posted 5 days ago on ars technica
US Rep. Marsha Blackburn (R-TN) and Senator Thom Tillis (R-N.C.) today filed legislation to overturn the municipal broadband decision the Federal Communications Commission made earlier in the day. The FCC today voted to preempt state laws in North Carolina and Tennessee that prevent municipal broadband providers from expanding outside their territories. “The FCC’s decision to grant the petitions of Chattanooga, Tennessee and Wilson, North Carolina is a troubling power grab,” Blackburn said in a press release. “States are sovereign entities that have Constitutional rights, which should be respected rather than trampled upon. They know best how to manage their limited taxpayer dollars and financial ventures. Ironically, they will now be burdened by the poor judgment of a federal government that is over $18 trillion in debt and clearly cannot manage its own affairs." Read 19 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
On Thursday, Twitter announced that its abuse-report system, which was recently refined to simplify and shorten the reporting process, has now expanded to allow users to report content such as self-harm incidents and "the sharing of private and confidential information" (aka doxing). The announcement, posted by Twitter Vice President of User Services Tina Bhatnagar, explained that December's report-process update was met with a "tripling" of the site's abuse support staff, which has led to a quintupling of abuse report processing. "While we review many more reports than ever before, we’ve been able to significantly reduce the average response time to a fraction of what it was, and we see this number continuing to drop," Bhatnagar wrote. Thursday's update also mentioned "several new enforcement actions for use against accounts that violate our rules." Sources at Twitter have confirmed to Ars Technica that one of the site's new enforcement actions will include a contact-information verification system—a first for the service. This means that in certain situations where users have been warned or temporarily banned but not permanently suspended, they will be instructed to provide either an e-mail address or phone number to return to the service. Ars was told that for the time being, this verification wouldn't be applied to every warning or temporary ban. Read 1 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
This week a nonprofit group filed a complaint (PDF) with the Federal Trade Commission asking it to investigate Samsung for violating its customers' privacy with its voice recording feature on its Samsung smart TVs. “Samsung routinely intercepts and records the private communications of consumers in their homes,” the Electronic Privacy Information Center (EPIC) wrote. “Samsung’s attempts to disclaim its intrusive surveillance activities by means of a 'privacy notice' do not diminish the harm to American consumers.” In an e-mail Samsung told Ars, “The claims made by EPIC are not correct and do not reflect the actual features of our Smart TV. Samsung takes consumer privacy very seriously and our products are designed with privacy in mind." Read 4 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
The Senate Judiciary Committee unanimously voted today to make Michelle Lee, formerly Google's patent chief, the director of the US Patent and Trademark Office (USPTO). She still has to be confirmed by the full Senate, but that shouldn't be a problem after the smooth committee vote. USPTO directors have come from the tech sector before—the last director, David Kappos, was a top lawyer at IBM. But Lee's appointment marks the first time someone with a background from an Internet-focused company will take the helm at USPTO. While she was at Google, Lee became one of the most outspoken corporate lawyers on the problem of "patent trolls" plaguing the system with their lawsuits. She's already been the unofficial boss for two years, serving as "interim director" while the office waited for the White House to appoint someone. In June of last year, rumors started to trickle out of Washington that the White House was set to nominate Philip Johnson, a Johnson & Johnson lawyer. That suggestion sparked a major backlash among tech reformers. Nominating Johnson seemed like pouring salt in the wound, since tech was still smarting from the failure to pass a patent reform bill. Big pharma companies were key opponents of reform, and Johnson personally spoke out about some of the changes tech reformers were seeking. Read 4 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
If there's anything I regret about our recent trip to Munich, it's that I didn't get a chance to see more of the city. Unfortunately, the constraints of production and travel timing meant I only had three days on the ground before I returned home, 10 to 12 hours of each of those three days were spent filming and conducting interviews with the scientists and researchers we were there to see. Consequently, I've got a lot of pictures of the composite manufacturing lab to share! Research center director Carlos Härtel shows us the all-carbon fiber "maypole" in the center's lobby. 15 more images in gallery .related-stories { display: none !important; } As far as Munich proper—München, if you're a local—the few spare hours we had weren't enough to do more than the most superficial bit of looking around. Still, we walked, saw Marienplatz and the Ratskeller, rode the subway, and snagged as many pictures as we could. I'll have more to say about my final Munich impressions in my next blog post, but here are some of our images from around town. A quick trip on an unrestricted section of the Autobahn in our rental car. Crazy speeding Americans coming through! 17 more images in gallery .related-stories { display: none !important; } Read on Ars Technica | Comments

Read More...
