Month: January 2018

Enlarge / AdultSwine's operation flow. (credit: Check Point Research )

Sixty games were booted off the Play Store after security firm Check Point discovered that they contained pornographic ads and malicious components. Before their removal, the games were downloaded between 3 million and 7 million times, according to the download metrics on the Play Store.

The malware is dubbed "AdultSwine," and according to Check Point Research, it had three main features:

1. Displaying ads from the Web that are often highly inappropriate and pornographic
2. Attempting to trick users into installing fake "security apps"
3. Inducing users to register to premium services at the user’s expense

The 60 listings in the Play Store were generally knockoff games, like "Five Nights Survival Craft." In some cases, the creator simply stole a real IP, as in "Drawing Lessons Angry Birds." Once installed, the app would phone home, sending information about the user's phone and receiving instructions on how to operate. The app could hide its icon, making removal more difficult. Check Point says the malware could display ads from "the main ad providers" or switch to its own ad server, which provided porn ads, scareware ads, and ads that tricked the user into signing up for premium services. AdultSwine not only displayed ads while users played the game that came with the malware; it could also show pop-up ads on top of other apps.

Enlarge (credit: The Dragon Box)

Netflix, Amazon, and the major film studios have sued the makers of "The Dragon Box," a device that connects to TVs and lets users watch video without a cable TV or streaming service subscription.

Joining Netflix and Amazon as plaintiffs in the suit are Columbia Pictures, Disney, Paramount Pictures, Twentieth Century Fox, Universal, and Warner Bros. The suit asks for financial damages and an injunction preventing Dragon Media from continuing the alleged copyright infringement.

"Defendants sell illegal access to Plaintiffs' Copyrighted Works," the complaint says. (Hat tip to DSLReports.) "Dragon Box uses software to link its customers to infringing content on the Internet. When used as Defendants intend and instruct, Dragon Box gives Defendants' customers access to multiple sources that stream Plaintiffs' Copyrighted Works without authorization. These streams are illegal public performances of Plaintiffs' Copyrighted Works."

Meltdown and Spectre are not the only security problems Intel is facing these days. Today, researchers at F-Secure have revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system, thanks to weak security in Intel's Active Management Technology (AMT) firmware—remote "out of band" device management technology installed on 100 million systems over the last decade, according to Intel.

Intel had already found other problems with AMT, announcing last May there was a a flaw in some versions of the firmware that could "allow an unprivileged attacker to gain control of the manageability features provided by these products." Then in November of 2017, Intel pushed urgent security patches to PC vendors for additional management firmware vulnerable to such attacks—technologies embedded in most Intel-based PCs shipped since 2015.

But the latest vulnerability—discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post—is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer—even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords—by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel’s Management Engine BIOS Extension (MEBx).

Enlarge (credit: Bungie, Inc.)

In its first development roadmap update of 2018, Destiny developer Bungie is promising to rebalance Destiny 2's microtransaction and raids systems to give players more satisfying rewards that are less dependent on luck.

In the lengthy development update posted Thursday evening, Game Director Christopher Barrett admitted up front that, currently, "the scales are tipped too far towards Tess," the owner of the game's much maligned microtransaction-fueled Eververse store. The Eververse was "never intended to be a substitute for end game content and rewards," Barrett writes.

To that end, Barrett says the game will be shifting the item balance so desirable items like Ghosts, Sparrows, and ships can be earned directly as "activity rewards" for in-game actions rather than as random drops from Bright Engrams. Barrett also promises more "direct purchase options" and adjustments that will "allow players to get the items they want more often" without relying on the luck of the draw. These changes should start rolling out February 13.

Enlarge / Commercial Crew Astronaut Eric Boe examines hardware during a tour of the SpaceX facility in Hawthorne, California. (credit: NASA)

Almost since the beginning of the commercial crew program in 2010, the old and new titans of the aerospace industry have been locked in a race to the launch pad. Boeing, with five decades of aerospace contracts, represented the old guard. SpaceX, founded in 2002, offered a new, leaner way of doing things.

Through the years, as other participants in the commercial crew program fell away, Boeing and SpaceX remained on course to deliver US astronauts into space. It has not been easy for either company or for their sponsor, NASA. The space agency has only ever led the development of four spacecraft that carried humans into orbit, and three of those programs came in the 1960s, with the fourth and final vehicle in the 1970s—the space shuttle.

As both companies sought to climb this steep learning curve, they have missed deadlines. An original deadline of 2015 melted away after some key members of Congress diverted funds for the commercial crew program to other NASA programs, notably the Space Launch System rocket. But in recent years, Congress has fully funded the efforts by Boeing and SpaceX, and they were told that would yield flights in 2017.