Hackers have found a new way to amplify the crippling effects of denial-of-service technique by abusing an improperly implemented tool found in almost 1 million network-connected cameras, DVRs, and other Internet-of-things devices.
The technique abuses WS-Discovery, a protocol that a wide array of network devices use to automatically connect to one another. Often abbreviated as WSD, the protocol lets devices send user datagram protocol packets over port 3702 that describe the device capabilities and requirements. Devices that receive the probes can respond with replies that can be tens to hundreds of times bigger. WSD has shipped with Windows since Vista and is one of the ways the operating system automatically finds network-based printers.
IoT strikes again
The WSD specification calls for probes and responses to be restricted to local networks, but over the past few months, researchers and attackers have started to realize that many Internet-of-things devices allow devices to send probes and responses over the Internet at large. The result: these improperly designed devices have become a vehicle capable of converting modest amounts of malicious bandwidth into crippling torrents that take down websites. Depending on the device, responses can be anywhere from seven to 153 times bigger, an amplification that puts WSD among the most powerful techniques for amplifying distributed denial of service attacks.
Source: Ars Technica | 18 Sep 2019 | 9:00 am
Emergency services respond to the crash at Stead Airport in Nevada. [credit: Mike Patey/Youtube ]
Mike Patey, the Utah entrepreneur who transformed his Polish-built Wilga 2000 short takeoff and landing (STOL) aircraft into a million-dollar "ultimate bush plane" called DRACO, crashed on takeoff leaving the Reno National Championship Air Races on Monday.
Patey was attempting to depart Reno (where DRACO had been featured in a static display) the day after the races were over, seeking to beat a fast-moving weather front. With him aboard DRACO were his wife and best friend. All three escaped the crash without injury.
The crash occurred at about 10:12 pm local time. According to the Meteorological Aerodrome Report (METAR), the winds at Stead Airport were out of the southwest, blowing steady at 24 knots (28mph, or about 45km/h) and gusting to 38 knots (44mph, or about 71km/h). Patey was taking off on runway 26 with a crosswind from his left.
Source: Ars Technica | 18 Sep 2019 | 8:15 am
The new HP Elite Dragonfly 2-in-1. [credit: Valentina Palladino ]
The commercial PC space can be slow to catch up to the consumer space when it comes to design and next-gen features. But HP thinks it has a solution for business users who want a laptop that looks just as good as it works and doesn't sacrifice pro features to do so. The HP Elitebook Dragonfly, despite its playful name, doesn't play around with its top-tier specs, and at just 2.2 pounds, it's one of the lightest business notebooks you'll find.
The "dragonfly" name refers to the device's ultra-light weight and its color, which HP calls dragonfly blue. The 13-inch Dragonfly is certainly one of the lightest business notebooks I've touched, and I was pleasantly surprised to see that HP still managed to include one USB-A port and an HDMI port on the convertible's slim frame. Those ports are accompanied by two Thunderbolt 3 ports, a headphone jack, and a security lock slot.
The Dragonfly's modern design would make it seem like a good competitor for machines like Dell's XPS 13 or even the now-discontinued MacBook, but it is part of the Elitebook family, so it has a number of features that pro- and business-users will require standard. The machine has a chassis made of magnesium alloy and ocean-bound plastic material and is MIL-STD 810G certified, so it will withstand drops and shocks better than most of its consumer counterparts. In addition to a shutter-able webcam, the Dragonfly can be equipped with an IR camera, and it comes with a fingerprint reader standard for Windows Hello. The Dragonfly will also support vPro Intel CPUs, up to 16GB of RAM, up to 2TB of storage, Wi-Fi 6, and optional 4x4 LTE connectivity.
Source: Ars Technica | 18 Sep 2019 | 2:00 am
Elon Musk spent more than $50,000 digging into the personal life of British expat and Thai caver Vern Unsworth in summer 2018 in an effort to substantiate the claim that he was a "pedo guy." Musk revealed the spending in his latest response to a defamation lawsuit Unsworth filed against him last year.
Initially, Musk's investigator turned up some seemingly damning information about Unsworth, including a claim that Unsworth began dating his wife when she was around 12 years old. However, further investigation failed to confirm this claim, with the investigator finding she was actually around 18 years old when the couple met. (The wife, Woranan Ratrawiphukkunand, later told UK newspapers she was 33 when they met.)
