The cybercriminals that compromised Home Depot's network and installed malware on the home-supply company's point-of-sale systems likely stole information on 56 million payment cards, the company stated on Thursday.

In the first details revealed in its investigation of the breach, the company said the malicious software that compromised those payment systems had been custom-built to avoid triggering security software. The breach included stores in the United States and Canada and appears to have compromised transactions that occurred between April and September 2014.

"To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements," Home Depot said in its statement. "The hacker's method of entry has been closed off, the malware has been eliminated from the company's systems, and the company has rolled out enhanced encryption of payment data to all US stores."

Read 6 remaining paragraphs | Comments

While many jurisdictions have tried (and failed) to put legal barriers in place to prevent children from buying or playing violent video games, Calfornia's Marin County is taking a different tack, asking families to voluntarily trade in their violent video games for ice cream and raffle tickets.

The Marin Independent Journal has a report on the county's efforts for Domestic Violence Awareness Month, which include weekly opportunities to trade in violent video games or toy guns. Participants will be provided with ice cream from the local Ben & Jerry's affiliate, according to the report, and parents of those participating will be entered in a raffle for further prizes.

The toy and game drive is being spearheaded by District Attorney Ed Berberian and the Center for Domestic Peace, who teamed up to host a firearm buyback program that took in over 850 weapons two years ago. Why move from collecting real guns to collecting fake guns and games that feature fake guns?

Read 3 remaining paragraphs | Comments

Google's cutesy video on law enforcement requests.

The Washington Post is reporting that Google will finally step up security efforts on Android and enable device encryption by default. The Post has quoted company spokeswoman Niki Christoff as saying “As part of our next Android release, encryption will be enabled by default out of the box, so you won't even have to think about turning it on.”

That "next Android release" should be Android L, which is currently out as a developer preview and is expected to be released before the end of the year.

The move should bring Android up to parity with iOS. Apple recently announced enhanced encryption for iOS 8, which Apple says makes it impossible for the company to decrypt a device, even for law enforcement. While Android's encryption was optional, it seems to work in a similar way, with Christoff saying "For over three years Android has offered encryption, and keys are not stored off of the device, so they cannot be shared with law enforcement."

Read 4 remaining paragraphs | Comments

US Court of Appeals for the 9th Circuit, Pasadena courthouse. --Mark--

In general, websites aren't responsible for the things their users do or post. That's because of a landmark federal Internet law, known as Section 230 of the Communications Decency Act.

The law allows sites like Yelp, Craigslist, and YouTube to host loads of user-produced content, while directing most lawsuits over that content toward the users, not the websites.

However, an appeals court ruling yesterday may join the small batch of precedents that set out the murky limits of CDA Section 230. A three-judge panel of the US Court of Appeals for the 9th Circuit has allowed (PDF) an alleged rape victim to sue ModelMayhem.com, a site she says was used by her attackers.

Read 13 remaining paragraphs | Comments

"I am what I am, and I look like me, not everyone else."

On Tuesday, Norwegian news site VG reported that a 16-year-old boy found his newest Facebook profile photo deleted automatically by the site, but not for containing offensive content or misrepresenting himself. Embret Henock Haldammen, a high school student in Kristiansand, Norway, had posted his latest school portrait weeks earlier, only to receive a notice stating that "the profile picture violated Facebook's policies."

Without receiving a response clarifying what those policies were, Haldammen came to the conclusion that the image was deleted because of his face's lymphatic malformations, which he's had since birth.

"We're used to people pointing, looking, and laughing at him," Haldammen's father said to Norwegian news site Fædrelandsvennen (translated by Google). "But that Facebook acts as a youth, and not a company, is appalling." The reports also include a photo of Haldammen posing with a former Norwegian Prime Minister, which he had used as a profile photo in the past with no incident.

Read 5 remaining paragraphs | Comments

While it's still unclear to me what the future of wearables will be, I must admit that all things considered I feel that glasses are a better idea than watches as a form factor. If the goal is glanceable information, a heads-up display is probably as good as it gets. This brings us to the ODG R-7, which is part of Qualcomm's Vuforia for Digital Eyewear (VDE) platform. This VDE platform brings new capabilities for augmented reality. What this really means is that developers no longer need to worry about coming up with their own system of aligning content from a VR headset to the real world, as this platform makes it a relatively simple process. Judging by the ODG R-7, there's no need for a 3D camera to pull this off.

So let's talk about the ODG R-7, one of the most fascinating wearables I've ever seen. While its primary purpose is for government and industrial use, it isn't a far leap to see the possibilities for consumers. For reference, the ODG R-7 that I saw at this show is an early rev, and effectively still a prototype. However, the initial specs have been established. This wearable has a Qualcomm Snapdragon 805 SoC running at 2.7 GHz, with anywhere between one to four gigabytes of RAM and 16 to 128 gigabytes of storage. There are two 720p LCoS displays that run at 100 Hz refresh rate, which means that the display is see-through. There's one 5MP camera on the front to enable the augmented vision aspects. There's also one battery on each side of the frame for a 1400 mAh battery, which is likely to be a 3.8V nominal voltage.

While the specs are one thing, the actual device itself is another. In person, this is clearly still a prototype as on the face it feels noticeably front heavy, which is where all of the electronics are contained. It's quite obvious that this is running up against thermal limits, as there is a noticeable heat sink running along the top of the glasses. This area gets noticeably hot during operation, and easily feels to be around 50-60C although the final product is likely to be much cooler in operation.

However, these specs aren't really what matter so much as the use cases demonstrated. While it's effectively impossible to really show what it looks like, one demo shown was a terrain map. When this was detected by the glasses, it automatically turned the map into a 3D model that could be viewed from any angle. In addition, a live UAV feed was just above the map, with the position of the UAV indicated by a 3D model orbiting around the map.

It's definitely not a long shot to guess the next logical steps for such a system. Overlaying directions for turn by turn navigation is one obvious use case, as is simple notification management, similar to Android Wear watches. If anything, the potential for glasses is greater than watches as it's much harder to notice glasses in day to day use as they rely on gravity instead of tension like a watch band. However, it could be that I'm biased though, as I've worn glasses all my life.

The Barbours. Fox8 WGHP Two newlyweds were each handed a life sentence Thursday for luring a stranger to his death via a Craigslist advertisement.

The Pennsylvania federal judge who sentenced Miranda Barbour, 19, and Elytte Barbour, 22, said the sentence, which prohibits parole, was necessary for their "permanent removal" from society.

The pair killed Troy LaFerrara, 42, of Central Pennsylvania in a scene local media described as right out of a horror movie.

Read 4 remaining paragraphs | Comments

Microsoft has made its next set of layoffs, continuing the downsizing announced in July. Some 2,100 jobs have been cut worldwide, with 747 of those in the company's home state of Washington.

CEO Satya Nadella plans to shrink the company by about 18,000 people overall, with 12,500 of these coming from the 25,000 staff that came with the newly acquired Nokia handset business. In the first round of cuts in July, 13,000 jobs were lost. With today's cuts, that leaves another 2,900 positions that Microsoft wants to eliminate.

One victim is Microsoft Research's Silicon Valley lab, reports Mary Jo Foley at ZDNet. The lab, which focused on distributed computing and large-scale systems, will be closing on Friday. Microsoft has said that some researchers will be offered positions at other labs.

Read on Ars Technica | Comments

New York, one of the RGGI states, has nearly two Gigawatts of installed wind capacity. NY Department of Environmental Conservation

Economists and policymakers frequently talk about the "social cost of carbon"—the price that society as a whole pays for disruptions caused by climate change and ocean acidification. Although there are various ways of calculating it that give different results, the US currently estimates the cost at $37 a ton. At least nationally, however, there have been no attempts to get anyone to actually pay this price for their emissions.

But locally, a number of states are trying. Most of the Northeast has banded together to form the Regional Greenhouse Gas Initiative, or RGGI. This is a cap-and-trade system, where emissions allowances are auctioned by the group. Unfortunately, plans for the auctions were made prior to the boom in fracking, which has dramatically lowered the emissions of electricity generation in the US. As a result, RGGI emissions allowances have been auctioned off at the legal minimum, just under $2 a ton—well below just about any estimate of the social cost of carbon.

As a result, the group decided to take two actions. To begin with, it reduced its total cap on CO2 emissions by 45 percent. Then, it reduced the number of allowances auctioned off. It does so by holding back a pool of allowances until the auction price reaches a preset value. Currently, that value is $4/ton. As a result, three consecutive auctions have resulted in prices above $4. The reserve price is set to rise by $2 every year until it hits $10, then rise by 2.5 percent each following year.

Read 5 remaining paragraphs | Comments

Simon Greig

While Apple won't confirm it, the company has removed its warrant canary from its latest transparency report, issued this week. While this could mean that the company has received a new secret government order to provide user data, there is still another more likely possibility: it's not publishing warrant canaries at all.

Warrant canaries work like this: a company publishes a notice saying that a warrant has not been served as of a particular date. Should that notice be taken down, users are to surmise that the company has indeed been served with one. The theory is that while a court can compel someone to not speak (a gag order), it cannot compel someone to lie. The only problem is that warrant canaries have yet to be fully tested in court.

In November 2013, the second time (the first was in June 2013) Apple issued its transparency report (for a period covering the first half of 2013), the company wrote as its warrant canary:

Read 12 remaining paragraphs | Comments

Oracle CEO Larry Ellison. Photograph by Oracle PR

Larry Ellison, CEO of multinational software company Oracle, is leaving his position as CEO effective immediately. According to the company's official statement, Larry Ellison will continue to work for the company as its Executive Chairman and Chief Technology Officer.

In his stead, Oracle executives Mark Hurd (formerly of HP) and Safra Katz will take over as co-CEOs. Oracle's statement says that Ellison will continue to be in charge of "all software and hardware engineering functions" in his new role as the company's CTO.

"Safra and Mark will now report to the Oracle Board rather than to me," said Ellison via the statement. "All the other reporting relationships will remain unchanged. The three of us have been working well together for the last several years, and we plan to continue working together for the foreseeable future."

Read 2 remaining paragraphs | Comments

Facebook's News Feed pays attention to trending topics, right, but news feeds have lately seemed to be lacking in news.

Following criticism of the lack of current events in Facebook news feeds, Facebook has announced tweaks to its algorithms meant to help surface timely content. The company plans to do this by giving more value to posts that get interactions, such as likes and comments, and pushing posts when that activity seems to be cresting.

In the blog post announcing the changes, Facebook wrote that it often prioritizes posts about "trending" topics that appear in the chart of hashtags posted on the right side of users' homepages. Facebook also places higher value on posts according to how many interactions (likes, comments, shares) they receive.

But as things are, some users have noted that Facebook seems to miss news waves, or is late to them, as with the fatal shooting of Mike Brown and the related protests that played out over weeks in August. When Facebook's curation methods didn't acknowledge those events, users noticed the news vacuum in their news feeds.

Read 1 remaining paragraphs | Comments

"Man Controlling Trade," 1942, by Michael Lantz. brian mcneal

There are hundreds of so-called "patent trolls," but MPHJ Technology became one of the most well-known when it sent thousands of letters to small businesses around the country suggesting they should pay around $1,000 per worker for using basic "scan-to-email" functions.

The legal and political blowback since then have made MPHJ truly unique in the patent-licensing world. The sheer mass of the company's demand letters caused it to get sued by attorneys general in Vermont and Nebraska, making it the only patent troll to ever be sued by the government. The company's tactics were denounced in Congress, and it drew the attention of the Federal Trade Commission.

In January, MPHJ took the stunning step of actually suing the FTC. According to MPHJ's complaint, the FTC had threatened to file suit, saying that its letter campaign constituted a deceptive trade practice. That was a violation of its right to talk about and enforce its patents, a right protected under the First Amendment.

Read 10 remaining paragraphs | Comments

The accelerator where the work took place. https://www.gsi.de/en/research/accelerator_facility/storage_ring.htm

Einstein is most famous for general relativity, which is really a theory of gravity. But his theory of special relativity has been just as important. Special relativity is all about how to interpret measurements: if you measure the speed of an object from a moving vehicle, how do I reconcile that number with a measurement I make from the side of the road? At low speeds this is a fairly simple task, but at very high speeds things start to get strange. This strangeness arises as a consequence of the speed of light being constant.

Tests of the validity of special relativity abound, but they've been limited to a few classes of objects. The ones done in the lab are usually very sensitive experiments performed on relatively slow-moving objects, while natural tests use the motion of the Earth or other astronomical objects. Now, a German facility has measured time dilation very accurately. But in a twist, these measurements were performed on things moving at just under 40 percent of the speed of light in the laboratory.

The researchers tested how clocks slow down when they are in motion. For example, if you are in motion relative to me, and I can see the watch on your hand, I should observe that it runs slightly slow compared to the one I'm wearing. Indeed, if you put an atomic clock in an airplane and fly it around the world, it will end up with a slightly different time than an identical clock that remained at the airport.

Read 15 remaining paragraphs | Comments

@OccupyWallStNYC

On Wednesday, three years to the day since the beginning of Occupy Wall Street, one of its former leaders has sued another leader over a disputed Twitter account.

@OccupyWallStNYC has 177,000 followers, and it's apparently controlled by Justin Wedes, a self-identified "educator and activist based in Detroit, Michigan" and a "founding member" of the New York City General Assembly. Wedes did not respond to Ars’ requests for comment.

According to the suit, which was filed by the OWS Media Group in the Supreme Court of the State of New York, Wedes "hijacked" the account in early August 2014, "making himself the sole person in control of the Twitter Account."

Read 16 remaining paragraphs | Comments

Aurich Lawson

AT&T’s proposed $48.5 billion acquisition of DirecTV will reduce competition for TV subscribers, increase AT&T’s “incentive to discriminate against online video services,” and give AT&T more reasons to neglect its aging copper network, consumer advocacy groups argue in a petition to deny the merger.

AT&T has claimed the merger would help it expand fiber buildouts to an additional two million locations, but this claim is unverifiable because AT&T hasn’t said how much fiber it will deploy if the merger is not approved, says the petition to the FCC filed Tuesday by Public Knowledge and the Institute for Local Self-Reliance.

AT&T has a lot of copper throughout its 22-state wireline footprint, but it has no intention of deploying faster fiber networks throughout the entire territory. Some customers prefer copper over fiber for telephone service anyway, because of its ability to work through many power outages. But AT&T has been accused of failing to maintain its copper networks, and the petition says purchasing a satellite TV provider would increase AT&T’s incentive to push customers from copper to wireless.

Read 11 remaining paragraphs | Comments

Ivan David Gomez Aarce

China's military broke into Pentagon contractors' computer networks at least 50 times—hacks that threaten "to erode US military technical superiority," according to a federal investigation.

The Senate Arms Services Committee found that nearly two dozen intrusions were of the well-orchestrated "advanced persistent threat" variety. The yearlong probe [PDF] blamed the Chinese government for hacks targeting civilian transportation companies that the US military employs for the movement of troops and equipment. According to the investigation, hackers from the People's Liberation Army started in 2012 and put malware onto an airline's computers, stealing computer codes, e-mail, documents, and user accounts from firms the government declined to name.

"These peacetime intrusions into the networks of key defense contractors are more evidence of China's aggressive actions in cyberspace," said committee chairman Sen. Carl Levin (D-Mich.)

Read 7 remaining paragraphs | Comments

CloudFlare has developed a way to separate SSL from private crypto keys, making it easier for companies to use the cloud to protect their networks.

Content delivery network and Web security company CloudFlare has made a name for itself by fending off denial-of-service attacks against its customers large and small. Today, it's launching a new service aimed at winning over the most paranoid of corporate customers. The service is a first step toward doing for network security what Amazon Web Services and other public cloud services have done for application services—replacing on-premises hardware with virtualized services spread across the Internet.

Called Keyless SSL, the new service allows organizations to use CloudFlare’s network of 28 data centers around the world to defend against distributed denial of service attacks on their websites without having to turn over private encryption keys. Keyless SSL breaks the encryption “handshake” at the beginning of a Transport Layer Security (TLS) Web session, passing part of the data back to the organization’s data center for encryption. It then negotiates the session with the returned data and acts as a gateway for authenticated sessions—while still being able to screen out malicious traffic such as denial of service attacks.

In an interview with Ars, CloudFlare CEO Matthew Prince said that the technology behind Keyless SSL could help security-minded organizations embrace other cloud services while keeping a tighter rein on them. “If you decide you’re going to use cloud services today, how you set policy across all of these is impossible," he said. "Now that we can do this, fast forward a year, and we can do things like data loss prevention, intrusion detection… all these things are just bytes in the stream, and we’re already looking at them.”

Read 13 remaining paragraphs | Comments

Verizon CEO Lowell McAdam. Verizon

No company has gone to greater lengths than Verizon in trying to stop the government from enforcing network neutrality rules.

Verizon is the company that sued to overturn the Federal Communications Commission’s Open Internet Order from 2010. Verizon won a federal appeals court ruling this year, overturning anti-discrimination and anti-blocking rules and setting off a months-long scramble by the FCC to get enforceable rules into place.

Verizon has also been spending money to press its case with lawmakers. "An analysis by San Francisco-based data firm Quid found that Verizon alone spent $100 million to lobby Congress on net neutrality since 2009," NPR reported yesterday.

Read 11 remaining paragraphs | Comments

A shale gas well being drilled in Louisiana. Daniel Foster

The primary public concern surrounding fracking—the fracturing of shale rock layers with hydraulic pressure to release the natural gas and oil they contain—has been the perceived risk to drinking water. After all, the water used to fracture the rock is laced with chemicals that enhance the process, and some of them are hazardous. While those chemicals haven’t really shown up in water wells, natural gas has. If natural gas isn’t identified and vented, it could collect in buildings and pose an explosion hazard—videos of garden hoses turned into flame-throwers have made the rounds.

But tying that natural gas to fracking projects isn’t as straight-forward as many assume since there are natural sources of methane as well. One group of researchers has been studying this question for several years, focusing on Pennsylvania, where the Marcellus Shale has been targeted by the natural gas industry. A controversial analysis the group performed concluded that natural gas in well water was more common near active natural gas production wells, indicating that much of the contamination was related to recent human activities rather than natural conditions.

The researchers also looked for hints of natural migration of fluids from the Marcellus Shale, which is deep underground, to the well water, which is taken from sources closer to the surface. By analyzing elements like chlorine and strontium, they identified the fingerprint of briney Marcellus fluid in some of the water wells, which pull from an aquifer where concentrations of those elements are much lower. They concluded that some of those fluids were present, casting doubt on the idea that the Marcellus Shale was too tight a seal to allow fluid to escape upward into drinking water. That work also indicated that some of the methane-contaminated wells seemed to be impacted by naturally occurring methane, but typically the ones close to natural gas production wells weren't.

Read 16 remaining paragraphs | Comments