posted 6 days ago on ars technica
More than one million websites that run on the WordPress content management application run the risk on being completely hijacked by attackers exploiting critical vulnerability in most versions of a plugin called WP-Slimstat. Versions prior to the recently released Slimstat 3.9.6 contain a readily guessable key that's used to sign data sent to and from visiting end-user computers, according to a blog post published Tuesday by Web security firm Sucuri. The result is a SQL injection vector that can be used to extract highly sensitive data, including encrypted passwords and the encryption keys used to remotely administer websites. "If your website uses a vulnerable version of the plugin, you’re at risk," Marc-Alexandre Montpas, a senior vulnerability researcher at Sucuri, wrote. "Successful exploitation of this bug could lead to Blind SQL Injection attacks, which means an attacker could grab sensitive information from your database, including username, (hashed) passwords and, in certain configurations, WordPress Secret Keys (which could result in a total site takeover)." Read 2 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
AMD has unveiled some of the first details of its Carrizo system-on-chip. The processor is the latest iteration of AMD's accelerated processing unit (APU) concept, pairing a CPU with a tightly integrated GPU. The CPU portion of Carrizo is AMD's latest iteration of its Bulldozer family. This version is called Excavator, with Carrizo having two Excavator modules providing four cores. Currently, not much is known about Excavator, aside from having larger caches: the level 1 data cache has been doubled in size to 32KB per core. Compared to the previous iteration of the design, Steamroller, performance is up about 5 percent at the same clock speed. The GPU portion has similarly been updated; Carrizo uses 8 cores using the Tonga design, which made its debut in the Radeon R9 285. This is version 1.2 of AMD's Graphics Core Next architecture. It supports the forthcoming DirectX 12 and AMD's own Mantle API, and also heterogeneous system architecture (HSA) 1.0. Read 9 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
The boom in US natural gas production made possible by fracking techniques has raised an awkward question: how much is leaking to the atmosphere before reaching a power plant turbine or your furnace? Natural gas power plants are more efficient than coal-burning plants and emit much less CO2. But methane is a potent, though short-lived, greenhouse gas, so the exact benefit of that trade off depends on the level of leaks from wells and pipelines. The EPA produces estimates of leakage calculated using limited measurements of typical equipment and production practices. Those estimates put natural gas leakage in the neighborhood of one percent of production— low enough to ensure that the shale gas (fracking) boom is a net positive in terms of climate-changing emissions. A major study sampling new shale gas wells showed that the EPA estimates for well leakage did a pretty good job—at least for those newer wells. Much has been made, however, of several studies that took a different approach and got very different results. Those studies used methane measurements made from a NOAA airplane upwind and downwind of shale gas fields. At a field outside Denver, that yielded an estimate of 3.1 to 5.3 percent leakage. At a Utah field, leakage was estimated at between 6.2 and 11.7 percent. Near Los Angeles, a leakage rate of 12-22 percent was calculated. Read 8 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
Several months after reddit found itself at the center of a controversy involving stolen celebrity nude photos, the site has changed its policy regarding nudity. As of March 10, any photos posted without permission of those photographed will be banned. The change was announced today in a short statement signed by executives and "the reddit team," which also mentions new hires and other changes. It alludes to reddit's failure to act promptly when unruly users in a few subreddits continued to post links to nude photos of Jennifer Lawrence, Kate Upton, and other celebrities. The statement reads: Last year, we missed a chance to be a leader in social media when it comes to protecting your privacy—something we’ve cared deeply about since reddit’s inception. At our recent all hands company meeting, this was something that we all, as a company, decided we needed to address. No matter who you are, if a photograph, video, or digital image of you in a state of nudity, sexual excitement, or engaged in any act of sexual conduct, is posted or linked to on reddit without your permission, it is prohibited on reddit. We also recognize that violent personalized images are a form of harassment that we do not tolerate and we will remove them when notified. As usual, the revised Privacy Policy will go into effect in two weeks, on March 10, 2015. A new section in reddit's privacy policy called "involuntary pornography" explains that anyone who believes such images have been posted without their consent should email contact@reddit.com "and we will expedite its removal as quickly as possible." Read 3 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
