Europa and Enceladus are two ocean moons that scientists have concluded have liquid water oceans underneath their outer icy shells. The Europa Clipper mission should reach Europa around April of 2030. If it collects data hinting at the moon’s potential habitability, robotic lander missions could be the only way to confirm if there’s really life in there or not.
To make these lander missions happen, NASA’s Jet Propulsion Laboratory team has been working on a robot that could handle the search for life and already tested it on the Matanuska Glacier in Alaska. “At this point this is a pretty mature concept,” says Kevin Hand, a planetary scientist at JPL who led this effort.
Into the unknown
There are only a few things we know for sure about conditions on the surface of Europa, and nearly all of them don’t bode well for lander missions. First, Europa is exposed to very harsh radiation, which is a problem for electronics. The window of visibility—when a potential robotic lander could contact Earth—lasts less than half of the 85 hours it takes for the moon to complete its day-night cycle due to the Europa-Jupiter orbit. So, for more than half the mission, the robot would need to fend for itself, with no human ground teams to get it out of trouble. The lander would also need to run on non-rechargeable batteries, because the vast distance to the Sun would make solar panels prohibitively massive.
Lovable, a Swedish startup that allows users to create websites and apps through natural language prompts, failed to address a critical security vulnerability for months after being notified, according to a new report. A study by Replit employees found that 170 of 1,645 Lovable-created applications exposed sensitive user information including names, email addresses, financial data, and API keys that could allow hackers to run up charges on customers’ accounts.
The vulnerability, published this week in the National Vulnerabilities Database, stems from misconfigured Supabase databases that Lovable’s AI-generated code connects to for storing user data. Despite being alerted to the problem in March, Lovable initially dismissed concerns and only later implemented a limited security scan that checks whether database access controls are enabled but cannot determine if they are properly configured.
King of the Hill is back. The popular animated sitcom from Mike Judge is returning for a 14th season on Hulu. But, as shown in the show’s new intro sequence, a lot has changed in Arlen, Texas.
Wholesome Direct, an annual showcase of cute and cozy games, is coming back on Saturday, June 7 at 12PM ET. This is a live event that can be streamed via the official YouTube page or Twitch account. The organizers promise to show off “a vibrant lineup of artistic, uplifting, and emotionally resonant games from developers of all sizes from around the world.”
The YouTube stream link is already available, so feel free to bookmark this page and come back on June 7 just in time for the show. Last year’s stream was a whole lot of fun. One of the cool things about Wholesome Direct is that the organizers typically make several games available for download immediately after the event, though we don’t know which ones will get that sort of VIP treatment this year.
We only know a few of the games that will be covered during the event. There’s an adorable puzzle game called Is This Seat Taken? that tasks players with positioning cute little characters on a bus, in a waiting room or at a restaurant. This one’s actually being released by the event’s publishing arm, Wholesome Games Presents. Another title is called MakeRoom and reminds me of the indie hit Unpacking, but with a focus on designing the perfect room and sharing that creation with friends.
The mobile game Usagi Shimais coming to Steam and is getting a prime spot at Wholesome Direct. This title has players transforming a barren island to make it hospitable to lovable bunnies. Minami Laneis already out for Switch, but is also coming to Steam and will be featured during the livestream. It’s a town management sim that focuses on one street at a time. It’s also extremely easy on the eyes.
Last year’s stream discussed over 30 titles. That leaves plenty of room for cozy surprises. Also, the showcase falls right in the middle of Summer Game Fest, which hosts a group of loosely-affiliated events that begin on June 6.
This article originally appeared on Engadget at https://www.engadget.com/gaming/pc/how-to-watch-the-wholesome-direct-showcase-on-june-7-at-12pm-et-181249575.html?src=rss
Doom The Dark Ages is an interesting little beast. It’s still Doom at heart, in the vein of the last two games. But the vibe is just so very different, and not just because of the medieval setting. It’s the Army of Darkness of Doom games, if you follow. That goes double for the music, and while there’s, uh, obvious…
VPN users have an unbelievable amount of choice in the market, but lots of those choices are bad. Upwards of 180 virtual private networks are available for commercial users alone. For the casual user who just wants a VPN to protect themselves online or change their virtual location, the risk of analysis paralysis is very real.
