posted 13 days ago on ars technica
Wikimedia Microsoft has disclosed a potentially catastrophic vulnerability in virtually all versions of Windows. People operating Windows systems, particularly those who run websites, should immediately install a patch Microsoft released Tuesday morning. The vulnerability resides in the Microsoft secure channel (schannel) security component that implements the secure sockets layer and transport layer security (TLS) protocols, according to a Microsoft advisory. A failure to properly filter specially formed packets makes it possible for attackers to execute attack code of their choosing by sending malicious traffic to a Windows-based server. While the advisory makes reference to vulnerabilities targeting Windows servers, the vulnerability is rated critical for client and sever versions of Windows alike, an indication the remote-code bug may also threaten Windows desktops and laptop users as well. Amol Sarwate, director of engineering at Qualys, told Ars the flaw leaves client machines open if users run software that monitors Internet ports and accepts encrypted connections. Read 4 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Comcast Comcast today said it supports President Obama's entire network neutrality proposal—except for that part about reclassifying broadband as a utility. "What is remarkable is that if you compare the President’s articulation of his vision for net neutrality as set forth in the White House talking points released yesterday afternoon, we are on the record as agreeing with every point," Comcast Executive VP David Cohen wrote in a blog post titled, "Surprise! We agree with the president’s principles on net neutrality." The areas of agreement between Comcast and Obama are as follows, he wrote: Free and open Internet. We agree—and that is our practice. No blocking. We agree—and that is our practice. No throttling. We agree—and that is our practice. Increased transparency. We agree—and that is our practice. No paid prioritization. We agree—and that is our practice. Comcast has to follow net neutrality rules until 2018 because of conditions imposed on its purchase of NBCUniversal. Net neutrality rules that apply to all ISPs would put Comcast and its competitors on a level playing field in that regard. But Obama and Comcast disagree on how to implement them. Obama said that the Federal Communications Commission needs to reclassify consumer broadband service as a utility under Title II of the Communications Act in order to impose these rules. Read 8 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Andrew Cunningham When Adrienne Moore switched from an iPhone 4 to a Samsung Galaxy S5 earlier this year, problems with iMessage prohibited her new phone from getting text messages sent to her number. She filed a lawsuit in May, and Reuters reports that US District Judge Lucy Koh has ruled that the suit will move forward. Apple acknowledged earlier this year that there was a "server-side bug" causing trouble for customers attempting to leave iMessage and deregister their numbers. If your number is still in Apple's system, iMessages sent to you could appear to senders as if they've been delivered even though the recipient hasn't actually gotten them. Moore claims that the inability to receive messages interfered with her mobile contract, and that Apple violated California's Consumers Legal Remedies Act and Unfair Competition Law. In an earlier motion to dismiss the suit (PDF), Apple said that Moore "did not tell Apple that she was no longer using her iPhone" (in other words, she didn't de-register the iPhone from the iMessage service before getting rid of it), and that Apple never promised that iMessage "would automatically recognize a user's transition to a new device. From that motion: Read 2 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Thomas Hawk RPX is sometimes called a "defensive patent aggregator." The company's main business is to sell expensive memberships to big companies, then buy up patents that are being used, or could be used in the future, by "patent trolls" to sue them. It's an extremely profitable business—this year, RPX is expecting to earn $56 million on $256 million in revenue. That's allowed RPX to expand into other business lines. Earlier this year, it started offering protection from trolls, which RPX calls non-practicing entities or NPEs, through an old-fashioned product: insurance. By paying an annual premium, companies could get their legal fees covered if (or when) they get hit with a patent troll lawsuit. RPX also became authorized as a coverholder at Lloyd's. RPX exists