The BBC's Steven Rosenberg reports from Russia's border with Ukraine on the 438 Ukrainian soldiers who have retreated to Russia because they are ''under intense pressure''.

Aurich Lawson

During its teenage and young adult years—what is now referred to as its “classical” period—physics made a lot of mistakes.

In the old physics, mass and energy were separately conserved; particles’ positions and momenta could be arbitrarily specified; gravity acted instantaneously at a distance; the equality of gravitational and inertial mass was just a coincidence; and there was no speed limit. All these ideas and assumptions are now known to be in some way untenable. They're either inaccurate or theoretical dead-ends.

To put it plainly, classical physics is wrong. As such, there's really only one thing to do—physicists have since abandoned the old, mistaken ideas, right? It's reminiscent of how doctors discarded the system of humors, chemists chucked out phlogiston, and astronomers turned away from astrology and geocentrism.

Read 57 remaining paragraphs | Comments

NAS and storage server manufacturer Synology sends word this afternoon that they are informing their customers of a currently ongoing and dangerous ransomware attack that is targeting Synology devices.

Dubbed SynoLocker, the ransomware is targeting Internet-exposed Synology servers and utilizing a hereto-unknown exploit to break in to those systems. From there SynoLocker engages in a Cryptolocker-like ransom scheme, encrypting files stored on the server and then holding the key ransom. The attackers are currently ransoming the key for 0.6 Bitcoins (roughly $350 USD), a hefty price to pay to get your files back.

At this time only a portion of Synology servers are affected. Along with being Internet-exposed, Synology has confirmed that SynoLocker attacks servers running out of date versions of DSM 4.3 (Synology’s operating system). Meanwhile they are still researching as to whether the newer DSM 5.0 is affected as well.

With Synology still isolating the vulnerability and affected software versions, the company is asking users to take precautions to secure their servers against SynoLocker. Along with removing external Internet access to the server, Synology is also suggesting all users upgrade their DSM to the latest version and backup all of their data so that if they have or do get it, a backup copy is safe from SynoLocker.

Lovely. My @Synology NAS has been hacked by ransomware calling itself Synolocker. Not what I wanted to do today. pic.twitter.com/YJ1VLeKqfY

— Mike Evangelist (@MikeEvangelist) August 3, 2014

Meanwhile for those users whose servers have been infected, Synology is advising users to immediately shutdown their servers to prevent any further files from being encrypted and to contact Synology support about the issue. Synology is also suggesting that affected users also be on the lookout for fake Synology emails, out of a concern that the ransomware authors may follow up by hitting the infected users with spear phising attacks.

It goes without saying that while Cryptolocker and its ransomware ilk are already dangerous pieces of malware, SynoLocker is especially dangerous due to the larger quantity of data stored on a dedicated storage server compared to an average client machine or workstation, along with the potential value of the information stored on such a server. Furthermore whereas Cryptolocker is principally a “pull” attack delivered via Trojans (drive-bys, phishing, and otherwise), SynoLocker is a “push” attack that is capable of reaching out and directly infecting vulnerable servers without any human intervention.

Finally, Synology tells us that they are hoping to finish identifying which versions of DSM are affected this evening. They are also hoping to have a resolution, though admittedly if SynoLocker is as effectively implemented as Cryptolocker, then there is a distinct possibility that there may be no way to recover the ransomed data other than paying.

We will update this article once we hear more from Synology.

Update (08/05/2014):

Synology has finished analyzing the exploit and confirmed which versions of DSM are vulnerable. The vulnerability in question was patched out of DSM in December of 2013, so only servers running significantly out of date versions of DSM appear to be affected.

In summary, DSM 5.0 is not vulnerable. Meanwhile DSM 4.x versions that predate the vulnerability fix – anything prior to 4.3-3827, 4.2.3243, or 4.0-2259 – are vulnerable to SynoLocker. For those systems that are running out of date DSM versions and have not been infected, then updating to the latest DSM version should close the hole.

As for systems that have been infected, Synology is still suggesting that owners shut down the device and contact the company for direct support.

Full SynoLocker ransom message, courtesy the Synology German User forum (via CSO)

SynoLocker™
Automated Decryption Service

All important files on this NAS have been encrypted using strong cryptography.

List of encrypted files available here.

