jikReport: Apple Sides With Music Labels, Thinks Free Streaming Service Tiers Are Badde

4 4 4 4

(Philippe Put)

Last year, Apple acquired Beats, a company that makes two things that go nicely with media players and smartphones: high-end headphones and a subscription-based music streaming service. While they’re happy to offer a free trial and will be reportedly be pushing the Beats Music app to iDevice users in the future, Apple will not follow competitor Spotify’s lead in offering a free, ad-supported tier.

This report comes from technology site Re/Code, and makes sense. Beats currently doesn’t offer a free version of its subscription, except for a two-week free trial for new users. That won’t change when Apple pushes the Beats app to users’ devices like so many U2 albums.

While people seem to enjoy streaming music for free on services like Spotify or by watching music videos on YouTube, two groups of stakeholders don’t care for this business model very much: musicians and record label executives. We probably could have expected that. Taylor Swift notably pulled all of her music from Spotify after releasing her latest album, and Re/Code quotes industry executives who are against the idea of free streaming. Lucian Grainge of Universal Music Group apparently believes that Spotify is the reason why users aren’t paying for as many downloads as they used to, yet the amount that labels get paid from streaming services hasn’t caught up to make the difference. About 12% of people who used to buy and listen to music through iTunes now stream through Spotify, and less than half of them have paid subscriptions.

Apple media leaders apparently agree, and have been making this argument around the industry.

Big Music Labels Want to Make Free Music Hard to Get, and Apple Says They’re Right [Re/Code]

by Laura Northrup via Consumerist

jikDid Lyft Backtrack On $1,000 Bonus Promise For New Drivers Or Is It Simply Overwhelmed By Applicants?de

4 4 4 4

(Σπύρος Βάθης)

In an effort to raise a fleet of drivers for its ride-sharing service, Lyft offered $1,000 bonuses both to new drivers and those referring them last week. But it appears the company might have bitten off more than it can chew after receiving more applications than anticipated, leaving some hopeful drivers without bonuses.

Business Insider reports Lyft announced some of the newly signed-on drivers might not qualify for the referral bonus after all.

According to the original spring driver referral deal – which began February 27 – Lyft would pay $1,000 to new drivers and the current driver who referred them if the new driver completed one ride by March 5.

The only problem is that in order to become a Lyft driver, consumers must fulfill the company’s safety obligations, including driving with a mentor, as well as completing DMV and background checks, which can take days to be finalized.

Making matters worse, the company has reported its approval process is backed-up because of the high enrollment its seen since announcing the promotion.

“This promotion brought the biggest wave of applicants in Lyft history,” an update to the referral promotion states. “It is possible that you won’t qualify for the promotion if your DMV check and background check aren’t completed by the March 5 deadline.”

In some cases, Lyft has extended the ride completion deadline into next week, as long as those drivers have applied, passed their DMV checks and background checks, the company tells Business Insider.

“We owe it to the driver community and our passengers to make sure our approval process is rigorous and complete,” the company said in a follow-up email to potential drivers. “All elements of our safety process are imperative and can take time – that means some applications haven’t been approved yet even though the applicant’s DMV and background checks are in. We know this can be frustrating.”

Unsurprisingly, some potential new drivers questioned Lyft’s intention with the promotion and apparent about-face.

“I’m thinking this either is huge scheme just to get people to sign up and drive,” a member of the UberPeople online forum posted, speculating the company may have taken its time with the background checks to limit the number of referral bonuses issues or simply didn’t anticipate its popularity.

For its part Lyft tells drivers that it won’t use any information from their applications if they don’t qualify for the promotion or if they decide not to pursue a job with the company.

“Lyft learned a lesson this week, and we’re sorry for the frustration it caused you,” an email to potential drivers states. “We vastly underestimated the volume of applications we would receive for our $1,000 sign-on promotion, which was created to help us keep up with record-breaking passenger demand.”

