Month: September 2019

Enlarge / ATM in the Indian city of Jaipur. (credit: PeS-Photo / Flickr)

Hackers widely believed to work for North Korea’s hermit government have developed a new strain of malware that steals data used at automatic teller machines in India, researchers from Kaspersky Lab said on Monday.

One piece of malware, dubbed ATMDtrack by researchers with the Moscow-based security firm, has been targeting Indian ATMs since last Summer. It allows its operators to read and store data associated with cards that are inserted into infected ATMs. As researchers with the Moscow-based security firm investigated further, they found that the ATM malware was part of a larger remote-access trojan that carries out traditional espionage activities. Dubbed “Dtrack,” it was used as recently as this month to target financial institutions and research centers.

Dtrack payloads were carefully encrypted with utilities known as packers, which made it hard for researchers to forensically analyze the malware. As the researchers analyzed the memory of infected devices, they found that that both ATMDtrack and Dtrack shared unique code sequences. When company researchers peeled away the layers of encryption and began analyzing the final payload, they saw pieces of code that were first used in a 2013 attack that wiped the hard drives of South Korean banks and broadcasters. The campaign, known as DarkSeoul, was eventually tied to Lazarus Group, the main hacking arm of the North Korean government.

Enlarge / Open source ingredients borked some Chef users' systems because of an ICE protest by one developer. (credit: Kelsey McNeal / Getty Images)

On September 17, Seth Vargo—a former employee of Chef, the software deployment automation company—found out via a tweet that Chef licenses had been sold to the Immigration and Customs Enforcement Agency (ICE) under a $95,500, one-year contract through the approved contractor C&C International Computers & Consultants. In protest, Vargo decided to "archive" the GitHub repository for two open source Chef add-ons he had developed in the Ruby programming language. On his GitHub repository page, Vargo wrote, "I have a moral and ethical obligation to prevent my source from being used for evil."

That move, according to an all-hands email sent out by Chef CEO Barry Crist—later published on the company's website—"impact[ed] production systems for a number of our customers. Our entire team has worked to minimize customer downtime and will continue to do so until we restore services to 100% operation."

Crist faced backlash internally from employees over the deal. The work, he pointed out, had begun in 2014, well before the current administration implemented the child detention policies that Vargo was protesting. "For context, we began working with DHS-ICE during the previous administration to modernize their IT practices with agile and DevOps," Crist wrote.

Enlarge / Mark Zuckerberg testifying before Congress in April, 2018. (credit: Bloomberg | Getty Images)

Facebook is only 15 years old, yet in that time it has become the world's dominant social media platform, boasting more than 2.4 billion users. It has also become the world's second-largest digital advertising platform, effectively the runner-up in a worldwide duopoly dominated by Google. Now, it is under a baker's dozen of investigations alleging that it rose to the top by using unfair, anticompetitive tactics—and at least one competitor kept records.

Snap, parent company of Snapchat, kept a dossier "for years" detailing Facebook's attempts to thwart it, sources told The Wall Street Journal. The file, dubbed "Project Voldemort" after the just-doesn't-know-when-to-stay-dead villain of Harry Potter fame, "chronicled Facebook's moves that threatened to undermine Snap's business."

According to the WSJ, Snap's legal team recorded instances where Facebook discouraged prominent social media influencers with a presence on multiple platforms from mentioning Snap on their Instagram accounts. Snap executives also suspected Facebook was suppressing content that originated on Snap from trending on Instagram, when such content was shared there.

Enlarge / A Yahoo logo on a smartphone. (credit: Getty Images | SOPA Images )

People who had Yahoo accounts between 2012 and 2016 can now apply for a cash payment of $100, but the final amount you receive could be more or less than $100 depending on how many people file claims.

It's also possible to file claims for up to $25,000 if you can document actual out-of-pocket losses and lost time due to the breach. However, actual payouts for all claims could be much lower if the total amount claimed exceeds what's available from the $117.5 million settlement. The settlement class potentially includes up to 194 million people, so these amounts would be paid in full only if the vast majority of eligible people don't ask for money.

The settlement website lets all class members choose from at least two years of free credit monitoring services or the $100 cash payment. While that amount isn't guaranteed, just like in the Equifax settlement, at least the Yahoo settlement website makes that clear up front.

