Even in the end of the year, there is no rest for the leaks. OnLeaks has broadcast a video of a very accurate rendering of what should be the Moto X 2017. In the end, no big surprises, but little touch-ups that seem primarily intended to give her an air of definitely modern. Check out the video below.
Moto X more pleasant to see
The overall impression is very similar to the Moto Z, but it is easy to see a few small edits designed to improve the overall design. As well, the fingerprint reader of which the black color contrasted sharply with the mobile phone is replaced here by an oval of the same color in order to present a more harmonious.
The rest is done on small details. Among them, we note that the volume keys are collected on the same coin, as the borders were changed to allow a better grip of the camera and the LED flash are much better integrated than on the Moto Z.
A model of mid-range
This phone looks destined to be a mid-range for a number of reasons. First of all, it will not have the compatibility with the MotoMods as confirmed by the absence of connectors. But above all, it will be equipped with a micro-USB. A real surprise then that 2017 should be the year of the standardization of the USB-to-C. It is, therefore, rather of a phone transition after a year 2016, or the range has been paused.
in addition, the phone is thick, very thick. 8.4 millimetres between the screen and the back and 9.5 mm if one takes into account the photo sensor. A monster compared to the Moto Z. Finally, its screen only offers a 5.2-inch, while the Moto Z proudly displays 5.5 inches.
The release date and the price of the Moto Z are still unknown. But we should know more on the occasion of the Mobile World Congress held in Barcelona from 27 February to 2 march.
To 400 km above our heads, there is the international space Station and Thomas Pesquet. Launched at full speed, it goes around the Earth 16 times per day. For an astronaut French, new year’s eve is planetary, his first vows are for New Caledonia.
Yesterday, Friday, December 30, François Pesquet made us share his burger space, but for big occasions, like this evening, Saturday, December 31, he released the special menu feast prepared by the French chefs Ducasse and Marx. Input, the tongue of beef with foie gras, followed by a chicken supreme with morel mushrooms. And for dessert gingerbread. But this meal will be the only of the excesses of the New Year aboard the space station. For Thomas Pesquet, the 1st of January will be a day of work.
there will not be a “Google tax” for the moment in France. Integrated with the finance bill 2017, the article was rejected by the Constitutional Council. Following the example of several neighboring countries who have tried, sometimes successfully, to impose laws to the web giants to block tax evasion, the law could allow the French State to win between 500 million and 1 billion euros.
A law is too specific ?
The “Google tax” here was the emanation of an amendment to the mp PS Yann Galut, its aim was to tackle the “diversion-of-profits ” made “ at the expense of the State, public services, local businesses, competitors, and citizens ” by “fast food giants ” and ” internet “.
The Sages believe that the State should not have ” the power to choose the taxpayers who should or should not fall within the scope of application of the tax on companies “. In a more clear way, the commission considers that there cannot be two categories of taxation, one at 33% and the other at 38%, for the enterprises according to the desire of the tax administration. A response is not really satisfactory for Yann Galut : ” I’m angry, because it is a decision that is incomprehensible ! That keeps in the state a scandal tax : the multinationals pay only 3 % corporate tax through complex arrangements when our SMES pay 30 % ! “
Several countries have already tried
This is the second time that an amendment to the giants of the web is retoqué in France. The first time in 2014, the goal was to force them to declare their tax optimization schemes to the administration. Among our european neighbors, Spain had the back facing the shutdown of Google News. It is in the United Kingdom that the tax works for the moment. A tax of 25% has been established on the profits diverted from the multinational companies.
so It is back to square one for proponents of a Google tax in France. It will resume the legislative process from scratch, either push for tax harmonization in europe. The two seem to be now very compromised.
If the players have somewhat abandoned the PC in favour of consoles in previous years, the figures for 2016 to confirm the good health of the platform.
A market important
On the $ 91 billion that have pocketed the manufacturers of video games in 2016, $ 36 billion are from sales of games on PC, reveals the firm SuperData, specialized in the video game. The sales of paid games for PC has experienced a growth of 18 % this year, just behind that of games on mobile, up 19 % year on year. These good results are explained in part by the release of a new generation of graphics cards generaTon, who offer 40 % more power while consuming 20 % less energy, consider the specialists of SuperData.
The dematerialization would have a positive effect on the turnover of the sector : the acquisition of the game by downloading would be more stimulating for the commitment of expenditure by the consumer in the game, say the authors of the study.
The free games are booming
The games market for the PC is pulled up by the titles for free download, or “freemium” : the basic features being offered, many supplements are paying off. The well-known games to the public, such as League of Legends, as well as new entrants such as Overwatch, arouse the enthusiasm of the players. The craze for games free is also very marked on the side of the MMO : the paid games have seen a decline of 22 %, while the MMO free have grown 35 %. SuperData expects that the sales of PC games for free continues to rise in 2017 (us $ 19.6 billion in 2017, against 18.6 billion in 2016). The paid games for PC should continue their decline ($ 5.3 billion by 2017, down from 5.4 billion in 2016), before returning to colour in 2018.
also read : The best video games for Christmas Top video games sold in France
The social network wants to integrate a system for the automatic detection of the content in violation of copyright law, responding to an urgent request of the music industry’s american.
The Get Down
like Content ID in place by, and on YouTube, Facebook is currently working on a tool for the automatic identification of videos protected by copyright, reports the Financial Times.
After a subsidiary of Google, the music industry is so poised to win on the social network. Once detected, the offending content should be blocked.
Facebook, under pressure from the music industry
The object of the wrath ? The amateur videos that contain music tracks without the slightest copyright, so in total infringement of the intellectual property of the majors of the disc and other artist.
once established, and as this happens on YouTube, Facebook is expected to conclude licensing agreements with the labels to them pay royalties. Negotiations which are expected to continue until next spring advance daily life.
A tool-inspired Content ID of YouTube
The music industry has always criticized YouTube for not paying properly to artists and rights holders for the distribution of their titles on the platform. In this respect, YouTube provided yet in the beginning of the month having paid not less than a billion dollars of advertising revenue to the different labels.
The National Music Publishers' Association, representing over 800 american publishers, would have identified nearly 900 videos using that without copyright 33 titles trustant the top of the music charts. Clips have been viewed over 600 million times… or as much revenue that are beyond their control.
It will be interesting to analyse the strategy of Facebook in the field : the video is the media darling of the platform, one on which Menlo Park relies on to ensure its growth, especially on mobile.
The constitutional Council has rejected the “Google tax” establishing a tax for the foreign multinational companies that practice tax optimization.
Por the withholding at the source, the leading measure of the budget in 2017, it goes. A priori. But it breaks for the Google tax. The constitutional Council, called to decide on some points of the finance bill 2017, has retoqué this device, the purpose of which was to counteract the practices of tax optimization of multinationals, such as Google. Built-in extremis to the budget in 2017 by an amendment to the socialist deputy Yann Galut, the Google tax was inspired by a 25% tax put in place in the Uk for 2015 on the ” profits diverted “.
Why the constitutional Council has-t-he censored a provision that would have reported a fortune estimated between 500 MILLION and 1 billion eur per year to the State ? The Sages argue that the tax administration may not have ” the power to choose the taxpayers who should or should not fall within the scope of application of the tax on companies “.
which may Include… ” As always, it is dressed a bit complicated, but in tax matters, it is always complicated “, plays Didier Maus, professor of constitutional law at the university of Aix-Marseille (Bouches-du-Rhône). Who deciphers : “The argument of the constitutional Council is that of equality : the law may not say certain companies will the regime 1 (editor’s NOTE : the tax on corporate classic, to 33 %), others in the regime 2 (the Google tax, with a rate of penalty to be 38 %), and the transition from 1 to 2 will depend on the good or the bad will of the tax administration. Legally, it is unstoppable… “
A bitter pill
Not enough to convince Yann Galut. “I’m angry, because it is a decision that is incomprehensible ! That keeps in the state a scandal tax : the multinationals pay only 3 % corporate tax through complex arrangements when our SMES pay 30 % ! “
The government had initially been very reserved about the Google tax. Recently, Michel Sapin, the minister of Finance, pointed out that it did not ” have been supportive “, considering that the current devices are sufficient. But finally, the amendment — passed unanimously of the members present, had been reworked with the support of Bercy. The catch ? “What has been invalidated had been added at the request of the government… “, says Yann Galut.
The pill seems to be all the more hard to swallow that in December 2014, already, the Wise men had censored an amendment on the reporting obligation of tax optimization schemes to the administration. “The constitutional Council has a conservative approach to the fight against tax evasion ! Or ultra-liberal, I don’t know… “, storm the deputy of Cher.
The decision is a victory for Google as for all the multinational companies transfer part of their profits outside France. The money spinning often to a destination — Ireland — where corporate tax is much milder than in France (12.5 per cent instead of 33 %).
The proponents of the fee Google will have to put the work back on the loom. The other solution is one… of tax harmonization within the european Union. It is not tomorrow the day before, say most experts.
” If we understand. “This is in substance what responded the members of the constitutional Council to parliamentarians, arguing that some provisions on the deduction at source of tax on income were” unintelligible “. For all this, the Sages have sifted through four points of measurement. To be clear, this fiscal revolution, expected to enter into force on January 1, 2018, is not at the shelter, in the year that opens, ” priority issues of constitutionality “. Many other aspects of the text could be the subject of appeal. Michel Sapin, the minister of Finance, he planned this war legal ? “There may be departments in which it will be difficult to occupy the five months that come, it will not be the case here…, î he told recently.
For the levy at source, the leading measure of the budget in 2017, it goes. A priori. But it breaks for the Google tax. The constitutional Council, called to decide on some points of the finance bill 2017, has retoqué this device, the purpose of which was to counteract the practices of tax optimization of multinationals, such as Google. Built-in extremis to the budget in 2017 by an amendment to the socialist deputy Yann Galut, the Google tax was inspired by a 25% tax put in place in the Uk for 2015 on the ” profits diverted “.
Why the constitutional Council has-t-he censored a provision that would have reported a fortune estimated between 500 MILLION and 1 billion eur per year to the State ? The Sages argue that the tax administration may not have ” the power to choose the taxpayers who should or should not fall within the scope of application of the tax on companies “.
which may Include… ” As always, it is dressed a bit complicated, but in tax matters, it is always complicated “, plays Didier Maus, professor of constitutional law at the university of Aix-Marseille (Bouches-du-Rhône). Who deciphers : “The argument of the constitutional Council is that of equality : the law can not say, some companies have the plan 1 ( editor’s NOTE : the tax on societies a classical, 33 % ), other plan 2 ( the Google tax, a rate penalty (38 % ), and the transition from 1 to 2 will depend on the good or the bad will of the tax administration. Legally, it is unstoppable… “
A bitter pill
Not enough to convince Yann Galut. “I’m angry, because it is a decision that is incomprehensible ! That keeps in the state a scandal tax : the multinationals pay only 3 % corporate tax through complex arrangements when our SMES pay 30 % ! “
This night, Jack Dorsey, the CEO of Twitter has asked users of the social network what feature they would most like to see appear on Twitter. The response has been unanimous : the ability to edit tweets to correct in case of error. This would not be without consequence on the way the social network is used.
This night, Jack Dorsey was visibly in need of inspiration to find good resolutions to be presented for the next week. He has therefore asked his followers "What is the most important thing that you would like to improve or create on Twitter by 2017 ?".
Edit tweets, the feature most requested
And, unsurprisingly, the most requested feature was the ability to edit his tweets. In other words, the possibility of correcting the mistakes in spellings, to remove a photo inserted by mistake, or even rewrite a statement clumsy. Jack Dorsey is well aware that it is something very expected by users.
A way to edit his tweets is really necessary. But for the whole world, not only for those whose account has been certified
But as pointed out by many users, this can be potentially dangerous. In the case of Twitter, where tweets may be retweeted (repeated) several thousand or even hundred of thousands of times, what would happen if the tweet in question was edited to display a different message a few hours or a few days after ? If a joke harmless, turned into an image shocking ?
The complicated case of the tweets changed that have been retweeted thousands of times ?
The answer to these problems is not obvious. One of the proposed solutions would be to allow the amendment of a tweet in only a few minutes after its publication, as well as an icon or a marker indicating that the tweet has been modified. Jack Dorsey also goes so far as to propose to display a changelog of changes to the tweet in question.
The CEO of Twitter has also noted on his account that he will focus on the proposals of the users in the day. Among the things most in demand, in addition to publishing the tweets, are also applications of tools of reporting more efficient, to improve the usability of the interface (lists for example) or private messages.
The constitutional Council has validated the core part of the law of finance in 2017, while expressing reservations on the forecasts of the budget deficit.
World | • updated | By Bertrand Bissuel
François Hollande and the government of Bernard Cazeneuve, may push a “phew” of relief. The collection at the source, which is one of the most important reforms of the last five years, has not been censored by the constitutional Council. Called to vote on the budget by 2017 – which introduces the new method of calculation and collection of income tax, the high court has dismissed the complaints made by opposition parliamentarians against the device. So far, its decision, rendered Thursday, December 29th, does not mean that this “big bang” tax is posted in its entirety as the Council only examined on the few paragraphs which are disputed by the elected officials of the right. The other provisions, “saved,” by their actions, may very well be harmed later – through, for example, of priority issues of constitutionality (QPC).
Read also : The decline of the tax on the income will occur from the month of January
regarding the withholding at the source, which should enter into force at the beginning of 2018, a number of criticisms had been expressed by the deputies and senators of the opposition. They considered the extent unintelligible, given the complexity of the different sampling rate. An Argument swept by the Council : there is ” a common-law rate “, corresponding to the puncture on the overall income of the household, and ” rate default “, applicable, at the request of the taxpayer, only on his income. Thus, an employee who desires that his tax rate is not known to the employer can ” choose [the] default rate “, argues the Board.
2017, the year of transition
Another accuses the elected officials of the right : the breach of privacy, related to the fact that the administration communicates to the business rates levy. This principle is actually scratched, admits the Council, but such ” the infringement is justified by the general interest “ : in the present case, it is to prevent taxpayers undergo ” a one year lag between the collection of revenues and the payment of the tax “, as is the case at the present time. Moreover, adds the court, an individual may choose ” the default rate, which does not reveal the tax rate of his home, “.
