ARS Technica
This thumbdrive hacks computers. “BadUSB” exploit makes devices turn “evil”
When creators of the state-sponsored Stuxnet worm used a USB stick to infect air-gapped computers inside Iran's heavily fortified Natanz nuclear facility, trust in the ubiquitous storage medium suffered a devastating blow. Now, white-hat hackers have devised a feat even more seminal—an exploit that transforms keyboards, Web cams, and other types of USB-connected devices into highly programmable attack platforms that can't be detected by today's defenses.
Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices.
"Please don't do anything evil""If you put anything into your USB [slot], it extends a lot of trust," Karsten Nohl, chief scientist at Security Research Labs in Berlin, told Ars. "Whatever it is, there could always be some code running in that device that runs maliciously. Every time anybody connects a USB device to your computer, you fully trust them with your computer. It's the equivalent of [saying] 'here's my computer; I'm going to walk away for 10 minutes. Please don't do anything evil."
Read 10 remaining paragraphs | Comments
Aereo imitator lashes out at judge who fined him $90,000 for continuing to operate
After TV-over-Internet company Aereo lost its case against TV broadcasters at the Supreme Court, it quickly shut down. But a less high-profile company engaged in a similar type of video-on-demand service, FilmOn, just kept on going.
Now that decision is coming back to bite FilmOn and its eccentric owner, Alki David. FilmOn and David were slapped with a $90,000 contempt order on Friday—$10,000 for each day that it kept distributing network TV channels.
This isn't the first time FilmOn and David have tried to piggy-back on the strategy of another would-be TV-over-Internet pioneer. When an earlier company called ivi TV tried to fight in court to get Internet broadcasts defined as a "cable system," that legal argument was shot down. FilmOn surprised ivi TV's founder by pursuing that same legal strategy at the same time. But it didn't work.
Read 15 remaining paragraphs | Comments
Samsung sees profits slip in Q2 as demand for smartphones stagnates
Samsung released its Q2 financial statements in South Korea on Thursday, and while the company turned a net profit to the tune of 6.25 trillion Korean won ($6.1 billion), that number represented a decline of 19.6 percent from a year earlier.
In a statement, Samsung said that the weak quarter was the result of slowing demand for smartphones and tablets, which led to increased marketing expenditures to reduce inventory. “Amid low seasonality, Smartphone demand remained flat [quarter-over-quarter] while [it] declined slightly QoQ for Tablet,” a Samsung presentation read (PDF). Samsung ships more smartphones than any other country in the world, and the company wrote that “slower demand for mobile devices also impacted Samsung’s logic chip business or System LSI.”
In addition to the slowed market growth, Samsung also said that the appreciation of Korea's currency played a part in eroding some of the company's profit. As the won strengthened, the company was able to bring back less of the revenue it made off consumers in foreign markets.
Read 3 remaining paragraphs | Comments
Woman files $123M suit against Facebook over photoshopped nude photos
Houston woman Meryem Ali has filed a $123-million lawsuit against both Facebook and a former friend who posted a picture of her on an "imposter" Facebook profile under her name, according to Texas Lawyer.
Photographs "that depict the true face of plaintiff" were altered with Photoshop and "attached to false, phony, naked body shots, and at least one pose where there is plaintiff in a graphic pornographic-like photo," states the complaint, which was filed on July 25 in Harris County.
"These phony photos falsely and maliciously depicted plaintiff in a clearly derogatory and false light ... as some overly bold and overly aggressive sexual person, which plaintiff in fact and truth is not," writes Ali's lawyer.
Read 7 remaining paragraphs | Comments
Inside Citizen Lab, the “Hacker Hothouse” protecting you from Big Brother
It was May of 2012 at a security conference in Calgary, Alberta, when professor Ron Deibert heard a former high-ranking official suggest he should be prosecuted.
This wasn't too surprising. In Deibert's world, these kinds of things occasionally get whispered through the grapevine, always second-hand. But this time he was sitting on a panel with John Adams, the former chief of the Communications Security Establishment Canada (CSEC), the National Security Agency's little-known northern ally. Afterward, he recalls, the former spy chief approached and casually remarked that there were people in government who wanted Deibert arrested—and that he was one of them.
