Antivirus: US-Bundesbehörden bekommen Kaspersky-Verbot

Protektionismus? Die USA verbieten den Einsatz von Kaspersky-Produkten auf allen Computern von Bundesbehörden. Aus Gründen der “nationalen Sicherheit”, wie Trumps Heimatschutzministerin Elaine Duke sagt. (Politik/Recht, Microsoft)

Protektionismus? Die USA verbieten den Einsatz von Kaspersky-Produkten auf allen Computern von Bundesbehörden. Aus Gründen der "nationalen Sicherheit", wie Trumps Heimatschutzministerin Elaine Duke sagt. (Politik/Recht, Microsoft)

Apple Ready to Embrace 4K, HDR

While most of the focus was on Apple’s unveil of the new iPhone range at the newly built Steve Jobs Theater, there was one announcement that signaled the mainstreaming of a new video format.Apple’s updated Apple TV range will now support 4K streaming a…



While most of the focus was on Apple's unveil of the new iPhone range at the newly built Steve Jobs Theater, there was one announcement that signaled the mainstreaming of a new video format.

Apple's updated Apple TV range will now support 4K streaming and HDR. The new Apple TV device, with a starting price of US $179, will be the first Apple TV device to include 4K and HDR streaming.

Apple's firm embrace of 4K and HDR is a marked turning point for the nascent format, which has been fast tracked on its road to becoming a mainstream standard. Adoption of 4K Blu-ray discs, for example, has so far outpaced that of the original Blu-ray format.

In a boost for consumers, Apple plans to sell 4K movies in the iTunes store at the same price point as current HD releases, and plans to allow users to upgrade their existing HD movie purchases to 4K, for free!

The updated device, which goes on sale Sept. 22 (pre-orders go live on the 15th), will support Netflix 4K streaming out of the box, with Amazon Prime 4K support coming later in the year.

In addition, the Apple TV app will now support live sports streaming, with built in real-time score updates, notifications and other interactive features.

[via Home Media Magazine]

Windows 10: Fall Creators Update erhöht den Datenschutz

Microsoft erweitert die Datenschutzfunktionen in Windows 10. Mit dem Fall Creators Update erhalten Anwender mehr Möglichkeiten, die Datenschutzoptionen des Betriebssystems zu beeinflussen. (Windows 10, Microsoft)

Microsoft erweitert die Datenschutzfunktionen in Windows 10. Mit dem Fall Creators Update erhalten Anwender mehr Möglichkeiten, die Datenschutzoptionen des Betriebssystems zu beeinflussen. (Windows 10, Microsoft)

NSA Spied on Early File-Sharing Networks, Including BitTorrent

A document just published as part of the Edward Snowden leaks has revealed the NSA was actively monitoring file-sharing networks more than 12 years ago. Particular success was reported against both KaZaA and eDonkey, with the NSA managing to compromise the encryption on both while gaining access to sharers’ computers and personal data including email addresses.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

In the early 2000s, when peer-to-peer (P2P) file-sharing was in its infancy, the majority of users had no idea that their activities could be monitored by outsiders. The reality was very different, however.

As few as they were, all of the major networks were completely open, with most operating a ‘shared folder’ type system that allowed any network participant to see exactly what another user was sharing. Nevertheless, with little to no oversight, file-sharing at least felt like a somewhat private affair.

As user volumes began to swell, software such as KaZaA (which utilized the FastTrack network) and eDonkey2000 (eD2k network) attracted attention from record labels, who were desperate to stop the unlicensed sharing of copyrighted content. The same held true for the BitTorrent networks that arrived on the scene a couple of years later.

Through the rise of lawsuits against consumers, the general public began to learn that their activities on P2P networks were not secret and they were being watched for some, if not all, of the time by copyright holders. Little did they know, however, that a much bigger player was also keeping a watchful eye.

According to a fascinating document just released by The Intercept as part of the Edward Snowden leaks, the National Security Agency (NSA) showed a keen interest in trying to penetrate early P2P networks.

Initially published by internal NSA news site SIDToday in June 2005, the document lays out the aims of a program called FAVA – File-Sharing Analysis and Vulnerability Assessment.

“One question that naturally arises after identifying file-sharing traffic is whether or not there is anything of intelligence value in this traffic,” the NSA document begins.

“By searching our collection databases, it is clear that many targets are using popular file sharing applications; but if they are merely sharing the latest release of their favorite pop star, this traffic is of dubious value (no offense to Britney Spears intended).”

Indeed, the vast majority of users of these early networks were only been interested in sharing relatively small music files, which were somewhat easy to manage given the bandwidth limitations of the day. However, the NSA still wanted to know what was happening on a broader scale, so that meant decoding their somewhat limited encryption.

“As many of the applications, such as KaZaA for example, encrypt their traffic, we first had to decrypt the traffic before we could begin to parse the messages. We have developed the capability to decrypt and decode both KaZaA and eDonkey traffic to determine which files are being shared, and what queries are being performed,” the NSA document reveals.

Most progress appears to have been made against KaZaA, with the NSA revealing the use of tools to parse out registry entries on users’ hard drives. This information gave up users’ email addresses, country codes, user names, the location of their stored files, plus a list of recent searches.

This gave the NSA the ability to look deeper into user behavior, which revealed some P2P users going beyond searches for basic run-of-the-mill multimedia content.

“[We] have discovered that our targets are using P2P systems to search for and share files which are at the very least somewhat surprising — not simply harmless music and movie files. With more widespread adoption, these tools will allow us to regularly assimilate data which previously had been passed over; giving us a more complete picture of our targets and their activities,” the document adds.

Today, more than 12 years later, with KaZaA long dead and eDonkey barely alive, scanning early pirate activities might seem a distant act. However, there’s little doubt that similar programs remain active today. Even in 2005, the FAVA program had lofty ambitions, targeting other networks and protocols including DirectConnect, Freenet, Gnutella, Gnutella2, JoltID, MSN Messenger, Windows Messenger and……BitTorrent.

“If you have a target using any of these applications or using some other application which might fall into the P2P category, please contact us,” the NSA document urges staff. “We would be more than happy to help.”

Confirming the continued interest in BitTorrent, The Intercept has published a couple of further documents which deal with the protocol directly.

The first details an NSA program called GRIMPLATE, which aimed to study how Department of Defense employees were using BitTorrent and whether that constituted a risk.

The second relates to P2P research carried out by Britain’s GCHQ spy agency. It details DIRTY RAT, a web application which gave the government to “the capability to identify users sharing/downloading files of interest on the eMule (Kademlia) and BitTorrent networks.”

The SIDToday document detailing the FAVA program can be viewed here

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Play Austria: Die Kaffeehauskultur reicht bis in die Spielebranche

Österreichische Games sind vielfältig: Davon können sich Besucher der Messe Play Austria überzeugen. Allerdings fehlen der Branche noch Akteure mit internationaler Strahlkraft. Ein Bericht von Achim Fehrenbach (Games, Messe)

Österreichische Games sind vielfältig: Davon können sich Besucher der Messe Play Austria überzeugen. Allerdings fehlen der Branche noch Akteure mit internationaler Strahlkraft. Ein Bericht von Achim Fehrenbach (Games, Messe)

Streaming: Netflix führt Knopf zum Überspringen des Vorspanns ein

Eine neue Funktion in Netflix macht den Konsum von Fernsehserien angenehmer. In ersten Serien kann der Vorspann manuell übersprungen werden, bei einigen gilt das auch für die Rückblicke. (Netflix, Streaming)

Eine neue Funktion in Netflix macht den Konsum von Fernsehserien angenehmer. In ersten Serien kann der Vorspann manuell übersprungen werden, bei einigen gilt das auch für die Rückblicke. (Netflix, Streaming)

Failure to patch two-month-old bug led to massive Equifax breach

Critical Apache Struts bug was fixed in March. In May, it bit ~143 million US consumers.

Enlarge (credit: Wikimedia Commons/Alex E. Proimos)

The Equifax breach that exposed sensitive data for as many as 143 million US consumers was accomplished by exploiting a Web application vulnerability that had been patched more two months earlier, officials with the credit reporting service said Thursday.

"Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted," company officials wrote in an update posted online. "We know that criminals exploited a US website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement."

The flaw in the Apache Struts framework was fixed on March 6. Three days later, the bug was already under mass attack by hackers who were exploiting the flaw to install rogue applications on web servers. Five days after that, the exploits showed few signs of letting up. Equifax has said the breach on its site occurred in mid-May, more than two months after the flaw came to light and a patch was available.

Read 4 remaining paragraphs | Comments

Bay Area: Join us 9/20 to discuss how microfluidics will change science

At Ars Live, biochemist Aaron Streets will talk about the tech that’s revolutionizing labs.

Enlarge / Aaron Streets is a bioengineer who works on technology that does for fluids what microchips have done for computation. (credit: Aaron Streets)

Microfluidics is a cutting-edge area of science that non-scientists rarely hear about. By taking advantage of the physical properties of fluids at extremely small scales, biochemical analysis can be performed at significantly faster speeds than it would otherwise take for a full-scale lab test to run. In some cases, that means that work that would have taken days can now be done in minutes, at far lower cost. In some ways, it's the biochemical equivalent of the microchip. These "labs-on-a-chip" can be used to perform certain tasks, such as anthrax detection, DNA sequencing, and manipulation of single cells.

Aaron Streets, a UC Berkeley professor of bioengineering, is one of the leading researchers in this field. Streets completed his Bachelor’s in Physics and Art at UCLA and his doctorate in Applied Physics at Stanford. He then went to Beijing, China to conduct postdoctoral research at Peking University. Streets joined the faculty of UC Berkeley as an Assistant Professor in Bioengineering in 2016 and is currently a core member of the Biophysics Program and the Center for Computational Biology. He was recently named a Chan Zuckerberg Biohub investigator.

Join Ars Technica editors Cyrus Farivar and David Kravets in conversation with Aaron Streets at the next Ars Technica Live on September 20 at Eli's Mile High Club in Oakland.

Read 3 remaining paragraphs | Comments

Remember the artist who had his iPhone searched at the border? He’s now suing

“The border doctrine does not say that the Constitution doesn’t exist at the border.”

Enlarge / Leonel Cordova (L) and Noris Cordova, who are not plaintiffs in this lawsuit, speak to a CBP officer at Miami International Airport on March 4, 2015 in Miami, Florida. (credit: Joe Raedle/Getty Images)

A Jet Propulsion Laboratory engineer, a California artist, a limousine driver and several other Americans have sued the Department of Homeland Security and Customs and Border Protection over what they say are unconstitutional and warrantless searches of their digital devices at the United States border.

The lawsuit, which was filed in federal court in Massachusetts on Wednesday, is the first of its kind to directly challenge the government’s claim that it can demand travelers' passwords at the border in order to search a device in the wake of a key 2014 Supreme Court decision. The plaintiffs are being represented by attorneys from the American Civil Liberties Union and the Electronic Frontier Foundation.

Some of the plaintiffs' stories have been previously reported in the media, including by Ars. In May 2017, we reported the story of Aaron Gach, who told us that border agents threatened to "be dicks" if he didn’t hand over the password to his phone upon his arrival at San Francisco International Airport.

Read 10 remaining paragraphs | Comments

Martin Shkreli is headed to jail

Judge called Shkreli’s call to pluck Hillary Clinton’s hair “solicitation of assault.”

Enlarge / NEW YORK, NY - AUGUST 4: Shkreli was found guilty on three of the eight counts involving securities fraud and conspiracy to commit securities and wire fraud. (Photo by Drew Angerer/Getty Images) (credit: Getty | Drew Angerer)

Martin Shkreli will be held in jail until his sentencing for securities fraud following online antics, according to reports from the Brooklyn federal courtroom.

US District Judge Kiyo Matsumoto made the call Wednesday evening after hearing arguments from federal prosecutors who claimed Shkreli posed a "danger to the community." Prosecutors cited Shkreli’s recent online antics as reasons to lock up the infamous ex-pharmaceutical CEO. While he has a history of harassing women online, prosecutors were particularly critical of a September 4 Facebook post in which he offered his followers a $5,000 reward for plucking a strand of Hillary Clinton’s hair during her current book tour. He reportedly made a reference to using the strands for genetic testing in the post, which has since been deleted.

The post also prompted the Secret Service to interview Shkreli.

Read 6 remaining paragraphs | Comments