Follow these simple steps if files recovery is needed:

• Download and install Tor Browser.
• Open Tor Browser and visit http://cypherxffttr7hho.onion. This link works only with the Tor Browser.
• Login with your identification code to get further instructions on how to get a decryption key.
• Your identification code is - (also visible here).
• Follow the instructions on the decryption page once a valid decryption key has been acquired. 

Technical details about the encryption process:

• A unique RSA-2048 keypair is generated on a remote server and linked to this system.
• The RSA-2048 public key is sent to this system while the private key stays in the remote server database.
• A random 256-bit key is generated on this system when a new file needs to be encrypted.
• This 256-bit key is then used to encrypt the file with AES-256 CBC symmetric cipher.
• The 256-bit key is then encrypted with the RSA-2048 public key.
• The resulting encrypted 256-bit key is then stored in the encrypted file and purged from system memory.
• The original unencrypted file is then overwrited with random bits before being deleted from the hard drive.
• The encrypted file is renamed to the original filename.
• To decrypt the file, the software needs the RSA-2048 private key attributed to this system from the remote server.
• Once a valid decryption key is provided, the software search each files for a specific string stored in all encrypted files.
• When the string is found, the software extracts and decrypts the unique 256-bit AES key needed to restore that file.

Note: Without the decryption key, all encrypted files will be lost forever.
Copyright © 2014 SynoLocker™ All Rights Reserved.

A rescue operation is underway in China after a strong earthquake struck a remote area in the south west of the country, killing at least 398 people.

EFF

Patent litigation reform failed to pass Congress this year, but the issue of "patent trolls"—paper companies that do nothing but sue over patents—received unprecedented attention. Activist groups that have been long focused on the issue, like the Electronic Frontier Foundation, don't want the public pressure to let up.

Hence, EFF's newest patent campaign: the group will be announcing a "Stupid Patent of the Month." For August, the group has nominated US Patent No. 8,762,173, titled “Method and Apparatus for Indirect Medical Consultation.” The patent issued in June, and it dates back to an original filing in 2007.

A blog post by EFF lawyer Vera Ranieri, supplies a legalese-free description of just what the now-monopolized method is:

Read 7 remaining paragraphs | Comments

A ferry carrying around 200 passengers capsizes on the River Padma, south-west of the Bangladeshi capital Dhaka.

An indigenous group in the Amazon is taking a stand against Brazilian government plans to build a series of dams which threaten to flood their land.

After becoming the first female team leader for the Greco-Roman wrestlers' team in the US, Christina Kelley has been breaking barriers in Iran as well.

Two years after six Sikhs were gunned down in Oak Creek, Wisconsin, the Sikh community is fighting back with aggressive awareness campaigns.

The Robert E. Coyle Federal Courthouse in Fresno is the site of a significant portion of the nation's laser strike cases. Cyrus Farivar

On Monday, a federal court in Central California sentenced a 26-year-old to one year and nine months in prison for firing two different laser pointers at a Kern County Sheriff’s Office helicopter over a six month period in 2013.

The man, Brett Lee Scott of Buttonwillow, took a plea deal with federal prosecutors according to a May 5, 2014 court filing. Scott explained his actions by saying that he was “bored.”

It may seem like a silly thing, but laser strikes against planes, helicopters, and other aerial vehicles have become an increasing epidemic nationwide. Since the FBI began keeping track in 2005, there have been more than 17,000 laser strikes—one-fifth (3,960) in 2013 alone. During the first three months of 2014, the FBI reported an average of 9.5 incidents daily.

Read 5 remaining paragraphs | Comments

Cairo

Defendant John Skillern. Webster Police A 41-year-old Houston man was arrested on suspicion of child pornography charges in an investigation founded on a tip that Google sent to the National Center for Missing and Exploited Children.

"They got a tip, basically Gmail," detective David Nettles of the Houston Metro Internet Crimes Against Children Task Force told a local news broadcast last week.

The defendant, John Skillern, was being held on $200,000 bond and is a registered sex offender connected to a 20-year-old sexual assault on a young boy.

Read 9 remaining paragraphs | Comments

Microsoft is continuing to churn out regular updates to its developer tools with the release today of Visual Studio 2013 Update 3. As with previous updates, the release includes as mix of bug fixes and new capabilities.

