Month: October 2017

Enlarge (credit: Gemalto)

Millions of smartcards in use by banks and large corporations for more than a decade have been found to be vulnerable to a crippling cryptographic attack. That vulnerability allows hackers to bypass a wide range of protections, including data encryption and two-factor authentication.

The critical vulnerability, which researchers disclosed last week, allows attackers to derive the private portion of any vulnerable key using nothing more than the corresponding public portion. The so-called factorization attack can be completed in minutes or days, and the price can range from nothing, depending on the key size and type of computer an attacker uses, to $20,000. The vulnerability stems from a widely deployed library developed by German chipmaker Infineon, which in turn sells its hardware and software to third-party smartcard and device manufacturers.

The defect has now been confirmed to affect the first line of Gemalto IDPrime.NET smartcards. The cards have been on the market since 2004 at the latest, when Gemalto predecessor Axalto announced Microsoft employees were using the card to secure access to the software maker's network, by, among other things, providing two-factor authentication to company employees worldwide. During the 12 years the cards are known to have been in use, Netherlands-based Gemalto has shipped cards numbering in the millions or even the tens or hundreds of millions.

Enlarge / Amazon's Echo Show may have a Google-made rival in the near future. (credit: Amazon)

Sections of code within a recent update to the Google app seem to bolster reports that Google is working on a competitor to Amazon’s Echo Show smart speaker.

An Android Police teardown of the Google app’s v7.14.15 beta update uncovered several references to functions and commands that can be performed by a device or feature codenamed “Quartz.”

The code suggests that Quartz is activated through voice commands and can perform typical smart speaker tasks like setting a timer or checking the weather. However, it also points to several functions that would likely involve a screen, such as Web browsing, showing Google Maps data, and displaying recipes and other cooking info. The update also seems to contain different layouts for watching videos on YouTube, which Google pulled from Amazon’s touchscreen speaker last month with little explanation.

Enlarge / People hold their iPhone during the Apple iPhone 3G launch ceremony in Seoul, South Korea, in 2009. (credit: Chung Sung-Jun/Getty Images)

The Apple v. Samsung lawsuit is getting a big "reset," thanks to last year's Supreme Court ruling on design patents.

The long-running litigation rollercoaster has included so many turns it's hard to keep track. The case was filed in 2011 and went to a 2012 jury trial, which resulted in a blockbuster verdict of more than $1 billion. Post-trial damage motions whittled that down, and then there was a 2013 damages re-trial in front of a separate jury. An appeals court kicked out trademark-related damages altogether.

Meanwhile, a whole separate case moved forward in which Apple sued over a new generation of Samsung products. That lawsuit went to a jury trial in 2014 and resulted in a $120 million verdict, far less than the $2 billion Apple was seeking. That verdict was thrown out on appeal, then reinstated on a subsequent appeal. So that one appears to stand.

Enlarge / Captain Gabriel Lorca (Jason Isaacs) and Lieutenant Ash Tyler (Shazad Latif). (credit: CBS)

On Monday, the day after Star Trek: Discovery’s sixth episode aired, CBS announced that the show would be brought back for a second season.

The show—which is only available on CBS All Access, the network’s online streaming platform—has been met with generally positive reviews, including here at Ars.

"This series has a remarkable creative team and cast who have demonstrated their ability to carry on the Star Trek legacy," said Marc DeBevoise, president and chief operating officer of CBS Interactive in a statement. "We are extremely proud of what they've accomplished and are thrilled to be bringing fans a second season of this tremendous series."

Enlarge (credit: Brendan Smialowski/Getty Images)

Police body cams worn by 2,600 officers in the nation's capital did not affect citizen complaints or the use of force by the Metropolitan Police Department (MPD), according to a new study.

"We found essentially that we could not detect any statistically significant effect of the body-worn cameras," according to Anita Ravishankar, an MPD researcher at a city government group named Lab @ DC.

DC Police Chief Peter Newsham told NPR that everybody was expecting a different conclusion about the agency's $5.1 million program. "I think we're surprised by the result. I think a lot of people were suggesting that the body-worn cameras would change behavior. There was no indication that the cameras changed behavior at all."

Enlarge / Kaspersky Lab CEO and Chairman Eugene Kaspersky speaks at a conference in Russia on July 10, 2017. (credit: Anton NovoderezhkinTASS via Getty Images)

After reports that data collected by the company's anti-malware client was used to target an NSA contractor and various accusations of connections to Russian intelligence, today Kaspersky Lab announced the launch of what company executives call a "Global Transparency Initiative." As part of the effort aimed at regaining the trust of corporate and government customers among others, a Kaspersky spokesperson said that the company would open product code and the company's secure coding practices to independent review by the first quarter of 2018.

Don't just take our word for it - Kaspersky Lab announces comprehensive transparency initiative https://t.co/WctdVi0lXG pic.twitter.com/7YaedHLH9D

— Kaspersky Lab (@kaspersky) October 23, 2017

In a statement released by the company, founder Eugene Kaspersky said, "We want to show how we’re completely open and transparent. We’ve nothing to hide. And I believe that with these actions we’ll be able to overcome mistrust and support our commitment to protecting people in any country on our planet."

As part of the initiative, Kaspersky Lab will open three "Transparency Centers" for code review—one in the US, one in Asia, and one in Europe. This is similar to the practices of Microsoft and other large major software companies that allow code reviews by major government customers in a controlled environment. Kaspersky isn't the first vendor accused of providing espionage backdoors to follow this route—a similar practice was launched by Chinese networking hardware vendor Huawei in 2012 in the United Kingdom. At the time, Huawei offered to do the same for Australia and the US, but the offer was rejected and the company was banned from sensitive network work in the US by Congress.

Enlarge / Cray XC50 supercomputer. (credit: Cray)

Microsoft will add Cray supercomputers to its Azure cloud computing service to handle the needs of those with high performance computing (HPC) workloads.

Cloud computing systems like Azure can be used to build large cluster-like machines for high performance distributed workloads. Combined with FPGAs and GPUs, this makes them competitive, some of the time, with traditional supercomputers.

But sometimes, a workload really does need the high performance, low-latency interconnects and storage that are the hallmark of "real" supercomputers. That's why Microsoft is adding Cray XC and Cray CS supercomputer clusters along with ClusterStor storage to its Azure line-up. The machines are intended for tasks such as analytics, climate modelling, engineering simulations, and scientific and medical research. The companies envisage customers combining Cray HPC with Azure workloads to offer better performance and greater scaling than either Cray or Azure can offer alone.

A decade ago, dozens of media outlets and technologists discovered "The Next Internet." An original cyberspace science fiction fantasy had finally come to fruition as the world gained a second digitized reality. In a short period of time, countries established embassies, media companies opened bureaus, one of Earth’s biggest rock bands played a concert, political campaigns took to its streets, and people became real-world millionaires plying their skills in this new arena.

That much hyped "Next Internet?" You may remember it better by its official name—Second Life. For many modern Internet users, the platform has likely faded far, far from memory. But there’s no denying the cultural impact Second Life had during the brief height of its popularity.

Explaining Second Life today as a MMORG or a social media platform undersells things for the unfamiliar; Second Life became an entirely alternative online world for its users. And it wasn’t just the likes of Reuters and U2 and Sweden embracing this platform. Second Life boasted 1.1 million active users at its peak roughly a decade ago. Even cultural behemoth Facebook only boasted 20 million at the time.