Month: March 2018

Enlarge / Professor Stephen Hawking addressing The Cambridge Union on November 21, 2017 in Cambridge, Cambridgeshire. (credit: Photo by Chris Williamson/Getty Images)

Stephen Hawking, the British physicist and author of A Brief History of Time, has passed away at the age of 76.

"He was a great scientist and an extraordinary man whose work and legacy will live on for many years," according to a statement released by his family to British media early Wednesday morning.

"His courage and persistence with his brilliance and humour inspired people across the world. He once said, 'It would not be much of a universe if it wasn't home to the people you love.' We will miss him for ever."

Enlarge (credit: AMD)

Secure enclaves like the one found in iPhones are intended to be impenetrable fortresses that handle tasks too sensitive for the main CPUs they work with. AMD's version of that co-processor contains a raft of critical flaws that attackers could exploit to run malware that's nearly impossible to detect and has direct access to a vulnerable computer's most sensitive secrets, a report published Tuesday warned. The chips also contain what the report called "backdoors" that hackers can exploit to gain administrative access.

The flaws—in AMD's EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile lines of processors—require attackers to first gain administrative rights on a targeted network or computer, which is a hurdle that's difficult but by no means impossible to clear. From there, attackers can exploit the vulnerabilities to achieve a variety of extraordinary feats that would be catastrophic for the owners' long-term security. Among other things, the feats include:

• running persistent malware inside the AMD Secure Processor that's impossible—or nearly impossible—to detect
• bypassing advanced protections such as AMD's Secure Encrypted Virtualization, Firmware Trusted Platform Module, and other security features, which are intended to secure systems and sensitive data in the event malware infects a computer's operating system
• stealing credentials a vulnerable computer uses to access networks
• physically destroying hardware by attackers in hardware-based "ransomware" scenarios

“All these things are real“

The four classes of vulnerabilities—dubbed Masterkey, Ryzenfall, Fallout, and Chimera—were described in a 20-page report headlined Severe Security Advisory on AMD Processors. The advisory came with its own disclaimer that CTS—the Israeli research organization that published the report—"may have, either directly or indirectly, an economic interest in the performance" of stock of AMD or other companies. It also discloses that its contents were all statements of opinion and "not statements of fact." Critics have said the disclaimers, which are highly unusual in security reports, are signs that the report is exaggerating the severity of the vulnerabilities in an blatant attempt to affect the stock price of AMD and possibly other companies.

Enlarge / Now everyone can have this in front of all the sites in their domain with one step, for free. (credit: Sean MacEntee / Flickr)

In July of 2017, the nonprofit certificate authority Let's Encrypt promised to deliver something that would put secure websites and Web applications within reach of any Internet user: free "wildcard" certificates to enable secure HTTP connections for entire domains. Today, Let's Encrypt took that promised service live, in addition to a new version of the Automated Certificate Management Environment (ACME) protocol, an interface that can be used by a variety of client software packages to automate verification of certificate requests.

ACME version 2 "has gone through the IETF standards process," said Josh Aas, executive director of the Internet Security Research Group (ISRG), the group behind Let's Encrypt, in a blog post on the release. ACME v2 is currently a draft Internet Engineering Task Force standard, so it may not yet be in its final form. But the current version is the result of significant feedback from the industry. And its use is required to obtain wildcard certificates.

In addition to the ACME v2 requirement, requests for wildcard certificates require the modification of a Domain Name Service "TXT" record to verify control over the domain—a similar method to that used by Google and other service providers to prove domain ownership. But much of this can be automated by hosting providers that provide DNS services. A single Let's Encrypt account can request up to 300 wildcard certificates over a period of three hours, allowing a hosting provider to handle requests for customers who may not have shell access to their sites.

(credit: amalthya / Flickr)

In the immediate aftermath of the Spectre and Meltdown attacks, Microsoft created an unusual stipulation for Windows patches: systems would only receive the fixes if they had antivirus software installed and if that antivirus software created a special entry in the registry to indicate that it's compatible with the Windows fixes.

This was due to the particularly invasive nature of the Meltdown fix: Microsoft found that certain antivirus products manipulated Windows' kernel memory in unsupported ways that would crash systems with the Meltdown fix applied. The registry entry was a way for antivirus software to positively affirm that it was compatible with the Meltdown fix; if that entry was absent, Windows assumed that incompatible antivirus software was installed and hence did not apply the security fix.

This put systems without any antivirus software at all in a strange position: they too lack the registry entries, so they'd be passed over for fixes, even though they don't, in fact, have any incompatible antivirus software.

Enlarge / A sapodilla, one of the fruits used by the native inhabitants of Central America. (credit: Wikimedia Commons)

Prehistoric humans helped spread edible fruit species across Central and South America, even as they wiped out the megafauna that had done so previously. In the process, we maintained and even expanded the plants’ habitats, increased biodiversity, and engineered ecosystems on two continents. Today, these fruit species could be important in 21^st-century efforts to diversify human diets, address food scarcity, and improve agricultural sustainability.

Fruiting plants have evolved a very solid strategy for getting their offspring out into the world. Animals eat the fruit, they drop the seeds, and the next generation of plants takes root, often quite a distance away from their parents. Before about 12,000 years ago, animals like the giant sloth, elephant-like mammals called gomphotheres, and native horses did most of the work of seed dispersal in Latin America.

When those animals died out around the end of the Pleistocene, many of the fruit species they’d helped spread found their ranges contracting. But as the early Holocene climate shifted toward warmer, wetter conditions, humans picked up the slack in a big way for some fruit species.

Greetings, Arsians! Courtesy of our friends at TechBargains, we have another round of deals to share. Today's list is highlighted by a pretty stellar discount on the Apple TV 4K, albeit one with a catch.

AT&T is selling the 4K- and HDR-compatible entry in Apple's line of set-top boxes for as low as $105, which is well down from its normal going rate of $179. But to get that price, you need to prepay for three months of the company's DirecTV Now streaming service. That starts at $35 a month for its entry-level package, titled "Live a Little." If you throw down the $105 needed to cover that tier for three months upfront, AT&T will then toss in the Apple TV 4K at no extra cost.

Now, you'll have to create an account with AT&T and be a new customer to DirecTV Now to be eligible. And if you're not interested in the service in the first place—be it for its lack of DVR or just the fact that it's owned by AT&T—you'll have to remember to turn off auto-renew once your three months are up. But given that it's possible to just ignore the service completely and treat this like any other discount, this is about as good a deal as we've seen for Apple TV 4K. The box itself isn't without its issues, but, per usual, still plays nice if you're already knee deep in Apple products.

Enlarge / Temperatures at the start of 2018—a familiar pattern as of late. (credit: NASA Earth Observatory)

Without some historical context, it’s easy to over-interpret an unusual weather event, especially when it's fresh in your mind. At this time of year in the US, that means cold snaps or unseasonably warm weather—and the storms that accompany them. Are they tied in with our changing climate?

There’s a legitimately controversial proposal that they are. The idea that warming in the Arctic (and shrinking sea ice coverage) has been making northern mid-latitude winters “weirder” has drawn a lot of attention in recent years. But does it explain the weather you complained about last week?

The idea suggests that the weirdness is driven by the fact that the Arctic is warming faster than any other region, which slightly decreases the temperature difference from equator to pole. A number of researchers think this can cause the jet stream (which separates frigid polar air from warmer midlatitude air) to get more wiggly—allowing cold air to spill southward more frequently. On the opposite side of those wiggles, warm air will get pulled north to normally frigid regions.