In the New York City of the late 1970s, things looked bad. The city government was bankrupt, urban blight was rampant, and crime was high. But people still went to the city every day because that was where everything was happening. And despite the foreboding feelings hanging over New York at the time, the vast majority of those people had at most minor brushes with crime. Today, we all dabble in some place that looks a lot like 1970s New York City—the Internet. (For those needing a more recent simile, think the Baltimore of The Wire). Low-level crime remains rampant, while increasingly sophisticated crime syndicates go after big scores. There is a cacophony of hateful speech, vice of every kind (see Rule 34), and policemen of various sorts trying to keep a lid on all of it—or at least, trying to keep the chaos away from most law-abiding citizens. But people still use the Internet every day, though the ones who consider themselves "street smart" do so with varying levels of defenses installed. Things sort of work. An actual brochure created by the police union in New York City during the 1970s as part of a campaign to stave off job cuts. Just like 1970s New York, however, there's a pervasive feeling that everything could go completely to hell with the slightest push—into a place to be escaped from with the aid of a digital Snake Plisskin. In other words, the Internet might soon look less like 1970s New York and more like 1990s Mogadishu: warring factions destroying the most fundamental of services, "security zones" reducing or eliminating free movement, and security costs making it prohibitive for anyone but the most well-funded operations to do business without becoming a "soft target" for political or economic gain. Read 44 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
Evgeniy Mikhailovich Bogachev. FBI The Justice Department announced Tuesday a reward of up to $3 million leading to the arrest and/or conviction of the alleged leader of "a tightly knit gang of cybercriminals" who developed the Gameover ZeuS botnet. Gameover ZeuS siphons passwords to online banking sites from Microsoft Windows computers. The authorities are offering the reward for Evgeniy Mikhailovich Bogachev, accused of various charges in connection to the botnet. The authorities said the botnet infected more than 1 million computers and resulted in $100 million in losses. Read 3 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
On Tuesday, a Twitter and YouTube user who had spent months posting disturbing content under the alias "Jace Conners" revealed his true identity, but not to apologize for the nasty, GamerGate-related stuff he'd sent to game makers such as Brianna Wu. Rather, 20-year-old Maine resident Jan Rankowski came clean with a statement that would make Alanis Morissette's head spin: his videos had been a "joke" all along, and now he's the one suffering a wave of anonymous Internet harassment. Rankowski confirmed his identity to Buzzfeed in a lengthy interview, in which he alleged that he's been subjected to the types of messages and nuisances common to recent online doxings. According to Rankowski, that activity has included "nasty things" being said in phone calls to his old high school and his current place of work, along with "a letter in the mail with a picture of me from my high school yearbook… It said I shouldn’t have fucked with 8chan.” He claimed that the harassment began after he posted his weirdest GamerGate-related video to date, in which Rankowski kicked and shouted—complete with racist epithets—at a Prius that had flipped over on a road. The video concluded with a text-loaded slideshow that alleged that game maker Brianna Wu, a frequent target of recent anonymous harassment, was somehow responsible for the car flipping over—and that she had done so to prevent Rankowski from driving to her house "to expose her as a corrupt gamer." The video went on to announce the beginning of an effort known as "Wu-pocalypse" to "discredit the [social justice warrior] people online." Read 6 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
A Democrat on the Federal Communications Commission reportedly objects to a portion of the FCC's net neutrality order, potentially paving the way for a last-minute change to preserve the Democratic majority expected to vote in favor of the plan. According to The Hill's sources, Commissioner Mignon Clyburn objects to part of the order covering the relationship between Internet service providers like Comcast and "edge providers," companies that build websites or deliver content and applications over the Internet. Clyburn apparently shares the legal concerns of Google, advocacy groups such as Free Press and the Open Technology Institute, and even AT&T. FCC Chairman Tom Wheeler's plan would classify the relationship between ISPs and edge providers as a common carrier service in order to assert jurisdiction over interconnection or "peering" disputes. But some net neutrality advocates and opponents alike say there isn't a "service" offered to edge providers, that the only service ISPs offer is to Internet users. Read 6 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
