谷歌自动翻译 》

Protocol found in webcams and DVRs are fueling a new round of big DDoSes
A fanciful representation of the Internet spanning the globe.

Enlarge (credit: Akamai)

Hackers have found a new way to amplify the crippling effects of denial-of-service technique by abusing an improperly implemented tool found in almost 1 million network-connected cameras, DVRs, and other Internet-of-things devices.

The technique abuses WS-Discovery, a protocol that a wide array of network devices use to automatically connect to one another. Often abbreviated as WSD, the protocol lets devices send user datagram protocol packets over port 3702 that describe the device capabilities and requirements. Devices that receive the probes can respond with replies that can be tens to hundreds of times bigger. WSD has shipped with Windows since Vista and is one of the ways the operating system automatically finds network-based printers.

IoT strikes again

The WSD specification calls for probes and responses to be restricted to local networks, but over the past few months, researchers and attackers have started to realize that many Internet-of-things devices allow devices to send probes and responses over the Internet at large. The result: these improperly designed devices have become a vehicle capable of converting modest amounts of malicious bandwidth into crippling torrents that take down websites. Depending on the device, responses can be anywhere from seven to 153 times bigger, an amplification that puts WSD among the most powerful techniques for amplifying distributed denial of service attacks.

Read 13 remaining paragraphs | Comments

Source: Ars Technica | 18 Sep 2019 | 9:00 am

The world’s best bush plane is destroyed on take off in Reno
  • Emergency services respond to the crash at Stead Airport in Nevada. [credit: Mike Patey/Youtube ]

Mike Patey, the Utah entrepreneur who transformed his Polish-built Wilga 2000 short takeoff and landing (STOL) aircraft into a million-dollar "ultimate bush plane" called DRACO, crashed on takeoff leaving the Reno National Championship Air Races on Monday.

Patey was attempting to depart Reno (where DRACO had been featured in a static display) the day after the races were over, seeking to beat a fast-moving weather front. With him aboard DRACO were his wife and best friend. All three escaped the crash without injury.

The incident

The crash occurred at about 10:12 pm local time. According to the Meteorological Aerodrome Report (METAR), the winds at Stead Airport were out of the southwest, blowing steady at 24 knots (28mph, or about 45km/h) and gusting to 38 knots (44mph, or about 71km/h). Patey was taking off on runway 26 with a crosswind from his left.

Read 11 remaining paragraphs | Comments

Source: Ars Technica | 18 Sep 2019 | 8:15 am

HP debuts Elite Dragonfly 2-in-1 with ultra-light chassis, 24-hour battery life
  • The new HP Elite Dragonfly 2-in-1. [credit: Valentina Palladino ]

The commercial PC space can be slow to catch up to the consumer space when it comes to design and next-gen features. But HP thinks it has a solution for business users who want a laptop that looks just as good as it works and doesn't sacrifice pro features to do so. The HP Elitebook Dragonfly, despite its playful name, doesn't play around with its top-tier specs, and at just 2.2 pounds, it's one of the lightest business notebooks you'll find.

The "dragonfly" name refers to the device's ultra-light weight and its color, which HP calls dragonfly blue. The 13-inch Dragonfly is certainly one of the lightest business notebooks I've touched, and I was pleasantly surprised to see that HP still managed to include one USB-A port and an HDMI port on the convertible's slim frame. Those ports are accompanied by two Thunderbolt 3 ports, a headphone jack, and a security lock slot.

The Dragonfly's modern design would make it seem like a good competitor for machines like Dell's XPS 13 or even the now-discontinued MacBook, but it is part of the Elitebook family, so it has a number of features that pro- and business-users will require standard. The machine has a chassis made of magnesium alloy and ocean-bound plastic material and is MIL-STD 810G certified, so it will withstand drops and shocks better than most of its consumer counterparts. In addition to a shutter-able webcam, the Dragonfly can be equipped with an IR camera, and it comes with a fingerprint reader standard for Windows Hello. The Dragonfly will also support vPro Intel CPUs, up to 16GB of RAM, up to 2TB of storage, Wi-Fi 6, and optional 4x4 LTE connectivity.

Read 5 remaining paragraphs | Comments

Source: Ars Technica | 18 Sep 2019 | 2:00 am

Musk spent $50,000 digging into critic’s personal life
A man in a suit speaks at a podium.