posted 5 days ago on ars technica
Verizon is just so mad at the Federal Communications Commission today that a normal press release wouldn't do. After all, Verizon issues so many press releases denouncing the FCC for trying to regulate telecommunications that today's vote on net neutrality required a special one to make sure it would be remembered. So Verizon wrote it in Morse code and set the date as "1934" to make the point that the FCC is taking us backward in time. Verizon sent out the press release in this e-mail: Read 6 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
LONDON—Today, I got to play around with Europe's (and probably the world's) fastest LTE network: when I opened up Speedtest.net, depending on how many people were standing in the room, my download speed was between 350 and 400Mbps, my upload speed was around 45Mbps, and my ping latency was just 20ms. Funny enough, beyond Speedtest.net, it is actually quite hard to use 400Mbps of bandwidth. When I loaded up a 4K video from YouTube, I only used around 40Mbps, or 10 percent, of my wireless uber-pipe. Ars Technica certainly loaded very quickly indeed. As it stands today, there are very few websites or services that will let you pull data down at 400Mbps, or where being able to download at 400Mbps even makes much sense. If we've learned anything from the last few decades of telecoms and networking, however, it's that Internet usage will always expand until every last inch of available bandwidth is consumed. So while 400Mbps might seem a little bit over the top today, in five years you'll probably wonder how you ever survived with anything less. For some background, I had a 400Mbps LTE connection at my disposal because I had been invited to Wembley Stadium in London to try out the first deployment of Category 9 LTE in the UK. It was a "live" deployment in that it used commercially available hardware, but it was still very much tech demo—the Cat 9 base station only covered a small portion of the stadium, and there were only a handful of devices in the world configured to connect to this specific LTE network. The LTE network was operated by EE (one of the UK's big four wireless carriers), the LTE base station was made by Huawei, and the mobile device that I used was a smartphone powered by the Qualcomm Snapdragon 810 SoC. Read 4 remaining paragraphs | Comments

Read More...
posted 5 days ago on ars technica
On Thursday, Facebook's official "Diversity" account announced another sweeping change to the gender selection on users' profiles. Starting today, users of Facebook's English sites can type pretty much whatever they want into a custom box. "We recognize that some people face challenges sharing their true gender identity with others, and this setting gives people the ability to express themselves in an authentic way," the unnamed Diversity account holder said. This change follows in the footsteps of Facebook's decision last year to expand its gender options, which were previously limited to male, female, or no response. Just like the last update, users must type their preferred gender descriptor after choosing "other," and Facebook will suggest terms from its prior list like "androgynous" and "gender fluid." However, if users want to type in their own descriptor, they can now do so—and then choose whether that descriptor is shown publicly, to friends, or privately. Users can also still choose a preferred pronoun: him, her, or they/them. Read 2 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
The likelihood that the US will suffer from a "catastrophic" cyber attack is unlikely, the nation's top intelligence officer said Thursday. Instead, the country will be peppered with "low-to-moderate level cyber attacks," James Clapper, the director of national intelligence, told the Senate Armed Services Committee on Thursday. Director of National Intelligence James Clapper. "Cyber threats to US national and economic security are increasing in frequency, scale, sophistication, and severity of impact," according to the "Worldwide Threat Assessment of the US Intelligence Community" (PDF) report that Clapper presented to lawmakers. "Rather than a 'Cyber Armageddon' scenario that debilitates the entire US infrastructure, we envision something different. We foresee an ongoing series of low-to-moderate level cyber attacks from a variety of sources over time, which will impose cumulative costs on US economic competitiveness and national security." Listing cyber attacks as the leading threat to national security over terrorism, the report said the government's "unclassified" IT systems supporting military, commercial, and social activities "remain vulnerable to espionage and/or disruption." The top nation-states where the threats are coming from include China, Iran, North Korea, and Russia, the report said. Read 2 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
