Month: March 2016

Almost 300 million phones running Google's Android operating system are vulnerable to a newly developed drive-by attack that can install malware and take control of key operations, a security firm has warned.

A proof-of-concept exploit dubbed Metaphor works against Android versions 2.2 through 4.0 and 5.0 and 5.1, which together are estimated to run 275 million phones, researchers from Israeli security firm NorthBit said. It attacks the same Stagefright media library that made an estimated 950 million Android phones susceptible to similar code-execution attacks last year. The following video demonstrates how a malicious attacker might use a Metaphor-style attack to take control of a phone after luring an unsuspecting end user to a booby-trapped website.

The NorthBit-developed attack exploits a Stagefright vulnerability discovered and disclosed last year by Zimperium, the security firm that first demonstrated the severe weaknesses in the code library. For reasons that aren't yet clear, Google didn't fix the vulnerability in some versions, even though the company eventually issued a patch for a different bug that had made the Zimperium exploits possible. While the newer attack is in many ways a rehash of the Zimperium work, it's able to exploit an information leak vulnerability in a novel way that makes code execution much more reliable in newer Android releases. Starting with version 4.1, Android was fortified with an anti-exploitation defense known as address space layout randomization, which loads downloaded code into unpredictable memory regions to make it harder for attackers to execute malicious payloads. The breakthrough of Metaphor is its improved ability to bypass it.

A Russian rocket will launch two cosmonauts, Alexey Ovchinin and Oleg Skripochka, and NASA astronaut Jeff Williams into space today from the Baikonur Cosmodrome in Kazakhstan. Liftoff is set for 5:25pm ET, and live NASA TV coverage of the launch begins at 4:30pm in the video below.

Williams will be making his third visit to the International Space Station, and he'll become the first astronaut to make three rotations through the orbiting laboratory as a crew member. He has previously lived on the station in 2006 and 2009. This has given Williams a cumulative time in space of 362 days.

He presently ranks sixth among NASA astronauts in cumulative time in space and 35th among all space fliers on a list mostly populated by Russian astronauts. Before the end of his present mission (after 158 days, specifically), Williams will surpass Scott Kelly for the US record for total time in space (520 days). At the scheduled end of his third station mission in September, Williams will have spent 534 days in space.

Microsoft announced earlier this year that support for Skylake processors in Windows 7 and 8.1 would be quite limited: compatibility, reliability, and security fixes would only be offered until July 17, 2017. After that date, only security fixes would only be made available, and those security fixes would only be created if they had no implications for the compatibility or reliability of others platforms. Full support for Skylake processors—and its successors—was only to be offered to Windows 10.

Perhaps unsurprisingly, this has resulted in some pushback from enterprises, and Microsoft has shifted its policy in response. The window for compatibility, reliability, and security fixes has been extended by a year to July 17, 2018. The limitations on security fixes have also been removed; now all security fixes will be made available—until January 14, 2020 for Windows 7 and January 10, 2023 for Windows 8.1.

Nonetheless, Microsoft still asserts that Windows 10 is the best option for new systems. Installing Windows 7 on a Skylake system can be challenging; Windows 7 has no built-in support for the Intel integrated USB controller (so booting from a USB stick to install it is difficult) and no built-in support for NVMe storage (which is increasingly an issue in laptops). It also cannot take advantage of Skylake's new power management capabilities or use virtualization to improve security. Windows 10 is still set to be the only option for the next generation of processors, including both Intel's Kaby Lake and AMD's Zen.

Sony has begun briefing developers on plans to release a new version of the PS4 with increased graphical capabilities, according to a report from Kotaku.

The PS4.5 (as at least one overheard developer is apparently calling it) would sport a more powerful GPU than the current console, according to the report. That new hardware would allow the system to support games running at 4K resolution (the PS4 can currently only display photos and videos in 4K) and could help power more detailed experiences on the upcoming PlayStation VR. It's unclear from the report whether the improved power would be available in the form of a new console or as an upgrade program to existing PS4 units (or both).

Kotaku's Patrick Klepek cites two trusted development sources for the information and says other staffers at the site were able to independently confirm the same hardware plans with additional sources. That said, Klepek's sources warn that the plans they're hearing about seem more "exploratory" and vague than anything concrete at this point.

Hyundai's use of augmented reality to create a 21st century owner's manual remains one of our favorite—and most practical—implementations of AR tech to date. However, it's not the only cool use of AR in the automotive industry. Motorbike firm KTM is getting in on the action with an AR workshop manual that also demonstrates the utility of this burgeoning technology. KTM's app recognizes different serviceable elements on its bikes and then walks the technician through the necessary steps to fix them.

To find out a little bit more about how KTM went about creating the AR app, we spoke with Vuforia's Jay Wright (Vuforia is an AR firm that was bought from Qualcomm last year by PTC). Wright told us that there are now more than 25,000 Vuforia-built AR applications in Google Play and Apple's App Store, but most of them are consumer-facing—largely marketing-oriented—apps. (You can find a great automotive example at McLaren Cars.) This will soon change. "We're about to see serious traction in enterprise [applications]," Wright said.

Building an AR app requires several steps. The first—which is relatively simple, according to Wright—is telling the app what it's seeing. "You'll notice the content appears 'stuck' to something," Wright told us. "The application has to recognize the environment or the target." These targets can be images, objects, or surfaces. "It can be as simple as taking a picture or using a little scanning tool that we have that runs on your phone."

Prison phone companies are trying to stop a new Federal Communications Commission effort to impose rate caps on intrastate calls, with one executive claiming that immediate enforcement of new caps will cause "jail unrest."

The phone companies and the FCC have different interpretations of a stay order issued on March 7. Prison phone companies say the court order should mostly preserve the status quo, while the FCC argues that the order lets it apply its existing caps on interstate call rates to intrastate calls.

Securus Technologies CEO Richard Smith filed an affidavit in federal appeals court yesterday, arguing that the FCC has misinterpreted the court order and that imposing the rate caps on intrastate calls will cause problems in prisons and jails. Under a heading titled "Jail Unrest," Smith's affidavit stated:

In September, the US Court of Appeals for the 9th Circuit issued its ruling in the "Dancing Baby" copyright takedown case, initiated by the Electronic Frontier Foundation more than eight years ago. It was a victory for the EFF, but a very mixed one. Today, the court issued an amended opinion that makes the EFF's win stronger.

The initial ruling made it clear that copyright owners need to at least consider fair use before they issue a DMCA takedown notice. At the same time, the bar wasn't too high for what a rightsholder has to do to form a "good faith" belief that there's no fair use. The fair use consideration didn't have to be "searching or intensive," US Circuit Judge Richard Tallman wrote in his opinion.

Tallman also wrote a section of the opinion that appeared to endorse automated computer filters as a valid fair use consideration. "The implementation of computer algorithms appears to be a valid and good faith middle ground for processing a plethora of content while still meeting the DMCA's requirements to somehow consider fair use," he wrote.

(video link)

When I was a kid, it seemed simple: T. rex, the ultimate dinosaur, was just as it later appeared in Jurassic Park, covered in teeth, claws, and reptilian skin. It and all of its kin were also dead.

But even back then, it wasn't that simple. Thomas Henry Huxley, one of Darwin's earliest supporters, had a good look at Archaeopteryx and concluded that birds must have evolved from dinosaurs. Today, we know that's simply an understatement. Birds are dinosaurs, and when we talk about the great extinction that eliminated so many species in that group, we have to be careful to specify that it was the non-avian dinosaurs doing the dying.