because NPE lawsuits have become extremely common and now constitute around 60 percent of all patent suits. In the second quarter of this year, 855 lawsuits were filed by NPEs. Most of those lawsuits are aimed at companies with less than $100 million in revenue; according to RPX, 1 in 10 "top tier VC-funded companies" are sued within five years of being funded. Read 9 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Microsoft's Lync communications server is to be rebranded. The next version, due to be released next year, will be named instead Skype for Business. It will retain Lync's infrastructure—the ability to use on-premises servers, optional federation with external communications networks, and so on and so forth—but the branding and client design will closely match those of Microsoft's consumer communication platform. The Skype and Lync development teams have been working together since shortly after Microsoft bought the popular Skype platform for $8.5 billion in 2011. Skype for Business will further improve interoperability with regular Skype. While voice and instant messaging are already interoperable between Lync and Skype, the next version will add video messaging and access to the Skype user directory. This will mean that, should administrators choose to enable it, the Skype for Business client software will serve as a fairly fully featured Skype client, too. Read 1 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Kaspersky Lab The Stuxnet computer worm that attacked Iran's nuclear development program was first seeded to a handful of carefully selected targets before finally taking hold in uranium enrichment facilities, according to a book published Tuesday. The new account, included in Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Wired reporter Kim Zetter, is at odds with the now-popular narrative that the malware first penetrated Iran's Natanz enrichment facility and later unexpectedly broke loose to infect hundreds of thousands of other sites across the globe. That earlier account, provided by New York Times journalist David Sanger, characterized the escape outside of Natanz as a programming error that was never intended by engineers in the US and Israel, the two countries Sanger and Zetter said devised and unleashed Stuxnet. According to Zetter, the world's first known cyber weapon first infected Iranian companies with close ties to Iranian nuclear facilities and only later found its way to Natanz. "To get their weapon into the plant, the attackers launched an offensive against four companies," Zetter wrote. "All of the companies were involved in industrial control processing of some sort, either manufacturing products or assembling components or installing industrial control systems. They were likely chosen because they had some connection to Natanz as contractors and provided a gateway through which to pass Stuxnet to Natanz through infected employees." Read 6 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Fox Broadcasting / Screenshot via Simpsons Wiki Two men in the United Kingdom have been sentenced to jail for operating "Dancing Jesus," a website with illegal links to music that was operational between 2006 and 2011. The BBC reports that Kane Robinson, 26, of North Shields, was sentenced to 32 months. Richard Graham, a 22-year-old from Leicestershire, was sentenced to 21 months. At previous hearings, both men admitted they were guilty of the charge of illegal distribution of music. The Dancing Jesus site had links to more than 250,000 music tracks over its lifespan, according to the British Phonographic Society (BPI). In 2010, the group launched an investigation of the men that also involved the City of London police and the UK Intellectual Property Office. Read 6 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
GNOME.org The foundation that runs the open source software project GNOME has accused Groupon of infringing its registered trademark with a new product called “Gnome,” and it's trying to raise $80,000 in donations to oppose Groupon’s trademark applications. Groupon told Ars that the company is willing to find another name if it can’t find an acceptable compromise with the GNOME Foundation. GNOME, a desktop environment for Linux-based operating systems, was created in 1997 as the “GNU Network Object Model Environment.” The acronym is no longer used, but the project name is still stylized in all upper-case letters. It’s had a registered trademark since 2006 for downloadable computer software for creating and managing computer desktops, software for graphical user interfaces, word processing, database management, use as a spreadsheet, and for software tools and libraries that can be used to develop other software applications. Read 8 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