Enlarge / Elon Musk in 2015. (credit: ODD ANDERSEN/AFP/Getty Images)

Elon Musk spent more than $50,000 digging into the personal life of British expat and Thai caver Vern Unsworth in summer 2018 in an effort to substantiate the claim that he was a "pedo guy." Musk revealed the spending in his latest response to a defamation lawsuit Unsworth filed against him last year.

Initially, Musk's investigator turned up some seemingly damning information about Unsworth, including a claim that Unsworth began dating his wife when she was around 12 years old. However, further investigation failed to confirm this claim, with the investigator finding she was actually around 18 years old when the couple met. (The wife, Woranan Ratrawiphukkunand, later told UK newspapers she was 33 when they met.)

But Musk argues that it doesn't matter, legally speaking, if his claims about Unsworth were actually true. What matters is that Musk believed the claims were true at the time he repeated them to BuzzFeed reporter Ryan Mac.

Read 23 remaining paragraphs | Comments

Source: Ars Technica | 17 Sep 2019 | 6:41 pm

Trump to eliminate California’s car emission standards waiver
Image of cars producing exhaust

Enlarge (credit: Lawrence Berkeley Lab)

The New York Times reports that the Trump administration will use a meeting at the Environmental Protection Agency on Wednesday to announce the revocation of California's ability to set its own air pollution standards. The state's authority was granted by a waiver that allows it to set pollution limits that are stricter than the federal government's, which is now threatening the administration's ability to roll back Obama-era standards for automobile fuel economy. This move has been rumored to be under consideration for months and sets up a legal showdown that will pit the federal government against California and the 13 states that plan to follow its lead.

As part of the Obama administration's push to limit greenhouse gas emissions, the Obama-era EPA negotiated a deal with automakers that would significantly improve the efficiency of future vehicles. As with many Obama-era environmental accomplishments, that agreement has been targeted by the Trump administration. In its analysis, the Trump EPA claimed that fuel-efficient vehicles would increase the fatalities from automobile accidents and proposed freezing fuel efficiency at 2020 levels while preparing new standards. But that analysis was hammered by scientists, who suggested that its cost/benefit analysis was flawed and that it failed to take into account negative consequences.

Meanwhile, various news reports indicated that automakers were uneasy about the degree to which the Trump administration was intending to cut back on automotive efficiency. Part of that unease was likely due to the fact that the automakers are already building far more efficient vehicles for markets that do have stricter standards. But a major factor for automakers was California's likely unwillingness to go along with the changes.

Read 5 remaining paragraphs | Comments

Source: Ars Technica | 17 Sep 2019 | 5:26 pm

Borderlands 3 is a lot more Borderlands, in ways both good and bad
We've had to wait seven years to get a new numbered game in the Borderlands series and almost five years since the (surprisingly fun) Borderlands: The Pre-Sequel that was supposed to hold us over in the interim. Now that we're a few days past the retail launch (our review codes arriving only hours before the game went on sale) and have plowed a fair share of hours into the game, we're struck by just how little Borderlands has changed in that intervening time, both for good and for ill.

On the good side, this means that Borderlands 3 still provides the same kind of slick, fast-paced, varied, and just-plain-smooth shooter experience that the series has always provided. As usual, the game provides a seemingly endless variety of weapons that, crucially, all look and feel entirely distinct from one another in a number of ways. Experimenting with new gear to find the correct mix of damage impact, accuracy, magazine size, reload rate, and special abilities is a never-ending and continually fascinating process.

Earning access to a new weapon that fits your style just right still provides that adrenaline hit in a way that can't be matched by finding yet another identical shotgun in most other shooters. And many guns now have a secondary fire option, greatly increasing the level of personal tuning by offering new pros and cons.

That variety now also seems matched by the game's environments. The neons and blues of planet Promethea's urban guerrilla warfare provide a welcome change from the brown and gray desert environments Borderlands is generally known for (Pre-Sequel also showed a lot of promise on this score). Even in the relatively early going, it feels like there's going to be plenty of new planets and side-quests to keep players busy if they want to hit that rarefied 100% completion.

Read 11 remaining paragraphs | Comments

Source: Ars Technica | 17 Sep 2019 | 4:56 pm

Fresh analysis of LIGO data supports “no hair” theorem for black holes
A night sky interrupted by two black voids.

