Apple sold 4 million iPhone 6 and 6 Plus in first day

Apparently, a lot of people want the iPhone 6.

Apple sold a record 4 million iPhone 6 and iPhone 6 Plus smartphones on Friday, the first day that the new iGadgets were available for pre-order, the company said Monday.

Demand for the new iPhones was so high that the iPhone 6 Plus sold out within hours. While many people who pre-ordered the iPhone 6 will get them this Friday, many others won't get their iPhones delivered until next month.

"Demand for the new iPhones exceeds the initial pre-order supply," Apple said in a statement. The company noted that an additional supply of iPhone 6 and iPhone 6 Plus smartphones will be made available to walk-in customers on Friday Sept. 19, beginning at 8:00 a.m. local time at Apple stores. People have already begun camping outside Apple Stores around the world to be among the first to get their hands on one of the new iPhones.

Related: Apple's Tim Cook on TV, Steve Jobs and the iPhone 6

This is the first year that Apple announced how many iPhones it sold in the first day -- rather than in the first weekend. A year ago, Apple said it sold 9 million iPhone 5S and 5C smartphones in the first weekend.

 

iPhone 6 or 6 Plus: Which should you buy?

But the numbers aren't exactly "apples to apples," pardon the pun. The iPhone 5S was not available for pre-order. Also, the iPhone 5S went on sale in China at the same time as as it hit store shelves in the United States.

This year, the iPhone 6 will not be available in China until at earliest October. China was not listed among the 30 countries that will get the iPhone this month. 

California OKs first tests of self-driving cars

California, a state synonymous for cars, has issued its first approvals to test self-driving cars.

Audi and Google have both received an autonomous driving permit from California.

Audi said the permit was issued the same day that new state regulations governing the testing of self-driving cars go into effect.

Audi (AUDVF)said that it's already tested self-driving cars in Europe and other U.S. states where testing is permitted. It said the California is particularly important as a testing ground, since it's home to the company's Electronics Research Lab.

The lab, known as the ERL, is owned by Audi parent Volkswagen (VLKAF) and is located in the Silicon Valley city of Belmont.

Google (GOOG)revealed its self-driving prototype in May and expects it to hit the market in the next five or six years.

Google has also been prepping its self-driving test cars to fit California standards, which requires the test vehicles to have manual controls.

"After each vehicle is assembled, we fit a temporary steering wheel and set of controls into it," said Google, in a recent blog post. "We'll remove these manual controls after the prototypes have finished being tested and permitted, because our vehicles are ultimately designed to operate without a human driver."

Related: Americans warm up to self-driving cars

Nevada, Florida and Michigan have also passed legislation allowing for the testing of self-driving cars on public roads. Audi said that in 2012 it was the car maker to receive a Nevada license plate allowing autonomous driving.

Nissan (NSANF) plans to have a self-driving car on the market by 2020.

Apple beefs up security with 2-factor authentication for iCloud backups

A sneaky method hackers use to crack your iCloud back-ups won’t work anymore if you’re serious about your security. On Tuesday night, Apple turned on two-factor authentication for iCloud, which will protect against the kind of social engineering exploits that helped hackers steal celebrity photos last month.

Until Tuesday, Apple’s brand of two-factor authentication only protected your Apple ID, preventing people from making purchases from your account. But if thieves were able to guess the answers to your security questions and recover your password, they could easily use third-party software to access your iCloud backup. Your photos, documents, text messages: All of it was up for grabs.

Check your e-mail, iCloud users: There's important information about Apple's new security measures.

That’s no longer the case. Ars Technica tried to install an iCloud backup with two-factor turned on using the most common software, made by Elcomsoft, and found it no longer worked.

Two-factor authentication works by requiring a second means of verification, aside from your password, to sign in to your accounts. That second method is usually an SMS code sent to your phone, which you then enter to gain access. If you don’t even have two-step verification turned on for your Apple ID, you’re forgiven. Apple buried the option in your settings and the process was cumbersome once you actually found it. It’s still not exactly easy to turn on two-step verification, but we created a handy how-to guide with step-by-step instructions.

Apple sent out an e-mail to iCloud users on Tuesday night with information about its security measures and how to use them. On Oct. 1, the company will let you generate app-specific passwords for third-party apps with access to your iCloud account, like Microsoft Outlook, BusyCal, and Mozilla Thunderbird. The new option prevents those apps from knowing your iCloud password and will keep your account safe.