Wednesday's hijacking of the Lenovo.com domain name and interception of the company's e-mail was pulled off by first hacking Web Commerce Communications, the registrar that procured the Lenovo address, security journalist Brian Krebs reported. In a post published Wednesday night, KrebsOnSecurity cited hackers Ryan King and Rory Andrew Godfrey as saying that the compromise of the Malaysia-based registrar was carried out by members of the fame-seeking group Lizard Squad. That's the same group connected to the Lenovo attack, since Web links to a Twitter account belonging to Lizard Squad members were embedded in the spoofed Lenovo website. Krebs wrote: Reached via instant message, both King and Godfrey said the Lizard Squad used a command injection vulnerability in Webnic.cc to upload a rootkit—a set of hacking tools that hide the intruder’s presence on a compromised system and give the attacker persistent access to that system. Webnic.cc is currently inaccessible. A woman who answered the phone at the company’s technical operations center in Kuala Lumpur acknowledged the outage but said Webnic doesn’t have any additional information to share at this time. “We’re still in the investigation stage,” said Eevon Soh, a Webnic customer support technician. It appears the intruders were able to leverage their access at Webnic.cc to alter the domain name system (DNS) records for the Google and Lenovo domains, effectively giving them the ability to redirect the legitimate traffic away from the domains to other servers—including those under the attackers’ control. The Lenovo.com hijacking was foiled in the early stages thanks to the vigilance of engineers at CloudFlare, a service that helps improve the performance and security of websites. Armed with control over the Lenovo domain, the attackers transferred its registration to redirect to CloudFlare nameservers. The CloudFlare engineers spotted the abnormality and quickly returned control of the domain to its rightful owner. With the hijacking foiled, the attackers tweeted what appeared to be a valid code that authorizes the transfer of a domain from one registrar to another. The attackers reportedly carried out a similar hijacking of a Google domain name earlier this week. Read on Ars Technica | Comments

Read More...
posted 6 days ago on ars technica
The Federal Communications Commission today voted to enforce net neutrality rules that prevent Internet providers—including cellular carriers—from blocking or throttling traffic or giving priority to Web services in exchange for payment. The most controversial part of the FCC's decision reclassifies fixed and mobile broadband as a telecommunications service, with providers to be regulated as common carriers under Title II of the Communications Act. This brings Internet service under the same type of regulatory regime faced by wireline telephone service and mobile voice, though the FCC is forbearing from stricter utility-style rules that it could also apply under Title II. The decision comes after a year of intense public interest, with the FCC receiving four million public comments from companies, trade associations, advocacy groups, and individuals. President Obama weighed in too, asking the FCC to adopt the rules using Title II as the legal underpinning. The vote was 3-2, with Democrats voting in favor and Republicans against. Read 29 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
My hometown of Houston isn’t much of a taxi city. If you live here, you own a car; if you’re visiting here, you rent a car. But between trips to Chicago and Vegas and other places in the US, I end up spending probably a thousand bucks a year on taxis in various big US cities (and it feels like 50 percent of that is during CES in Vegas). A taxi ride in a major US city usually means a ride in a broken-down Ford Crown Victoria or other fleet-class car, festooned inside with stickers, pamphlets, and flyers. There’s probably a plexiglass shield between you and the driver. The fare meter and credit card machine—if there even is one—look like they were installed haphazardly and are hanging on with zip ties and prayer. The ride can often be terrible, and there’s a decent chance your cab driver will be carrying on a conversation on his cell phone the whole time—or even multiple conversations on multiple cell phones. Munich, by contrast, has the nicest cabs I’ve ever seen in my life. Read 6 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
Take a trip into the future. From time to time, Microsoft produces attractive and compelling videos presenting its vision of the future: a world in which technology is seamlessly integrated into the world around us, making everything better and more convenient. The latest productivity vision (via The Verge) shows us a few days in the life of Kat, a marine biologist, and Lola, a corporate executive, working together to make kelp seem exciting and futuristic. As has been the theme with many of Microsoft's other visions of the future, few people work at anything resembling a normal computer. Instead, everything is a touch screen. Thin bracelet-screens stick together to make bigger screens which can then be used to reschedule meetings and book coworking spaces. Desks, glass walls, and even foldable, flexible sheets all become screens without any obvious power supply or electronics. Read 3 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