But Musk argues that it doesn't matter, legally speaking, if his claims about Unsworth were actually true. What matters is that Musk believed the claims were true at the time he repeated them to BuzzFeed reporter Ryan Mac.
Source: Ars Technica | 17 Sep 2019 | 6:41 pm
The New York Times reports that the Trump administration will use a meeting at the Environmental Protection Agency on Wednesday to announce the revocation of California's ability to set its own air pollution standards. The state's authority was granted by a waiver that allows it to set pollution limits that are stricter than the federal government's, which is now threatening the administration's ability to roll back Obama-era standards for automobile fuel economy. This move has been rumored to be under consideration for months and sets up a legal showdown that will pit the federal government against California and the 13 states that plan to follow its lead.
As part of the Obama administration's push to limit greenhouse gas emissions, the Obama-era EPA negotiated a deal with automakers that would significantly improve the efficiency of future vehicles. As with many Obama-era environmental accomplishments, that agreement has been targeted by the Trump administration. In its analysis, the Trump EPA claimed that fuel-efficient vehicles would increase the fatalities from automobile accidents and proposed freezing fuel efficiency at 2020 levels while preparing new standards. But that analysis was hammered by scientists, who suggested that its cost/benefit analysis was flawed and that it failed to take into account negative consequences.
Meanwhile, various news reports indicated that automakers were uneasy about the degree to which the Trump administration was intending to cut back on automotive efficiency. Part of that unease was likely due to the fact that the automakers are already building far more efficient vehicles for markets that do have stricter standards. But a major factor for automakers was California's likely unwillingness to go along with the changes.
Source: Ars Technica | 17 Sep 2019 | 5:26 pm
The dream team. [credit: Gearbox Software ]
On the good side, this means that Borderlands 3 still provides the same kind of slick, fast-paced, varied, and just-plain-smooth shooter experience that the series has always provided. As usual, the game provides a seemingly endless variety of weapons that, crucially, all look and feel entirely distinct from one another in a number of ways. Experimenting with new gear to find the correct mix of damage impact, accuracy, magazine size, reload rate, and special abilities is a never-ending and continually fascinating process.
Earning access to a new weapon that fits your style just right still provides that adrenaline hit in a way that can't be matched by finding yet another identical shotgun in most other shooters. And many guns now have a secondary fire option, greatly increasing the level of personal tuning by offering new pros and cons.
That variety now also seems matched by the game's environments. The neons and blues of planet Promethea's urban guerrilla warfare provide a welcome change from the brown and gray desert environments Borderlands is generally known for (Pre-Sequel also showed a lot of promise on this score). Even in the relatively early going, it feels like there's going to be plenty of new planets and side-quests to keep players busy if they want to hit that rarefied 100% completion.
Source: Ars Technica | 17 Sep 2019 | 4:56 pm
Physicists have "heard" the telltale ring of an infant back hole for the first time, thanks to a fresh analysis of LIGO data. Researchers specifically looked for telltale "overtones" in the data from the collaboration's Nobel Prize-winning detection of two black holes merging. Not only were the overtones present, but the pattern of pitch and decay matches predictions for the black hole's mass and spin derived using the general theory of relativity. According to a new paper in Physical Review Letters, the result also supports the so-called "no hair" theorem for the classical description of black holes.
That classical picture of a black hole is a circle with a dot at the center. The circumference of the circle is the event horizon, and the dot is the singularity. General relativity holds that the area of the event horizon is a vacuum with no structure. That's because any dust, gas, or elementary particle placed at the horizon should fall into the black hole, maintaining the vacuum state. There would be no noticeable change if you threw something into a black hole—nothing that would provide a clue as to what that object might have been. It was the late physicist John Wheeler who coined the colorful description, "Black holes have no hair." (Wheeler had a knack for catchy names and phrases.) So all you need to describe black holes mathematically is their mass and their spin, plus their electric charge.
"We all expect general relativity to be correct, but this is the first time we have confirmed it in this way," said lead author Maximiliano Isi of MIT. "This is the first experimental measurement that succeeds in directly testing the no-hair theorem. It doesn't mean black holes couldn't have hair. It means the picture of black holes with no hair lives for one more day."
Source: Ars Technica | 17 Sep 2019 | 4:31 pm
ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.
