Feed aggregator
Verizon contacted me on Twitter and asked for my billing password
On Verizon Wireless’ website, the company advises customers to “[n]ever give your passwords to anyone over the phone, include them in e-mail messages, [or] give them to anyone.” This is good security advice that experts would agree with. Yet Verizon itself is seeking out customers on Twitter and asking for their billing passwords over the social network’s direct messages platform.
This, obviously, isn’t the best security practice. Security experts who spoke to Ars disagreed on just how dangerous it is but agreed that Verizon should find a better way to verify the identities of customers.
It’s not a new strategy for Verizon, but I wasn’t aware of it until this week when the Verizon Wireless customer support account inserted itself into a Twitter conversation I was having, urged me to follow the account so we could exchange direct messages, and then asked for my mobile number and billing password. (Note: The billing password is akin to a PIN and separate from a customer's primary account password, but Verizon's customer service account did not make this clear to me, and it seems likely other customers could be confused as well.)
Read 22 remaining paragraphs | Comments
Sony: Developers can block Share Play features on PS4 games
After reports that the new Share Play feature would work with all PS4 games, Sony has clarified that game developers can restrict the feature, as Activision has done in Call of Duty: Advanced Warfare.
"Share Play is a system level feature enabled by System Software Update 2.00, making it available for all PS4 titles," a Sony representative said in a statement provided to Ars. "However the option is available to developers to disable the feature according to what they feel will best benefit the consumer experience."
The new statement contradicts an FAQ published by Gamespot last week, which cited a Sony representative as saying that Share Play would work across all PS4 games, with no option for publishers or developers to block support. However, Sony has always maintained that developers would be able to censor certain "spoiler" scenes during Share Play. It appears that Activision has used this bit of wiggle room to block every single scene in Call of Duty: Advanced Warfare from being shared.
Read 3 remaining paragraphs | Comments
Active “WireLurker” iPhone infection ushers in new era for iOS users
Ushering in a new threat landscape for iPhone users, security researchers have uncovered an active malware operation that compromised the OS X and iOS devices of hundreds of thousands of people.
WireLurker, as the new family of malware has been dubbed, first took hold of Macs when users installed pirated software that had been laced with malicious code, according to a report published Wednesday by researchers from Palo Alto Networks. The trojan then installed itself as an OS X system daemon and waited for iOS devices to connect over USB interfaces. The infected Macs would then grab the serial number, iTunes store identifier, and if available, phone number of the iOS device and send the data to a server controlled by the operators. WireLurker-infected phones were also loaded up with a variety of unwanted apps. Palo Alto Networks researchers found 467 OS X WireLurker-infected applications available on Maiyadi, a third-party app store located in China. The apps were downloaded 356,104 times, a figure indicating that hundreds of thousands of people likely were hit by the infection.
"Viable means of attack"At first blush, WireLurker doesn't look like much of a threat. For one thing, it targeted a relatively small number of people in a limited geography who all appeared to have ties to pirated software. On top of that, once it gained persistence on a Mac or iDevice, WireLurker stole only a small amount of data and installed mostly innocuous apps. But there are reasons WireLurker could be important to iOS users everywhere. Chief among them, the infected Macs were able to compromise non-jailbroken iPhones and iPads by abusing the trusted iOS pairing relationship and enterprise provisioning, a mechanism that allows businesses to install custom-written apps on employee devices.
Read 4 remaining paragraphs | Comments
Custom evolution boosts an enzyme for power plant carbon capture
We can’t just shutter the world’s fossil fuel power plants tomorrow, but in a perfect world, we could eliminate the greenhouse-enhancing CO2 coming out of the stacks. While it’s not a perfect world just yet, techniques to capture that Co2are being developed—especially for coal plants, which emit the most CO2 per Watt of power generated. Two major obstacles stand between here and there: the infrastructure to store the captured CO2 deep underground (or in other ways) and the cost of capturing the CO2.
For traditional coal plants, this involves some way to separate CO2 out of the mix of gases coming through the exhaust stream. A common technique uses amine solutions, which latch on to the CO2 chemically, releasing it later when the solution is heated. That means that some of the heat produced by the burning coal has to be used for the CO2-capture process, rather than producing electricity.
But a new study suggests there may be a way to sacrifice a bit less energy while still capturing the carbon. Its authors evolved one of nature's most efficient enzymes to get it to convert carbon dioxide to carbonate ions within the hot, chemically complex environment where carbon capture takes place.
Read 9 remaining paragraphs | Comments
VIDEO: Paid mourners banned in Kenya
VIDEO: Bird poisoning 'a shocking case'
Prosecutor: Silk Road 2.0 suspect “did admit to everything”
SAN FRANCISCO—In his first court appearance since being arrested, Silk Road 2.0 suspect Blake Benthall appeared before a federal judge on Thursday. He was not in handcuffs or shackles; the accused wore street clothes, including a gray hoodie that read "INTERNET BETTER" across the back.
During the brief hearing, Benthall did not speak other than to say that he is the named suspect and to confirm his age as 26. He looked at a few women and a couple of men seated in court and appeared to be holding back tears, but those people declined to speak to Ars before or after the hearing.
His attorney, Daniel Blank, a federal public defender, said that he only met his client for the first time in court on Thursday. "You could fill a large volume with what I don't know," Blank told reporters after the hearing.
Read 5 remaining paragraphs | Comments
Laser strikes force US Coast Guard helicopter missions to abort
The US Coast Guard scrubbed two helicopter training missions in Michigan after the pilot and crew were hit with green laser beams, the agency said Wednesday. While no arrests have been made, flight rules require missions to be aborted if a crew member's vision is compromised, the Coast Guard said.
"Laser pointers can cause the pilot to see a glare, afterimage, have flash blindness, or can even cause temporary loss of night vision. A delay during a search could also result in the death of the person or people the Coast Guard is attempting to save," the Coast Guard said in a statement. "Additionally, aircrew members are taken off flight duty for a minimum of 24 hours and must have their eyes dilated and be cleared by a doctor before flying again. This temporary loss of flight crews has the potential to significantly affect the unit’s abilities to conduct search and rescue, training, and homeland security missions."
The Coast Guard said the two incidents occurred on October 17 and October 20 on a US Coast Guard HH-65C Dolphin Helicopter during training missions from the US Coast Guard Air Station Detroit. The Coast Guard said that "during both incidents the lasers appeared to track the helicopters as they moved." The agency said it was "requesting help from the public" to catch the culprit or culprits.
Read 5 remaining paragraphs | Comments
US Attorney’s office: Whoops, Silk Road 2.0 hired a fed [Updated]
When the first Silk Road and its alleged operator, Ross William Ulbricht, were taken down by the US government just over a year ago, it took some technical mojo to track down the server and its operator. That apparently wasn’t the case with Ulbricht’s successor. According to the US Attorney’s office for the Southern District of New York, Silk Road 2.0 was the victim of some old-fashioned social engineering of the most damaging kind. An undercover federal agent was able to join the site's administration team and gather the intelligence that led to the arrest of Blake Benthall—the alleged operator of the Silk Road successor site who went by the name “Defcon.”
The first Silk Road site, like version 2.0, operated as a “hidden service” on the Tor .onion anonymized network. The FBI claimed that it was able to exploit a flaw in a “captcha” feature of the concealed website to obtain Silk Road 1.0's actual IP address and track the server to a data center in Iceland. Ulbricht’s attorneys called the explanation “implausible,” accusing the FBI of unlawfully hacking the server.
However, in its investigation of Silk Road 2.0, the government took a different technical tack. In a statement issued by the US Attorney’s Office about the arrest, a spokesperson said, ”During the Government’s investigation, which was conducted jointly by the FBI and [Homeland Security Investigations], an HSI agent acting in an undercover capacity (the “HSI-UC”) successfully infiltrated the support staff involved in the administration of the Silk Road 2.0 website and was given access to private, restricted areas of the site reserved for Benthall and his administrative staff. By doing so, the HSI-UC was able to interact directly with Benthall throughout his operation of the website.”
Read 4 remaining paragraphs | Comments
FBI arrests Blake “Defcon” Benthall, alleged operator of Silk Road 2.0 [Updated]
The FBI announced that yesterday it arrested Blake Benthall, aka "Defcon," the alleged owner and operator of Silk Road 2.0. Benthall was apprehended in San Francisco and will be presented today in a federal court in the city before Magistrate Judge Jaqueline Scott Corley. Accordingly, Silk Road 2.0 has been seized as of this post.
“As alleged, Blake Benthall attempted to resurrect Silk Road, a secret website that law enforcement seized last year, by running Silk Road 2.0, a nearly identical criminal enterprise," Manhattan US Attorney Preet Bharara said in a statement. "Let’s be clear—this Silk Road, in whatever form, is the road to prison. Those looking to follow in the footsteps of alleged cybercriminals should understand that we will return as many times as necessary to shut down noxious online criminal bazaars. We don’t get tired.”
The arrest comes roughly a year after the feds arrested Ross Ulbricht, the alleged original "Dread Pirate Roberts" and operator of Silk Road 1.0. According to the FBI, Benthall is being charged with "one count of conspiring to commit narcotics trafficking, which carries a maximum sentence of life in prison and a mandatory minimum sentence of 10 years in prison; one count of conspiring to commit computer hacking, which carries a maximum sentence of five years in prison; one count of conspiring to traffic in fraudulent identification documents, which carries a maximum sentence of 15 years in prison; and one count of money laundering conspiracy, which carries a maximum sentence of 20 years in prison."
Read 4 remaining paragraphs | Comments
Amazon announces Echo, a $199 voice-driven home assistant
On Thursday, Amazon revealed the Amazon Echo, a tube-shaped device meant to work as a voice-driven home assistant. The device is priced at $199 and currently requires an invite to purchase. The Echo will come equipped with seven microphones, a downward-facing array of speakers, and a constant connection to the cloud so that it can listen to and respond to users' spoken questions and requests.
The device's debut video demonstration (below) came complete with a perky, suburban mom-dad-and-two-kids family, and it showed the actors using the Echo to do things like turn on music, tell the time, spell words, play morning news clips from NPR, set a timer, or add items to a shopping list—essentially, the kinds of commands users of Apple's Siri are already familiar with.
Users must say a "trigger" word to enable Echo's listening. As if to head off privacy concerns, the Amazon ad insisted that the Echo only begins listening and recording audio when it hears that word (in the ad, that word is "Alexa," though the product description didn't clarify whether users can pick their own trigger word or not; for now, we hope nobody in your family is named Alexa). Though the advertisement claimed that the always-on device can hear users at most any volume level, it also showed the Echo being moved and plugged into many different rooms in the actors' home, as if to indicate that users need to be close to the Echo for maximum effectiveness.
Read 2 remaining paragraphs | Comments
Police link 4chan murder photos to a crime scene, arrest a suspect
A man arrested Wednesday night for the alleged murder of 30-year-old Amber Coplin in Port Orchard, Washington may have documented the act on a 4chan thread. According to NBC, an affidavit written by deputies in the sheriff's department of Kitsap County states that the crime scene "matched the deceased female, trauma we observed, and the residence interior" visible in the photos posted to 4chan.
The initial 4chan post first appeared on Tuesday at 2:56pm EST. An image of a naked woman with bruised eyelids and bloody ligature marks around her neck was accompanied by the text, "Turns out its way harder to strangle someone to death than it looks on the movies." In a follow-up post with a fuller picture of the woman's body, the user wrote, "She fought so Damn hard." A few more posts down, the same user predicted his upcoming news coverage, as well as his exit strategy:
Check the news for port orchard Washington in a few hours. Her son will be home from school soon. He'll find her, then call the cops. I just wanted to share the pics before they find me. I bought a bb gun that looks realistic enough. When they come, I'll pull it and it will be suicide by cop. I understand the doubts. Just check the fucking news. I have to lose my phone now.
The images were posted to 4chan's /b/ board, a place, as Ars wrote in 2011, "known for child pornography, adult pornography, targeting young kids for harassment, anti-social behavior of all kinds, hate speech, and just about anything else one might imagine." The other posters' reactions ranged from disbelief ("u w0t m8?") to glib ("tell me about it. Pro tip: tie their hands and feet or you are gonna have a bad time").
Read 6 remaining paragraphs | Comments
VIDEO: Riots over Belgium austerity plans
Windows 8.x’s market share really is closing in on Windows XP’s
Normally around the first of the month, we publish a post looking at the usage share of operating systems and Web browsers. But our post this month has been delayed because of unresolved questions about the data source we normally use.
The data shows a huge leap for Internet Explorer 11 and Windows 8.1 (up about seven percentage points each), at the expense of Internet Explorer 8 and Windows XP (down by about the same margin). So at the time it came in, we refrained from publishing because we that felt such a large swing in a single month was implausible.
Since then, Net Applications, the company that collects the data, has provided a little information on what happened. Net Applications differs from most other browser usage sites by attempting to correct for certain data collection imbalances. Browser usage shows various kinds of national trends. A site that has an overwhelming majority of US visitors might provide useful data on browser usage in the US, but it will offer little insight into browser usage in China, for example. Extrapolating worldwide estimates from this data would then be problematic because the usage patterns in the rest of the world do not match those of China.
Read 8 remaining paragraphs | Comments
Not the upgrade we were hoping for: The 2014 Mac Mini reviewed
It's easy to feel sorry for the Mac Mini. Apple went through all of its Macs last year, updating them with new Intel Haswell CPUs and 802.11ac Wi-Fi adapters and faster SSDs and (sometimes) Thunderbolt 2, while the Mini sat and waited for an upgrade that never came.
Apple quickly announced a new Mini at its media event in October, two years after the 2012 Mac Mini was introduced. Desktops and laptops haven't advanced a whole lot in the last year, so for the most part the Mini is just getting 2013's upgrades a year late. If that was all that was happening, the Mac Mini would be a welcome-if-overdue update to the desktop. The 2014 Mac Mini is more interesting than that but unfortunately for people who have been waiting for this refresh, it's more notable for the stuff it's missing than its upgrades.
We typically like to review the base models of computers when possible, but in the Mac Mini's case the upgraded $699 configuration is more interesting, and it's the one you ought to get if you care about performance (more on that later). We'll provide benchmarks representative of the $499 Mini, too, but know ahead of time that it uses the same guts as the base-model MacBook Airs and the $1,099 iMac. To evaluate the computer's SSD performance, we've also equipped our review unit with a 1TB Fusion Drive, a $200 upgrade—we won't be recapping how this feature works, but our deep dive is over here.
Read 37 remaining paragraphs | Comments
Office for iPad goes free-to-use, now supports the iPhone too
Microsoft has updated the official iOS Word, Excel, and PowerPoint applications this morning with a few new features, but two in particular stand out: first, basic viewing and editing now requires a Microsoft account but not an Office 365 subscription. Second, all three are now universal apps that work on any iPhone or iPod Touch running iOS 7.1 or later.
While the apps have different interfaces, sharing the same code means you should be able to make the same kinds of edits on both your phone and your tablet, something that wasn't possible with the old, more limited Office for iPhone app. Even though the apps are now free-to-use, there are still many features that will require an Office 365 subscription, which can be purchased from within the app or directly from Microsoft's site. The apps are mostly the same as they were when we originally looked at them back in March, but the update brings a handful of new features, including the previously announced Dropbox integration.
Microsoft also teased a version of Office for Android tablets. It will be offered as a preview now to anyone who signs up, and it will be generally available in "early 2015." The long-awaited touch version of Office for Windows will apparently be released alongside Windows 10, but other details are scarce. We'll go hands-on with the new iOS apps later today, and we;ll look at the Android apps when we receive the preview versions.
Read on Ars Technica | Comments
Corporate Fraud Drives Zalman to Bankruptcy
This month is not starting very well for technology enthusiasts. Most of us have fond memories of Zalman, a company that has been producing advanced cooling solutions since 1999. Some are old enough to remember the fan-like CNPS6000 Socket 370 coolers and the first Reserator liquid cooling kits. Zalman was one of the pioneers of low-noise cooling solutions, in an era when stock coolers were noisy enough to drive people insane. Unfortunately for us all, on November 3, 2014 the company filed a bankruptcy protection request in the Seoul Central District Court.
Zalman did not fall victim to recession, competition or even bad corporate management. The whole story is long, complicated, obscure and yet unconfirmed, so unfortunately we may never learn all the details of it. To summarize, Zalman apparently was part of an allegedly very well designed and planned multi-billion dollar corporate fraud.
Zalman is a child company of the robotics manufacturer Moneual. According to The Korea Times, Moneual failed to repay their (massive) export bonds that matured on October 20, 2014, and ultimately filed for bankruptcy. Ever since that incident, Zalman's stock price also began a quick downfall. However, the numbers just do not add up - Moneual has been repeatedly reporting major profits, with their 2013 annual report being nearly 1.2 billion dollars in sales and over 100 million dollars in profit. The local authorities naturally became very suspicious and initiated investigations, the preliminary reports of which indicate that there is evidence of a well-designed corporate fraud.
Long story short, Moneual allegedly acquired Zalman in 2011 as part of their master plan. They forged Zalman's export and accounting documents, greatly overstating their export and income reports, in order to become eligible for huge bank loans. What is even more interesting is an article posted by the Korea JoongAng Daily, where an employee claims that most of the employees knew that the company was a sham but, despite the unearthly profit reports of the past few years, no government officials raised an eyebrow.
During that time, Moneual received about 620 million dollars in loans from several Korean banks and another 275 million dollars as export credit from the Korea Trade Insurance Corp, making the owners of Moneual richer by nearly 900 million dollars, money that will likely never be repaid. They have been arrested and, alongside many top- and mid-level executives of the company, are now facing prison time. Unfortunately, the architects of this fraud may not receive what punishment they deserve; the CEO of Moneual has U.S. citizenship and his brother has Canadian, and there's some concerns that Korean law could face trouble prosecuting them.
Unfortunately, we have little confirmed information on the matter but, from the looks of it, no one from Zalman was involved in this fraud. Depending on the court's decision, there is the possibility that Zalman will be granted bankruptcy protection and severed from Moneual's control. However, even if that happens, Zalman will certainly not have the capabilities they used to and will most certainly struggle to compete on a global scale.
The Oculus Rift makes Elite: Dangerous amazing—and impossible to describe
The most important part of any review I write for Ars is the experiential component—that’s what I seek out whenever I’m reading a review somewhere, and that’s the part I try to focus the most effort on. "Speeds and feeds" are nice, of course—you can’t really have a review, especially a product review, without stats and quantified performance and all the rest of that stuff—but the ultimate question a review has to answer is, "What is that thing like?"
With an application or a product, photographs and screenshots are a core component of conveying the experience of using that application or product—and screenshots are a poor tool for telling you what it’s like to use an Oculus Rift, especially when coupled with a well-executed transformative VR gaming experience like Elite: Dangerous is turning out to be.
I’ve been playing Elite: Dangerous exclusively with the Rift DK2 for several weeks now, stealing an hour or two every few days (much to my eyes’ detriment, apparently), and I’ve been struggling with how to convey the experience. I mean, I could drop the standard boatload of verbiage about how awesome it is—it is awesome!—but what does that really tell you?
Read 25 remaining paragraphs | Comments
VIDEO: Why have oil prices been so volatile?
Cops’ use of facial recognition technology expands north of the border
While American cops have been accelerating the use of facial recognition technology over the last year, the Calgary Police Department has become the first law enforcement agency in Canada to implement it.
Calgary police officials told the Canadian Broadcasting Corporation (CBC) on Tuesday that the new facial recognition software, made by NEC, will allow officers to take photos and video stills from the field and compare them at lightning speed against its database of 300,000 mug shots.
"This technology will not be used to identify people walking down the street as a member of the general public," Inspector Rosemary Hawkins told the CBC. "It will be used to identify subjects involved in criminal activity under police investigation and the image searched against our mugshot database, which holds photos of people that have been processed on charges."
Read 20 remaining paragraphs | Comments