Oct 29

Apple, Disney, and WarnerMedia are all launching new video streaming services that you’re going to hear a lot about over the next few days. But here’s news about one streaming service that’s shutting down: Sony’s Playstation Vue, which offered a digital version of the cable TV bundle, will close up shop in January. From a report: “The highly competitive Pay TV industry, with expensive content and network deals, has been slower to change than we expected,” Sony said in an announcement on Tuesday. Translation: Sony was losing money on the service — which sold for around $50 a month and was supposed to appeal to people who owned its Playstation gaming consoles — and didn’t have many subscribers. Sony had previously tried to find a buyer for the service, according to a report from The Information. Sony was one of the first so-called “virtual mvpds”: bundles of network programming delivered over the internet that replicate what traditional pay TV distributors like Comcast sell. That group now includes YouTube, Hulu, and Dish’s Sling.

Read more of this story at Slashdot.

full article

Oct 29

A startup that makes replicas of the iPhone that help hackers find vulnerabilities is accusing Apple of suing it in an attempt to shut it down. Corellium also fired back at Apple and claimed the company owes it $300,000. From a report: On Monday, Corellium, the startup that was sued by Apple for alleged copyright infringement in August, filed its response to the lawsuit. Apple alleged that Corellium’s product is illegal, and helps researchers sell hacking tools based on software bugs found in iOS to government agencies that then use them to hack targets. The cybersecurity world was shocked by Apple’s lawsuit, which was seen as an attempt to use copyright as an excuse to control the thriving, and largely legal, market for software vulnerabilities. The lawsuit was filed just a few days after Apple announced it would give researchers special “pre-hacked” devices to allow them to find and report more bugs to the company.

“Through its invitation-only research device program and this lawsuit, Apple is trying to control who is permitted to identify vulnerabilities, if and how Apple will address identified vulnerabilities, and if Apple will disclose identified vulnerabilities to the public at all,” Corellium argues in its response, echoing arguments made by the security research community. In its response, Corellium essentially argues that using Apple’s code in Corellium is fair use and its product makes the world a better place by helping security researchers inspect the iPhone’s operating system, find flaws in it, and help Apple fix them. With Corellium, researchers can more easily find bugs by creating virtual instances of iOS and test them more quickly, as opposed to having to use actual physical devices. Corellium attempts to illustrate this by including “before” and “after” images in its response that demonstrate what it was like to try to hack the iPhone before it released its software.

Read more of this story at Slashdot.

full article

Oct 29

During his Open Source Summit Europe keynote speech, Greg Kroah-Hartman, the stable Linux kernel maintainer, said Intel CPU’s security problems “are going to be with us for a very long time” and are “not going away.” He added: “They’re all CPU bugs, in some ways they’re all the same problem,” but each has to be solved in its own way. “MDS, RDDL, Fallout, Zombieland: They’re all variants of the same basic problem.” ZDNet reports: And they’re all potentially deadly for your security: “RIDL and Zombieload, for example, can steal data across applications, virtual machines, even secure enclaves. The last is really funny, because [Intel Software Guard Extensions (SGX)] is what supposed to be secure inside Intel ships” [but, it turns out it’s] really porous. You can see right through this thing.” To fix each problem as it pops up, you must patch both your Linux kernel and your CPU’s BIOS and microcode. This is not a Linux problem; any operating system faces the same problem.

OpenBSD, a BSD Unix devoted to security first and foremost, Kroah-Hartman freely admits was the first to come up with what’s currently the best answer for this class of security holes: Turn Intel’s simultaneous multithreading (SMT) off and deal with the performance hit. Linux has adopted this method. But it’s not enough. You must secure the operating system as each new way to exploit hyper-threading appears. For Linux, that means flushing the CPU buffers every time there’s a context switch (e.g. when the CPU stops running one VM and starts another). You can probably guess what the trouble is. Each buffer flush takes a lot of time, and the more VMs, containers, whatever, you’re running, the more time you lose. “The bad part of this is that you now must choose: Performance or security. And that is not a good option,” Kroah-Hartman said. He added: “If you are not using a supported Linux distribution kernel or a stable/long term kernel, you have an insecure system.”

Read more of this story at Slashdot.

full article

Oct 21

NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked. From a report: The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private keys exposed, potentially allowing anyone to spin out their own servers imitating NordVPN. For its part, NordVPN has claimed a “zero logs” policy. “We don’t track, collect, or share your private data,” the company says. But the breach is likely to cause alarm that hackers may have been in a position to access some user data. NordVPN told TechCrunch that one of its datacenters was accessed in March 2018. “One of the datacenters in Finland we are renting our servers from was accessed with no authorization,” said NordVPN spokesperson Laura Tyrell. The attacker gained access to the server — which had been active for about a month — by exploiting an insecure remote management system left by the datacenter provider, which NordVPN said it was unaware that such a system existed.

Read more of this story at Slashdot.

full article

Oct 19

America’s lawmakers and Federal Reserve officials “are so concerned about Facebook’s plans to launch a new digital currency,” reports Politico’s financial services reporter, “that they’re contemplating a novel response — having the central bank create a competitor.”
Momentum is building for an idea that was once considered outlandish — a U.S. government-run virtual currency that would replace physical cash, a dramatic move that could discourage major companies like Facebook from creating their own digital coins. Facebook’s proposed currency, Libra, has forced the Fed to consider the issue because of a fear that private companies could establish their own currencies and take control over the global payments system. Some Fed officials share the concern about a new balkanized currency system outside government control that Facebook has threatened to unleash. “Libra bust this way out into the open,” said Karen Petrou, a managing partner at Federal Financial Analytics who advises executives on coming policy shifts.

But it’s not just Facebook. The matter is also taking on urgency as other countries consider creating their own digital currencies — another potential challenge to the primacy of the U.S. dollar. The head of the Bank of England has floated the idea that central banks could create a network of digital currencies to replace the dollar as the world’s reserve currency… The Bank for International Settlements, which represents the world’s central banks, said early this year that most were conducting research into central bank digital currencies and many were progressing from conceptual work into experimentation and proofs-of-concept…

The details of a possible [U.S.] Fed-developed digital currency are still vague. But advocates and experts say such an instrument could give consumers a new way to make payments without having to rely on banks and without incurring fees when they transfer money. The digital currency would likely take some inspiration from the technology that underpins other cryptocurrencies such as Bitcoin. The discussions are informal at this point. Members of Congress from both sides of the aisle have written to the central bank asking officials to consider how they might approach a digital currency, and some Fed officials have begun to acknowledge the government might someday play a role. “It is inevitable,” Federal Reserve Bank of Philadelphia President Patrick Harker said at a recent conference, according to Reuters. “I think it is better for us to start getting our hands around it.”

The article argues that America’s central bankers “worry that another major company could enter the space. If the Fed doesn’t establish a digital currency, who will…?

“The growing pressure on the Fed is evidence of how rapid developments in technology are beginning to shake the foundations of the financial system, raising questions about whether policymakers are prepared.”

Read more of this story at Slashdot.

full article

Oct 17

Facebook chief executive Mark Zuckerberg said in an interview he worries “about an erosion of truth” online but defended the policy that allows politicians to peddle ads containing misrepresentations and lies on his social network, a stance that has sparked an outcry during the 2020 presidential campaign. From a report: “People worry, and I worry deeply, too, about an erosion of truth,” Zuckerberg told The Washington Post ahead of a speech Thursday at Georgetown University. “At the same time, I don’t think people want to live in a world where you can only say things that tech companies decide are 100 percent true. And I think that those tensions are something we have to live with.” Zuckerberg’s approach to political speech has come under fire in recent weeks. Democrats have taken particular issue with Facebook’s decision to allow an ad from President Trump’s 2020 campaign that included falsehoods about former vice president Joe Biden and his son, Hunter. Sen. Elizabeth Warren responded to Facebook’s decision by running her own campaign ad, satirically stating that Zuckerberg supports Trump for re-election.

Zuckerberg framed the issue as part of a broader debate over free expression, warning about the dangers of social networks, including Facebook, “potentially cracking down too much.” He called on the U.S. to set an example for tailored regulation in contrast to other countries, including China, that censor political speech online. And Zuckerberg stressed Facebook must stand strong against governments that seek to “pull back” on free speech in the face of heightened social and political tensions. Zuckerberg’s appearance in Washington marks his most forceful attempt to articulate his vision for how governments and tech giants should approach the Web’s most intractable problems. The scale of Facebook and its affiliated apps, Instagram and WhatsApp, which make up a virtual community of billions of users, poses challenges for Zuckerberg and regulators around the world as they struggle to contain hate speech, falsehoods, violent imagery and terrorist propaganda on social media.

Read more of this story at Slashdot.

full article

Oct 15

Google’s Daydream, Android’s built-in virtual reality platform, is as good as dead. From a report: Following the company’s annual hardware event today, Google confirmed to VentureBeat that the Pixel 4 and Pixel 4 XL do not support the VR platform. Furthermore, Google stopped selling the Daydream View headset today. There are also no plans to support Daydream in future Android devices, Pixel or otherwise. “We are no longer certifying new devices,” a Google spokesperson confirmed. The Daydream app and store will continue to function for now. Further reading: It’s Becoming Increasingly Unlikely that We’ll See a Major Shift To Virtual Reality Any Time Soon.

Read more of this story at Slashdot.

full article

Oct 06

Intel researchers published a paper last week suggesting a new kind of CPU memory to block side-channel attacks like Meltdown and Spectre, according to ZDNet:
SAPM — or Speculative-Access Protected Memory — is the work of Intel STORM (STrategic Offensive Research & Mitigations), a team of elite security researchers that Intel assembled since 2017 to work on creating mitigations for all the speculative-execution attacks that have impacted the CPU maker’s products. SAPM is only an idea for the moment, and there are no silicon prototypes. Intel STORM engineers only released “the theory and possible implementation options,” to provide “a ground base for other researchers to improve upon and also for the industry to consider….”

Intel STORM researchers say SAPM will implement protections at the hardware level and will work with both physical and virtual memory addresses. “SAPM can be applied to specific memory ranges, with the attribute that any memory access to such memory type will be instruction-level serialized, meaning that any speculative execution beyond the SAPM-accessing instruction will be stopped pending the successful retirement of this SAPM-accessing instruction,” Intel STORM developers said in their short description of SAPM’s basic principles…

Intel STORM researchers say the second part (backend) of most speculative execution attacks performs the same actions. SAPM was designed to introduce hardware-based protections against the backend part of most attacks. It’s because of this concept that Intel’s research team believes that SAPM will also future-proof the next generations of Intel CPUs against other — currently undiscovered — speculative execution attacks.

“Intel STORM researchers don’t deny that there’s a performance hit,” the article adds. “However, this impact is low and could be mitigated further by dropping other existing protections.”

Read more of this story at Slashdot.

full article

Oct 03

Attorney General Bill Barr, along with officials from the United Kingdom and Australia, is set to publish an open letter to Facebook CEO Mark Zuckerberg asking the company to delay plans for end-to-end encryption across its messaging services until it can guarantee the added privacy does not reduce public safety. From a report: A draft of the letter, dated Oct. 4, is set to be released alongside the announcement of a new data-sharing agreement between law enforcement in the US and the UK; it was obtained by BuzzFeed News ahead of its publication. Signed by Barr, UK Home Secretary Priti Patel, acting US Homeland Security Secretary Kevin McAleenan, and Australian Minister for Home Affairs Peter Dutton, the letter raises concerns that Facebook’s plan to build end-to-end encryption into its messaging apps will prevent law enforcement agencies from finding illegal activity conducted through Facebook, including child sexual exploitation, terrorism, and election meddling.

“Security enhancements to the virtual world should not make us more vulnerable in the physical world,” the letter reads. “Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes.” The letter calls on Facebook to prioritize public safety in designing its encryption by enabling law enforcement to gain access to illegal content in a manageable format and by consulting with governments ahead of time to ensure the changes will allow this access. While the letter acknowledges that Facebook, which owns Facebook Messenger, WhatsApp, and Instagram, captures 99% of child exploitation and terrorism-related content through its own systems, it also notes that “mere numbers cannot capture the significance of the harm to children.”

Read more of this story at Slashdot.

full article

Oct 02

At Microsoft’s annual Surface press event today, the company announced the Surface Earbuds to rival Apple’s AirPods and Amazon’s newly announced Echo Buds. What’s unique about the Surface Earbuds is that, unlike the other two wireless earphones, they can be used with Alexa, Bixby, Google Assistant, Siri, or any other competitor — not just with Cortana. VentureBeat reports: Like the Surface Headphones, the Surface Earbuds don’t do anything until you pair them. Surface Earbuds communicate over Bluetooth 5.0 with an Android, iOS, or Windows 10 device. Once paired, you can tap and hold either of the buds to trigger the default assistant on your device. To use a different virtual assistant with the Surface Earbuds, just change the default assistant on the paired device.

“Out of the box, it just works,” said Surface Earbuds product lead Mohammed Samji. “On PC, it launches Cortana. On iOS, it will launch Siri, unless you’ve changed it. And I think it might vary depending on the distribution of Android, but all the ones I’ve tested, the first time I do it, Android asks me what I want as my default.” Surface Earbuds still offer a better experience with Cortana (although without the “Hey Cortana” wakeword), Samji made sure to emphasize. Surface Earbuds can do everything with Cortana that the Surface Headphones can do, like chit-chat, interact with your email, check your calendar, get your daily update, and create to-dos. Samji said his team created a more streamlined flow for all this Cortana functionality. It’s called Surface Audio. One of the biggest new abilities with the Surface Earbuds is gestures. “Surface Earbuds’ gestures include double tap (go in and out of the call, or play/pause), swipe up and down (control volume), or even swipe forward and back (switch tracks in music, switch slides in PowerPoint),” reports VentureBeat. “Specifically on Android, there’s also a triple tap to launch Spotify under your phone’s lockscreen — you can triple-tap again to have Spotify to choose another song using its ML.”

Read more of this story at Slashdot.

full article

«     |     ?     |     »