Adams was referring to Citizen Lab, the watchdog group Deibert founded over a decade ago at the University of Toronto that's now orbited by a globe-spanning network of hackers, lawyers, and human rights advocates. From exposing the espionage ring that hacked the Dalai Lama to uncovering the commercial spyware being sold to repressive regimes, Citizen Lab has played a pioneering role in combing the Internet to illuminate covert landscapes of global surveillance and censorship. At the same time, it's also taken the role of an ambassador, connecting the Internet's various stakeholders from governments to security engineers and civil rights activists.
Read 41 remaining paragraphs | Comments
Report: No new Apple TV coming this year after all
Those hoping for a refreshed Apple TV box this year might need to keep on waiting, according to a new report from The Information (subscription required). Apple reportedly wants to launch new hardware with a revamped user interface that gives users access to both broadcasts and streaming content. However, the company's efforts to procure this additional content are apparently being held up by "cable companies 'dragging their heels'," the proposed merger of Comcast and Time Warner Cable, and other external factors.
The Information's sources say that Apple engineers are now being told to work "off of timelines that assume a launch next year," which contradicts previous rumors that said we could expect a new Apple TV in 2014. The first reports claimed that a new box would be released in the first half of 2014, which has already come and gone, and later rumors said "by Christmas."
In addition to a new interface and a deeper well of content to draw from, other rumors have suggested that Apple could position a new Apple TV box as a mini-game console or that it could serve as a hub for Apple's recently announced HomeKit initiative. While Apple continues to work behind the scenes on its next set-top box, the current Apple TV is competing against an ever-growing list of competitors, including the Roku, Amazon's Fire TV, and Google's Chromecast and upcoming Android TV operating system.
Read 1 remaining paragraphs | Comments
FCC chair accuses Verizon of throttling unlimited data to boost profits
FCC Chairman Tom Wheeler is not happy about Verizon Wireless' announcement that it will throttle 4G users with unlimited data plans. While he didn't go quite so far as to accuse Verizon of breaking FCC rules, he told the company that it needs to justify its policy.
Verizon's plan to slow down its heaviest data users when they connect to congested cell sites isn't surprising—other carriers do it too. But Verizon said it would only apply the policy to users who are no longer under contract and still have grandfathered unlimited data. In other words, the policy may help Verizon push customers onto newer, pricier plans with limited data and overage charges.
Wheeler wrote in a letter (PDF) to Verizon Wireless CEO Daniel Mead that he is "deeply troubled" by Verizon's policy.
Read 8 remaining paragraphs | Comments
Virgin Mobile lets you save money on your social media-obsessed teens
Virgin Mobile has unveiled a new prepaid plan that allows its users to tailor their Internet use for specific applications for just $5 per month on top of a $7 monthly base fee that covers just 20 texts and 20 minutes of talk time. The plan will only be available at Walmart stores starting August 9.
Like many other new, non-traditional cell plans, Virgin Mobile Custom, which debuted Wednesday, requires the use of a custom version of Android that comes pre-installed on certain handsets, including the ZTE Emblem, the LG Pulse, and the LG Unify.
While this type of plan may not be appealing for data-heavy users, it could work well for parents of heavy Facebook users (read: teens), who are interested in little else online. App-specific add-ons (each for an additional $5 per month) are available for a handful of apps, including Pinterest, Instagram, Facebook, Pandora, and a few others. However, adding on more than a few apps puts the user far closer to Virgin’s normal unlimited text and data plan, which starts at $35 per month.
Read 4 remaining paragraphs | Comments
Comcast customer pulled gun on technician after objecting to bill, police say
Installation fees have caught many cable customers by surprise, but rarely do service calls end with a customer stealing a technician's tools and whipping out a firearm.
But that's just what happened Monday in Albuquerque, New Mexico, when a Comcast worker went to the home of Gloria Baca-Lucero, according to a criminal complaint filed in Bernalillo County Metropolitan Court.
"Baca-Lucero, 48, was charged with aggravated assault with a deadly weapon Monday and booked into jail," the Albuquerque Journal reported today. "She was released later that day."
Read 11 remaining paragraphs | Comments
Amazon tries to argue for its Hachette stonewall with math
As the war between Amazon and Hachette carries on, the Amazon Books team released a longer explanation Tuesday of what it's trying to accomplish by stonewalling the publisher. The gist of Amazon's claims is that e-books need to be cheaper because cheaper books sell more volume, resulting in a larger "total pie" that gets consumers lower prices.
The New York Times first highlighted Amazon's interference with Hachette book sales at the end of May, which involved the company systematically making books unavailable or shipping them very slowly. Hachette has yet to mount a formal defense for holding the line on what was long suspected to be e-book price fixing on Amazon's store. The public has tended to take Hachette's side.
