A London-based security researcher made multiple reports to Apple that the company's iCloud service was vulnerable to brute-force password attacks months before the revelations that celebrities' iCloud backups were mined for intimate photos and videos. The Daily Dot reports that Ibrahim Balic sent descriptions of the vulnerability to Apple in March in addition to filing a report that the system leaked user data that could be used to mount such attacks. Balic attempted to reach out both via e-mail and through the company's Web-based bug reporting system.

In an e-mail dated March 26, Balic told an Apple employee:

I found a new issue regarding on Apple accounts (sic)...By the brute force attack method I can try over 20,000 + times passwords on any accounts. I think account lockout should probably be applied. I'm attaching a screen shot for you. I found the same issue with Google and I have got my response from them.

The Apple employee responded, "It's good to hear from you. Thank you for the information."

Read 3 remaining paragraphs | Comments

The launch of Haswell-E ushered in a triumvirate of new technology – a new CPU line, a new motherboard chipset and DDR4 memory. Today we focus on the new consumer motherboard chipset, X99, with motherboards from all four major manufacturers: the ASUS X99-Deluxe, the GIGABYTE X99-UD7 WiFi, the ASRock X99 WS and the MSI X99S SLI Plus.

Former FCC Chairman Michael Powell with FCC Commissioner Mignon Clyburn. NCTA

FCC commissioners Jessica Rosenworcel and Mignon Clyburn yesterday called for stronger network neutrality rules than the ones fellow Democrat and Federal Communications Commission Chairman Tom Wheeler has thus far supported.

In a speech yesterday at a congressional forum on net neutrality, Rosenworcel said, "we cannot have a two-tiered Internet with fast lanes that speed the traffic of the privileged and leave the rest of us lagging behind."

The FCC's tentative proposal approved in May would not prevent Internet service providers from charging Web services for priority access to consumers over the network's last mile, but it asked the public for comments on whether the commission should impose stricter or weaker rules. A total of 3.7 million comments poured in, mostly in favor of stronger restrictions on how ISPs treat Internet traffic.

Read 9 remaining paragraphs | Comments

Dubbed "Shellshock," the vulnerability is already being exploited by what looks to be a web server botnet.

The vulnerability reported in the GNU Bourne Again Shell (Bash) yesterday, dubbed "Shellshock," may already have been exploited in the wild to take over Web servers as part of a botnet. More security experts are now weighing in on the severity of the bug, expressing fears that it could be used for an Internet "worm" to exploit large numbers of public Web servers. And the initial fix for the issue still left Bash vulnerable to attack, according to a new US CERT National Vulnerability Database entry. A second vulnerability in Bash allows for an attacker to overwrite files on the targeted system.

Update: The vulnerability was addressed by the maintainer of Bash, Chet Ramey,  in an email to the Open Source Software Security (oss-sec) mailing list. An unofficial patch that fixes the problem has  been developed, but there is as of yet no official patch that completely addresses both vulnerabilities.

In a blog post yesterday, Robert Graham of Errata Security noted that someone is already using a massive Internet scan to locate vulnerable servers for attack. In a brief scan, he found over 3,000 servers that were vulnerable "just on port 80"—the Internet Protocol port used for normal Web Hypertext Transfer Protocol (HTTP) requests. And his scan broke after a short period, meaning that there could be vast numbers of other servers vulnerable. A Google search by Ars using advanced search parameters yielded over two billion webpages that at least partially fit the profile for the Shellshock exploit.

Read 7 remaining paragraphs | Comments

When we talk about greenhouse gas emissions, it’s usually in the form of one big number (bigger every year) representing the global total. There’s also the concentration of CO­2 in the atmosphere, which knows no borders. When it comes time to talk policy (during UN climate negotiations, for example), national totals for the top emitters will enter the conversation—too often to aid an argument that some other country should be the one to start doing all the work.

Many researchers need to zoom in much further, though, to really understand what’s going on. It’s a problem you can attack from the top—starting with national totals and spreading them across the country in some detail—or from the bottom, utilizing local measurements and emissions records.

A group of researchers led by Arizona State’s Salvi Asefi-Najafabady has produced the highest-resolution map of emissions yet, making the reality of our greenhouse footprint a little more real. It shows exactly where the most work remains to be done as we seek to unshackle ourselves from the fossil fuels that have brought great benefits, for which the bill is finally coming due.

Read 6 remaining paragraphs | Comments

Earlier this month, we reported on the Xbox One's historically weak Japanese launch, which saw under 24,000 units sold in its first four days on the market. Things have gone from bad to worse in the intervening weeks, with the system selling just under 1,500 units in the week ending September 21, according to tracking firm Media Create (as reported by 4Gamer).

Only 1,314 people bought a new Xbox One in Japan in the last week of reporting, a performance that follows just over 3,000 sales the week before. That puts the newly launched system well behind the Wii U and PS4, which continue to sell at least 7,000 systems a week in the country. Even the aging PS3 is outselling the Xbox One, with over 6,000 sales per week in the same time period.

Microsoft has traditionally struggled for a foothold in the Japanese console market, and there's no reason to think Xbox One sales would pick up after launch without any new exclusive software. Still, even the Xbox 360 managed to sell over 12,000 units in Japan a month after its launch, and it managed to average roughly 4,000 Japanese sales per week through 2010. For the Xbox One to drop this close to triple-digit weekly sales so soon after its Japanese launch isn't just a slow start, it's an anemic one.

Read 2 remaining paragraphs | Comments

Apple's latest iPhones are vulnerable to the same fingerprint forging attack as the older iPhone 5S, allowing access to the phone via a fingerprint fabricated with some specialized knowledge and materials costing less than a thousand dollars, according to a researcher who reproduced the attack against the latest iPhones.

Mark Rogers, principal security researcher for mobile security firm Lookout, used techniques common to law enforcement investigators and prototypers to first lift latent prints from the device and then create a mold from a custom circuit-board kit. Then, using glue, he made a thin rubber print that he placed over his thumb, fooling the Touch ID sensor on the latest iPhones.

While his experiments suggested that Apple improved the sensor on the latest iPhones—it rejected slightly fewer legitimate prints and slightly more fake prints—Rogers found that the technique still works on the iPhone 6 and 6 Plus.

Read 10 remaining paragraphs | Comments

A search is underway for two hen harriers which have gone missing, prompting the RSPB to offer a £1,000 reward for help in their safe recovery

Dubai has constructed the first environment friendly mosque in a region which is among the worst polluters in the world

Forza Horizon 2 is the latest installment of Microsoft’s console racing franchise, and it brings the driving-meets-MMO concept to the Xbox One. As with its predecessor, Forza Horizon 2 is built from Forza Motorsport DNA, which UK-based Playground Games have combined with experience gleaned from titles like Project Gotham Racing, TOCA, and DiRT. Once again, the result is a driving game with that familiar Forza look and feel, but it's tuned to appeal to a slightly different audience.

Forza Horizon 2 swaps its predecessor's open roads of Colorado for digital versions of Southern France and Northern Italy. The Horizon music festival has crossed the Atlantic, and, as the game begins, you’re given the job of ferrying the new Lamborghini Huracan to the opening event. From here, you begin the career mode, which has you driving between France and Italy along the coast and through the mountains. You’re guided from event to event by Ben, the festival organizer, imbued by British actor Sean Maguire with just enough charisma to keep him the right side of being horribly annoying.

Sights and Sounds

A real high point of the first Forza Horizon game was its soundtrack, carefully curated by British DJ Rob Da Bank. He’s back with Forza Horizon 2 and a much larger soundtrack, now with seven different radio stations (although some of these have to be unlocked as you progress through the game). Da Bank is particularly good at curating a good driving soundtrack. These are the kinds of songs you might expect to hear in commercials for the next few years after being first exposed to them here.

Read 15 remaining paragraphs | Comments

New recommendations on dealing with the residues of pesticides in food are expected to be made by the UN's food and health agencies.

Brazilian researchers release thousands of mosquitoes infected with a bacterium that suppresses Dengue fever into the environment in Rio de Janeiro.

CN.dart.call("xrailTop", {sz:"300x250", kws:["top"], collapse: true});Photographer Alex Wild really knows his bugs. That's because his love of the craft grew out of an appreciation for the insects, "an aesthetic complement to scientific work," as he notes in his bio. Wild is a biologist with a Ph.D. in Entomology from the University of California-Davis, where he focused on ant evolution; he got serious about photography in 2002. Nowadays he's taught both science (entomology and beekeeping at the University of Illinois at Urbana-Champaign) and skill (his BugShot insect photography workshops).

Wild was kind enough to share with Ars his personal experiences of being a copyright-reliant photographer in the Internet age. His imagery has recently appeared on billboards, YouTube commercials, pesticide spray labels, website banners, exterminator trucks, T-shirts, iPhone cases, stickers, company logos, e-book covers, trading cards, board games, video game graphics, children’s books, novel covers, app graphics, alt-med dietary supplement labels, press releases, pest control advertisements, crowdfunding promo videos, coupons, fliers, newspaper articles, postage stamps, advertisements for pet ants (yes, that’s a thing), canned food packaging, ant bait product labels, stock photography libraries, and greeting cards.

And that list includes only the outlets that displayed his work without permission.

Read 1 remaining paragraphs | Comments

A worker honey bee covered in pollen. Honey bees add about 20 billion dollars a year to the US economy, mostly through their pollination services. Urbana, Illinois, USA. Alex Wild

Here is a true story about how copyright infringement costs my small photography business thousands of dollars every year.

Or, maybe it isn’t. It could also be a true story of how copyright infringement earns me thousands of dollars every year. I can’t be sure. Either way, this is definitely the story of how copyright infringement takes up more of my time than I wish to devote to it. Copyright infringement drains my productivity to the point where I create hundreds fewer images each year. And it's why, in part, I am leaving professional photography for an academic position less prone to the frustrations of a floundering copyright system.

I have an unusual, and an unusually fun, job: I photograph insects for a living. I love what I do in no small part because the difference between my profession and getting paid to be an overgrown kid, is… not that much, really. I collect ants and beetles, I play with camera gadgets, I run around in the woods. Meanwhile, publishers, museums, and the pest control industry send me enough in licensing fees that I haven’t starved to death. By nature photographer standards, business is booming. I cover a modest mortgage in a working class neighborhood. I even afford a new lens or two every year.

Read 41 remaining paragraphs | Comments

Disagreements between company executives and the army of PR people who serve them always raise a smile. Public relations teams work so hard to control corporate messaging, and then execs who should know better ignore it.

Next week, Microsoft is having an event in San Francisco. The official purpose of this event is to show off "what's next for Windows and the enterprise." That's a little vague; it could mean a new version of Windows, or a new update, or anything in between. But Alain Crozier, president of Microsoft France, told employees earlier this week that Windows 9 was going to be shown off at the event, as spotted by ZDNet France.

But it turns out that wasn't suitably on-message. Microsoft PR got in touch with ZDNet to tell them that the next version of Windows doesn't actually have a name. So it's not Windows 9 at all.

Read 2 remaining paragraphs | Comments

Mac OS X Mavericks is also a *nix, and also vulnerable to the Bash bug. Sean Gallagher

UPDATE, 9/25: The Bash vulnerability, now dubbed by some as "Shellshock," has been reportedly found in use by an active exploit against Web servers. Additionally, the initial patch for the vulnerability was incomplete and still allows for attacks to succeed, according to a new CERT alert. See Ars' latest report for further details, our initial report is below.

A security vulnerability in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems, could leave systems running those operating systems open to exploitation by specially crafted attacks. “This issue is especially dangerous as there are many possible ways Bash can be called by an application,” a Red Hat security advisory warned.

The bug, discovered by Stephane Schazelas, is related to how Bash processes environmental variables passed by the operating system or by a program calling a Bash-based script. If Bash has been configured as the default system shell, it can be used by network–based attackers against servers and other Unix and Linux devices via Web requests, secure shell, telnet sessions, or other programs that use Bash to execute scripts.

Read 8 remaining paragraphs | Comments

The DJI Phantom 2 on display at CES. Sean Gallagher

A German man has been sentenced to a year of probation in his home country, a one-year ban from Yellowstone National Park in Wyoming, and a $1,600 fine after pleading guilty to illegally flying a drone (and crashing it into a lake) in the park in July 2014.

On Wednesday, local media reported that Andreas Meißner of Königswinter, Germany pleaded guilty to violating the ban on drones, filming without a permit, and leaving property unattended. Federal prosecutors dropped one charge—making a false report to a government employee—in exchange for the plea deal.

For months now, drone use in national parks has been something of a menace according to NPS authorities. In June 2014, the NPS banned drones in all parks following an initial ban in California’s Yosemite National Park. Other incidents going back to September 2013 have involved buzzing wild sheep in Utah, flying over nesting gulls in Alaska, and flying over visitors at Mount Rushmore in South Dakota.

Read 25 remaining paragraphs | Comments

This here is Comcast territory—you best be on your way. City Year

Comcast has made many arguments in support of its proposed acquisition of Time Warner Cable (TWC), but it keeps circling back to one: since the two cable companies don’t compete head-to-head in any city or town, there would be no harm in approving the deal.

But why don’t Comcast and TWC, the two largest cable companies in the US, compete against each other? And if the merger was denied, would they invade each other’s territory? Ars asked Comcast Executive VP David Cohen those questions today on a press call held to discuss Comcast’s latest filing with the FCC.

In short, Cohen said it’s too expensive to compete against other cable companies—even though Comcast is spending $45.2 billion to purchase Time Warner Cable. Comcast and TWC aren’t likely to start competing against each other even if they remain separate, Cohen explained:

Read 19 remaining paragraphs | Comments

iOS 8.0.1 fixes a handful of bugs with the new update. Andrew Cunningham

Update: Some users are reporting that the update is disabling cell service and TouchID buttons on some phones. I can confirm that this happened on my AT&T iPhone 6, though a Verizon iPhone 5 still seems to be getting service just fine. For now we recommend holding off—do not download and install this update yet.

Update 2: Apple has pulled the 8.0.1 update. Affected iPhone 6 users are allegedly being told by Apple support to try restoring their phones with iTunes.

Update 3: On our iPhone 6, restoring through iTunes has re-installed iOS 8.0 and it appears to be working normally. This process erases your data from the phone, but it appears to be the best way to get back up and running as of this writing.

Read 4 remaining paragraphs | Comments

HAT-P-11b is 4.7 times the size of Earth and has 25 Earth masses. Harvard Center for Astrophysics

After a difficult search, scientists have found definitive traces of water on a relatively small exoplanet for the first time. The exoplanet in question, HAT-P-11b, is the size of Neptune and has copious amounts of both water vapor and hydrogen in its atmosphere.

Using the Hubble Space Telescope, the Spitzer Space Telescope, and the Kepler spacecraft, a team of scientists obtained spectrographic data as HAT-P-11b passed in front of its host star, allowing them to determine the planet’s atmospheric composition.

While other exoplanets with water have been discovered, these have mostly been gas giants larger than Jupiter. HAT-P-11b is the first significantly smaller planet with water to be discovered. The discovery paves the way for searches for water, perhaps even on smaller, more Earth-like planets.

Read 10 remaining paragraphs | Comments