Smart duvet: the bed that makes itself

A bed that can make itself after being slept in has been developed in Montreal, Canada.

The so-called smart duvet is a grid of inflatable tubes that can be concealed inside a regular bedspread.

The inventor is crowdfunding her device, which she says can help people with limited mobility.

Article source:

‘Frighteningly easy’ for criminals to get Visa card details, study claims

Visa credit cardImage copyright

Image caption

Visa said the research did not take account of other layers of online security

It is “frighteningly easy” for criminals to get security details for a Visa debit or credit cards, according to research from Newcastle University.

Fraudsters are able to work out expiry dates and security code numbers by making multiple invalid attempts on different websites, the team claims.

It is thought a similar method was used in the recent Tesco Bank fraud hack.

Visa said the research did not take into account other layers of security such as its Verified by Visa system.

According to the research, which has been published in the journal IEEE Security Privacy, fraudsters use a so-called Distributed Guessing Attack to get around security features put in place to stop online fraud.

‘Unlimited guesses’

Mohammed Ali, a PhD student at the university’s school of computing science and lead author, said: “The current online payment system does not detect multiple invalid payment requests from different websites.

“This allows unlimited guesses on each card data field, using up to the allowed number of attempts – typically 10 or 20 guesses – on each website.

“Also, different websites ask for different variations in the card data fields to validate an online purchase. This means it’s quite easy to build up the information and piece it together like a jigsaw.

“The unlimited guesses, when combined with the variations in the payment data fields make it frighteningly easy for attackers to generate all the card details one field at a time.”

The team said MasterCard’s security network detected similar attacks after less than 10 attempts.

A spokesman for Visa said: “The research does not take into account the multiple layers of fraud prevention that exist within the payments system, each of which must be met in order to make a transaction possible in the real world.

“Visa is committed to keeping fraud at low levels and works closely with card issuers and acquirers to make it very difficult to obtain and use cardholder data illegally.”

It said it also had its own Verified by Visa system which offered improved security for online transactions.

Article source:

Fake Apple chargers fail safety tests

genuine apple charger

Investigators have warned consumers they face potentially fatal risks after 99% of fake Apple chargers failed a basic safety test.

Trading Standards, which commissioned the checks, said counterfeit electrical goods bought online were an “unknown entity”.

Of 400 counterfeit chargers, only three were found to have enough insulation to protect against electric shocks.

It comes as Apple has complained of a “flood” of fakes being sold on Amazon.

Apple revealed in October that it was suing a third-party vendor, which it said was putting customers “at risk” by selling power adapters masquerading as those sold by the Californian tech firm.

The Trading Standards tests were performed by safety specialists UL.

They applied a high voltage to the chargers, which were bought online from eight different countries, including the US, China and Australia, to test for sufficient insulation.


Leon Livermore, the chief executive of Chartered Trading Standards Institute, urged shoppers to buy electrical goods only from trusted suppliers.

“It might cost a few pounds more, but counterfeit and second-hand goods are an unknown entity that could cost you your home or even your life, or the life of a loved-one,” he said.

A separate operation found that of 3,019 electrical goods bought second hand, 15% were non-compliant.

Officers said the unsafe electrical items, which came from charity shops, antique dealers and second-hand shops, had failings such as counterfeit plugs and basic insulation.

How to spot a dangerous fake charger

  1. Plug pins – Plug the charger into a socket, but don’t switch it on or connect to a device. If the charger does not fit easily, the pins may be the wrong size. There should be at least 9.5mm (0.3in) between the edge of the pins and the edge of the charger
  2. Markings – Look for a manufacturers’ brand name or logo, model and batch number. Check for the “CE” safety mark, but be aware it can be easily forged
  3. Warnings and instructions – User instructions should include conditions and limitations of use, how to operate the charger safely, basic electric safety guidance and details of safe disposal

Source: Trading Standards

Gillian Guy, chief executive of Citizens Advice, said: “Counterfeit electrical goods are likely to be poor quality and in the worst cases unsafe.