It doesn’t help that VPN providers love to make misleading claims about their own product. Read a few of their homepages and you’ll start to see some phrases repeat. “Lightning-fast.” “Bank-grade encryption.” “Zero-logs policy.” It’s designed to sound good without meaning much, and unfortunately, even the best providers love to talk like this.
Our team at Engadget started digging into the VPN world to help you cut through all this clutter and pick the provider you actually want and need. We’ve developed a rigorous testing process that combines investigative journalism, objective testing and qualitative review. This article explains how we research and test a VPN.
Update, May 28, 2025: This story has been completely overhauled to reflect the updated 2025 Engadget VPN testing methodology.
Check the table for a quick illustration of our VPN testing process.
Testing Step
What We Do
Install, configure and use the VPN on multiple platforms
Investigate how easy it is to download, install and configure the VPN
At a minimum, experience all features of the Windows, Mac, iOS and Android apps
Test speeds
Test download speeds, upload speeds and latencies on a representative sample of servers around the world
Test each location at least three times across two days and average scores
Test security
Run encryption tests using WireSharkTest for DNS and WebRTC leaks
See how the VPN handles IPv6 traffic
Check that the VPN uses up-to-date protocols
Look at pricing and deals
See what plans and discounts are available
Investigate whether long-term deals rise in cost after the first billing period
Look for free trials, coupons and other ways to save money
Look at subscription bundles
Check what other standalone apps or services are bundled with the VPN
Investigate how much those bundles cost and whether they’re worth buying
Close-read the privacy policy
Investigate the privacy policy for any loopholes
Note what information is saved, what is shared and with whom
Check the VPN’s ability to change geolocation
Make sure virtual locations match DNS locations
Test the VPN on streaming sites to see if it gets caught
Investigate the server network
Check how many server locations are physical vs. virtual and how many are owned vs. rented
Discover which users are most likely to have access to a physical server near them
Test all extra features
Explore the user interface and any features outside the VPN connection itself
Ensure features work as advertised and judge how easy they are to use
Use the customer service options
Read the help pages to see how they answer simple questions
Test the live chat, how capable the bot is and how difficult it is to reach a human
Submit an email ticket and grade response times and usefulness
Investigate the VPN’s background
Check the VPN’s history in the news
Read any published audit reports
Look into past data breaches and/or privacy violations
VPN testing: Our 11 steps
A quick note before we start — whenever we say “VPN” in this article, we’re referring to a commercial VPN, the kind any individual can download and use. Corporate VPNs like Cisco Secure Client and Perimeter81 require a different testing process.
1. Install and configure the VPN on multiple platforms
The most work you’ll likely have to do with a VPN comes when you download and install it. We run through that process on as many different platforms as possible. When we can’t hit them all, we try to get at least one in each category — desktop, mobile, smart TV and browser — plus the “big four” of Windows, Mac, iOS and Android.
Proton VPN’s app for MacOS, a typical user interface.
Sam Chapman for Engadget
We take careful notes on the whole process, trying to think from the perspective of someone who has never used a VPN before. How easy is it to find the installation file? How do you log in and out? Are there quality-of-life features, like a programmable auto-connect to save work the next time you open the VPN app?
After installing each VPN, we run through the basic tasks of connecting, disconnecting and changing server locations. If these go smoothly, 90 percent of users will face very few problems with the interface. On the other hand, any hiccups on the basic connection process bode poorly for the operability of the VPN’s more advanced features.
