Month: January 2020

The US government has criminally charged a Virginia man for helping to organize dozens of "swatting" attacks and bomb threats made against a variety of targets in the United States and Canada. The man allegedly belonged to a group which coordinated via IRC and Tor hidden services to target prominent gamers, journalists, and government officials.

John William Kirby Kelley. (credit: Alexandria Sheriff's Office)

The group's online chats often had racist overtones, with comments suggesting antipathy toward Jews and black people. In one case, the group made a fake bomb threat to the Alfred Street Baptist Church, a predominantly African American church in Alexandria, Virginia.

Security reporter Brian Krebs was one of the first to report on the arrest of defendant John William Kirby Kelley. Krebs was the target of a swatting call he believes was organized by the group.

• 

  The front of the rack-mountable Mac Pro. [credit: Apple ]

Apple has begun selling the rack-mounted variant of its Mac Pro desktop computer. The tower version launched about a month ago, but the rack version is currently showing ship dates ranging from January 23 to February 13, depending on the buyer's chosen specifications.

Starting at $6,499 (or $500 more than the tower version), the rack-mounted Mac Pro is identical in terms of specifications and internals. It comes in all the same hardware configuration options, has the same ports, is laid out the same inside the case, and has the same rear connections.

Configurations still range from a 3.5GHz, 8-core Intel Xeon W CPU to a 2.5GHz, 28-core Xeon W; from 32GB of RAM to 1.5TB; and from a Radeon Pro 580X GPU with 8GB of video memory to dual Radeon Pro Vega II Duo GPUs with a total of 128GB of video memory. The highest spec still tops out at over $50,000.

Enlarge (credit: Bloomberg/Getty Images)

When it comes to taking action on climate change, the world has entered a very strange place. Scientific results continue to indicate that the consensus on our role in driving climate change has every reason to be accepted. Several years of the predicted impacts of climate change—record-high temperatures, massive storms, and out-of-control wildfires—have left ever more of the public ignoring the few skeptics and denialists who persist. Aside from a handful of holdouts, governments have accepted that they need to do something about climate change.

Despite all that, we continue to do very little, and carbon emissions have continued to rise. Nowhere is this more obvious than in the financial markets. It's very clear that companies are assigning value to the rights to extract fossil fuels deposits, even though governments will almost certainly block some of them from being developed. And they continue to do so because governments and investors allow them to.

Divestment campaigns have started to change that, causing $12 trillion in assets to be pulled from businesses dependent upon fossil fuels. But the movement may have picked up some significant additional momentum this week as one of the largest investment firms, BlackRock, announced that it will be making sustainability, and climate change in particular, central to its strategies. Included in its announcement is that it would immediately begin pulling out of many coal investments and complete the change before the year is out.

Enlarge / Verizon's OneSearch, a privacy-focused search engine. (credit: Verizon)

Verizon today launched a new search engine, claiming that its "OneSearch" service will offer users more privacy than the standard options in a market dominated by Google.

Verizon's actual search results are provided by Microsoft's Bing, but Verizon added several privacy-focused features—while retaining the ability to serve contextual ads.

"To allow for a free search engine experience, OneSearch is an ad-supported platform," Verizon said in its announcement. "Ads will be contextual, based on factors like search keywords, not cookies or browsing history."

Enlarge / Students from George Washington University in DC are among those calling for a resolution against the use of facial recognition at their school. (credit: Toni L. Sandys | The Washington Post | Getty Images)

Ah, college: that time in a young adult's life for encountering new friends, new areas of study, ill-advised time management and beverage consumption decisions, and a pervasive surveillance network to track it all.

Sophisticated systems for tracking people have sprung up everywhere as we march through the 21st century, and institutions of higher education are no exception. To that end, digital rights advocacy group Fight for the Future today launched a campaign to get facial recognition off of college campuses. The campaign is partnering with student advocacy groups at The George Washington University in Washington, DC, and DePaul University in Chicago.

"Facial-recognition surveillance spreading to college campuses would put students, faculty, and community members at risk. This type of invasive technology poses a profound threat to our basic liberties, civil rights, and academic freedom," Evan Greer, deputy director of Fight for the Future, said in a written statement. Greer added that, while facial recognition is not yet widely seen on college campuses, she and the members of the campaign hope to keep it that way.

Enlarge (credit: Bram.Koster / Flickr)

Developers employed a variety of tricks to populate Google Play with more than a dozen apps that bombard users with ads, even when the apps weren't being used, researchers said on Tuesday.

Among the tactics used to lower the chances of being caught by Google or peeved users: the apps wait 48 hours before hiding their presence on devices, hold off displaying ads four four hours, display the ads at random intervals, and split their code into multiple files, researchers with antivirus provider Bitdefender reported. The apps also contain working code that does the things promised in the Google Play descriptions, giving them the appearance of legitimacy. In all, Bitdefender found 17 such apps with a combined 550,000 installations.

One of the apps Bitdefender analyzed was a racing simulator that also charged in-app fees for extra features. While it worked as advertised, it also aggressively displayed ads that drained batteries and sometimes prevented people from playing the game. After a four-hour waiting period, ad displays are generated using a random number (less than three) that was checked against a value. If the random number was equal to the value, an ad would appear.

Enlarge / The NSA says to patch now. (credit: National Security Agency)

Microsoft's scheduled security update for Windows includes a fix to a potentially dangerous bug that would allow an attacker to spoof a certificate, making it look like it came from a trusted source. The vulnerability, reported to Microsoft by the National Security Agency, affects Windows 10, Windows Server 2016, Windows Server 2019, and Windows Server version 1803.

Microsoft has rated the update as "important" rather than critical. But in a blog post, Mechele Gruhn, the Principal Security Program Manager for Microsoft Security Response Center, explained that this was because "we have not seen it used in active attacks."

However, researchers outside Microsoft—including Google's Tavis Ormandy—have a much more dire assessment of the vulnerability and urge users to patch quickly before an active exploit appears.