Code chunk in Kronos malware used long before MalwareTech published it

Enlarge / Marcus Hutchins, security researcher for Kryptos Logic. In May, he registered a domain name that neutralized the WCry ransomware worm. In August, he was charged with developing malware called Kronos. (credit: Bloomberg via Getty Images)

A chunk of code found in the Kronos bank-fraud malware originated more than six years before security researcher Marcus Hutchins is accused of developing the underlying code, a fellow security researcher said Friday.

The conclusion, reached in an analysis of Kronos published by security firm Malwarebytes, by no means proves or disproves federal prosecutors’ allegations that Hutchins wrote Kronos code and played a role in the sale of the malware. It does, however, clarify speculation over a Tweet from January 2015, in which MalwareTech—the online handle Hutchins used—complained that a complex piece of code he had published a month earlier had been added to an unnamed malware sample without his permission.

Shortly after his arrest in Las Vegas two weeks ago, the Tweet resurfaced, and almost immediately it generated speculation that the malware Hutchins was referring to was Kronos. An analysis of Kronos soon showed that one portion used an instruction that was identical to one included in the code Hutchins published in January 2015.

Read 7 remaining paragraphs | Comments



Source: Ars Technica – Code chunk in Kronos malware used long before MalwareTech published it

Tor Project blasts hate sites, but defends principle of free speech

(credit: Tor Project)

The Tor Project has reiterated its absolutist commitment to free speech, saying that even though Daily Stormer recently moved to a Tor onion service, the organization won’t do anything to stop the “hate-spewing website.”

Various online services have begun to re-evaluate their willingness to do business with sites that publish obviously vile content in the wake of last weekend’s violence in Charlottesville, Virginia.

Earlier in the week, Google removed the Gab app on the Google Play store, and Squarespace said it would disable some of the offensive sites that it hosts as identified as hateful by the Southern Poverty Law Center. Most famously within the tech world, Daily Stormer itself was recently booted from CloudFlare’s CDN service after the company had initially said it would not do so.

Read 2 remaining paragraphs | Comments



Source: Ars Technica – Tor Project blasts hate sites, but defends principle of free speech

Wisconsin lawmakers vote to pay Foxconn $3 billion to get new factory

Enlarge / House Speaker Paul Ryan of Wisconsin, greets Terry Gou, president and chief executive officer of Foxconn, before President Donald Trump announces the first US assembly plant for electronics giant Foxconn, in the East Room of the White House on Wednesday, July 26, 2017. (credit: Photo by Jabin Botsford/The Washington Post via Getty Images)

The Wisconsin Assembly voted 59-30 on Thursday to approve a bill to give incentives worth $3 billion to Taiwan-based Foxconn so that the company would open its first US plant in the state.

Foxconn, best known for supplying parts of Apple’s iPhones, will open the $10 billion liquid-crystal display plant in 2020, according to Reuters. The bill still has to be approved by a joint finance committee and the state Senate.

Both houses of Wisconsin’s legislature are controlled by Republicans, and the deal is supported by Wisconsin Governor Scott Walker, a Republican who negotiated the deal.

Read 11 remaining paragraphs | Comments



Source: Ars Technica – Wisconsin lawmakers vote to pay Foxconn billion to get new factory

Agents of Mayhem review: Destroying a really dull open world

Enlarge / Scheherazade is great for taking out large groups.

Scratch beneath the surface of Agents of Mayhem—the hero-based shoot-and-loot open-world game from developer Volition—and you’ll only find more shooting, looting, and hero-based action. It lacks the surprisingly heartfelt camaraderie of the studio’s later Saints Row titles. It’s not as beautifully, thematically simple as Red Faction: Guerilla, but it is still a few solid hours of fun.

Agents of Mayhem is a pseudo-sequel/reboot/spinoff/prequel to Saints Row (and subsequently Red Faction—all three series are connected in subtle and not-so-subtle ways), but only diehard fans will likely notice it. Saints Row regulars like Pierce Washington, Oleg Kirrlov, and even Johnny Gat make appearances (that last one, only for pre-orderers). Yet they all operate under codenames in the G.I. Joe-like Mayhem, doing battle with the Cobra-esque Legion.