The Board also rejects the idea, supported by the parliamentary opposition, according to which the device would violate the principle of equality. The point is criminalized for 2017 : for this ” year of transition “, the taxpayer will pay a tax on its income in 2016 and in 2018, the puncture will be on its resources of 2018. Consequently emerged the fear that some taxpayers, executives of companies, in particular, derive part of the reform to increase by 2017 their cash flow, which would exempt these taxes. Not at all, argues the Council : the finance bill contains clauses that anti-abuse ” tend to avoid “ that some taxpayers are able to ” to arbitrate in favour of a higher compensation in respect of the year 2017 “.
outside of the withholding at the source, the elected Republicans have challenged the Council on the deceptions that recèlerait, in their eyes, the budget for 2017 : growth assumptions are overstated, expenses, deferred inflows of anticipated revenues… so Many subterfuges in order to improve artificially the financial statements. The Board does not subscribe to such an analysis but, rather unusually, he expresses reservations supported, which abound in the sense of the observations of the Court of accounts. And does he consider, with a nice sense of understatement, that ” the assumptions for 2016 and 2017 may be regarded as optimistic, especially in regards to the deficit to 2017 “. It also notes that the finance bill ahead of actually a year-some tax revenue “, and that the risk of a skid of the ” public spending are more important in 2017 than in previous years “. In addition, there are expenses that ” wi ll only produce their effects on the fiscal balance that from 2018 “, that is to say, after the departure of Mr Hollande on the Elysee… To the extent, counterbalances, you can’t accuse the government of having had ” the intention to distort the broad outlines of the balance of the law “. Similarly, he adds, ” it is not clear from the elements [available] as the resources and expenses of the State for 2017 would be presented in a manner so sincere “.
” historic Reform “
The government is doing so rather well. What have not failed to emphasize, Thursday night, the minister of finance, Michel Sapin, and the secretary of State for the budget Christian Eckert. With a small hint of complacency, they welcome, in a press release, that the budget for 2017 and ” the historic reform of tax at source ” are validated.
But there is a caveat to bring in as several articles of the law have been invalidated by the constitutional Council. Especially the one who introduced the ” Google tax “. The measure in question bore this name because she was trying to fight against the practices of tax optimization used by the american firm, and by other giants of the new technologies sector (Apple, Amazon…), which are designed to exfiltrate the profits, achieved in a country, to another where compulsory levies are low. MESSRS Eckert and Fir, at first, were not in favour of this provision, advocated, in particular, by the deputy Yann Galut (PS, Dear). But an agreement had finally been reached between the executive and its majority.
The Council has censored the “Google tax” because it provided to the tax authorities ” the power to choose the taxpayers who should or should not fall within the scope of application of the tax on companies “. the ” This is a decision that is incomprehensible, said Mr. Galut to Libération.fr. in once more, the constitutional Council chooses to censor a text against tax evasion. “
Share on social networks the image of your ticket, boarding before a trip has become a common practice… but obviously risky. Indeed, it is the conclusion of two computer security experts who have shared their work at the 33rd edition of the Chaos Communication Congress, the work relayed by the World.
Specifically, the problem lies at the level of the computer system managing the bookings of flight tickets (GDS for Global Distribution Systems) that would be a nest of flaws, to get “a few clicks” to the data of millions of passengers and even modify this data.
Karsten Nohl and Nemanja Nikodijevic explain that the GDS store a very large number of personal data (address, e-mail, phone number, loyalty card number, and sometimes credit card number), gathered in the passenger name records (or PNR) and duplicated in several GDS.
“No hacking was required” to access these data, ” says Karsten Nohl, simply because these computer systems are very old (1960s), and little or no protected or encrypted : the key boils down to the assocoaition passenger’s name + the booking code.
So, explain the experts, with these two information, it would be possible for the employees in the sector (airlines, travel sites…) to access the entirety of the personal data of a traveler regardless of his or her trip, or the company used.
Most frightening anyone can finally access the PNR by having only the name of the passenger and the reservation number via the websites of airlines who do not associate these data with a password.
And to obtain these data, it is sufficient to obtain a boarding pass, which, in some cases, included the booking number (the name of the traveller is still shown). And if the number does not appear in the clear, it is contained in the bar code which also can be decrypted very easily. Where the risk of photographing and sharing her ticket…
And this ne st not finished. Karsten Nohl had demonstrated that it was possible to obtain the booking number associated with a name simply by testing all combinations. What, edit the post, undo, etc… or Even get a refund.
in the Face of these threats, some experts of GDS as the leader Amadeus have already put in place measures of protection but which, according to the researchers is still insufficient. Only the introduction of level passwords editing a ticket online (and not only the reference ticket) could constitute a good defence. But such an approach would require a redesign most profound of these old GDS.
Share on social networks the image of your ticket, boarding before a trip has become a common practice… but obviously risky. Indeed, it is the conclusion of two computer security experts who have shared their work at the 33rd edition of the Chaos Communication Congress, the work relayed by the World.
Specifically, the problem lies at the level of the computer system managing the bookings of flight tickets (GDS for Global Distribution Systems) that would be a nest of flaws, to get “a few clicks” to the data of millions of passengers and even modify this data.
Karsten Nohl and Nemanja Nikodijevic explain that the GDS store a very large number of personal data (address, e-mail, phone number, loyalty card number, and sometimes credit card number), gathered in the passenger name records (or PNR) and duplicated in several GDS.
“No hacking was required” to access these data, ” says Karsten Nohl, simply because these computer systems are very old (1960s), and little or no protected or encrypted : the key boils down to the assocoaition passenger’s name + the booking code.
So, explain the experts, with these two information, it would be possible for the employees in the sector (airlines, travel sites…) to access the entirety of the personal data of a traveler regardless of his or her trip, or the company used.
Most frightening anyone can finally access the PNR by having only the name of the passenger and the reservation number via the websites of airlines who do not associate these data with a password.
And to obtain these data, it is sufficient to obtain a boarding pass, which, in some cases, included the booking number (the name of the traveller is still shown). And if the number does not appear in the clear, it is contained in the bar code which also can be decrypted very easily. Where the risk of photographing and sharing her ticket…
And this ne st not finished. Karsten Nohl had demonstrated that it was possible to obtain the booking number associated with a name simply by testing all combinations. What, edit the post, undo, etc… or Even get a refund.
in the Face of these threats, some experts of GDS as the leader Amadeus have already put in place measures of protection but which, according to the researchers is still insufficient. Only the introduction of level passwords editing a ticket online (and not only the reference ticket) could constitute a good defence. But such an approach would require a redesign most profound of these old GDS.
SPACEthe astronauts of the international space station, too, have succumbed to the phenomenon of Web which is to be filming in the position frozen…
Fabrice Pouliquen
Published on
updated the
The Frenchman Thomas Pesquet and his fellow astronauts have somehow ” killed the game “. On Thursday, the occupants of the
international space Station (ISS) are loaned to the game of
Modeling Challenge, a phenomenon that is viral on the Web which is to shoot several people completely frozen as if time had stopped.
Not easy to do in space, the weightlessness complicates the task of the astronauts lice remain motionless. But, the least we can say is that they are very well out. The video, 24 seconds, followed Thursday, including on the account of Thomas Pesquet, having some success. Some people even see the last Mannequin Challenge of history, the ISS has set the bar far too high.
Small problem : we did not see the French astronaut, filming his teammates, reports RTL. But this Dummy Challenge, however, has the merit to discover a little more of the ISS.
from a simple photo of a boarding pass, it is possible to access the information of its owner and of the change.
the name of The passenger, his seat in the aircraft, its destination, its banking details or the account associated with the refund in case of cancellation… This information is easily retrievable and most importantly, editable, from a simple photograph posted on social networks. This is the worrying discovery that have shared the experts in cyber security Karsten Nohl and Nemanja Nikodijevic at the 33rd annual meeting of hackers, the Chaos Communication Congress (CCC), on the 27th of December. In question, the dilapidated state of a reservation system common to airlines and travel agencies, through which pass billions of personal information without security measures it sufficient, say the researchers.
“The reservation systems lacking a safety device that we use on all other computer systems – that is to say a password”, explained Karsten Kohl to the Süddeutsche Zeitung. On many sites, all it takes is the name of the passenger and a booking code of only six characters for access to particularly sensitive data.
A database colossal
regardless of the airline or the travel agency, air ticketing goes through the major players like Amadeus, Sabre and Travelport. All caregivers of a reservation system, a centralized (“Global Distribution System” or GDS), which enables you to manage millions of bookings by linking each ticket to a client folder (containing the name, email address, telephone number, passport number or bank details of the buyer, but also ancillary information such as bookings for cars or hotels completed or its loyalty programs). In 2015, the Amadeus and busy data of 747 million passengers for the account of airlines such as Air France, Lufthansa or Iberia, but also of sites of travel bookings, according to the Suddeutsche Zeitung.
Created in the 1960s, the GDSS have not been re-engineered to meet the demands of security in today’s computing, so that their databases maintain and share sensitive issues of the customers to the airlines or travel agencies. Their employees are sometimes not even need a password to access it: just type in the name of a passenger. More serious still, anyone can access a reservation record with the name of a passenger and the passenger’s reservation code to six characters. However, this code is often written on the boarding cards or the labels of the luggage. Just search Instagram and the tag #boardingpass or even the garbage of an airport to find copies.
Travel free of charge, or collect loyalty points
Without even moving or raking Instagram, a hacker can find the sesame. In Amadeus, for example, the assigned numbers follow each other in time, said Nohl at the site Tageschau. In Sabre, the first and last characters are always letters. But most of all, lots of Web sites of airlines do not limit the number of queries sent, which enables it to try automatically all the possible codes until it works. A malicious person can then cancel a flight and use the available credit to choose a new one, where it will use its own identity to travel free of charge.
This practice, however, leaves traces. “To pass unnoticed, just change the account name of fidelity, to that of the victim, which is sometimes possible. Otherwise, we can very well create a new account from fidelity. Of persons engaged already to this type of fraud, simply by collecting the login credentials on Instagram,” explains Karsten Nohl. The expert also stressed that the consultation of a folder, for information, remains invisible because the reservation systems GDS have logs for write access but not for read access.
A spokesman for Amadeus has confirmed Tageschau that a “flaw maintenance temporary” had left to filter a dozen automatic request in the past. The team of researchers Nohl affirms, however, have been able to test two million different combinations. It has even helped to install, a reporter for the ARD next to the member of parliament Thomas Jarzombek.
“From our study, some of the [GDS] have begun to put in place devices, such as captchas or a limit of requests per IP address”, was keen to reassure Karsten Nohl at the conference. “In spite of these revelations, responsible, as we do in this moment, things don’t seem to go towards a better system for the moment,” he, however, entrusted to the site Motherboard. In 2015 already, the expert in cyber-security, Brian Krebs warned of risks to throw away his boarding pass.
The how is designed the system of booking air tickets makes it many accessible personal data and can even allow you to change reservations.
World | • updated | By Martin Untersinger (Hamburg – Germany, special envoy)
The policies of european écharpent for years on the issue of the sharing of air passengers ‘ personal data. Probably not do they know not that they are, already, available on a first come basis. In just a few clicks, it is easy to access the personal information of hundreds of millions of airline passengers – and even change or cancel their flight in some cases – because of the lack of security, if not non-existent, the booking system.
This is the alarming situation is compiled by Karsten Nohl and Nemanja Nikodijevic, two computer security specialists, who presented their findings Tuesday, December 27, in Hamburg, in the framework of the 33e edition of the Chaos Communication Congress (CCC), the large mass of hackers.
Read also : The Chaos Communication Congress, a stronghold of the counter-culture digital
The two experts are interested in the Global Distribution Systems (GDS) : of the companies that make the link between the sellers of airline tickets and airlines. These last provide the price of each flight they offer, as well as their availability, as the GDS relay to ticket sellers – sites Internet travel, for example.
But the GDS can also keep in memory the bookings made with the airlines, and store to this end a very large number of personal data : address, email address, phone number, loyalty card number, and sometimes even credit card number. These data, called in the jargon data of passenger name records (more known under the name of NRP), are sometimes duplicated in several GDS.
” No hacking was required “
“ [of protection] data of air passengers has been the subject of many debates in Europe. One might think that this system, at the forefront of these disagreements, is secure, ” explains Karsten Nohl, a regular at the JCC, who heads the company’s Security Research Labs. In reality, ” no hacking was necessary ” to access this data, he says.
indeed, the GDS and the entire ecosystem of the surrounding have been in place for a few decades, and any meaningful measure of protection of the data they contain does not appear to have been put in place.
First problem : the personal information stored by the GDS are available at very many employees within the sites of sale of travel and airlines, according to the two experts. Just use the booking reference and the passenger name.
According to the two experts, the security procedures surrounding this access are very weak : a password very often basic to the employees of the agency or travel site, or even no password at all for the employees of the airlines. the ” The protections ridiculously low “, regrets Karsten Nohl.
data is accessible to almost all
there’s a more disturbing : this information is not only accessible to employees of the sector due to a structural weakness. The regulars of the flight bookings are well aware of : for retrieving the details of his flight, and manage the details, for example on the website of the airline, just bring the reservation number to 6 digits and letters and the name of the passenger.
It is very rare that the additional information (a password for example), is necessary to access this information. This means that, provided with only the booking reference number and passenger last name, anyone can access the personal data of the latter.
However, it is relatively easy to obtain these two pieces of information : in some cases, the booking number is on the boarding pass and can, therefore, be recovered after they have been laid. Not to mention that thousands of surfers on a daily basis, posting photos of their boarding pass on the social networks !
And even when this reference or the name of the passenger are not directly visible, it is possible to find them thanks to the bar code on the boarding pass. Internet sites allow you to read, very easily, these codes.
The character very little discreet boarding pass was already partially known. But the two researchers have also discovered a way to easily get a reservation number, even without access to these cards. For various reasons, these numbers are not generated at random, and testing them very quickly thousands of possibilities, it is possible to obtain the booking number associated to a given name.
Karsten Nohl has demonstrated to the German television channel WDR : it has managed to find the ticket of one of the journalists and to the change.