If our weekend review got you excited to dive back into some multiplayer Halo on the Xbox One, Microsoft and its online infrastructure team have some bad news for you. Online matchmaking for Halo: The Master Chief collection is currently "limited," nearly 12 hours after the game launched in the US, with plenty of players complaining about being unable to connect to multiplayer firefights. "Xbox members, are you having a tough time matchmaking in Halo: The Master Chief Collection?" Microsoft asks rhetorically on the Xbox Live status page. "As you read this message, we’re working with our external partner to correct this issue right away. We appreciate your patience in the meantime! We’ll update you again when we have more information." The issues were further confirmed by developer 343 Industries on the game's official Twitter feed: "We're aware that some users are experiencing longer than normal Matchmaking search times. We are actively working on a fix for this issue. If after a few minutes you're unable to find a match, exit Matchmaking and then begin searching again." Read 3 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Toyota held an earlier Onramp event at Mazda Raceway Laguna Seca in Monterey, California, earlier this year. Dito Milian In 2012, Toyota and Subaru made a lot of car enthusiasts very happy by releasing an affordable rear wheel drive sports car. The car was the first to rival Mazda’s Miata for entry level driving thrills in some time, and it has been a hit with the target market. You’re sure to find plenty of Scion FR-Ss and Subaru BRZs (the two versions sold in the US) at most gatherings of gear heads these days. But one of the car's cooler features is so far only available on Toyota’s Japanese version, the Toyota 86. The Sports Drive Logger is an $800 option that can record data (to a USB drive) from a multitude of sensors via the car’s Controller Area Network, or CAN, which it combines with positional data from a dedicated GPS antenna. What’s more, if that data was captured at one of three Japanese race tracks (Fuji, Suzuka, or Tsukuba), you can import it into Gran Turismo 6, visualize it through the game, and even race against yourself. The CAN-Gateway ECU device. The thing that looks like a mouse is actually the GPS antenna. Toyota That’s all great if you live in Japan, own a Toyota 86, and attend track days at Fuji, but Toyota hopes to adapt the technology and use it to inspire people to interact with their cars in new and different ways. The result is called a CAN-Gateway ECU, which adds Bluetooth to the mix. To help drive that technology to car owners, Toyota will hold the Onramp Challenge next month. The San Mateo, California, event includes a hackathon on December 6 and 7 where participants get to play with Scion FR-Ss equipped with the CAN-Gateway devices. The CAN-Gateway ECUs will give the hackathon participants access to data from the car’s steering, brake, and throttle positions, along with sensors that measure yaw rate, acceleration, and lateral G forces. Hackers will also have access to a very accurate GPS feed, and all of that refreshes every tenth of a second. Read 5 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Game Informer It's been more than four long years since the world was first exposed to the "beautiful stupidity" of Just Cause 2, though the sprawling, over-the-top action game has lived on in that interim thanks in part to a great, unofficial multiplayer mod. The wait for a follow-up won't carry on much longer, though, as Avalanche Studios has just announced Just Cause 3 via the cover of an upcoming issue of Game Informer. Aside from the PC, PS4, and Xbox One target platforms and a vague release date of 2015, there's not much concrete information about the game yet. Game Informer mentions "vastly improved parachute and grapple mechanics" and an "all-new wingsuit" as part of the festivities. A teaser video briefly discusses the game's fictionalized Mediterranean setting and Avalanche's work on the title over three years in its New York studio space. "It wasn't necessarily hard for anyone to guess what exactly it was we were doing here," one developer says. Those who want more information can look forward to a full month of teaser coverage on Game Informer's site. In the meantime, we're just gonna grapple our way on to a few hundred more planes in Just Cause 2 if you don't mind. Read on Ars Technica | Comments

Read More...