The game tries to seal the Saturday morning cartoon deal with actual cartoon cutscenes. They’re just too cheap looking—like Marvel’s oddly shaded modern fare, but jerkier—to take the gimmick all the way. It doesn’t help make it seem any less rushed when some of the scenes are notably not animated at all.

The soul in Seoul

Cheap or not, the animation is what is used to get the game’s pretty decent core conceit across. Legion’s evil council wants to take over the world, while the slightly less reprehensible Mayhem aims to stop them. A battle of “bad vs. evil,” as Mayhem’s ex-criminal director puts it, ensues. It’s a brighter and more colorful conflict than 90 percent of open-world games and far better at putting me in the mood for the open-ended shenanigans.

Read 12 remaining paragraphs | Comments



Source: Ars Technica – Agents of Mayhem review: Destroying a really dull open world

Android O is O-fficially launching August 21

Enlarge

Google has revealed the launch date for the final version of Android O: August 21. Google will be livestreaming an unveiling event live from New York City at 2:40pm ET to coincide with the solar eclipse. There’s a new teaser site up at Android.com/eclipse, which counts down the time until the event. “Android O is touching down to Earth with the total solar eclipse,” the site promises, “bringing some super (sweet) new powers!”

Android O (which we know will be version 8.0) is currently on its fourth developer preview, having originally launched in March. At the event we’re expecting Google to unveil the traditional snack-themed codename for the OS, finally revealing what the “O” in “Android O” stands for. It should also start pushing out OTA updates for at least the Pixel and Pixel XL, with updates for older Google devices happening the day of the event or shortly after.

Android O is not a mystery at this point. The OS brings a big revamp of the notification panel with a new layout, colors, and features like snoozing. Google is clamping down on background apps for more consistent performance and better battery life. There are new, updatable emoji, a faster startup time, an all new settings app, and lots of security enhancements, including the new “Google Play Protect” anti-malware branding. Most importantly, Android 8.0 brings Project Treble to new devices, a modularization of the OS away from the hardware. That initiative should make it easier to develop and roll out new Android updates.

Read 2 remaining paragraphs | Comments



Source: Ars Technica – Android O is O-fficially launching August 21

Gab, the right-wing Twitter rival, just got its app banned by Google

Google CEO Sundar Pichai. (credit: Sam Churchill)

When right-wing trolls and outright racists get kicked off of Twitter, they often move to Gab, a right-wing Twitter competitor. Gab was founded by Donald Trump supporter Andrew Torba, who says it’s devoted to unfettered free expression online. This week, Andrew Anglin, editor of the neo-Nazi site Daily Stormer, became an active Gab user after a succession of Internet companies refused service to his website, forcing it offline. The site also hosts controversial right-wing trolls like Milo Yiannopoulos and Andrew “weev” Auernheimer.

On Thursday, Gab said that Google had banned its Android app from the Google Play Store for violating Google’s ban on hate speech.

Google’s e-mail doesn’t explain how Gab violated Google’s rules, and the company’s policy on the topic isn’t very specific. It says only that “We don’t allow apps that advocate against groups of people based on their race or ethnic origin, religion, disability, gender, age, nationality, veteran status, sexual orientation, or gender identity.”

Read 5 remaining paragraphs | Comments



Source: Ars Technica – Gab, the right-wing Twitter rival, just got its app banned by Google

Here’s what happens to your retina if you view an eclipse without protection

Read 13 remaining paragraphs | Comments



Source: Ars Technica – Here’s what happens to your retina if you view an eclipse without protection

“Bing is bigger than you think,” Microsoft boasts, at 33% of US searches

We’ve known from Microsoft’s financial reports that Bing has been growing. The search engine became profitable in the third calendar quarter of 2015, and Microsoft says it has continued to grow both the market share and revenue-per-search since then.

But how big is Bing? Via OnMSFT, Microsoft tweeted yesterday that it’s “bigger than you think” and provided some numbers that will probably be a surprise to many. The company claims that fully one-third of searches in the US are powered by Bing, either directly or through Yahoo or AOL (both of which provide results generated by Microsoft). Other strong markets include Taiwan, at 24 or 26 percent, and the UK, at either 23 or 25 percent (depending on which tweet you read).

