Don’t give up your wallet and plastic cards just yet — at least, not until Google Wallet gets a security update.

The Android-only service, which lets you pay with your smartphone, turns out to have a major security flaw. If someone gets hold of your phone, they can effectively hit the reset button on Google Wallet — and get themselves sent a new PIN number.

The flaw, uncovered by TheSmartphoneChamp.com, wasn’t the first vulnerability uncovered in Google Wallet this week. Zvelo, a malicious software detection service, found that Google Wallet could be hacked and the owner’s pin number obtained using an app. But that hack required a phone to be rooted.

The video below shows just how easy it is to access credit card information from Google Wallet. One major concern: Google Wallet is connected to your phone, not your Google account, so you can’t change your password online if your phone is lost or stolen.

Google said a fix would be available soon. ”We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card,” said a spokesperson.

“We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.”

The Google Wallet app was introduced in May 2011 and went live in September. It’s marketed as a paper-free way to store credit cards and pay for items with a tap on a PayPass pad using NFC technology. Shortly after its release, security concerns prompted Verizon to block the app from its Galaxy Nexus smartphone.

AT&T didn’t allow Google Wallet until recently. As Zvelo pointed out, that could have been due to the fact that AT&T, T-Mobile and Verizon had a network joint venture in ISIS — a direct competitor to Google Wallet.

By 2015, the value of all mobile money transactions is expected to reach $670 billion. Other companies, such as PayPal and Visa, have invested in their own mobile wallet technologies.

The Google Wallet website FAQ’s section says information stored on the app is protected by a chip called the Secure Element that operates separately from the phone’s main operating system.


Do you use Google Wallet? Are you concerned about someone stealing your information? Tell us in the comments.

Image courtesy of iStockphoto, oonal

More About: Google, google wallet, hack, mobile security, Secure Element, security

For more Dev & Design coverage:





Using Google+? Add Mashable to your circles. You’ll get the latest about new Google+ features and tips and tricks for using the platform as well as top social media and technology news.


You might have heard Google is in the process of changing the design of its controversial black Google Bar across the top of most of its products. The company announced in a blog post on Wednesday that its infamous Bar would be replaced with a pop-up that appears when you move your cursor over the Google logo.

Now, we found a quick hack that will give you a first look at the redesign, and it’s as easy as downloading an extension, loading it into a Google Chrome browser, changing a small bit of code and then enjoying that luxuriant new Google look that banishes the bar forever.

Want to say goodbye to that ugly black bar across the top of Google products? Follow our easy step-by-step tutorial below, and you’ll get to see the brand-new Google user interface before anyone else. Special thanks to Maximilian Majewski for this quick and easy hack.

UPDATE: Some readers are reporting the update is now present on their browsers and Google accounts. To save you some time, check to see if the update is on your account before going through this process.

Either way, you can now access and use this new user interface. What do you think? Is it an improvement over the old black bar? What would you like to see instead? Should Google give you a way to revert to the old black bar?

1. Get this Extension, then click Add to Chrome

Get the “Edit This Cookie” extension: http://goo.gl/CeKtT

Click here to view this gallery.

Update 2:

If you’d rather just follow a list, here it is, courtesy of Maxilian Majewski:

1. Go get this extension to change cookies. http://goo.gl/CeKtT
2. Load Google.com and right-click to edit the cookies.
3. Change “PREF” to this (try triple-clicking it):
ID=03fd476a699d6487:U=88e8716486ff1e5d:FF=0:LD=en:CR=2:TM=1322688084:LM=1322688085:S=McEsyvcXKMiVfGds
4. Don’t forget to save your changes at the bottom.
5. Reload and you have the new Google bar.

More About: Google Bar, hack, How-To, secret

For more Dev & Design coverage:





A nasty security bug in Skype‘s iOS app can lead to users’ personal information being stolen.

The cross-site scripting (XSS) vulnerability, demonstrated in the video below, is present in Skype 3.0.1 and earlier versions of Skype’s iOS app.

It lets an attacker create malicious JavaScript code that runs when the user views a text message in Skype’s chat window. The code can be used to access any file that the Skype app itself has access to, including the address book on your iPhone.

The technical explanation of the bug can be found here.

Skype is aware of the issue and is working on a fix. “We are working hard to fix this reported issue in our next planned release, which we hope to roll out imminently,” Skype said in a statement.

[via Superevr]

More About: hack, hackers, security, Skype, vulnerability

For more Dev & Design coverage:





nyc image

Rachel Sterne is Chief Digital Officer for the City of New York, where she focuses on the City’s digital media strategy. You can follow her on Twitter @RachelSterne or follow the City @nycgov.