Telltale is going a bit outside of its traditional adventure game box for its next foray into interactive storytelling. The studio behind episodic gaming hits like The Walking Dead, Game of Thrones, and The Wolf Among Us has teamed up with film and TV studio Lionsgate (Orange is the New Black) to develop a "Super Show" hybrid combining a traditional TV show with episodic adventure gaming. Each episode of the Super Show will "combine one part of interactive playable content with one part of scripted television style content," as Telltale CEO Kevin Bruner put it in an announcement interview with Entertainment Weekly. The hybrid episodes will be released together in a package that can be played/watched in either order, though the second portion you experience will be altered based on your experience with the first. "If you play the interactive episode first, certain elements of the scripted episode portion will be tailored to reflect some choices made in your interactive play through," Bruner said. "If you watch the show before playing, some elements in the interactive portions may be presented differently than if you played first." Read 4 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
Defense Distributed, the group that pioneered 3D printed firearms in 2013, informed its customers on Tuesday that FedEx has refused to ship the company’s latest product, a computer-numerically-controlled (CNC) mill—dubbed the "Ghost Gunner." “I've got an account with another courier, but FedEx is bewildering because the reason I started with them in the first place was their [National Rifle Association] advantage program,” the company’s founder, Cody Wilson, told Ars by text message. FedEx did not immediately respond to Ars’ request for comment, but spokesman Scott Fiedler told Wired on Tuesday: Read 20 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
On Tuesday, Dredd film producer Adi Shankar and Torque Director Joseph Kahn posted the violent, vulgarity-laden sci-fi series reboot you never knew you wanted: The Mighty Morphin' Power Rangers are back. Well, kind of. Katee Sackhoff, best known to sci-fi fans as Starbuck from last decade's Battlestar Galactica reboot, stars as Kimberly "Pink Ranger" Hart in a 12-minute short film that was posted to Vimeo and YouTube earlier this morning. (The Vimeo cut has since been pulled, and it was described as the "gorier" version, so, start hunting!) Titled POWER/RANGER—because that styling worked so well for FACE/OFF—the film sees Sackoff being interrogated by James Van Der Beek (who also apparently co-wrote) while he recalls the grisly fates of other Rangers. Karate, robots, guns, swords, and blood ensue, and the results are slick enough for us to feel weirdly comfortable recommending that you watch it. Read 2 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
CBS4-Denver What do you do if you're a revenge porn site operator and the Federal Trade Commission has barred you from publishing nude images of people without their consent? You demand that Google remove from its search engine links to news accounts about the FTC's action and other related stories, citing "unauthorized use of photos of me and other related information." Craig Brittain—the former operator of revenge porn site IsAnybodyDown.com—is invoking the Digital Millennium Copyright Act (DMCA) in a bid to remove 23 links in all—an irony-filled DMCA takedown request that Google is ignoring. One of the links renders the FTC's press release in January about its enforcement against Brittain. Another is a link to Ars' story about the FTC's move: "Sleazy 'revenge porn' site is banished to settle federal charges." Read 6 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
There are three buzzwords that, if we had our way, would be stricken completely from the world: "cloud," "the Internet of Things," and "big data." Each of them was coined in an attempt to elegantly capture a complex concept, and each of them fails miserably. "Cloud" is a wreck of a term that has no fixed definition (with the closest usually being "someone else’s servers"); "Internet of Things" is so terrible and uninformative that its usage should be punishable by death; and then there’s "big data," which doesn’t appear to actually mean anything. We’re going to focus on that last term here, because there’s actually a fascinating concept behind the opaque and stupid buzzword. On the surface, "big data" sounds like it ought to have something to do with, say, storing tremendous amounts of data. Frankly it does, but that’s only part of the picture. Wikipedia has an extremely long, extremely thorough (and, overly complex) breakdown of the term, but without reading for two hours, big data as a buzzword refers to the entire process of gathering and storing tremendous amounts of data, then applying tremendous amounts of computing power and advanced algorithms to the data in order to pick out trends and connect dots that would otherwise be invisible and un-connectable within the mass. For an even simpler dinner party definition: when someone says "big data," they’re talking about using computers to find trends in enormous collections of information—trends that people can’t pick out because there’s too much data for humans to sift through. Read 15 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
On a recent Saturday morning, Craig Adams stood outside the Robert Wood Johnson University Hospital in New Brunswick, New Jersey. It was sunny but cold. Adams, who had turned 40 the day before, wore white sneakers and a black T-shirt over a long-sleeve shirt. A fuzz of thinning hair capped his still-youthful face. His appearance would have been unremarkable if not for the red splotch of fake blood on the crotch of his white trousers. The stain had the intended effect: drivers rounding the corner were slowing down just enough to see the sign he was holding, which read “No Medical Excuse for Genital Abuse.” Next to him, Lauren Meyer, a 33-year-old mother of two boys, held another sign, a white poster adorned only with the words: “Don’t Cut His Penis." She had on a white hoodie with a big red heart and three red droplets, and a pair of leopard-print slipper-boots to keep her feet warm for the several hours she would be outside. Meyer’s first son is circumcised; she sometimes refers to herself as a “regret mother” for having allowed the procedure to take place. It was two days after Christmas. Adams and Meyer had each driven about an hour to stand by the side of a road holding up signs about penises. On that same day, a woman stood alone at what qualifies as a busy intersection in the small town of Show Low, Arizona. She also wore white trousers with a red crotch, and held aloft anti-circumcision signs. A few people more people did the same in the San Francisco Bay area. Read 60 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
With tax season in full swing, it's time for the yearly reminder that the security practices of many tax-preparation services are lacking. Case in point: H&R Block's reported failure to confirm the e-mail addresses of at least some of its online account holders. The lapse was reported to Ars by reader Aaron Johnson, who said H&R Block in recent days has e-mailed him the name, address, and security question of a complete stranger. Johnson said he is confident he has everything he needs to access this person's account, steal his most valuable personal data, and hijack any owed tax returns. The stranger happens to share Johnson's first and last name, and for reasons that aren't entirely clear, the alter ego occasionally uses Johnson's e-mail address when creating accounts. At no point, Johnson said, did he receive an e-mail from H&R Block requiring him to confirm that his e-mail address was connected to the other person's account. Read 2 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
According to a source at one of Samsung's mobile carrier partners in Europe who spoke to Ars Technica under the condition of anonymity, Samsung is launching both the curved and normal Galaxy S6 at rather exorbitant price points. Our source, who has seen Samsung's new devices in person, tells us that the mid-level 64GB curved Galaxy S6 will cost carriers €949 ($1,076), with the top-end 128GB model priced at €1,049 ($1,189)—around €50 more expensive than the comparable iPhone 6 Plus. Furthermore, the same source tells us that carriers are struggling to get their hands on enough stock of the curved Galaxy S6, suggesting that Samsung is having yield issues for the curved display. Samsung is expected to announce the Galaxy S6 at Mobile World Congress next week. In line with the rumors that we've heard previously, our source says there will be two versions of the S6—a normal version that will look fairly similar to the S5 and a curved version that will have a curved edge on both the left and right sides of the device. In both cases, the devices are priced at the very high end, above the iPhone. For the non-curved Galaxy S6, European pricing is €749 ($849), €849 ($963), and €949 ($1,076) for the 32GB, 64GB, and 128GB models respectively. For the curved version, add €100 ($124) to each of those figures. These are the prices that will be paid by the carrier before any subsidies. Presumably unlocked, SIM-free devices will be be similarly priced. US pricing is more complex than simply converting euros into dollars, but €849 for the entry-level curved Galaxy S6 is way, way above the launch price of the Galaxy S5, which was around €650 in Europe and $650 in the US. Read 2 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