3 billion air passengers
The dangers vary according to the protection mechanisms put in place on websites to recover the personal data with the reservation number and the name (airlines, sites, GDS, etc.). But it is possible to change the name of the passenger, the e-mail and the date of the flight, and therefore to travel to the place of his victim.
It is also possible to obtain a refund of the flight, for example, in loyalty points. It is as well as the two researchers, in their presentation, accessed the folder of a passenger travelling from Munich to Seattle and having committed the imprudence to post his boarding pass on Instagram.
in the wake of the remarks of the two scientists, several sites of businesses that handle GDS and airlines have put in place these last days of the mechanisms that are supposed to make more difficult the access to passengers ‘ personal data, without that it does not change the logic of functioning of the system.
However, the sensitive nature and the amount of data which are allowed to access require further protection, said Mr. Nohl, for example by introducing a password, necessary for the traveller to access his / her booking and the change.
According to the world Bank, over 3 billion passengers were transported by air in 2015. The GDS system is de facto one of the databases of personal information the richest ever created, and probably one of the least secure.
AUTOPILOT. The video below will no doubt reassure Elon Musk, boss of Tesla Motors, which is facing many setbacks since the beginning of the year 2016 with the Autopilot, the software of assistance to the conduct that equips its cars. The magnate of the Silicon Valley, moreover, has not failed to pass on his Twitter account. And for good reason : you can see a Tesla – the Model X – trigger alert, collision and activate emergency braking for no apparent reason. Except that a few seconds later, an accident involving the two vehicles before it occurs indeed.
2016, a year bad for Tesla
The Autopilot seems so, well, after the pictures, have reacted before the impact between the two vehicles located in front. It has in fact spotted a brake abnormal the part of the SUV above the red car (we see his brake lights through the windshield) and then took the appropriate measures. This is the radar fitted to the Tesla which has detected the maneuver is abnormal thanks to a technology that uses waves redundant and that allows you to “see” in particularly difficult conditions : in heavy rain, in fog and even in this situation beyond the vehicle immediately in front. The Autopilot also retrieves information from cameras and ultrasonic sensors. The whole system has received a major update in the last quarter of 2016. Titled V 8.0, it has without doubt helped to achieve this braking spectacular. The accident has in the end caused no serious injuries, specifies the user who posted this video. This latest news should not overshadow a year of overall negative for the cars Tesla involved in several accidents, including one fatal, in which the reaction (or lack of reaction) of the Autopilot is in question. The firm, which has not commented officially on this information, prepares a new updates major that will enable driving in complete autonomy, without the intervention of the driver, on a route that is predefined, subject to regulatory approval specific to each country. It would be imminent.
The leak of the latest build Preview of Windows 10 stamped 14997 and that includes the bricks of the next big update Creators Update, continues to deliver its secrets. In addition to a mode dedicated to the games, in order to optimize resources, Winaero has continued the excavations and has discovered what could be a function that is expected by all : the report of the updates.
Any user of Windows knows the story : you are about to leave your job, you turn off your PC and it is the moment chosen Microsoft to run its updates, which can take more or less time. Without letting you the choice.
The option is in the advanced Options of Windows Update, and thus allows to pause the update installation for 35 days. The updates will be applied in three ways : forced, planned and now delayed. Only exception : security patches that will be applied regardless of what happens automatically.
other small changes have been discovered : the integration ever deeper Cortana, the virtual assistant of Microsoft which may be activated as soon as you start to make some choices of options. You can also create folder grouping of thumbnails of applications thanks to the option “Live Folder” in the Start menu.
Windows Defender will be enhanced and more ergonomic with a dashboard to scan a blink of an eye, the various components of security applied. The official version of this build should be pushed at the beginning of January. The stable version of the Creators Update is expected in march.
Periscope continues to advance, this time with the support of the 360-degree video. The implementation is classic, but Twitter has decided to move on to not of the wolves, by allowing only a few partners in a first time.
It will therefore not have taken so long to Periscope to integrate the 360-degree video. The feature is available now, but only for a few selected partners. Why ? Because Twitter shows that she is not necessarily ready to tackle directly the general public. In clear, the work is not finished.
finger or the mouse
the use of The service is fairly standard. On a smartphone, the user can touch the screen with your finger to tilt the view in all directions. Since a computer, it uses the mouse to perform the same manipulations. The quality of the image will depend on advantage of the connection, the camera used filming in all directions.
there is also no need to wait that a source emits in 360 degrees to test the functionality. First test the public has been done and can be viewed from this page. In fact, so few people can yet spread, everyone can at least watch them. Note that a red badge is placed in the lower left to indicate what type of stream it is. After, as long as you don’t touch the screen, we can’t necessarily guess that we can look in other directions.