posted 13 days ago on ars technica
The jagged surface of the comet, as imaged by Rosetta. ESA The European Space Agency's Rosetta mission took roughly a decade from launch to approach its ultimate destination: the comet 67P/Churyumov-Gerasimenko. Since then, it's entered a close orbit and has been providing spectacular images of the surface of this alien world. But later today, it's set to start its most ambitious activity yet, the launch of the Philae lander, which is intended to set up a monitoring system on the comet's surface itself. The ESA will livestream events from mission control starting at 4pm US Eastern time today (19:00 GMT). Philae is a small, solar-powered lander that contains 10 instruments that are intended to examine the composition of the comet, both at its surface and internally. There's also a small drill that will obtain samples up to 30cm deep at the landing site. All that comes from a power budget that averages eight Watts when the sun is shining on it. The weight budget for the Rosetta mission, however, didn't allow for any engines or guidance systems. Instead, Philae will simply be released by the orbiter and left to drift to the comet's surface, driven by the initial momentum of the separation and pulled by the body's weak gravity. Once in motion, no course corrections will be possible during the seven hours it will take to reach the comet's surface. Read 1 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
A fine wintry November to you all, Arsians! We're approaching the holiday buying season, and that means that if you haven't started buying stuff, it's time to start! Our deal list this week comes courtesy of our partners at TechBargains, who have assembled a fine assortment of things that will tickle your wallet. The featured deal this time around is a Dell XPS 18 all-in-one, with a Haswell i7 CPU, a 256GB SSD, and a 1080p touchscreen. It weighs about 5 lbs (2.26 kg) and comes with an iMac-like stand, though unlike an iMac, it's also relatively portable and can be carried around if you happen to want to move it from room to room. There are plenty of other things in the list if all-in-ones aren't your thing, though. We have laptops, monitors, headsets—all kinds of stuff. Get your buy on! Read 7 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Blake Benthall's rented apartment in San Francisco's Mission District stood out to neighbors. At first, that was because of the ornate pirate ship cutout in the bay window. But in January, it caught neighbors' eye for a different reason: Benthall bought a flashy car. A few months after the launch of Silk Road 2.0, the drug-dealing website Benthall is accused of running, he brought home a brand-new Tesla S. He rented driveway space from his next-door neighbor, an 85-year-old woman who also sometimes read the Bible with him. He kept the book inside the Tesla. The details are in a weekend piece by Mission Local, a neighborhood news site that spoke to several of Benthall's neighbors on Florida Street. Benthall lived with two roommates who couldn't be reached. Read 5 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
There he goes again, just giving ammunition to DDoS attacks. The White House Akamai has issued a security bulletin (PDF) about a new form of Domain Name Service-based distributed denial of service (DDoS) attacks that emerged in October, attacks that can significantly boost the volume of data flung at a targeted server. The method builds upon the well-worn DNS reflection attack method used frequently in past DDoS attacks, exploiting part of the DNS record returned by domain queries to increase the amount of data sent to the target—by stuffing it full of information from President Barack Obama’s press office. DNS reflection attacks (also known as DNS amplification attacks) use forged requests to a DNS server for the Internet Protocol address and other information about a specific host and domain name. For example, a response from Google’s DNS server typically returns something like this—a simple response with the canonical name (CNAME) of the DNS address sent in the request and an IPv4 or IPv6 address for that name: A typical DNS query made while surfing the Web, captured in Wireshark. DNS requests are usually sent using the User Datagram Protocol (UDP), which is “connectionless." It doesn’t require that a connection be negotiated between the requester and the server before data is sent to make sure it’s going to the right place. By forging the return address on the DNS request sent to make it look like it came from the target, an attacker can get a significant boost in the size of a DDoS attack because the amount of data sent in response to the DNS request is significantly larger. Read 4 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