Meanwhile, Amazon has already defended its actions in a forum post, saying that "stocking and assortment decisions" based on publisher relationships are typical for a retailer. In Hachette's case, Amazon implied, it doesn't seem fit to bestow the publisher with shipments or good featured placement on its virtual shelves. In the meantime, Amazon encouraged readers to buy Hachette books elsewhere or even get them secondhand. "If you order 1,000 items from Amazon, 989 will be unaffected by this interruption," the company wrote in May.
Read 5 remaining paragraphs | Comments
UK green-lights driverless car tests in 2015 in a few cities
Following the lead of the United States, the United Kingdom has announced that it will allow driverless cars to be tested on British roads starting in January 2015.
In a Wednesday announcement, the UK Department of Transportation said that up to three cities would be selected to host trials. They will be awarded a total of nearly $17 million to cover the costs of such tests.
“Driverless cars have huge potential to transform the UK’s transport network—they could improve safety, reduce congestion and lower emissions, particularly CO2,” Transport Minister Claire Perry said in a statement. “We are determined to ensure driverless cars can fulfill this potential, which is why we are actively reviewing regulatory obstacles to create the right framework for trialling these vehicles on British roads.”
Read 2 remaining paragraphs | Comments
ICANN to plaintiffs: No, you can’t have all of Iran’s domains
The global body in charge of domain names, the Internet Corporation for Assigned Names and Numbers (ICANN), has asked a federal court to prevent the handover of the country code top-level domain names (ccTLD) of North Korea, Syria, and Iran as part of a terrorism lawsuit dating back over a decade. Those would include the .KP, .SY and .IR names.
The case, formally known as Rubin et al v. Islamic Republic of Iran et al, goes back to a 1997 suicide bombing that took place in Jerusalem. Four Americans were injured in the attack, for which Hamas claimed responsibility. Given that Iran has supported, and continues to support, Hamas in its resistance against Israel, the plaintiffs sued the Islamic Republic, arguing that the Iranian government actually was liable.
It’s unclear why exactly the plaintiffs also seek the Syrian and North Korean ccTLDs as part of this lawsuit. Neither ICANN’s attorneys nor the plaintiffs' attorneys immediately responded to Ars’ request for comment.
Read 4 remaining paragraphs | Comments
Sea level rise causing huge increases in “nuisance flooding”
The warming of the planet is driving ocean levels upward through two processes: the melting of land-based ice and the thermal expansion of the water in the oceans. Due to the vast energies involved, both of these processes are slow, so the ocean levels have only been creeping up a few millimeters a year. That slow pace makes it difficult for anyone to perceive the changes.
But it's clear that those changes are taking place. In the latest indication, the National Oceanic and Atmospheric Administration (NOAA) has compiled data on what it calls "nuisance floods," cases where coastal communities have to deal with flooding as a result of high tides or minor storms. Over the last 50 years, instances of these floods along the East Coast have gone up by anywhere from 300 to 900 percent.
On the rare occasions where sea level rise reaches the public's consciousness, it's typically as a result of a catastrophic event like Hurricane Sandy. Sea level rise does exacerbate these events, as the flooding reaches higher levels and extends over a wider area than it would have a century earlier. But the rarity and magnitude of catastrophes like these make it difficult for people to associate them with a gradual process. At the same time, the immediate effect of the process itself—high tides being about an inch higher every decade—is difficult for humans to perceive. As NOAA's new report puts it, "neither changes in tidal datum elevations nor rare-event probabilities are readily apparent to the casual observer."
Read 7 remaining paragraphs | Comments
Active attack on Tor network tried to decloak users for five months
Officials with the Tor privacy service have uncovered an attack that may have revealed identifying information or other clues of people operating or accessing anonymous websites and other services over a five-month span beginning in February.
The campaign exploited a previously unknown vulnerability in the Tor protocol to carry out two classes of attack that together may have been enough to uncloak people using Tor Hidden Services, an advisory published Wednesday warned. Tor officials said the characteristics of the attack resembled those discussed by a team of Carnegie Mellon University researchers who recently canceled a presentation at next week's Black Hat security conference on a low-cost way to deanonymize Tor users. But the officials also speculated that an intelligence agency from a global adversary might have been able to capitalize on the exploit.
