Shared posts

08 Aug 09:55

Video: BBC-presentator heeft even geen zin in honden op een surfplank

Het is voor nieuwsprogramma's in de zomer vaak zoeken naar onderwerpen om de uitzending te vullen, zo ook bij de BBC. Presentator Simon McCoy zit al jaren in het vak en is wel een beetje klaar met de jaarlijks terugkerende komkommertijd in de zomer.

Zichtbaar geïrriteerd kondigt hij een reportage aan over surfende honden. "Besef, het is augustus. Dit is geen makkie", verzucht hij. "Hondenbezitters en hun dieren in Californië sprongen in het diepe tijdens het tweede jaarlijkse wereldkampioenschap surfen voor honden. Hier zijn de beelden."

Het item wordt ingestart en met opnieuw een zucht leest hij zijn tekst voor. Aan het eind van de reportage komt het beeld in de 'freeze' waarop hij sarcastisch zegt: "Dat is jammer, de beelden zijn op."

19 Jul 09:46

Propaganda bots dominate social networks in some countries

by Engadget

It won’t shock you to hear that governments and shady political groups will use social network bots in a bit to control the flow of information. But just how prevalent are they? Depending on where you live, they might just dictate the social media landscape. Oxford University researchers have published a study showing that “computational propaganda” (bots and other coordinated campaigns) is practically par for the course in some countries. In Russia, for instance, 45 percent of Twitter activity stems from “highly automated” accounts. And Ukraine is a “frontline” for just about everyone — Russia, Ukrainian nationalists and civil society groups are all using digital propaganda systems in a bid to sway public opinion.

They’re influential elsewhere, too, and not just in authoritarian countries or from the authoritarians themselves. China is fond of using a mix of bots and human-guided social attacks on Taiwan’s President, but it also faces “several” large anti-government Twitter bot networks. Meanwhile, bots and other propaganda systems have attacked political figures and rallied protests in Brazil ever since the 2014 presidential election and the ensuing scandals. In Poland, a handful of right-wing accounts represent 20 percent of all political discussion in the country. All told, the researchers found 29 countries using social networks to skew opinions at home and abroad.

And the US certainly isn’t immune. Twitter bots achieved “highly influential network positions” during the 2016 presidential election, particularly among the pro-Trump camp (where a key botnet was three times larger than that for Clinton).

This isn’t to say that bots are always bad, or that democracies are defenseless against influence campaigns. Canada’s political parties use bots, for instance, but they’re also used to improve public knowledge. And Germany is a “leader” in fighting online disinformation campaigns between regulation and an abundance of watchdog groups. The tricky part is keeping a lid on digital propaganda without pushing the social networks too far. Companies like Twitter will tackle bots, but they tend to push back when asked to decide what’s true or false. It may be some time before we see numerous democracies finding a way to curb propaganda mechanisms without undermining their own free speech values.

Via: Bloomberg

Source: Oxford University (PDF)

The post Propaganda bots dominate social networks in some countries appeared first on AIVAnet.

06 Jul 13:28

'EU wil Google recordboete opleggen vanwege machtsmisbruik met Android'

by Arnoud Wokke
De Europese Commissie wil Google een recordboete opleggen vanwege machtsmisbruik met zijn mobiele besturingssysteem Android. Onlangs gaf de EU Google een boete van 2,4 miljard euro, omdat het Google Shopping voorrang gaf in zoekresultaten.
03 Jul 08:24

NATO could be forced to respond to the Petya attack, says new report

by Kwame Opam

In the wake of last week’s massive Petya ransomware attack in Eastern Europe, researchers are reaching consensus that the incident was a politically-motivated cyberattack. According to CNBC, the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) recently put out a statement claiming that the attack was like done by a state actor or a group with state approval. The development means that the cyberattack could be viewed as an act of war, triggering Article 5 of the Washington Treaty and compelling NATO allies to respond.

"As important government systems have been targeted, then in case the operation is attributed to a state this could count as a violation of sovereignty,” wrote Tomáš Minárik, a researcher at the CCD COE law...

Continue reading…

07 Jun 19:12

Mysterious Group Lands Denuvo Anti-Piracy Body Blow

by Andy

While there’s always excitement in piracy land over the release of a new movie or TV show, video gaming fans really know how to party when a previously uncracked game appears online.

When that game was protected by the infamous Denuvo anti-piracy system, champagne corks explode.

There’s been a lot of activity in this area during recent months but more recently there’s been a noticeable crescendo. As more groups have become involved in trying to defeat the system, Denuvo has looked increasingly vulnerable. Over the past 24 hours, it’s looked in serious danger.

The latest drama surrounds DISHONORED.2-STEAMPUNKS, which is a pirate release of the previously uncracked action adventure game Dishonored 2. The game uses Denuvo protection and at the rate titles have been falling to pirates lately, it’s appearance wasn’t a surprise. However, the manner in which the release landed online has sent shockwaves through the scene.

The cracking scene is relatively open these days, in that people tend to have a rough idea of who the major players are. Their real-life identities are less obvious, of course, but names like CPY, Voksi, and Baldman regularly appear in discussions.

The same cannot be said about SteamPunks. With their topsite presence, they appear to be a proper ‘Scene’ group but up until yesterday, they were an unknown entity.

It’s fair to say that this dramatic appearance from nowhere raised quite a few eyebrows among the more suspicious crack aficionados. That being said, SteamPunks absolutely delivered – and then some.

Rather than simply pre-crack (remove the protection) from Dishonored 2 and then deliver it to the public, the SteamPunks release appears to contain code which enables the user to generate Denuvo licenses on a machine-by-machine basis.

If that hasn’t sunk in, the theory is that the ‘key generator’ might be able to do the same with all Denuvo-protected releases in future, blowing the system out of the water.

While that enormous feat remains to be seen, there is an unusual amount of excitement surrounding this release and the emergence of the previously unknown SteamPunks. In the words of one Reddit user, the group has delivered the cracking equivalent of The Holy Hand Grenade of Antioch, yet no one appears to have had any knowledge of them before yesterday.

Only adding to the mystery is the lack of knowledge relating to how their tool works. Perhaps ironically, perhaps importantly, SteamPunks have chosen to protect their code with VMProtect, the software system that Denuvo itself previously deployed to stop people reverse-engineering its own code.

This raises two issues. One, people could have difficulty finding out how the license generator works and two, it could potentially contain something nefarious besides the means to play Dishonored 2 for free.

With the latter in mind, a number of people in the cracking community have been testing the release but thus far, no one has found anything untoward. That doesn’t guarantee that it’s entirely clean but it does help to calm nerves. Indeed, cracking something as difficult as Denuvo in order to put out some malware seems a lot of effort when the same could be achieved much more easily.

“There is no need to break into Fort Knox to give out flyers for your pyramid scheme,” one user’s great analogy reads.

That being said, people with experience are still urging caution, which should be the case for anyone running a cracked game, no matter who released it.

Finally, another twist in the Denuvo saga arrived yesterday courtesy of VMProtect. As widely reported, someone from the company previously indicated that Denuvo had been using its VMProtect system without securing an appropriate license.

The source said that legal action was on the horizon but an announcement from VMProtect yesterday suggests that the companies are now seeing eye to eye.

“We were informed that there are open questions and some uncertainty about the use of our software by DENUVO GmbH,” VMProtect said.

“Referring to this circumstance we want to clarify that DENUVO GmbH had the right to use our software in the past and has the right to use it currently as well as in the future. In summary, no open issues exist between DENUVO GmbH and VMProtect Software for which reason you may ignore any other divergent information.”

While the above tends to imply there’s never been an issue, a little more information from VMProtect dev Ivan Permyakov may indicate that an old dispute has since been settled.

“Information about our relationship with Denuvo Software has long been outdated and irrelevant,” he said.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

04 Jun 21:04

No, Netflix Hasn’t Won The War on Piracy

by Ernesto

Recently a hacker group, or hacker, going by the name TheDarkOverlord (TDO) published the premiere episode of the fifth season of Netflix’s Orange is The New Black, followed by nine more episodes a few hours later.

TDO obtained the videos from Larson Studios, which didn’t pay the 50 bitcoin ransom TDO had requested. The hackers then briefly turned their attention to Netflix, before releasing the shows online.

In the aftermath, a flurry of articles claimed that Netflix’s refusal to pay means that it is winning the war on piracy. Torrents are irrelevant or no longer a real threat and piracy is pointless, they concluded.

One of the main reasons cited is a decline in torrent traffic over the years, as reported by the network equipment company Sandvine.

“Last year, BitTorrent traffic reached 1.73 percent of peak period downstream traffic in North America. That’s down from the 60 percent share peer-to-peer file sharing had in 2003. Netflix was responsible for 35.15 percent of downstream traffic,” one reporter wrote.

Piracy pointless?

Even Wired, a reputable technology news site, jumped on the bandwagon.

“It’s not that torrenting is so onerous. But compared to legitimate streaming, the process of downloading a torrenting client, finding a legit file, waiting for it to download, and watching it on a laptop (or mirroring it to a television) hardly seems worth it,” the articles states.

These and many similar articles suggest that Netflix’s ease of use is superior to piracy. Netflix is winning the war on piracy, which is pretty much reduced to a fringe activity carried out by old school data hoarders, they claimed.

But is that really the case?

I wholeheartedly agree that Netflix is a great alternative to piracy, and admit that torrents are not as dominant as they were before. But, everybody who thinks that piracy is limited to torrents, need to educate themselves properly.

Piracy has evolved quite a bit over the past several years and streaming is now the main source to satisfy people’s ‘illegal’ viewing demands.

Whether it’s through pirate streaming sites, mobile apps or dedicated media players hooked to TVs; it’s not hard to argue that piracy is easier and more convenient than it has even been in the past. And arguably, more popular too.

The statistics are dazzling. According to piracy monitoring outfit MUSO there are half a billion visits to video pirate sites every day. Roughly 60% of these are to streaming sites.

While there has been a small decline in streaming visits over the past year, MUSO’s data doesn’t cover the explosion of media player piracy, which means that there is likely a significant increase in piracy overall.

TorrentFreak contacted the aforementioned network equipment company Sandvine, which said that we’re “on to something.”

Unfortunately, they currently have no data to quantify the amount of pirate streaming activity. This is, in part, because many of these streams are hosted by legitimate companies such as Google.

Torrents may not be dominant anymore, but with hundreds of millions of visits to streaming pirate sites per day, and many more via media players and other apps, piracy is still very much alive. Just ask the Motion Picture Association.

I would even argue that piracy is more of a threat to Netflix than it has ever been before.

To illustrate, here is a screenshot from one of the most visited streaming piracy sites online. The site in question receives millions of views per day and featured two Netflix shows, “13 Reasons Why” and the leaked “Orange is The New Black,” in its daily “most viewed” section recently.

Netflix shows among the “most viewed” pirate streams

If you look at a random streaming site, you’ll see that they offer an overview of thousands of popular movies and TV-shows, far more than Netflix. Pirate streaming sites have more content than Netflix, often in high quality, and it doesn’t cost a penny.

Throw in the explosive growth of piracy-capable media players that can bring this content directly to the TV-screen, and you’ll start to realize the magnitude of this threat.

In a way, the boost in streaming piracy is a bigger threat to Netflix than the traditional Hollywood studios. Hollywood still has its exclusive release windows and a superior viewing experience at the box office. All Netflix content is instantly pirated, or already available long before they add it to their catalog.

Sure, pirate sites might not appeal to the average middle-class news columnist who’s been subscribed to Netflix for years, but for tens of millions of less fortunate people, who can do without another monthly charge on their household bill, it’s an easy choice.

Not the right choice, legally speaking, but that doesn’t seem to bother them much.

That’s illustrated by tens of thousands of people from all over the world commenting with their public Facebook accounts, on movies and TV-shows that were obviously pirated.

Pirate comments on a streaming site

Of course, if piracy disappeared overnight then only a fraction of these pirates would pay for a Netflix subscription, but saying that piracy is irrelevant for the streaming giant may be a bit much.

Netflix itself is all too aware of this it seems. The company has launched its own “Global Copyright Protection Group,” an anti-piracy division that’s on par with those of many major Hollywood studios.

Netflix isn’t winning the war on piracy; it just got started….

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

02 Jun 12:59

WannaCry and Vulnerabilities

by Bruce Schneier

There is plenty of blame to go around for the WannaCry ransomware that spread throughout the Internet earlier this month, disrupting work at hospitals, factories, businesses, and universities. First, there are the writers of the malicious software, which blocks victims' access to their computers until they pay a fee. Then there are the users who didn't install the Windows security patch that would have prevented an attack. A small portion of the blame falls on Microsoft, which wrote the insecure code in the first place. One could certainly condemn the Shadow Brokers, a group of hackers with links to Russia who stole and published the National Security Agency attack tools that included the exploit code used in the ransomware. But before all of this, there was the NSA, which found the vulnerability years ago and decided to exploit it rather than disclose it.

All software contains bugs or errors in the code. Some of these bugs have security implications, granting an attacker unauthorized access to or control of a computer. These vulnerabilities are rampant in the software we all use. A piece of software as large and complex as Microsoft Windows will contain hundreds of them, maybe more. These vulnerabilities have obvious criminal uses that can be neutralized if patched. Modern software is patched all the time -- either on a fixed schedule, such as once a month with Microsoft, or whenever required, as with the Chrome browser.

When the US government discovers a vulnerability in a piece of software, however, it decides between two competing equities. It can keep it secret and use it offensively, to gather foreign intelligence, help execute search warrants, or deliver malware. Or it can alert the software vendor and see that the vulnerability is patched, protecting the country -- and, for that matter, the world -- from similar attacks by foreign governments and cybercriminals. It's an either-or choice. As former US Assistant Attorney General Jack Goldsmith has said, "Every offensive weapon is a (potential) chink in our defense -- and vice versa."

This is all well-trod ground, and in 2010 the US government put in place an interagency Vulnerabilities Equities Process (VEP) to help balance the trade-off. The details are largely secret, but a 2014 blog post by then President Barack Obama's cybersecurity coordinator, Michael Daniel, laid out the criteria that the government uses to decide when to keep a software flaw undisclosed. The post's contents were unsurprising, listing questions such as "How much is the vulnerable system used in the core Internet infrastructure, in other critical infrastructure systems, in the US economy, and/or in national security systems?" and "Does the vulnerability, if left unpatched, impose significant risk?" They were balanced by questions like "How badly do we need the intelligence we think we can get from exploiting the vulnerability?" Elsewhere, Daniel has noted that the US government discloses to vendors the "overwhelming majority" of the vulnerabilities that it discovers -- 91 percent, according to NSA Director Michael S. Rogers.

The particular vulnerability in WannaCry is code-named EternalBlue, and it was discovered by the US government -- most likely the NSA -- sometime before 2014. The Washington Post reported both how useful the bug was for attack and how much the NSA worried about it being used by others. It was a reasonable concern: many of our national security and critical infrastructure systems contain the vulnerable software, which imposed significant risk if left unpatched. And yet it was left unpatched.

There's a lot we don't know about the VEP. The Washington Post says that the NSA used EternalBlue "for more than five years," which implies that it was discovered after the 2010 process was put in place. It's not clear if all vulnerabilities are given such consideration, or if bugs are periodically reviewed to determine if they should be disclosed. That said, any VEP that allows something as dangerous as EternalBlue -- or the Cisco vulnerabilities that the Shadow Brokers leaked last August to remain unpatched for years isn't serving national security very well. As a former NSA employee said, the quality of intelligence that could be gathered was "unreal." But so was the potential damage. The NSA must avoid hoarding vulnerabilities.

Perhaps the NSA thought that no one else would discover EternalBlue. That's another one of Daniel's criteria: "How likely is it that someone else will discover the vulnerability?" This is often referred to as NOBUS, short for "nobody but us." Can the NSA discover vulnerabilities that no one else will? Or are vulnerabilities discovered by one intelligence agency likely to be discovered by another, or by cybercriminals?

In the past few months, the tech community has acquired some data about this question. In one study, two colleagues from Harvard and I examined over 4,300 disclosed vulnerabilities in common software and concluded that 15 to 20 percent of them are rediscovered within a year. Separately, researchers at the Rand Corporation looked at a different and much smaller data set and concluded that fewer than six percent of vulnerabilities are rediscovered within a year. The questions the two papers ask are slightly different and the results are not directly comparable (we'll both be discussing these results in more detail at the Black Hat Conference in July), but clearly, more research is needed.

People inside the NSA are quick to discount these studies, saying that the data don't reflect their reality. They claim that there are entire classes of vulnerabilities the NSA uses that are not known in the research world, making rediscovery less likely. This may be true, but the evidence we have from the Shadow Brokers is that the vulnerabilities that the NSA keeps secret aren't consistently different from those that researchers discover. And given the alarming ease with which both the NSA and CIA are having their attack tools stolen, rediscovery isn't limited to independent security research.

But even if it is difficult to make definitive statements about vulnerability rediscovery, it is clear that vulnerabilities are plentiful. Any vulnerabilities that are discovered and used for offense should only remain secret for as short a time as possible. I have proposed six months, with the right to appeal for another six months in exceptional circumstances. The United States should satisfy its offensive requirements through a steady stream of newly discovered vulnerabilities that, when fixed, also improve the country's defense.

The VEP needs to be reformed and strengthened as well. A report from last year by Ari Schwartz and Rob Knake, who both previously worked on cybersecurity policy at the White House National Security Council, makes some good suggestions on how to further formalize the process, increase its transparency and oversight, and ensure periodic review of the vulnerabilities that are kept secret and used for offense. This is the least we can do. A bill recently introduced in both the Senate and the House calls for this and more.

In the case of EternalBlue, the VEP did have some positive effects. When the NSA realized that the Shadow Brokers had stolen the tool, it alerted Microsoft, which released a patch in March. This prevented a true disaster when the Shadow Brokers exposed the vulnerability on the Internet. It was only unpatched systems that were susceptible to WannaCry a month later, including versions of Windows so old that Microsoft normally didn't support them. Although the NSA must take its share of the responsibility, no matter how good the VEP is, or how many vulnerabilities the NSA reports and the vendors fix, security won't improve unless users download and install patches, and organizations take responsibility for keeping their software and systems up to date. That is one of the important lessons to be learned from WannaCry.

This essay originally appeared in Foreign Affairs.

20 Apr 15:28

Rechter verklaart strenge Nederlandse netneutraliteit ongeldig

by Arnoud Wokke
Nederland had geen strengere bepalingen over netneutraliteit mogen opnemen in de Telecommunicatiewet. Dat zegt de rechtbank in Rotterdam. Daarmee is de Nederlandse regelgeving rondom netneutraliteit niet meer van toepassing.
18 Apr 16:32

'MacOS-malware is moeilijk in kaart te brengen door missende antivirusproducten'

by Sander van Voorst
Op de Hack in the Box-conferentie in Amsterdam sprak Tweakers met macOS-malware-expert Patrick Wardle van beveiligingsbedrijf Synack. Hij stelt dat er weinig geavanceerde macOS-malware gevonden wordt doordat de nodige antivirusproducten ontbreken.
03 Apr 15:43

Nuclear power policy in the ’80s caused low birth weights after coal stepped in

by Megan Geuss

The Sequoyah Nuclear Plant. (credit: Nuclear Regulatory Commission)

After the Three Mile Island nuclear reactor meltdown in Pennsylvania in 1979, regulators moved to overhaul safety requirements for nuclear power plants. This led to the temporary closure of some older nuclear power plants governed by the Tennessee Valley Authority (TVA) when they couldn’t meet the Nuclear Regulatory Commission’s (NRC) newly tightened standards.

Now, Carnegie Mellon assistant professor of economics and public policy Edson Severnini says those closures may have caused reduced birth weight in children in the area at the time, due to pollution exposure from the increased reliance on coal-burning power plants. The sudden removal of nuclear power, which doesn’t emit any greenhouse gases, led to a ramp-up in the amount of power being provided by nearby coal plants, Severnini wrote. That led to increases in particle pollution in areas adjacent to coal power plants, measured by the Environmental Protection Agency (EPA) in total suspended particulates (TSP).

At the same time, average birth weight for infants declined 134 grams.

Read 10 remaining paragraphs | Comments

29 Mar 10:15

Potent LastPass exploit underscores the dark side of password managers

by Dan Goodin

(credit: Wikimedia)

Developers of the widely used LastPass password manager are scrambling to fix a serious vulnerability that makes it possible for malicious websites to steal user passcodes and in some cases execute malicious code on computers running the program.

The flaw, which affects the latest version of the LastPass browser extension, was briefly described on Saturday by Tavis Ormandy, a researcher with Google's Project Zero vulnerability reporting team. When people have the LastPass binary running, the vulnerability allows malicious websites to execute code of their choice. Even when the binary isn't present, the flaw can be exploited in a way that lets malicious sites steal passwords from the protected LastPass vault. Ormandy said he developed a proof-of-concept exploit and sent it to LastPass officials. Developers now have three months to patch the hole before Project Zero discloses technical details.

"It will take a long time to fix this properly," Ormandy said. "It's a major architectural problem. They have 90 days, no need to scramble!"

Read 4 remaining paragraphs | Comments

29 Mar 09:55

SpaceX is about to try something 'potentially revolutionary' in the history of space travel

by Dave Mosher

Elon Musk SpaceX falcon 9 reusable rocket launch landing BI Graphics 4x3Samantha Lee/Business Insider; SpaceX/Flickr; Getty Images

  • On March 30, SpaceX will try to re-launch and re-land a used Falcon 9 rocket booster for the first time.
  • A telecommunications company called SES plans to use the rocket to launch a satellite.
  • A spaceflight expert says the launch could be revolutionary in lowering the cost of access to space — if everything works.

It's make or break time for SpaceX.

On March 30, pending agreeable weather, Elon Musk's rocket company will try to make good on its promise to slash the immense cost of launching stuff into space.

The goal is to re-launch and recover a first-stage booster, or lower half, of a 229-foot-tall (70-meter-tall) Falcon 9 rocket that SpaceX first fired off on April 8, 2016. The booster in question helped deliver a satellite into orbit, screamed back to Earth, righted itself, and self-landed on a drone ship in the Atlantic Ocean.

This is highly unusual: Nearly all rocket parts today crash into the ocean following launch, sink to the bottom, and are never seen again. A booster, which is typically the most expensive part of multi-stage rockets, can cost tens of millions of dollars.

Gwynne Shotwell, SpaceX's CEO, has said that reusing a rocket booster could give its customers — who have so far launched only satellites and space station supplies — about a 30% discount on a Falcon 9 rocket launch, which costs about $62 million.

SpaceX's orbital rocket system is already the most affordable in the world, but such a discount would save companies more than $18 million per launch.

"This is potentially revolutionary," John Logsdon, a space policy expert and historian at George Washington University's Space Policy Institute, told Business Insider. "Reusability has been the Holy Grail in access to space for a long, long time."