Today is the last day to sign up for Reinvent NYC.GOV, the City’s first-ever hackathon. Civic-minded designers and developers who want to help improve NYC government are encouraged to apply at: reinventnycgov.com.

Why have we decided to invite the best and brightest of NYC’s tech community to help us improve NYC.gov? Here’s the backstory.


Improving Our Digital Footprint


When we asked New Yorkers for their input on New York City’s “Road Map for the Digital City,” one of the biggest topics of feedback was NYC.gov, the City government’s main digital presence.

Some New Yorkers praised the scope of information offered and ability to pay bills and look up records online. Others suggested we had room for improvement. Comments included: “NYC.gov is a little hard to navigate/search,” “NYC.gov could use a refresh” and “NYC.gov is just too unwieldy.” The refrain was clear: The site was muddy, but we had an opportunity to make NYC.gov more cohesive and user-centric while integrating it with different communication channels in social media.

Last week, New York City Government and General Assembly announced Reinvent NYC.GOV, our first-ever hackathon to help solve this challenge in an open, transparent, participatory environment.

Taking place July 30 to 31 at entrepreneurship-focused community learning space General Assembly, it’s an important step in our our Road Map to realize NYC’s digital potential. Here are a few reasons why we’re doing it:


Why NYC Is Hosting a Hackathon


  • 1. It will bridge sectors and connect the government and technology communities around a shared challenge.
  • 2. It will encourage collaborative problem-solving and a more open government. We’ve invited developers to share their ideas for improving a major digital “public space.” NYC.gov has almost as many visitors each year as Central Park and should be similarly cared for.
  • 3. It will create a mechanism for the public to share feedback and ideas for a website that exists to serve them.
  • 4. It can serve as a model for other governments, helping to affect national and international change.
  • 5. It will introduce creative and innovative concepts that could help to evolve NYC.gov to be more efficient and effective in serving and empowering New Yorkers.
  • 6. It will provide both individuals and teams with face-to-face access to the City’s decision makers.
  • 7. It creates a precedent and platform for evolving government through open innovation and participation.
  • 8. It will serve as the first step in a transparent design process. We want to gather as much input as possible. This is a way to move quickly to achieve our goals.
  • 9. It helps remove subjectivity from the design process by clearly showing what the public wants and needs.
  • 10. It equips developers with the internal data they need to make user experience decisions, such as analytics, as well as support from our tech partners, including DonorsChoose, ExpertLabs, Facebook, Foursquare, Google, Meetup and YouTube.

We think this model is an important part of New York City’s digital Road Map and feel that it can be an effective piece for other cities, as well. What are your ideas for the future of NYC.gov? Tell us in the comments below or tweet using the hashtag #reinventnycgov.


Image courtesy of Flickr, houyin

More About: dev, developer, government, hack, hackathon, new york, new york city, NYC, nyc.gov, Politics, Social Media

For more Dev & Design coverage:




Hacker collective Anonymous is preparing to launch its own social network called AnonPlus. The move comes after Google banned Anonymous’s Google+ account called “Your Anon News” due to a violation of its community standards.

Details about the project are scarce. Currently, AnonPlus.com is merely a splash page, containing a message that explains the group’s motives behind the project. “Welcome to the Revolution,” it says, “a new social network where there is no fear…of censorship…of blackout…nor of holding back”.

Another message on the site explains that the project is for “all people not just anonymous,” adding that the actual site will go up soon but it will not happen overnight.

A link to the developer forum, where a possible user interface and design ideas are discussed, shows that the project is indeed in a very early stage.

A somewhat similar project, Diaspora, aimed to create an open-source social network as an answer to Facebook. After launching in late 2010, however, there has been no significant news about the project.

[via Wired]

More About: Anonplus, anonymous, hack, hackers, social network

For more Dev & Design coverage:

It’s clear that there are many, many ways to hack your Facebook profile. New profiles began appearing in December and here at Mashable we rounded up some of the best initial ones and then 10 more creative profiles from readers. Now, here are another 10 that illustrate the open-ended nature of Facebook profile page designs.

Do you have a good one? Please send it our way.

1. Arto Remes




Remes, a Finnish ad exec, offers a somewhat melancholy portrait of himself driving.

2. Chris Monroe

Professional photographer Monroe uses his profile to strut his stuff.

3. Nasir Jumani

Jumani, a Pakistani engineer, shows himself doing what we’re likely doing when we visit his page.

4. Suzi George

George’s is one of those profiles that just makes you want to go “awww.”

5. Luke Brown

Angry young man Luke Brown appears to be coming through the page.

6. Isaac M. Vicci

Watch what you say on Isaac’s wall. He’s watching.

7. Paolo Villanueva

Villanueva’s page explores the outer limits of cuteness.

8. Amy Priscilla Kim

Kim’s profile hints at what Jackson Pollack might have done with a Facebook profile.

9. Kibar Al-Uqab

Al-Uqab is obviously a big fan of Nikon.

10. Niki Atanasov

Atanasov, of Bulgaria, shows how effective a full-bleed profile shot can be.


More Social Media Resources from Mashable:


10 More Creative Uses of the New Facebook Profile [PICS]
10 Cool Facebook Status Tips and Tricks
6 Reasons Why Social Games Are the Next Advertising Frontier
3 Things Brands Must Do to Reach Millennials Online
How Social Media Can Help With Your Long Distance Job Search

More About: facebook, facebook profile, hack, pics, social media, trending




Hackers are cashing out after stealing credit card numbers from Lush’s UK website, which was shut down on Friday and replaced with a message that warns customers that their account information may have been compromised.

According to the message, anyone who made online purchases on the handmade cosmetic company’s UK site between October 4th and January 20th is at risk of having their credit cards used fraudulently.

Lush also left a message for the hacker:

“If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job – were it not for the fact that your morals are clearly not compatible with ours or our customers.”

We’re sure that the hackers are absolutely broken up about the scolding — especially since comments on the cosmetic company’s Facebook profile make it clear that they have started a shopping spree on Lush customers’ dime.

Several customers detail purchases made using their stolen credit card information. Others express anger over the length of time that Lush waited after discovering that hackers had penetrated the site on Christmas Day.

Hilary Jones, ethical director at Lush, told the BBC that the company used the time between Christmas and Friday to investigate what the hacker’s intentions were (perhaps they were just looking for information on bath soaps?). When it became obvious that the hackers had started to make small test purchases using Lush customers’ credit cards, Lush shut down its site.

Other companies like Trapster-maker Reach Unlimited and Gawker Media, on the other hand, notified customers almost immediately when their sites were compromised recently.

A temporary Lush UK website, which prudently will only accept PayPal payments, is scheduled to be launched in a few days. But it might be a while before its customers muster enough forgiveness to shop there.

More About: credit-card, e-commerce, hack, Lush, security




As a class, developers have had a fantastic year in 2010.

We’ve made headlines, grabbed the limelight, been vilified and glorified beyond all reason and gotten paid pretty nicely along the way. And the bubble of consumer web apps just continues to swell, so there are no signs (yet) that 2011 will bring anything short of grandeur for the web and mobile development communities.

Looking ahead to what the coming year might hold, there are a few sure bets and a few speculations we’d like to offer. Some are, as noted, almost certainly bound to come true. Others are more along the lines of hopes and prayers than hard-and-fast predictions we’d stake money on.

With that in mind, here are 10 things we think the world of hacking will hold in 2011.


1. There Will Be a Need to Understand and Optimize for All Form Factors


Even the most brainless of “social media gurus” could tell you this one. With the surging popularity and newfound accessibility and affordability of smartphones — thanks in large part to the growth of the Android platform — we’ve had to optimize for the mobile web and learn about mobile applications a lot in the past year in particular.

Now, as tablets begin to creep into the market, we’re having to craft new experiences for those, as well. We’re constantly forced to consider form factor when creating new sites and apps. Will it run Flash? What about screen resolution? Font size?

Almost every developer worth his or her salt will have to become increasingly adept at developing for the myriad form factors set to dominate the gadget market in 2011.


2. There Will Be Breakout, Cross-Platform Mobile Development Tools


With all the mobile growth that’s been occurring, especially given the current state of the iOS/Android market shares, the time has never been riper for a great mobile framework, SDK or IDE to enter the arena.

Hopefully, sometime in 2011, we’ll see a new group of flexible and robust tools that can facilitate app development for any number of operating systems — including tablet-specific or forked OSes. We’re talking more than WYSIWYG, DIY app-builders and more than iPhone-to-Android porting tools; we want to see serious, mobile-centric power tools in 2011.


3. Investment in Cloud-Based, Collaborative Development Tools


We’ve seen some interesting starts in community-based, online coding. There are a few collaborative code editing apps, some of them with real-time capabilities.

We’re looking forward to seeing more and better apps for cloud-based, collaborative coding in 2011 — something like a better Wave, created specifically with hackers in mind. This will allow for better and faster work to be generated by an increasingly decentralized hacker community. It’ll also pave the way for improved on-the-job learning and open-source hacking.


4. WYSIWYG Tools Get Better and Grow


While WYSIWYG tools of the past — and, who are we kidding, the present — often lead to spaghetti code of the ugliest variety, we just keep seeing more and more of them.

We’re going out on a limb and predicting (or hoping) that WYSIWYG and split-screen (WYSIWYG and code) developer tools become more sophisticated. Whether they get better or not, they’re definitely going to continue to proliferate, especially for the novice coder and the DIY non-coder markets. Still, we’re being told the code on the other side of the GUIs is getting better all the time.

Who knows? 2011 could be the year WYSIWYGs stop sucking.


5. We’ll Keep Building “Touchable,” App-like UIs


Facebook Mobile Privacy

All that stuff we said earlier about form factors kind of applies here, too, but in reverse. Your sites will have to look better on mobile devices and tablets, yes; but also, they’ll continue to natively look and feel more like mobile and tablet apps.

Some folks, a couple of Mashable staffers included, aren’t happy about the app-itization of the entire Internet. Call us old-fashioned, but we like our websites to be websites and our mobile apps to be mobile apps.

The average consumer, however, seems to delight in the shiny, touchable, magazine-like interfaces taking over the iPad and similar devices. Expect to be asked to make more and more app-like sites in 2011.


6. There Will Be a Higher Standard for Web and Mobile Security


The past year has been a bit of a horror show when it comes to web security. There have been a handful of high-profile hacks that exposed user data to the world; there was also much confusion on the user’s side of the screen as to how security works on a personal level.

We predict — nay, we dream — that in 2011, developers of consumer-facing apps will be extra careful with things like data encryption, user privacy controls and other security issues.


7. Third-Party App Development Will Plateau


Building a Facebook app or a Twitter app was all the rage in 2009, but something shifted in 2010, right around the time of Twitter’s Chirp developer conference: Developers found out that building on someone else’s platform was a good way to set yourself up for failure, especially when the platform decides to shift direction, change its APIs, acquire a competitor, or simply change its terms of use.

We predict that developing these kinds of apps will plateau and even taper off in 2011. The web is glutted with third-party social media tools; many devs are beginning to realize there’s more money and more interesting challenges elsewhere. In the end, social networks will be more interesting to advertisers large and small than to independent and third-party developers.


8. Ruby Will Get Some Cool Optimizations and Tools


We’ve seen lots of cool tricks and optimization tweaks around Python and PHP; 2011, however, will be the year for better Ruby tools.

The Ruby language is becoming extremely popular in developing consumer-facing web apps, and we’re sure to see some big-name companies release open-source tools and even improvements to the Ruby core — think along the lines of what Facebook did last year with HipHop or Google’s Unladen Swallow project.


9. NoSQL Technologies Will Stake Their Ground


We’ve seen and heard interesting things from the NoSQL corners of the web this year… and by “interesting,” we don’t necessarily mean “good.”

NoSQL technologies have had some high-profile hiccups this year (remember that MongoDB/Foursquare disaster?), but we’ve been assured that what doesn’t kill NoSQL only makes it stronger and more stable.

That being said, we’re not predicting the demise of MySQL any time soon. As one astute Twitter friend wrote, “Relational databases have their place, as do NoSQL solutions. To blindly choose one over the other is shortsighted.”


10. Open-Source Software Will See Unprecedented Growth


Open-sourcing interesting or unused tech is a trend we like to see from companies like Google and Facebook. In fact, we hope to see even more open-source contributions from proprietary software giants in 2011.

It’s not just the big players who are writing great open-source code. We know a lot of web startups are working on internal tools that’ll also be open-sourced in 2011. There are more youngsters (and not-so-youngsters) joining the ranks of hackers every year; many of them are being encouraged by sites like this one to make valuable contributions to the open-source community.

We predict more awesome open-source software than ever in 2011. Will it be a victory by Stallman‘s standards? Probably not, as it won’t be exclusive of proprietary software creation, sale and licensing. But the trend toward more FOSS is a good one, and one that we’ll continue to report on in the year to come.


What Are Your Predictions?


In the comments, let us know your predictions for what 2011 may bring to the world of web and mobile development. And if you disagree with our predictions, let us know. They’re only educated guesses, after all; join the conversation.


More Dev & Design Resources from Mashable:


HOW TO: Make the Most of TextMate
Hacker Web Design: Words of Wisdom for Building Great Apps
5 Better Ways to Read “Hacker News”
A Beginner’s Guide to Integrated Development Environments
10 Chrome Web Apps to Check Out

Image courtesy of iStockphoto, loops7

More About: app development, coding, developers, development, hack, hacking, List, Lists, predictions, predictions-2011, web design, Web Development

For more Dev & Design coverage: