The Pwn Pro, Pwnie Express' newest network penetration tool, is designed to provide long-term persistent testing of an organization's information security. Sean Gallagher

At Black Hat and Def Con earlier this month, the penetration testing tool makers at Pwnie Express unveiled two new products aimed at extending the company's reach into the world of continuous enterprise security auditing. One, the Pwn Pro, is essentially a souped-up version of Pwnie Express' Pwn Plug line of devices; the other, Pwn Pulse, is a cloud-based software-as-a-service product that provides central control of a fleet of Pwn Pro “sensors.” Combined, the two are a whitehat’s personal NSA—intended to discover potential security problems introduced into enterprise networks before someone with malevolent intent does.

While Ars was given a brief look at the new products in Las Vegas, we’ll be conducting a more intensive, full review of Pwn Pro and Pwn Pulse in the near future. Rest assured that our review will be heavily informed by our experience with the Pwn Plug 2. But despite our somewhat brief experience with the new products, it’s not a stretch to say that they are a significant upgrade to Pwnie’s previous capabilities.

First, some full disclosure: Ars has worked in the past with Pwnie Express Chief Technology Officer Dave Porcello. Specifically, Porcello helped us turn a Pwn Plug R2 into a miniature deep packet inspection machine during our collaboration with NPR. After that experience, we purchased a Pwn Plug R2 of our own to continue to perform vulnerability testing in our own lab. That means we have more than a passing familiarity with the team behind the Pwn products, but it also means we’ve put some mileage on the technology that underlies them as well.

Read 12 remaining paragraphs | Comments

A coronavirus, thanks to proteins studding its surface, latches on to a cell. NIH

Middle Eastern Respiratory Syndrome (MERS) is a viral respiratory illness that is caused by the coronavirus MERS-CoV, and it currently has a 36 percent fatality rate in humans. Research suggests that MERS-CoV most likely originated in bats and was then transmitted to humans.

Bats are hosts to a number of coronaviruses, and other such coronaviruses could also pose a risk to human health if transmitted across species boundaries. To predict the potential of these coronaviruses to infect humans requires an understanding of how they managed to jump species-barriers, adapting to human cells and becoming infectious. In this regard, MERS-CoV could provide valuable information.

Viruses infect cells by binding to their surfaces and inserting their genetic material into them; the genetic material then hijacks the host cell to make new copies of the virus. In the case of MERS-CoV, spiked proteins on the envelope of the virus are necessary for entry into cells. The spiked proteins are thought to bind a human protein called dipeptidyl peptidase 4 (DPP4); bats have their own version called bDPP4. A recent investigation has explored how MERS-CoV and other bat coronaviruses interact with DPP4.

Read 7 remaining paragraphs | Comments

The Ohio Statehouse in Columbus. Joseph

Science educators have recognized that teaching science as a large compendium of facts, without reference to the scientific process and theories that bind them together, simply leads to uninterested and uninformed students. So it's a bit mind-boggling to discover that an Ohio state legislator is attempting to block educators from teaching anything about the scientific process. And for good measure, the bill's sponsor threw politics and creationism into the mix.

The bill, currently under consideration by the Ohio Assembly, is intended to revoke a previous approval of the Common Core educational standards, which target math and literacy. However, the bill's language also includes sections devoted to science and social studies. And the science one is a real winner:

The standards in science shall be based in core existing disciplines of biology, chemistry, and physics; incorporate grade-level mathematics and be referenced to the mathematics standards; focus on academic and scientific knowledge rather than scientific processes; and prohibit political or religious interpretation of scientific facts in favor of another.

Specifically prohibiting a discussion of the scientific process is a recipe for educational chaos. To begin with, it leaves the knowledge the kids will still receive—the things we have learned through science—completely unmoored from any indication of how that knowledge was generated or whether it's likely to be reliable. The scientific process is also useful in that it can help people understand the world around them and the information they're bombarded with; it can also help people assess the reliability of various sources of information.

Read 4 remaining paragraphs | Comments

Purple Wyrm

As many as 17,000 red-light camera fines are being dismissed in New Jersey because a glitch prevented motorists from being notified of their citations. The infractions in 17 New Jersey towns are being forgiven because American Traffic Solutions, the company handling the fines, did not send out notices to affected motorists within 90 days following the issuance of a citation, the authorities said.

"This wasn't 5 or 10 or even a couple of hundred instances. This total breakdown affected almost 17,000 motorists," Assemblyman Declan O'Scanlon told the Star Ledger. The affected citations were issued May 28 through June 30.

New Jersey's snafu is the latest in a string of debacles associated with the rise of traffic-ticketing machines.

Read 6 remaining paragraphs | Comments

Free Press

For the past couple of years, Comcast has been trying to convince journalists and the general public that it doesn’t impose any “data caps” on its Internet service.

That’s despite the fact that Comcast in some cities enforces limits on the amount of data customers can use and issues financial penalties for using more than the allotment. Comcast has said this type of billing will probably roll out to its entire national footprint within five years, perhaps alongside a pricier option to buy unlimited data.

“There isn't a cap anymore. We're out of the cap business,” Executive Vice President David Cohen said in May 2012 after dropping a policy that could cut off people's service after they use 250GB in a month. Comcast's then-new approach was touted to "effectively offer unlimited usage of our services because customers will have the ability to buy as much data as they want."

Read 18 remaining paragraphs | Comments

Pokken Fighters debut trailer.

Two years ago, when we first heard that Namco Bandai would be helping out with the development on Nintendo's next Super Smash Bros., we had a hard time believing that it would be a one-off affair. Our suspicions were confirmed on Tuesday with the announcement of Pokkén Fighters, a 3D fighting game starring Pokémon monsters that sees Bandai Namco once again taking the design reigns.

As the title's odd word combination suggests, the game will drop Pokémon characters into a Tekken-style fighting system. The debut trailer made that apparent with 3D characters squaring off in a 2D, side-scrolling manner, and it showed the characters Lucario and Machoke trading blows. Like in Tekken, this combat focused on melee attacks as opposed to the magical, elemental attacks that characters like Pikachu and Charmander are famous for.

We're fine with the lack of precocious Pokémon trainers standing nearby while shouting for their precious friends to use magical powers, but the development team, reportedly led by both Tekken mastermind Katsuhiro Harada and Soul Calibur chief Masaaki Hoshino, will have a tough task if it expects to make a non-magical Pokémon fighting game. The announcement pointed to a release in Japanese arcades in 2015, and the American arm of Pokémon reposted the video with no clarification about whether to expect the game on other platforms or other territories in the near future.

Read on Ars Technica | Comments

The Tegra 4i was one of the first to use the modem technology acquired by Nvidia when it bought Icera. Nvidia

Qualcomm is the biggest chipmaker in the mobile industry today, and it looks like at least one company isn't happy about it. Reuters today reported that the EU is preparing to open an antitrust investigation of Qualcomm, according to "people familiar with the matter." The probe was triggered in part by a modem company named Icera, which complained in June of 2010 that Qualcomm was using its market position to hamstring competitors. Qualcomm is currently under investigation in China because of similar allegations that it is "overcharging and abusing its market position."

Whatever phone you're using, the odds are pretty good that your smartphone includes one or more Qualcomm chips. The last few iPhone generations have all used Qualcomm modems and transceivers alongside Apple's SoCs. Most high-end Android handsets (and, increasingly, many budget handsets) in established markets use Qualcomm SoCs, even when they use other chips in other territories. Windows Phone 8 and BlackBerry 10 handsets use Qualcomm chips almost exclusively, in part because Qualcomm is a large company capable of giving phone makers plenty of support. When chipmakers become this powerful, it becomes easier for them to abuse that power.

Icera was purchased by Nvidia in 2011, and Nvidia now uses Icera's "soft modems" in a few of its chips—many modems need to be built specifically to accommodate wireless bands used by different wireless operators in different countries, but Icera's and Nvidia's modems can be programmed to support different bands without requiring separate hardware configurations for different markets. Qualcomm's modem technology (and its often-close integration with its Snapdragon CPUs and Adreno GPUs) is one of the reasons why the company's hardware is used so widely in phones and tablets.

Read 2 remaining paragraphs | Comments

Google's Android One slide from I/O 2014 (with edits). Google/Ron Amadeo

The Economic Times is reporting that Android One, Google's initiative for "high-quality, affordable" smartphones, will be ready to launch in India "early next month." Android One was announced at Google I/O as a plan to work with OEMs in developing markets to build devices costing less than $100.

The report says the project will be ready to go in just a few weeks, but that Google will miss its "under $100" price target, as the device is expected to cost between Rs 7,000 ($115) and Rs 10,000 ($165). Android One will have Google build reference devices and provide OEMs with a "turnkey solution" to make a phone. Google also handles software, using stock android and automatic updates. Indian OEMs Micromax, Karbonn, and Spice are onboard.

With something like 84-percent market share worldwide and a billion active Android users, Google's next focus is on getting people that don't normally use smartphones to use smartphones. Android One is launching in India first, and if the program proves successful, the plan is to roll it out to other countries.

Read 3 remaining paragraphs | Comments

Jawbone's graph of users who were woken up by the earthquake in California early Sunday. Jawbone

Wearable computing company Jawbone released a graph on Monday showing its users being woken up by the 6.0-magnitude earthquake centered in the Napa Valley region of California on Sunday morning. 120 people were injured, a lot of wine went to waste, and a few people wearing Jawbone's Up fitness bands lost some sleep, according to a huge spike in the percentage of users who were up and moving in affected regions at about 3:20am (close to 80 percent in Berkeley, Vallejo, and Napa Valley itself).

The graph accurately plots the nexus of the earthquake, with smaller spikes of activity in more distant regions, including San Francisco and Oakland (around 60 percent of users), Sacramento and San Jose (25 percent), and Modesto and Santa Cruz, with only a tiny bump of a few percent from the baseline. Together, the locations form a basic map of the earthquake's reach, not dependent on scientific measurements and existing equipment waiting for a disaster, but just a large, distributed population wearing tracking devices.

The Up bands don't collect location data themselves, so they can't pinpoint where a user was asleep with perfect certainty. Rather, the data is based on the locations logged by the app used to store users' information, which always records a user's location when the app is opened.

Read 5 remaining paragraphs | Comments

Aurich Lawson

As opposed to our last edition, this month's System Guide catches the market in a bit of a lull.

Next-generation GPUs and SSDs have yet to arrive, and the same story goes for CPUs from both AMD and Intel. While a few refreshed versions of existing products are floating around, most of the changes in this update are fairly minor. Even at the high end, things like 4K (3840×2160, aka "UltraHD" or UHD) monitors seem to be caught between major improvements at the moment.

Minor, of course, is relative. As always, much of system building is in the details—and some of those changes are worth paying attention to. So we'll continue to focus more on the tangible benefits for the System Guide: better overall performance and performance for your dollar (aka value) while trying to stay within the average enthusiast's budget for a new system.

Read 216 remaining paragraphs | Comments

On Monday, California Governor Jerry Brown signed into law a piece of legislation mandating that all smartphones come with kill-switch software automatically installed so that a user can remotely wipe his or her device if it gets stolen. The bill will affect all smartphones manufactured after July 1, 2015 to be sold in California.

After that date, new smartphones will prompt users to set up a wiping feature, but users will be able to opt out as well. As part of the legislation, anyone caught selling stolen phones will be fined a civil penalty of between $500 and $2,500.

As Ars noted two weeks ago when the bill passed the state senate, the legislation's supporters included the cities of Los Angeles, Oakland, San Diego, and San Francisco, as well as several consumer unions, police groups, and the Utility Reform Network. Its opponents included a couple of municipal Chambers of Commerce, the wireless industry lobby CTIA, and the Electronic Frontier Foundation.

Read 3 remaining paragraphs | Comments

Rumors about the next major version of Windows continue to trickle out in the run up to an anticipated public preview in September.

Neowin reports that internal builds of the operating system currently sport a one-click upgrade feature to update from one build to the next. While there's no guarantee that such a feature will necessarily ship, it would be consistent with Microsoft's move to more rapid releases and continuous improvement rather than infrequent major updates.

Currently, upgrading Windows is a major undertaking. During betas and previews, there's often no good ability to move from one build to the next without performing a full reinstall. Even when moving between stable versions, upgrading can be failure-prone and time-consuming. While it's possible that the upgrade capability will be limited to previews, it looks like a strong indication that Microsoft wants to make this process easier.