2. Test speeds
We take it for granted that a VPN will reduce your browsing speeds. Except in certain rare cases where your ISP has severely misconfigured your local pathways, it’s not possible for a VPN to give you faster speeds than your normal internet service. That means the “fastest VPN” is the one that drags down your normal speeds as little as possible.
We use Ookla’s speed testing software to check each VPN’s servers in three categories. Download speed describes how much data can move from a web server to your device in one second; this determines how quickly web pages load and when streaming videos need to buffer. Upload speed is the same in reverse, and matters most for torrenting, social media sharing and outbound communication from your computer.
Testing ExpressVPN’s speed using Ookla’s speedtest.net.
Sam Chapman for Engadget
The third metric is latency, measured by the length of a “ping” — the time in milliseconds that a single data packet takes to travel between your device and the web. Latency, which is highly dependent on distance, is important for anything that happens online in real time, like gaming or video chat.
All three speed stats can fluctuate as individual server loads change. To get a clear picture of performance across the entire network, we pick six server locations for each VPN, including the one the app designates as the fastest. We then test each location three times across two days, averaging each result to get a final score.
3. Test security
A VPN’s most important job is to keep your real IP address hidden. If it can’t do that, we can’t recommend it. The simplest way we test a VPN’s security is by checking our IP address while connected. If the VPN server is airtight, any IP lookup tool should show the server’s address, not our home network.
IP leaks — in which your home IP address is visible even while you’re connected through a VPN — are most often caused by VPNs using public DNS servers that make your requests visible to your internet provider. The culprit can also be a misconfiguration in real-time communication protocols (WebRTC) or a failure to properly incorporate IPv6 traffic.
Using WireShark to test whether a VPN can encrypt data in transit.
Sam Chapman for Engadget
We also check for weak, outdated VPN protocols like PPTP, or untested proprietary protocols with no available source code. We finish this step by testing the VPN’s encryption by analyzing a few data packets using Wireshark.
4. Look at pricing and deals
Next, we see how much the VPN costs. We read the fine print on multi-year deals to see if advertised savings stop after the first billing period; when VPNs offer “bonus months” for new sign-ups, it’s common for prices to go up later. We also evaluate any free plans, temporary free trials or money-back guarantees — paying special attention to the refunds, as VPNs occasionally refuse to honor their stated policies.
We close out by seeing if there are any special pricing discounts or coupons that may make the VPN more affordable. Ultimately, we try to make a call about whether the VPN gives the user enough value to justify its price.
5. Check out pricing bundles
Many of the top VPNs are expanding their offerings into larger bundles, like NordVPN Complete, Surfshark One, or ExpressVPN‘s Identity Guard suite. This can also happen from the other direction, as companies like Norton and Proton add VPNs to their existing product lines.
VPN bundles almost always come at an additional subscription cost, which they sometimes earn with added value — and sometimes don’t. Whenever we review a VPN, we check out the products associated with it and advise you on whether or not to heed the VPN’s inevitable calls to upgrade.
6. Close-read the privacy policy
The next step is to sit down with the VPN’s privacy policy and read it like a lawyer would. A VPN privacy policy is technically legally binding, in that the provider can be sued for false advertising if they violate it. Instead of lying outright, the less-trustworthy VPNs minimize their risk by hiding controversial practices behind vague language and loopholes.
Surfshark’s privacy policy on the Google Play Store
Sam Chapman for Engadget
As an example, a VPN might claim on its homepage to have a “zero-logs policy,” but it’s impossible to provide VPN service without keeping at least some logs. The honest providers lay out exactly what data they keep, how they anonymize it and what they do with it. Red flags include saving your data for longer than necessary, logging activity for non-security purposes like marketing, or claiming that the privacy policy does not apply to partners or parent companies.
7. Check the VPN’s ability to change geolocation
When a VPN changes your virtual location, it needs to do so in a way destination servers can’t see through. The sites you’d want to change your location for, like Netflix, YouTube and sports streams, block content in regions where they don’t have a licensing agreement to stream it (that’s why Netflix libraries change in every country). These sites know VPNs can circumvent their blocks, so they ban VPN access whenever they detect it.