Either way, users who operated or accessed hidden services from early February through July 4 should assume they are affected. Tor hidden services are popular among political dissidents who want to host websites or other online services anonymously so their real IP address can't be discovered by repressive governments. Hidden services are also favored by many illegal services, including the Silk Road online drug emporium that was shut down earlier this year. Tor officials have released a software update designed to prevent the technique from working in the future. Hidden service operators should also consider changing the location of their services. Tor officials went on to say:
Read 5 remaining paragraphs | Comments
Music industry sues automakers over in-car audio ripping systems
The Alliance of Artists and Recording Companies—a nonprofit group—has initiated a federal copyright infringement lawsuit against Ford and General Motors targeting the automakers’ in-car hard drive-based CD ripping technology. The lawsuit (full text) alleges that Ford and GM’s devices fail to comply with the terms of the Audio Home Recording Act of 1992 and that the AARC is due "injunctive relief and damages" because of that alleged noncompliance.
The problem with the suit, as outlined in a scathing response from Techdirt, is that the Audio Home Recording Act of 1992 was specifically written to allow exactly the kind of personal copying that in-car CD-ripping audio units perform. This was further cemented in 1999 with the 9th US Circuit Court of Appeal’s RIAA v. Diamond Multimedia Systems decision, which threw the weight of judicial precedent behind the notion that devices designed to make copies of copyrighted audio for personal use (as opposed to serial copies for distribution) are legal and exempt from licensing fees.
With its July 25 suit, the AARC alleges that Ford’s in-car "Jukebox" feature and GM’s in-car "Hard Drive Device" are purpose-built "Digital Audio Recording Devices" and therefore are subject to lots of additional regulation. Specifically, the suit states that both Ford’s Jukebox and GM’s Hard Drive Device fail to implement the Serial Copy Management System copy protection scheme and that both Ford and GM have failed to pay the appropriate AHRA-mandated royalties on their devices.
Read 2 remaining paragraphs | Comments
Modbook’s next project is the convertible MacBook Apple won’t make
Before the iPad, people who wanted an Apple tablet could buy something called the "Modbook" from a company named Axiotron. For $2,279, the company would take a regular white plastic MacBook, take it apart, and reassemble it inside a purpose-built tablet case with a Wacom digitizer and stylus installed. After some financial trouble and the launch of an actual Apple tablet, Axiotron became Modbook Inc., and the company launched the Modbook Pro, which did for the 13-inch MacBook Pro what the Modbook did for the standard Macbook.
Today the company is ready to announce the third iteration of the Modbook, kind of. The Modbook Pro X takes the 15-inch Retina MacBook Pro (including the refreshed models introduced yesterday), makes some modifications to its specs, and puts it into a tablet case. Like past Modbooks, the Modbook Pro X is designed to appeal to artists and other creative professionals who would like to draw directly on their tablet screens without having to use a separate drawing tablet. The catch? This project currently exists only as a Kickstarter project, with no guarantee the product will see the light of day if it doesn't hit its $150,000 funding goal.
The Modbook as a tablet. Modbook Inc.The Modbook Pro X will preserve all of the original ports and the CPU, GPU, and screen specs of the 2013 Retina MacBook Pro, crammed into a black tablet that's 0.7 inches thick and weighs 4.95 pounds, around half a pound heavier than the Retina MacBook Pro is by itself. The screen will be covered by a digitizer that supports 2,048 different pressure levels, and the Modbook will come with software installed to take advantage of the digitizer hardware. Optional "keybars," small rows of keys mounted to the back of the tablet, will provide keyboard hotkey shortcuts that users can press without interrupting whatever they're sketching onscreen.
Read 6 remaining paragraphs | Comments
Algorithm predicts US Supreme Court decisions 70% of time
A legal scholar says he and colleagues have developed an algorithm that can predict, with 70 percent accuracy, whether the US Supreme Court will uphold or reverse the lower-court decision before it.
"Using only data available prior to the date of decision, our model correctly identifies 69.7 percent of the Court’s overall affirm and reverse decisions and correctly forecasts 70.9% of the votes of individual justices across 7,700 cases and more than 68,000 justice votes," Josh Blackman, a South Texas College of Law scholar, wrote on his blog Tuesday.
While other models have achieved comparable accuracy rates, they were only designed to work at a single point in time with a single set of nine justices. Our model has proven consistently accurate at predicting six decades of behavior of thirty Justices appointed by thirteen Presidents. It works for the Roberts Court as well as it does for the Rehnquist, Burger, and Warren Courts. It works for Scalia, Thomas, and Alito as well as it does for Douglas, Brennan, and Marshall. Plus, we can predict Harlan, Powell, O’Connor, and Kennedy.