Read 4 remaining paragraphs | Comments

A timeline comparison between a simple streaming game server setup (left) and the DeLorean system with predictive modeling (right) Microsoft Research

No matter how fast your Internet connection is, streaming game services like OnLive and PlayStation Now always bump up against a hard latency limit based on the total round-trip time (RTT) it takes to send user input to a remote server and receive a frame of game data from that server. The hope for these systems is that broadband speeds and server connections will eventually improve enough so that trip is quick, to the point of being nearly unnoticeable for end users. Until then, a team at Microsoft research seems to have done an end run around the RTT latency limit, using predictive modeling to improve apparent performance even when the server trip takes a full quarter of a second.

Late last week, Microsoft released a paper detailing the development and testing of DeLorean, a system that uses a number of techniques to mask the inherent latency between the server running a streaming game and the user giving inputs at home. The main technique involves future input prediction: by analyzing previous inputs in a Markov chain, DeLorean tries to predict the most likely choices for the user's next input (or series of inputs) and then generates speculative frames that fit those inputs and sends them back to the user.

By the time those predicted frames get back to the user, the system can see which input was actually entered, then immediately show the appropriate predicted frame for that situation rather than waiting for another round-trip to the server. The DeLorean system also improves performance by "supersampling" inputs at a faster rate than the game normally does, and it applies a Kalman filter to reduce the shakiness of the predicted frames.

Read 5 remaining paragraphs | Comments

Trevor Paglen

According to newly published documents, the National Security Agency has built a “Google-like” search interface for its vast database of metadata, and the agency shares it with dozens of other American intelligence agencies. The new documents are part of the Snowden leaks and were first published on Monday by The Intercept.

The new search tool, called ICREACH, is described in an internal NSA presentation as a “large scale expansion of communications metadata shared with [intelligence community] partners.” That same presentation shows that ICREACH has been operational since the pilot launched in May 2007. Not only is data being shared to more agencies, but there are more types of such data being shared—ICREACH searches over 850 billion records.

New data types being shared include IMEI numbers (a unique identifier on each mobile handset), IMSI (another unique identifier for SIM cards), GPS coordinates, e-mail address, and chat handles, among others. Previously, such metadata was only limited to date, time, duration, called number, and calling number.

Read 17 remaining paragraphs | Comments

Microsoft has cut $100 off the price of its Surface 2 Windows RT tablets. This puts the cheapest 32GB unit at $349, the 64GB unit at $449, and the 64GB model with LTE version at $579. With the price cut, the 32GB 1920×1080 Microsoft tablet is priced below all but the 16GB non-Retina iPad mini.

The discounts are available through Microsoft's physical and online stores, as well as through some other retailers such as Amazon. The price cuts are described as being for a limited time only, expiring on September 27 or "while stocks last." Microsoft is also limiting buyers, rather optimistically, to a maximum of five discounted units per purchase.

While Surface 2's x86 sibling, the Surface Pro 2, was replaced unexpectedly by the Surface Pro 3, the Surface 2 has been largely unaltered since its introduction last October. The only change Microsoft has made was to add a third model with integrated LTE.

Read 4 remaining paragraphs | Comments

Ron Amadeo

Can you guess which one is a Verizon exclusive?

6 more images in gallery

.related-stories { display: none !important; }

A key goal with Microsoft's massive Windows Phone 8.1 update was to make Windows Phone easier for OEMs to put onto hardware by ditching the requirements for special hardware buttons.

Specs at a glance: HTC One (M8) for Windows Screen 1920×1080 5" (440 PPI) IPS LCD Gorilla Glass 3 touchscreen OS Windows Phone 8.1 Update CPU 2.3GHz quad-core Snapdragon 801 RAM 2GB GPU Adreno 330 Storage 32GB Networking 2.4GHz/5GHz 802.11a/b/g/n/ac, Bluetooth 4.0 LE, GPS, GLONASS Cellular GSM/GPRS/EDGE (850/900/1800/1900MHz), HSPA+ (850/900/1900/2100MHz), CDMA (800/1900MHz), LTE (Bands 3,4,7,13) Ports Micro-USB, headphones, microSD Camera Rear: 4MP "UltraPixel", 1/3" sensor, f/2.0 aperture, 28 mm lens, 1080p video, depth sensorFront: 5MP, wide angle, 1080p video Sensors Accelerometer, gyroscope, digital compass, proximity sensor, ambient light sensor, NFC Size 146.4 mm × 70.6 mm × 9.4 mm Weight 160 g Battery 2600 mAh

By moving to on-screen buttons, the same basic hardware can be used for both Android and Windows Phone. Combine that with the new zero-dollar licensing for Windows Phone, and creating Windows Phone hardware should be a no-brainer for phone OEMs: design one piece of hardware and sell it with two different operating systems.

