A humble Taiwanese vegetable seller shows you do not have to be rich to donate money and make a difference.

Following a recent Magazine article on Myanmar's Armenian community, the head of the Armenian Church has just been to Yangon to resolve a dispute at the church there.

The secret ceremonies and intimate details of an ancient African empire are revealed in an exhibition of rare photographs in Washington.

The iPhone 6 and 6 Plus were rumored to have sapphire-coated screens right up until the announcement, but it didn't come to pass. Megan Geuss

Back in late 2013, Apple signed a deal with a company named GT Advanced Technologies to build a sapphire manufacturing plant in Arizona. Apple would build the facility, and GT would manufacture sapphire for use in Apple's devices. Sapphire is even harder and more scratch-resistant than the Corning Gorilla Glass used in many smartphones and tablets today, and the deal gave rise to rumors that Apple would be using sapphire to protect the screens of its new iPhones.

Those rumors were repeated many times in subsequent months, though others indicated that it wasn't a sure thing. The iPhone 6 and iPhone 6 Plus ended up launching with glass screens after all. Apple still uses sapphire to protect a few important surfaces on iPhones—the camera lenses and TouchID buttons, specifically—but those components are much smaller and therefore less lucrative for their manufacturer.

GT Advanced Technologies' stock took a dive in the days following the announcement, and the Wall Street Journal now reports that the company has filed for Chapter 11 bankruptcy protection. Under Chapter 11, companies generally continue to operate as they attempt to reorganize their operations, and GT CEO Tom Gutierrez emphasized that the company wouldn't be shutting down.

Read 2 remaining paragraphs | Comments

Ivan David Gomez Arce

James Comey, the Federal Bureau of Investigation director, says Chinese hackers are daily targeting US companies' intellectual property.

"I liken them a bit to a drunk burglar. They're kickin' in the front door, knocking over the vase, while they're walking out with your television set," Comey said Sunday on CBS' 60 Minutes. "They're just prolific. Their strategy seems to be: `We'll just be everywhere all the time. And there's no way they can stop us."'

60 Minutes Comey's remarks on the news magazine comes two weeks after a Senate Armed Services Committee report concluded that China's military broke into Pentagon contractors' computer networks at least 50 times—hacks that threaten "to erode US military technical superiority."

Read 5 remaining paragraphs | Comments

People with Ebola are being turned away from a medical facility in West Africa as it is full.

A breakup years in the making, and possibly at least three years too late. Hewlett-Packard Development Company L.P.

Three years ago, almost to the day, as Meg Whitman was taking over as Hewlett-Packard’s CEO, I offered her some unsolicited advice on what to do to save the company. Now it looks like she’s taken that advice, albeit a bit too late for the thousands of employees that will now be released into the wild to do something else with their lives. Was this trip really necessary?

As we’ve reported, HP’s executive team has decided to split the company in two, setting the PC unit free—bundled with HP’s money-printing printer unit. That’s essentially the advice I gave in October 2011, when Whitman was trying to decide what to do with the wreckage left by her predecessor, Léo Apotheker. Apotheker had blown billions on the acquisition of the “big data” software company Autonomy, only to announce that HP would spin off or sell the personal computer business because “continuing to execute in this market is no longer in the interest of HP and its shareholders.”

Since then, Whitman has been through several revisions of a new strategic vision to turn the company around. Instead of following through on Apotheker’s urge to get out of the consumer hardware business and become more like IBM—a business model that now even IBM is having a hard time with—Whitman pulled back from throwing away the PC business. She began a long process of trying to figure out what HP wanted to be when it grew up.

Read 9 remaining paragraphs | Comments

Among other items, the XProtect list now includes several iWorm variants. Andrew Cunningham

In case you missed it over the weekend, MacRumors reports that Apple has updated OS X's built-in XProtect malware definitions list to include the Mac.BackDoor.iWorm malware we reported on late last week. The iWorm malware allegedly managed to infect more than 17,000 Macs worldwide, and it was apparently using a (now closed) Minecraftserverlists board on reddit to distribute the IP addresses of control servers to infected Macs.