If it seems like Rockstar is delaying the PC port of Grand Theft Auto V every month, that's because it is... in 2015, at least. Today, Rockstar announced that the port has now been pushed back to April 14. The news comes just over a month after the developer promised a March 27 release for the revamped PC version. For context, previous Grand Theft Auto games have generally hit the PC about six to eight months after their initial console releases. By April 14, it will have been nearly 19 months (574 days) since Grand Theft Auto V first launched on consoles (though April will only mark about six months since the game was re-released on the current generation of consoles). "Our apologies to PC gamers worldwide who have been counting down the days until the launch of the game, but a bit more time is needed to ensure that the game is as polished as possible, and to make certain that both Heists and the GTA Online experience are ready to roll out on day one for PC," Rockstar announced on its blog. "As a gesture of thanks for your understanding, we will grant anyone who has pre-ordered the game an additional $200,000 in-game cash for use in GTA Online." (Online heists are scheduled to launch for the console versions on March 10). Read 2 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
I hate traveling. There, I said it. I’m a terrible traveler, and my idea of a perfect vacation is one where I draw the blinds of my house and stay at home without seeing anyone other than my wife until the vacation is over. I know that some people are entranced with the idea of visiting faraway places, and good for them, but if God had intended me to be somewhere far away, he would have just put me there in the first place. Because of my strong distaste of traveling, my trip to Munich to visit GE’s Global Research Center Europe represented a number of firsts for me: first time in Germany (along with Europe in general, or really any country that wasn’t the US, Canada, or Mexico), first time crossing the Atlantic Ocean, and even my first time flying on a wide-body jet (living in Houston, pretty much anywhere in the US from coast to coast and everywhere in between is a direct flight on a United 737). Read 12 remaining paragraphs | Comments

Read More...
posted 6 days ago on ars technica
Verizon's aging copper landline telephone network has been offline for numerous customers in Manhattan over the past few weeks, giving Verizon another chance to convince customers to ditch their landlines for wireless service. This has been a recurring theme for Verizon, which often tells customers their phone lines can't be fixed right away but that they can switch to "Voice Link," a wireless replacement for landlines. Voice Link isn't regulated as a utility like the copper landlines are, and it can't last through power outages the way copper lines can. The outage in the Upper West Side began on February 3, resident George Malko told Ars. "Countless calls produce conflicting and flimsy explanations," he wrote in an e-mail Saturday. "A scheduled service call to us in particular was canceled by Verizon. Return to service was first promised for February 17. Then February 23. Now it's February 28." Read 11 remaining paragraphs | Comments

Read More...
posted 7 days ago on ars technica
Despite the ubiquity of dark matter in every galaxy out there, it has been difficult to pin down how much influence the mysterious substance has in our own galaxy, particularly in the inner regions of it. This has contributed to some (possibly minor) issues for the cold dark matter model. Over the years, many observations have provided data on the motions of objects in our galaxy. In a new study, researchers have put some of that data together; their analysis provides new evidence for the existence and abundance of dark matter in the inner Milky Way. It represents a fundamental step forward in the quest to understand dark matter. Previous studies of the inner galaxy’s dark matter fall into two categories: theoretical models and measurements of local stars near the Sun. The problem with the modeling approach, the study’s authors argue, is that it necessarily relies on assumptions about the distribution of dark matter. And the problem with local measurements is that the measurements are compatible with the density of dark matter being zero “unless one makes strong assumptions,” as the authors put it. The new study benefits from not depending on such assumptions. Read 12 remaining paragraphs | Comments

Read More...
posted 7 days ago on ars technica
Greetings, Arsians! Courtesy of our partners at TechBargains, the Dealmaster is here with a big bag of deals for your Tuesday morning. The top deal this week is a Dell Inspiron 15 7000—a laptop with an Intel i7-5500U processor, 4GB of RAM, and, best of all, a 4K 15-inch touchscreen. At $1,129.99, this is one of our lowest prices ever for a 4K laptop! You aren't still working in 1K, are you? FeaturedDell Inspiron 15 7000 Intel i7 Broadwell Laptop w/ 4K Touchscreen Display & 4GB GPU for $1129.99 (list price $1464 - use coupon code 59ZKKKW6DP56SD). Read 9 remaining paragraphs | Comments

Read More...
posted 7 days ago on ars technica
The original Pebble smartwatch was a Kickstarter success story: the e-ink watch raised a then-record-breaking $10.3 million in 2012. Unlike some Kickstarter hardware projects, it actually shipped to backers and has achieved some level of retail success. It was followed the next year by a sleeker-looking sequel, the $199 Pebble Steel. Now Pebble has returned to Kickstarter to fund a third-generation watch, the Pebble Time, and it blasted through its $500,000 funding goal in less than an hour. The Time features a new design and a color (albeit e-paper) display, maintains compatibility with existing Pebble apps and watch faces, and is capable of lasting a full week on a single charge. The first 5,000 Kickstarter backers for the project can get the watch for $159, and another 20,000 backers will be able to pick it up for $179—backers' watches will also have "Kickstarter Edition" engraved on them to separate the true Pebble fans from the Johnny-come-latelies who buy them in stores for the standard retail price of $199. The Pebble Time's primary innovation, color screen aside, is a new timeline that streamlines Pebble's notifications. It arranges them in a single chronological list rather than hiding them in individual apps, and hardware navigation buttons can be used to look at past, present, and future notifications, alarms, and calendar events. This gives you access to timely information more easily and quickly than the existing Pebbles. Read 2 remaining paragraphs | Comments

Read More...
posted 7 days ago on ars technica
Steve Bristow, one of the engineers heavily involved in the development of Atari's arcade and home console golden age, passed away Sunday, according to a Facebook post from Atari Inc. author Marty Goldberg. Bristow was a part of the game industry from the beginning. While still a student at the University of California-Berkley and an intern at Ampex, he and his wife designed the two-player mode for Computer Space, the first coin-operated game, alongside the likes of Nolan Bushnell, Al Alcorn, and Ted Dabney. Shortly after Bushnell left Computer Space maker Nutting Associates to start Atari, Bristow followed, developing early multi-paddle versions of Pong (Pong Doubles and Quadrapong) as well as Indy 800, one of the first arcade racing games. Bristow was also tasked with some of the grunt work in those early days of arcade gaming. "I worked part-time doing maintenance on the Pong machines and collecting the money," he recalled in a Wired interview. "In Berkeley, a weapons permit is hard to get, but they won't stop you from carrying a hatchet, so people out at 2am would see my wife walking ahead of me carrying a hatchet and me carrying $1,500 in quarters, and they'd say, 'Leave them alone.'" Read 4 remaining paragraphs | Comments

Read More...
posted 7 days ago on ars technica
This post was done in partnership with The Wirecutter, a list of the best technology products to buy. Read the full article at TheWirecutter.com. After listening to 48 of the market’s top-rated portable Bluetooth speakers and running the best ones through a demanding blind test with a panel of audio professionals, we recommend the $99 UE Mini Boom for most people. Despite being small, it plays louder and sounds fuller and more natural than most of its competitors—including many larger models. Read 23 remaining paragraphs | Comments

Read More...
posted 7 days ago on ars technica
To settle a class-action lawsuit, LinkedIn has agreed to pay about $1 each to the roughly 800,000 people who were premium users between March 2006 and June 2012. A LinkedIn premium user, Katie Szpyrka, sued the social network shortly after roughly 6.5 million hashed user passwords (and 1.5 million from a dating website) were published in June 2012. She alleged that the company was in violation of a number of California state laws, in breach of implied contracts, and was negligent, among other things. A federal court in San Jose, California approved (PDF) the preliminary settlement which among other things, sets up a fund worth $1.25 million. Lawyers will take up to one-third of that amount, and after some administrative fees, the rest will be distributed to the individual plaintiffs. In the class-action settlement agreement, which was published (PDF) in August 2014, LinkedIn "continues to deny that it committed, or threatened, or attempted to commit any wrongful act or violation of law or duty alleged in the Action." Read 2 remaining paragraphs | Comments

Read More...