Given that there isn't much wagering action out there for Supreme Court decisions, Blackman says there's other real-world applications, like helping high court litigators develop strategies to overcome the model.
Read 5 remaining paragraphs | Comments
Sony: EA Access wouldn’t provide “value” for PlayStation owners
Yesterday's announcement of Electronic Arts' EA Access program was notable for being the first such subscription-based game download plan from a third-party publisher on this generation of consoles. But it was also notable for the fact that the subscription is only available on the Xbox One and not the PlayStation 4 (or on PC via Origin, for that matter). Today, Sony is suggesting that it doesn't think EA's subscription plan is as good a value as its own PlayStation Plus offerings.
“We evaluated the EA Access subscription offering and decided that it does not bring the kind of value PlayStation customers have come to expect,” a Sony representative told Game Informer. "PlayStation Plus memberships are up more than 200% since the launch of PlayStation 4, which shows that gamers are looking for memberships that offer a multitude of services, across various devices, for one low price. We don’t think asking our fans to pay an additional $5 a month for this EA-specific program represents good value to the PlayStation gamer."
It's true that PlayStation Plus is an incredible value as far as these kinds of subscriptions go. Players who have subscribed since the service was first rolled out in 2010 would today have access to hundreds of downloadable games across all of Sony's hardware, at a total cost of around $200 so far and with the promise of multiple new games every single month going forward (Microsoft's more recent Games With Gold has been a little less generous). EA Access, on the other hand, currently only gives access to four of EA's older games for $30 a year, with no guarantees about which titles will be added in the future or how long after release those titles will be available via the "Vault." Since the program is limited to EA titles, it seems unlikely that its selection will ever be nearly as extensive as something like PlayStation Plus.
Read 2 remaining paragraphs | Comments
LibreOffice 4.3 upgrades spreadsheets, brings 3D models to presentations
LibreOffice's latest release provides easier ways of working with spreadsheets and the ability to insert 3D models into presentations, along with dozens of other changes.
LibreOffice was created as a fork from OpenOffice in September 2010 because of concerns over Oracle's management of the open source project. LibreOffice has now had eight major releases and is powered by "thousands of volunteers and hundreds of developers," the Document Foundation, which was formed to oversee its development, said in an announcement today. (OpenOffice survived the Oracle turmoil by being transferred to the Apache Software Foundation and continues to be updated.)
In LibreOffice 4.3, spreadsheet program Calc "now allows the performing of several tasks more intuitively, thanks to the smarter highlighting of formulas in cells, the display of the number of selected rows and columns in the status bar, the ability to start editing a cell with the content of the cell above it, and being able to fully select text conversion models by the user," the Document Foundation said.
Read 3 remaining paragraphs | Comments
Mario Kart 8 boosts Wii U hardware sales, but not enough to earn profits
Last month, when Nintendo announced it had quickly sold more than two million copies of Mario Kart 8, we noted that we'd have to wait to see if those sales were coming primarily from existing Wii U owners or if the game was driving new console sales on its own. Nintendo's latest quarterly earnings report shows that while Mario Kart 8 has led to an increase in Wii U hardware sales, it wasn't nearly enough of a boost to return the company to profitability.
Worldwide, Nintendo sold 510,000 units of the Wii U in the three months from April to June. That's a substantial improvement from the tepid 160,000 it sold during the same period last year and a smaller bump from the 310,000 it sold during the January to March quarter of 2014. But those kinds of numbers aren't going to help the Wii U look like a real contender with competition like the PlayStation 4, which was selling a million consoles a month as recently as April, or even the Xbox One, which shipped just over one million consoles in the first quarter of 2014 (though, to be fair, neither competitor has broken out current console sales numbers for the second quarter of the year).
The improved console hardware sales weren't enough to bump Nintendo back to the profitability it has been seeking to reclaim for years now, either. The company reported a ¥9.4 billion operating loss for the quarter (about $92 million), even worse than the ¥4.9 billion (about $47 million) quarterly loss from a year prior. Nintendo attributes that loss partly to the lack of new Wii U software to go along with the success of Mario Kart 8. Indeed, in North America, the Wii U saw just five new games released during the three-month period, and Mario Kart 8's 2.82 million sales represented a full 64 percent of the total Wii U software sales for the quarter. That's even more striking when you consider that Mario Kart was only out for a month during the reporting period.
Read 2 remaining paragraphs | Comments