“Look out for tell-tale signs of counterfeiting such as mistakes in brand names or logos, and check plugs for safety marks – all genuine electrical items made in the EU should have a CE mark on them.”

Consumers were also urged not to overcharge appliances and to never cover devices when charging or use a charger with a cracked case or frayed cable.

There is no suggestion the company involved in the Apple case sold the chargers used in the Trading Standards tests.

Article source:

GoPro makes cutbacks after drone crashes

Nick WoodmanImage copyright
Getty Images

Image caption

GoPro’s chief executive, Nick Woodman, had previously forecast the company would return to profit in early 2017

Action camera-maker GoPro is cutting 200 jobs and shutting down some of its services.

The announcement follows a series of drone crashes that made the company recall its much anticipated Karma aircraft.

In addition, the US company said its president, Anthony Bates, would quit his post at the end of the year after three years in the job.

GoPro said that consumer demand for its products remained “solid”.

However, the company has posted a loss in each of its past four quarters.

At the start of this month it also revealed its cash reserves had fallen to $132m (£106m) – less than half the amount at the start of the year.

“I knew they were in trouble, but I didn’t expect them to have such a dramatic fall from grace,” Tom Morrod, director of consumer electronics at the IHS consultancy, told the BBC.

“The Karma drones were their recover strategy, and when they had to be recalled it faltered. This is the result.

“GoPro was struggling as an action cam specialist, which is why it needed an alternative market. The fact that the device was unsalable has damaged its prospects, at least temporarily.”

Media captionWatch: Dave Lee gets hands on with GoPro’s Karma quadcopter

The job cuts represent 15% of the California-based company’s workforce.

The move reflects the fact that even if the fold-up Karma drone returns to sale, GoPro will probably have missed out on the Christmas shopping season.

It had sold about 2,500 of the drones in the 16 days they were on the market.

A problem with the machines caused a number of them to lose power mid-flight, causing them to fall uncontrolled out of the air.

One video of an accident showed the drone diving on to a beach on which people were walking.

There have been no reports of injuries. However, the company is being sued over claims it misled investors about demand for the product and took too long to alert the public to its power supply flaw.

Entertainment shutdown

Reviews for GoPro’s new Hero 5 cameras have generally been positive. The new devices introduced voice control, electronic image stabilisation and built-in water resistance.

However, some technology blogs doubted whether the features were enough to convince existing owners to upgrade.

And the company faces increased competition from rival action cams and the improved quality of smartphone cameras, many of which now also offer protection against water.

As part of its cutbacks GoPro is also closing its entertainment division.

The operation was announced in July 2015 and offered owners thousands of dollars for videos they had filmed using its equipment.

Image copyright

Image caption

GoPro’s licensing portal does not appear to have proven popular

In return it wanted the right to promote their content through its social media accounts.

It also sought to sell the rights to the material to advertising agencies and split the proceeds.

The company described it as a “no-brainer” for creative professionals at the time.

GoPro’s shares were trading 2.5% up on the day by early afternoon in New York, but they remain down on their value at the start of the year.

Article source:

Netflix to allow TV and movie downloads

Better Call SaulImage copyright

Image caption

Better Call Saul and Breaking Bad can be downloaded, but many of the Marvel superhero TV series cannot

Netflix is allowing some of its shows and films to be downloaded and watched offline, the company has announced.

It had previously said letting people download shows added too much “complexity” to its experience.

Other video apps such as BBC iPlayer, All 4 and Amazon Prime Video already let viewers watch content when offline.

Netflix said some of its original programmes were already available to download and more would be made available in the future.

Image copyright

Image caption

Shows are downloaded to the device for offline playback

“It’s surprising because just weeks ago they said it wasn’t going to happen,” said Tom Harrington from the consultancy Enders Analysis.

“You can understand why they wouldn’t want to do it because it opens up a whole pot of rights issues. Offering a download service will cost Netflix more.

