AI can run your work meetings now

Headroom is one of several apps advertising AI as the solution for your messy virtual/video meetings.

Enlarge / Headroom is one of several apps advertising AI as the solution for your messy virtual/video meetings. (credit: Headroom )

Julian Green was explaining the big problem with meetings when our meeting started to glitch. The pixels of his face rearranged themselves. A sentence came out as hiccups. Then he sputtered, froze, and ghosted.

Green and I had been chatting on Headroom, a new video conferencing platform he and cofounder Andrew Rabinovich launched this fall. The glitch, they assured me, was not caused by their software, but by Green’s Wi-Fi connection. “I think the rest of my street is on homeschool,” he said, a problem that Headroom was not built to solve. It was built instead for other issues: the tedium of taking notes, the coworkers who drone on and on, and the difficulty in keeping everyone engaged. As we spoke, software tapped out a real-time transcription in a window next to our faces. It kept a running tally of how many words each person had said (Rabinovich dominated). Once our meeting was over, Headroom’s software would synthesize the concepts from the transcript; identify key topics, dates, ideas, and action items; and, finally, spit out a record that could be searched at a later time. It would even try to measure how much each participant was paying attention.

Meetings have become the necessary evil of the modern workplace, spanning an elaborate taxonomy: daily stand-ups, sit-downs, all-hands, one-on-ones, brown-bags, status checks, brainstorms, debriefs, design reviews. But as time spent in these corporate conclaves goes up, work seems to suffer. Researchers have found that meetings correlate with a decline in workplace happiness, productivity, and even company market share. And in a year when so many office interactions have gone digital, the usual tedium of meeting culture is compounded by the fits and starts of teleconferencing.

Read 13 remaining paragraphs | Comments



Comcast raising TV and Internet prices, including a big hike to hidden fees

Comcast Xfinity cable television installation truck parked on a street in front of a suburban home, San Ramon, California, May 17, 2018. (Photo by Smith Collection/Gado/Getty Images)

Enlarge / Comcast Xfinity cable television installation truck parked on a street in front of a suburban home, San Ramon, California, May 17, 2018. (Photo by Smith Collection/Gado/Getty Images) (credit: Getty Images | Smith Collection | Gado)

Comcast is raising prices for cable TV and Internet service on January 1, 2021, with price hikes coming both to standard monthly rates and to hidden fees that aren’t included in advertised prices.

TV customers are getting an especially raw deal, as Comcast is adding up to $4.50 a month to the “Broadcast TV” fee and $2 to the Regional Sports Network (RSN) fee. That’s an increase of up to $78 a year solely from two fees that aren’t included in advertised rates.

As in past years, even customers who still are on promotional pricing will not be spared from the Broadcast TV and RSN fee increases. “Customers on promotional pricing will not see that pricing change until the end of the promotion, but the RSN and Broadcast TV fees will increase because they’re not part of the promotional pricing,” a Comcast spokesperson told Ars.

Read 12 remaining paragraphs | Comments

#biz-it, #comcast, #policy


SpaceX Starlink questions answered: “Wider beta” soon, no plan for data caps

Starlink logo imposed on stylized image of the Earth.

Enlarge / Starlink logo imposed on stylized image of the Earth. (credit: Starlink)

SpaceX Starlink engineers answered questions in a Reddit AMA (Ask Me Anything) on Saturday, covering topics such as data caps (which they hope to never implement), when the public beta will expand to more users, and how the satellite-broadband service will expand and change in the future.

“Starlink is an extremely flexible system and will get better over time as we make the software smarter. Latency, bandwidth, and reliability can all be improved significantly,” the engineers wrote under the Reddit username “DishyMcFlatface,” which is also SpaceX’s nickname for the Starlink satellite dish.

Here are some highlights from the AMA.

Read 30 remaining paragraphs | Comments

#biz-it, #satellite-broadband, #spacex, #starlink


OneWeb exits bankruptcy and is ready to launch more broadband satellites

Illustration of a boxy satellite orbiting the Earth.

Enlarge / Illustration of a OneWeb satellite. (credit: OneWeb)

OneWeb has emerged from Chapter 11 bankruptcy under new ownership and says it will begin launching more broadband satellites next month. Similar to SpaceX Starlink, OneWeb is building a network of low-Earth-orbit (LEO) satellites that can provide high-speed broadband with much lower latencies than traditional geostationary satellites.

After a launch in December, “launches will continue throughout 2021 and 2022, and OneWeb is now on track to begin commercial connectivity services to the UK and the Arctic region in late 2021 and will expand to delivering global services in 2022,” OneWeb said in an announcement Friday.

In March this year, OneWeb filed for bankruptcy and reportedly laid off most of its staff. In July, OneWeb agreed to sell the business to a consortium including the UK government and Bharti Global Limited for $1 billion. In the Friday announcement, OneWeb said it has secured “all relevant regulatory approvals” needed to exit bankruptcy.

Read 4 remaining paragraphs | Comments

#biz-it, #low-earth-orbit-satellites, #oneweb, #satellite-broadband, #spacex, #starlink


Comcast to enforce 1.2TB data cap in entire 39-state territory in early 2021

Illustration of a Comcast Internet user being yanked away from a computer monitor and other equipment.

Enlarge (credit: Aurich Lawson / Getty Images)

Comcast’s 1.2TB monthly data cap is coming to 12 more states and the District of Columbia starting January 2021. The unpopular policy was already enforced in most of Comcast’s 39-state US territory over the past few years, and the upcoming expansion will for the first time bring the cap to every market in Comcast’s territory.

Comcast will be providing some “courtesy months” in which newly capped customers can exceed 1.2TB without penalty, so the first overage charges for these customers will be assessed for data usage in the April 2021 billing period.

Comcast’s data cap has been imposed since 2016 in 27 of the 39 states in Comcast’s cable territory. The cap-less parts of Comcast’s network include Northeastern states where the cable company faces competition from Verizon’s un-capped FiOS fiber-to-the-home broadband service.

Read 19 remaining paragraphs | Comments

#biz-it, #comcast, #data-cap


Robots invade the construction site

Theresa Arevalo was in high school when she first tried finishing drywall at her brother’s construction company. “It’s a fine art,” she says of mudding—applying and smoothing drywall. “Like frosting a cake, you have to give the illusion that the wall is flat.”

Fast-forward a few decades: Arevalo now works at Canvas, a company that’s built a robot using artificial intelligence that’s capable of drywalling with almost as much artistry as a skilled human worker.

The robot has been deployed, under Arevalo’s supervision, at several construction sites in recent months, including the new Harvey Milk Terminal at San Francisco International Airport and an office building connected to the Chase Center arena in San Francisco.

Read 18 remaining paragraphs | Comments

#ai, #biz-it, #canvas, #construction, #robots, #science


Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn

Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn

Enlarge (credit: Microsoft)

For years, Google and Mozilla have battled to keep abusive or outright malicious browser extensions from infiltrating their official repositories. Now, Microsoft is taking up the fight.

Over the past several days, people in website forums have complained of the Google searches being redirected to oksearch[.]com when they use Edge. Often, the searches use cdn77[.]org for connectivity.

After discovering the redirections weren’t an isolated incident, participants in this Reddit discussion winnowed the list of suspects down to five. All of them are knockoffs of legitimate add-ons. That means that while the extensions bear the names of legitimate developers, they are, in fact, imposters with no relation.

Read 10 remaining paragraphs | Comments

#add-ons, #biz-it, #browsers, #edge, #extensions, #microsoft, #tech


Google is testing end-to-end encryption in Android Messages

Stylized illustration of a padlock.

Enlarge / Security padlock in circuit-board background. (credit: Getty Images | Yuichiro Chino)

Google has begun rolling out end-to-end encryption for Rich Communication Service, the text-messaging standard the industry giant is pushing as an alternative to SMS.

Abbreviated as RCS, Rich Communication Service provides a, well, richer user experience than the ancient SMS standard. Typing indicators, presence information, location sharing, longer messages, and better media support are key selling points. They lead to things like better-quality photos and videos, chat over Wi-Fi, knowing when a message is read, sharing reactions, and better capabilities for group chats. As Ars Review Editor Ron Amadeo noted last year, RCS interest from carriers has been tepid, so Google has been rolling it out with limited support.

Google said on Thursday that it has now completed its worldwide rollout of RCS and is moving to a new phase—end-to-end encryption. Interest in end-to-end encryption has mushroomed over the past decade, particularly with revelations from Edward Snowden of indiscriminate spying of electronic communications by the NSA.

Read 3 remaining paragraphs | Comments

#biz-it, #tech


AT&T raises DirecTV prices again amid customer losses and possible sale

A DirecTV satellite dish mounted to the outside of a building.

Enlarge / A DirecTV satellite dish seen outside a bar in Portland, Oregon, in October 2019. (credit: Getty Images | hapabapa)

AT&T has announced another round of price hikes for DirecTV satellite and U-verse TV services, with monthly prices set to rise up to $9 starting January 17, 2021.

“Due to increased programming costs, we’re adjusting the price of our video packages,” AT&T said in a notice on its website. “Periodically, TV network owners increase the fees they charge DirecTV for the right to broadcast their movies, shows, and sporting events.” Of course, AT&T itself determines some of these programming prices because it owns Time Warner.

A $5 monthly increase is coming to DirecTV’s 160-channel “Entertainment” package, which currently has a standard rate of $97 a month. A $7 monthly increase is coming to the 185-channel Choice package, currently at $115 a month. A $9 increase is coming to both the 250-channel Ultimate package (currently $142) and the 330-channel Premier package (currently $197).

Read 11 remaining paragraphs | Comments

#att, #biz-it, #directv, #u-verse


Massive, China-state-funded hack hits companies around the world, report says

A motherboard has been photoshopped to include a Chinese flag.

Enlarge / Computer chip with Chinese flag, 3d conceptual illustration. (credit: Steve McDowell / Agefotostock)

Researchers have uncovered a massive hacking campaign that’s using sophisticated tools and techniques to compromise the networks of companies around the world

The hackers, most likely from a well-known group that’s funded by the Chinese government, are outfitted with both off-the-shelf and custom-made tools. One such tool exploits Zerologon, the name given to a Windows server vulnerability, patched in August, that can give attackers instant administrator privileges on vulnerable systems.

Symantec uses the code name Cicada for the group, which is widely believed to be funded by the Chinese government and also carries the monikers of APT10, Stone Panda, and Cloud Hopper from other research organizations. The group has been active in espionage-style hacking since at least 2009 and almost exclusively targets companies linked to Japan. While the companies targeted in the recent campaign are located in the United States and other countries, all of them have links to Japan or Japanese companies.

Read 9 remaining paragraphs | Comments

#biz-it, #policy, #tech


Apple settles with states for $113M over iPhone battery throttling

An iPhone 6 pictured from behind, showing the Apple logo.

Enlarge / An iPhone 6. (credit: Getty Images | NurPhoto)

The attorneys general for 33 states and the District of Columbia have reached a $113 million settlement with Apple over allegations that the iPhone maker throttled performance in several generations of the device to conceal a design defect in the battery.

The states alleged that Apple throttled performance in aging iPhones without telling consumers it was doing it or why. That concealment violated states’ consumer protection laws, the attorneys general argued.

“Apple withheld information about their batteries that slowed down iPhone performance, all while passing it off as an update,” California Attorney General Xavier Becerra said when announcing the settlement. “Today’s settlement ensures consumers will have access to the information they need to make a well-informed decision when purchasing and using Apple products.”

Read 6 remaining paragraphs | Comments

#apple, #batteries, #battery-throttling, #batterygate, #biz-it, #iphone, #lawsuits, #policy, #settlements


FCC takes spectrum from auto industry in plan to “supersize” Wi-Fi

A wireless router seen near a woman using a laptop.

Enlarge (credit: Getty Images | Kittichai Boonpong | EyeEm)

The Federal Communications Commission today voted to add 45MHz of spectrum to Wi-Fi in a slightly controversial decision that takes the spectrum away from a little-used automobile-safety technology.

The spectrum from 5.850GHz to 5.925GHz has, for about 20 years, been set aside for Dedicated Short Range Communications (DSRC), a vehicle-to-vehicle and vehicle-to-infrastructure communications service that’s supposed to warn drivers of dangers on the road. But as FCC Chairman Ajit Pai today said, “99.9943 percent of the 274 million registered vehicles on the road in the United States still don’t have DSRC on-board units.” Only 15,506 vehicles have been equipped with the technology, he said.

In today’s decision, the FCC split the spectrum band and reallocated part of it to Wi-Fi and part of it to a newer vehicle technology. The lower 45MHz from 5.850GHz to 5.895GHz will be allocated to Wi-Fi and other unlicensed services.

Read 19 remaining paragraphs | Comments

#biz-it, #dsrc, #fcc, #policy, #wi-fi


Cisco rolls out fix for Webex flaws that let hackers eavesdrop on meetings

Promotional image for video-conferencing software.

Enlarge (credit: Cisco)

Cisco is rolling out fixes for three vulnerabilities in its Webex video-conference software that made it possible for interlopers to eavesdrop on meetings as a “ghost,” meaning being able to view, listen, and more without being seen by the organizer or any of the attendees.

The vulnerabilities were discovered by IBM Research and the IBM’s Office of the CISO, which analyzed Webex because it’s the company’s primary tool for remote meetings. The discovery comes as work-from-home routines have driven a more than fivefold increase in the use of Webex between February and June. At its peak, Webex hosted up to 4 million meetings in a single day.

The vulnerabilities made it possible for an attacker to:

Read 8 remaining paragraphs | Comments

#biz-it, #cisco, #vulnerabilities, #webex


Apple lets some Big Sur network traffic bypass firewalls

A somewhat cartoonish diagram illustrates issues with a firewall.

Enlarge (credit: Patrick Wardle)

Firewalls aren’t just for corporate networks. Large numbers of security- or privacy-conscious people also use them to filter or redirect traffic flowing in and out of their computers. Apple recently made a major change to macOS that frustrates these efforts.

Beginning with Big Sur released last week, some 50 Apple-specific apps and processes are no longer routed through firewalls like Little Snitch and Lulu. The undocumented exemption came to light only after Patrick Wardle, a security researcher at a Mac and iOS enterprise developer Jamf, disclosed the change over the weekend.

“100% blind”

To demonstrate the risks that come with this move, Wardle—a former hacker for the NSA—demonstrated how malware developers could exploit the change to make an end-run around a tried-and-true security measure. He set Lulu to block all outgoing traffic on a Mac running Big Sur and then ran a small programming script that interacted with one of the apps that Apple exempted. The python script had no trouble reaching a command and control server he set up to simulate one commonly used by malware to receive commands and exfiltrate sensitive data.

Read 9 remaining paragraphs | Comments

#apple, #biz-it, #firewalls, #macos, #privacy, #security, #tech, #vpns


Hulu raises Live TV price to $65, matching YouTube TV’s latest price hike

Photo illustration of a remote control in front of a television screen displaying Hulu TV content.

Enlarge (credit: Getty Imagers | Chesnot )

Hulu is raising the monthly price of its live-TV streaming package from $54.99 to $64.99 starting on December 18, continuing a string of price hikes by online video services that offer an alternative to cable and satellite TV. The increase will apply to existing and new subscribers.

Hulu + Live TV debuted at $40 a month in mid-2017 but was up to $54.99 a month by December 2019. The new $64.99 monthly price is for the package with over 65 live channels plus access to Hulu’s ad-supported library of on-demand shows and movies.

Hulu also offers a Live TV plan with ad-free access to the streaming library. The price of this package will increase from $60.99 to $70.99 a month. There’s also a Live TV plan without Hulu’s streaming library, which is rising from $53.99 to $63.99.

Read 6 remaining paragraphs | Comments

#biz-it, #hulu, #online-streaming


After Trump tweets Defcon hacking video, voting security experts call BS

After Trump tweets Defcon hacking video, voting security experts call BS

Enlarge (credit: Getty Images)

As President Trump continues to make unfounded claims of widespread election fraud, 59 of the world’s foremost experts on electronic voting are hitting back, saying that recent allegations of actual voting machine hacking “have been unsubstantiated or are technically incoherent.”

Monday’s letter came after almost two weeks of baseless and unfounded claims from Trump and some of his supporters that this month’s presidential election had been “rigged” in favor of President-elect Joe Biden. On Thursday, Trump started a new round of disinformation when he took to Twitter to say that polling machines made by Dominion Voting deleted 2.7 million Trump votes around the country.

Vulnerabilities aren’t exploits

Over the weekend, Trump tweeted a video from last year’s Defcon hacker convention. It showed attendees participating in an event called the voting machine hacking village. Organizers of the event held it to raise awareness about the importance of security in electronic voting. Some of the event organizers were beside themselves that Trump was using the video as innuendo that voting machine hacking played a role in the results of this month’s election, or in any election ever, for that matter.

Read 7 remaining paragraphs | Comments

#biz-it, #elections, #electronic-voting, #hacking, #policy, #tech


Mac certificate check stokes fears that Apple logs every app you run

Digital Composite Image Of Businessman Using Laptop With Icons At Desk

Enlarge (credit: Getty Images)

Last Thursday afternoon, Mac users everywhere began complaining of a crippling slowdown when opening apps. The cause: online certificate checks Apple performs each time a user opens an app not downloaded from the App Store. The mass upgrade to Big Sur, it seems, caused the Apple servers responsible for these checks to slow to a crawl.

Apple quickly fixed the slowdown, but concerns about paralyzed Macs were soon replaced by an even bigger worry—the vast amount of personal data Apple, and possibly others, can glean from Macs performing certificate checks each time a user opens an app that didn’t come from the App Store.

For people who understood what was happening behind the scenes, there was little reason to view the certificate checks as a privacy grab. Just to be sure, though, Apple on Monday published a support article that should quell any lingering worries. More about that later—first, let’s back up and provide some background.

Read 15 remaining paragraphs | Comments

#biz-it, #tech


US gov’s CISO takes leave to help Trump search for election fraud

Four men sitting in front of computers in a workplace.

Enlarge / These Trump allies are part of a group hunting for voter fraud. From left to right, Thomas Baptiste, Matthew Braynard, Camilo Sandoval, and Witold Chrabaszcz on November 14, 2020 in Vienna, Virginia. (credit: Getty Images | The Washington Post)

The US government’s chief information security officer (CISO) is taking time off from his official duties to help President Trump’s so-far-fruitless search for election fraud.

Camilo Sandoval worked on Trump’s 2016 campaign and has been the federal CISO, a position in the White House’s Office of Management and Budget, since October of this year. But Sandoval is now spending his days working for the newly formed Voter Integrity Fund, which is reportedly “run by government employees and former Trump campaign staffers who are analyzing voter data in six key states.”

Ethics rules require federal employees to keep political activity and government work separate. Sandoval said he isn’t breaking any rules, The Washington Post reported yesterday:

Read 11 remaining paragraphs | Comments

#biz-it, #camilo-sandoval, #election, #policy, #trump


The old way of handing out corporate hardware doesn’t work anymore

Choose your weapons.

Enlarge / Choose your weapons. (credit: Aurich Lawson / Getty Images)

With many organizations now having a significant portion of staff working remotely—and as things are looking, this is going to be the longterm reality—the old model of how companies support a “mobile” workforce is not exactly holding up well.

I’ve already covered some of the issues related to having a home-based workforce in previous articles in this series. Some companies are now giving employees an allowance to upgrade their home office to something more suitable for longterm habitation. And we’ve already gone over the network security and architecture challenges that come into play as well.

But as we push closer to a full year of full- or part-time home work with no end in sight, the old model for what is considered “mobile worker” support on the hardware front is starting to show some serious gaps.

Read 22 remaining paragraphs | Comments

#biz-it, #byod, #feature, #feature-report, #features, #future-of-collaboration, #work-from-home


Hackers can use just-fixed Intel bugs to install malicious firmware on PCs

Hackers can use just-fixed Intel bugs to install malicious firmware on PCs

Enlarge (credit: Getty Images)

As the amount of sensitive data stored on computers has exploded over the past decade, hardware and software makers have invested increasing amounts of resources into securing devices against physical attacks in the event that they’re lost, stolen, or confiscated. Earlier this week, Intel fixed a series of bugs that made it possible for attackers to install malicious firmware on millions of computers that use its CPUs.

The vulnerabilities allowed hackers with physical access to override a protection Intel built into modern CPUs that prevents unauthorized firmware from running during the boot process. Known as Boot Guard, the measure is designed to anchor a chain of trust directly into the silicon to ensure that all firmware that loads is digitally signed by the computer manufacturer. Boot Guard protects against the possibility of someone tampering with the SPI-connected flash chip that stores the UEFI, which is a complex piece of firmware that bridges a PC’s device firmware with its operating system.

Hardware-enforced security

These types of hacks typically happen when attackers attach hardware to the insides of a computer and use Dediprog or similar chip programming tools to replace authorized firmware with malicious firmware.

Read 9 remaining paragraphs | Comments

#biz-it, #boot-guard, #intel, #management-engine, #physical-attacks, #tech


Hackers sponsored by Russia and North Korea are targeting COVID-19 researchers

Hackers sponsored by Russia and North Korea are targeting COVID-19 researchers

Enlarge (credit: Getty Images)

Hackers sponsored by the Russian and North Korean governments have been targeting companies directly involved in researching vaccines and treatments for COVID-19, and in some cases, the attacks have succeeded, Microsoft said on Friday.

In all, there are seven prominent companies that have been targeted, Microsoft Corporate VP for Customer Security & Trust Tom Burt said. They include vaccine makers with COVID-19 vaccines in various clinical trial stages, a clinical research organization involved in trials, and a developer of a COVID-19 test. Also targeted were organizations with contracts with or investments from governmental agencies around the world for COVID-19-related work. The targets are located in the US, Canada, France, India, and South Korea.

“Microsoft is calling on the world’s leaders to affirm that international law protects health care facilities and to take action to enforce the law,” Burt wrote in a blog post. “We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate—or even facilitate—within their borders. This is criminal activity that cannot be tolerated.”

Read 6 remaining paragraphs | Comments

#biz-it, #policy


Broadband power users explode, making data caps more profitable for ISPs

An illustration of $100 bills being sucked into an Internet connection.

Data cap cash. (credit: Aurich Lawson | Getty Images)

The number of broadband “power users”—people who use 1TB or more per month—has doubled over the past year, ensuring that ISPs will be able to make more money from data caps.

In Q3 2020, 8.8 percent of broadband subscribers used at least 1TB per month, up from 4.2 percent in Q3 2019, according to a study released yesterday by OpenVault. OpenVault is a vendor that sells a data-usage tracking platform to cable, fiber, and wireless ISPs and has 150 operators as customers worldwide. The 8.8- and 4.2-percent figures refer to US customers only, an OpenVault spokesperson told Ars.

More customers exceeding their data caps will result in more overage charges paid to ISPs that impose monthly data caps. Higher usage can also boost ISP revenue because people using more data tend to subscribe to higher-speed packages.

Read 11 remaining paragraphs | Comments

#att, #biz-it, #broadband, #comcast, #data-caps, #openvault, #policy


SpaceX Starlink has some hiccups, as expected, but users are impressed

A SpaceX Starlink satellite dish placed on the ground in a forest clearing.

Enlarge / Starlink satellite dish and equipment in the Idaho panhandle’s Coeur d’Alene National Forest. (credit: Wandering-coder)

When SpaceX opened the Starlink public beta last month, the company told users to expect “brief periods of no connectivity at all” over the first few months. It’s one of the reasons that SpaceX calls this testing period the “Better Than Nothing” beta.

Early reports from Starlink beta testers confirm that users are suffering from this problem to some extent. But Starlink’s overall performance has wowed beta testers, many of whom previously had no access to modern broadband speeds.

“Link stability is a little rough,” Reddit user Exodatum wrote on the Starlink subreddit yesterday. “We’re getting jumps bad enough to disconnect us from connection-sensitive servers every 5-10 minutes, but things like Netflix are working perfectly. We watched Airplane! as an inaugural stream and it was fabulous.” (Buffering deployed by Netflix and other streaming services can keep videos running when there are brief Internet problems.)

Read 13 remaining paragraphs | Comments

#biz-it, #satellite-broadband, #spacex, #starlink


DNS cache poisoning, the Internet attack from 2008, is back from the dead

Extreme close-up photograph of Web browser window.

Enlarge (credit: Henrik 5000 / Getty Images)

In 2008, researcher Dan Kaminsky revealed one of the more severe Internet security threats ever: a weakness in the domain name system that made it possible for attackers to send users en masse to imposter sites instead of the real ones belonging to Google, Bank of America, or anyone else. With industrywide coordination, thousands of DNS providers around the world installed a fix that averted this doomsday scenario.

Now, Kaminsky’s DNS cache poisoning attack is back. Researchers on Wednesday presented a new technique that can once again cause DNS resolvers to return maliciously spoofed IP addresses instead of the site that rightfully corresponds to a domain name.

“This is a pretty big advancement that is similar to Kaminsky’s attack for some resolvers, depending on how [they’re] actually run,” said Nick Sullivan, head of research at Cloudflare, a content-delivery network that operates the DNS service. “This is amongst the most effective DNS cache poisoning attacks we’ve seen since Kaminsky’s attack. It’s something that, if you do run a DNS resolver, you should take seriously.”

Read 15 remaining paragraphs | Comments

#biz-it, #cache-poisoning, #dan-kaminsky, #dns, #domain-name-system, #tech


SITREP: Azerbaijan’s drone war expands with Reaper-like TB2

(video link)

The renewed war between Azerbaijan and Armenia over the Nagoro-Karabakh region has captured the attention of military strategists worldwide, including the United States, because of the degree to which drones have changed the battlefield. While the wide-open, rugged terrain of the region has played a role, Turkish- and Israeli-built remotely piloted vehicles are dominating the battlefield, causing strategists to think a lot about land-battle tactics—and about the value of tanks in the 21st century.

Azerbaijan has been using a number of weapons systems from both Turkey and Israel, including the Israeli Harop (seen in this Azerbaijani pop music video) and Orbiter-1k drones. Both are “loitering munitions”—i.e., drones that carry warheads and crash into their targets.

Read 4 remaining paragraphs | Comments

#arms-control, #arms-embargo, #azerbaijan, #bayractash, #biz-it, #bombardier, #canada, #drone-warfare, #harop, #harpy-drone, #mq-9a-reaper, #orbiter-1k, #policy, #tanks, #tb2, #turkish-security-forces, #wescam


Ajit Pai urged to accept Trump loss and stop controversial rulemakings

All five FCC commissioners sitting at a table in front of microphones at a congressional hearing.

Enlarge / From left to right, Federal Communication Commission Chairman Ajit Pai and commissioners Michael O’Rielly, Brendan Carr, Jessica Rosenworcel, and Geoffrey Starks testify before the House Communications and Technology Subcommittee on December 05, 2019 in Washington, DC. (credit: Getty Images | Chip Somodevilla)

Congressional Democrats yesterday called on Federal Communications Commission Chairman Ajit Pai to “immediately stop work on all partisan, controversial items” in recognition of Joe Biden’s election victory over President Donald Trump.

It has been standard practice to halt controversial rulemakings in the period between an election and inauguration when control of the White House switches from Republicans to Democrats or vice versa. In November 2016, Pai himself called on then-Chairman Tom Wheeler to “halt further action on controversial items during the transition period.” Wheeler complied one day later.

But things could be different this time, because Trump is contesting the election despite Biden’s clear victory and making baseless allegations that the election was stolen by Democrats. The Trump administration has refused to formally begin the presidential transition and has reportedly continued budget planning and vetting candidates for job openings as if there will be a second Trump term. To comply with Democrats’ request to the FCC, Pai would effectively have to concede Trump’s defeat before Trump himself does so.

Read 9 remaining paragraphs | Comments

#ajit-pai, #biden, #biz-it, #democrats, #fcc, #policy, #presidential-transition, #trump


Ubuntu fixes bugs that standard users could use to become root

Image of ones and zeros with the word

(credit: Pixabay)

Ubuntu developers have fixed a series of vulnerabilities that made it easy for standard users to gain coveted root privileges.

“This blog post is about an astonishingly straightforward way to escalate privileges on Ubuntu,” Kevin Backhouse, a researcher at GitHub, wrote in a post published on Tuesday. “With a few simple commands in the terminal, and a few mouse clicks, a standard user can create an administrator account for themselves.”

The first series of commands triggered a denial-of-service bug in a daemon called accountsservice, which as its name suggests is used to manage user accounts on the computer. To do this, Backhouse created a Symlink that linked a file named .pam_environment to /dev/zero, changed the regional language setting, and sent accountsservice a SIGSTOP. With the help of a few extra commands, Backhouse was able to set a timer that gave him just enough time to log out of the account before accountsservice crashed.

Read 5 remaining paragraphs | Comments

#biz-it, #desktop, #root, #tech, #ubuntu, #vulnerabilities


Alphabet delivers wireless Internet over light beams from 20km away

A wireless communication terminal on the rooftop of a large building in Kenya.

Enlarge / Piloting Taara’s wireless optical communication links in Kenya. (credit: Allphabet)

Alphabet will soon deliver wireless Internet over light beams in Kenya using a technology that can cover distances of up to 20km. Alphabet’s Project Taara, unveiled under a different name in 2017, conducted a series of pilots in Kenya last year and is now partnering with a telecom company to deliver Internet access in remote parts of Africa.

Kenya will get the technology first, with other countries in sub-Saharan Africa to follow. Project Taara General Manager Mahesh Krishnaswamy described the project in an announcement from Alphabet today:

Project Taara is now working with Econet and its subsidiaries, Liquid Telecom and Econet Group, to expand and enhance affordable, high-speed Internet to communities across their networks in Sub-Saharan Africa. Taara’s links will begin rolling out across Liquid Telecom’s networks in Kenya first, and will help provide high-speed connectivity in places where it’s challenging to lay fiber cables, or where deploying fiber might be too costly or dangerous—for example over rivers, across national parks, or in post-conflict zones.

Like fiber, without cables

Illustration of a Project Taara terminal delivering Internet access from a tall building to a remote area.

Illustration of a Project Taara terminal delivering Internet access from a tall building to a remote area. (credit: Alphabet)

Similar to fiber-optic cables, Taara’s technology uses light to transmit data, but without the cables. Krishnaswamy continued:

Read 3 remaining paragraphs | Comments

#africa, #alphabet, #biz-it, #kenya, #project-loon, #project-taara, #wireless-internet


Intel SGX defeated yet again—this time thanks to on-chip power meter

Intel SGX defeated yet again—this time thanks to on-chip power meter


Researchers have devised a new way to remotely steal cryptographic keys from Intel CPUs, even when the CPUs run software guard extensions, the in-silicon protection that’s supposed to create a trusted enclave that’s impervious to such attacks.

PLATYPUS, as the researchers are calling the attack, uses a novel vector to open one of the most basic side channels, a form of exploit that uses physical characteristics to infer secrets stored inside a piece of hardware. Whereas most power side channels require physical access so attackers can measure the consumption of electricity, PLATYPUS can do so remotely by abusing the Running Average Power Limit. Abbreviated as RAPL, this Intel interface lets users monitor and control the energy flowing through CPUs and memory.

Leaking keys and a whole lot more

An international team of researchers on Tuesday is disclosing a way to use RAPL to observe enough clues about the instructions and data flowing through a CPU to infer values that it loads. Using PLATYPUS, the researchers can leak crypto keys from SGX enclaves and the operating system, break the exploit mitigation known as Address Space Layout Randomization, and establish a covert channel for secretly exfiltrating data. Chips starting with Intel’s Sandy Bridge architecture are vulnerable.

Read 14 remaining paragraphs | Comments

#biz-it, #cpu, #cryptography-keys, #intel, #sgx, #side-channel, #tech


Zoom lied to users about end-to-end encryption for years, FTC says

Zoom founder Eric Yuan speaking at Nasdaq.

Enlarge / Zoom founder and CEO Eric Yuan speaks before the Nasdaq opening bell ceremony on April 18, 2019, in New York City as the company announced its IPO. (credit: Getty Images | Kena Betancur )

Zoom has agreed to upgrade its security practices in a tentative settlement with the Federal Trade Commission, which alleges that Zoom lied to users for years by claiming it offered end-to-end encryption.

“[S]ince at least 2016, Zoom misled users by touting that it offered ‘end-to-end, 256-bit encryption’ to secure users’ communications, when in fact it provided a lower level of security,” the FTC said today in the announcement of its complaint against Zoom and the tentative settlement. Despite promising end-to-end encryption, the FTC said that “Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers’ meetings, and secured its Zoom Meetings, in part, with a lower level of encryption than promised.”

The FTC complaint says that Zoom claimed it offers end-to-end encryption in its June 2016 and July 2017 HIPAA compliance guides, which were intended for health-care industry users of the video conferencing service. Zoom also claimed it offered end-to-end encryption in a January 2019 white paper, in an April 2017 blog post, and in direct responses to inquiries from customers and potential customers, the complaint said.

Read 17 remaining paragraphs | Comments

#biz-it, #ftc, #policy, #security, #zoom, #zoomopener


What using AT&T’s 768kbps DSL is like in 2020—yes, it’s awful

A snail resting on a computer mouse, to illustrate slow Internet service.

Enlarge (credit: Getty Images | Synergee)

Millions of Americans live in broadband deserts with no access to anything resembling modern Internet service. But few people have it as bad as those who must rely on AT&T’s ancient DSL network.

Kathie McNamee of Raymond, Mississippi is one of those unlucky AT&T DSL customers. McNamee said she pays AT&T $35 a month for a 768kbps Internet plan that rarely works well enough to be usable for her, her husband, and two teenage sons. McNamee contacted Ars after reading a story about AT&T incorrectly claiming that certain homes in Mississippi had access to broadband when in fact AT&T isn’t capable of providing service to those addresses.

AT&T has received over $283 million from the Federal Communications Commission since 2015 to extend home-Internet service to over 133,000 potential customer locations in Mississippi. AT&T says it will exceed that requirement by the end-of-2020 deadline, but the company’s mapping mistakes have led to unpleasant surprises for customers who thought they’d get modern broadband.

Read 29 remaining paragraphs | Comments

#att, #biz-it, #broadband, #dsl, #fiber, #pandemic, #policy


GitHub’s source code was leaked on GitHub last night… sort of

The source code leak disappeared from GitHub itself very quickly—and didn't stay up on for very long after that.

The source code leak disappeared from GitHub itself very quickly—and didn’t stay up on for very long after that. (credit: Jim Salter)

Last night, developer and privacy activist Resynth1943 announced that GitHub’s source code had been leaked on GitHub itself, in GitHub’s own DMCA repository. It’s going to take some unpacking to talk about that, but first things first—this isn’t as big a deal as it might sound like.

GitHub Enterprise Server !=

Shortly after Resynth1943—who seems to have broken the news and described the code as having “just been leaked” by an unknown individual—reshared the announcement on Hacker News, GitHub CEO Nat Friedman showed up at HN to provide some context.

According to Friedman, the upload in question was actually of GitHub Enterprise Server, not the GitHub website itself. While the two share a considerable volume of code, the distinction is significant. Part of that significance is that GitHub itself was not actually hacked.

Read 15 remaining paragraphs | Comments

#biz-it, #code-leak, #github, #hacktivism, #open-source, #youtube-dl


Apple patches iOS against 3 actively exploited 0-days found by Google

A young woman is using her smartphone

Enlarge (credit: Getty Images)

Apple has patched iOS against three zero-day vulnerabilities that attackers were actively exploiting in the wild. The attacks were discovered by Google’s Project Zero vulnerability research group, which over the past few weeks has detected four other zero-day exploits—three against Chrome and a third against Windows.

The security flaws affect iPhone 6s and later, seventh-generation iPod touches, iPad Air 2s and later, and iPad mini 4s and later. The flaws are:

  • CVE-2020-27930, a code-execution vulnerability that attackers can trigger using maliciously crafted fonts
  • CVE-2020-27950, which allows a malicious app to obtain the locations in kernel memory, and
  • CVE-2020-27932, a bug that allows code to run with highly privileged system rights.

Apple has fixed the zero-days and other vulnerabilities with the release of iOS 14.2 earlier. Apple patched the same vulnerabilities in the Supplementary Update for macOS Catalina 10.15.7. Project Zero leader Ben Hawkes provided his own bare-bones disclosure here.

Read 2 remaining paragraphs | Comments



The feds just seized Silk Road’s $1 billion stash of bitcoin

The feds just seized Silk Road’s $1 billion stash of bitcoin

(credit: BTC Keychain)

On Wednesday, Ars reported that someone had transferred close to $1 billion in bitcoin out of a wallet likely associated with the Silk Road crime bazaar. Now we know who that mystery party is: the US Department of Justice, which in 2013 shut down Silk Road and went on to put its founder, Ross Ulbricht, behind bars for life.

“The successful prosecution of Silk Road’s founder in 2015 left open a billion-dollar question. Where did the money go?” US Attorney David Anderson said in a news release, according to the San Francisco Chronicle. “Today’s forfeiture complaint answers this open question at least in part. $1 billion of these criminal proceeds are now in the United States’ possession.”

Silk Road and Ulbricht were among the most popular and successful online crime figures in Internet history. Hosted on the anonymous Dark Web, the service brought together sellers and buyers of drugs, fake IDs, and just about any other kind of illicit good or service imaginable. There were thousands of dealers and “well over 100,000 buyers,” US attorneys wrote in a civil complaint filed on Thursday. The complaint said that Silk Road generated revenue of over 9.5 million Bitcoin and collected commissions from these sales of more than 600,000 Bitcoin.

Read 2 remaining paragraphs | Comments

#bitcoin, #biz-it, #policy, #ross-ulbricht, #silk-road


Someone has withdrawn ~$1 billion from a bitcoin wallet dormant since 2015

A pile of coins with the bitcoin logo sits atop a laptop keyboard.

Enlarge (credit: George / Getty Images)

Nearly $1 billion in bitcoin has been emptied from a mysterious wallet that has been dormant since 2015.

The haul of slightly more than 69,369 BTC—worth about $975 million at the time this post went live—was withdrawn in the past 24 hours, the bitcoin ledger shows. Alon Gal, co-founder and CTO of security firm Hudson Rock, was among the first—if not the first—to report the transaction.

“UNBELIEVABLE,” he wrote. “Someone was able to crack the password of the bitcoin wallet I reported on only a short time ago and spend the $1,000,000,000 that was inside it!” Gal went on to say that it wasn’t clear if the person responsible was the original wallet owner or someone who pulled off the unlikely feat of cracking the password.

Read 5 remaining paragraphs | Comments

#bitcoin, #biz-it, #cryptocurrency, #silk-road


Google fixes two more Chrome zerodays that were under active exploit

The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes.

Enlarge (credit: Getty Images)

Google has patched two zeroday vulnerabilities in its Chrome browser, the third time in two weeks that the company has fixed a Chrome security flaw that’s under active exploit.

According to a Monday tweet from Ben Hawkes, the head of Google’s Project Zero vulnerability and exploit research arm, CVE-2020-16009, as the first vulnerability is tracked, is a remote code-execution bug in V8, Chrome’s open source JavaScript engine. A second security flaw, CVE-2020-16010, is a heap-based buffer overflow in Chrome for Android. Hawkes said it allows attackers to escape the Android sandbox, suggesting that hackers may have been using it in combination with a separate vulnerability.

Hawkes didn’t provide additional details, such as what desktop versions of Chrome were actively targeted, who the victims were, or how long the attacks had been going on. It also wasn’t clear if the same attack group was responsible for all three exploits. CVE-2020-16009 was in part discovered by a member of Google’s Threat Analysis Group, which focuses on government-backed hacking, suggesting that exploits of that vulnerability may be the work of a nation-state. Project Zero was involved in the discovery of all three of the zerodays.

Read 2 remaining paragraphs | Comments

#biz-it, #browser, #chrome, #exploit, #vulnerability, #zeroday


SpaceX Starlink beta tester takes user terminal into forest, gets 120Mbps

SpaceX Starlink beta users are starting to share their experiences, confirming that the satellite service can provide fast broadband speeds and low latencies in remote areas. A beta tester who goes by the Reddit username Wandering-coder brought his new Starlink equipment and a portable power supply to a national forest in Idaho, where he connected to the Internet with 120Mbps download speeds.

Starlink “works beautifully,” he wrote yesterday. “I did a real-time video call and some tests. My power supply is max 300w, and the drain for the whole system while active was around 116w.” Starlink pulled that off in a place where Wandering-coder couldn’t get any cellular service from Google Fi, which relies on the T-Mobile and US Cellular networks. “There is no cell here with any carrier,” he wrote.

Wandering-coder used Starlink connectivity in the forest to make that post on Reddit and to upload a series of pictures to Imgur. Wandering-coder told Ars that he uses Starlink at home in North Idaho and that he conducted his test at the Hayden Creek Shooting Range in the Idaho panhandle’s Coeur d’Alene National Forest.

Read 14 remaining paragraphs | Comments

#biz-it, #spacex, #starlink


Dr. Strangenet—or, how I stopped worrying and embraced the WFH IT apocalypse

We all work from home now. We are the cloud.

Enlarge / We all work from home now. We are the cloud. (credit: Aurich Lawson / Getty Images)

We are now a solid two quarters into our new work-from-home bizarro world. Many companies found themselves in a bit of a pickle as workforces went from occasional or limited to everyone all-the-time, throwing up whatever they could provision to allow for remote access and continued productivity (or at least some semblance of it).

We’re well past the emergency stage, folks. For many of us, this will be ongoing and potentially permanent. And the way we do business will have to change—including how we structure our IT operations.

Who is your daddy, and what does his computer do?

This became extremely clear to me after a conversation with a friend, a line-of-business lead who has been working from home for the past few months. His company was semi-ready for remote work, having moved many employees over to Windows Terminal for desktops a while back. But he personally hadn’t transitioned, because much of his work involved a database running on his corporate desktop—on Microsoft Access.

Read 21 remaining paragraphs | Comments

#biz-it, #feature, #features, #future-of-collaboration, #work-from-home


Google’s Project Zero discloses Windows 0day that’s been under active exploit

A stylized skull and crossbones made out of ones and zeroes.

Enlarge (credit: Getty Images)

Google’s project zero says that hackers have been actively exploiting a Windows zeroday that isn’t likely to be patched until almost two weeks from now.

In keeping with long-standing policy, Google’s vulnerability research group gave Microsoft a seven-day deadline to fix the security flaw because it’s under active exploit. Normally, Project Zero discloses vulnerabilities after 90 days or when a patch becomes available, whichever comes first.

CVE-2020-117087, as the vulnerability is tracked, allows attackers to escalate system privileges. Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome. The former allowed the latter to escape a security sandbox so the latter could execute code on vulnerable machines.

Read 9 remaining paragraphs | Comments

#biz-it, #exploits, #google, #microsoft, #project-zero, #vulnerabilities, #windows


Solve coding challenges at online competition, Nov. 6-9

Shozoku and ninjato are encouraged, but not strictly required, in order to compete.

Enlarge / Shozoku and ninjato are encouraged, but not strictly required, in order to compete. (credit: RunCode)

Annual programming competition is back again in its fourth year, beginning Friday, November 6. RunCode is a nonprofit organization staffed by volunteers working in their spare time and focused on providing educational opportunities for coders and infosec folks. The online event allows programmers of all experience levels to tackle a wide array of challenges, using any of 14 supported programming languages.

This year, the competition theme is “all things web”—which means that most challenges will have something to do with websites; although the “something” can vary pretty drastically, from user interaction to server log analysis. The event will have more than 30 available challenges, grouped into easy, intermediate, and hard, for competitors to find and upload solutions for.

For each challenge, competitors will be given a problem description, a sample data set, and an expected output to make the desired order and formatting clear. Competitors are expected to generate more test data of their own and thoroughly verify the correctness of their code against all the corner cases they can think of; solutions tested against only the sample data provided will likely fail the challenge. Uploaded code is run in a sandboxed Docker container and its output tested for correctness.

Read 1 remaining paragraphs | Comments

#biz-it, #challenge, #coding, #competition, #contest, #programming, #runcode, #tech


Hackers are on the hunt for Oracle servers vulnerable to potent exploit

Photograph of computer server.

Enlarge (credit: Victorgrigas)

Hackers are scanning the Internet for machines that have yet to patch a recently disclosed flaw that force Oracle’s WebLogic server to execute malicious code, a researcher warned Wednesday night.

Johannes Ullrich, dean of research at the SANS Technology Institute, said his organization’s honeypots had detected Internetwide scans that probe for vulnerable servers. CVE-2020-14882, as the vulnerability is tracked, has a severity rating of 9.8 out of 10 on the CVSS scale. Oracle’s October advisory accompanying a patch said exploits are low in complexity and require low privileges and no user interaction.

“At this point, we are seeing the scans slow down a bit,” Ullrich wrote in a post. “But they have reached ‘saturation’ meaning that all IPv4 addresses have been scanned for this vulnerability. If you find a vulnerable server in your network: Assume it has been compromised.”

Read 5 remaining paragraphs | Comments

#biz-it, #cve-2020-14882, #exploits, #oracle, #vulnerabilities, #weblogic


US government warns of imminent ransomware attacks against hospitals

US government warns of imminent ransomware attacks against hospitals

Enlarge (credit: Getty Images)

Russian hackers are targeting hundreds of US hospitals and healthcare providers just as the Corona Virus is making a comeback and the US presidential election is in its final stretch, officials from three government agencies and the private sector are warning.

The hackers typically use the TrickBot network of infected computers to penetrate the organizations and after further burrowing into their networks deploy Ryuk, a particularly aggressive piece of ransomware, a joint advisory published by the FBI, Health and Human Services, and the Cybersecurity & Infrastructure Security agency said.

“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers,” Wednesday evening’s advisory stated. “CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”

Read 9 remaining paragraphs | Comments

#biz-it, #cisa, #fbi, #hhs, #hospitals, #policy, #ransomware, #trickbot


In a first, researchers extract secret key used to encrypt Intel CPU code

Promotional close-up photo of computer component.

Enlarge (credit: Intel)

Researchers have extracted the secret key that encrypts updates to an assortment of Intel CPUs, a feat that could have wide-ranging consequences for the way the chips are used and, possibly, the way they’re secured.

The key makes it possible to decrypt the microcode updates Intel provides to fix security vulnerabilities and other types of bugs. Having a decrypted copy of an update may allow hackers to reverse engineer it and learn precisely how to exploit the hole it’s patching. The key may also allow parties other than Intel—say a malicious hacker or a hobbyist—to update chips with their own microcode, although that customized version wouldn’t survive a reboot.

“At the moment, it is quite difficult to assess the security impact,” independent researcher Maxim Goryachy said in a direct message. “But in any case, this is the first time in the history of Intel processors when you can execute your microcode inside and analyze the updates.” Goryachy and two other researchers—Dmitry Sklyarov and Mark Ermolov, both with security firm Positive Technologies—worked jointly on the project.

Read 10 remaining paragraphs | Comments

#biz-it, #tech


Trump’s website defaced with claim that Trump admin created coronavirus

Screenshot of the Trump campaign's website while it was defaced by hackers. The defacement message says

Enlarge / President Trump’s campaign website during its brief defacement. (credit: Gabriel Lorenzo Greschler)

President Trump’s website last night was briefly defaced by hackers who pitched a cryptocurrency scam and claimed that Trump has “criminal involvement” with election manipulation and that his administration was involved in creating the coronavirus. is back to normal now, seeking donations and urging Trump supporters to register to vote. The defacement reportedly lasted less than 30 minutes on Tuesday evening. Trump-campaign spokesperson Tim Murtaugh issued a statement saying the campaign is “working with law enforcement authorities to investigate the source of the attack. There was no exposure to sensitive data because none of it is actually stored on the site. The website has been restored.”

The website during its defacement had Department of Justice and FBI logos above a typo-filled message that said:

Read 5 remaining paragraphs | Comments

#biz-it, #cryptocurrency, #policy, #trump, #trump-campaign, #website-defacement


SpaceX Starlink public beta begins: It’s $99 a month plus $500 up front

A SpaceX Starlink user terminal, also known as a satellite dish, seen against a city's skyline.

Enlarge / A SpaceX Starlink user terminal/satellite dish. (credit: SpaceX)

SpaceX has begun sending email invitations to Starlink’s public beta and will charge beta users $99 per month plus a one-time fee of $499 for the user terminal, mounting tripod, and router. The emails are being sent to people who previously registered interest in the service on the Starlink website. One person in Washington state who got the email posted it on Reddit. Another person who lives in Wisconsin got the Starlink public-beta invitation and passed the details along to Ars via email.

SpaceX is calling it the “Better Than Nothing” beta, perhaps partly because the Starlink satellite service will be most useful to people who cannot get cable or fiber broadband. But the email also says, “As you can tell from the title, we are trying to lower your initial expectations.”

The rest of the email reads as follows:

Read 7 remaining paragraphs | Comments

#biz-it, #satellite-broadband, #spacex, #starlink


Study shows which messengers leak your data, drain your battery, and more

Stock photo of man using smartphone.

Enlarge (credit: Getty Images)

Link previews are a ubiquitous feature found in just about every chat and messaging app, and with good reason. They make online conversations easier by providing images and text associated with the file that’s being linked.

Unfortunately, they can also leak our sensitive data, consume our limited bandwidth, drain our batteries, and, in one case, expose links in chats that are supposed to be end-to-end encrypted. Among the worst offenders, according to research published on Monday, were messengers from Facebook, Instagram, LinkedIn, and Line. More about that shortly. First a brief discussion of previews.

When a sender includes a link in a message, the app will display the conversation along with text (usually a headline) and images that accompany the link. It usually looks something like this:

Read 9 remaining paragraphs | Comments

#biz-it, #facebook, #instagram, #instant-message, #messenger, #policy, #privacy, #security


SpaceX Starlink to go South for first time with planned deployment in Texas

Starlink logo imposed on stylized image of the Earth.

Enlarge / Starlink logo imposed on stylized image of the Earth. (credit: Starlink)

SpaceX has agreed to provide Internet service to 45 families in a Texas school district in early 2021 and to an additional 90 families later on, the school district announced last week. The announcement by Ector County Independent School District (ECISD) in Odessa said it will be the “first school district to utilize SpaceX satellites to provide Internet for students.”

“The project will initially provide free Internet service to 45 families in the Pleasant Farms area of south Ector County,” the district said. “As the network capabilities continue to grow, it will expand to serve an additional 90 Ector County families.”

The Texas location is notable because the ongoing, limited Starlink beta exists only in the northern US, and SpaceX CEO Elon Musk has said an upcoming public beta will only be for the northern US and “hopefully” southern Canada. SpaceX has over 700 Starlink satellites in orbit, and will be able to expand the service area as it deploys more of the nearly 12,000 it has been authorized to launch. In Washington state, Starlink has been deployed to rural homes, a remote tribe, and emergency responders and families in wildfire-stricken areas.

Read 10 remaining paragraphs | Comments

#biz-it, #satellite-broadband, #spacex, #starlink


Hackers behind life-threatening attack on chemical maker are sanctioned

Oil and gas industry and sunrise at a refinery in Fujian

Enlarge / Oil and gas industry and sunrise at a refinery in Fujian (credit: Getty Images)

Russian state nationals accused of wielding life-threatening malware specifically designed to tamper with critical safety mechanisms at a petrochemical plant are now under sanction by the US Treasury Department.

The attack drew considerable concern because it’s the first known time hackers have used malware designed to cause death or injury, a prospect that may have actually happened had it not been for a lucky series of events. The hackers—who have been linked to a Moscow-based research lab owned by the Russian government—have also targeted a second facility and been caught scanning US power grids.

Now the Treasury Department is sanctioning the group, which is known as the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics or its Russian abbreviation TsNIIKhM. Under a provision in the Countering America’s Adversaries Through Sanctions Act, or CAATSA, the US is designating the center for “knowingly engaging in significant activities undermining cybersecurity against any person, including a democratic institution, or government on behalf of the Government of the Russian Federation.”

Read 8 remaining paragraphs | Comments

#biz-it, #policy


T-Mobile screwups caused nationwide outage but FCC isn’t punishing carrier

A T-Mobile advertisement that says,

Enlarge / T-Mobile advertisement in New York City’s Times Square on October 15, 2020. (credit: Getty Images | SOPA Images)

The Federal Communications Commission has finished investigating T-Mobile for a network outage that Chairman Ajit Pai called “unacceptable.” But instead of punishing the mobile carrier, the FCC is merely issuing a public notice to “remind” phone companies of “industry-accepted best practices” that could have prevented the T-Mobile outage.

After the 12-hour nationwide outage on June 15 disrupted texting and calling services, including 911 emergency calls, Pai wrote that “The T-Mobile network outage is unacceptable” and that “the FCC is launching an investigation. We’re demanding answers—and so are American consumers.”

Pai has a history of talking tough with carriers and not following up with punishments that might have a greater deterrence effect than sternly worded warnings. That appears to be what happened again yesterday when the FCC announced the findings from its investigation into T-Mobile. Pai said that “T-Mobile’s outage was a failure” because the carrier didn’t follow best practices that could have prevented or minimized it, but he announced no punishment. The matter appears to be closed based on yesterday’s announcement, but we contacted Chairman Pai’s office today to ask if any punishment of T-Mobile is forthcoming. We’ll update this article if we get a response.

Read 16 remaining paragraphs | Comments

#911-outage, #ajit-pai, #biz-it, #fcc, #policy, #t-mobile


Bot orders $18,752 of McSundaes every 30 min. to find if machines are working

This 2019 photo was taken in Poland, but McDonald's main virtue is that you pretty much know what you're getting with it anywhere in the world.

Enlarge / This 2019 photo was taken in Poland, but McDonald’s main virtue is that you pretty much know what you’re getting with it anywhere in the world. (credit: Michal Fludra | NurPhoto | Getty Images)

Burgers, fries, and McNuggets are the staples of McDonald’s fare. But the chain also offers soft-serve ice cream in most of its 38,000+ locations. Or at least, theoretically it does. In reality, the ice cream machines are infamously prone to breaking down, routinely disappointing anyone trying to satisfy their midnight McFlurry craving.

One enterprising software engineer, Rashiq Zahid, decided it’s better to know if the ice cream machine is broken before you go. The solution? A bot to check ahead. Thus was born McBroken, which maps out all the McDonald’s near you with a simple color-coded dot system: green if the ice cream machine is working and red if it’s broken.

The bot basically works through McDonald’s mobile app, which you can use to place an order at any McDonald’s location. If you can add an ice cream order to your cart, the theory goes, the machine at that location is working. If you can’t, it’s not. So Zahid took that idea and scaled up.

Read 9 remaining paragraphs | Comments

#biz-it, #funny, #ice-cream, #mcdonalds