In the meantime the generalization
The question is now when Twitter is planning to open the flow at 360 degrees to all of its users, assuming of course that they have the right equipment. For the moment, the publisher did not say a word. There is no doubt that generalization is planned, but it will still take a few months to finalize everything that needs to be.
as far as Twitter is clearly not the only one to invest in this theme. The videos, 360-degree and virtual reality are two fields of exploration for the company, who are still looking for the way to make the best. Facebook tests well currently flows to 360 degrees via Facebook Live, also there for the live broadcast. The company of Mark Zuckerberg does, however, offer the functionality that some partners in a few months. Twitter has, therefore, a small length of advance for the instance.
Note that the compatibility with the videos at 360 degrees in the Periscope does not require any new versions of the applications for Android and iOS.
Vincent Hermann
Writer/journalist specializing in the software and in particular operating systems. Never travels without his sword.
Come then the iPhone 7 Apple, released in September, and then Donald Trump, who has won the us presidential election in November.
the phenomenal success of The video game for mobile Pokémon Goreleased in early July is confirmed. The game has been the query the most popular this year worldwide on the online search engine Google, according to a survey published Wednesday, December 28, by the american giant of the Internet.
It is followed by the iPhone 7 Apple, released in September, and then by Donald Trump, who has won the us presidential election in November, and finally by the singer Prince, who died in April.
Read also : Any knowledge on ” Pokémon Gb “, the game phenomenon that you can’t (yet) play
The us giant has published this list of global trends every year, the same as lists per country, summarizing the major centres of interest of internet users.
The election of US ubiquitous
Donald Trump tops the list of people searched on Google, in front of his rival democrat Hillary Clinton. For current topics that have interested users, the us presidential election arrives at the head of the research, followed by the olympic Games and by the Brexit.
A summary done by Google instances the most desirable :
In France, Pokémon Go was arrived this year in second place among the topics most searched for, behind the Euro football. Then come the Tour de France, the olympics and the u.s. presidential election.
On the social network Facebook, which had published its own list at the beginning of December, the us presidential election, and the brazilian policy surfaced as the most talked about topics in 2016 at the scale of the planet. Pokémon Gb came in third position.
After having been condemned by the antitrust in China to pay close to $ 1 billion in 2015, Qualcomm has received a new record fine Wednesday. South Korea has condemned the american giant of microprocessors for smartphones to spend nearly 853 million for violation of antitrust laws. In the line of sight of the Korea Fair Trade Commission (KFTC) : the practices of the society of San Diego in the marketing of its patent.
It denounces the fact that Qualcomm is limiting access to certain essential patents to manufacturers of chips competitors, like the american Intel or even the south-Korean Samsung Electronics. In addition, Qualcomm is accused of having used its dominant position on the market as a lever in its negotiations with the manufacturers of smartphones, in their imposing of the rights exorbitant on its patents and refusing to sell them chips, if they do not accept these terms and conditions.
The company challenged the decision in court
Qualcomm, who rejects the accusations, said in a statement that it would challenge the decision in court. In the meantime, the FTC has ordered the u.s. giant to review its business practices, in negotiating patent licenses with the manufacturers of the chips competitors without the requirement unfair.
The regulator has also asked Qualcomm to renegotiate its contracts with manufacturers of smartphones if they asked him for it. Samsung Electronics and LG, the major players in mobile in South Korea, will come out winners. Alone, the first of which represents more than 10 % of global sales of the king of chips for mobile devices.
Qualcomm’s business model, which has the patent portfolio of the most exploited in the industry with more than 330 licensed, could be undermined. The firm has earned more than $ 23 billion in revenue this year. The operating licenses for its patents accounted for 33 % of its revenue, or $ 7.6 billion.
In addition, South Korea is a vital market for Qualcomm. The country represents 17 % of its turnover, which makes it the second largest market for us after China (57 %) and Taiwan (12 %).
The company San Diego has in trouble with several regulators. Qualcomm list in its annual report 2016 seven ongoing investigations in the world : one in Japan, two in Korea, two in the european Union, one in Taiwan and one in the United States.
Q ualcomm are down about 1% on Wall Street on Wednesday, the south Korean authorities of competition has inflicted on the american band a fine of 1.030 billion won (817 million euros) to punish trade practices deemed unfair. Has 15: 40 GMT, the title loses 1.1% 66,51 dollars to the New York stock Exchange, while the Nasdaq folds down to 0.46%.
The giant semi-conductor, which provides, inter alia, the chips and other components in the mobile telephony sector, said it would appeal the penalty.
The fine against Qualcomm is the largest ever imposed on a group in South Korea. According to the Korea Fair Trade Commission (KFTC), Qualcomm has taken advantage of its dominant position on the market to force mobile phone manufacturers to pay royalties for a set of patents unnecessary in the context of the sale of its chips modem.
The FTC also accuses the u.s. group to have distorted competition by denying or limiting the grant of licenses to patents deemed essential in the field of chip modem manufacturers such as Intel, Samsung Electronics and MediaTek. For the regulator of south korea, this has hampered the sales of competing products, or has exposed them to potential prosecution.