The vibrant cities of the French Revolution are one of the few bright spots in an uninspired Assassin's Creed entry. If you’re still in need of a graphical justification for the horsepower in the latest generation of consoles, it's in the first hour of Assassin's Creed: Unity. Arno Dorian, soon to be the latest in a line of assassins stretching back to the crusades (or at least 2007), is first introduced as a young man in what could be mistaken for a high budget, interactive French period drama. He needles the local thugs with crisp, airy quips through perfect lips. His nearly uncanny smile and facial animation sell his charisma a hundred times better than voice acting alone ever could. It's all such a waste, really. After those first 60 minutes, the assassinating begins. Arno is still there, plus two dead father figures, minus the smile. He's traded in his ability to banter for a jump cut and a hoodie. For the next 15 hours, I was left wondering what happened to all that energy and personality Unity led with. Perhaps I missed some context for why I ought to continue caring about this suddenly grim Parisian. Assassin's Creed games have always lived and died on the strength of their leads. The overarching, sci-fi plot jumped the shark a long time ago—something the developer itself recognized and adapted to in last year's game. That leaves the leading men (and leading woman Aveline from the under-discussed Assassin's Creed: Liberation) to hold a player's attention. Read 15 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Back in 2009, Dragon Age: Origins was meant to be a throwback to role-playing games of the past. It was challenging and full of meaningful decisions that promised major impact both later in the game and in its coming sequels. It used the familiar to create something memorable while never pretending to reach for the widest possible audience. In short, it was a game that felt like it should have never been published by a monolithic mainstream publisher like Electronic Arts, which had purchased developer BioWare in late 2007. In 2011, Dragon Age 2 was just the opposite—a tightly budgeted, sparse, and populist attempt at aping the RPG flavor of the week. It was Mass Effect with more swords and less soul. Rather than build on its predecessor, it opted for a fresh start that already felt stale before the game was even complete. Now there’s Dragon Age: Inquisition. This time, BioWare has chosen to follow the trends set by another popular RPG, opening up the world in the style of Bethesda’s popular Elder Scrolls series. Unlike the merely serviceable Dragon Age 2, however, Inquisition actually might be worthy of its inspiration. Read 22 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
This post was done in partnership with The Wirecutter, a list of the best technology to buy. Read the full article below at TheWirecutter.com. The BenQ HT1075 is the best $1000 projector for those who want a bright, colorful, detailed image—better than what’s possible on the cheap end—but don’t want to spend more than twice as much for the next serious upgrade. I base this on more than 25 hours of research and 50 hours of direct testing of seven competing models (and considering six others) plus the objective measurements of $20,000 worth of testing gear. Read 42 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
University of Minnesota American universities are filing an increasing number of patent lawsuits. The newest example is a batch of lawsuits filed last week by the University of Minnesota (UMN), one of the nation's largest public research universities. In the new lawsuits, the university says one of its professors invented key technology behind the LTE protocol. UMN is demanding royalty payments from all four of the largest cell phone carriers, Verizon, AT&T (PDF), T-Mobile (PDF), and Sprint. Professor Georgios Giannakis did work that "improves reliability and speed" on LTE networks, according to the University's statement on the litigation. Giannakis' research was supported in part by public funds, including grants from the National Science Foundation and the US Army. Read 7 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
FireEye Security researchers have warned of a security hole in Apple's iOS devices that could allow attackers to replace legitimate apps with booby-trapped ones, an exploit that could expose passwords, e-mails, or other sensitive user data. The "Masque" attack, as described by researchers from security firm FireEye, relies on enterprise provisioning to replace banking, e-mail, or other types of legitimate apps already installed on a targeted phone with a malicious one created by the adversary. From there, the attacker can use the malicious app to access sent e-mails, login credential tokens, or other data that belonged to the legitimate app. "Masque Attacks can replace authentic apps, such as banking and e-mail apps, using attacker's malware through the Internet," FireEye researchers wrote in a blog post published Monday. "That means the attacker can steal user's banking credentials by replacing an authentic banking app with an malware that has identical UI. Surprisingly, the malware can even access the original app's local data, which wasn't removed when the original app was replaced. These data may contain cached e-mails or even login-tokens which the malware can use to log into the user's account directly." Read 5 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Kevin Ebaugh As Uber continues to expand worldwide (and has run-ins with local regulators), it’s become famous for its "surge pricing"—the phenomenon where as demand increases for cars, the price dramatically goes up. New York State went so far as to put a cap on the practice during "abnormal disruptions" in July 2014. Recently, a North Carolina man was charged $455 for a 15-mile ride on Halloween night. Outraged, he reported it to the state’s attorney general, which has taken up the issue. To deal with this problem, enter a new, free iOS app (an Android version is coming soon) called SurgeProtector. The app aims to help Uber users avoid being shocked by surge pricing simply by telling them where they can go to pay more normal prices. (Uber did not immediately respond to Ars’ request for comment.) Read 10 remaining paragraphs | Comments

Read More...