Enlarge / Simulated image of two merging black holes detected by LIGO, viewed face-on. (credit: SXS Lensing)

Physicists have "heard" the telltale ring of an infant back hole for the first time, thanks to a fresh analysis of LIGO data. Researchers specifically looked for telltale "overtones" in the data from the collaboration's Nobel Prize-winning detection of two black holes merging. Not only were the overtones present, but the pattern of pitch and decay matches predictions for the black hole's mass and spin derived using the general theory of relativity. According to a new paper in Physical Review Letters, the result also supports the so-called "no hair" theorem for the classical description of black holes.

That classical picture of a black hole is a circle with a dot at the center. The circumference of the circle is the event horizon, and the dot is the singularity. General relativity holds that the area of the event horizon is a vacuum with no structure. That's because any dust, gas, or elementary particle placed at the horizon should fall into the black hole, maintaining the vacuum state. There would be no noticeable change if you threw something into a black hole—nothing that would provide a clue as to what that object might have been. It was the late physicist John Wheeler who coined the colorful description, "Black holes have no hair." (Wheeler had a knack for catchy names and phrases.) So all you need to describe black holes mathematically is their mass and their spin, plus their electric charge.

"We all expect general relativity to be correct, but this is the first time we have confirmed it in this way," said lead author Maximiliano Isi of MIT. "This is the first experimental measurement that succeeds in directly testing the no-hair theorem. It doesn't mean black holes couldn't have hair. It means the picture of black holes with no hair lives for one more day."

Read 16 remaining paragraphs | Comments

Source: Ars Technica | 17 Sep 2019 | 4:31 pm

Millions of Americans’ medical images and data are available on the Internet
Dislocated cervical vertebrae (traumatic lesion of cervical vertebrae C1-C2). X-ray in profile. (Photo by: BSIP/Universal Images Group via Getty Images)

Enlarge / Dislocated cervical vertebrae (traumatic lesion of cervical vertebrae C1-C2). X-ray in profile. (Photo by: BSIP/Universal Images Group via Getty Images) (credit: BSIP | GettyImages)

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.

Medical images and health data belonging to millions of Americans, including X-rays, MRIs, and CT scans, are sitting unprotected on the Internet and available to anyone with basic computer expertise.

The records cover more than 5 million patients in the United States and millions more around the world. In some cases, a snoop could use free software programs—or just a typical Web browser—to view the images and private data, an investigation by ProPublica and the German broadcaster Bayerischer Rundfunk found.

Read 35 remaining paragraphs | Comments

Source: Ars Technica | 17 Sep 2019 | 3:21 pm

Feds seek to seize all profits from Snowden’s book over NDA violation
Promotional image of the book Permanent Record.

Enlarge / The US Government thanks Edward Snowden for the revenue stream with a filing in US court on September 17—the day his book hit shelves in the US. (credit: Henry Holt / Macmillan)

The US Department of Justice may never be able to prosecute Edward Snowden for his procurement and distribution of highly classified information from the network of the National Security Agency. But DOJ lawyers have found a way to reach out and touch his income—and that of Macmillan Publishers—by filing a civil suit today against them for publication of his book, Permanent Record.

The lawsuit, filed in the US Court for the District of Eastern Virginia, does not seek to stop publication or distribution of Permanent Record. Instead, as a DOJ spokesperson said in a press release, "under well-established Supreme Court precedent [in the case] Snepp v. United States, the government seeks to recover all proceeds earned by Snowden because of his failure to submit his publication for pre-publication review in violation of his alleged contractual and fiduciary obligations."

The suit—which also names Macmillan, its Henry Holt and Company imprint, and its parent company Holtzbrinck Publishers—claims Snowden was in violation of both CIA and NSA secrecy agreements he signed as terms of his employment. In the CIA Secrecy Agreements Snowden signed, he acknowledged that "Snowden was required to submit his material for prepublication review 'prior to discussing [the work] with or showing it to anyone who is not authorized to have access to' classified information," DOJ attorneys wrote in their filing. "Snowden was also required not to 'take any steps towards public disclosure until [he] received written permission to do so from the Central Intelligence Agency.'"

Read 4 remaining paragraphs | Comments

Source: Ars Technica | 17 Sep 2019 | 3:04 pm

Dealmaster: You can still convert 3 years of Xbox Live to Game Pass Ultimate for $1
Collage of electronic items for sale.

Enlarge (credit: Ars Technica)

Greetings, Arsians! The Dealmaster is back with another round of bargains to share. Today's list is headlined by a deal over at Microsoft that gets you a month of the company's Xbox Game Pass Ultimate service for $1 or two months for $2. Normally, a Game Pass Ultimate membership—which wraps Game Pass for console and PC together with Xbox Live Gold—costs $15 a month. This offer has admittedly been live for a while now, but Microsoft says the $2 deal is set to expire on September 30. (The company declined to specify when the $1 offer will end.) Plus, you could still turn the discount into an even better value with the right planning.

To explain: we noted this back when Microsoft first ran this deal earlier in the year, but when you buy Game Pass Ultimate, the company will still turn up to 36 months of existing Xbox Live Gold (or non-Ultimate Game Pass) subscription time on your account into the all-in-one membership. That means you can stock up on Xbox Live Gold first—which many Xbox players will buy anyway to play online—then add up to three years of Game Pass to that prepaid time for $1 total instead of the usual $10 (for console) or $5 (for PC) a month. Put another way: after getting three 12-month Xbox Live Gold codes for $60 each, you could get three years of Game Pass Ultimate for $181 instead of the $540 it would cost at full price. (Or two years for $121 instead of $360, one year for $61 instead of $180, etc.)

The catch is that these offers are only available to those who are new to Game Pass Ultimate, not existing subscribers. If you have a standard Game Pass subscription for console or PC, though, you can still take advantage. It's also worth noting that Game Pass Ultimate subscription time can't be reverted back to individual Xbox Live Gold or standard Game Pass subscriptions after upgrading—your account won't be locked into the Ultimate plan forever, just the prepaid time up to 36 months. But you'll have to turn off recurring billing and re-join those other services separately if you don't want to renew Game Pass Ultimate once that prepaid time expires.

Read 3 remaining paragraphs | Comments

Source: Ars Technica | 17 Sep 2019 | 2:45 pm

FaceTime bug lets callers eavesdrop on you (even if you don't accept the call) - CNET
The bug affects calls to iPhones and reportedly impacts calls to Macs, potentially turning any device into a hot mic.

Source: CNET News | 29 Jan 2019 | 12:07 am

How to disable FaceTime (so no one can eavesdrop on your iPhone or Mac) - CNET
A new Apple FaceTime bug has the potential to let callers hear you and see you, even if you don't accept the call. Here's how to protect yourself until there's a fix.

Source: CNET News | 29 Jan 2019 | 12:06 am

Fortnite is back after login issues - CNET
For two and half hours on Monday, the biggest video game in the world was down.

Source: CNET News | 28 Jan 2019 | 11:42 pm

I Am the Night: Chris Pine charms in dark mystery based on true events - CNET
Review: Set in 1965, this miniseries directed by Wonder Woman's Patty Jenkins captivates with its rich imagery.

Source: CNET News | 28 Jan 2019 | 11:31 pm

Scientists say song lyrics are getting angrier over time - CNET
But which came first: the sad, angry music or the bummer cultural zeitgeist?

Source: CNET News | 28 Jan 2019 | 10:58 pm

Super Bowl 2019 ads we've seen so far - CNET
Lebowski's Dude meets Carrie Bradshaw, Amazon taps Harrison Ford and T-Mobile makes everything magenta.

Source: CNET News | 28 Jan 2019 | 8:57 pm

Lexus is considering building its first F-branded hot crossover - Roadshow
Lexus execs have hinted that it could be a breathed-upon UX with a more potent hybrid drivetrain.

Source: CNET News | 28 Jan 2019 | 8:38 pm

US hammers Huawei with 23 indictments for stolen trade secrets, fraud - CNET
The charges come amid heightened scrutiny for the world's largest telecom supplier and No. 2 smartphone maker.

Source: CNET News | 28 Jan 2019 | 8:31 pm

T-Series closes in on PewDiePie's YouTube subscriber record - CNET
Two YouTube titans are slugging it out to be No. 1, but PewDiePie continues to hold on.

Source: CNET News | 28 Jan 2019 | 8:22 pm

We found the toughest iPhone XR case - CNET
A lot of phones were broken in this drop test to find the toughest iPhone case.

Source: CNET News | 28 Jan 2019 | 8:15 pm