Lyft apologizes for angering potential drivers after it promised eye-popping bonuses [Business Insider]

by Ashlee Kieler via Consumerist

jik“Stressed Out” Badger Prevents Staff And Guests From Entering, Leaving Luxury Hotelde

4 4 4 4

(Expressen TV)

Guests and staff at a luxury hotel in Stockholm found themselves at the whim of one erratic badger, whose aggressive stance kept anyone from either entering or leaving the place for some time this morning. Want to pick up your bags or go through those revolving doors? Nope. Much like his honey-loving cousin, hotel badger does not care what you want.

“A crazy or stressed-out badger is preventing the staff and clients at a major hotel from leaving their cars, and from picking up their bags,” the Stockholm police website said, via The Local.

Things got serious at the Radisson Blu around five a.m., when the badger decided no one was doing anything whatsoever involving those front doors on his watch, which lasted for 40 minutes until police decided to get involved.

“The stressed animal was refusing to leave the place. So the police called in the local wildlife services to settle the problem,” the police statement said.

By the time wildlife services arrived, however, the badger had somehow calmed itself down enough to leave the premises before it could be caught.

Badger puts Stockholm hotel in lockdown [The Local]

by Mary Beth Quirk via Consumerist

jikWhy Does A Tube Of Cold Sore Cream Cost $2,500?de

4 4 4 4

In Canada, you can buy a tube of brand-name prescription cold sore cream Zovirax for around $50. Its generic equivalent (acyclovir) is half that price. And even here in the states you can find generics acyclovir pills and ointments for a reasonable price, so why does what is effectively the same product for more than $2,500 in the U.S.?

That was the question asked by the L.A. Times’ David Lazarus, after a reader noticed that while he forked over an already hefty $95 co-pay for his tube of Zovirax cream, his hospital paid the drug company Valeant $2,532.80 — for a single tube.

And this wasn’t a mistake. The patient contacted the pharmacy, operated by managed care giant Kaiser Permanente, where employees confirmed that this is simply the price paid for the product.

Which brings us back to the question of why does it cost so much?

Zovirax is produced by big-pharma biggie GlaxoSmithKline, but is now distributed in the U.S. and Canada by Valeant.

A third company, Actavis, now has the rights to market an “authorized” generic version of the medication in the U.S., and there are other drug companies selling acyclovir generics without that label.

However, none of these generics come in “cream” form. They are ointments, which have a higher oil:water ratio than creams, but which are medically identical.

And so the only acyclovir cream being sold in the U.S. is from Valeant, reports Lazarus, who tried to get an explanation from the company about why it charges so much.

A rep for Valeant said the price tag for the Zovirax cream “takes into account many factors, the cost of the active and inactive ingredients, the manufacturing process, the packaging and its related process, as well as the distribution and a myriad of other expenses.”

Keen observers may have noticed that the rep didn’t really answer the question, but did explain how a company would price, well… anything.

A more likely explanation, is that Canadian law places restrictions on drug prices and Valeant is making money stateside where it can.

“If there’s a take-away from [the patient’s] story,” writes Lazarus, “it’s that America’s healthcare system is designed to maximize cash flow for its corporate players and that there are few safeguards to keep costs down.”

We were surprised that Kaiser, which would only say that its price is comparable to what others pay, did not suggest a lower-priced generic ointment for the patient, which is why it behooves all of us to ask our doctors and pharmacists about less-expensive options for our medications.

by Chris Morran via Consumerist

jikWhat Is The FREAK Flaw And How Much Should I, Well, Freak Out About It?de

4 4 4 4

(Saechang)

There are certain websites that you expect to be secure. The NSA’s and FBI’s sites, for example, or any shopping site you enter your credit card information on. They say HTTPS, and they show a lock, so they’re fine, right? Wrong. A team of researchers this week has announced the finding of a flaw they’re calling FREAK. It interferes with that encryption and makes some sites vulnerable — and it’s everywhere. Not just on laptop and desktop computers, but also on mobile phones and tables. Here’s what you need to know.