A VPN can change your virtual location to switch up what’s available on streaming — so you can, for example, watch Friends on Netflix in the US.
Sam Chapman for Engadget
The best VPNs fight back by updating their server IP addresses quickly enough that streaming platforms can’t block them. We test a VPN’s unblocking ability by connecting to multiple streaming websites — each in several different countries — and looking for proxy errors. We check to see if content is accessible and whether speeds remain fast enough to view it.
8. Investigate the server network
A VPN’s “server network” is the selection of IP addresses it lets users connect to. Large server networks are a common selling point for VPNs, which argue that more servers means better performance and more locations means more options to circumvent blocks.
While it’s true that a larger network is a good sign, it’s easy to artificially inflate the numbers. For one thing, a VPN provider can set up virtual servers with IPs from locations where it isn’t physically present. This is helpful for getting locations in countries like China and India that ban most VPNs, but means you can’t always trust that a server which looks close to you actually is.
Sam Chapman for Engadget
It’s also common for providers to rent server space from third-party data centers to get more locations out faster. While convenient, this adds more potential failure points, since the data center operators may not follow the VPN’s security standards (this is how NordVPN was briefly compromised in 2018).
When reviewing a VPN, we investigate not just the quantity of its server network, but also its quality. If it doesn’t disclose which servers are virtual and/or rented, we check the IP addresses of suspicious locations and research whether the VPN has worked with data center providers.
9. Test all extra features
Most VPNs include features beyond the core ability to connect to a server. These extras range from vital security measures like kill switches (which cut you off from the internet if you aren’t connected to a VPN server) to tangential nice-to-haves like ad and malware blockers (which often work well but can’t replace a designated antivirus).
VPN special features can get elaborate — NordVPN Meshnet is one of the most extensive
Sam Chapman for Engadget
We test two things: whether these features work and whether they’re easy for beginners to use. The former depends on the feature — for example, for an ad-blocker, we’ll see if it blocks different types of ads. The latter is qualitative and depends on where the feature is found in the VPN app, how well it explains itself and what customization options exist.
10. Use the customer service options
No VPN client is so well designed that you’ll never need help. Good customer support starts with an up-to-date knowledge base written in clear English by a human author, with logical organization and plenty of screenshots. An active user community is a bonus, whether hosted on the VPN site or somewhere else (often Reddit).
We test each VPN’s customer support options by using them ourselves.
Sam Chapman for Engadget
Most VPNs have other tech support options, generally live chat and/or email tickets. We test both by submitting a simple question. With live chat, we determine whether it’s possible to talk with a human and how long it takes to reach that point. With email, we measure how long it takes to get a reply from the experts and how useful it is for solving the problem.
11. Investigate the VPN’s background
The first step is to find out exactly who we’re dealing with. We comb through the VPN’s history since its launch, looking for any security breaches, violations of its own privacy policy or any attempts to pull the wool over the customers’ eyes. News archives are the best source, but we also incorporate academic research by security investigators and published third-party audits of the VPNs themselves.
When we find black marks on a VPN’s record, we try to place them in context. A past security breach doesn’t necessarily disqualify a VPN from our recommendation — most of the best options have slipped up at least once. The best evidence comes from how the provider responded to the incident. Did they change anything or double down? Did their recovery produce lasting improvements, or did the same problem happen again a year later?
Privacy violations are much more serious. A VPN that breaks its agreement to not log information on its users cannot be trusted to keep its word in the future without evidence of drastic internal change. Another major red flag is a lack of transparency, like when it’s unclear where a VPN is based or who owns it.
Get started with our VPN reviews
Reviewing a VPN is a matter of patient investigation, rigorous testing and an unwillingness to take anything at face value. We’re constantly refining our process, so we’ll make sure to update this page whenever we change any of the steps above.