Medical images and health data belonging to millions of Americans, including X-rays, MRIs, and CT scans, are sitting unprotected on the Internet and available to anyone with basic computer expertise.
The records cover more than 5 million patients in the United States and millions more around the world. In some cases, a snoop could use free software programs—or just a typical Web browser—to view the images and private data, an investigation by ProPublica and the German broadcaster Bayerischer Rundfunk found.
Source: Ars Technica | 17 Sep 2019 | 3:21 pm
The US Department of Justice may never be able to prosecute Edward Snowden for his procurement and distribution of highly classified information from the network of the National Security Agency. But DOJ lawyers have found a way to reach out and touch his income—and that of Macmillan Publishers—by filing a civil suit today against them for publication of his book, Permanent Record.
The lawsuit, filed in the US Court for the District of Eastern Virginia, does not seek to stop publication or distribution of Permanent Record. Instead, as a DOJ spokesperson said in a press release, "under well-established Supreme Court precedent [in the case] Snepp v. United States, the government seeks to recover all proceeds earned by Snowden because of his failure to submit his publication for pre-publication review in violation of his alleged contractual and fiduciary obligations."
The suit—which also names Macmillan, its Henry Holt and Company imprint, and its parent company Holtzbrinck Publishers—claims Snowden was in violation of both CIA and NSA secrecy agreements he signed as terms of his employment. In the CIA Secrecy Agreements Snowden signed, he acknowledged that "Snowden was required to submit his material for prepublication review 'prior to discussing [the work] with or showing it to anyone who is not authorized to have access to' classified information," DOJ attorneys wrote in their filing. "Snowden was also required not to 'take any steps towards public disclosure until [he] received written permission to do so from the Central Intelligence Agency.'"
Source: Ars Technica | 17 Sep 2019 | 3:04 pm
Greetings, Arsians! The Dealmaster is back with another round of bargains to share. Today's list is headlined by a deal over at Microsoft that gets you a month of the company's Xbox Game Pass Ultimate service for $1 or two months for $2. Normally, a Game Pass Ultimate membership—which wraps Game Pass for console and PC together with Xbox Live Gold—costs $15 a month. This offer has admittedly been live for a while now, but Microsoft says the $2 deal is set to expire on September 30. (The company declined to specify when the $1 offer will end.) Plus, you could still turn the discount into an even better value with the right planning.
To explain: we noted this back when Microsoft first ran this deal earlier in the year, but when you buy Game Pass Ultimate, the company will still turn up to 36 months of existing Xbox Live Gold (or non-Ultimate Game Pass) subscription time on your account into the all-in-one membership. That means you can stock up on Xbox Live Gold first—which many Xbox players will buy anyway to play online—then add up to three years of Game Pass to that prepaid time for $1 total instead of the usual $10 (for console) or $5 (for PC) a month. Put another way: after getting three 12-month Xbox Live Gold codes for $60 each, you could get three years of Game Pass Ultimate for $181 instead of the $540 it would cost at full price. (Or two years for $121 instead of $360, one year for $61 instead of $180, etc.)
The catch is that these offers are only available to those who are new to Game Pass Ultimate, not existing subscribers. If you have a standard Game Pass subscription for console or PC, though, you can still take advantage. It's also worth noting that Game Pass Ultimate subscription time can't be reverted back to individual Xbox Live Gold or standard Game Pass subscriptions after upgrading—your account won't be locked into the Ultimate plan forever, just the prepaid time up to 36 months. But you'll have to turn off recurring billing and re-join those other services separately if you don't want to renew Game Pass Ultimate once that prepaid time expires.
Source: Ars Technica | 17 Sep 2019 | 2:45 pm
Source: CNET News | 29 Jan 2019 | 12:07 am
Source: CNET News | 29 Jan 2019 | 12:06 am
Source: CNET News | 28 Jan 2019 | 11:42 pm
Source: CNET News | 28 Jan 2019 | 11:31 pm
Source: CNET News | 28 Jan 2019 | 10:58 pm
Source: CNET News | 28 Jan 2019 | 8:57 pm
Source: CNET News | 28 Jan 2019 | 8:38 pm
Source: CNET News | 28 Jan 2019 | 8:31 pm
Source: CNET News | 28 Jan 2019 | 8:22 pm