“But everyone else is already doing it. Amazon is doing it, Sky has been doing something similar with Sky Q. Netflix doesn’t want to be left behind, or compared unfavourably to rivals.”

Article source:

National Lottery accounts feared hacked

National Lottery logoImage copyright

About 26,500 National Lottery accounts are feared to have been hacked, according to its operator Camelot.

The firm said it did not believe its own systems had been compromised, but rather that the players’ login details had been stolen from elsewhere.

The company said that no money had been taken from or added to the compromised accounts.

But it added that there had been other suspicious activity on fewer than 50 of them.

The Information Commissioner’s Office said it had launched an investigation into the matter.

“Camelot submitted a breach report to us last night which we have reviewed. We will be talking to Camelot today,” said a spokeswoman.

“The Data Protection Act requires organisations to do all they can to keep personal data secure – that includes protecting it from cyberattacks. Where we find this has not happened, we can take action.

“Organisations should be reminded that cybersecurity is a matter for the boardroom, not just the IT department.”

Personal information

Camelot said it became aware of the problem on Sunday.

“We are currently taking all the necessary steps to fully understand what has happened, but we believe that the email address and password used on the National Lottery website may have been stolen from another website where affected players use the same details,” it said in a statement.

“We do not hold full debit card or bank account details in National Lottery players’ online accounts and no money has been taken or deposited.

“However, we do believe that this attack may have resulted in some of the personal information that the affected players hold in their online account being accessed.”

A spokeswoman added that the accounts represented a small fraction of the draw’s 9.5 million registered online players.

Camelot is contacting the owners of the accounts thought to have been compromised and instructing them to change their passwords.

One security expert said there had been many recent attacks where logins stolen from one platform had been tested and used to breach another.

But he still had concerns about Camelot’s explanation.

“If there’s 26,500 accounts here and they are saying the credentials are correct but they didn’t come from us, they still let an attacker log in 26,500 times,” said Troy Hunt.

“That alone is something that illustrates a deficiency.”

Camelot has defended its systems.

“We do have extremely robust systems in place. However, cybercriminals are very persistent and, in this case, used multiple, different IP [internet protocol] addresses over a short period of time.

“As soon as we detected [a] significant increase in both attempted and failed log-ins, we were able to quickly take action to block them.”

Other recent attacks targeted at the UK public include:

  • Deliveroo – users of the takeaway food app said their accounts had been billed for food they had not ordered. The firm said the hacks had been carried out using passwords stolen from elsewhere
  • Sony PlayStation Network – hundreds of gamers complained about being locked out of their online accounts. Many said that once Sony had restored their access, they had found that funds were missing. The firm suggested the users might have had their credential stolen by a phishing campaign
  • Tesco Bank – a total of £2.5m was stolen from about 9,000 of the bank’s online accounts. The firm has said it was a “systematic, sophisticated attack” but has not provided further detail

Password tips:

Image copyright

The University of Surrey’s Prof Alan Woodward says these rules should be observed when setting an online password:

Don’t choose one obviously associated with you

Hackers can find out a lot about you from social media so if they are targeting you specifically and you choose, say, your pet’s name you’re in trouble.

Choose words that don’t appear in a dictionary

Hackers can precalculate the encrypted forms of whole dictionaries and easily reverse engineer your password.

Use a mixture of unusual characters

You can use a word or phrase that you can easily remember but where characters are substituted, eg, Myd0gha2B1g3ars!

You can make this even stronger by adding in some random characters, eg Myd0g*ha2B1g$3ars!, if you can remember them. But don’t be tempted to make the phrase simpler and shorter in order to help you recall it.

Have different passwords for different sites and systems

If hackers compromise one system you do not want them having the key to unlock all your other accounts. As we all have so many accounts, you should consider using a password manager. This has the added advantage that it will suggest strong passwords.