Globally, the company is claiming a 9-percent market share. Google is still the runaway winner, of course, but Microsoft’s numbers (using data from comScore) suggest that in at least some parts of the world, Bing is big enough to take note of. The real target for this kind of data is, of course, advertisers; by showing that Bing is actually being used by large numbers of people, Microsoft hopes that it will become more appealing to those wanting to advertise alongside search results.

Read 2 remaining paragraphs | Comments



Source: Ars Technica – “Bing is bigger than you think,” Microsoft boasts, at 33% of US searches

Trump’s DOJ not trying to stop AT&T/Time Warner merger

Enlarge / AT&T will own a bunch of new media properties if it is allowed to buy Time Warner. (credit: Aurich Lawson)

Despite President Trump’s promise to block AT&T’s purchase of Time Warner Inc., the government’s review of the merger has “reached an advanced stage” The Wall Street Journal reported yesterday.

“The deal’s regulatory review has hit a late-stage point where AT&T lawyers are discussing merger conditions with the Justice Department,” the report said, quoting people close to the situation. If the Justice Department concludes that any potential harms from the merger can be offset by conditions, then it would not sue to block the deal.

“Among the topics raised in the government’s review is ensuring that AT&T doesn’t discriminate or treat channels that compete with Time Warner’s content less favorably, the people close to the situation said,” the Journal wrote. “For example, the government could prevent AT&T from favoring HBO over other premium-TV brands in its marketing and pricing, the people said.”

Read 6 remaining paragraphs | Comments



Source: Ars Technica – Trump’s DOJ not trying to stop AT&T/Time Warner merger

Now you can post videos directly to Reddit, no third-party service required

(credit: Eva Blue)

Reddit announced a big, and likely welcome, change coming to its site: native video uploads. After testing the feature out in about 200 communities, native video hosting will now roll out for all Reddit communities, giving every user the ability to upload and share videos on Reddit without the use of a third-party service. Until now, users had to upload videos to another site and then post the video’s link to Reddit in order to share.

Native video uploading is supported on both the desktop and mobile versions of Reddit. Users can upload pre-recorded videos from their devices; on the Reddit mobile app, you can shoot videos to upload immediately by giving the app access to your camera. Videos must be either MP4 of MOV files, and they can be no longer than 15 minutes. You can even make gifs out of your videos by using Reddit’s new MP4 converter, and videos uploaded through the mobile app can be trimmed to show only the most important part. Since Reddit’s core is its communities, the company made it so you could watch videos and read posted comments at the same time. On desktop, the video player will shrink and stay at the top of the page so you can scroll through comments. On mobile, the video player remains at the top of the page while the bottom-half is scrollable.

Reddit’s blog post cites user experience as one of the main reasons for its new native video hosting. It was previously a hassle for users to post a video to Reddit, and the viewing experience wasn’t seamless. Reddit gave the same treatment to images last year when it cut ties with its longtime partner Imgur in favor of native image hosting. Not only does native image and video hosting make it easier for users to upload and share content to their favorite subreddits, but it also cuts the amount of time users spend on third-party sites.

Read 4 remaining paragraphs | Comments



Source: Ars Technica – Now you can post videos directly to Reddit, no third-party service required

Secret chips in replacement parts can completely hijack your phone’s security

Enlarge (credit: Omer Shwartz et al.)

People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device.

The concern arises from research that shows how replacement screens—one put into a Huawei Nexus 6P and the other into an LG G Pad 7.0—can be used to surreptitiously log keyboard input and patterns, install malicious apps, and take pictures and e-mail them to the attacker. The booby-trapped screens also exploited operating system vulnerabilities that bypassed key security protections built into the phones. The malicious parts cost less than $10 and could easily be mass-produced. Most chilling of all, to most people, the booby-trapped parts could be indistinguishable from legitimate ones, a trait that could leave many service technicians unaware of the maliciousness. There would be no sign of tampering unless someone with a background in hardware disassembled the repaired phone and inspected it.