XProtect was first introduced to OS X in Snow Leopard in response to the MacDefender malware that managed to infect some OS X systems back in 2011. While the complete list is only 40 items long as of this writing, OS X silently checks for XProtect updates daily, and Apple also uses the list to mandate the usage of up-to-date versions of Java and Flash. While XProtect doesn't do anything to clean existing infections, it can prevent new ones by telling users explicitly that they're attempting to install known malware.

Dr. Web, the antivirus vendor that first reported the existence of both the malware and the botnet, recommends that you buy its products to scan for and delete malware that may already be on your computer—researchers at antivirus companies can get the word out about new vulnerabilities, but they don't do it out of the goodness of their hearts. Developer Jacob Salmela has some instructions that can help you delete the malware manually.

Read on Ars Technica | Comments

C

Security firm Check Point Software Technologies used a flaw it discovered in the Perl programming language to hack into the popular Bugzilla bug-tracking system and add four users to the administrator group, giving them power to see the details of undisclosed vulnerabilities.

The bold demonstration, detailed in a private bug report made public on Monday, took advantage of a new class of flaws discovered by Check Point in the Perl programming language, allowing the organization to craft specific strings of text that essentially fooled Bugzilla's user database. Check Point created administrator accounts for mozilla.com, mozilla.org, bugzilla.org, and bugzilla.bugs in the system.

"This is not an SQL injection attack, this is something rather new," Shahar Tal, security research team leader at Check Point, told Ars. "This is part of research that we have been working on for a couple of months on a specific Perl issue. Bugzilla is a good example and sample, but it is not the only project that we were able to find vulnerabilities in."

Read 8 remaining paragraphs | Comments

A new glass floor has been unveiled at the Eiffel Tower in Paris.

Alexander Rabb

After BuzzFeed revealed late Sunday that a digital advertising firm, Titan 360, was using public pay phones in New York City (yes, they still exist) to host Gimbal Bluetooth tracking beacons, the mayor’s office has now ordered them to come down.

The beacons can be used to log nearby phones’ Bluetooth addresses and mark the date, time, and location where they are seen. As such, the beacons can be used as a way to track physical movements of cellphone users, potentially allowing advertisers to serve those phones customized spots. (Users who have Bluetooth turned off on their phones will not be seen by the beacons.)

As recently as last month, Gimbal’s beacons—a rival to Apple’s iBeacon—were also being tested by another ad firm in GameStop stores in Texas. But in NYC, "the beacons will be removed over the coming days," according to New York City mayoral spokesman Phil Walzak, in a statement sent to Ars.

Read 5 remaining paragraphs | Comments

Focus on Africa's Dennis Okari has been to meet a woman who suffered horrific injuries in the violence that followed the 2007 elections.

The BBC is reporting that a Spanish nurse has contracted Ebola after treating a patient in Madrid. The patient in question, a priest who worked in West Africa, died in late September after returning to his native Spain. If he was the cause of the nurse's infection, then it would represent the first transmission of the virus outside the range of the current epidemic.

Health care workers in West Africa have frequently contracted Ebola due to the lack of advanced isolation facilities there. But the availability of these facilities in developed countries has been a key factor in limiting the spread of the virus outside of Africa, even as infected individuals returned home without knowing that they were infected or were brought home for treatment. This apparent instance of transmission may heighten tensions regarding our ability to limit the spread of the virus in an era where intercontinental travel is commonplace.

These tensions were on display as a flight from Belgium arrived in New Jersey this weekend, bearing a sick passenger who traveled to West Africa. A full evaluation of his status in a local hospital revealed no cause for concern, according to the Centers for Disease Control.

Read 1 remaining paragraphs | Comments

Kernel configuration has become more and more complex through the years with the proliferation of new drivers, new hardware and specific behaviors that might be needed for particular uses. It has reached about 3,000 config options, and that number will only increase. more>>

Fraud and Abuse Online: Harmful Practices of Inernet Payday Lending

Online payday loan operators threaten their customers, promote loans designed for long-term indebtedness, and charge exorbitant interest rates, according to a study by the Pew Charitable Trusts.

"Lump-sum loans online typically cost $25 per $100 borrowed per pay period—an approximately 650 percent annual percentage rate," Pew said.