Article source:

‘Snoopers’ charter’ petition hits signatures target

Big Ben and security cameraImage copyright

A petition asking the UK government to repeal its new Investigatory Powers Act now has more than 118,000 signatures.

This means that it must now be considered for parliamentary debate.

Internet providers will soon have to record which services their customers’ devices connect to – including websites and messaging apps.

They must keep this information for one year and share it with various departments and organisations on demand.

The government says it will help in the fight against terrorism.

Its critics have named it the “snoopers’ charter”, and it is described in the petition as “an absolute disgrace to both privacy and freedom”.

The act was first proposed by Prime Minister Theresa May when she was Home Secretary and was approved by the House of Lords on 19 November.

It is expected to become law by the end of 2016.

Blogger Chris Yiu compiled a list of the 48 organisations and departments that will be able to access the browsing records of individuals without a warrant.

They include various police, military, government and NHS departments as well as the Food Standards Agency, the Gambling Commission, the Financial Conduct Authority and the Health and Safety Executive.

The required data covers only the domain name of each site visited – or, for example – not the individual pages within them.

“So long right to privacy, hello 1984,” wrote Mr Yiu.

‘Mistakes will happen’

The chairman of the Internet Service Providers’ Association (Ispa), told the BBC last week that he was concerned such a database would eventually be hacked.

“You can try every conceivable thing in the entire world to [protect it], but somebody will still outsmart you,” he said.

“Mistakes will happen. It’s a question of when. Hopefully it’s in tens or maybe a hundred years. But it might be next week.”

The government’s Joint Committee on Human Rights said in June that the data gathering was “capable of being justified”.

“The bill provides a clear and transparent basis for powers already in use by the security and intelligence services, but there need to be further safeguards,” said Harriet Harman, chairing the committee.

Jim Killock, director of the Open Rights Group, wrote in a blog post for the Huffington Post that “not all of the bill is completely bad” but that the issue of data retention and security needed addressing.

He described the creation of a database of internet connection records that was searchable by the authorities as “incredibly intrusive”.

Article source:

Amazon imposes limit on reviews

Man's hands typing on a computer keyboardImage copyright
AFP/Getty Images

Online marketplace Amazon has placed a limit on the number of reviews shoppers can leave on the site.

In a bid to put a stop to false feedback, people can now write only five reviews a week of items not bought via the online store.

The change applies to most products and is part of efforts to clamp down on people selling positive comments.

The change is Amazon’s latest step in its battle to ensure users trust its listings.

Earlier this year, Amazon began suing sellers for buying fake reviews and then imposed tougher restrictions on companies that offered free products in return for customers’ ratings.

Users can still review as many items as they like if the goods are purchased via the website.

“The change makes a lot of sense. There has been a massive clampdown on fake, bogus and heavily influenced reviews recently,” said Patrick O’Brien, retail analyst at Verdict Retail.

In October, Amazon announced the end of ”incentivised reviews”.

While direct compensation for reviews had never been allowed, there was an exception – reviewers could until last month post a review in exchange for a “free or discounted product as long as they disclosed that fact”, according to Amazon’s website.

Now, that has changed. Such reviews can appear on the site only via Amazon’s own program, Vine.

Five’s the limit

Amazon published its updated rules in its Customer Service section.

“You can submit five non-Amazon verified purchase reviews each week, starting on Sunday,” it says.

Amazon also reserves the right to restrict reviews of certain products to users who have bought it via the site if “unusually high numbers” of reviews are submitted in a short period of time.

“Amazon’s review system is very impressive in terms of the volume of reviews there, it’s far superior to those of competitors,” said Mr O’Brien.

“The new rules will make it very difficult for people who are trying to make money by selling fake reviews. It does show Amazon is taking this matter seriously.”

The new rules will not apply to books.

Article source:

BT ordered to legally split from Openreach by Ofcom

BT Openreach vanImage copyright

Telecoms regulator Ofcom has ordered BT to legally separate from its Openreach division, which runs the UK’s broadband infrastructure.

