Month: December 2017

Enlarge (credit: Ian Carroll)

For a decade, some security professionals have held out extended validation certificates as an innovation in website authentication because they require the person applying for the credential to undergo legal vetting. That's a step up from less stringent domain validation that requires applicants to merely demonstrate control over the site's Internet name. Now, a researcher has shown how EV certificates can be used to trick people into trusting scam sites, particularly when targets are using Apple's Safari browser.

Researcher Ian Carroll filed the necessary paperwork to incorporate a business called Stripe Inc. He then used the legal entity to apply for an EV certificate to authenticate the Web page https://stripe.ian.sh/. When viewed in the address bar, the page looks eerily similar to https://stripe.com/, the online payments service that also authenticates itself using an EV certificate issued to Stripe Inc.

The demonstration is concerning because many security professionals counsel end users to look for EV certificates when trying to tell if a site such as https://www.paypal.com is an authentic Web property rather than a fly-by-night look-alike page that's out to steal passwords. But as Carroll's page shows, EV certs can also be used to trick end users into thinking a page has connections to a trusted service or business when in fact no such connection exists. The false impression can be especially convincing when end users use Apple's Safari browser because it often strips out the domain name in the address bar, leaving only the name of the legal entity that obtained the EV certificate.

Google's push to bring Augmented Reality to the masses hit a big milestone today with the launch of the "AR Stickers" app. Google has been doing Augmented Reality for some time now with the hardware-packed Project Tango devices, but AR Stickers is the first app in Google's new AR strategy, which revolves around ARCore. ARCore is a reworked augmented reality framework that can do many of the Tango AR tricks but without all the extra hardware.

AR Stickers is out now in the Play Store for the Pixel 1 and Pixel 2. The app is a new mode in the Google Camera that allows you to drop various 3D characters into the camera feed. ARCore will map out the nearest horizontal plane, like a floor or table, and ground the characters in real life. You can move the camera around, take pictures, and record video.

Enlarge / Federal Communications Commission Chairman Ajit Pai arrives for his confirmation hearing with the Senate Commerce Committee on July 19, 2017 in Washington, DC. (credit: Getty Images | Chip Somodevilla )

The Federal Communications Commission is still on track to eliminate net neutrality rules this Thursday, but said today that it has a new plan to protect consumers after the repeal.

The FCC and Federal Trade Commission released a draft memorandum of understanding (MOU) describing how the agencies will work together to make sure ISPs keep their net neutrality promises.

After the repeal, there won't be any rules preventing ISPs from blocking or throttling Internet traffic. ISPs will also be allowed to charge websites and online services for faster and more reliable network access.

Enlarge / President Trump making remarks Monday during a ceremony for signing Space Policy Directive-1. (credit: NASA TV)

NASA has had a big problem since the agency triumphantly landed humans on the Moon nearly half a century ago. Namely, after the Apollo landings delivered a solid US victory in the Cold War, human exploration has no longer aligned with the strategic national interest. In other words, sending humans into space has represented a nice projection of soft power, but it has not been essential to America's domestic and foreign policy aims.

As a result, NASA's share of the federal budget has declined from just shy of five percent at the height of the Apollo program to less than 0.5 percent today. At the same time, NASA's mandate has grown to encompass a broad array of Earth science, planetary science, and other missions that consume more than half of the agency's budget.

With less buying power for human exploration, NASA has had to scale back its ambitions; and as a result, astronauts have not ventured more than a few hundred miles from Earth since 1972. Twice before, presidents have attempted to break free of low-Earth orbit by proposing a human return to the Moon, with eventual missions to Mars. President George H.W. Bush did so with the Space Exploration Initiative in 1989, on the 20th anniversary of the Apollo 11 Moon landing. And George W. Bush did so in 2004, with the Vision for Space Exploration. Neither of these were bad concepts—indeed, both offered bold, ambitious goals for the space agency—but they died due to a lack of commitment and funding.

Enlarge / A timeline of MoneyTaker hacking group. (credit: Group-IB)

A previously undetected hacker group has netted around $10 million in heists on at least 20 companies, in some cases by targeting the transfer networks banks use to transfer money, a Moscow-based security firm said Monday.

Members of the MoneyTaker group, named after a piece of custom malware it uses, started its heist spree no later than May 2016. That's when it penetrated an unnamed US bank, according to researchers with Group-IB in a report titled MoneyTaker: 1.5 Years of Silent Operations. The hackers then used their unauthorized access to control a workstation the bank used to connect to the First Data STAR Network, which more than 5,000 banks use to transact payments involving debit cards.

MoneyTaker members also targeted an interbank network known as AWS CBR which interfaces with Russia's central bank. The hackers also stole internal documents related to the SWIFT banking system, although there's no evidence they have successfully carried out attacks over it.

Enlarge (credit: Microsoft)

Microsoft today launched a preview version of a new programming language for quantum computing called Q#. The industry giant also launched a quantum simulator that developers can use to test and debug their quantum algorithms.

The language and simulator were announced in September. The then-unnamed language was intended to bring traditional programming concepts—functions, variables, and branches, along with a syntax-highlighted development environment complete with quantum debugger—to quantum computing, a field that has hitherto built algorithms from wiring up logic gates. Microsoft's hope is that this selection of tools, along with the training material and documentation, will open up quantum computing to more than just physicists.

Given that quantum computers are still rare, Microsoft has built an as-yet-unnamed quantum simulator to run those quantum programs. The local version, released as part of the preview, can support programs using up to 32 quantum bits (qubits), using some 32GB of RAM. Microsoft is also offering an Azure version of the simulator, scaling up to 40 qubits.

Greetings, Arsians! Courtesy of our friends at TechBargains, we have another round of deals to share. Our Dealmaster Calendar tells us that today is Green Monday, the kid brother of the made-up retail holiday family. The idea is to be a miniature Cyber Monday for late gift buyers in December; it's a bit forced, sure, but regardless of its legitimacy there are still a few discounts worth noting.

So, per usual, we've rounded up what we could. The discounts aren't as plentiful as they were on Black Friday, but there still may be a gadget or two that catches your eye, so have a look at the full list below.

(credit: TechBargains)

Note: Ars Technica may earn compensation for sales from links on this post through affiliate programs.