posted 4 days ago on ars technica
In its third quarter of the 2015 financial year, Microsoft announced revenue up 6 percent to $21.73 billion, with a gross margin up 1 percent to $14.57 billion. Operating income declined 5 percent, however, to $6.60 billion, with earnings per share down 10 percent to $0.61. This beats estimates of around $21.06 billion revenue, and $0.51 earnings per share. The increased revenue was attributed primarily to cloud and server software growth, with Office 365 continuing to expand, and Windows Server, System Center Server, and SQL Server in particular showing strong performance. Offsetting this was a sharp decline of Windows revenue to consumers, and smaller declines in corporate Windows and Office sales. Microsoft said that a $190 million cost due to the continued restructuring and integration of Nokia's Devices and Services business reduced operating income, as did the continued strength of the US dollar. Read 10 remaining paragraphs | Comments

Read More...
posted 4 days ago on ars technica
Criminals are exploiting an extremely critical vulnerability found on almost 100,000 e-commerce websites in a wave of attacks that puts the personal information for millions of people at risk of theft. The remote code-execution hole resides in the community and enterprise editions of Magento, the Internet's No. 1 content management system for e-commerce sites. Engineers from eBay, which owns the e-commerce platform, released a patch in February that closes the vulnerability, but as of earlier this week, more than 98,000 online merchants still hadn't installed it, according to researchers with Byte, a Netherlands-based company that hosts Magento-using websites. Now, the consequences of that inaction are beginning to be felt, as attackers from Russia and China launch exploits that allow them to gain complete control over vulnerable sites. "The vulnerability is actually comprised of a chain of several vulnerabilities that ultimately allow an unauthenticated attacker to execute PHP code on the Web server," Netanel Rubin, a malware and vulnerability researcher with security firm Checkpoint, wrote in a recent blog post. "The attacker bypasses all security mechanisms and gains control of the store and its complete database, allowing credit card theft or any other administrative access into the system." Read 7 remaining paragraphs | Comments

Read More...
posted 4 days ago on ars technica
Divers discovered bottles in a shipwreck off the Finnish Aland archipelago in the Baltic Sea in 2010. After tasting the bottles on site, the divers realized they were likely drinking century-old champagne. Soon after, 168 unlabeled bottles were retrieved and were identified as champagnes from the Veuve Clicquot Ponsardin (VCP), Heidsieck, and Juglar (known as Jacquesson since 1832) champagne houses. A few of the recovered bottles had been lying horizontal in close-to-perfect slow ageing conditions. Discovery of these wines, likely the oldest ever tasted, unleashed a flood of questions. When were these wines produced? What winemaking processes were in use at the time? Where was the wine going when the shipwreck occurred? An analytic approach A team of scientists gathered to search for the answers through the application of current analytical techniques, an approach called archaeochemistry. Using a combination of targeted and nontargeted modern chemical analytic approaches, the researchers aimed to uncover aspects of the winemaking practices. Read 14 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
LONDON—At its annual, somewhat exclusive Tech Day event, ARM has detailed its new high-performance CPU core: Cortex A72. In simple terms, the A72 is a faster, more efficient, and smaller version of the Cortex A57. The first 16nm FinFET mobile SoCs with the Cortex A72 CPU will likely ship in 2016, fabricated by TSMC. In the words of Mike Filippo, ARM's chief architect for Cortex A72, "Our focus on A72 was to achieve next-gen performance and pull a ton of power out of the design. We did that in spades." In more detailed terms, the Cortex A72 CPU pairs a three-wide, in-order front end with a five-wide, out-of-order back end (i.e. 8-issue). This is significantly wider than the A57, resulting in higher single-threaded performance. Along with the new architecture, ARM has "re-optimized every logical block from Cortex A57" to reduce power consumption and area (i.e. die size), which in turn reduces static power losses through leakage. Cortex A72 block diagram, with some enhancements highlighted ARM Drilling down into some of the more significant logical block changes: ARM says the A72 has a much better branch prediction, around 20 percent better than the A57. There's also a reworked 3-way L1 cache that's "almost as powerful as direct-mapped cache," and a much smaller (~10 percent) and reorganized dispatch unit. Read 8 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
Online game store Steam unlocked the hit game The Elder Scrolls V: Skyrim as a temporary, weekend-long freebie for all its users on Thursday, and the reason was so that fans might put their cash elsewhere. As of this morning, the game's Steam Workshop section, full of user-made content like mods, turned into a marketplace where creators and fans can assign prices to their creations and directly make cash—a first for the Steam service. Up until today, the Steam Workshop allowed fans to tinker with compatible games and upload their creations, additions, and updates for the sake of free downloads. What changed today is that those creators can now, after filling out a "tax interview" and providing a bank account that accepts US dollars, charge users whatever price they please for their new levels, their visual overhauls, and their flaming swords. A creator can still leave their wares on the service as freebies, or they can choose either a static price or a "pay what you want" structure. Should a buyer not be satisfied with a mod, they can request a refund within 24 hours of purchase. The Steam Workshop launched in 2011 as a way for fans to upload weapon and item designs for the game Team Fortress 2; Valve then chose its favorites, along with favorites as voted by fans, to be added to the official game, at which point DLC payments would go into those creators' pockets. Other non-Valve games include this "golden gate" user-generated sales functionality, as well, but Skyrim is the first—and currently only—Steam game where users can bypass the game's developers and sell their add-ons without any creative approval. (Should an unethical modder try selling other users' Skyrim creations via this updated Steam Workshop, they can file a DMCA Takedown Notice directly through Valve's site.) Read 4 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
Xiaomi The Mi 4i comes in white, blue, black, yellow, and pink. 9 more images in gallery .related-stories { display: none !important; } Last night, Xiaomi announced it's tackling the low-end phone market in India with a new product called the Mi 4i. It looks just a little like a certain Apple product, but the specs and pricing are what make this interesting. $205 (Rs.12,999) gets you a 5-inch 1080p LCD, an eight core, 64-bit Snapdragon 615, 2GB of RAM, 16GB of storage, a 13MP rear camera, 5MP front camera, dual SIM support, and—perhaps the most eye-popping stat—a 3,120mAh battery. Most companies only seem concerned with packing as big of a spec sheet into a phone as possible. The battery is often an afterthought (the Galaxy S6 has a 1440p screen and a 2550 mAh battery, while the Galaxy S5 had a bigger 2800mAh battery). The Mi 4i spec sheet strikes a balance we would like to see manufacturers hit more often—Xiaomi claims the device will last a day and a half. There's no telling how true that is until (unless?) we get our hands on one, which will be difficult since the device is only for sale in India. The company says it "put considerable effort into fitting the highest battery capacity possible" into the device, which, frankly, is something all OEMs should strive for. The size doesn't seem to have suffered too much. At 7.8mm thick, it's still in the range of the ~7mm iPhone 6 and much thinner than the 9mm iPhone 5c. Again, to all manufacturers out there, we will gladly trade thinness for battery. Read 4 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
Android Wear is getting a big update that enables a top-level app list, always-on apps, a hands-free scrolling gesture, and it's also enabling Wi-Fi support. Wi-Fi is coming not just in the software; a lot of existing devices will have their Wi-Fi functionality enabled—but not all of them. Every Android Wear smartwatch has a Wi-Fi chip, because they use smartphone SoCs. These all-in-one processors put the CPU, GPU, RAM, Wi-Fi, Bluetooth, GPS, and a bunch of other things on a single chip. Smartwatches that use these SoCs get all these features whether they need them or not, and things they don't need are disabled. Phandroid got in contact with most of the Android Wear OEMs to see which watches get Wi-Fi. The Moto 360, Sony SmartWatch 3, and LG's new Watch Urbane are in, while the Asus ZenWatch and early adopters of LG products—the LG G Watch and LG G Watch R—are being left out. Samsung, which made the Gear Live, hasn't responded. Read 1 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
A company that tracks customers as they walk through retail stores reached a settlement with the Federal Trade Commission this week after it found itself in regulatory cross-hairs for reneging on its promise to notify customers in-store that they could opt out of the tracking. Nomi Technologies (now known as Nomi Corporation after its merger with video intelligence company Brickstream in October) deploys sensors throughout a participating retail store or relies on existing Wi-Fi access points to collect the MAC addresses of all the smartphones in the area searching for a Wi-Fi signal. Nomi stores a “hashed” MAC address but keeps the hash unique to the phone so that if the customer returns to the store later, or visits another participating retail store, or even passes by a participating store, Nomi can track that device over time. According to the FTC complaint (PDF), in addition to collecting the MAC address hash, Nomi can also determine the phone's signal strength and the device manufacturer. It takes note of the phone's proximity to a sensor and the date and time that the phone is observed, as well. Add that all up and you get a pretty clear picture of who your customers are and how they shop, something that brick-and-mortar shops are eager to learn with more precision as they compete with online retailers. Read 11 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
