Month: November 2016

Enlarge (credit: Zboralski)

The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan.

In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers."

That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident—which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan.

Enlarge (credit: Getty Images | GSO Images)

Congress has passed a law protecting the right of US consumers to post negative online reviews without fear of retaliation from companies.

The bipartisan Consumer Review Fairness Act was passed by unanimous consent in the US Senate yesterday, a Senate Commerce Committee announcement said. The bill, introduced in 2014, was already approved by the House of Representatives and now awaits President Obama's signature.

The Commerce Committee held a hearing on gag clauses a year ago and said it heard "testimony from Ms. Jen Palmer, a plaintiff in Palmer v. KlearGear, where a company demanded the removal of a negative online review or payment of $3,500 in fines because the online merchant’s terms of service included a non-disparagement clause. When the review was not taken down, the company reported the unpaid $3,500 to a credit reporting agency as an outstanding debt, which negatively impacted the Palmers’ credit."

Universal Parks & Resorts and Nintendo announced today that they will be bringing a Nintendo-themed area—filled with themed attractions, shops, and restaurants—to Universal theme parks in Orlando, Hollywood, and Osaka "over the next several years."

The announcement is light on details about things like types of rides or included game franchises but full of buzzwords like "innovative," "immersive and interactive," "expansive," and "breathtakingly authentic." Still, the announcement represents the first concrete new information on the Nintendo/Universal partnership since it was first announced last year. Early reports of the "Mario area" in Universal's Osaka park began to leak out via the Japanese press in March, but this is the first sign that Nintendo attractions will be coming to the United States parks as well.

"We are working very hard to create attractions that can be equally enjoyable to anybody, regardless of age," Nintendo Creative Fellow Shigeru Miyamoto said in a video accompanying the announcement. "We are constantly amazed how the park developers are bringing the essence of our games to life in the real world. Together we are building it with an eye for what guests will actually experience."

European Bank for Reconstruction and Development

On Wednesday, officials from all over the world gathered about a football field away from the Chernobyl disaster site in Ukraine. They were there to celebrate the final placement of a massive, high-tech shelter over reactor 4, which exploded in April 1986.

The shelter, called the New Safe Confinement (NSC), is a feat of engineering. Because it was too dangerous to assemble the NSC over the original shelter that was built in the weeks after the explosion, the NSC was instead built at a distance and moved—slowly, over days—on a pair of tracks parallel to the original shelter. But even that was no simple task. The NSC is 354ft (108m) tall and 843ft (257m) wide, making it the largest mobile metal structure in the world.

The Amazon Echo. Imagine this with Google inside. (credit: Amazon)

Amazon may be adding to its Echo family very soon. A report from Bloomberg suggests the online retailer is working on a new Alexa-based speaker device with a seven-inch touchscreen, which would make it the first Alexa device with a screen. Currently Amazon's $180 Echo, $130 Tap, and $50 Dot are cylindrical devices, some with speakers and some without, that all contain the company's digital assistant.

According to the report, the new device will have a touchscreen that can be tilted upward so it's more easily visible when sitting on a counter or table. The screen will make it more convenient for users to access information like weather reports, calendar events, and news. All of that information can currently be accessed by voice-commanding Alexa to read it out, but the screen would give that information a visual component. It's also reported that the new device will have even better speakers than the current Echo, which would likely make it a better music playback device.

In addition to using Alexa to control the new device, users will be able to interact with the screen almost like a tablet. Bloomberg reports the device will run "an optimized version of Fire OS," which is the operating system used in Amazon's tablets. Amazon is also testing a feature that would let users "pin" items to the device's screen, similar to how you could use a magnet to place something on a refrigerator door. This feature sounds similar to the messaging features on Triby, one of the first third-party devices to incorporate Alexa. That device uses a small, e-ink display to show messages sent between family members as well as date and weather information.

Enlarge (credit: NextEV)

Zero to sixty. Horsepower per kilogram. Nürburgring lap times. All great ways of bench-racing cars in order to win arguments in the pub (or on an Internet forum). And if the latter is your go-to yardstick for performance, there's a new king of the electric vehicles in town: the NextEV Nio EP9.

NextEV is a Chinese EV maker, and it's going to launch a range of electric (and eventually autonomous) cars under the Nio brand (starting in China next year). As is now becoming the default (e.g., Faraday Future), instead of showing us a prototype production model, the company is making a splash with an EV supercar—the 194mph (313km/h) EP9—just six of which will be built.

The EP has been designed for the track-day enthusiast, and so features rapidly swappable batteries. NextEV hasn't released the kWh rating for the batteries, but says the range is 265 miles (426km) and that recharging takes 45 minutes (swapping the batteries for a fully charged set takes eight minutes apparently). The chassis is—as you'd expect—carbon fiber, and it has a motor-generator unit at each wheel, with a peak power output of 1,341hp/1MW and 1091 ft-lbs/1480 Nm of torque.