Logsdon uses the word "potentially" because although SpaceX has been collecting used orbital rocket boosters, it has yet to re-launch and re-land any one of them. But that could change on Thursday.

How to buy a used rocket

spacex falcon 9 rocket used boosters first stages hangar cape canaveral florida flickr 27042449393_75d3cd0183_kSpaceX/Flickr (public domain)

Demonstration flights like SpaceX's upcoming launch-and-landing attempt are vital to prove that the rocket system works as intended. But they're also inherently risky, since they test new capabilities that might fail.

That's why many demonstration launches fly without any valuable payloads on board; there are simply fewer consequences if there's a failure, especially since the payloads they carry (most often orbiting satellites) can be worth hundreds of millions of dollars.

However, SES — a Luxembourg-based telecommunications company and longtime customer of SpaceX — actively pursued SpaceX so it could be the first to launch something on the used booster. In this case, the rocket will carry a satellite called SES-10, which will provide internet and television coverage for much of Central America and South America.

SpaceX's used booster will loft an upper-stage rocket dozens of miles above Earth, then separate from it. The upper-stage will then fire and take SES-10 into an orbit about 22,200 miles (35,700 kilometers) above the planet. Meanwhile, the booster will fall back toward the ocean and land on a ship.

ses 10 telecommunications satelliteSESMarcus Payer, the global communications director for SES, said the deal with SpaceX was solidified in August 2016, with a planned launch for later that year. But SpaceX's uncrewed rocket explosion on September 1 and the months-long accident investigation that followed delayed the flight.

"Wherever we can change the industry equation, we will do it. We were waving our hands to be the first," Payer told Business Insider. "We are not risk-averse, otherwise we would not be launching satellites."

In light of SpaceX's recent launchpad failure, Payer sounded optimistic.

"We are not new to this business. These things happen," Payer said. "[The explosion] has not, at all, rattled our confidence in what SpaceX is doing."

SES declined to tell Business Insider how much they paid SpaceX for the upcoming launch, citing contractual issues and competition within the industry. SpaceX did not reply to Business Insider's request for comment on the matter.

But John Logsdon said he wouldn't be surprised if SES received a discount of 30% — or even managed to pay SpaceX nothing at all, since this is a demonstration flight.

"I think they're getting a low-cost ride, though there's no reason to think why this should not work," said Logsdon, who recently toured the Cape Canaveral, Florida-based facility where SpaceX is refurbishing used Falcon 9 rockets.

spacex2SpaceX on Flickr

SpaceX designed its Falcon 9 rockets to be reusable from the beginning, and most of the multi-million-dollar construction cost is sunk into the first-stage booster.

Meanwhile, refueling the rocket with liquid RP-1 (a type of kerosene) and liquid oxygen (to burn the fuel) costs about $200,000, Elon Musk has said.

"The booster is not some kind of strap-on accessory. There are nine rocket engines on the first stage, while there's only one on the second stage. And rocket engines are the most expensive item," Logsdon said, adding that that Falcon 9 rocket was designed from the ground-up to be easily repaired and reused.

"So this begins to come close to the image of launching these things, recovering them, turning them around at low cost, and launching them again," he said. "That's the goal."

A future built on a ' very violent process'

Engineers have tried to build reusable launch systems for decades, the most notable example of which was the space shuttle developed by NASA and its contractors. But they haven't seen much success.

"The space shuttle was supposed to be fully reusable at its inception. The orbiter itself was supposed to be able to go into orbit, land, get turned around, and go out to the launchpad again," Logsdon said. "It turned out to be much more difficult than that."

However, progress over the past few years has rekindled the dream of reusable launch systems.

SpaceX has raised eyebrows with the self-landing capability of its Falcon 9 boosters on eight occasions. Musk's company is also working on a much-larger Falcon Heavy launch system, which should debut within a year. That rocket will use three self-landing boosters to further reduce the cost access to space.

spacex falcon 9 rocket launch super cooled flickr 32312416415_b90892af0a_oSpaceX/Flickr (public domain)Meanwhile, Amazon founder Jeff Bezos is also pursuing his own reusable rockets through his company Blue Origin.

Blue Origin has shown it can launch, land, and reuse its liquid-fueled rocket, called the New Shepard.

As Musk has pointed out, however, Blue Origin's New Shepard system is a smaller suborbital rocket meant to ferry tourists to the edge of space for a few minutes and is not designed to put heavy satellites into orbit. (That feat that requires nearly 1,000 more energy.)

While Blue Origin is developing the New Glenn — a heavy-lift orbital rocket system that recently attracted its first paying customer — SpaceX is ostensibly farther ahead in the reusable launch industry.

Whatever direction it goes, Logsdon said any company attempting to get in on the game is signing up for a long-term fight with physics: It's no simple task to launch rockets at speeds of many thousands of miles per hour, land that hardware, and prepare it for another flight.

"Launching is still a very violent process," Logsdon said, adding that "each recovered booster will present a different challenge" in terms of damage to the rocket's engines, fuel pumps, navigation electronics, cylindrical body, and more.

Logsdon is eager to see how quickly companies like SpaceX can turn around boosters under heavy demand — and whether or not enough customers will actually want to fly on used merchandise.

But between SpaceX's goal of launching a global network of 4,425 internet satellites and SES' plans to expand its satellite business, there may not be any shortage of demand for low-cost rocket rides.

"This is not a one-off. If it works, it will become a key element in all future satellite constellations," Payer said. "We'll be double-happy if this goes well, for both our sake and SpaceX's."

NOW WATCH: SpaceX has successfully landed 8 rockets — watch them all in 60 seconds

06 Feb 16:41

Hacker Leaks Cellebrite's Phone-Hacking Tools

by Bruce Schneier

In January we learned that a hacker broke into Cellebrite's network and stole 900GB of data. Now the hacker has dumped some of Cellebrite's phone-hacking tools on the Internet.

In their README, the hacker notes much of the iOS-related code is very similar to that used in the jailbreaking scene­a community of iPhone hackers that typically breaks into iOS devices and release its code publicly for free.

Jonathan Zdziarski, a forensic scientist, agreed that some of the iOS files were nearly identical to tools created and used by the jailbreaking community, including patched versions of Apple's firmware designed to break security mechanisms on older iPhones. A number of the configuration files also reference "limera1n," the name of a piece of jailbreaking software created by infamous iPhone hacker Geohot. He said he wouldn't call the released files "exploits" however.

Zdziarski also said that other parts of the code were similar to a jailbreaking project called QuickPwn, but that the code had seemingly been adapted for forensic purposes. For example, some of the code in the dump was designed to brute force PIN numbers, which may be unusual for a normal jailbreaking piece of software.

"If, and it's a big if, they used this in UFED or other products, it would indicate they ripped off software verbatim from the jailbreak community and used forensically unsound and experimental software in their supposedly scientific and forensically validated products," Zdziarski continued.

If you remember, Cellebrite was the company that supposedly helped the FBI break into the San Bernadino terrorist iPhone. (I say "supposedly," because the evidence is unclear.) We do know that they provide this sort of forensic assistance to countries like Russia, Turkey, and the UAE -- as well as to many US jurisdictions.

As Cory Doctorow points out:

...suppressing disclosure of security vulnerabilities in commonly used tools does not prevent those vulnerabilities from being independently discovered and weaponized -- it just means that users, white-hat hackers and customers are kept in the dark about lurking vulnerabilities, even as they are exploited in the wild, which only end up coming to light when they are revealed by extraordinary incidents like this week's dump.

We are all safer when vulnerabilities are reported and fixed, not when they are hoarded and used in secret.

Slashdot thread.