What does the FREAK flaw do?

Like other security flaws we’ve heard about this year, the FREAK flaw would let a third party interrupt a secure connection, to intervene in-between your computer and the website you’re sharing data with. Just in a very different way.

The TL;DR version of the technical explanation is: when a vulnerable device connects to a vulnerable HTTPS-protected site (these tend to display a lock or a green icon of some kind in your URL bar), a flaw in the encryption could let an attacker jump in to grab the data going back and forth between the two. And that includes personal information, passwords, and anything else.

The original highly technical explanation, from the researchers who identified the exploit, is here, with another very detailed explanation here.

What platforms are vulnerable or affected?

It’s a depressingly large list. The browsers and platforms known to be vulnerable include:

• Android: stock browser


• Android: Chrome


• Blackberry: stock browser


• iOS (iPhone/iPad): Safari


• Linux: Opera


• Mac OS: Chrome


• Mac OS: Opera


• Mac OS: Safari


• Windows: Internet Explorer

What platforms aren’t affected?

Firefox, on all operating systems (computers and phones), seems to be ok as far as anyone can tell. There is a patch available to fix it for Chrome for Mac users already.

What sites are vulnerable?

That is another depressingly long list, from retail to government and lots of things in between. Some of the highest-traffic domains that are affected include Business Insider, American Express, Groupon, Bloomberg, NPR, Kohls, and MIT. A number of very high-profile government sites were also affected, including the NSA, the FBI, and the White House’s sites, as well as the site (USAJobs) that all applicants for any federal job must use.

Where did it come from, and how long has it been a problem?

The flaw has been out in the wild for over a decade. Basically, we have some questionable choices of the 1990s to thank.

Security, encryption, and data privacy had a slightly different set of priorities attached to them during the Clinton administration than they do now, and back then the feds set up a requirement that any software or hardware that was exported outside of the U.S. had to have weak encryption keys. Many businesses set up dual-track encryption grades, using the good stuff at home and exporting the weak versions. Eventually those restrictions were dropped but somehow the weak versions have ended up still being used on a whole bunch of sites (or, rather, their servers) and on the devices that access them.

That’s where the “FREAK” name comes from: it’s more or less an acronym for “Factoring attack on RSA-EXPORT Keys.”

How did we learn about this issue?

From a team of security researchers, as opposed to from a massive data dump or worldwide hack. A team at the University of Michigan is maintaining an information clearinghouse site on the vulnerability here.

How hard would this be to exploit?

The researchers who announced the findings said, from their proof-of-concept testing, that it takes about 7 hours to break into a site using this vulnerability.

Has anyone used this particular flaw to steal my data?

Honestly? We have no real idea. Man-in-the-middle attacks — where bad guys pop in to a flaw and steal information between source A and destination B — are pretty popular, as these things go, and there’s no way right now to know who has taken advantage of this particular flaw, when, or where.

But the good news is, this particular flaw should be less useful in the future. Patches to fix this particular problem are already out or are expected very soon. So make sure you update your browser or phone OS the next time it asks you to.

by Kate Cox via Consumerist

jikPolice Can’t Crack Mysterious Case Of More Than 100 Egging Attacks On Cleveland Homede

4 4 4 4

(Dyanna Hyde)

Anyone who’s ever had to clean up after an egging attack knows it’s no fun to wipe up a goopy mess of yolks, whites and cracked shells adorning your home or car. But one Cleveland house has had more than the usual isolated egging, as the target of about 100 incidents in the last year in a mysterious spate of attacks that have police stymied.

An 85-year-old man’s Cleveland-area home has suffered some bad damage, after a spate of egging attacks that started in March 2014 have continued on for a year, reports Cleveland.com. No one can figure out who is behind the attacks, which sometimes happen more than once a day.

“The accuracy is phenomenal,” the homeowner, who lives with his two adult children in Euclid, says. “Because almost every time when it’s nice weather and they launch five or six of these at a time, they almost invariably hit the front door.”

