Month: October 2020

Enlarge (credit: Victorgrigas)

Hackers are scanning the Internet for machines that have yet to patch a recently disclosed flaw that force Oracle’s WebLogic server to execute malicious code, a researcher warned Wednesday night.

Johannes Ullrich, dean of research at the SANS Technology Institute, said his organization’s honeypots had detected Internetwide scans that probe for vulnerable servers. CVE-2020-14882, as the vulnerability is tracked, has a severity rating of 9.8 out of 10 on the CVSS scale. Oracle’s October advisory accompanying a patch said exploits are low in complexity and require low privileges and no user interaction.

“At this point, we are seeing the scans slow down a bit,” Ullrich wrote in a post. “But they have reached ‘saturation’ meaning that all IPv4 addresses have been scanned for this vulnerability. If you find a vulnerable server in your network: Assume it has been compromised.”

Enlarge (credit: Victorgrigas)

Hackers are scanning the Internet for machines that have yet to patch a recently disclosed flaw that force Oracle’s WebLogic server to execute malicious code, a researcher warned Wednesday night.

Johannes Ullrich, dean of research at the SANS Technology Institute, said his organization’s honeypots had detected Internetwide scans that probe for vulnerable servers. CVE-2020-14882, as the vulnerability is tracked, has a severity rating of 9.8 out of 10 on the CVSS scale. Oracle’s October advisory accompanying a patch said exploits are low in complexity and require low privileges and no user interaction.

“At this point, we are seeing the scans slow down a bit,” Ullrich wrote in a post. “But they have reached ‘saturation’ meaning that all IPv4 addresses have been scanned for this vulnerability. If you find a vulnerable server in your network: Assume it has been compromised.”

Enlarge / Twitter CEO Jack Dorsey (and his COVID beard?) testifying remotely before the Senate Commerce, Science, and Transportation Committee on October 28, 2020. (credit: Michael Reynolds | Pool | Getty Images)

The Senate Commerce Committee met for a hearing Wednesday meant to probe some of the most seemingly intractable tech questions of our time: is the liability shield granted to tech firms under Section 230 of the Communications Decency Act helpful or harmful, and does it need amending?

Section 230 is a little slice of law with enormously broad implications for the entire Internet and all the communication we do online. At a basic level, it means that if you use an Internet service such as Facebook or YouTube to say something obscene or unlawful, then you, not the Internet service, are the one responsible for having said the thing. The Internet service, meanwhile, has legal immunity from whatever you said. The law also allows space for Internet services to moderate user content how they wish—heavily, lightly, or not at all.

Since Section 230 became law in 1996, the Internet has scaled up from something that perhaps 15 percent of US households could access to something that almost every teenager and adult has in their pocket. Those questions of scale and ubiquity have changed our media and communications landscape, and both Democrats and Republicans alike have questioned what Section 230 should look like going forward. What we do with the law—and where we go from here—is a matter of major import not just for big social media firms such as Facebook, Google, and Twitter, but for the future of every other platform from Reddit to Ars to your favorite cooking blog—and every nascent site, app, and platform yet to come.

Enlarge / Early Black Friday deals are already available at retailers like Amazon and Best Buy today, albeit for a limited time. (credit: Ars Technica)

Today's Dealmaster is headlined by a wide range of early Black Friday 2020 deals that have become available at Best Buy and Amazon. The former unveiled its annual Black Friday ad on Thursday, setting live a surprise preview sale in the process, which Amazon and other retailers look to be matching in many cases. Best Buy says its set of offers will end on November 1 at 11:59pm CT but warns that "limited quantities" are available.

While we're likely to witness many more deals go live on Black Friday itself, today's discounts do bring some of the best prices we've seen on a number of noteworthy gadgets. Among the highlights are Sony's WH-1000XM4 for $278, which is the biggest outright discount to date for our top pick among wireless noise-canceling headphones. (A Prime Day deal previously dropped them to $298 but included a $25 Amazon gift card.) If you'd rather pay less, Bose's QuietComfort 35 II are down to a joint low of $199. That pair lacks many of the XM4's most useful features, but it's similarly effective at muting out noise and remains supremely comfortable to wear.

Elsewhere, the 55- and 65-inch variants of LG's BX and CX OLED TVs are all on sale for the lowest prices we've tracked. These sets are still expensive—ranging from $1,300 for the 55-inch BX to $1,900 to the 65-inch CX—but each is at least $200 off the typical street prices we've seen in recent months, and the improved picture quality of any OLED TV always carries a premium. Between the two, the CX is likely the better buy—it has a more advanced image processor and a brighter panel for $100 more—but both sets should be big upgrades over most traditional LED TVs.

Enlarge (credit: Elizabeth Tersigni)

Genomics researcher Anders Bergstrom and his colleagues recently sequenced the genomes of 27 dogs from archaeological sites scattered around Europe and Asia, ranging from 4,000 to 11,000 years old. Those genomes, along with those of modern dogs and wolves, show how dogs have moved around the world with people since their domestication.

All the dogs in the study descended from the same common ancestor, but that original dog population split into at least five branches as it expanded in different directions. As groups of people split apart, migrated, and met other groups, they brought their dogs along. Dog DNA suggests that their population history mirrors the story of human populations, for the most part.

“Understanding the history of dogs teaches us not just about their history, but also about our history,” said Bergstrom, of the Francis Crick Institute, in a statement.

• 

  This is what a Nest Secure looks like. That's a hub/keypad up top, with a keychain presence sensor and two pieces of a "Nest Detect" sensor.

No one is quite sure what to make of Google's home security plans lately. The company recently discontinued the Nest Secure, its $500 home security system, so, on one hand, it is out of the home security market. On the other hand, Google also recently signed a $450 million deal with home monitoring firm ADT, which will see it "combine Nest's award-winning hardware and services, powered by Google's machine-learning technology, with ADT's installation, service and professional monitoring." With the Nest Secure being discontinued, does this mean Google is rebooting its security hardware into something that goes hand-in-hand with ADT? Is the Nest Secure product line dead? How much longer will the existing Nest Secure be supported for?

About a week after news broke that the Nest Secure was discontinued, Google  started to communicate to Nest Secure owners in a forum post, a help page, and an email about what is going on. Still, it still hasn't provided a very clear picture of the future.

The most concrete message out of all that communication is  existing Nest Secure users will have at least one more chance to stock up on hardware soon. The Nest Secure works by having a hub/keypad (the Nest Guard) monitor your house via sensors on the doors and windows (the Nest Detect sensors), and users can authorize themselves either with the code, or by tapping an NFC tag (the Nest Tag) against the hub. The sudden stoppage of hardware sales was a real bummer for anyone that was already invested in the system and maybe wanted to monitor one more door or window in the future, or someone that was worried about a sensor breaking.

Enlarge (credit: Aurich Lawson / Getty Images)

Hackers have stolen $2.3 million from the Wisconsin Republican Party that was intended for use in the president's re-election campaign, officials told the Associated Press on Thursday. The state party says it noticed suspicious activity a week ago and contacted the FBI last Friday.

Andrew Hitt, the chairman of the Wisconsin Republican Party, says the theft puts Trump at a disadvantage in the state. He told the AP the party planned to use the money for last-minute needs in the final days of the race.

The theft was accomplished by tampering with invoices submitted to the party from four vendors. The modified invoices directed the state GOP to send money to accounts controlled by the hackers. The hack apparently began as a phishing attempt, Hitt told the AP.