Openreach should become a distinct company within the BT group, the regulator said.

BT had not voluntarily addressed competition concerns Ofcom laid out in July, it said.

Ofcom said it was preparing a formal notification to the European Commission to start the process.

The regulator has resisted calls to split Openreach off entirely, which telecoms rivals have sought.

Ofcom said BT had not gone far enough to address its concerns about BT’s ability to favour its retail business when making investment decisions in Openreach.

It wants Openreach to become a distinct company with its own board, with non-executives and a chairperson not affiliated with BT. It also wants Openreach to have control over its branding and budget allocation.

Openreach would also have a duty to treat all of its customers equally, the regulator said.

Talks continue

On Monday, BT had appointed Mike McTighe – who was on the board of Ofcom between 2007 and 2015 – as the first chairman of Openreach.

BT said in a statement: “We put forward proposals in July that we believe are fair and sustainable, and that meet Ofcom’s objectives without disproportionate costs.

“We are implementing these proposals, and have just appointed Mike McTighe to be the first chairman of Openreach. We are in discussions with Ofcom on two outstanding issues, the reporting line of the Openreach chief executive and the form of legal incorporation.

“We will continue to work with Ofcom to reach a voluntary settlement that is good for customers, shareholders, employees, pensioners and investment in the UK’s digital future.”

Analysis: Dominic O’Connell, Today programme business presenter

BT’s rivals, including Sky and Talk Talk, had complained bitterly about the service they received from Openreach, saying it charged too much for the use of broadband lines and was unresponsive to their demands. They wanted a full break-up of BT, with Openreach being turned into a separate company.

Ofcom has come some of the way, with Openreach now to become a legally separate entity, with its own independent board. But crucially it will still be owned by BT. Telecoms experts say the devil will be in the detail – how much control will BT be able to exert over Openreach under the new structure?

Sky and Talk Talk will be watching for any signs of too much influence – but if BT has no say at all over Openreach, it may in the end decide to break itself up anyway.


BT shares wobbled in early trading, losing 1.5% at first before recovering to trade higher by 0.5%.

Dido Harding, the chief executive of TalkTalk, told the BBC that “consumers and businesses across the country are completely fed-up that their broadband doesn’t work”.

“In the sense that it is a small step in the right direction it is a good thing, but I think it’s important to remember it is only a small step… because… Ofcom’s proposal is for quite complex corporate governance, and even this complicated legal separation is one that BT Group has been fiercely resisting,” she said.

‘Clear flaws’

Despite the appointment, the BBC understands that Ofcom is still concerned that – against its wishes – Openreach chief executive Clive Selley will continue to report directly to BT Group chief executive Gavin Patterson.

Ofcom is also concerned that Openreach will not end up in control of its own assets and cash, and that it may not be able to consult confidentially with customers such as Sky and TalkTalk.

The BBC understands that BT is concerned that transferring Openreach assets and cash will incur costs that would take away from investment in broadband infrastructure.

Kester Mann, an analyst at CCS Insight, said: “Today’s news shows that Ofcom remains hugely concerned over BT’s ability to satisfy its competition concerns.

“It again highlights clear flaws in the existing Openreach model and a worry that UK broadband deployment could be restricted without serious change.”

He said BT’s rivals could criticise Ofcom for not pushing for structural separation, but they should see Ofcom’s efforts to engage with the European Commission as “a partial victory”.

Article source:

Skyscanner sold to China travel firm Ctrip in £1.4bn deal

A screengrab of the Skyscanner websiteImage copyright

Skyscanner, the UK-based travel search business, has been bought by Ctrip, China’s biggest online travel firm.

The deal values Skyscanner at about £1.4bn ($1.75bn).

The firm, which has its headquarters in Edinburgh, is available in more than 30 languages, with about 60 million monthly active users.

It was set up to let users compare prices from different travel sites when searching for flights, hotels, and rental cars.

Skyscanner said it would continue to run independently, with the same management team.