Several times a week, someone pelts the two-story home with eggs, always after dark, and usually in attacks that last about 10 minutes each time.

Police and the man think the eggs are being launched from a block or two away, meaning this is no quick drive-by from kids in a car. Though other homes nearby have been hit as a result, it doesn’t appear any neighbors have been targeted.

“Somebody is deeply, deeply angry at somebody in that household for some reason,” a Euclid police lieutenant says. His department has spent a year working on the case — even staking it out undercover, canvassing the neighborhood and sending the eggshells for testing. Investigators have also installed a surveillance camera on the house. All to no avail, so far.

Last year while an officer was taking a report at the house, a slew of eggs hit the house, with one hitting him in the foot.

“The man hours put into that investigation were huge and one of the reasons it’s so frustrating that we don’t have somebody right now that we can criminally charge,” the police lieutenant says. The culprit or culprits will ultimately face charges of felony vandalism and criminal damaging.

For now, the house’s siding on the front of the home is destroyed, crusted with dried egg residue that’s stripping off the paint. But while the homeowner used to clean up after each egging, it’s happening so often that he just can’t keep up. He’s going to wait to repair things if the eggings ever stop, because he says his insurance company is refusing to settle a claim until the guilty party is found.

Despite their frustrations over pouring hundreds of man hours into the case, police say they’re not giving up, bumping up the reward for information from $500 to $1,000.

“We’re not going to let it go,” the police rep says. “We’ll continue to put effort into it until we figure something out.”

More than 100 stealth egg attacks baffle one Euclid homeowner and police [Cleveland.com]

by Mary Beth Quirk via Consumerist

jikReport: Stolen Credit Card Information Used By Fraudsters To Make Purchases With Apple Payde

4 4 4 4

(Adam Fagen)

A rash in data breaches at national retailers may have led fraudsters to use Apple Pay to make big-ticket purchases with credit card information stolen during national data breaches.

The Wall Street Journal reports that the mobile payment system has recently been hit by a wave of fraudulent transactions involving credit card data stolen from retailers including Target and Home Depot.

While the Apply Pay system hasn’t been breached, the scamsters have input stolen card data into the payment system and then used the information to make purchases without a physical card being present.

According to sources close to the matter, nearly 80% of the unauthorized purchases have been made at Apple’s own store for items with high resale value.

A spokesperson for Apple tells the WSJ that the payment system is “designed to be extremely secure and protect a user’s personal information.”

To use Apple Pay, consumers simply take a photo of their credit card or manually enter their card information. At that point it is up to consumers’ banks to include additional verification steps such as requiring consumers to authorize the service through their online account or call a customer-service representative to complete the set-up.

However, our colleagues at Consumer Reports found back in October, that not all banks use verification processes. In this case a man was able to input his wife’s credit card information and use it with out further verification by the bank.

According to the WSJ, the most recent rash of fraud through Apple Pay has included relatively low-tech means to find vulnerabilities in the verification systems.

As a result banks are tightening their verification processes.

“Our member banks are reacting as quickly as possible to ensure their verification processes are adequate to thwart this new kind of fraud,” David Pommerehn, an executive with the Consumer Bankers Association, which represents lenders that issue credit and debit cards, tells the WSJ.

A spokesperson for PNC Financial Services Group says the company has seen 35 cases of fraud related to use of Apple Pay.

“We have looked at our processes and we believe we have very strong know-your-customer processes in place to prevent any additional cases,” the rep said.

To combat potential fraud some banks have implemented additional authentication methods – including sending a text message to the consumer – when making a purchased through Apple Pay.

“Apple Pay is formidable, but it still sits on a loose foundation,” Richard Crone, an executive for payments-advisory firm Crone Consulting, tells the WSJ.

Apple Pay Stung by Low-Tech Fraudsters [The Wall Street Journal]

by Ashlee Kieler via Consumerist