Month: May 2018

(credit: Twitter)

Today, Twitter issued an alert to users prompting them to change their passwords after the discovery that some users' passwords had been recorded in plain text in a log file accessible only by Twitter employees. In a message pushed to most Twitter users, the company stated:

We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone. Out of an abundance of caution, we ask that you consider changing your password on all services where you've used this password.

In a blog post, Twitter Chief Technology Officer Parag Agrawal wrote that Twitter uses the bcrypt hashing function, based on Bruce Schneier's Blowfish encryption algorithm, to store mathematical representations of passwords. "This allows our systems to validate your account credentials without revealing your password," Agrawal noted. "This is an industry standard."

But because of a coding bug, Agrawal explained, "passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again."

Enlarge (credit: Google)

Today, Google is releasing an open source framework for the development of “confidential computing” cloud applications—a software development kit that will allow developers to build secure applications that run across multiple cloud architectures even in shared (and not necessarily trusted) environments. The framework, called Asylo, is currently experimental but could eventually make it possible for developers to address some of the most basic concerns about running applications in any multi-tenant environment.

Container systems like Docker and Kubernetes are designed largely to allow untrusted applications to run without exposing the underlying operating system to badness. Asylo (Greek for “safe place”) aims to solve the opposite problem—allowing absolutely trusted applications to run “Trusted Execution Environments” (TEEs), which are specialized execution environments that act as enclaves and protect applications from attacks on the underlying platform they run on.

"The threats people are concerned about are things like rootkits or bootkits, things that hit the lower rings of the operating system stack," said Rob Sadowski, Google's Trust and Security marketing lead, in an interview with Ars. "And also, when you get into cloud or any shared infrastructure—virtualization on premises or in the cloud—you could have administrators or third parties who have access at these layers. So there's always this tension where you have people asking, 'How do I make sure I'm the only person who has access to any of this stuff?'"

Greetings, Arsians! Courtesy of our friends at TechBargains, we have another round of deals to share. Today, the Dealmaster is kicking things off with a solid discount on Dell's new G7 gaming laptop, as a configuration with one of Intel's new six-core mobile chips is now down to $950 from its usual $1,080.

More specifically, this configuration comes with Intel's Core i7-8750H chip, a 15.6-inch 1080p display, 8GB of RAM, a 256GB solid-state drive, and Nvidia's GeForce GTX 1060 graphics card. This machine weighs about six pounds, so it's not the lightest thing around, and it's mostly composed of not-quite-premium-feeling plastic. Because it's a newer device, it hasn't gotten as much feedback around the Web as other laptops, either. But if you're comfortable taking the plunge with Dell, this looks like a good chunk of power for a laptop that's now under $1,000.

If you're not looking for a gaming laptop, though, we also have deals on Roku TVs, iPads, SSDs, 4K TVs, and other assorted gadgets. Check it out for yourself below.

Enlarge / The mechs crumple, explode, list, and flare with a surprising amount of detail. (credit: Harebrained Schemes)

BattleTech is out to get me. The turn-based tactics game from Harebrained Schemes—the studio that cut its teeth on resurrecting “Nineties Cool” franchises with Shadowrun Returns—has now revived the world of MechWarrior in absolutely savage fashion. The studio’s latest chosen universe blends grounded combat between ostensibly humanoid robots with medieval politics transplanted to the final frontier. It is, to put it mildly, entirely my jam.

Which is exactly why I’ve let BattleTech endlessly brutalize me for the past few weeks.

BattleTech is very difficult, although not in the ways you might expect. The game sets you up as a mercenary in the middle days of the same universe as MechWarrior, but instead of piloting multi-ton titans, the player now assumes the role of a mercenary leader. It’s through the uneven responsibilities of a small, violent business owner that BattleTech challenged me the most.

Enlarge (credit: Patrik Nygren)

Already under intense scrutiny for leaking sensitive data belonging to more than 87 million users, Facebook said it fired a security engineer accused of using his company position to stalk women.

The allegations surfaced Sunday in a series of tweets from Jackie Stokes, founder of a firm called Spyglass Security.

I’ve been made aware that a security engineer currently employed at Facebook is likely using privileged access to stalk women online.

I have Tinder logs. What should I do with this information?

— Jackie Stokes (@find_evil) April 30, 2018

Stokes included portions of a purported discussion between the unnamed Facebook employee and someone else over the Tinder dating app. In it, the employee said he was a "security analyst" whose role in trying to identify who hackers were in real life made him a "professional stalker." He then told the person, "so out of habit I have to say you are hard to find lol." Stokes later tweeted that the exchange was only a limited snippet of the overall conversation.

Enlarge (credit: Katja Schulz)

A number of bacteria that infect insects have a simple and brutal way of increasing their transmission: they kill off all the male progeny of the females that they infect. There's actually some evolutionary logic to this. The bacteria can get transmitted to the eggs of the females they infect but can't get carried along on the sperm. That makes the male offspring a problem: they can't spread the bacteria further, and they'll compete with the females for food. Better to kill them off, then, just to ensure that never becomes a problem.

But it's one thing to have something that's a good idea conceptually and another entirely to evolve an implementation that gets the job done. How, exactly, do you go about killing one sex while leaving the other untouched?

Thanks to a lucky accident, two Swiss researchers (Toshiyuki Harumoto and Bruno Lemaitre) have identified the gene that allows one species of bacteria to kill off males. Although we don't have all the details, it's clear that the system leverages something that male flies need to do to cope with the fact that they only have a single copy of the X chromosome.

Enlarge / Sprint retail location in Cleveland, Tennessee, on June 19, 2016. (credit: Getty Images | TennesseePhotographer)

Sprint yesterday announced "the best profitability in company history" thanks to growth in its customer base, just days after saying it needed to merge with T-Mobile USA in order to improve its network.

If Sprint was doing worse, the merger might not have happened. Sprint CEO Marcelo Claure said that the company's successful turnaround "positioned Sprint for strategic opportunities which led to our proposed merger with T-Mobile." Sprint's profitability and free cash flow was key in giving Sprint the chance to combine with T-Mobile, he said.

In the just-ended fiscal year, Sprint said it had "its highest annual retail phone net additions in five years and the best profitability in company history with its highest annual operating income at $2.7 billion and annual net income for the first time in 11 years, even when excluding the one-time favorable impact from tax reform."