Now that you understand our process, you’re ready to dive into our coverage of the best VPN services (soon to get an extensive update), or head straight to our in-depth ExpressVPN review to see the process in action.
This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/vpn/how-we-test-vpns-175845189.html?src=rss
We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.
At $54.99, you probably don’t expect much from a laptop, but this refurbished Lenovo 100e Chromebook (2nd Gen, 2019) might surprise you. It’s not fast, it’s not flashy, and it only has 16GB of eMMC storage, but it’s the kind of machine that can take a beating and still show up to work the next day. Built for classrooms and chaos, it has reinforced edges, spill-resistant keys, and rubber bumpers that make it more forgiving than most laptops you’ll find in this price range. It’s also listed in Grade “A” condition, so you’re getting a laptop that should look close to new.
Performance-wise, it’s basic. There’s a MediaTek processor inside with 4GB of RAM—enough for browsing, Google Docs, streaming, or online classes, but not much more. Don’t expect to run 20 tabs or multitask like a maniac. What you do get is a surprisingly solid 11.6-inch display with anti-glare coating, a webcam that’s fine for video calls, and a battery that lasts around 10 hours. Chrome OS is light and easy to use, especially if you’re already living in the Google ecosystem. And the machine itself is lightweight and compact, making it a decent travel companion or a starter laptop for kids.
Of course, there are trade-offs. Storage is tight—you’ll need to rely on Google Drive or plug in an SD card if you want to keep anything local. The charger uses USB-C, which is convenient, but there’s only one of those ports alongside a single USB-A and HDMI. No Ethernet, no touchscreen, no premium features. Still, for under $60 with free shipping, it’s hard to argue. Whether you need a backup device, something to toss in a backpack without worry, or a no-frills option for schoolwork and emails, this budget Lenovo Chromebook keeps things simple.
Name: Heather L Johnston (I use my middle initial even though it sounds a little formal because there are a couple of us here in Vancouver.)
Hometown: Miscellaneous, USA. Some combination of New York, Cleveland, and Seattle — though I have lived in Horseshoe Bay, BC for longer than I did in any of those other places, at this point. I lived in New Jersey when I was little and mostly grew up in Cleveland, but went back East the minute I graduated from high school.
How did you get into cycling? I’ve been a bike rider for my whole life, commuting to school or work, and riding for fun — but I guess it really started getting more focused in high school. My friend Lindsay and I would go on epic rides through northwestern Ohio, and we did some century rides together. The terrain is short steep rollers and forest/ farmland — just wonderful riding.
In 1986, I did a six-week tour through New England, with Cannondale panniers on a Miyata Six Ten. In 1996, I walked into a bike shop in Seattle and asked, “Do people race bikes?” I was on a club ride the next morning, and the rest is history. I raced road and off-road pretty seriously for four or five seasons, did a ton of organizing, some coaching, moved to Vancouver, took a break, couldn’t stay away, and got back through a spin class in 2015. That led to training on The Sufferfest and the Tour of Sufferlandria and then Zwift; in October 2024, I finally got to do another big ride, in France and Spain. There will be more.
How many years have you been racing on Zwift? 4
Are you part of a Virtual team? Yes! Westcoast Coalition, based in Vancouver BC.
What do you love most about racing? Oh that’s a tough question. The team energy and the opportunity to really push my own limits. I love the effort and the way it makes me feel, and sharing that with friends is just the best thing ever. As a leader, I also love helping other women discover their power — seeing those lights go on never gets old.
What is your favourite style of race (e.g. points, scratch, iTT, TTT, Chase, duathlon)? TTT without a doubt. Just a great format. I’d also love to see something like velodrome racing on Zwift — 3000m pursuits and things like that. Wouldn’t a virtual Madison be wild?
What is your favourite Zwift women’s race series? WTRL Tuesday Night Racing.