Apple will be hosting an event on March 9 at the Yerba Buena Center for the Arts theater in San Francisco. The invitation invites attendees to "spring forward," and given the reference to the beginning of Daylight Savings Time on March 8 and the proximity to April, it's a fair bet that the event will involve the Apple Watch.  Expect to hear final details about the Apple Watch, including more about its software, its battery life, and pricing for more models and bands. Apple often announces more than one product at these events, so some new Broadwell Macs could also be fair game. Read 1 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
Two years ago, a small group of engineers from a company called RF Digital launched a Kickstarter campaign for the RFduino, a Bluetooth Low Energy (BLE) 4.0-enabled embedded controller that would be compatible with the open-source Arduino platform. The RFduino got significant traction with both hobbyists and major corporations as a development platform for everything from one-of-a-kind "maker" projects to prototypes for Internet of Things applications. But while RDduino eased the hardware development path for wirelessly connected devices, RFduino developers still faced another problem faced by all hardware developers: building applications for iOS or Android and getting them through the app approval process. That chokepoint in device development was part of the inspiration for RF Digital's next big (or small, actually) thing. A new custom chip designed by RF Digital called Simblee makes it possible for device developers to embed mobile application behaviors in their devices themselves, passing interface information over BLE to a generic framework Simblee app on the mobile device. The result is that developers don't have to write a single line of Swift, Xcode, or Android code to produce working applications for their inventions, and they don't have to wait for Apple's or Google's app store to approve each individual app. But Simblee does more than just ease the development path. The device's extremely low connection latency and its timing accuracy give it potential applications in everything from wearable medical devices to gaming to industrial applications. It also provides an easy onramp for developers to build Internet of Things applications. And it's so small and inexpensive that it can be embedded in a wide variety of objects, like toys, store shelves, restaurant tables, and aircraft engines. Read 10 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
The California man behind the revenge porn website IsAnyoneUp.com has pleaded guilty to one count of “unauthorized access to a protected computer” and one count of “aggravated identity theft.” In a statement released Wednesday, federal prosecutors in Los Angeles said that Hunter Moore will face a minimum of two years behind bars, with a maximum of seven years. His sentencing hearing has not been scheduled. Moore didn't just post nude pictures that readers sent him. Prosecutors say that Moore paid a co-conspirator, Charles Evens, to trick women to give up access to their e-mail accounts in an effort to find such images. Read 3 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
The Federal Communications Commission today voted to preempt state laws in North Carolina and Tennessee that prevent municipal broadband providers from expanding outside their territories. The action is a year in the making. FCC Chairman Tom Wheeler announced in February 2014 his intention to override state laws designed to protect private cable companies and telcos from public sector competition. Wheeler took his cue from the federal appeals court ruling that overturned net neutrality rules; tucked away in that decision was one judge's opinion that the FCC has the authority to preempt "state laws that prohibit municipalities from creating their own broadband infrastructure to compete against private companies." Nineteen states have such laws, often passed at the behest of private Internet service providers that didn't want to face competition. Communities in two of the states asked the FCC to take action. The City of Wilson, North Carolina and the Electric Power Board (EPB) of Chattanooga, Tennessee filed the petitions that led to today's FCC action. Each offers broadband service to residents and received requests for service from people in nearby towns, but they alleged that state laws made it difficult or impossible for them to expand. Read 20 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
Microsoft and Lionhead Studios are getting behind free-to-play gaming in a big way this morning, announcing that Fable Legends will use the somewhat infamous business model when the game launches on Xbox One and PC later this year (though Xbox One players will still need an Xbox Live Gold account for the multiplayer-only title). This isn't a case of a limited free portion as a teaser for more extensive paid DLC, either. Lionhead says all of the game's stories and quests will be included in the free version, and players will be able to "play through it beginning-to-end without having to spend any money... you’ll be able to earn everything that affects gameplay." Much like free-to-play hit League of Legends, Fable Legends will rotate a limited selection of free heroes in and out of availability. Players will have to pay for more permanent access to a specific character once it rotates out, but progression will stick with even free heroes for when they rotate back in. Players taking on the "Villain" side of the game's four-on-one gameplay structure will be able to use a selection of free minions on each map, and they can also purchase extra "non-native" minions with real money or with currency earned through gameplay. Read 3 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
For decades after Linux's early '90s debut, even the hardest of hardcore boosters for the open source operating system had to admit that it couldn't really compete in one important area of software: gaming. "Back in around 2010 you only had two choices for gaming on Linux," Che Dean, editor of Linux gaming news site Rootgamer recalls. "Play the few open source titles, Super Tux Kart and so on, or use WINE to play your Windows titles." Ask anyone who was involved in the relatively tiny Linux gaming scene before this decade, and you'll get a similar response. "For a long time, it was just me porting games, and I did my best, but an industry that has an employee pool of one isn't a big industry," said veteran Linux programmer Ryan C. Gordon, who has worked on over 75 Linux gaming ports over the last 15 years. "It was slow for years on end with only a few decent commercial releases becoming available," Gaming on Linux site editor Liam Dawe agreed. That began to slowly change around 2010, when The Humble Indie Bundle launched with an insistence that every included game come with a Linux option (thanks in no small part to the fact that Linux players were some of the most generous in the bundle's pay-what-you-want scheme). It also didn't hurt when services like Desura and Ubuntu Software Center appeared around the same time, giving Linux gamers a few user-friendly centralized repositories to purchase and organize their games. Read 29 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
(video link) Nostalgia is a powerful thing. It’s the driving force behind the continued existence of ‘50s radio stations, drive-ins, and other monuments to Baby Boomers. But as Gen Xers like me find ourselves locking eyes with the unblinking gaze of middle age, nostalgia has an ever-growing hold on us as well. Some of that I could live without—I'd rather not hear Human League's "(Keep Feeling) Fascination" while I'm grocery shopping. But nostalgia does have one upside: the revival of the arcade. I spent much of the early ‘80s dropping quarter after quarter into the likes of Gorf, Crazy Climber, Donkey Kong, Ms. Pac-Man, Moon Cresta, and many others. And today in the mid-2010s of Chicagoland, I can revisit my misspent youth by dropping by Wicker Park barcade Emporium or Brookfield’s massive Galloping Ghost Arcade. And now there’s a third arcade-themed destination around these parts: Namco’s Level 257. Namco describes Level 257 as a “a brand new restaurant and entertainment destination inspired by Pac-Man.” With the restaurant opening up for “beta testing” this week in advance of the grand opening in mid-March, I grabbed my 15-year-old daughter and 11-year-old son (who has gladly accompanied me on visits to Galloping Ghost), and we drove out to the sprawling Woodfield Mall in the Chicago suburb of Schaumburg. Read 21 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
Someone who knows things about us has some measure of control over us, and someone who knows everything about us has a lot of control over us. Surveillance facilitates control. Manipulation doesn’t have to involve overt advertising. It can be product placement that makes sure you see pictures that have a certain brand of car in the background. Or just increasing how often you see those cars. This is, essentially, the business model of search engines. In their early days, there was talk about how an advertiser could pay for better placement in search results. After public outcry and subsequent guidance from the FTC, search engines visually differentiated between “natural” results by algorithm, and paid results. So now you get paid search results in Google framed in yellow, and paid search results in Bing framed in pale blue. This worked for a while, but recently the trend has shifted back. Google is now accepting money to insert particular URLs into search results, and not just in the separate advertising areas. We don’t know how extensive this is, but the FTC is again taking an interest. When you’re scrolling through your Facebook feed, you don’t see every post by every friend; what you see has been selected by an automatic algorithm that’s not made public. But someone can pay to increase the likelihood that their friends or fans will see their posts. Corporations paying for placement is a big part of how Facebook makes its money. Similarly, a lot of those links to additional articles at the bottom of news pages are paid placements. Read 7 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
It's starting to look like Superfish and other software containing the same HTTPS-breaking code library posed more than a merely theoretical danger to Internet users. For the first time, researchers have uncovered evidence suggesting the critical weakness was exploited against real people visiting real sites, including Gmail, Amazon, eBay, Twitter, and Gpg4Win.org, to name just a few. As Ars reported one week ago, ad-injecting software preinstalled on some Lenovo laptops caused most browsers to trust fraudulent secure sockets layer certificates. The software was called Superfish. In the coming days, security researchers unearthed more than a dozen other apps that posed the same threat. The common thread among all the titles was a code library provided by an Israel-based company called Komodia. The Komodia library modified a PC's network stack by adding a new root Certificate Authority certificate. Poor choices in both the way the certificate and underlying code were designed caused most browsers to trust fraudulent certificates that otherwise would have generated warnings. Flagrantly fraudulent certificates got a pass as long as they (a) contained the same easily extracted private key baked into the app or (b) contained the name of the targeted website in certificate's alternate name field. Malicious hackers could exploit this failure to masquerade as secure pages for Bank of America, Google, or any other website on the Internet. As a result, attackers had an easy way to wage man-in-the-middle attacks against otherwise secure HTTPS connections. Read 4 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
In the second day of a high-profile gender discrimination trial against a top Silicon Valley venture capitalist firm, two former colleagues of plaintiff Ellen Pao were called to the stand. Pao's former coworkers, Chi-Hua Chien and Amol Deshpande, both worked as junior partners at Kleiner Perkins Caufield Byers while Pao was there. They both received promotions, while she did not. Chien was singled out in Pao’s lawsuit for having excluded Pao from a number of all-male events. According to the 2012 complaint, Chien organized a party at Al Gore's San Francisco condo, which was located in the same building where Pao lived, and didn’t invite Pao. Pao says that on the night of the party, she ran into Mike McCue, the CEO of news-app Flipboard, with whom Pao had worked closely, as he walked into the building, causing her to have to tell him that she wasn’t invited to the party he was attending. Read 14 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
You'd think that over a century after Svante Arrhenius described the greenhouse effect, we'd be done arguing about it. After all, as Arrhenius suggested, the Earth would be an icy place without it, and there'd be no explaining the hellish temperatures on Venus, either. Yet you often see people claiming that carbon dioxide's role in greenhouse warming is already maxed out—people that include a well credentialed physicist. The simplest thing to do, then, would just be to measure it. If rising levels of carbon dioxide were absorbing more infrared radiation, it should be possible to detect it. And that's now been done, using a decade's worth of data taken at two different sites. The results show, to very few people's surprise, that carbon dioxide's greenhouse impact is alive and well. Attempts have been made to directly measure the impact of rising CO2 before. But the challenge comes from tracking changes. The amount of the gas in the atmosphere varies substantially with the seasons (it dips in the spring as deciduous trees use it to grow leaves), and can be swamped by temporary events like hot, humid weather. So, to detect any trend, you need long-term data. Satellite measurements that cover sufficient lengths of time require data from instruments on different vehicles, complicating the analysis. Read 6 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
Almost a week after revelations surfaced that Lenovo preinstalled dangerous ad-injecting software on consumer laptops, attackers took complete control of the company's valuable Lenovo.com domain name, a coup that allowed them to intercept the PC maker's e-mail and impersonate its Web pages. The hijacking was the result of someone compromising a Lenovo account at domain registrar Web Commerce Communications, and changing the IP address that gets called when people typed Lenovo.com into their Web browsers or e-mail applications. As a result, the legitimate Lenovo servers were bypassed and replaced with one that was controlled by the attackers. Marc Rogers, a principal security researcher at content delivery network CloudFlare, told Ars the new IP address pointed to a site hosted behind his company's name servers. CloudFlare has seized the customer's account, and at the time this post was being prepared, company engineers were working to help Lenovo restore normal e-mail and website operations. "We took control as soon as we found out (minutes after it happened) and are now working with Lenovo to restore service," Rogers said. "All we saw was the domain come in to us, at which point we took immediate action to protect them and their service." Read 6 remaining paragraphs | Comments

Read More...