03 Feb 08:57

Radio stations around the country reportedly hacked to play YG's anti-Trump song

by Lizzie Plaugic

Since Inauguration Day, several terrestrial radio stations from around the country have been dealing with the same problem: an unstoppable audio loop of YG and Nipsey Hussle’s track “FDT (Fuck Donald Trump).” Stations in South Carolina, Indiana, Texas, Tennessee, and Kentucky have all had their signals hacked over the past two weeks resulting in unexpected airtime for “FDT,” according to multiple sources.

On January 20th, reports began to surface of radio stations in Kentucky and Texas playing the song on repeat for hours. HeatStreet confirmed with Crescent Hill Radio in KY and 100.5 KCGF-LP in TX that the broadcasts were not intentional. Crescent Hill Radio reportedly had to go off the air entirely for several hours to fix the problem.


Continue reading…

24 Jan 09:20

Mental “vaccine” protects both parties from plague of fake news and lies

by Beth Mole

Enlarge (credit: Getty | BSIP)

National outbreaks of fake news and partisan “disinformation” have convinced many Americans to doubt scientific consensus—such as the near-unanimous agreement among experts that human-caused climate change is real and a global threat and that vaccines are safe, effective, and live-saving.

While respectable media outlets are scrambling to fact-check and refute such “merchants of doubt,” a group of researchers, led by a psychologist at Cambridge, think they can stamp out the viral spread of fake news and lies just like we stamp out every other infectious disease—with vaccinations.

Their ‘mental inoculation’ works under the same principal as actual innoculations—that is, exposure to a weakened version or fragment of some nasty contagion can allow a person to recognize and develop immunity to future threats. In their study, the researchers found that they could effectively ‘vaccinate’ Americans from climate change misinformation by presenting them with information on the scientific consensus alongside a pre-emptive caution that some politically motivated groups are spreading lies about that consensus.

Read 16 remaining paragraphs | Comments

02 Jan 12:47

Bitcoin Currency Format Support Coming Soon To Microsoft Excel on Desktop and Mobile

by Pradeep

Microsoft is working on BitCoin format support in Excel. When this feature becomes available, users can use Excel to track, calculate and analyze Bitcoin data using native Bitcoin number formatting options. This new feature will be first rolled out to Excel 2016 for Windows, Excel Online, Excel Mobile for Windows and Excel Mobile for Android.

This feature is expected to be available in the first half of 2017.

22 Dec 07:36

A Cold War technology designed to make jets fly for days might solve Earth's looming energy crisis

by Dave Mosher

Codebreakers_bannerMarketplace / Business Insider

aircraft nuclear propulsion anp crusader nb 36h jet bomberUSAF

Humanity is in a serious pinch for energy.

The world population may balloon to 9 billion people by 2040, up from 7.36 billion in 2016, and researchers believe this will translate to a 48% jump in energy consumption.

Fossil fuels could slake the world's thirst for energy, but burning more would exacerbate climate change and threaten millions. And it'd be temporary, since known reserves are expected to run out within a century or two.

Meanwhile, renewable energy like wind and solar, though key parts of a solution, are no silver bullets — especially if the world is to meet a 2050 deadline set by the Paris Agreement.

"You've got to be able to generate energy reliably. You've got to be able to generate energy on demand. And that's what wind and solar can't do, and will never be able to do," Kirk Sorensen, the CTO of nuclear energy startup Flibe Energy, told Business Insider in an episode of our podcast Codebreaker, produced with Marketplace.

Nuclear reactors fit the bill: They're dense, reliable, emit no carbon, and — contrary to popular belief — are among the safest energy sources on Earth. They currently supply 20% of America's energy, but this share may decline by 50% through 2040 as companies take decades-old reactors offline, according to a July 2016 report released by Idaho National Laboratory.

Fortunately, a powerful yet relatively unknown solution may have started with a Cold War-era airplane: "The Crusader" NB-36H jet bomber, which flew over two US states with a nuclear reactor in its belly.

The effort was part of the Aircraft Nuclear Propulsion (ANP) program. Although it was ultimately canceled, ANP spawned the development of a radical new type of power plant, called the molten-salt reactor.

Today, engineers like Sorensen are trying to revive the molten-salt reactor, which the US abandoned in the early 1970s, and fuel it with a practically infinite source of carbon-free energy: thorium.

A push for nuclear-powered flight

Youtube Embed:
Width: 800px
Height: 450px

The US government in 1946 launched ANP as an effort to develop a nuclear-powered jet bomber.

It was an extreme means to a practical (and deadly) end: Fly at least 15,000 miles without refueling to give the plane a fearsome range of attack, according to Scientific American.

Physicist Alvin Weinberg, who invented the most well-known type of nuclear reactor in 1945 — the light-water reactor (LWR) — rose to the occasion and began working up a solution as the director of Oak Ridge National Laboratory (ORNL) in Tennessee.

But Weinberg didn't want to put a LWR into an airplane.

LWRs, which now provide 100% of America's nuclear energy, rely on solid nuclear fuel, typically one that contains uranium-235. If this "fissile" isotope of uranium is struck by a flying neutron, it can split, release gobs of energy, and shoot out more neutrons. This process is called fission. If there's enough fuel in one place, there will be enough neutrons flying around to self-sustain a fission chain-reaction.

The problem is that solid fuel is terribly inefficient. In fact, LWRs fission or "burn up" just a few percent of their fuel before it needs to be replaced. This is because waste products slowly accumulate in the fuel, absorb more and more neutrons, and poison the process of fission.

So Weinberg instead chose to develop an idea he'd heard during the Manhattan Project, which had since become "kind of an obsession" for him: a reactor that fissioned its fuel in a fluid of molten salt.

Molten-salt reactors are unlike any commercial nuclear power plants that exist today. Instead of using solid pellets of nuclear fuel, they dissolve nuclear fuel in a stable, blazing-hot fluid.

The fluid can dramatically increase the efficiency of nuclear fission by making it easy to remove fission products. This helps it burn up almost all the nuclear fuel and boosts energy output. Such reactors are essentially meltdown-proof, too, since cooling down the salt solidifies and expands it, slowing fission to a crawl.

Weinberg and others knew such efficiency might allow engineers to shrink a reactor to fit inside an airplane. So he and his team at ORNL built a small molten-salt reactor as part of an offshoot program, called the Aircraft Reactor Experiment (ARE).

The birth of the molten-salt reactor

first molten salt reactor airecraft reactor experiment are anp ornlUSAF

By 1954, Weinberg and his team had built a working prototype: a 2.5-megawatt power plant that used a small amount of uranium-235 dissolved in molten salt made of fluorine, sodium, and zirconium.

It was the first working molten-salt reactor ever built.

Inside the ARE's molten-salt fuel, uranium powered a fission chain-reaction. The atomic heat warmed up an adjacent loop of coolant (made of molten sodium) from 1,200 to 1,500 degrees Fahrenheit. Incoming air cooled the sodium, and pumps returned it to the fluid-fueled reactor core for reheating.

"The Air Force was delighted by the aircraft reactor experiment," Weinberg wrote in his 1994 autobiography, "The First Nuclear Era," since this was hot enough to drive jet engines.

The Air Force immediately began retrofitting a B-36 jet bomber ("The Crusader") to carry a nuclear reactor. It also funded ORNL's follow-up molten-salt reactor, called the Aircraft Reactor Test (ART).

heat transfer reactor experiment 3 doeUSAFBut the Air Force canceled ART in 1957 to cut ballooning costs — and instead flew a different reactor it had funded in tandem.

The reactor, which was not a molten-salt reactor but a light-water reactor, was never connected to the plane's engines, since "The Crusader" was only intended to test radiation shielding. (The Air Force planned to later incorporate it into a purpose-built nuclear bomber called the WS-125.)

"The Crusader" flew 47 demonstration flights from 1955 through 1957 over New Mexico and Texas. It weighed nearly 18 tons fully-loaded and logged 218 hours of flight, of which the reactor ran for nearly 90 hours. And the crew lived.

But strapped with high costs of about $7 billion and faced with other priorities, including the creation of intercontinental ballistic missiles and the space race, President John F. Kennedy canceled all Aircraft Nuclear Propulsion projects in 1961.

Still, by that time, Weinberg had squeezed in several years' worth of research and $1 billion on molten-salt reactors.

By 1960, with the government funding the development of commercial nuclear power plants, Weinberg poured all of that knowledge into the Molten-Salt Reactor Experiment (MSRE). The MSRE went critical in 1965, produced power for thousands of hours through 1969, and was hailed a success.

The next stage was to develop MSRE into something called a breeder reactor.

The death of Weinberg's dream

three mile island nuclear power plant steam towers GettyImages 110954016USAF

Breeder reactors can create more fuel than they burn through fission, thanks to a process called neutron capture: a "fertile" atom will absorb a neutron from fission, then decay into (and "breed") the fuel. The fuel can then be fissioned to breed more fuel, and so on.

As long as fertile material is around, this can go on indefinitely. But breeding only works with a few radioactive isotopes, since it requires so many neutrons to work.

One is uranium-238, a fertile isotope which makes up more than 99% of natural uranium ore. It can be bred into plutonium-239, a fissile weapons material. (This is how the US made most of its nuclear arsenal.)

Another is thorium, which can be bred into uranium-233 — another fissile fuel, yet one that is very difficult to handle or make into bomb material.

"Right now we extract thorium inadvertently as a function of rare-earth mining," Sorensen said. "We go looking for neodymium, and other rare-earths — ironically for magnets for things like wind turbines — and we bring up quite a bit of thorium in the process, which right now is treated like a waste."

thorium metal sample w oelen wikipedia ccbysa3USAFBut it's no waste.

According to "SuperFuel," a 2013 book on thorium energy's demise and promise by journalist and author Richard Martin:

"Thorium is around four times as abundant as uranium and about as common as lead. Pick up a handful of soil at your local park or ball-field; it contains about 12 parts per million of thorium. The United States has about 440,000 tons of thorium reserves, according to the Nuclear Energy Agency; Australia has the world's largest resources, at about 539,000 tons. Like uranium and plutonium, thorium makes a dense and highly efficient energy source: scoop up a few ounces of sand on certain beaches on the coast of India, it's said, and you'll have enough thorium to power Mumbai for a year."

Inside a molten-salt breeder reactor, which burns up almost all of its fuel and generates hundreds of times less waste than LWRs, Weinberg estimated that thorium could meet the world's energy needs for billions of years.

But the government canceled the MSRE in 1972, Weinberg retired soon after, and he never revived his research.

The US ultimately favored the LWR design for its nuclear reactors because more of them had been built, the military liked the design for nuclear submarines, and they could also make nuclear weapons material.

A push for next-generation nuclear power

flibe molten salt test tube ornlUSAF

In the 2000s, Sorensen and others (including China and India) began rediscovering the idea of thorium-fueled molten-salt reactors.

Sorensen is one of a few entrepreneurs who is trying to revive, modernize, and license his own version of the technology, called the liquid fluoride thorium reactor (LFTR).

RAW Embed

"The technology is viable, the science has been demonstrated," Hans Gougar, a nuclear physicist at Idaho National Laboratory (INL), told Business Insider.

But it's been rough. Developing nuclear power technology requires billions of dollars and is very slow, since it has to be proven safe at multiple stages before commercial-scale plants can be built — and the LFTR is unlike anything in service today.

"Maneuvering the licensing process is a huge challenge. The regulatory framework is not currently streamlined to support these novel innovative technologies," Rita Baranwal, a materials engineer at INL, told Business Insider.

The Department of Energy estimates it may take until 2040 or 2050 to license a full-scale and commercial molten-salt power plant. Meanwhile, America's aging yet vital nuclear power plants aren't getting any younger.

That's why, this summer, INL tapped Baranwal to direct its new Gateway for Accelerating Innovation in Nuclear (GAIN) program, which is a technology accelerator and support system created for small-time nuclear entrepreneurs.

However it gets built — or whoever builds it — Sorensen is convinced that thorium-fueled molten-salt reactors are the key to solving Earth's energy blues for good.

"This is something that's going to benefit their future tremendously, it's going to lead to a new age of human success," he said, speaking to the world at large. "And if they want that, they need to be talking to their elected officials and demanding it, in fact, and saying 'we want to see these things happen.' Because only a society that decides to embrace this kind of technology is going to ultimately realize its benefits."

For more on molten salt reactors and solving climate change, listen to the "world building" episode of the Codebreaker podcast from Business Insider and Marketplace. Subscribe to the whole series on iTunes or wherever you get your podcasts.

NOW WATCH: This Cold War-era technology could safely power the world for millions of years

13 Dec 10:03

NO. The Grand Tour is NOT The Most Pirated TV-Show in History.

by Ernesto

grandbollocks2Statistics are generally pretty boring, but when pirates come into play it’s an entirely different story.

Yesterday, numerous self-respecting news publications ‘reported’ that Amazon’s Top Gear ‘inspired’ series “The Grand Tour” is now the most pirated TV-show ever, beating Game of Thrones, which held this title for nearly a decade.

While it sounds exciting, it’s not really true.

Admittingly, collecting piracy statistics is far from an exact science. However, even when we look at publicly available data it’s obvious The Grand Tour is no competition for Game of Thrones.

The confusion started with a report from the bastion of quality news reporting, The Daily Mail. “Clarkson’s TV comeback becomes the most illegally downloaded show in history,” it claimed.

The report cites data from piracy monitoring firm MUSO and suggests that the first episode was illegally downloaded 7.9 million times. More than any other show in history, the company’s chief commercial officer claimed.

“It is the most illegally downloaded programme ever. It is off the scale in terms of volume. It has overtaken every big show, including Game Of Thrones, for the totals across different platforms,” MUSO’s Chris Elkins said.

While we’re not going to dispute this number directly, the “most downloaded” claim is nonsense. First of all, it would be virtually impossible for any new show to be the most downloaded ever if it’s up against those that have been available for years.

But, let’s assume that we’re talking about downloads on a weekly basis. Even then, the signs are pretty bad. Looking at the most recent list of most pirated TV-shows on The Pirate Bay shows that several other shows currently outrank The Grand Tour by a wide margin, The Walking Dead in particular.


In addition, recent streaming data from several of the most popular streaming sites online places The Grand Tour behind The Walking Dead, which traditionally is far less popular than Game of Thrones.

TorrentFreak has kept a close eye on the most-shared torrents for The Grand Tour, which get roughly 20,000 people sharing simultaneously at their peak. Peanuts compared to Game of Thrones’ record, which sits at over a quarter million.

Also, the claimed “record” number of downloads is significantly less than our 14+ million estimate for Game of Thrones last year.

Even Muso itself indirectly disputes its own claim, as the quoted 7.9 million figure for the Grand Tour is lower than an estimate it previously gave for Game of Thrones.

We asked Muso itself for clarification and it appears that there has been some misunderstanding. The spokesperson for the company suggests that The Grand Tour is ‘just’ the most pirated UK TV show.

“Demand analysis across a three week monitoring period for episodes 1-3 of The Grand Tour placed it as having the highest volume of piracy views for a UK TV show in history, as well as the most piracy views in a debut season for a TV show.”

That sounds more like it. In addition, it’s probably also the most pirated TV show with the word “Grand” in the title, as well as the most illegally downloaded show about cars.

TorrentFreak asked the company for additional clarification on what data is covered in the 7.9 million estimate, as “piracy views” suggests that it’s about more than torrent downloads. It’s likely that MUSO also included a streaming estimate in its data, but at the time of publication we have yet to receive a response.