New features include expanding the memory usage profiler to support both .NET applications using WPF and native code applications using Win32, CodeLens support for git repositories so work items and change history can be shown integrated in the text editor, and a better debugging experience for Windows Store apps on multimonitor systems.

Other parts of Microsoft's developer ecosystem were also updated today. The Windows Phone 8.1 Update preview is now available on all phones enrolled in the developer preview program, and the developer emulator images have been updated accordingly.

Read 3 remaining paragraphs | Comments

Aereo

In an emergency motion (PDF) filed Friday, TV-over-Internet startup Aereo submitted its most detailed legal arguments yet as to why it should be allowed to be a cable company. It also asked, based on those arguments, to resume operations until a final decision was reached.

US District Judge Alison Nathan wasn't having it, though. She rejected (PDF) the emergency motion and ordered it stricken from the record the same day it was filed. "Defendant has jumped the gun in filing, without authorization, its motion," she wrote. Instead, she ordered both sides to file papers in support of their positions following the Supreme Court case over the next five weeks.

Aereo was shut down a few days after it lost its Supreme Court case on a 6-3 vote. The Supreme Court said Aereo's strategy of using tiny antennas to push over-the-air TV over the Internet looked too much like a cable company to avoid paying copyright royalties.

Read 15 remaining paragraphs | Comments

A scene from Tropico 5, deemed inappropriate for sale in Thailand by the ruling junta.

Publisher Kalypso Media has confirmed that Thailand's Board of Film and Video Censors office has blocked the local release of Tropico 5, which features gameplay scenarios that may be too close to the real-world military coup that hit the country in May.

In its announcement, Kalypso notes that the Ministry of Culture declared merely that "some contents of the game are not appropriate for the current situation" in the country. However, a spokesperson for Thai distributor New Era told the AP that the government was worried that "some part of [the game's] content might affect peace and order in the country." Prior to the coup, both Tropico 3 and Tropico 4 were released in Thailand without incident.

Since it launched in 2001, the Tropico series has let players take the role of "El Presidente" and rule an island nation with an iron fist or a gentle, tourist-friendly hand. As Kalypso noted in a statement, the gameplay in the "Junta" expansion pack for previous release Tropico 4 largely mimics the militaristic takeover the country experienced earlier this year. "This [ban] does sound like it could have come from one of El Presidente’s own edicts from the game," Kalypso Media Group Global Managing Director Stefan Marcinek said in a statement.

Read 3 remaining paragraphs | Comments

Professional-networking site LinkedIn is agreeing to pay nearly $3.35 million in unpaid overtime to 359 workers, in addition to $2.5 million in damages under a deal announced Monday with the US Department of Labor.

The accord covers current and former employees at LinkedIn offices in California, Illinois, Nebraska, and New York.

"This company has shown a great deal of integrity by fully cooperating with investigators and stepping up to the plate without hesitation to help make workers whole," David Weil, administrator of the Wage and Hour Division, said in a statement.

Read 4 remaining paragraphs | Comments

New measurements of the star system HK Tauri provide insight into the complicated environments that can govern the formation of exoplanets. Before scientists had the ability to study exosolar systems in detail, it was expected that other systems would look a lot like ours. The planets of our Solar System orbit in a plane that roughly corresponds to the Sun’s equator, occupying nearly circular orbits.

However, when exoplanets began to be discovered, that expectation of familiarity was shattered. Exoplanetary systems occupy all kinds of orbits, with inclination varying wildly. There is currently no consensus about what causes these planetary orbits to get so out of whack.

Planets form out of a disk of gas and dust, part of the same material that formed the star. Since the whole system, including the star, was essentially one spinning disk at one point in its evolution, planets should orbit roughly along the same plane as their host star’s equator. After all, that is what we observe in our own Solar System. But in exosolar systems, that’s not always the case.

Read 13 remaining paragraphs | Comments

A look at the freshly redesigned Apple TV UI, taken from the latest developer beta. 9to5Mac

Apple reportedly seeded another beta of iOS 8 to developers today, and it came with a little something special for Apple TV users. 9to5Mac reports that the latest beta brings a refreshed user interface to the Apple TV, replacing the old iOS 6-style UI with a flatter look, updated icons, and refreshed fonts that bring it in line with iOS 7 and the forthcoming OS X Yosemite. Previous betas, while still based on iOS 8, used a version of the current interface.