posted 14 days ago on ars technica
No, that's not Halo 5's take on The Thinker, but its awesome new ground-pound move. Prepare to do that one a lot. Savvy gaming fans may have noticed a trend in 2014’s biggest shooting releases. First came Titanfall, a futuristic, sci-fi blaster that borrowed heavily from Halo. Then came Destiny, an always-online sci-fi blaster made by the original creators of Halo. After that, we saw Call of Duty: Advanced Warfare, which saw the military series take a decidedly sci-fi turn toward the weapons and power-ups of Halo. Catch that? 2014 was a surprisingly Halo-ey year for video games, a fact made weirder by the year’s lack of a new, bonafide Halo release. (This week’s Master Chief Collection, an anthology of older Halo games with some “remastering” tweaks, impressed us in spite of being an obvious stopgap product.) That doesn’t mean we’re getting out of 2014 without Master Chief showing us how it’s done. On December 29, Microsoft will slip the multiplayer beta test for Halo 5: Guardians into this year’s calendar. Wait, scratch that: “Slip” is too meek a word for the zippy, blistering combat to come. Read 18 remaining paragraphs | Comments

Read More...
posted 14 days ago on ars technica
CN.dart.call("xrailTop", {sz:"300x250", kws:[], collapse: true});While Microsoft has launched a number of Lumia phones since its purchase of Nokia's Devices division earlier this year, they've all retained the Nokia name. But we knew that had to end soon—the publicly announced terms of the sale told us that much—and today it does. The Microsoft Lumia 535 is adorned not with the Nokia name, but Microsoft's. Compared to the lacklustre Lumia 530, the Lumia 535 looks like a healthy step up. The screen is bigger, at 5 inches compared to 4, and higher resolution, at 960×540 compared to 854×480. It's also better quality, using IPS technology and a Gorilla Glass 3 protective layer. The processor is the same, a 1.2 GHz quad core Snapdragon 200, but the RAM has been doubled to 1GB, thereby eliminating most or all compatibility issues with games. Internal storage is doubled, too, to 8GB. The biggest upgrade, though, is to the cameras. The rear camera retains the 5MP resolution, but it's now an autofocus unit instead of fixed focus, and it adds an LED flash. The 535 also includes a front-facing camera, with the same 5MP resolution. Read 3 remaining paragraphs | Comments

Read More...
posted 14 days ago on ars technica
Barbara Krawcowicz All United States Postal Service (USPS) employees’ personal data—including names, addresses, social security numbers—has been exposed as the result of a hack believed to have originated from China. According to its own tally, USPS employs over 600,000 people. "We began investigating this incident as soon as we learned of it, and we are cooperating with the investigation, which is ongoing," David Partenheimer, a USPS spokesman, wrote in a statement (PDF) on Monday. "The investigation is being led by the Federal Bureau of Investigation and joined by other federal and postal investigatory agencies. The intrusion is limited in scope and all operations of the Postal Service are functioning normally." The USPS does not believe that in-store customer data was exposed, but customers who contacted the agency via e-mail or phone between January 1 and August 16, 2014 may have been. Read 4 remaining paragraphs | Comments

Read More...
posted 14 days ago on ars technica
An appeals court today overturned the 2012 manslaughter convictions of six Italian earthquake scientists in the wake of a 2009 earthquake that killed 309 people in the town of L’Aquila, as reported by ScienceInsider and NatureNews. Each scientist had been sentenced to six years in prison along with a government official. The official has not been acquitted, but he did have his sentenced reduced to two years. Amidst a swarm of small earthquakes (and false predictions of major earthquakes by a technician at the nearby National Institute of Nuclear Physics) near the town of L'Aquila in early 2009, the Civil Protection Department convened a meeting of the six scientists. Some public statements resulting from that meeting—specifically statements by Civil Protection Department official Benardo De Bernardinis—were seen to have gone too far, assuring the public that risk of a dangerous earthquake was very low. When a magnitude 6.3 earthquake just six days later killed 309, those statements were blamed for some the deaths as some people apparently failed to leave their homes, which then collapsed. As Ars reported, a judge ruled that these seven individuals were culpable because of their comments and found the group guilty of manslaughter in 2012. The defendants appealed, resulting in today’s decision. Read 1 remaining paragraphs | Comments

Read More...