We don’t know whether MUSO was misquoted by The Daily Mail, but it’s safe to say that The Grand Tour still has a long way to go before it outpaces Game of Thrones, if it ever will.

Fake news anyone?

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

12 Dec 12:20

Fake Tech

by Phil Baker

There’s fake news, fake science, and now, “fake tech”. Fake tech is a term that came to mind while reading about the augmented reality startup Magic Leap. The company has raised $1.4 billion based on videos created to demo its technology. But new information has surfaced that indicates these videos were created using special effects, simulated by a New Zealand company that specializes in such things. While it’s not clear how real the company’s technology is, you could describe these simulated presentations as fake.

Then there’s Theranos, the health technology company that raised hundreds of millions of dollars for its fingerstick and microfluidics technologies that promised to revolutionize blood testing. The company’s value was as high as $9 billion before it was discovered that much of its technology was more wishful thinking than real. Apparently, its charismatic leader was able to persuade a number of luminaries to serve on its board while others, including Walgreen’s, made huge investments based on fake evidence or no evidence at all.

Because technology is often complicated and overwhelming to those without science or engineering training, potential customers and investors are not equipped to make knowledgeable assessments and therefore follow the crowd of believers, not wanting to be left behind.

But as many of us working in Silicon Valley know, there’s a propensity for entrepreneurs to take on tasks that may seem insurmountable, or even impossible, that can lead to real innovation and breakthroughs. Along the way, with the need to attract investment, employees and customers, it’s easy for the promises to get ahead of the reality. People want to believe and can easily fall prey to those leaders who may be better at promoting than the actual science.

In the case of Theranos and Magic Leap, there were early warning signs, such as the companies’ refusal to provide real demos. In both cases, the truth came out when former employees came forward with their stories. In the case of Theranos, an intensive investigation by the WSJ did much to undermine the company’s credibility.

I’ve also experienced fake tech on Indiegogo and Kickstarter. There are products described with seemingly impossible claims that can’t be verified by the host sites. So, anyone with a clever idea and a simulated video can raise money proposing an idea that’s impossible to do. Some may know it’s impossible but many don’t know what they don’t know and believe it can be accomplished with enough money.

In addition to these, there are more nuanced examples of fake tech practiced by major companies that rely on exaggerated claims to garner publicity and boost their stock. While perhaps not completely fake, they are a lot less than what they seem to be.

Uber claimed they were beginning to use driverless cars in Pittsburgh when, in fact, they were starting to test the cars with a professional driver at the wheel. Amazon announced last year they were going to begin delivery of packages using drones, yet it will be years away.

In these cases, the press jumped on these stories, encouraged by the companies’ professional PR people, skilled at creating headlines out of bits of truth, and playing to the strengths and weakness of gullible reporters. While perhaps not factually inaccurate, the results were closer to almost-fake tech.

What fuels fake tech is what fuels fake news — the need to create headlines that result in clicks, eyeballs and hence, dollars. The need to get above the noise and stand out in some way. Too often, there are reporters not trained in science or technology that fall for these stories without a critical eye. They too want to believe and, as a result, promote a story without understanding the nuances behind it.

What’s the solution? Good reporting by trained journalists that understand basic science. Reporters that have a skeptical eye who understand they can’t accept all they are told. The need to assess claims using industry experts without financial ties to the company or its investors. Reliance on industry analysts who have seen and heard it all before and are not taken in by unsubstantiated claims.

10 Dec 14:26

FindLectures Is a Huge Repository of Free Digital Lectures

by Thorin Klosowski

The internet is filled with free educational lectures, and many of those lectures are spread across a variety of platforms, from free university sites to YouTube. FindLectures attempts to provide a single place to search through them.


07 Dec 16:42

WWW Malware Hides in Images

by Bruce Schneier

There's new malware toolkit that uses steganography to hide in images:

For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites.

Discovered by security researchers from ESET, this new exploit kit is named Stegano, from the word steganography, which is a technique of hiding content inside other files.

In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads.

The crooks took a PNG image and altered the transparency value of several pixels. They then packed the modified image as an ad, for which they bought ad displays on several high-profile websites.

Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character.

Slashdot thread.

02 Dec 16:22

USB Killer, yours for $50, lets you easily fry almost every device

by Sebastian Anthony

Last year we wrote about the "USB Killer"—a DIY USB stick that fried almost everything (laptops, smartphones, consoles, cars) that it was plugged into. Now the USB Killer has been mass produced—you can buy it online for about £50/$50. Now everyone can destroy just about every computer that has a USB port. Hooray.

The commercialised USB Killer looks like a fairly humdrum memory stick. You can even purchase a "Test Shield" for £15/$15, which lets you try out the kill stick—watch the spark of electricity arc between the two wires!—without actually frying the target device, though I'm not sure why you would want to spend £65 to do that. The website proudly states that the USB Killer is CE approved, meaning it has passed a number of EU electrical safety directives.

Read 9 remaining paragraphs | Comments

29 Nov 13:21

The Magic Inside Your Devices

by Bob O'Donnell

Sometimes, it’s what’s inside that counts more than what we can see on the outside. That’s certainly the case with people, and increasingly, I think, it’s going to be the case with tech devices.

Many of the most impressive breakthroughs in our favorite gadgets are driven almost completely by critical new breakthroughs in component technologies: chips and other semiconductors, displays, sensors, and much more. Just this week, in fact, there were reports that Apple might offer a curved display on next year’s iPhone, and that HP Enterprise had debuted the first working prototype of a dramatically different type of computing device that they dub The Machine.

In both cases, it’s critical component technologies that are enabling these potentially breakthrough end products. In the iPhone’s case, it would be because of bendable OLED displays being produced by companies such as LG Display and Samsung Electronics’ display division. For The Machine, HP’s own new memory and optical interconnect chips are the key enablers for computing performance that’s touted to be as much as 8,000 times faster than today’s offerings.

Long-time tech industry observers know that the real trick to figuring out where product trends are going is to find out what the most important component technologies being developed are, then learn about them and their timeline for introduction. That isn’t always as easy as it sounds, however, because semiconductor and other component technologies can get very complicated, very quickly.

Still, there’s no better way to find out the future of tech products and industry trends than to dive into the component market headfirst. Fortunately, many major tech component vendors are starting to make this easier for non-engineers, because they’ve recognized the importance of telling their stories and explaining the unique value of their products and key technologies.

From companies like Sandisk describing the performance and lifetime benefits of solid state drives (SSDs) inside PCs, to chipmakers like nVidia describing the work in artificial intelligence (AI) that GPUs can achieve, we’re starting to see a lot more public efforts to educate even dedicated consumers, as well as investors and other interested observers, to the benefits of critical component technologies.

Given the increasing maturity and stabilization of many popular tech product categories, I believe we’re going to start seeing an increased emphasis on changes to the “insides” of popular devices. Sure, we’ll eventually see radical outward-facing form factor changes such as smartphones with screens you fold and unfold, but those will only happen once we know that the necessary bendable components can be mass produced.

Given the increasing maturity and stabilization of many popular tech product categories, I believe we’re going to start seeing an increased emphasis on changes to the “insides” of popular devices.”

Of course, the ideas behind what I’m describing aren’t new. Starting in the early 1990s and running for many years, chip maker Intel ran an advertising campaign built around the phrase “Intel Inside” to build brand recognition and value for its CPUs, or central processing units–the hidden “brains” inside many of our popular devices.

The idea was to create what is now commonly called an ingredient brand—a critical component, but not a complete, standalone product. The message Intel was able to deliver (and that still resonates today) is that critical components—even though you typically never see them—can have a big influence on the end device’s quality, just as ingredients in a dish can have a large influence on how it ultimately tastes.

