what data you store on your laptop, and a reminder that you should use some basic security to protect it. [Telegraph via TechRadar]

The $170 system consists of two parts: a rechargeable wireless camera about the size of a pack of cigarettes, and a 2.75-inch wireless receiver/display. Mount the camera, plug-in the monitor up to 30 feet away, and watch the live stream.

Apparently, the camera also has nightvision capabilities (or at the very least works in low-light situations), and can record video to an SD card, which can you then copy over to your computer. [Brick House Security via Gearfuse]

After two weeks, the thief made the mistake of connecting to the internet, and GadgetTrak collected tons of info. It triangulated his longitude and latitude via WiFi (and provided a link to the location on Google Maps!), his IP address, WiFi networks in range, and the username, and even took a photo of him with the iMac's built-in webcam. The iMac and two other stolen laptops were traced to a tattoo parlor in Brooklyn and recovered.

Of course, the system only works if the thief neglects to reformat the hard drive and connects to the internet, but we'd be willing to bet that that's not as uncommon as you'd think. It's a pretty great system, as long as thieves don't figure out how to work around it. [GadgetTrak]

The research team of Alfredo Ortega and Anibal Sacco say that when malware infects a system BIOS, it is able to survive multiple attempts to reflash the core software, and extremely difficult to get rid of. Even worse, because Lojack is white listed by virus and malware scanners, any attacks exploiting this vulnerability on a computer will largely go undetected. And for Laptop Lojack to be effective, it must operate like a stealthy rootkit. Unfortunately, it's installed in the majority of new notebooks from HP, Asus, Dell, Lenovo and Toshiba.

Moral of the story: find a new way to get your stolen laptop back. [ZDnet via Slashdot]

The two figured out how to do this by intercepting the types of signals that get transmitted on a working card, then programming a fake card to reproduce those same signals.

They found that the card has a stored maximum value and only writes how many times the value has been decremented.

In essence, they found a way to give themselves free parking for as long as this system is in place. They declined to detail how exactly you can reproduce this, because they don't want people ripping off the city of SF, so their sole purpose is to get SF to fix their meters to that this can't happen. [Hackaday]

But at least Apple's got an update infrastructure to match their relatively quick remedy; what's really worrying is that some other vulnerable phones—mostly Android and Windows Mobile handsets—are still vulnerable, and whatever updates Google and Microsoft have in store may have a slightly harder time blanketing users without the near-daily update checking built into the iPhone's usage style. UAnd so we will all die, by text message.

UPDATE: Google has patched the exploit in Android, where it was never as dire a concern anyway—your phone could be knocked off the network, but not hijacked.

UPDATE 2: The patch is showing up in iTunes for some folks already. —Thanks, Graham!

[BBC--Thanks, Brian!]

The flaw involves invisible SMS bursts that allow hackers to gain total control over your phone. The two dudes who discovered it plan on unveiling it at the Black Hat conference on Thursday. They say they told Apple about it a month ago, but nothing's been done.

So how do you prevent your phone from being hijacked? Well, if you get a text containing only a single square character, turn your phone off. Fast.

Hey Apple, wanna fix this please? That'd be great. Thanks. [Forbes]

Of course, then they will take off their shoes and be seriously pissed off, either coming after you or your property in retaliation. But hey, without their shoes burglars are rendered completely helpless and docile, right?

The anti-burglar mat goes on sale in Japan (of course) this fall. [CrunchGear via Oh Gizmo! via Neatorama]

The iPhone certainly isn't as ubiquitous for corporate use as BlackBerry or even Windows Mobile, but that's starting to change, and Zdziarski is very concerned that the iPhone 3GS's security puts sensitive data at unnecessary risk. He claims that with easily-available software, anybody can break into an iPhone 3GS and start extracting data within two minutes, and access everything on the phone within 45. After reading this, we could see why companies might just be reluctant to trade their BlackBerrys in for a shiny new iPhone 3GS. [Wired]

Oh, this is what could go wrong:

The technology uses cameras to detect people tampering with the card slots. Another machine then ejects pepper spray to stun the culprit while police response teams race to the scene.

But the mechanism backfired in one incident last week when pepper spray was inadvertently inhaled by three technicians who required treatment from paramedics.

Patrick Wadula, spokesman for the Absa bank, which is piloting the scheme, told the Mail & Guardian Online: "During a routine maintenance check at an Absa ATM in Fish Hoek, the pepper spray device was accidentally activated.

"At the time there were no customers using the ATM. However, the spray spread into the shopping centre where the ATMs are situated."

Maybe it's just me, but I don't want to risk getting a blast of pepper spray in the face if I put my PIN in wrong. [Neatorama]