Category: Uncategorised

(credit: Tor Project)

Over a month after a prominent staffer at the Tor Project left the organization amid public accusations of sexual misconduct, the project has shaken up its entire seven-person board of directors, replacing the seven who have left as of Wednesday with six new members.

The Tor Project is the Massachusetts-based nonprofit that maintains Tor, the well-known open-source online anonymity tool.

In June 2016, Jacob Appelbaum, one of Tor’s most public-facing developers and a member of the "Core Team," denounced the accusations as a "calculated and targeted attack has been launched to spread vicious and spurious allegations against me."

(credit: Image courtesy of Valve)

Valve Software is facing potential legal trouble in the form of two recent lawsuits, both of which revolve around the company's games being connected to third-party gambling sites. While the game maker and Steam store operator did not offer a public response when the suits were filed, Valve has finally gone on the record to denounce the gambling issues that have arisen—yet at the same time did not announce definitive action against the third-party sites in question.

Those sites, which include Florida-based CSGOLotto, traffic mostly in the "skins" (meaning, cosmetic items) that can either be earned or purchased for small, non-refundable fees in the game Counter Strike: Global Offensive. These can be traded to the gambling sites via Steam Marketplace features, at which point they essentially become poker chips for those sites' gambling features. In some cases, those skins can then be cashed out for real money.

A Wednesday statement written by Valve's Erik Johnson said that the game maker does not directly profit from these gambling sites' actions: "We have no business relationships with any of these sites. We have never received any revenue from them. And Steam does not have a system for turning in-game items into real world currency." Johnson then explained that the gambling sites work by creating and maintaining their own Steam accounts, through which they conduct virtual item trading on a massive scale.

(credit: Aurich / Getty)

As we have seen in the past couple of years, car hacking is becoming an ever-greater threat. Many of the systems in our vehicles—and the standards to which they were designed—predate the connected car era. And so computerized vehicle systems lack some of the basic kinds of security that we would otherwise expect as default given the ramifications of a hack. The car-hacking problem gained widespread attention in July 2015, when hackers revealed that 1.4 million Chrysler and Dodge vehicles were vulnerable to an exploit—via the car's infotainment system—that could allow a malicious hacker to take over control of the vehicles' throttle, brakes, and even steering.

On Wednesday morning, Fiat Chrysler Automobiles (FCA) announced it has created a bug bounty program, using Bugcrowd's platform to allow the security community to inform it about possible exploits.

"We want to encourage independent security researchers to reach out to us and share what they’ve found so that we can fix potential vulnerabilities before they’re an issue for our consumers," said Titus Melnyk, senior manager of security architecture at FCA. "Exposing or publicizing vulnerabilities for the singular purpose of grabbing headlines or fame does little to protect the consumer. Rather, we want to reward security researchers for the time and effort, which ultimately benefits us all."

Google's incoherent messaging strategy adds yet another bizarre chapter with the latest update to Google Hangouts for Android. Version 11 of Android's default messaging app adds the ability to send video messages, but it removes the ability to display SMS and IM messages in a single conversation.

Hangouts video messages debuted on iOS four months ago, and now the feature is finally coming to Android. Users can record a short video clip and fire it off to a friend, just like a picture or text. To get the feature, they'll have to give up a core messaging feature—merged SMS and IM conversations. Users can still send and receive SMSes with Hangouts, but each contact now can have two (or more) separate conversation entries—one for SMS messages and one for Hangouts messages. Hangouts used to merge all conversations under a single contact without worrying what protocol the message used.

It's unclear why Google is ripping a core feature out of its most popular messaging product. At the beginning of this year, Hangouts began suggesting users stop using the app for SMS with a pop-up message, so we were kind of warned this was happening. It doesn't make any more sense now than it did then, though—Hangouts now has a big downside compared to iMessage on iOS. On the support page, Google recommends using Android's "Messenger" app, which only supports SMS.

New energy-efficient buildings contribute to a reduction in energy intensity. (credit: Mariano Mantel)

According to a report from the Energy Information Administration (EIA), the world is getting better, on average, at using energy to power its economic activity.

The latest numbers measure “global energy intensity” or the number of British thermal units used for every unit of gross domestic product (GDP) created. A falling energy intensity measurement doesn’t mean the world is using less energy in total—but it does mean that global economic activities are getting more efficient on the whole.

Specifically, the EIA says that global energy intensity has fallen by nearly one-third in the 25 years between 1990 and 2015. “Energy intensity has decreased in nearly all regions of the world,” the EIA says, in developed and developing countries alike.

Jester Poker is one game you can play virtually at MGM Resorts in Vegas. (credit: easyPLAY)

MGM Resorts on Wednesday unveiled what it's billing as the nation's first "real-money" mobile tournament gambling platform. The new platform enables gamblers 21 and older, who are connected to the Wi-Fi network of an MGM-owned hotel in Las Vegas, to throw down their kids' college funds for the chance to strike gold—all from their mobile phone, tablet, or laptop.

The easyPLAY Mobile Tournaments platform allows resort guests "at nine iconic Las Vegas resorts to compete with other players in a variety of tournament games using their own mobile devices whether they are at the pool, sipping cocktails at the bar, or simply relaxing in their rooms," the company said.

Bettors compete against fellow resort guests in bingo, slots, and video poker. Other methods of throwing away your hard cash are in the works, the company said. There are plenty of Vegas-based, MGM-owned resorts where bettors can play, too. They include ARIA Resort & Casino, Bellagio, MGM Grand, Mandalay Bay, The Mirage, Monte Carlo, Luxor, New York-New York, and Excalibur. What could go wrong? It has all been approved by the Nevada Gaming Control Board.

Enlarge (credit: Vectra Networks)

For more than two decades, Microsoft Windows has provided the means for clever attackers to surreptitiously install malware of their choice on computers that connect to booby-trapped printers, or other devices masquerading as printers, on a local area network. Microsoft finally addressed the bug on Tuesday during its monthly patch cycle.

The vulnerability resides in the Windows Print Spooler, which manages the process of connecting to available printers and printing documents. A protocol known as Point-and-Print allows people who are connecting to a network-hosted printer for the first time to automatically download the necessary driver immediately before using it. It works by storing a shared driver on the printer or print server and eliminates the hassle of the user having to manually download and install it.

Researchers with security firm Vectra Networks discovered that the Windows Print Spooler doesn't properly authenticate print drivers when installing them from remote locations. The failure makes it possible for attackers to use several different techniques that deliver maliciously modified drivers instead of the legitimate one provided by the printer maker. The exploit effectively turns printers, printer servers, or potentially any network-connected device masquerading as a printer into an internal drive-by exploit kit that infects machines whenever they connect.