The research, in a paper presented this week at the 2017 Usenix Workshop on Offensive Technologies, highlights an often overlooked disparity in smartphone security. The software drivers included in both the iOS and Android operating systems are closely guarded by the device manufacturers, and therefore exist within a “trust boundary.” The factory-installed hardware that communicates with the drivers is similarly assumed to be trustworthy, as long as the manufacturer safeguards its supply chain. The security model breaks down as soon as a phone is serviced in a third-party repair shop, where there’s no reliable way to certify replacement parts haven’t been modified.

Read 6 remaining paragraphs | Comments



Source: Ars Technica – Secret chips in replacement parts can completely hijack your phone’s security

Scorching heat, rolling blackouts: The west is changing how it does summer

Enlarge (credit: Getty Images)

This June, we received a letter from a reader asking why it seemed like there are fewer summer blackouts, especially in the western US, than there used to be.

This resonated with me. When I was a kid growing up in Southern California, summer always seemed to bring with it a couple of electrical blackouts. By 2001, the term “rolling blackouts” was a household phrase. The morning news would warn of a heatwave. My sister and I would head out to a friend’s house or some local summer camp, and when we returned home from pool-bleached adventures the power would go dead. Sometimes the blackouts lasted just a few minutes. But occasionally, hours passed and my parents would get cranky, sweating miserably with no way to know when we could get the air conditioner back on.

For me, it’s a trivial memory to think back on—my 20-years-younger parents wondering if they should wait for power to cook dinner or just have everyone fend for themselves in the slowly-warming fridge. We were lucky. We were a young family with bodies that were able to withstand a couple hours of heat. But blackouts aren’t just a minor inconvenience for some people. Surely, there were less fortunate people who suffered hyperthermia during these heatwaves. The very old and the very young are particularly susceptible, but blackouts are problems for businesses, too. Back then, the fledgling world of the dot-com boom was just figuring out how to deal with overheating servers and dropped conference calls.

Read 60 remaining paragraphs | Comments



Source: Ars Technica – Scorching heat, rolling blackouts: The west is changing how it does summer

OkCupid bans white supremacist “for life,” asks daters to report others

Enlarge (credit: OkCupid)

Dating site OkCupid made the unusual move of announcing that it had given a single member a “lifetime” ban on Thursday—and naming him—in order to make a point.

“We were alerted that white supremacist Chris Cantwell was on OkCupid,” the company wrote at its official Twitter account on Thursday. “Within 10 minutes, we banned him for life.”

Cantwell was the subject of a Vice documentary about the white-supremacist Unite The Right marches in Charlottesville, Virginia, over the past weekend, where he offered numerous racist and threatening comments while acting as a march organizer and riding in a car alongside former KKK Grand Wizard David Duke. (“We’re not non-violent,” Cantwell offered at one point in the documentary. “We’ll fucking kill these people if we fucking have to.”)

Read 6 remaining paragraphs | Comments



Source: Ars Technica – OkCupid bans white supremacist “for life,” asks daters to report others

Sharp sues Hisense over a foreign “gag order”

Read 9 remaining paragraphs | Comments



Source: Ars Technica – Sharp sues Hisense over a foreign “gag order”

Hyundai looks to build a >300-mile-range electric car

Enlarge / Signage for an electric car charging booth is displayed at Federation Square car park in Melbourne, Australia, on Friday, April 28, 2017. Photographer: Carla Gottgens/Bloomberg via Getty Images (credit: Bloomberg / Getty Images)

On Thursday, Hyundai said that it intends to produce a long-range electric vehicle by 2021 that will be capable of traveling 310 miles on a charge. That vehicle, a luxury Genesis sedan, will follow an electric version of the Kona sport utility vehicle that the Korean automaker hopes to release in the first half of next year. The electric Kona should have a range of 243 miles, Reuters noted.

Along with affiliate company Kia, Hyundai announced eight electric cars and two fuel-cell vehicles coming to market in the near future—a significant jump in the number of electric vehicles (EVs) that the company has planned to bring to market in years prior. Hyundai, like Toyota, has boosted the fuel cell vehicle for years. Fuel cell vehicles use hydrogen as fuel and emit water as a byproduct. But the compressed hydrogen that runs fuel cell vehicles is hard to store and hard to transport, so it has been slow reaching the market, although fuel cell vehicles do have the advantage of being fast to refuel, unlike electric vehicle batteries.