We won't know until the official release whether iOS 8 will change anything about the way the Apple TV works, but judging from the available screenshots, endless tapping and clicking of your remote will still be the primary method of navigation. Those hoping for some kind of Siri-powered voice control will have to keep waiting, either for new hardware with an embedded microphone or for an update to the Remote app for iOS devices (to name just two of the possible ways Apple could implement this feature).

The current-generation Apple TV boxes introduced back in March of 2012 will presumably get this update alongside iPhones and iPads when iOS 8 launches in the fall. As we've already reported, second-generation Apple TV boxes will not receive this update—Apple is dropping support for all devices that use its A4 chip, including that box and the iPhone 4. A new Apple TV box is still in a state of flux. The Information reports that we could see a new version of the $99 Apple TV at some point this year, but a more extensive revamp that includes live TV broadcasts and buy-in from cable companies is being held up by negotiations.

Read on Ars Technica | Comments

The Xbox One definitely puts the "box" in Xbox—it has none of the contours or curves of the various 360 models. Kyle Orland

It's been only a couple of months since Microsoft finally lowered the price of a (Kinect-free) Xbox One to $399. Now, it seems Microsoft is prepared to add to the value of that console by offering one of two free games bundled with the hardware in the near future.

The first bundle, officially announced today "in limited supply only," will package an Xbox One console with a copy of Madden NFL 15 and will be available "at select US retailers such as Microsoft retail stores" starting August 26, when the game comes out. In addition to special packaging, bundle purchasers will also get a download code for three NFL Ultimate Team packs. The bundle follows the announcement of EA's Xbox One-exclusive subscription service, EA Access, which offers early access to demo versions of many upcoming games, including Madden NFL 15.

The second bundle is not officially confirmed yet, but a Microsoft spokesperson told Polygon that the company will be offering an Xbox One bundled with exclusive zombie action title Sunset Overdrive. That bundle will supposedly be the first time the general public has access to a white Xbox One, which was previously only available to Microsoft employees who worked on the system before launch.

Read 2 remaining paragraphs | Comments

The Union Street Guest House's imagemap homepage. Union Street Guest House

Apparently recognizing that restaurants and hotels can live and die by their online ratings, the Union Street Guest House in Hudson, NY included a table-turning clause in their reservation policies: if you book an event at the hotel and a member of your party posts a negative review, the hotel will fine you $500.

As initially reported by Page Six News, the Events and Weddings page on the hotel’s website contained the following language:

If you have booked the Inn for a wedding or other type of event anywhere in the region and given us a deposit of any kind for guests to stay at USGH, there will be a $500 fine that will be deducted from your deposit for every negative review of USGH placed on any Internet site by anyone in your party and/or attending your wedding or event. If you stay here to attend a wedding anywhere in the area and leave us a negative review on any Internet site, you agree to a $500 fine for each negative review.

It’s unclear when the decidedly anti-customer clause was added to the website (which appears to be as creaky and ancient as the hotel itself apparently is), but the story blew up this morning when Page Six News published a report on the clause. The story was echoed by BGR and Yahoo News before finally landing on the front page of reddit.

Read 9 remaining paragraphs | Comments

Kim Heung-kwang (second from left) is a former North Korean cyberwarfare professor and a judge at the HRF event. Justice Suh (third from right) was one of the winning team members. Cyrus Farivar

SAN FRANCISCO—A three-person Korean-American team—including two 17-year-old college students—won a weekend-long hackathon sponsored by the Human Rights Foundation (HRF) designed to help people in North Korea.

The team's idea, which hasn’t moved beyond the concept phase, was deceptively simple: import a bunch of satellite receivers into North Korea so that people can simply receive TV stations from SkyLife, a major South Korean broadcaster.

At present, SkyLife’s satellite footprint easily extends into North Korea, and it includes many Korean-language stations including KBS and SBS, two of the largest. It also includes some English-language programming, including BBC, Eurosport, and Animal Planet, among others. The team realizes that getting a little more independent information into North Korea won't create an overnight revolution in the country. But under this plan, the team claims, North Koreans could start to learn more about how their South Korea cousins live via news, sports, entertainment, and more.

Read 10 remaining paragraphs | Comments