What is your most memorable racing experience, inside or outside or BOTH? Outside. 1998. Getting up to the top of, and subsequently dropped on, Galena Pass in Idaho. I’d put together a composite team to go race the HP Women’s Challenge, and I had managed, somehow, to hang with a small group of riders up to the top of Galena. It’s around 8000’. It was so exciting to make it there, that I looked up at the summit sign for a split second, and they got a 100m gap on me.
I spent the rest of the day chasing six riders into Ketchum. Learning opportunity.
It was an absolutely beautiful race though, end to end. Another day, after the race we were at some tiny restaurant in someone’s house eating pie and watching foxes cross the yard. Race organizer Jim Rabdau told us he thought God lives in Stanley, Idaho. I’m not sure, but he certainly could have been right.
What is your favourite food to eat post-race? A small steak, veg, and an Athletic zero-proof beer. OR my other favourite post-ride food — a messy scramble and toast. The best recovery food ever.
What advice would you give to a woman entering her first Zwift race? First, just go try it and have fun, there’s so little risk. No crashing, you can still talk to / watch your friends even if you’re off the back… go see what you can do and don’t worry if it’s not what you might have expected. THEN…
The most valuable thing I’ve been told is to get in the pens early so you’re near the front at the start. This is a great strategy IRL and it works on Zwift too. A good start gets you into a place in the race where you can hang for as long as you can, but there’s room to drift back through the peloton, too. Be sure you have snacks, a fan, all the tech set up right well before start time so you don’t have to worry about details close to start time. Do some activation and get a decent warmup. On course, find some people close to your pace and ride with them! It’s much more fun and less work to draft and share the pulls than to slug it out alone. You can work with people even without talking — just get there, take your turn, give the people you’re riding with some Ride Ons, it’s pretty cool how that all works.
Any upcoming race you are looking forward to? At the moment I am just enjoying the Tuesday night series. There are some big women’s races on the calendar in the fall that are pretty cool — Fearless and the Iceni stage race come to mind — but I’m happy doing Tuesdays and then getting outside in springtime, though I will say I am one of those riders who’s on Zwift year-round. I love that I can get some miles in even if it’s late in the day or I need to be home for other reasons, or I just feel like exploring the game worlds on my own. I’m not afraid of doing a trainer workout on a sunny day if that’s what fits that day.
Where can people follow your racing adventures? I’m @H.L.Johnston on Instagram, that’s the best place I think.
Cooperation is the name of the game in Elden Ring Nightreign, so it’s good to know how to communicate well with your party to help one another succeed. And since loot is one of an expedition’s most important aspects, you’ll want to be certain everyone’s working together to find the best stuff for each member of your…
Broadband lobby groups asked the Trump administration to block state laws that require Internet service providers to offer cheap plans to people with low incomes. The biggest lobby groups for the cable, telecom, and mobile industries made the request in a filing with the US Department of Justice this week.
The groups want Trump’s Justice Department to sue states such as New York, which requires ISPs to offer broadband for $15 or $20 a month to people who meet income eligibility requirements. “The Antitrust Division should work with other components of the Department of Justice to consider bringing affirmative preemption litigation against the harmful state laws already on the books or soon enacted—particularly those that directly regulate broadband rates,” the lobby groups said.
The lobby groups also said the Justice Department should collaborate with the Federal Communications Commission “to thoroughly examine every possible tool in the federal government’s toolbox, including any and all ways in which the Commission can take regulatory action to preempt harmful state regulations.” The filing was submitted by CTIA-The Wireless Association, NCTA-The Internet & Television Association, and USTelecom-The Broadband Association.
An anonymous reader shares a report: In a landmark ruling advancing efforts to hold major polluters accountable for transnational climate-related harms, on May 28 a German court concluded that a corporation can be held liable under civil law for its proportional contribution to global climate change, Climate Rights International said today.