Simon Jack: Is the Skyscanner deal good or bad news?

The news of the deal comes just hours after Chancellor Philip Hammond promised £400m to help Britain’s successful digital start-ups avoid being snapped up by larger rivals.

“I am taking a first step to tackle the long-standing problem of our fastest growing technology firms being snapped up by bigger companies, rather than growing to scale,” Mr Hammond said in his Autumn Statement.

You might also like

Watchdog cans Heinz beans advert

White House kudos for Ellen DeGeneres over gay rights

Texas diner gives waiter $750 to visit family

‘Powerful technology’

Ctrip was founded in 1999 and is one of China’s best-known travel businesses.

The deal would “strengthen long-term growth drivers for both companies,” said James Jianzhang Liang, co-founder and executive chairman of Ctrip.

“Skyscanner will complement our positioning at a global scale and Ctrip will leverage our experience, technology and booking capabilities to Skyscanner’s,” he added.

Skyscanner was set up in 2003, and co-founder and chief executive Gareth Williams said the deal took his firm closer to its goal “of making travel search as simple as possible for travellers around the world”.

Media captionSkyscanner CEO on the secrets of being a boss

BBC’s Dougal Shaw on meeting an unassuming boss

You have to go through a slick PR machine to get time with Gareth Williams. But once you reach him, it’s like having a chat with a friendly, unassuming bloke down the pub.

Which is how his company was founded. Gareth Williams thrashed out the original idea for Skyscanner with two university friends in a pub back in 2001.

A passionate skier, he was frustrated by the time it took to sort through potential flights.

Lean in and listen carefully. Every softly-spoken word is measured, well-considered and laser-like to-the-point.

I met him this summer for a recording of CEO Secrets, our entrepreneurship series.

Interestingly, the Skyscanner team is very keen to play down the label of being a “unicorn company”, a young company valued at more than $1bn, even though that’s an elite club that you’d think would be nice to join.

Forget that, they told me. They were more keen to talk about their actual revenues from customers, their rate of growth and their next generation work with automated bots.

Perhaps that’s what sealed the deal with Ctrip.

Image caption

Skyscanner says it will continue to be based in Edinburgh

“Ctrip and Skyscanner share a common view – that organising travel has a long way to go to being solved. To do so requires powerful technology and a traveller-first approach,” Mr Williams said.

The sale comes about a year after Skyscanner announced a fresh round of investment to help it expand. Its backers include investment firm Sequoia as well as the Malaysian government’s strategic investment fund, Yahoo Japan and fund manager Artemis.

Its biggest investor, Scottish Equity Partners, welcomed the sale and said it was “particularly pleased” that Skyscanner would continue to be headquartered in Edinburgh and to operate independently.

Shanghai-based Ctrip became China’s biggest internet travel service after merging with a similar business, Qunar, last year. That deal gave Chinese internet giant Baidu, which controlled Qunar, a 25% stake in Ctrip.

Analysis: Dominic O’Connell, Today business presenter

Two days after Theresa May promised the CBI a more interventionist industrial policy, one which might stop important British companies being sold to foreign rivals, along comes a deal to expose the shortcomings of such a promise.

Skyscanner, the Edinburgh-based technology company, has been sold to a Chinese rival for £1.4bn. Skyscanner sells travel online, but it is much more than just another travel website; its technology frequently sees it cited as one of Britain’s top technology companies, and it is one of the UK’s few “unicorns” – youngish tech companies with valuations north of $1bn.

When pundits try and come up with candidates to be the “British Google”, Skyscanner is a name that frequently comes up.

It is hard to see, however, what Theresa May could have done – even once her new industrial policy is in place – to stop the sale.

Like most British tech companies, Skyscanner has a small army of investors, ranging from traditional private-equity investors to technology specialists like Sequoia Capital.

It would be hard to argue that there is some national interest in interfering to keep it in British hands, and to do so would interfere with the basic rights of investors to sell their property.

Article source: