It's been about 20 years since Mark Hamill first graced PC screens as Colonel Christopher Blair in Origin System's Wing Commander III: Heart of the Tiger. If you've somehow gone this whole time without experiencing his performance, now's your chance to rectify that. EA is currently offering the game completely free on its Origin digital distribution service.

WC3 is part of EA's ongoing "On the House" promotion, which started off with Battlefield 3 in June and The Sims 2: Ultimate in July, with the promise of new free titles to come regularly in the future. Though the price is time-limited, those who download the game during the sale will have access to it through Origin indefinitely.

Wing Commander III usually sells for just $5 on Origin and is currently available for $6 DRM-free from GOG, so this isn't exactly the world's biggest video game sale. Still, there can be a big difference between "free" and "a few bucks," especially when it comes to a retro PC classic that every sci-fi fan should experience.

Read 1 remaining paragraphs | Comments

No one suffering from an emergency expects to be greeted by a recording when they dial 911.

Yet 911 callers in Caddo County, Oklahoma were unable to reach a human operator for months in 2013. Instead, they were routed to an automated message that "instructed callers to 'hang up and dial 911' if their call is an emergency," the Federal Communications Commission said yesterday.

The FCC issued a proposed fine of $100,000 to the Hinton Telephone Company, saying the telco "betrayed its customers."

Read 11 remaining paragraphs | Comments

This iPhone 5S is likely to be superseded in September. Andrew Cunningham

After a summer full of rumors and part leaks, Re/code reports that Apple is planning to hold its next iPhone event on Tuesday, September 9. Re/code co-founder Walt Mossberg has a long history with Apple, and his prior publication AllThingsD correctly predicted the dates of Apple's iPhone and iPad events last year, so there's a good chance this is the real thing.

This year Apple is widely expected to release a redesigned "iPhone 6" with a larger screen. Reports have varied, but anonymous sources have told multiple publications that the company is planning a 4.7-inch phone to rival "normal" handsets from competitors, as well as a 5.5-inch version intended to compete with so-called "phablet" phones like Samsung's Galaxy Note series. Last year's top-end iPhone 5S and midrange iPhone 5C were both refinements of the iPhone 5 design introduced in 2012.

Apple also uses its iPhone events to announce final release dates for new iOS versions, which for the past two years have come out on the second Wednesday after the iPhone unveiling. This means a final release of iOS 8 is likely on or near September 17, assuming Apple doesn't change its plans. iOS 8 will refine the new design introduced in iOS 7, allow iOS devices to work more closely with Macs running OS X Yosemite, and introduce a number of under-the-hood improvements, including Extensions. Third-generation Apple TVs will receive an updated UI, as well.

Read 1 remaining paragraphs | Comments

Kenzie

A set of newly published documents shows that under half of the people on the United States Terrorist Screening Database have “no recognized terrorist group affiliation” and that nearly 1,000 new names are added daily.

An August 2013 chart, published Tuesday for the first time by The Intercept, shows that there are one million names on the Terrorist Identities Datamart Environment (TIDE). Of those, 680,000 were on the aforementioned watchlist, and of those, 280,000 had “no recognized terrorist group affiliation.”

The Intercept

The Intercept did not reveal how it got the documents, only saying that they were obtained “from a source in the intelligence community.” In the past, The Intercept has published documents obtained as part of the Edward Snowden cache, but it has specifically mentioned his name when it does so.

Read 4 remaining paragraphs | Comments

On Tuesday, Justin.tv, the video streaming service that created the popular gaming video site Twitch, announced its closure effective immediately.

Visitors to either the main Justin.tv site or any of its subchannels are now redirected to a goodbye message announcing that "the Justin.tv website, mobile apps, and APIs are no longer in service." Following that announcement is a Q&A about the closure, and the first question—"Why?"—dances around the answer. The FAQ indirectly blames the popularity of Twitch: "Unfortunately that means we need to shut down Justin.tv."

Such an answer only fuels recent rumors and reports that have all but confirmed that YouTube will soon acquire Twitch for $2 billion. Should that happen, today's news hints at Twitch's services remaining largely unchanged, as Justin.tv users are advised to transfer their account to Twitch by September 5, 2014. (Paid Justin.tv users have already had their accounts converted to similar services on Twitch.)

Read 2 remaining paragraphs | Comments

64-bit Chrome running on the OS X Yosemite public beta. It's beta software all the way down! Andrew Cunningham

About two months after issuing the first 64-bit Chrome beta builds to Windows users, Google has introduced 64-bit support to the OS X version of the Chrome beta as well. The change was first spotted by iClarified, and we downloaded the Canary version of Chrome to confirm for ourselves. Chrome's Canary channel is the least stable of all the release channels, and it's often where new or experimental features make their first appearance. The Dev channel, also early and unstable but updated less frequently and therefore less tumultuous, has been updated with 64-bit support as well.

64-bit Chrome builds for Windows were accompanied by an announcement on the Chromium blog, but no such release accompanied the OS X release. One assumes that the advantages for Mac users are similar to those for Windows users. Google claims that compiler optimizations and newer instruction sets inherent to 64-bit CPUs should improve speed, improved ASLR support and better heap partitioning should improve security, and (when the build goes stable) the browser should suffer from fewer crashes than 32-bit Chrome.

The current stable build of Chrome is version 36, which was released in mid-July. The 64-bit Windows build of Chrome, recently bumped from the Canary channel to the Beta channel, is version 37, while the 64-bit OS X build is version 38. Chrome's six-week release cycle means that, barring some kind of show-stopping bug, 64-bit Chrome should come to the stable Chrome channel for Windows users in early September and to OS X users in mid-October. In the meantime, the work-in-progress Canary Chrome betas are available here. Install them at your own risk.

Read on Ars Technica | Comments

@congressedits

The new bot @Congressedits, which tweets anonymous Wikipedia edits made from Capitol Hill, discovered one of its most substantial revisions on Tuesday. The program listens for Wikipedia changes stemming from Congressional IP address ranges, and it auto-tweeted about an alteration to the page for Navi Pillay, the United Nation's High Commissioner on Human Rights.

The 33-word revision to the page for Pillay added that the commissioner has received "criticism for reffering (sic) to Edward Snowden, the American traitor who defected to Russia, as a 'Human Rights Defender' and saying that he should not face trial for his crimes." The month before, Pillay made headlines when she said Snowden "should be seen as a human rights defender," and "We owe a great deal to him for revealing this kind of information."

The edit comes after Wikipedia recently handed out both 10-day and single-day bans on edits from Capitol Hill. The move hoped to deter edits like the one above for Pillay or for a recent edit on the entry for Web outlet Mediaite. Not long after Mediaite wrote a story about @congressedits, Mediaite's Wikipedia entry was changed by someone in the House, calling the site a "sexist transphobic news and opinion blog" that "automatically assumes that someone is male without any evidence." (That change was cited by the Wikipedia admin who imposed the ban, according to The Hill.)

Read 4 remaining paragraphs | Comments

This, plus a camera and computer, is all you need to listen to remote sounds. Flickr user TheFoodJunk

Watch enough spy thrillers, and you'll undoubtedly see someone setting up a bit of equipment that points a laser at a distant window, letting the snoop listen to conversations on the other side of the glass. This isn't something Hollywood made up; high-tech snooping devices of this sort do exist, and they take advantage of the extremely high-precision measurements made possible with lasers in order to measure the subtle vibrations caused by sound waves.

A team of researchers has now shown, however, that you can skip the lasers. All you really need is a consumer-level digital camera and a conveniently located bag of Doritos. A glass of water or a plant would also do.

Good vibrations

Despite the differences in the technology involved, both approaches rely on the same principle: sound travels on waves of higher and lower pressure in the air. When these waves reach a flexible object, they set off small vibrations in the object. If you can detect these vibrations, it's possible to reconstruct the sound. Laser-based systems detect the vibrations by watching for changes in the reflections of the laser light, but researchers wondered whether you could simply observe the object directly, using the ambient light it reflects. (The team involved researchers at MIT, Adobe Research, and Microsoft Research.)

Read 6 remaining paragraphs | Comments

Greetings, Arsians! Our partners at LogicBuy are back with a bevy of deals for this week. Today we've got a 32GB 8.9-inch Kindle Fire HDX for just $299 (that's $130 off the MSRP), though the sale is today only! If you're on the fence as to whether or not to buy one, maybe our review will help.

The Kindle Fire and tons more deals are below for your shopping pleasure.

Featured deal

Read 7 remaining paragraphs | Comments

The Pebble smartwatch has been around for quite a long time compared to the wearables put forth by other manufacturers. It was one of the earliest devices in the smartwatch category. However, that isn’t to say that the Pebble has remained the same since it first came out. The Pebble app store is now home to over 1000 applications, and the original design was improved with the Pebble Steel earlier this year at CES. The original Pebble watch is still available for purchase though, and today a new trio of limited edition Pebble watches in new colors are being put up for purchase on the Pebble website. Pebble is naming these new color schemes Fresh, Hot, and Fly for the green, pink, and blue options respectively. 

In addition to the new color schemes, Pebble is shipping some new watchfaces to match each new watch. A new application from The Weather Channel is also being added to the Pebble app store. Both of these are available now to all Pebble users.

As stated above, this is a one-time production run of these limited edition colors for the Pebble smartwatch. All three new models are available now on the Pebble website for $150 while supplies last.

 

Stop using your damn phones so much. Esther Vargas

Verizon Wireless has told FCC Chairman Tom Wheeler that its policy of throttling unlimited data users on congested cell sites is perfectly legal and necessary to give heavy data users an incentive to stop using their phones so much.

Wheeler had sent a letter to Verizon accusing the company of throttling unlimited data users in order to make more money, presumably by encouraging users to purchase new data plans. "'Reasonable network management' concerns the technical management of your network; it is not a loophole designed to enhance your revenue streams," Wheeler wrote. Wheeler didn’t argue that throttling itself is never reasonable, but he called it “disturbing” that “Verizon Wireless would base its 'network management' on distinctions among its customers' data plans, rather than on network architecture or technology."

"I know of no past Commission statement that would treat as 'reasonable network management' a decision to slow traffic to a user who has paid, after all, for 'unlimited' service," Wheeler added.

Read 11 remaining paragraphs | Comments

A teenage whitehat hacker said he has found a simple way that attackers can bypass the two-factor authentication system PayPal uses to protect user accounts.

The circumvention requires little more than spoofing a browser cookie set when users link their eBay and PayPal accounts, according to Joshua Rogers, a 17-year-old living in Melbourne, Australia. Once the cookie—which is tied to a function PayPal identifies as "=_integrated-registration"—is active in a user's browsing session, the two-factor authentication is circumvented, Rogers reported. That means attackers who somehow acquire someone else's login credentials would be able to log in without having to enter the one-time passcode sent to the account holder's mobile phone.

Rogers said he reported the vulnerability privately to PayPal on June 5. He said he went public two months later after receiving no response. He went on to write:

Read 3 remaining paragraphs | Comments

A couple of weeks ago I offered a brief performance preview of the $799 entry level Surface Pro 3 with an Intel Core i3-4020Y. The performance hit in going down to the $799 model is significant but compared to an upgraded ARM tablet you do get substantially more functionality/performance. The big unknown at the time was battery life. Going down to a Y-series part comes with a reduction in TDP (15W down to 11.5W), which could have power implications.

I spent the past week running and re-running battery life tests on the Core i3 model of the Surface Pro 3. For the most part, battery life hasn't changed. As you'll see from our laptop results, the Core i3 Surface Pro 3's battery life shows a slight regression compared to our Core i5 results but not significantly so:

Although our laptop tests didn't show any gains, our tablet workload showed a substantial increase in battery life for the Core i3 version vs. the Core i5 Surface Pro 3:

An 11% increase in battery life is likely due to the lower power binned Y-series Haswell ULx part. It's interesting to me that the gains are exclusively in our lightest workload and don't appear to be present under any of the more active workloads. The decrease in TDP would imply a reduction in peak active power consumption but perhaps that's more a function of the reduced clocks. What we see at lighter/more idle workloads is a reduction in leakage thanks to the Y-series part.

I still feel like the best overall balance of battery life, storage, performance and price is going to be a Surface Pro 3 equipped with a Core i5. I think where the $799 Core i3 makes sense is if you're budget limited and left with the choice between a 64GB ARM based tablet or the entry level Surface Pro 3. The problem is typically users who stretch their budget to get a 64GB ARM based tablet want the storage space, which is something you sacrifice when you move to a 64GB Windows 8.1 device (roughly 21GB free on a new install). I don't see the $799 Surface Pro 3 necessarily catering to the same market as a high end ARM device, but I think the entry level SP3 does embody Microsoft's mission better than any of the more expensive configurations. There's very little cross shopping between a $499 ARM based tablet and a $1200+ Surface Pro 3, but the entry level SP3 can serve as an in-between device if you want some of both worlds. 

A scene from the 2002 GameCube version of Resident Evil.

Mark your calendars, nostalgia lovers—today is the day that the trend of remaking classic games for new consoles finally approaches self-parody. Capcom has announced that it will remake the 2002 GameCube remake of Resident Evil yet again, with HD versions coming to the PS3, PS4, Xbox 360, Xbox One, and PC in early 2015 [Update: The original version of this story left out the PC version. Ars regrets the error].

Capcom's press release is clear that this new game is not directly based on the original 1996 Resident Evil but is instead the "definitive re-visit of that iconic 2002 Resident Evil title." That 2002 remake, which premiered on the GameCube and eventually came to the Wii in 2009, added improved graphics and sound, tweaked puzzles, and a few minor control changes to the classic PlayStation title.

The revamped revamp announced today will feature high-definition graphics (in 1080p on the Xbox One and PS4), remastered 5.1 surround sound, and a widescreen 16:9 display mode for the first time. Players can also choose between the classic "tank" controls made famous in the original games or a more modern, Resident Evil 4-style control scheme that maps more directly to the control stick, a change that will probably drain away some of the tension born from struggling with the controls in the original.

Read 2 remaining paragraphs | Comments

While I was planning on doing a full review for the GS5 LTE-A, it turns out that there’s relatively little that changes between the original Galaxy S5 and this Snapdragon 805 version. For those that aren’t quite familiar with this variant of the Galaxy S5, most of the device stays the same in terms of design, battery size, waterproofing, UI, and camera. What does change are the SoC, modem, and display. The SoC is largely similar to the one we see in the original Galaxy S5, but a minor update to CPU (Krait 450 vs Krait 400), more memory bandwidth, faster GPU, and faster ISP. In addition, the modem goes from category 4 LTE support on a 28HPm process to category 6 LTE support on TSMC’s 20nm SoC process. What this means is that the maximum data rate goes from 150 Mbps to 300 Mbps. Finally, the display goes from 1080p to 1440p in resolution, and we've previously covered the display's surprisingly good calibration and general characteristics.

Battery Life

Of course, one of the major questions has been whether battery life has been compromised by the higher resolution display or more powerful GPU. To answer these questions, we turn to our standard suite of tests, which include web browsing battery life and battery life under intensive load. In all cases where the test has the display on, the display is calibrated to 200 nits.

In this test, we see that the GS5 LTE-A is ever so slightly better than the Galaxy S5 in WiFi web browsing, which is quite a stunning result. However, the result is within the margin of error for this test, which is no more than 1-2%. This result is quite surprising, especially because we saw how the move to QHD significantly reduced battery life on the LG G3 compared to the competition. Samsung states that there is an improved emitter material in the OLED display, which is probably responsible for the relatively low impact of the QHD display. This kind of power efficiency improvement is due to the relatively immature state of OLED emitter material technology when compared to LED backlight technology.

The other area where power improvements could come from is the WiFi chip itself. Instead of Broadcom's BCM4354, we see a Qualcomm Atheros QCA6174 solution in this variant. Both support 2x2 802.11ac WiFi for a maximum throughput of 866 Mbps, but there's a possibility that the QCA6174 solution is more power efficient than the BCM4354 we found in the original Galaxy S5.

In the LTE web browsing test, we see a similar story as once again the Galaxy S5 LTE-A is within the margin of error for our test. As mentioned before, improvements to the display could reduce the effect that higher DPI has on power consumption. The other element here that could reduce power consumption would be the MDM9x35 modem, which is built on a 20nm SoC process for lower power consumption.

In order to better show the effects of stressing the CPU, GPU, NAND, and RAM subsystems we turn to our compute-intensive tests. For Basemark OS II, once again we see that battery life on the Galaxy S5 LTE-A is effectively identical to the original Galaxy S5. However, it seems that this comes at the cost of worse performance, which is likely the result of running at a higher resolution and higher ambient temperatures.

While Basemark OS II seems to mostly simulate intensive conventional usage of a smartphone, GFXBench is a reasonably close approximation of intensive 3D gaming. Surprisingly, we see here that the GS5 LTE-A is ahead of the GS5. It seems that the GPU architecture of the Adreno 420 is more efficient than what we saw in the Adreno 330. Once we scale the final FPS by resolution, we see that the end of run performance is around 22 FPS, which means that performance ends up being a bit higher than the original Galaxy S5. This seems to suggest a more efficient GPU architecture.

CPU Performance

While sustained performance is important, more often than not mobile use cases end up being quite bursty in nature. After all, a phone that lasts "all day" usually only has its screen on for 4-6 hours of a 16 hour day. To get a better idea of performance in these situations, we turn to our more conventional benchmarks. For the most part, I wouldn't expect much improvement here. While it's true that we're looking a new revision of Krait, it seems to be mostly bugfixes and various other small tweaks, not any significant IPC increase.

As seen in the CPU-bound tests, the GS5 LTE-A tends to trade blows with other Snapdragon 801 devices. The only real area where we can see a noticeable lead is the graphics test in Basemark OS II, which gives us a good idea of what to expect for the GPU-bound tests.

GPU Benchmarks

If there's any one improvement that matters the most with Snapdragon 805, it's in graphics. While there is a minor clock bump from 578 MHz to 600 MHz in the Adreno 420, this accounts only accounts for a 3.9% bump in performance if performance per clock is identical when comparing the Adreno 330 and Adreno 420. For those unfamiliar with the Adreno 420, this is a new GPU architecture that brings Open GL ES 3.1 support, along with support for ASTC texture compression and tesselation. As a result, the Adreno 420 should be able to support much better graphics in video games and similar workloads, along with better performance overall when supporting a higher 1440p resolution display when compared to Adreno 330. While we saw how Adreno 420 performed in Qualcomm's developer tablet, this is the first shipping implementation of Adreno 420 so it's well worth another look.

Here, we see a general trend that in the off-screen benchmarks, the Adreno 420 has a solid lead over other smartphones. Against the Adreno 330, we see around a 50-60% performance increase. However, in the on-screen benchmarks the GS5 LTE-A is solidly middle of the pack. It seems that we will have to wait until Adreno 430 and Snapdragon 810 to see on-screen GPU performance improve if the display has a 1440p resolution.

NAND Performance

Since we're still on the subject of the GS5 LTE-A's performance, I wanted to make a note of something else that changed. It seems that Samsung has put higher performance NAND into this device as well, as there's a noticeable uplift in read and write speed, regardless of whether it's sequential or random.

WiFi Performance

While at first I thought that the GS5 LTE-A would use the Broadcom BCM4354 chipset for 2x2 802.11ac WiFi, it turns out that this wasn't the case at all. As I mentioned earlier, this is the first shipping implementation of Qualcomm Atheros' QCA6174 WiFi chip. To see whether it's any faster, I used iperf and an Asus RT-AC68U router to try and see what peak UDP throughput is like.

As we can see here, it's effectively neck and neck and quite hard to tell the two apart. Both Galaxy S5s are far ahead of their single stream competition, but we see that two spatial streams only delivers around a 36% increase in performance.

Final Words

While there's been a lot of discussion over the impact of 1440p displays on battery life and performance, it seems that Samsung has managed to make the move to 1440p without losing performance or battery life for the most part. Of course, there's always the question of how much better battery life could be by utilizing the same technologies for a 1080p panel. This ends up going back to the question of whether it's possible to notice the higher resolution. To some extent, the answer is yes, and it becomes much more noticeable when used for VR purposes. However, in normal usage it's not immediately noticeable unless one has good or even great vision.

Outside of conventional battery life and performance tests, there are still a few more things to cover. I've noticed that there's a new Sony IMX240 camera sensor in the GS5 LTE-A, and I've been working on a more in-depth look at the MDM9x35 modem. Overall, we can see that this is a relatively straight upgrade of the original Galaxy S5. This will also give us a good idea of what to expect for future high-end Samsung devices launching in the next few months.

At roughly noon, Microsoft's Joe Belfiore (Vice President for Windows Phone) announced via Twitter that users enrolled in the developer preview should check for updates. Microsoft released the Windows Phone 8.1 Update (GDR1) to test, develop against, and enjoy.

And... if you're on the Developer Preview, go CHECK FOR UPDATES! WP8.1 Update is now live around the world!

— joebelfiore (@joebelfiore) August 4, 2014

If you're not familiar with the preview for developers program, this is Microsoft's way of circumventing the lengthy update roll-out process. Windows Phone vendors (Nokia, HTC, Samsung, etc) first integrate the update with their software stack, send it to regional operators (AT&T, Rogers, etc), and finally the regional operators test, validate and deploy it. Microsoft likely calls it a developer preview to appease these partners, but considering it cost $0 and takes three minutes to sign up, its true role is quite obvious and tech enthusiasts appreciate it.

To briefly recap, Microsoft described that Windows Phone 8.1 GDR1 will contain localization and Bluetooth improvements to Cortana, text messaging, mobile IE, enterprise app settings, and a unique approach to folders.

I was particularly curious how the 'live folders' worked. At first I wasn't sure it was working, as the folder doesn't immediately update its tile after creation and instead waits for the contained tiles to update. Therefore, it can take a moment before any movement is seen. I've personally grown used to not having folders, but this implementation which maintains the live updates is appreciated.

I was also curious what user agent string the web browser uses now.

Mozilla/5.0 (Mobile; Windows Phone 8.1; Android 4.0; ARM; Trident/7.0; Touch; rv:11.0; IEMobile/11.0; NOKIA; Lumia 920) like iPhone OS 7_0_3 Mac OS X AppleWebKit/537 (KHTML, like Gecko) Mobile Safari/537

It is pretty funny seeing iPhone, Android, OS X, WebKit, Apple, Nokie, IE, Trident, the kitchen sink, you-name-it, all in one user agent. Microsoft stated that IE mobile was consistently served non-mobile pages by major web sites like Google and Twitter, so changing the user agent to a mobile catch-all is certainly one way to resolve that.

No software update or Microsoft blog post ever seems to include a complete change list, so there are some extra user-visible improvements found in the update that were unexpected. VPN support previously included SSL VPN and IKEv2, and now grows to include L2TP with IPSec. Cellular data tethering now works over Bluetooth as well as WiFi.

Microsoft posted a Windows Phone 8.1 GDR1 change list for OEMs that gives some insight into behind the scenes changes. Larger screen sizes (up to monster 7" devices) are now supported, along with a variety of new mid-tier resolutions. Microsoft added several Bluetooth improvements including higher fidelity audio and network audio video browsing through AVRCP. Dual SIM now supports C + G (CDMA + GSM). Finally, phone cover apps have new settings, although no interactive phone covers exist yet.

 

Aurich Lawson

During its teenage and young adult years—what is now referred to as its “classical” period—physics made a lot of mistakes.

In the old physics, mass and energy were separately conserved; particles’ positions and momenta could be arbitrarily specified; gravity acted instantaneously at a distance; the equality of gravitational and inertial mass was just a coincidence; and there was no speed limit. All these ideas and assumptions are now known to be in some way untenable. They're either inaccurate or theoretical dead-ends.

To put it plainly, classical physics is wrong. As such, there's really only one thing to do—physicists have since abandoned the old, mistaken ideas, right? It's reminiscent of how doctors discarded the system of humors, chemists chucked out phlogiston, and astronomers turned away from astrology and geocentrism.

Read 57 remaining paragraphs | Comments

NAS and storage server manufacturer Synology sends word this afternoon that they are informing their customers of a currently ongoing and dangerous ransomware attack that is targeting Synology devices.

Dubbed SynoLocker, the ransomware is targeting Internet-exposed Synology servers and utilizing a hereto-unknown exploit to break in to those systems. From there SynoLocker engages in a Cryptolocker-like ransom scheme, encrypting files stored on the server and then holding the key ransom. The attackers are currently ransoming the key for 0.6 Bitcoins (roughly $350 USD), a hefty price to pay to get your files back.

At this time only a portion of Synology servers are affected. Along with being Internet-exposed, Synology has confirmed that SynoLocker attacks servers running out of date versions of DSM 4.3 (Synology’s operating system). Meanwhile they are still researching as to whether the newer DSM 5.0 is affected as well.

With Synology still isolating the vulnerability and affected software versions, the company is asking users to take precautions to secure their servers against SynoLocker. Along with removing external Internet access to the server, Synology is also suggesting all users upgrade their DSM to the latest version and backup all of their data so that if they have or do get it, a backup copy is safe from SynoLocker.

Lovely. My @Synology NAS has been hacked by ransomware calling itself Synolocker. Not what I wanted to do today. pic.twitter.com/YJ1VLeKqfY

— Mike Evangelist (@MikeEvangelist) August 3, 2014

Meanwhile for those users whose servers have been infected, Synology is advising users to immediately shutdown their servers to prevent any further files from being encrypted and to contact Synology support about the issue. Synology is also suggesting that affected users also be on the lookout for fake Synology emails, out of a concern that the ransomware authors may follow up by hitting the infected users with spear phising attacks.

It goes without saying that while Cryptolocker and its ransomware ilk are already dangerous pieces of malware, SynoLocker is especially dangerous due to the larger quantity of data stored on a dedicated storage server compared to an average client machine or workstation, along with the potential value of the information stored on such a server. Furthermore whereas Cryptolocker is principally a “pull” attack delivered via Trojans (drive-bys, phishing, and otherwise), SynoLocker is a “push” attack that is capable of reaching out and directly infecting vulnerable servers without any human intervention.

Finally, Synology tells us that they are hoping to finish identifying which versions of DSM are affected this evening. They are also hoping to have a resolution, though admittedly if SynoLocker is as effectively implemented as Cryptolocker, then there is a distinct possibility that there may be no way to recover the ransomed data other than paying.

We will update this article once we hear more from Synology.

Update (08/05/2014):

Synology has finished analyzing the exploit and confirmed which versions of DSM are vulnerable. The vulnerability in question was patched out of DSM in December of 2013, so only servers running significantly out of date versions of DSM appear to be affected.

In summary, DSM 5.0 is not vulnerable. Meanwhile DSM 4.x versions that predate the vulnerability fix – anything prior to 4.3-3827, 4.2.3243, or 4.0-2259 – are vulnerable to SynoLocker. For those systems that are running out of date DSM versions and have not been infected, then updating to the latest DSM version should close the hole.

As for systems that have been infected, Synology is still suggesting that owners shut down the device and contact the company for direct support.

Full SynoLocker ransom message, courtesy the Synology German User forum (via CSO)

SynoLocker™
Automated Decryption Service

All important files on this NAS have been encrypted using strong cryptography.

List of encrypted files available here.

Follow these simple steps if files recovery is needed:

• Download and install Tor Browser.
• Open Tor Browser and visit http://cypherxffttr7hho.onion. This link works only with the Tor Browser.
• Login with your identification code to get further instructions on how to get a decryption key.
• Your identification code is - (also visible here).
• Follow the instructions on the decryption page once a valid decryption key has been acquired. 

Technical details about the encryption process:

• A unique RSA-2048 keypair is generated on a remote server and linked to this system.
• The RSA-2048 public key is sent to this system while the private key stays in the remote server database.
• A random 256-bit key is generated on this system when a new file needs to be encrypted.
• This 256-bit key is then used to encrypt the file with AES-256 CBC symmetric cipher.
• The 256-bit key is then encrypted with the RSA-2048 public key.
• The resulting encrypted 256-bit key is then stored in the encrypted file and purged from system memory.
• The original unencrypted file is then overwrited with random bits before being deleted from the hard drive.
• The encrypted file is renamed to the original filename.
• To decrypt the file, the software needs the RSA-2048 private key attributed to this system from the remote server.
• Once a valid decryption key is provided, the software search each files for a specific string stored in all encrypted files.
• When the string is found, the software extracts and decrypts the unique 256-bit AES key needed to restore that file.

Note: Without the decryption key, all encrypted files will be lost forever.
Copyright © 2014 SynoLocker™ All Rights Reserved.

EFF

Patent litigation reform failed to pass Congress this year, but the issue of "patent trolls"—paper companies that do nothing but sue over patents—received unprecedented attention. Activist groups that have been long focused on the issue, like the Electronic Frontier Foundation, don't want the public pressure to let up.

Hence, EFF's newest patent campaign: the group will be announcing a "Stupid Patent of the Month." For August, the group has nominated US Patent No. 8,762,173, titled “Method and Apparatus for Indirect Medical Consultation.” The patent issued in June, and it dates back to an original filing in 2007.

A blog post by EFF lawyer Vera Ranieri, supplies a legalese-free description of just what the now-monopolized method is:

Read 7 remaining paragraphs | Comments

The Robert E. Coyle Federal Courthouse in Fresno is the site of a significant portion of the nation's laser strike cases. Cyrus Farivar

On Monday, a federal court in Central California sentenced a 26-year-old to one year and nine months in prison for firing two different laser pointers at a Kern County Sheriff’s Office helicopter over a six month period in 2013.

The man, Brett Lee Scott of Buttonwillow, took a plea deal with federal prosecutors according to a May 5, 2014 court filing. Scott explained his actions by saying that he was “bored.”

It may seem like a silly thing, but laser strikes against planes, helicopters, and other aerial vehicles have become an increasing epidemic nationwide. Since the FBI began keeping track in 2005, there have been more than 17,000 laser strikes—one-fifth (3,960) in 2013 alone. During the first three months of 2014, the FBI reported an average of 9.5 incidents daily.

Read 5 remaining paragraphs | Comments