The new security measures are too little, too late for celebrities like Jennifer Lawrence, but turning on two-factor authentication for every account that offers it is the safest way to protect your information.

Court throws out $368.2 million patent award against Apple

A U.S. appeals court has thrown out a US$368.2 million award against Apple in a patent infringement case brought by patent-holding and software company VirnetX.

The U.S. Court of Appeals for the Federal Circuit on Tuesday declined to invalidate VirnetX’s four Internet security-related patents, but ruled that Apple’s VPN On Demand service did not infringe one of the Nevada firm’s patents. The U.S. District Court for the Eastern District of Texas also erred in defining the value of the patented technology related to secure communications links in two patents, and should reexamine whether Apple’s FaceTime application infringes the two patents under a correct claim construction, the appeals court ruled.

The district court must also reconsider the jury’s damages award based on the appeals court ruling, the higher court said.

“In calculating the royalty base, [the district court] did not even try to link demand for the accused device to the patented feature, and failed to apportion value between the patented features and the vast number of non-patented features contained in the accused products,” Chief Judge Sharon Prost wrote for the appeals court.

VirnetX acquired the four VPN-related patents from SAIC in 2006. Two of the patents involve DNS and resolving domain names using secure communications links. The other two patents involve using DNS proxies to intercept Web traffic to determine whether a DNS request is for a secure site.

VirnetX, in a patent lawsuit filed in late 2012, accused Apple’s iPhone 5, iPod Touch 5th Generation, iPad 4th Generation, iPad mini and Mac computers running the Mountain Lion operating system of infringing the four patents.

VirnetX said it was disappointed with the appeals court’s decision. “We are bolstered by the fact that the patents were again found valid and that it was confirmed that Apple’s VPN on Demand functionality infringes the VirnetX patents,” Kendall Larsen, VirnetX CEO and president, said in a statement. “We look forward to readdressing the FaceTime infringement and damages issues as soon as possible.”

Apple representatives didn’t immediately respond to a request for comments on the appeals court decision.

Apple updates privacy policy: 'We sell great products,' not your data, says Tim Cook

Need another reason to upgrade to iOS 8? Apple can’t see any of your personal information if you have a passcode enabled on devices running the new OS. And if Apple can’t see it, the government can’t, either.

Apple CEO Tim Cook revealed the company’s new privacy measures in a Wednesday night letter that not-so-subtly slammed other tech companies like Facebook and Google.

“Our business model is very straightforward: We sell great products,” Cook said. “We don’t build a profile based on your e-mail content or web browsing habits to sell to advertisers. We don’t ‘monetize’ the information you store on your iPhone or in iCloud. And we don’t read your e-mail or your messages to get information to market to you. Our software and services are designed to make our devices better. Plain and simple.”

Apple launched a new privacy page detailing how it protects your data from prying eyes. If you’re using a device running iOS 8 and have a passcode activated, Apple can’t see any of the data behind the passcode. That includes photos, e-mails, messages, notes, call history, and contacts. Even if the police issue a warrant for that data, Apple said it’s “not technically feasible” to hand it over.

Apple can't see e-mails or messages on devices running iOS 8 with passcodes enabled.

Apple has worked tirelessly over the last few weeks to clarify and strengthen its security tools as it seeks to handle your most private information. iOS 8’s HealthKit will centralize the health and medical data third-party apps collect on you, with your permission, so Apple has put in place developer guidelines that prevent those apps from selling that data to advertisers. In the wake of the celebrity photo hacking scandal, the company addedtwo-step verification for iCloud backups. Apple has a slew of privacy measures put in place when it launches Apple Pay, a mobile payments platform that uses Near Field Communication technology baked into the iPhone 6 and iPhone 6 Plus. Apple Pay won’t store your financial information on your phone or on its servers, instead generating a one-time-use number, and will require Touch ID to authenticate your purchases.

HealthKit and Apple Pay have the potential to streamline your life, but they won’t find mass adoption until users are convinced that their information isn’t up for grabs—especially in the post-Snowden era. That’s where the iOS 8 passcode comes into play. But even before the new OS rolled out, Apple didn’t actually receive that many national security-related requests—less than 250 total in the first six months of this year.

“We have never worked with any government agency from any country to create a backdoor in any of our products or services,” Cook said. “We have also never allowed access to our servers. And we never will.”