Filed in 2015, the case against German energy giant RWE AG challenged the corporation to pay for its proportional share of adaptation costs needed to protect the Andean city of Huaraz, Peru, from a flood from a glacial lake exacerbated by global warming. RWE AG, one of Europe’s largest emitters, is estimated to be responsible for approximately 0.47% of global historical global greenhouse gas emissions.
“This groundbreaking ruling confirms that corporate emitters can no longer hide behind borders, politics, or scale to escape responsibility,” said Lotte Leicht, Advocacy Director at Climate Rights International. “The court’s message is clear: major carbon polluters can be held legally responsible for their role in driving the climate crisis and the resulting human rights and economic harms. If the reasoning of this decision is adopted by other courts, it could lay the foundation for ending the era of impunity for fossil fuel giants and other big greenhouse gas emitters.”
Clearing bosses on the map in Elden Ring Nightreign is generally the best way to level up quickly, so you’ll want to prioritize anything that grants you access to these big baddies. One great way to do this is to find Stonesword Keys, which can open gaols found around Limveld that will let you tackle a (usually)…
The hugely popular first-person shooter game Valorant is getting some long-awaited upgrades as the game approaches its 5-year anniversary. In the latest dev update, the Valorant team announced the long-anticipated replay feature. They’ll function about the same as replays in other online shooters like Counter-Strike 2, allowing players to revisit their previous matches and watch them from the perspective of any player in the game or from a free-roaming camera. Replays will initially launch on PC with patch 11.06 in September and will come to consoles later in the year.
After initially developing and updating the game in Unreal Engine 4 for more than ten years, the dev team announced a port to Unreal Engine 5 with patch 11.02 around the end of July. The Valorant devs say this will bring higher frame rates and faster future patch downloads without changing the current gameplay feel. In their video update, the team teased that moving to Unreal 5 will enable a whole host of possibilities in the future.
Competitive players will take particular note of new anti-smurfing initiatives. Smurfing is the practice of higher-ranked players using lower-ranked accounts to gain a competitive advantage by playing against players far below their skill level. In an attempt to further curb this behavior, Valorant will be asking suspicious accounts to complete multi-factor authentication and is exploring requiring it on all competitive accounts. These guardrails will launch later this year with more details to come. Additionally, users who wish to report other players for smurfing can now select a specific “Rank/Matchmaking Abuse” category to help the better identify those accounts.
The update also showcased some gameplay balancing measures involving character abilities, teased a new competitive map and highlighted the team’s vision for the future of Valorant in esports.
This article originally appeared on Engadget at https://www.engadget.com/gaming/pc/valorant-is-finally-adding-replays-and-upgrading-to-unreal-engine-5-173931808.html?src=rss
To celebrate the 15th anniversary of the original Red Dead Redemption release (where has the time gone?), this is a video of Rob Wiethoff, who portrayed protagonist John Marston, playing the game for the first time. After two hours of watching him accidentally pull his gun on innocent townfolk while trying to access his inventory, it’s clear he’s a much better actor than he is a gamer. Hey, we all have our strengths and weaknesses. I’m still trying to figure out my strengths, but I’ve made a world record list of weaknesses. *flipping through phone book of weaknesses* Honestly, there might not be anything left to be good at.
Asus’ routers and popular and well-reviewed. As such, there’s a good chance you have one of its devices powering your home wifi. If you do, you should probably check on it, since thousands of Asus’ routers are now compromised.
What happened?
Cybersecurity company GreyNoise published a blog post about this router attack on Wednesday. GreyNoise says attackers used brute-force login attempts (running millions of login attempts until the right match is found) and authentication bypasses (forcing your way in around traditional authentication protocols) to break into these routers. Notably, hackers used authentication bypass techniques that aren’t assigned CVEs (common vulnerabilities and exposures). CVEs are labels used to track publicly disclosed security vulnerabilities, which means the security vulnerabilities were either unknown or known only to a limited circle.
