Month: January 2018

(credit: Flickr)

SAN FRANCISCO—Less than a week before a contentious trade secrets trial is set to begin, lawyers from Waymo and Uber squared off one final time in court on Tuesday morning.

US District Judge William Alsup told Waymo that its lawyers could not present projected financial figures for the self-driving car market, lest they influence the jury improperly. Rather, he wants the case to remain focused on the eight specific trade secrets at issue.

"So if we put big numbers out there, there’s a risk that the jury will fall for the big numbers," he said, comparing it to patent cases. Such a ruling is potentially a large win for Uber if the company is ultimately found liable in the case.

Enlarge (credit: Apple)

In the iOS 11.3 beta, parents and other "family organizers" are now able to approve purchases through iOS' "Ask to Buy" feature using Face ID on the iPhone X. This addresses a prior complaint from users who upgraded from Touch ID iPhones to the iPhone X with Face ID.

Previously, iPhone X users had to manually enter their passwords via the iPhone X's keyboard to approve any request from a child to download an app or make an in-app purchase, whereas other iPhone owners could use Touch ID. It might not seem like a major inconvenience to some, but some parents with several children, all of whom have iOS devices and are playing games that involve frequent, small in-app purchases, went to Apple's forums to complain about the constant hassle.

Apple promoted Face ID as a complete replacement for Touch ID when the iPhone X launched. In fact, third-party apps that used Touch ID could authenticate with Face ID automatically, with no action required on the part of the developer in most cases. We found when reviewing the phone that Face ID could be used to make other kinds of purchases, so it was perplexing to users when this one feature—Ask to Buy—was not supported.

Enlarge (credit: US Air Force)

On January 29, Cisco released a high-urgency security alert for customers using network security devices and software that support virtual private network connections to corporate networks. Firewalls, security appliances, and other devices configured with WebVPN clientless VPN software are vulnerable to a Web-based network attack that could bypass the devices’ security, allowing an attacker to run commands on the devices and gain full control of them. This would give attackers unfettered access to protected networks or cause the hardware to reset. The vulnerability has been given a Common Vulnerability Scoring System rating of Critical, with a score of 10—the highest possible on the CVSS scale.

WebVPN allows someone outside of a corporate network to connect to the corporate intranet and other network resources from within a secure browser session. Since it requires no client software or pre-existing certificate to access from the Internet, the WebVPN gateway can be generally reached from anywhere on the Internet—and as a result, it can be programmatically attacked. A spokesperson for the Cisco security team said in the alert that Cisco is not aware of any active exploits of the vulnerability right now. But the nature of the vulnerability is already publicly known, so exploits are nearly certain to emerge quickly.

The vulnerability, discovered by Cedric Halbronn of the NCC Group, makes it possible for an attacker to use multiple, specially formatted XML messages submitted to the WebVPN interface of a targeted device in an attempt to “double-free” memory on the system. Executing a command to free a specific memory address more than once can cause memory leakage that allows an attacker to write commands or other data into blocks of the system’s memory. By doing so, the attacker could potentially cause the system to execute commands or could corrupt the memory of the system and cause a crash.

Formula E

On Tuesday in London, the all-electric racing series Formula E took the wraps off its new car. It's certainly striking, looking way more futuristic than the series' current machines, which to the uninitiated eye could easily be mistaken for any other open-wheel race car. What's more, its introduction will solve one of the biggest problems Formula E has right now; those mid-race car swaps will be a thing of the past thanks to a doubling in battery capacity.

When Formula E got started at the tail end of 2014, every team used identical Spark-Renault SRT_01E race cars. Since then, the series opened up the technical regulations a bit, allowing teams to develop their own control electronics, inverters, electric motors, and gearboxes. But, keeping costs sensible, everyone still has to use the same carbon-fiber chassis, which contains the integral lithium-ion battery pack.

Enlarge / California State Capitol building in Sacramento. (credit: Getty Images | joe chan photography)

The California State Senate yesterday approved a bill to impose net neutrality restrictions on Internet service providers, challenging the Federal Communications Commission attempt to preempt such rules.

The FCC's repeal of its own net neutrality rules included a provision to preempt state and municipal governments from enforcing similar rules at the local level. But the governors of Montana and New York have signed executive orders to enforce net neutrality and several states are considering net neutrality legislation.

The FCC is already being sued by t21 states and the District of Columbia, which are trying to reverse the net neutrality repeal and the preemption of state laws. Attempts to enforce net neutrality rules at the state or local level could end up being challenged in separate lawsuits.