Comcast is going to abandon its attempt to buy Time Warner Cable, with an announcement to be made as soon as tomorrow, Bloomberg reported today, citing anonymous sources. When asked if the report is accurate, a Comcast spokesperson told Ars, "we have no comment." "Comcast Corp. is planning to walk away from its proposed takeover of Time Warner Cable Inc., people with knowledge of the matter said, after regulators decided that the deal wouldn’t help consumers, making approval unlikely," Bloomberg wrote. Read 2 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
One of the caveats about Internet spaceship game Elite: Dangerous is that it requires players to be good at self-direction—there isn’t a substantial framework of guidance to point players in the right direction as they fight, trade, or explore their way to riches. However, it looks like that will change pretty significantly with the upcoming release of the "Power Play" expansion. The last of the game’s planned three major free expansions, "Power Play" takes the Elite: Dangerous background lore and GalNet news broadcasts—currently flavor text that can be mostly ignored—and elevates them into a central component of gameplay, transforming the game’s universe into a galactic chessboard of competing factions with which players can ally. Factions—called "Powers"—will offer missions to players, and players can fight, trade, or explore their way to higher influence within their chosen Power. In addition to gaining direct rewards like discounts on trade goods and ship upgrades, players will gain rank and influence within Powers commensurate with their participation. With enough influence, players will be able to directly affect what their Power does next. Each week, the major Powers goals will be assessed along with the next week’s goals set, and players with high rank will be able to have what Elite: Dangerous executive producer Michael Brookes calls "a lot of say" in what the Power does next. Read 4 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
Andrew Cunningham The App Store tab in the Apple Watch app offers a list of prominent apps but no other sorting or search options. 3 more images in gallery Look at the release notes for some recent iOS app updates, and you'll see that developers have quietly been adding Apple Watch support for a couple of weeks now. Today, Apple is officially taking the wraps off the Apple Watch arm of the App Store, and it's now accessible through the Apple Watch app on iPhones 5, 5C, 5S, 6, and 6 Plus running iOS 8.2 or 8.3. According to The Wall Street Journal, the store contains "more than 3,000" watch apps for early adopters to download, and many of those are from major players like Instagram, Twitter, Uber, The New York Times, Evernote, Wunderlist, and a variety of other media outlets and businesses. If you launch the Apple Watch app and go to the App Store tab, it presents you with a long list of major apps but, oddly, no apparent search function or any kind of organization. The apps are represented by their round Apple Watch icons, and if you tap them, you'll be able to see screenshots of the watch app above screenshots of the iPhone app. Remember, at this point all watch apps are contained within iPhone apps, and you install these apps to your phone rather than directly on your watch. The iPhone then takes care of the rest of the syncing. In the standard App Store, apps pick up a small round badge that tells you the app offers extra Apple Watch functionality. The iPhone screenshots are shown first, but the Apple Watch screenshots are shown below. At this point, searching through the main App Store is the best way to discover Apple Watch apps that aren't on Apple's list. Read 1 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
How far is too far when it comes to pushing the boundaries of virtual reality? As VR devices grow ever more sophisticated—and the tools to create software for them ever more accessible—where do we draw the line between what’s ethically acceptable in the real world and what’s ethically acceptable in the virtual world? One of the developers putting this question to the test is Australia-based Paranormal Games. Project Elysium, its entry into the upcoming Oculus VR Jam 2015, treads some shaky moral ground by promising to create a "personalized afterlife experience," reuniting people with loved ones who have passed on. Exactly how the developer hopes to do this isn’t clear at this point (it will be required to showcase screenshots by April 27, followed by video footage the week after to be eligible for the jam’s grand prize), although a screenshot from Project Elysium’s development does show a friend of the studio being transformed into a 3D model. Naturally, this raises more questions. Would potential users of Project Elysium have to send pictures and video of the deceased to the developer in order to have him or her mapped into the game? And what about that person’s personality? How much data would the developer need in order to create a realistic representation of that person rather than just a robotic and potentially distressing facsimile? Perhaps you'll be able to do it yourself, using a character editor a la Skyrim.  Read 3 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
Someone got your goat? If you have their cell number, you can now give them something to ruminate over: a stampede of goat messages from Goatattack.com, the latest in Internet prankery. Internet-based messaging is exploring some strange new worlds lately. Last week, we received a pitch from Boobsign.com, a site that has since been merged into the market-leading Tittygram in the great Russian mammary-based messaging consolidation of April 2015. And this week, we discovered Goatattack.com—the pinnacle of goat-pun based anonymous messaging platforms. Actually, it's the only goat-pun based anonymous messaging platform. For as little as 59 cents, you can use Goat Attack to send anonymous prank messages with images of goats and goat-related texts from multiple sources to the cell numbers of your friends and enemies. There's a 50¢ premium on custom messages, which can be appended to the barrage of pointless punnery the site blasts at your selected targets. Read 11 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
If you’re using a relatively recent, non-Apple, sold-in-the-US smartphone, odds are good that it contains some kind of Qualcomm SoC. From 2011 or so up until now, the company has used a potent combination of LTE modems and custom CPU and GPU architecture designs to shove most of its early competitors (Texas Instruments, Nvidia, and Samsung) to the margins or out of the business entirely. After a long string of successful flagships, the Snapdragon 810 has been a bit of a disappointment. At its best, it can be faster than the Snapdragon 800, 801, and 805 chips that it’s replacing. But the two 810-equipped phones we’ve used—HTC’s One M9 and LG’s G Flex 2—have definitely run hot, and performance slows down quickly as you use the phone. Throttling processor speed in smartphones, tablets, and laptops to avoid overheating is completely normal, but the 810 runs especially warm. More interestingly, Samsung’s Exynos 7420—a chip which uses the same combination of Cortex A53 and A57 CPU cores at roughly the same maximum clock speed—is much faster than the 810, and it holds up better during extended use. Read 18 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
Greetings, Arsians! Courtesy of our partners at TechBargains, the Dealmaster is here with a big list of deals for your consideration. The featured item this week is a PS4 bundle. It comes with the 500GB PS4, The Last of Us Remastered, a $100 Dell gift card, and Sony's Silver Playstation Headset. Why is Dell selling PS4s? We really have no idea. Featured Sony Playstation 4 Bundle with $100 Dell Gift Card, Last of Us Remastered & Sony Silver Headset for $399.99 (list price $509). Read 8 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
The Department of Justice isn't the only federal agency that appears to be skeptical of a merger of the nation's two largest cable companies. The Federal Communications Commission is reportedly close to a procedural move that would make it difficult for Comcast's purchase of Time Warner Cable to be approved. According to The Wall Street Journal, FCC staff has decided that the commission should issue a hearing designation order. "In effect, that would put the $45.2 billion merger in the hands of an administrative law judge, and would be seen as a strong sign the FCC doesn’t believe the deal is in the public interest," the Journal wrote, attributing the information to anonymous sources. "A hearing could be a drawn-out process, and some regulatory experts describe the procedure as a deal-killer, though Comcast would be entitled to make its case for the tie-up." The FCC hasn't announced its intentions for the Comcast/TWC deal. A commission spokesperson declined to comment when contacted by Ars, saying the merger is still under review. Read 10 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
A Tennessee father who followed his eight-year-old daughter to school with a drone has now decided to ground it in the wake of the attention his flight has garnered. According to WVLT, a Knoxville, Tennessee television station, Chris Early decided to launch a drone to monitor his child's walk to school after she requested that she be allowed to walk on her own. The move got some local media attention earlier this week, and other news sites picked up on it; Time magazine even dubbed him the “World's Most Embarrassing Dad.” Read 3 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
Archive.org/Ron Amadeo A gallery of YouTube's homepage design over the years. This homepage from 2005 kind of looks like Google. YouTube put search front and center with featured videos listed below. 10 more images in gallery .related-stories { display: none !important; } ars.AD.queue.push(["xrailTop", {sz:"300x250", kws:[], collapse: true}]);YouTube, the Web's de-facto video service, is turning 10 this year. The site has become so indispensable that it feels like a basic part of the Internet itself rather than a service that lives on top of it. YouTube is just the place to put videos, and it's used by everyone from individuals to billion-dollar companies. It's obvious to say, but YouTube revolutionized Web video. It made video uploading and playback almost as easy as uploading a picture, handled all the bandwidth costs, and it allowed anyone to embed those videos onto other sites. The scale of YouTube gets more breathtaking every year. It has a billion users in 61 languages, and 12 days of video are uploaded to the site every minute—that's almost 50 years of video every day. The site just continues growing. The number of hours watched on YouTube is up 50 percent from last year. It's easy to forget YouTube almost didn't make it. Survival for the site was a near-constant battle in the early days. The company not only fought the bandwidth monster, but it faced an army of lawyers from various media companies that all wanted to shut the video service down. But thanks to cash backing from Google, the site was able to fend off the lawyers. And by staying at the forefront of Web and server technology, YouTube managed to serve videos to the entire Internet without being bankrupted by bandwidth bills. Read 40 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
If we were to draw a schematic cartoon diagram of a subduction zone, it would include a diving oceanic plate, represented by a uniform slab. As the plate dove deeper, water driven off by the increasing heat might be shown with a blue arrow. And, of course, that water will create some blobs of red magma in the mantle between the two tectonic plates, as adding water lowers the melting point of the rock. But in reality, the subducting plate is not a uniform slab. An oceanic plate can be divided into a number of layers. On the top, there’s the ocean mud that slowly accumulated as the plate traveled from the mid-ocean ridge toward the subduction zone. Beneath that, you’ve got the basalt (and basalt’s larger-crystalled sibling, gabbro) that makes up the oceanic crust. At the bottom, there’s a layer of mantle rock that stuck to the plate as it slowly cooled over the course its long life beneath an ocean of water. Water is everywhere in this process; it soaks into the sediment and fills cracks in the rock, and it also works its way into the minerals themselves, becoming a part of them chemically. When an oceanic plate is subducting, the gradual warming as it sinks deeper into the hot Earth can drive off the water within the sediments and fractures, but the minerals can transform and give up their store of water as well. Read 11 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
Original creator of the Assassin’s Creed series and ex-Ubisoft creative director Patrice Désilets has unveiled Ancestors: The Humankind Odyssey, the first project to emerge from his indie studio Panache Digital Games. According to the studio’s website, Ancestors: The Humankind Odyssey will be a third-person action and adventure game with survival elements. As is becoming increasingly common, the game will also be released in an episodic format. Each episode promises to “relive the greatest moments of mankind with a documentary twist.” While few other details have been revealed, Désilets did show a brief teaser trailer during his talk at the Reboot Develop 2015 conference in Dubrovnik. The trailer (embedded below), runs through key moments in the evolution of mankind, from the present day to the dawn of civilization, including what appears to be the harnessing of fire and the creation of the first tools. Read 6 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
For several weeks, rumors have been circulating that a research group in China had performed the first targeted editing of DNA in human embryos. Today, the rumors were confirmed by the appearance of a paper in the journal Protein & Cell, describing genome editing performed at Sun Yat-sen University in Guangzhou, China. The paper shows that while the technique can work, it doesn't work very efficiently, suggesting there are a lot of hurdles between existing techniques and widespread genetic engineering of humanity. To avoid potential ethical issues, the researchers performed their experiments with embryos that had been fertilized by more than one sperm. While these are regular occurrences in in vitro fertilization procedures, the embryos are inviable and normally discarded. This prevented any chance that an edited embryo could somehow produce a viable, adult human. The work relied on the CRISPR-Cas9 system. This allows the researchers to inject DNA that encodes an enzyme and targeting RNA into a cell, which then cuts a specific DNA sequence (see the sidebar for details). The cut then typically gets repaired using DNA that looks similar. If researchers supply engineered DNA with regions of similarity at the same time as the enzyme, then the edited DNA can be used for repair, integrating it into the genome. Read 8 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
It looks like Microsoft is delivering its promised more regular Windows builds. The company just pushed out a new build to Fast Track users of the Windows 10 Technical Preview: build number 10061. Highlights of the new build are new Mail and Calendar apps, based on the same Universal Apps as the Windows 10 for phones apps released a couple of weeks ago, and more configurability of the operating system's appearance, including a new dark theme. The Continuum experience, used in tablet and hybrid devices, should also be improved. As with the other Technical Preview builds of Windows 10, this isn't yet ready as a daily driver operating system, and Microsoft describes a number of known issues in its release notes. Perhaps most substantial is that traditional Win32 desktop applications cannot currently be launched from the Start menu. They can be launched from icons pinned on the taskbar, or from search, but not from the menu itself. Read on Ars Technica | Comments

Read More...
posted 5 days ago on ars technica
Google just announced Project Fi, its new MVNO wireless service for the Nexus 6. Google hopes to shake up the industry with its control of the hardware, software, and network. It's sort of the Google Fiber approach: move into a market with a new pricing scheme and new technology and hope the pressure of competition makes the internet better for everyone. Project Fi (Wi-Fi + Sprint + T-Mobile ) Google Fi combines Sprint, T-Mobile, and Wi-Fi into a single network. This isn't Sprint or T-Mobile; it's Sprint and T-Mobile. You phone is subscribed to both networks and jumps between them, which means the Nexus 6 will be hopping from Wi-Fi to CDMA to GSM to LTE as the situation dictates. Calls, texts, and data can seamlessly switch between T-Mo, Sprint, and Wi-Fi, and calls and texts can be routed to any secondary devices that have Hangouts installed. You're allowed to tether, and your data plans work in over 120 countries, but only at 3G speeds. Google says they have "millions" of high-speed Wi-Fi hotspots across the country, and your connection to them is encrypted. The biggest downside is device selection: for now it only works on the Nexus 6. Read 16 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
Defunct startup Aereo fought a long legal battle against TV broadcasters, who argued that its scheme to use tiny antennas to broadcast TV over the Internet violated copyright laws. Last year, Aereo lost at the Supreme Court, where a majority of justices found that the company should be regulated like a cable system. That decision led to Aereo shutting down its business and later to Chapter 11 bankruptcy. All that's left is dividing up the company's meager assets, and that task is drawing to a close. Bloomberg reports that Aereo has agreed to pay $950,000 to the TV broadcasters that sued it, which include CBS, ABC, and Fox. That's about one percent of the $99 million the broadcasters believed they were entitled to, according to bankruptcy filings. Aereo wasn't worth anywhere near that much. Its assets were sold off in February for less than $2 million. Read 3 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
In an e-mail today to the Open Source Software Security (oss-security) mailing list, the maintainer of wireless network client code used by Android, the Linux and BSD Unix operating systems, and Windows Wi-Fi device drivers sent an urgent fix to a flaw that could allow attackers to crash devices or even potentially inject malicious software into their memory. The flaw could allow these sorts of attacks via a malicious wireless peer-to-peer network name. The vulnerability was discovered by the security team at Alibaba and reported to wpa_supplicant maintainer Jouni Malinen by the Google security team. The problem, Malinen wrote, is in how wpa_supplicant "uses SSID information parsed from management frames that create or update P2P peer entries" in the list of available networks. The vulnerability is similar in some ways to the Heartbleed vulnerability in that it doesn't properly check the length of transmitted data. But unlike Heartbleed, which let an attacker read contents out of memory from beyond what OpenSSL was supposed to allow, the wpa_supplicant vulnerability works both ways: it could expose contents of memory to an attacker, or allow the attacker to write new data to memory. That's because the code fails to check the length of incoming SSID information and writes information beyond the valid 32 octets of data to memory beyond the range it was allocated. SSID information "is transmitted in an element that has a 8-bit length field and potential maximum payload length of 255 octets," Malinen wrote, and the code "was not sufficiently verifying the payload length on one of the code paths using the SSID received from a peer device. This can result in copying arbitrary data from an attacker to a fixed length buffer of 32 bytes (i.e., a possible overflow of up to 223 bytes). The overflow can override a couple of variables in the struct, including a pointer that gets freed. In addition, about 150 bytes (the exact length depending on architecture) can be written beyond the end of the heap allocation." Read 2 remaining paragraphs | Comments

Read More...