 How virtual office technology changes everything

We’re in the middle of a sea of change that’s upending every aspect of computing as we know it. One of the biggest trends driving this change is the rise of the virtual office – the ability to relocate our workspaces from central offices to just about anywhere in the world. In every aspect of business, from file sharing to tech support, new tools and services collapse the entire world into an immediate, shared experience.

Here are five key ways that trend manifests itself today:

Work Follows You (Not the Other Way Around)

The commute to downtown. Wrestling your way into an anonymous cubicle. Outdated equipment that doesn’t work the way you want it to. The office as we know it hasn’t changed much in the last two or three decades, but virtual offices are finally revolutionizing all of it in one fell swoop. With technology like videoconferencing, remote access, and cloud-based storage you can work where you’re most productive, whether that’s your kitchen table or the coffee shop. Just bring your laptop and a wireless connection and let tools like LogMeIn Hamachi’s VPN software do the heavy lifting.

Shaking Up Support

Most organizations offer support of some kind, whether it’s tech support for company employees or offering live chat to customers experiencing trouble or prospective buyers with pre-sales questions. Managing a support operation used to require a large-scale help desk and call center: a huge investment for any company. That’s no longer needed thanks to the virtual office. Now you can engage support experts from anywhere with tools like LogMeIn Rescue. This enables support teams with live, remote access to the customer’s devices - no cubicle required. It also allows you to find hire best tech support crew regardless of their location, and to scale up for your busy season without having to worry about adding desks or buying more hardware. 

The End of Big Hardware

The virtual office doesn’t just do away with the front office, it’s replacing the back office as well. Not long ago running a tech-savvy company meant investing thousands of dollars in an array of high-end file servers, each gobbling up power, requiring special cooling, and reliant on an army of IT staff to keep running. Servers are now easily accessed via third-party providers which let you buy only the storage space and bandwidth you need for only as long as you need it. 

Software When You Want It

The flipside of outsourced hardware is SaaS, software as a service. Need a project management tool? Sign up for one online instead of buying dozens of software licenses and installing them on every computer in the organization. Ditto email, CRM, accounting, human resources, and just about any other business function you might conceivably need. Now it’s all is available through the cloud – which means it can reach your employees anywhere they happen to be, on any device they choose to use.

Backups You Can’t Forget

Dealing with backups at the enterprise level has become increasingly difficult as staff rosters have swollen. Not to mention, it’s always tough to get users to run backup software on a regular basis. Enter the virtual office, which gives you much greater control over what devices are backed up and when. Advanced, secure, centrally-managed backup software now protects all your organization’s computers no matter where they’re located, letting you scale up or down to easily back up all the devices in your worldwide organization.

5 more killer features Windows 9 should steal from Linux

If the latest Windows 9 leaks are any indication, some of the operating system's coolest new features will look a lot like what Linux users already enjoy: Like the virtual desktopsLinux users have had since the 90’s, and a centralized notification center like the one available in GNOME Shell.

Windows 9 also looks like it'll co-opt Ubuntu’s vision of a single operating system interface that can run on all form factors, complete with apps that run in windowed mode when it makes more sense to do so. Who would have imagined? Windowed applications are a big new feature in Windows.

Further reading: Windows 9 rumor roundup: Everything we know so far

But there are other great Linux features Microsoft should copy, too. And hey, I'm not just complaining here—Windows would legitimately be better if they stole these features. AsApple once said: “Redmond, start your photocopiers.”

A package manager (a.k.a. desktop app store)

One of the big new features in Windows 8 was the Windows Store. Well, Linux was doing “app stores” since before they were cool, and they were called package managers. A package manager is a centralized place for installing all your software so you don’t have to crawl the web.

Ubuntu's software center is a central desktop app store. (Click to enlarge images in this article.)

The Windows Store should have been a package manager, or desktop app store, full of all the desktop applications you’d want. On Linux, you can pop open your package manager and install anything from Steam to Firefox to LibreOffice to the Adobe Flash Player. All it takes is a few clicks—the software is downloaded and installed automatically, with no hopscotching through software installation wizards.

