News & Updates

Enlarge / Satya Nadella, CEO of Microsoft, speaks at the Microsoft Annual Shareholders Meeting in Bellevue, Washington, on November 30, 2016. (credit: Jason Redmond, Getty Images)

Microsoft staff members are calling on CEO Satya Nadella to terminate the company’s contract with Immigration and Customs Enforcement (ICE). In an open letter published by The New York Times, employees say that they “refuse to be complicit” in ICE’s policy of breaking apart migrant families that come to the US without legal documentation.

Since May, the agency has been systematically separating children from their parents, and the kids have been housed in former warehouses and camps around the country. Microsoft’s involvement comes from the company’s Azure Government cloud computing platform: a segregated set of government-only data centers and cloud services operated exclusively by US citizens, with certifications and approval to fulfill certain government needs. In January, the company announced in a blog post that it was proud to support ICE’s “IT modernization” using Azure Government. This language was briefly removed “by mistake” from the blog post but has subsequently been reinstated.

In the view of the open letter’s signatories—and no small number of Microsoft employees on Twitter and the company’s internal social media—this cooperation is unacceptable, and the company should take an “ethical stand, and put children and families above profits.” They’re calling on the company to cancel its contract with ICE (claimed to be worth $19.4 million), create a public policy that neither Microsoft nor its contractors will work with clients violating international human rights law, and show greater transparency over contracts with government agencies.

Read 4 remaining paragraphs | Comments


Enlarge / European Union flags. (credit: Getty Images | Walter Zerla)

A European Parliament committee today approved a copyright law that could have wide-ranging effects on Internet platforms that host user-generated content.

The Parliament’s Committee on Legal Affairs voted 15-10 “to approve the controversial Article 13, which critics warn could put an end to memes, remixes and other user-generated content,” the BBC reported. The full parliament is expected to vote on the measure in July.

“The vote by the Legal Affairs Committee is likely to be the Parliament’s official stance as it heads into negotiations with EU countries on a common position, unless dissenting lawmakers force a vote at the general assembly next month,” Reuters wrote.

Read 7 remaining paragraphs | Comments



Will pop-up cameras be the next big thing in smartphones? After the announcement of the Vivo Nex, we’ve got another mostly screen device with a hidden front camera: the Oppo Find X. The good news is that this one is coming to North America, so some day we might have a chance to try out this crazy idea in person.

As smartphones dedicate more and more of the front of the device to screen pixels, the normal front-of-phone components like the camera, earpiece, and brightness sensors are starting to feel the squeeze. The big trend for 2018 is to copy Apple and go with a notched design, which pushes the display all the way up to the corners of the device, but then cuts a chunk out of the display for the components. It’s hard to see these non-rectangular screens as anything other than a temporary solution, and OEMs are already coming up with ways to work around a notch design.

Read 7 remaining paragraphs | Comments


Enlarge / Robots doing robot things.

Today is the second week of our experiment connecting a podcast to the written pages here at Ars. Specifically, we’re running episodes of my tech- and science-heavy podcast (called After On) in installments. You can access these episodes via an embedded audio player or by reading accompanying transcripts (both of which are below). The podcast is built around deep-dive interviews with world-class thinkers, founders, and scientists. Episodes generally run 60 to 120 minutes, which we carve up into two to four daily segments for Ars. (The first part of last week’s episode is available here.)

This week, my guest is the world-renowned roboticist and AI pioneer Rodney Brooks. Rodney co-founded iRobot. Best known for its Roomba vacuum cleaner, the company makes many other product as well—such as robots that defuse IEDs and other deadly contraptions in war zones. Rodney later founded Rethink Robotics, makers of the dexterous and creepily human-ish Sawyer and Baxter robots. Rodney’s celebrated academic career spanned decades, including many years running the AI and robotics lab at MIT. He was even the subject of a major documentary by legendary filmmaker Errol Morris.

I first posted the full episode to my podcast’s feed on March 19th, and we’ll run the show in three installments here on Ars. In our opening installment today, Rodney talks about getting tech news by steamship as a kid (yes, really)—living on the southern fringe of the inhabited world, with nothing on the (very) far side of the water but Antarctica. From there, we trace his journey to Stanford, then MIT, and through his creation of three companies—one of which had fourteen failed business models before finally hitting paydirt.

Read 7 remaining paragraphs | Comments


Enlarge / Therapeutic coffee? (credit: Getty | Steve Christo – Corbis)

In the distant future, your morning cup of joe may not just perk up your brain—it may perk up your genes, too. At least, that’s the optimistic outlook of some synthetic biologists in Switzerland.

A team led by Martin Fussenegger of ETH Zurich in Basel has shown that caffeine can be used as a trigger for synthetic genetic circuitry, which can then in turn do useful things for us—even correct or treat medical conditions. For a buzz-worthy proof of concept, the team engineered a system to treat type 2 diabetes in mice with sips of coffee, specifically Nespresso Volluto coffee. Essentially, when the animals drink the coffee (or any other caffeinated beverage), a synthetic genetic system in cells implanted in their abdomens switches on. This leads to the production of a hormone that increases insulin production and lowers blood sugar levels—thus successfully treating their diabetes after a simple morning brew.

The system, published Tuesday in Nature Communications, is just the start, Fussenegger and his colleagues suggest enthusiastically. “We think caffeine is a promising candidate in the quest for the most suitable inducer of gene expression,” they write. They note that synthetic biologists like themselves have long been in pursuit of such inducers that can jolt artificial genetics. But earlier options had problems. These included antibiotics that can spur drug-resistance in bacteria and food additives that can have side effects. Caffeine, on the other hand, is non-toxic, cheap to produce, and only present in specific beverages, such as coffee and tea, they write. It’s also wildly popular, with more than two billion cups of coffee poured each day worldwide.

Read 12 remaining paragraphs | Comments


Enlarge / This is the message you can expect to get when trying to log in to Nintendo’s network to play pirated software. (credit: Wololo)

When hackers revealed an unpatchable exploit allowing deep system access in all existing Switch consoles back in April, some industry watchers worried that this would lead to widespread piracy for copyrighted games on the system. Additional work by longtime Nintendo hacker SciresM, though, lays out the relatively robust protections Nintendo has in place to detect systems playing pirated games online and to permanently ban those consoles from Nintendo’s network.

SciresM’s lengthy Reddit post goes into a good level of technical detail on how Nintendo authorizes games and systems when connecting to the Nintendo network. The core of the protections comes from a unique encrypted client certificate stored in the “TrustZone” core of every Switch unit.

That certificate is used to identify the specific hardware being used to log in to Nintendo’s servers, meaning a banned console will stay banned from the network permanently. That’s a change from the 3DS, where users could use a fake token to get around a console-level network ban (at least until another ban came down, that is).

Read 4 remaining paragraphs | Comments


Jonathan Gitlin

By this point you may well have heard of Rimac Automobili, if for no other reason than that The Grand Tour‘s Richard Hammond almost killed himself (again) when he crashed-then-immolated one of Rimac’s Concept One electric hypercars. Based in Croatia, this engineering firm has been developing some seriously clever electric vehicle technology, both for its own use in road and race cars, as well as supplying technology to the likes of Aston Martin, Koenigsegg, and Jaguar.

On Wednesday morning, we learned that Porsche has now bought a 10-percent stake in Rimac and will be setting up a development partnership with the smaller company. “By developing the purely electric two-seater super sports cars, like the ‘Concept One’ or ‘C Two,’ as well as core vehicle systems, Rimac has impressively demonstrated its credentials in the field of electromobility,” said Lutz Meschke, deputy chairman of the executive board and member of the executive board for finance and IT at Porsche. “We feel that Rimac’s ideas and approaches are extremely promising, which is why we hope to enter into close collaboration with the company in the form of a development partnership.”

Read 2 remaining paragraphs | Comments



Google’s cross-platform Flutter SDK is hitting yet another release milestone on the way to version 1.0. Flutter is moving out of beta and releasing “Flutter Release Preview 1.” Google says the release preview status “signals our confidence in the stability and quality of what we have and our focus on bug fixing and stabilization.”

Flutter is Google’s second swing at a mobile SDK (the first being a little platform called “Android”). Flutter’s claim to fame is that it’s cross-platform—Flutter apps run on Android and iOS—and it’s really fast. Flutter apps sidestep the app platforms of Android and iOS, and instead run on the Flutter rendering engine (written in C++) and Flutter framework (written in Google’s Dart language, just like Flutter apps). When it’s time to ship a Flutter app off to Google and Apple’s respective app stores, the requisite Flutter engine code gets bundled up with the app code, and the Flutter SDK spits out Android and iOS versions of your single code base. Each version comes complete with built-in app themes for Android or iOS, so they still feel like native apps. Along with Android and iOS, Flutter is also the platform used for apps in Google’s experimental Fuchsia OS.

With the release of preview 1, the Flutter team is focusing on “scenario completeness” for a Flutter app. There’s an improved video player package, support for older, 32-bit iOS devices like the iPhone 5C, and support for Firebase Dynamic Links. The Flutter team is also improving the documentation and tooling for embedding Flutter code into an existing Android or iOS app.

Read 2 remaining paragraphs | Comments


Symantec tracked a new APT group named Thrip that targeted0 satellite operators, telco companies and defense contractors in the US and Southeast Asia.

Chinese APT groups are always very active, experts at Symantec have tracked a new APT group named Thrip that has breached the systems of satellite operators, telecommunications companies and defense contractors in the United States and Southeast Asia.

The Thrip group has been active since 2013, but this is the first time Symantec publicly shared details of its activities.

“We’ve been monitoring Thrip since 2013 when we uncovered a spying campaign being orchestrated from systems based in China. Since our initial discovery, the group has changed its tactics and broadened the range of tools it used. Initially, it relied heavily on custom malware, but in this most recent wave of attacks, which began in 2017, the group has switched to a mixture of custom malware and living off the land tools. ” reads the analysis published by Symantec.

Thrip APT

Thrip APT used a combination of custom malware and legitimate tools in its attacks, the list of victims is long and include a satellite communications operator.

The hackers targeted devices involved in operations and infected computers running software that monitors and controls satellites, this circumstance suggests the attackers may also interested in sabotage.

Another victim of the group is a company specializing in geospatial imaging and mapping.

“[Thrip] targeted computers running MapXtreme GIS (Geographic Information System) software which is used for tasks such as developing custom geospatial applications or integrating location-based data into other applications. It also targeted machines running Google Earth Server and Garmin imaging software.” continues the analysis.

“The satellite operator wasn’t the only communications target Thrip was interested in. The group had also targeted three different telecoms operators, all based in Southeast Asia.”

The group also targeted three telecoms firms in Southeast Asia and a defense contractor.

The arsenal of the group includes the data stealer Trojan.Rikamanu and its evolution Infostealer.Catchamas that implements more sophisticated data strealing features and evasion capabilities.

The APT group also used the Trojan.Mycicil, a keylogger that is available for sale on Chinese underground marketplaces, and the Backdoor.Spedear and Trojan.Syndicasec malware.

The Thrip APT also many legitimate tools, including the Windows SysInternals utility PSExec, PowerShell, Mimikatz, and the LogMeIn remote access software.

Further details, including IoCs are reported in the analysis published by Symantec.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
catch (error) {}

Pierluigi Paganini

(Security Affairs – Thrip APT, cyberespionage)

The post China-linked Thrip APT group target defense and satellite firms appeared first on Security Affairs.

Source: Security affairs