The first phone we saw to take advantage of this wasn't, in fact, an Android handset. It was Nokia's low-end Lumia 630. While this was Android-spec hardware, with on-screen buttons and without the characteristic Windows Phone camera button, it was a phone that was designed from the outset for Windows Phone.

Read 51 remaining paragraphs | Comments

Update: Amazon has officially purchased Twitch.tv for $970 million. In Twitch's announcement of the deal, CEO Emmett Shear repeatedly thanked the Twitch community for helping build the company, and that "with Amazon’s support we’ll have the resources to bring you an even better Twitch." The letter states that Twitch will be "keeping most everything the same," and that Twitch will remain independent from Amazon. Any big deal like this takes time, and according to Amazon's press release, the acquisition is expected to close in the second half of this year.

Jeff Bezos, founder and CEO of Amazon gave a quote about the deal, saying “Like Twitch, we obsess over customers and like to think differently, and we look forward to learning from them and helping them move even faster to build new services for the gaming community.”

So what happened to the Google deal? A report from Forbes, Google was concerned about possible anti-trust problems that would arise from the deal, and Google and Twitch couldn't come to an agreement on the size of a breakup fee if the deal was killed.

Read 8 remaining paragraphs | Comments

Lawyers trying to get the Supreme Court to reverse a four-year prison term handed to a Pennsylvania man who published violent rap-style Facebook rants told the high court that his client was charged, in part, for referencing an Eminem song.

In the high court's upcoming term, the justices will hear arguments on the legal parameters of online speech, when a threat becomes deemed a "true threat" and not protected by the First Amendment. Defendant Anthony Elonis' 2010 Facebook rants concerned attacks on an elementary school, his estranged wife, and even the FBI.

His attorneys and other scholars who have weighed in suggest that the defendant, who was going through a divorce, was taking out his anger in a manner similar to the lyrics in rap music. He never intended to carry out any threats he posted on Facebook, they argue.

Read 11 remaining paragraphs | Comments

The two Galileo FOC satellites 'Doresa' and 'Milena' being installed on the payload dispenser system earlier this month. These two satellites were launched into incorrect orbits, and their fate is being decided by officials in Europe and French Guiana. ESA/CNES/Arianespace/Optique Vidéo du CSG - P Baudon

Two fully operational satellites, which were intended to become a part of Europe's Galileo global positioning system, were launched into incorrect orbits this weekend. The Galileo project was conceived as a way for Europe to cut its dependence on the US' GPS and Russia's GLONASS.

Officials from Arianespace, the company charged with launching the satellites, initially thought everything was done correctly. But according to the Wall Street Journal, two hours after launch it became clear that the two new additions to the Galileo network were in an elliptical, rather than a circular, orbit.

Galileo has been many years in the making, and it will cost the European Commission more than €10 billion ($13.3 billion).

Read 5 remaining paragraphs | Comments

T-Mobile US CEO John Legere. T-Mobile

Now that Sprint and T-Mobile US are no longer planning to merge and may also be prevented from teaming up to purchase spectrum, the companies are focusing on a new tactic: competing against each other.

Sprint announced new 20GB family plans last Monday and then on Thursday unveiled a $60-per-month unlimited data plan, calling it "a $20 savings compared to T-Mobile's $80 per month unlimited plan." While that's true, the Sprint plans do not include personal hotspot service and thus could end up costing more than T-Mobile for customers who intend to share their phones' Internet connections with other devices.

The $60 unlimited plan is for new or existing Sprint customers who bring their own device, buy one at full retail price, or pay on Sprint's Easy Pay two-year installment plan.

Read 7 remaining paragraphs | Comments