Instead, Microsoft went completely off the rails and invented a new sort of app (first known as “Metro apps” and since called “Modern apps,” “Immersive apps,” “Windows 8-style apps,” and finally “Store apps”). Most Windows users have no interest in using a full-screen calculator app on a desktop computer monitor—something Microsoft is just now finally realizing. To make matters worse, the Windows Store was ignored and left to the scammers. Rather than containing trickster apps that take your money only to guide you through installing free desktop software, the Windows Store should just contain the real desktop applications in the first place. As on Linux, there should be a single place for installing all your desktop apps.

Software repositories (aka an open app store)

On Linux, you aren’t just limited to your Linux distribution’s own “package repositories” the way you’re limited to Microsoft’s Windows Store on Windows and Apple’s Mac App Store on Mac OS X. Instead, anyone can make their own package repositories.

Keeping your far-flung programs up-to-date is a cinch with Linux's software repositories and package managers.

For example, when you install Google Chrome, Valve’s Steam, or even Microsoft’s own Skype on Linux, the package enables Google’s, Valve’s, or Microsoft’s software repository on your system. Software providers can add their own software to the package manager for easy installation while still hosting the software on their own servers.

This also means you can get all your application updates in one place. Your operating system updates, Google’s updates, and even Microsoft’s Skype updates all arrive in the same software-updating tool. Imagine if Windows Update were a streamlined application that let you easily see, install, and schedule updates for all of your installed applications—not just ones from Microsoft. Every desktop application shouldn’t need its own separate software updating-system.

Easy always-on-top

This may sound like a little feature, but it’s a huge one for window management. Every popular Linux desktop environment lets you right-click a window’s titlebar and select “Always on top.” That window will then appear always-on-top of other windows on your desktop, so you can easily look at it while using another application.

A Linux-like 'Always on top' option would scratch a long-untended itch for Windows users.

On Windows, you either have to rely on each application having its own separate always-on-top option or seek out an always-on-top utility that just isn’t as integrated. Windows desperately needs to steal this basic desktop window management feature.

Web app integration

Look, let’s be honest. Most Windows users aren’t touching those new “Store apps.” In fact, they’re probably using fewer traditional desktop apps, too. Desktop users are increasingly using web apps like Outlook.com, Facebook, and Google Docs.

Ubuntu realizes this and offers “web app integration”—an easy way for web services to integrate with your desktop environment. They're given their own shortcuts and taskbar entries, they display desktop notifications, and they all-around integrate with the operating system.

'Installing' web apps in Ubuntu Linux couldn't be easier—or more useful.

Gmail and Twitter are integrated in Ubuntu's desktop “messaging menu” so you can see new emails and tweets in one place. Rdio and Grooveshark are integrated with the music menu so you can see playback information and control music playback with the desktop environment’s standard interface and hotkeys, too. You don’t have to do anything special to set this up—just head to the website in your browser as you normally would, and Ubuntu will ask whether you want to “install” the web app.

Windows needs to do this sort of thing. Users shouldn't just have an almost-empty taskbar with everything running in their web browser. Microsoft should make nice with the web app ecosystem and help Windows folks use those web apps they’re already using, instead of focusing all their efforts on trying to kick-start another new proprietary app framework. The Amazon website is way better than Amazon’s “Store app,” and the same is true for many other services—including YouTube and all those Windows 8 banking “apps” with far fewer features than the banks’ official websites.

Tiling window management

Ubuntu's tiled windows management.

Some Linux desktop environments are built on tiling window management. In a nutshell, the window manager chooses where your windows should go instead of you. It “tiles” them so you don’t have to manually resize them and drag them around, fitting many windows on screen at the same time.

It’s a bit like Windows 8’s full-screen “Modern” interface, but actually useful on a desktop. You can have any number of apps tile on a large screen, and the apps can be tiled vertically in a grid, rather than only horizontally. (Windows Store apps "Snap" from left to right on your screen while multitasking.) This works with the same desktop apps you use elsewhere on the system. Sure, you can get tiling window management for Microsoft's operating system with third-party apps, but baking it into the Windows desktop—and allowing the touch interface to tile apps both vertically and horizontally—would be a major improvement.

Tiling window management has a long history that Microsoft is ignoring. Those who don’t know history are doomed to repeat it, and Microsoft is indeed repeating the history of tiling window management as they work in their tiling “Store app” interface.

But enough nitpicking! It’s good to see Microsoft actually remembering that people use Windows on desktop PCs again. Hopefully they’ll add more of these great Linux features in a future update to Windows—“Windows 9.1 Spring Update 1,” perhaps?