Since then, many other semiconductor chip, component and technology licensing companies (think Dolby for audio or ARM for low-power processors, for example) have done their own variations on this theme to build improved perceptions both of their products and the products that use them. Chip companies like AMD, Qualcomm, and many others, are also working to build stronger and more widely recognized brands that are associated with important, but understandable technology benefits.

Most consumers will never buy products directly from these and other major component companies. However, as tech product cycles lengthen and industry maturity leads to slower changes in basic device shapes and sizes, consumers will start to base more of their final product purchase decisions on the ingredients from which those products are made.

23 Nov 11:55

Even Microsoft CEO Satya Nadella wants to get his hands on this startup's $1399 Surface Pro-killer (MSFT)

by Matt Weinberger

eve v laptop tabletEve

Microsoft's Surface tablets essentially invented the market for laptop/tablet hybrid computers, setting a standard that even Apple ended up following with its iPad Pro.

Now Eve, a Helsinki-based startup with backing from Intel, thinks it can one-up Microsoft with the Eve V (pronounced "Eve Vee") — its own Windows 10-powered take on the Surface Pro, starting at $1399 for preorder via IndieGoGo, though it's backordered to April 2017.

Today, Eve says so many people lined up to buy the first run of Eve V devices, it actually briefly overwhelmed IndieGoGo's payment processing system. At the time of writing, the Eve V had raised $722,833, or 964% of its $75,000 goal. 

Even Microsoft CEO Satya Nadella has taken an interest in the Eve V project after reading about it, says Eve CEO Konstantinos Karatsevidis, and will be getting a unit to try out when it starts shipping in February. After all, from Microsoft's perspective, the whole reason it first created the Surface was to inspire PC manufacturers.

"[Microsoft] really wanted to see the device," Karatsevidis says.eve v teamEve

The machine is totally finished and functional, thanks to Intel's funding, Eve says; the IndieGoGo campaign is to cover manufacturing costs and handle preorders.

At this point, you may be wondering what makes the Eve V so special. If you ask Karatsevidis, the answer is simple: It's all about the community. See, every aspect of the Eve V, from the design to the processor to the keyboard cover material, was decided with full and complete input from Eve's community of fans.

"We immediately started to see huge advantages"

The Eve V is actually Eve's second bit of Windows hardware. The first, early 2015's Eve T1, was a budget Windows 8.1 tablet, designed to balance price with performance. At the time, Karatsevidis says, Eve was really just two guys looking to make the kind of gadget they themselves would want to use.

"We were pretty unhappy with the products in the market," Karatsevidis says.

eve v fact sheetEve

The Eve T1 got pretty solid reviews, but Karatsevidis says that Eve was getting a ton of feedback, both via e-mail and in the comments sections of press articles about the tablet. A lot of people had a lot of ideas for how the T1 could have been done better. 

Karatsevidis didn't just welcome the feedback — he rebuilt the company around it. In June 2015, Eve introduced Eve.Community, a site where anybody could register and help guide the company as it worked on its next project, what would become the Eve V.

"We immediately started to see huge advantages to this," Karatsevidis says.

"The community stepped in and stopped us"

Karatsevidis says that there's this tendency in the market, especially when talking about hybrids like the Surface Pro, to focus on sleekness above all else.

The problem, Karatsevidis says, is that this sleekness comes at the cost of things that users really care about, like battery life or additional USB and monitor ports. So while Eve's original designs called for something as thin and light as possible, the community came in and set them straight.

Microsoft Surface Pro 4Eve

"The community kicked in and prevented us from doing so," Karatsevidis says. "As a result, we have a lot of battery life."

Now, Karatsevidis says, he realizes that battery life can make or break a product, "no joke." Similarly, the Eve V sports Thunderbolt 3, USB-C and 2 full-sized USB-A 3.0 ports, which beats the Surface Pro 4, which only has one USB port. 

The payoff has been this tremendous rush of interest in the Eve V, as a device built by power users, for power users.

"We really want to challenge the big guys"

Intel found the project "quite accidentally," Karatsevidis says, but was really intrigued by the notion of product development via the wisdom of the crowd, which is a big bet for Eve in the future. 

Going forward, Karatsevidis says, he's happy to see the Eve V go head-to-head with Microsoft, Asus, Lenovo, and every other PC manufacturer. But he doesn't see the company stopping there: There's no reason why Eve couldn't apply its approach to crowdsourcing designs for phones, tablets, or even electric vehicles, he says.

eve v portsEve

"We really want to challenge the big guys," Karatsevidis says. "We want to crowd-develop all kinds of tech with the community."

Still, don't expect to see the Eve V on the shelves at Best Buy or Target any time soon. From Karatsevidis' perspective, a big part of maintaining the relationship with the community is by selling the devices directly to fans.

NOW WATCH: Everything you need to know about the $3,000 Surface Studio — Microsoft's first desktop PC

17 Nov 10:28

Scientists explore how nutrition may feed mental health

Good nutrition has long been viewed as a cornerstone of physical health, but research is increasingly showing diet's effect on mental health, as well. A special section in Clinical Psychological Science highlights the different approaches that psychology researchers are taking to understand the many ways in which nutrition and mental health intersect.
13 Nov 11:19

Spotify is writing massive amounts of junk data to storage drives

by Dan Goodin

Enlarge / SSD modules like this one are being abused by Spotify. (credit: iFixit)

For almost five months—possibly longer—the Spotify music streaming app has been assaulting users' storage devices with enough data to potentially take years off their expected lifespans. Reports of tens or in some cases hundreds of gigabytes being written in an hour aren't uncommon, and occasionally the recorded amounts are measured in terabytes. The overload happens even when Spotify is idle and isn't storing any songs locally.

The behavior poses an unnecessary burden on users' storage devices, particularly solid state drives, which come with a finite amount of write capacity. Continuously writing hundreds of gigabytes of needless data to a drive every day for months or years on end has the potential to cause an SSD to die years earlier than it otherwise would. And yet, Spotify apps for Windows, Mac, and Linux have engaged in this data assault since at least the middle of June, when multiple users reported the problem in the company's official support forum.

"This is a *major* bug that currently affects thousands of users," Spotify user Paul Miller told Ars. "If for example, Castrol Oil lowered your engine's life expectancy by five to 10 years, I imagine most users would want to know, and that fact *should* be reported on."

Read 5 remaining paragraphs | Comments

07 Nov 13:48

The MacBook Pro is a lie

by Vlad Savov

Many of us have been talking our way around this issue for the past week without directly confronting it, so I feel like now’s as good a time to address it as any: Apple’s new MacBook Pro laptops are not designed for professional use.

This should come as no surprise to those who’ve long perceived the Mac platform as inward-looking, limited in compatibility, and generally worse value for money than comparable Windows alternatives. Pros are smart with their tools and their money, after all. But the change with Apple’s 2016 generation of MacBook Pros is that those downsides have been amped up — more expensive and less compatible than ever before — to an extreme that exposes the fallacy of the continued use of the Pro moniker. These are...

Continue reading…

04 Nov 09:36

Arctic Sea Ice Is Losing Its Bulwark

Arctic Sea Ice Is Losing Its Bulwark
In 1984, there were 1.86 million square kilometers of old ice spread across the Arctic at its yearly minimum extent. In September 2016, there were only 110,000 square kilometers of old ice left.

26 Oct 17:31

Don’t believe the hype: Apple added more debt than cash

Apple’s cash reserves hit a record $237.6 billion at the end of its 2016 fiscal year, but that simple metric ignores the tech giant’s fast-growing debt load.
24 Oct 10:14

Hacker ontdekt en misbruikt beveiligingslek in 4G netwerken

by (Tim Wijkman van Aalst)
Een Chinese hacker heeft een beveiligingslek in de nieuwste generatie 4G netwerken ontdekt en ook weten te misbruiken om bel- en SMS verkeer af te luisteren en mobiele apparaten offline te krijgen.