News & Updates

Enlarge (credit: Apple)

A small group of developers for Apple platforms has banded together to request new features and policies from Apple, and its members say they have ideas for ways to make it easier to make a living on the platform, Wired reports. They’re calling it “The Developers Union,” and they launched a website where devs can sign up to share their support of a free trial feature for the app store.

The union has some notable names attached, including Jake Schumacher, director of the documentary App: The Human Story, and NetNewsWire and MarsEdit developer Brent Simmons—along with a product designer named Loren Morris and a software developer named Roger Ogden.

The group says it will start with the free trial push but that it will follow that up with “other community-driven, developer-friendly changes” including a “a more reasonable revenue cut.” The starting revenue share is 70-30 in Apple’s favor, presently. Google offers a similar rate, but Microsoft recently announced a cut to its share of revenue to developers’ favor.

Read 6 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Trailer for Who Is Arthur Chu?

Some 50-plus years in, Jeopardy’s cultural impact seems definitive. The iconic game show has fans of all sorts: Drake listeners, scholars of classic cinema, local-pub-trivia diehards. It can turn “a software engineer from Salt Lake City” into author/TV personality/quizmaster Ken Jennings or “a bartender from New York” into your parents’ favorite contestant in recent memory.

But not all of the legendary quiz show’s champions enjoy universal adoration, and new documentary Who Is Arthur Chu?debuting on PBS’ America ReFramed this Tuesday, May 22, and available via VOD on June 12 across platforms (including iTunes, YouTube, Google Play, and Amazon)—looks at this oddly controversial contestant’s first year after becoming an 11-time Jeopardy champion in 2014. If you recognize the name today, it’s likely you’re a Jeopardy diehard with some sort of feeling about Chu’s unusual “Forrest Bounce” strategy, which essentially eschewed going top-down on categories in favor of hunting out Daily Doubles in order to limit an opponent’s big-play ability. The approach seemed to anger the game’s purists and make Chu divisive to the show’s fan community, but that’s a subject destined to be the starting point for some other film.

Who Is Arthur Chu? instead stumbles into a more interesting reality. Post-Jeopardy, Chu had no interest in resting on his new reputation and embracing the trivia lifestyle—rather, he decided to capitalize on his newfound fame and following by using it to fight back against online trolling and hate campaigns in the era of GamerGate and incels. Filmmakers Yu Gu and Scott Drucker, therefore, don’t end up with a behind-the-scenes look at Trebek’s temple; Who Is Arthur Chu? goes on to ask questions that are too complex for even Final Jeopardy.

Read 11 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Researchers from Eclypsium proposed a new variation of the Spectre attack that can allow attackers to recover data stored inside CPU System Management Mode.

Security experts from Eclypsium have devised a new variation of the Spectre attack that can allow attackers to recover data stored inside CPU System Management Mode (SMM) (aka called ring -2).

The SMM is an operating mode of x86 CPUs in which all normal execution, including the operating system, is suspended.

When a code is sent to the SMM, the operating system is suspended and a portion of the UEFI/BIOS firmware executes various commands with elevated privileges and with access to all the data and hardware.

“The main benefit of SMM is that it offers a distinct and easily isolated processor environment that operates transparently to the operating system or executive and software applications.” reads Wikipedia.

The SMM mode was first released with the Intel 386SL in the early 90s, Intel CPUs implements a memory protection mechanism known as a range register to protect sensitive contents of memory regions such as SMM memory.

SMM memory on Intel CPUs is protected by a special type of range registers known as System Management Range Register (SMRR).

Eclypsium experts based their study on a public proof-of-concept code for the Spectre variant 1 (CVE-2017-5753) vulnerability to bypass the SMRR mechanism and access to the content of the System Management RAM (SMRAM) that contains the SMM and where the SMM working data is executed.

“Because SMM generally has privileged access to physical memory, including memory isolated from operating systems, our research demonstrates that Spectre-based attacks can reveal other secrets in memory (eg. hypervisor, operating system, or application).” states the report published by Eclypsium.

“These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as SMM memory. This can expose SMM code and data that was intended to be confidential, revealing other SMM vulnerabilities as well as secrets stored in SMM,” 

Spectre vulnerabilities

The experts ported the PoC code to a kernel driver and demonstrated it works from the kernel privilege level. Then they run they exploit code from the kernel privilege level against protected memory.

“The kernel-level PoC exploit provides access to different hardware interfaces, which gives attackers better control over the system hardware and access to different hardware interfaces such as physical memory, IO, PCI, and MMIO interfaces. It also provides access to interfaces at a higher privilege level, such as software SMI.” explained the researchers.

“Next, we integrated the PoC exploit into CHIPSEC in order to quickly expand our tests. In our first experiment, we tried to read protected SMRAM memory. We mapped the physical addresses of SMRAM into the virtual address space and then used the SMRAM addresses as the target of our exploit.” 

The experts believe that it is possible to obtain the same result by using Spectre variant 2 (CVE-2017-5715) can also achieve the same results.

Eclypsium reported the new attack technique to Intel in March. Intel replied that the security updates released for the Spectre variant 1 and variant 2 should be enough to mitigate this new attack.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – Spectre, hacking)

The post Experts propose a new variation of the Spectre attack to recover data from System Management Mode appeared first on Security Affairs.

Source: Security affairs

Starting with Chrome 70, Google will mark with a red warning for HTTP content, Big G is continuing its effort to make the web more secure.

Since January 2017, Chrome indicates connection security with an icon in the address bar labeling HTTP connections to sites as non-secure, while since May 2017 Google is marking newly registered sites that serve login pages or password input fields over HTTP as not secure.

Back to the present, in May 2018 the overall encrypted traffic for several Google products is more than over 93%.

“Security is a top priority at Google. We are investing and working to make sure that our sites and services provide modern HTTPS by default. Our goal is to achieve 100% encryption across our products and services. The chart below shows how we’re doing across Google.” reads the Google Transparency report.

This is an important success for Google, consider that early 2014 only 50% of the traffic was encrypted.

According to the Google Transparency report, around 75% of the pages loaded via Chrome early May 2018 were served over secure HTTPS connections, while in 2014 the percentage was only around 40%.

Given now plan to mark unencrypted connections with a red “Not Secure” warning.

“Previously, HTTP usage was too high to mark all HTTP pages with a strong red warning, but in October 2018 (Chrome 70), we’ll start showing the red “not secure” warning when users enter data on HTTP pages,” reads a blog post published by Google.

Chrome 70 treatment for HTTP pages with user input

“We hope these changes continue to pave the way for a web that’s easy to use safely, by default. HTTPS is cheaper and easier than ever before, and unlocks powerful capabilities — so don’t wait to migrate to HTTPS! Check out our set-up guides to get started.” explained Emily Schechter, Product Manager, Chrome Security”

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – Chrome 70, HTTPs)

The post Chrome evolves security indicators by marking with a red warning for HTTP content appeared first on Security Affairs.

Source: Security affairs

Enlarge (credit: Lisa Cooper / Flickr)

It’s not every day someone develops a malware attack that, with one click, exploits separate zero-day vulnerabilities in two widely different pieces of software. It’s even rarer that a careless mistake burns such a unicorn before it can be used. Researchers say that’s precisely happened to malicious PDF document designed to target unpatched vulnerabilities in both Adobe Reader and older versions of Microsoft Windows.

Modern applications typically contain “sandboxes” and other defenses that make it much harder for exploits to successfully execute malicious code on computers. When these protections work as intended, attacks that exploit buffer overflows and other common software vulnerabilities result in a simple application crash rather than a potentially catastrophic security event. The defenses require attackers to chain together two or more exploits: one executes malicious code, and a separate exploit allows the code to break out of the sandbox.

A security researcher from antivirus provider Eset recently found a PDF document that bypassed these protections when Reader ran on older Windows versions. It exploited a then-unpatched memory corruption vulnerability, known as a double free, in Reader that made it possible to gain a limited ability to read and write to memory. But to install programs, the PDF still needed a way to bypass the sandbox so that the code could run in more sensitive parts of the OS.

Read 6 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

DrayTek routers are affected by a zero-day vulnerability that could be exploited by attackers to change DNS settings on some models.

Routers manufactured by the Taiwan-based vendor DrayTek are affected by a zero-day vulnerability that could be exploited by attackers to change DNS settings on some of its routers.

DrayTek confirmed to be aware that hackers are attempting to exploit the zero-day vulnerability to compromise its routers.

Many users reported on Twitter cyber attacks against its routers, in these cases, hackers have changed DNS settings of the routers to point to a server having the 38.134.121.95 IP address on the network of China Telecom.

It is likely attackers are conducting a Man-in-the-Middle attack to redirect users to bogus clones of legitimate sites to steal their credentials.

DrayTek routers zeroday

DrayTek published a security advisory warning of the attacks and providing instructions on how to check and correct DNS settings.

“In May 2018, we became aware of new attacks against web-enabled devices, which includes DrayTek routers. The recent attacks have attempted to change DNS settings of routers.” reads the security advisory

” If you have a router supporting multiple LAN subnets, check settings for each subnet.  Your DNS settings should be either blank, set to the correct DNS server addresses from your ISP or DNS server addresses of a server which you have deliberately set (e.g. Google 8.8.8.8). A known rogue DNS server is 38.134.121.95 – if you see that, your router has been changed.  “

The company is already working on a firmware updates to patch the issue.

DrayTek published a second advisory that includes the list of devices and firmware versions that it is going to release in the coming days.

Initially, the company suspected that victims of the attacks were using DrayTek routers with default credentials, but one of them clarified that its device wasn’t using factory settings, a circumstance that confirms that attackers are in possession of a zero-day exploit.

Searching for DrayTek routers online with Shodan we can find more than 800,000 connected devices connected online, some of them could be potentially compromised with the mysterious exploit.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – DrayTek routers, hacking)

The post More than 800,000 DrayTek routers at risks due to a mysterious zero-day exploit appeared first on Security Affairs.

Source: Security affairs

Enlarge / Sen. Ron Wyden (D-Oregon), as seen on April 18, 2018. (credit: New America / Flickr)

The Federal Communications Commission has taken preliminary steps to examine the actions of LocationSmart, a southern California company that has suddenly found itself under intense public and government scrutiny for allowing most American cell phones’ locations to be easily accessed.

As Ars reported Thursday, LocationSmart identifies the locations of phones connected to AT&T, Sprint, T-Mobile, or Verizon, often to an accuracy of a few hundred yards, reporter Brian Krebs said. While the firm claims it provides the location-lookup service only for legitimate and authorized purposes, Krebs reported that a demo tool on the LocationSmart website could be used by just about anyone to surreptitiously track the real-time whereabouts of just about anyone else.

“I can confirm the matter has been referred to the Enforcement Bureau,” wrote FCC spokesman Neil Grace in a Friday afternoon email to Ars.

Read 10 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

On May 13, 2005, Star Trek: Enterprise ended its four-season run with the controversial two-part finale, “These Are the Voyages… ” The finale infamously brought in cast members from The Next Generation to tell the final chapter in Enterprise’s story, and it was viewed by some as a disrespectful and ignominious end to 18 almost-unbroken years of Trek on the small screen.

Generously put, many fans considered this a low point in the franchise’s history. With Enterprise, some fans blamed the anemic finale on the series’ often-uneven writing. Others blamed Rick Berman, who had been Star Trek’s Nerd-in-Chief since Gene Roddenberry’s passing in 1991. And still others blamed the rise of “darker” and more heavily serialized sci-fi fare like Battlestar Galactica (although BSG showrunner Ron Moore first dabbled in this style, largely successfully, in the latter seasons of Deep Space Nine).

But no matter who or what was to blame, Trekkies everywhere were suddenly in an odd position—left to wonder if the universe they’d come to know and love for almost four decades would make it to its 50th birthday. Star Trek was off the airwaves with no successor series waiting in the wings for the first time since 1987. And for some salt in the wound, it had even been three years since the last TNG-cast film, Nemesis, which had been poorly received by most fans and critics. (Its predecessor, Insurrection, hadn’t fared much better.)

Read 47 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Valentina Palladino

NEW YORK—Upon walking into a gray, bricked-facade gallery in Manhattan’s Chelsea area, color immediately flooded my eyes. LEGO chose an unassuming location to show off some of the more than 100 new sets coming out in time for the 2018 holiday season. The company literally took the blank canvas of the gallery’s interior and splashed it with colorful bricks, some waiting patiently in buckets begging to be dumped out and some built into magical express trains, massive starfighters, and working roller coaster replicas.

As an avid LEGO fan for years (I had my father’s old LEGO bricks to play with as a kid), I’m always struck by the hundreds of new sets that come out each year. According to Amanda Madore, senior brand relations manager at LEGO, the company constantly tries to spice things up in new sets with various levels of intricacy. While some builders are perfectly content sitting down for a few hours with a 1,000-piece set, others want a burst of building that’s just as fun and yields almost instant gratification. Also, some fans can’t afford to drop hundreds on a huge LEGO set and that’s where new forms like Brick Headz come in.

Read 2 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

FireEye iSIGHT Intelligence discovered on the underground market a dataset allegedly containing 200 million unique sets of personally identifiable information stolen from several popular Japanese websites.

Security experts from FireEye iSIGHT Intelligence have discovered on underground forums a dataset allegedly containing 200 million unique sets of personally identifiable information (PII) stolen from several popular Japanese website databases.

It’s likely the data was taken via opportunistic compromise.

In reality, the dataset was discovered in an instant messenger group for sharing and offering data.

The huge trove of data was first discovered in December 2017, the archive was offered by a Chinese user at around $150.

Stolen records included names, credentials, email addresses, dates of birth, phone numbers, and home addresses.

The huge archive is composed of data stolen from Japanese websites of a variety of industries, including those in the retail, transportation sectors, food and beverage, financial, and entertainment.

According to the experts, data was raked between May and June 2016, the threat actor has offered for sale site databases on Chinese underground forums since at least 2013.

“Yes, we’ve observed actors who were selling Japanese PII data or interested in purchase,” said Oleg Bondarenko, senior manager for international research at FireEye. “However [we] have never observed at such scale.”

Many users commented on the advertisement demonstrating their interest for the data, but some of them provided negative feedback because they did not receive the purchased database.

“The data was extremely varied and not available through publicly available data sources; therefore, we believe that the advertised data is genuine,” states FireEye.

Experts believe data was genuine, they noticed that most of the email addresses out of a random sample of 200,000 belong to major third-party leaks.

“Since we did not observe most of the leaked data in any dataset as coming from one specific leak or on any publicly available website, this also indicates that the actor is unlikely to have bought or scraped the information from data leaks and resold it as a new product,” continues FireEye.

Japanese websites

The analysis of another sample composed of 190,000 credentials revealed that 36% contained duplicate values and the presence of a huge numbed fake email addresses.

The seller was offering data stolen from websites in China, Taiwan, Hong Kong, European countries, Australia, New Zealand, and North American countries.

“Since much of this information has been previously leaked in large-scale data leaks, as well as the possibility that it has been previously sold, we anticipate that this dataset will not enable new large scale malicious activity against targeted entities or individuals with leaked PII,” FireEye concluded.

According to the officials, the scale of the data put up for sale is unprecedented for Japan.

FireEye is warning Japanese government offices and affected businesses. They say the information could be used to carry out cyberattacks on Japan.

Masatomi Iwama, an executive of FireEye’s Japan branch, explained that people must be careful about their security hygiene.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(Security Affairs – Japanese websites, data leak)

The post A dataset of 200 million PII exfiltrated from several Japanese websites offered on underground market appeared first on Security Affairs.

Source: Security affairs