Once in, hackers exploited the Asus router’s CVE-2023-39780 vulnerability to run whatever commands they wanted. Hackers enabled SSH (secure shell) access through Asus’ settings, which let them connect to and control the devices. They then stored the configuration—or backdoor—in NVRAM, rather than the disk of the router. The hackers did not leave malware behind, and even disabled logging, which makes their attacks difficult to detect.
It’s not clear who is behind these attacks, but GreyNoise did say the following: “The tactics used in this campaign—stealthy initial access, use of built-in system features for persistence, and careful avoidance of detection—are consistent with those seen in advanced, long-term operations, including activity associated with advanced persistent threat (APT) actors and operational relay box (ORB) networks. While GreyNoise has made no attribution, the level of tradecraft suggests a well-resourced and highly capable adversary.”
How did GreyNoise find out?
Sift, GreyNoise’s AI technology, first detected an issue on March 17, noticing unusual traffic. GreyNoise uses fully emulated Asus profiles running factory firmware to test for issues like these, which let researchers observe the attackers’ full behavior, reproduce the attack, and discover how the backdoor was installed. Researchers at the company received Sift’s report the following day, and began researching, coordinating with “government and industry partners.”
GreyNoise reported that, as of May 27, nearly 9,000 routers were confirmed compromised. The company is pulling that data from Censys, which keeps tabs on internet-facing devices throughout the world. To make matters worse, the affected devices only continue to increase: As of this piece, there were 9,022 impacted routers listed on Censys’ site.
Luckily, GreyNoise reports that Asus patched the security vulnerability in a recent firmware update. However, if the router was compromised before the patch was installed, the backdoor hackers put into the router will not be removed. Even if this is the case, you can take action to protect your router.
If you have an Asus router, do this
First, confirm your router is actually made by Asus. If it is, log in to your router via your internet browser. Logging into your router varies by device, but according to Asus, you can head to www.asusrouter.com, or enter your router’s IP address into your address bar, then log in with your Asus router username and password. Asus says if this is the first time you’ve logged into the router, you’ll need to set up your account.
From here, identify the “Enable SSD” settings option. (You may find this under “Service” or “Administration,” according to PCMag.) You’ll know the router is compromised if you see that someone can log in via SSH over port 53828 with the following key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo41nBoVFfj4HlVMGV+YPsxMDrMlbdDZ (the rest of the key has been cut for length).
Now, disable the SSH entry and block these IP addresses:
101.99.91.151
101.99.94.173
79.141.163.179
111.90.146.237
From here, factory reset your router. Unfortunately, the patch alone won’t be enough, since the attack survives any update. A total reset is the only way to be sure your router is protected.
However, if you see your router was not affected here, install the latest firmware update ASAP. Unaffected routers that install the latest patch will be protected from this type of attack going forward.
Your favorite mystery wrapped in a riddle that’s cloaked in secrecy is back with more breadcrumbs, leading our insatiable appetites toward still more unanswered questions. Months after Severance’s second season ended with Innie Mark (Adam Scott) and Innie Helly (Britt Lower) literally running into an uncertain future,…
Elden Ring Nightreign’s launch has been a bit of a mixed bag. While sales on Steam have been strong, with the game climbing towards the top of the charts, it hasn’t been a slam dunk with many players. The game is also experiencing technical problems that go beyond subjective disappointments with its gameplay, which developer FromSoftware is
Elden Ring Nightreign is tough as hell and very cryptic, as should be expected from any FromSoftware title. There are a lot of little details that are easy to overlook, so you’d be forgiven if you find yourself confused from time to time. Even a few of the game’s trophies and achievements are vague enough to trip up…
Elden Ring was a massive open-world game that stretched well beyond what many of us expected back in 2022; and its Shadow of the Erdtree DLC even added dozens more hours of fun. Elden Ring Nightreign, on the other hand, is a multiplayer roguelike game with a smaller scope and more focused, action-packed gameplay loop…