• 

  The OnePlus 7 Pro. With a front that is nearly all pixels, there isn't much you can do to improve smartphone design from here. [credit: Ron Amadeo ]

If you haven't been paying attention to OnePlus, you should probably start. We've been calling the OnePlus 7 Pro the best Android phone you can buy for about the last six months. And now, in addition to the great hardware and software of that phone, you can add "pretty fast OS updates" to its list of positives. On Friday, OnePlus shipped the newly released Android 10 to the OnePlus 7 Pro and OnePlus 7, taking just 18 days after Android 10's release to update the current company flagship phones.

This is not the fastest Android update speed in the industry for a third-party—the Essential Phone and the Xiaomi Redmi K20 both got day-one Android 10 updates—but OnePlus' time is still pretty darn fast. OnePlus is one of the rare companies that seems to actually listen to the community, and it has been working to improve its update speed these last few years. 2017's OnePlus 5T took a middling five months to update from Android 7.1 to 8.0, but OnePlus majorly improved in 2018 when the OnePlus 6 got an Android Pie upgrade in 45 days. This year's 18-day update time is a new high mark for the company, and it's not that surprising after seeing OnePlus' increased investment in Android 10 preview releases this year. OnePlus released six Android 10 developer previews and two open betas for the OnePlus 7 and 7 Pro.

Android 10 brings a ton of improvements to the OnePlus 7 Pro. There's a better gesture navigation system with a more ergonomic back gesture, ecosystem-support for dark mode, a faster share menu, new emojis, a dual-boot option, and tons of security and privacy improvements.

• 

  Welcome to the official Google Play Pass announcement.

After an August reveal of its intentions, Google has opened the door on Google Play Pass, a $5/mo subscription service for Android phones that unlocks access to a whopping 350 games and apps. The move follows Apple's much ballyhooed dive into its own mobile gaming subscription service, Apple Arcade, which launched last week at the same monthly price point.

Google's service will go live exclusively on Android phones in the United States on a rolling basis "this week." In order to access Google Play Pass, you'll have to wait for your Android device's Play Store app to update with a new "Play Pass" toggle in its hamburger menu. Once you have access, your account can claim a free 10-day trial and then begin paying only $2/mo for the service's first 12 months, so long as you start paying by October 10.

Google has yet to release a formal list of compatible Play Pass software, but its "games and apps" designation already confirms an effort to step outside the "games only" reputation that its rival Apple Arcade currently enjoys. For now, the revealed list includes popular and critically acclaimed games like Stardew Valley, Terraria, Thimbleweed Park, Star Wars: Knights of the Old Republic, 80 Days, Monument Valley 2, Limbo, Mini Metro, Death Squared, and Hidden Folks, along with productivity apps AccuWeather and Pic Stitch.

Enlarge / If you aren't concerned about your console's energy use, you probably should be—American console gaming has about the same carbon footprint as 2.3 million cars. (credit: Sony Interactive Entertainment)

In an open letter on Sunday, Sony Interactive Entertainment CEO Jim Ryan declared that PlayStation is "joining forces with the United Nations" to combat climate change. The statement hinted at improvements in the PlayStation 5 to make it more power-efficient, but Ryan initially focused on how vital it is to consider the carbon footprint of gaming consoles while sharing some technological details in the PlayStation 4 that help reduce its footprint.

At SIE, we have made substantial commitments and efforts to reduce the power consumption of the PS4 by utilizing efficient technologies such as System-on-a-Chip architecture integrating a high-performance graphics processor, die shrink, power scaling, as well as energy saving modes such as Suspend-to-RAM. For context, we estimate the carbon emissions we have avoided to date already amount to almost 16 million metric tons, increasing to 29 million metric tons over the course of the next 10 years (which equals the CO2 emissions for the nation of Denmark in 2017).

If you're interested in the interplay of technology with power consumption (and battery life), it's worth paying attention to what Sony is saying here. These bullet points—System-on-Chip architecture with integrated GPU, die shrink (meaning moving the manufacturing process to a smaller scale as measured in nanometers), and energy-saving modes—are what to look for in everything from game consoles to desktop PCs to mobile phones.

When you see these technologies, you should expect lower consumption and (where applicable) longer battery life. When you see one or more of these technologies missing, expect the inverse—we have reached a point in electronics design where the small choices matter, and seemingly minor architectural differences like graphics (or Wi-Fi) built into the CPU (as opposed to being provided from a peripheral) matter.