Toyota has also recently shown signs that it’s pouring more resources into mass-producing a long-range electric car as well. In July, an article in The Wall Street Journal noted that the Japanese automaker was working on building a battery with a solid electrolyte that would go into production in 2022. With Tesla and Chevrolet rolling out moderately priced EVs with long-range capabilities, other automakers known for moderately priced cars seem to be ready to get in the ring as well.

Read 3 remaining paragraphs | Comments



Source: Ars Technica – Hyundai looks to build a >300-mile-range electric car

Final Defenders trailer gives us the best kind of villain

This is the final trailer for Defenders, which hits Netflix tomorrow.

The long-awaited Neflix series Defenders premieres tomorrow, bringing together Daredevil, Jessica Jones, Luke Cage, and Iron Fist—all of whom have already starred in their own series for the streaming network. The final Defenders trailer teases us with our longest look yet at bad guy Alexandra (Sigourney Weaver). And she’s just the right kind of evil.

In the other previews for the series, we’ve already seen the dynamic between the Defenders is shaky at best. Jessica and Luke are still pissed at each other, Daredevil likes to work alone, and everybody is making fun of poor Iron Fist. We’ve heard some funny one-liners zipping among our heroes and the repeated refrain that they are not, definitely not, a team. But they’re going to have to become one to defeat Alexandra.

Weaver plays Alexandra as smooth, cool, and in control. We know almost nothing about her because she’s not from the Marvel comics, so she has been created just for this show. Based on the trailers, she appears to be some kind of corporate overlord, bringing violent new meaning to “hostile takeover.” She’s also a master manipulator, trying to bring the Defenders over to her side (she’s already working with Elektra). “We’re not so different,” she coos to them in a previous trailer. “We fight to get back what was once ours.”

Read 3 remaining paragraphs | Comments



Source: Ars Technica – Final Defenders trailer gives us the best kind of villain

How the tech sector can legally justify breaking ties to extremists

Enlarge / CHARLOTTESVILLE, VIRGINIA—A woman leaves a note on the ground as people gather at a memorial for Heather Heyer after her funeral service on Wednesday. Heyer was killed after a car rammed into a group of people during a planned Unite the Right rally last Saturday. The Daily Stormer’s celebration of the death sparked a tech-sector backlash against extremism. (credit: The Washington Post, Getty Images)

In the wake of recent violence in Charlottesville, Virginia, a swath of the tech sector has undergone a renaissance of sorts and announced that it was reducing or examining its ties to extremist groups.

CloudFlare CEO Matthew Prince said what a lot of executives were thinking when deciding to cancel service to the neo-Nazi site, the Daily Stormer. The site celebrated the death of a Charlottesville protester and sparked a tech-sector backlash against hate speech.

“My rationale for making this decision was simple: the people behind the Daily Stormer are assholes and I’d had enough,” Prince said. “Let me be clear: this was an arbitrary decision.”

Read 12 remaining paragraphs | Comments



Source: Ars Technica – How the tech sector can legally justify breaking ties to extremists

Rare pubic-grooming data reveals injuries, odd habits, and nicked bits

Read 8 remaining paragraphs | Comments



Source: Ars Technica – Rare pubic-grooming data reveals injuries, odd habits, and nicked bits

AT&T’s attempt to stall Google Fiber construction thrown out by judge

Enlarge (credit: Google Fiber)

AT&T has lost a court case in which it tried to stall construction by Google Fiber in Louisville, Kentucky.

AT&T sued the local government in Louisville and Jefferson County in February 2016 to stop a One Touch Make Ready Ordinance designed to give Google Fiber and other new ISPs quicker access to utility poles. But yesterday, US District Court Judge David Hale dismissed the lawsuit with prejudice, saying AT&T’s claims that the ordinance is invalid are false.

“We are currently reviewing the decision and our next steps,” AT&T said when contacted by Ars today.

Read 12 remaining paragraphs | Comments



Source: Ars Technica – AT&T’s attempt to stall Google Fiber construction thrown out by judge

Health benefits of wind and solar offset all subsidies

Read 11 remaining paragraphs | Comments



Source: Ars Technica – Health benefits of wind and solar offset all subsidies