The five most common tech support nightmares

Every user of tech products has a story. They contact tech support or customer service, waste a lot of time, and end up no better off than they started. Sometimes, they end up worse.

The worst stories can go viral, and then the company at fault has a public relations disaster on its hands. That's something no company wants to deal with, and something many small or medium business would have a tough time bouncing back from.

To make you more aware of the most common tech support fails, here are five common experiences that drive customers crazy:

The scripted actor who cannot improvise

Almost every helpdesk uses scripts: a set of written instructions that the rep is required to read to you. These can be useful to ensure consistency in service interactions, but it can also become a crutch. Even if your problem doesn't fit the script, some tech reps will insist you follow it anyway.

Ruben Rocha couldn't get his home security system working, and then ran into a problem with the company's support. The rep insisted that he run tests he'd already ran, because it was clearly a wiring problem - something that Rocha knew it wasn't.

Make one mistake, compound it with another

Every company makes mistakes. The sign of a good company is that, when it makes a mistake, it promptly corrects itself and apologizes to the customer.

Unfortunately, far too often, attempts to fix the first mistake become opportunities to make another one. And because someone is in a hurry to get this problem off their back, the mistakes cascade, one after another.

A colleague of mine recently bought a $2,500 laptop with a $500-off coupon. It was supposed to cost him $2,000, but the vendor charged him the full $2,500. When he complained, instead of refunding the $500, they charged him another $500. When he complained again, they refunded only $500.

After four calls, he finally got the other $500 back.

The promises not kept

Sometimes, the tech person listens, figures out the problem, and offers a fix. They might even promise to send you instructions or a replacement part. But that promise is not always kept.

A Monster Cable technician promised to send one anonymous user an instructional video. She then forgot to send it. A follow-up call resulted in her forgetting to send it again.

The don't-bother-me technique

Some tech support representatives just want to get you out of their hair. So they tell you to do something that will keep you (but not them) busy for a long time, like reinstalling your operating system.

In many if not most cases, these suggestions are pointless, and can leave inexperienced tech users worse off.

Dell once told an anonymous user to reinstall Windows via a DVD. "They did not tell me that it would destroy my access to all the backups I ever made…including the factory image on my recovery partition."

The large staff that always passes the buck

You call customer service or tech support, explain your problem, and they transfer you to another department. Okay, that happens. No big deal.

Until it happens again. And again. And again. And each time you have to wait on hold before being transferred again. And then you get disconnected… on accident?

This happened to me a few years back. I bought and received a Dell PC, and then called to see if I could buy a Windows CD that I had intended to buy with the computer. I called Customer Service. They transferred me to Sales, who transferred me to Technical Support, who transferred me back to customer service, who…well, let's just say that, more than an hour later, someone finally hung up on me.

Far too often, customer service and technical support only make things worse. But with thorough training, a well-run help desk, and advanced tools, you can prevent most miscommunications and missed opportunities.

Bug infects Apple's iOS 8 HealthKit, delaying third-party app launches

A bug in Apple’s HealthKit—a back-end feature in iOS 8—is delaying the launch of outside developers’ fitness and health apps, the company said Wednesday.

HealthKit is a new tool for developers in iOS 8 designed to let their apps talk to Apple’s native health apps. HealthKit is meant to pull in information from other apps and devices, like calories burned or heart rate, and make it more useful. For instance, it could allow a nutrition app, with the user’s permission, to tell other fitness apps how many calories the person consumes in a day, Apple says.

It can also let data like blood pressure be shared automatically with a doctor.

“It just might be the beginning of a health revolution,” as Apple calls it.

The revolution, apparently, can wait. In a statement, Apple said it had discovered a bug in the system, preventing the release of compatible apps as scheduled for Wednesday alongside the launch of iOS 8.

“We’re working quickly to have the bug fixed in a software update and have HealthKit apps available by the end of the month,” a spokeswoman said via email.

Developers had planned to release new versions of their apps for HealthKit on Wednesday. The launch of at least one fitness app, Carrot Fit, apparently did not go as planned. “Just want today to be over with,” said developer Brian Mueller in a tweet later on Wednesday, after re-submitting the app to Apple.

HealthKit is separate from Apple’s new Health app in iOS 8, which gives users a viewable dashboard of their health and fitness data. That app appeared to be functioning fine on Wednesday.