The report, "Fraud and Abuse Online: Harmful Practices in Internet Payday Lending," (PDF) comes a month after the Federal Trade Commission halted an only payday scheme that the government said "allegedly bilked consumers out of tens of millions of dollars by trapping them into loans they never authorized and then using the supposed 'loans' as a pretext to take money from their bank accounts."

Read 7 remaining paragraphs | Comments

The US Food and Drug Administration released guidance last week in which it suggested that medical-device manufacturers consider the dangers of hacking in the design of their products, while not requiring countermeasures.

The nine-page document informs companies of the agency's "current thinking" on the topic of cybersecurity. In it, the FDA recommended that companies assess any dangers on the intentional or unintentional misuse of a device in their design stage. In addition, medical devices and systems should detect and log attacks and allow technicians to react to such attacks, whether through patching a vulnerability or other action.

"The need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and network-connected devices, and the frequent electronic exchange of medical device-related health information," the agency stated, adding that "manufacturers should address cybersecurity during the design and development of the medical device, as this can result in more robust and efficient mitigation of patient risks."

Read 6 remaining paragraphs | Comments

Aurich Lawson

UPDATE: On Friday, Intel issued a statement via its company blog to apologize for its part in the #GamerGate conversation. The post began with an acknowledgement that the company pulled ads from news site Gamasutra, confirming that the company would "not continue with our current ad campaign" there after receiving a wave of user complaints.

"Our action inadvertently created a perception that we are somehow taking sides in an increasingly bitter debate in the gaming community," the post continued. "That was not our intent, and that is not the case. When it comes to our support of equality and women, we want to be very clear: Intel believes men and women should be treated the same."

The post concluded by decrying "any organization or movement that discriminates against women," then saying, "we apologize and we are deeply sorry if we offended anyone." Intel's apology did not acknowledge the content of Leigh Alexander's September article, nor any other concerns or complaints attributed to #GamerGate.

Read 7 remaining paragraphs | Comments

The Windows 10 desktop isn't all that different from Windows 8.1's, but it's more important for the OS to replace Windows 8's damaged brand. Andrew Cunningham

The desktop environment in Windows 8.1 is pretty good.

This was not the message that Microsoft conveyed at its Windows 10 launch event last week, a presentation that had Microsoft's historically change-averse but financially important business customers in mind. Whether the company was looking forward to multiple desktops and Continuum or backward to the Start menu and the command prompt, Microsoft's message was clear: we have finished undoing all that stuff you didn't like.

But regardless of the message, the Windows 10 desktop is really only building on the foundation Windows 8.1 and Windows 8.1 Update 1 laid. These updates restored the Start button, allowed desktop and laptop users to boot into the desktop environment by default, and gave the familiar Windows taskbar the ability to launch and switch between full-screen Windows Store apps.

Read 12 remaining paragraphs | Comments

Not the actual exploit.

A security researcher claims to have uncovered a botnet being built by Romanian hackers using the “Shellshock” exploit against servers on a number of high-profile domains, including servers at Yahoo and the utility software developer WinZip. Jonathan Hall, president and senior engineer of technology consulting firm Future South Technologies published a lengthy explanation of the exploits and his communications with the exploited on his company’s website this weekend and said that Yahoo had acknowledged finding traces of the botnet on two of its servers.

Hall found the botnet, he said, by tracking down the source of requests that probed one of his servers for vulnerable CGI server scripts that could be exploited using the Shellshock bash vulnerability. That security flaw allows an attacker to use those vulnerable server scripts to pass commands on to the local operating system,  potentially allowing the attacker take remote control of the server. Hall traced the probes back to a server at WinZip.com. He then used his own exploit of the bash bug to check the processes running on the WinZip server and identified a Perl script running there named ha.pl.

After extracting the contents of the script, Hall discovered that it was an Internet Relay Chat (IRC) bot similar to ones used to perform distributed denial of service attacks on IRC servers. However, as he examined it more closely, he found that it “appeared to focus more on shell interaction than DDoS capabilities,” he wrote. According to Hall, it takes remote control of the server, while using its IRC code to report back to an IRC channel (called, creatively, #bash). The code was also heavily commented in Romanian.

Read 6 remaining paragraphs | Comments

An American photographer has documented the striking works of art left behind by soldiers who spent WWI in underground caverns.