The HealthKit bug and app delay is an unfortunate development for Apple as the company tries to make a new push into health and fitness. The company’s new Apple Watch also includes sensors and apps for health tracking, generating data that can be synced to people’s iPhones.

Apple CEO Tim Cook, during an interview this week with Charlie Rose, said the company was trying to help people build a comprehensive view of their lives, “which should empower you to take care of yourself over time.”

Ericsson buys Fabrix Systems for $95M to help put TV on any screen

The line between TV and mobile services is blurring, and in many cases that blur in between them is a cloud.

That’s the logic behind Ericsson’s planned US$95 billion acquisition of Fabrix Systems, which sells a cloud-based platform for delivering DVR (digital video recorder), video on demand and other services.

The acquisition is intended to help service providers deliver what Ericsson calls TV Anywhere, for viewing on multiple devices with high-quality and relevant content for each user. Cable operators, telecommunications carriers and other service providers are seeing rapid growth in video streaming and want to reach consumers on multiple screens. That content increasingly is hosted in cloud data centers and delivered via Internet Protocol networks.

Fabrix, which has 103 employees in the U.S. and Israel, sells an integrated platform for media storage, processing and delivery. Ericsson said the acquisition will make new services possible on Ericsson MediaFirst and Mediaroom as well as other TV platforms.

Stockholm-based Ericsson expects the deal to close in the fourth quarter. Fabrix Systems will become part of Ericsson’s Business Unit Support Solutions.

Other players usually associated with data networks are also moving into the once-specialized realm of TV. At last year’s CES, Cisco Systems introduced Videoscape Unity, a system for providing unified video services across multiple screens, and at this year’s show it unveiled Videoscape Cloud, an OpenStack-based video delivery platform that can be run on service providers’ cloud infrastructure instead of on specialized hardware.

Just five gangs in Nigeria are behind most Craigslist buyer scams

Five Nigerian criminal gangs are behind most scams targeting sellers on Craigslist, and they’ve taken new measures to make their swindles appear legitimate, according to a new study.

In a new innovation, they’re using professional check-writing equipment plus U.S.-based accomplices to not raise suspicions among their victims.

“I think the most surprising thing was the number of people in the U.S. participating in this scam,” said Damon McCoy, an assistant professor in the computer science department at George Mason University, in a phone interview.

McCoy and colleague Jackie Jones, of George Mason’s information technology department, seeded Craigslist with advertisements for laptops to see if they could attract scammers who target sellers.

Craigslist has many protections to weed out fraudulent product listings, “but little effort has been made to protect legitimate users receiving responses from fraudulent buyers,” according to their paper, due to be presented on Sept. 24 at the IEEE eCrime Research Summit in Birmingham, Alabama.

They priced the laptops at a 10 percent premium over similar goods listed on Amazon, which deterred all but one legitimate buyer.

The bogus buyers got in touch over email. To track where the scammers were based, Jones and McCoy responded with emails containing images of the products offered for sale. When the link was clicked on, the scammers real IP address was revealed.

Invariably, the senders were based in Nigeria. More than half of bogus payments received were linked to just five Nigeria-based groups, showing how buyer scams originate from a fairly small circle.

Surprisingly, the most profitable buying-related fraud didn’t involve spoofing fake payments from PayPal.

It works like this: The buyer tells the seller they can pay for an item with a certified check. The buyer says, however, that he can’t pick up the item and needs to user a “mover” agent.

The seller is quickly sent a check by FedEx or UPS from a U.S. address that is printed with professional check-writing equipment for well over the amount of the laptop, averaging about $1,500.

The seller is supposed to cash the check, keep the amount for the laptop and send the rest by Western Union to a mover agent, who is based in the U.S. The victims are also asked to ship the item.

Some U.S. banks will still “float” funds from a check before it has cleared, McCoy said. But the fake check will be discovered eventually, and the bank will try to recover the funds.

What was particularly interesting about this scam is that the checks were all sent from within the U.S., indicating that the groups in Nigeria recruited local help. That is a potential choke point for law enforcement trying to deal with the problem, the researchers wrote.

The checks were good enough to fool banks, which would begin processing them. McCoy said several banks thought the checks looked fine at first sight, with the correct routing numbers for the banks. Some of the phony checks were generated using VersaCheck software on legitimate check paper, with watermarks and other security features.

Most of the checks listed real businesses that were geographically close to the bank listed on the check.

The strong U.S. hook makes it unlikely that a victim would ever even know they were dealing with someone in Nigeria, McCoy said.

The fake check scam is much more profitable than PayPal scams that try to dupe the person into thinking they will be paid from an escrow account when an item is shipped.

In those cases, the scammer only gets an item, while in the check fraud, they will get cash and possibly an item as well.

OpenSSL warns vendors against using vulnerability info for marketing

Security advisories for OpenSSL should not be used for competitive advantage, according to the development project behind the widely used cryptography component.

The warning comes from the OpenSSL Project, which has published for the first timeguidelines for how it internally handles security problems, part of an ongoing effort to strengthen the project following the Heartbleed security scare in April.

High severity issues such as remote code execution vulnerabilities will be kept private within OpenSSL’s development team, ideally for no longer than a month until a new release is ready.

If an update is planned, a notification will be released on the openssl-announce email list, but “no further information about the issues will be given,” it said.

Some organizations that develop a general purpose OS that includes OpenSSL will be prenotified with more details about the patches in order to have a few days to prepare. But the OpenSSL Project warned that the more people that are notified in advance, “the higher the likelihood that a leak will occur.”

“We may withdraw notifying individual organizations from future prenotifications if they leak issues before they are public or over time do not add value (value can be added by providing feedback, corrections, test results, etc.),” it wrote.

If information on a vulnerability leaks, it makes it more likely that attackers may be able to figure out the software flaw and launch attacks before software products are patched.

The OpenSSL Project also advised that “it is not acceptable for organizations to use advance notice in marketing as a competitive advantage. It objects, for example, to marketing claims such as ‘if you had bought our product/used our service you would have been protected a week ago.’

OpenSSL has been undergoing an intense code review since the Heartbleed vulnerability was discovered in April. The flaw affected tens of thousands of websites across the Internet and many software applications.

OpenSSL is a cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption. Most websites use either SSL or TLS, which is indicated in browsers with a padlock symbol.

Exploiting Heartbleed could allow attackers to extract private SSL keys from a server and potentially decrypt traffic. In some cases, the flaw cause the server to leak user credentials.

Comcast's open Wi-Fi hotspots inject ads into your browser

Comcast is giving users a very good reason to demand an HTTPS connection on every site they visit. The Internet service provider has started injecting ads for its services on websites where you wouldn't normally see them when you're using an Xfinity public Wi-Fi hotspot.

Imagine, for example, you were browsing your favorite news site when suddenly a pop-up from Comcast appears at the bottom of your display—a behavior you'd never experienced on that site before. That's exactly what happened to former Wired editor Ryan Singelwhen he connected to a Comcast Xfinity hotspot earlier in September.

It appears Comcast has actually been doing this for months, but the program only recently came to light after a report by Ars Technica.

The injections can either be an alert to let users know they are connected to a Comcast hotspot, or inserted ads to promote Comcast's Xfinity mobile apps, a Comcast spokesperson told Ars. Comcast was not available for comment at this writing.

Comcast says it is doing this in part as a way to reassure users that they are connecting to an authentic Comcast hotspot. Security at public Wi-Fi hotspots is certainly an issue as hackers could make a hostile Wi-Fi router look like an authentic Xfinity hotspot.

Unfortunately, injecting JavaScript into a website where the code doesn't normally show up isn't the way to do it. Comcast's intentions may be sincere, but injecting JavaScript into a browser could create unintended security vulnerabilities for a malicious actor to exploit.

JavaScript is one of the building blocks of the modern web and you really can't experience numerous websites without it. But it can also be designed to behave maliciously—and your browser can often have a hard time distinguishing between good and bad code.

Comcast is far from the only ISP out there doing this. Many public Wi-Fi hotspot locations also inject ads into your browsing experience. The DSLReports forums, for example, show examples of BrightHouse Networks doing something similar.

So what's a user to do when even ISPs are trying to mess with your browser? Try forcing your browser to connect to websites using HTTPS via a browser extension such as The Electronic Frontier Foundation's HTTPS Everywhere for Chrome and Firefox. This removes the opportunity for Comcast to slip its ads into the web content you're viewing midstream, though not all websites support encrypted connections.

And, as always, you should use a virtual private network (VPN) when connecting over public Wi-Fi.