You don't need a phone or computer to get online as devices around the home get "smarter".
Apple's new credit card is rolling out in stages to interested users (I got mine on Monday) and the early reception is generally positive. The card's primary draw isn't in its benefits, which are perfectly fine but not outstanding by any metric. Instead, the card's strength is in its tight vertical integration with the Apple technology ecosystem and the (hopefully) increased security one gains by moving to using tokenized payments for (most of) your point-of-sale transactions. The card otherwise has a lot in common with other traditional credit cards—and, unfortunately, one of those things is the Apple Card's forced arbitration provision.
Briefly, this means that there is language in the Apple Card/Goldman Sachs' customer agreement that requires customers to give up their right to file lawsuits against Goldman or Apple, either individually or as members of a class, and instead forces customers into accepting binding arbitration to resolve disputes. Although binding arbitration is frequently defended by proponents as being faster and less expensive than lawsuits, arbitration heavily favors companies over consumers in disputes. The arbitrator or arbitrators are typically chosen by the company engaging in arbitration and tend to favor the company's interests; studies show that in the vast majority of cases, the odds of winning are heavily on the company's side. The bias in arbitration outcomes has been taken advantage of by numerous companies—including companies we regularly cover—to engage in some truly shady dealings.
(It's not just consumers who get shafted by arbitration—many companies force their own employees into mandatory arbitration, too, though a number of employers are beginning to walk back the practice.)
Biometric security software Biostar 2 was found to have exposed sensitive user data online.
Sadiq Khan asks the King's Cross Central development whether its use of facial recognition is legal.
People were paid to transcribe voice recordings - but Facebook says the work has now stopped.
Checking sites multiple times a day means less time is spent on healthy activities, a UK study suggests.
LAS VEGAS—Penetration testers have long gone to great lengths to demonstrate the potential chinks in their clients' networks before less friendly attackers exploit them. But in recent tests by IBM's X-Force Red, the penetration testers never had to leave home to get in the door at targeted sites, and the targets weren't aware they were exposed until they got the bad news in report form. That's because the people at X-Force Red put a new spin on sneaking in—something they've dubbed "warshipping."
Using less than $100 worth of gear—including a Raspberry Pi Zero W, a small battery, and a cellular modem—the X-Force Red team assembled a mobile attack platform that fit neatly within a cardboard spacer dropped into a shipping box or embedded in objects such as a stuffed animal or plaque. At the Black Hat security conference here last week, Ars got a close look at the hardware that has weaponized cardboard.
We've looked at such devices, typically referred to as "drop boxes," before. Ars even used one in our passive surveillance of an NPR reporter, capturing his network traffic and routing a dump of his packets across the country for us to sift through. Covert drop boxes (once a specialty of Pwnie Express) have taken the form of "wall wart" device chargers, Wi-Fi routers, and even power strips. And mobile devices have also been brought to play, allowing "war walking"—attacks launched remotely as a device concealed in a bag, suitcase, or backpack is carried nonchalantly into a bank, corporate lobby, or other targeted location.
Verizon has sued the City of Rochester, New York, in order to avoid paying fees for deploying 5G equipment and fiber lines.
Verizon's lawsuit, filed in US District Court for the Western District of New York on Thursday, claims that the fees are higher than those allowed by federal law. As proof, Verizon points to a Federal Communications Commission preemption order from last year that attempts to limit the fees and aesthetic requirements cities and towns impose on carrier deployments. Rochester imposed its new fees in February of this year.
Verizon may have a good chance of winning its lawsuit if that FCC preemption order stands. But the FCC is being sued by cities from Washington, Oregon, California, and Arizona, which claim that the preemption is illegal. (Cities from Florida, Colorado, Nevada, and New York also intervened in the lawsuit to support the case against the FCC.) The outcome of that case could affect the Verizon suit against Rochester and any similar lawsuits filed against cities in the future.
Microsoft is warning of a four new Windows vulnerabilities that are “wormable,” meaning they can be exploited to spread malware from one vulnerable computer to another without any user action in much the way the self-replicating WannaCry and NotPetya outbreaks did in 2017.
Similar to the so-called BlueKeep vulnerability Microsoft patched in May, the four bugs the company patched on Tuesday reside in Remote Desktop Services (RDS), which allow a user to take control of a remote computer or virtual machine over a network connection. The bugs—indexed as CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226—make it possible for unauthenticated attackers to execute malicious code by sending a specially crafted message when a protection known as Network Level Authentication is turned off, as is often done in large organizations.
In such networks, it’s possible for exploits to ricochet from computer to computer. Leaving NLA on makes it harder for attacks to spread, since attackers must first have network credentials. The growing use of hacking tools such as Mimikatz, however, often enables attackers to surreptitiously obtain the needed credentials.
Two separate teams of scientists have devised novel hydrodynamic "invisibility cloaks"—instead of shielding objects from light, the cloaks would shield them from fluid flows. The scientists described their work in two new papers in Physical Review Letters. These kinds of cloaking structures could one day help reduce drag on ships or submarines, or protect ships at a port or wharf from potential damage from strong waves.
Most so-called "invisibility cloaks" created thus far work in the electromagnetic regime and rely on metamaterials. A "metamaterial" is any material whose microscopic structure can bend light in ways light doesn't normally bend—a property called "the index of refraction." Natural materials have a positive index of refraction; certain manmade metamaterials—first synthesized in the lab in 2000—have a negative index of refraction, meaning they interact with light in such a way as to bend light around even very sharp angles.
Metamaterials typically involve a highly conductive metal like gold or copper arranged in carefully layered periodic lattice structures. When light passes through the material, it bends around the cloaked object, rendering it "invisible." You can see an object directly behind it but can't see the cloaked object itself. However, the effect is typically limited to specific wavelengths: microwaves, infrared light, or certain frequencies of sound or heat waves.
Amazon is a gigantic international marketplace filled with all sorts of goods from countless manufacturers and vendors—a selection so broad, it can easily overwhelm shoppers. Though the company doesn't really curate what's sold on its platform, it does do the equivalent of showing off certain products in the window with its "Amazon's Choice" label. The problem is that nobody outside Amazon knows how those choices get chosen... and some of those "choice" products are basically crap.
Several media outlets have tried and failed to learn how it all works, but this week members of the Senate have come knocking on Amazon's metaphorical door with some pointed questions. Democrats Bob Menendez of New Jersey and Richard Blumenthal of Connecticut are calling on Amazon to explain why certain products get that coveted Amazon's Choice badge to determine if the moniker "deceives consumers into purchasing products of inferior quality."
A search for a product like dish detergent returns more than 20,000 results, Blumenthal and Menendez write in a letter (PDF) addressed to Amazon CEO Jeff Bezos. Given that volume, consumers "look for distinctive product features to help narrow the extensive search results," and those shoppers "reasonably rely" on the Amazon's Choice label "to guide their final purchasing decisions."
A committee of MPs says there is a "misleading impression" the devices are completely safe.
Science has struggled to increase the diversity of the research community, trying to ensure that everyone has an equal opportunity to contribute to humanity's advances. But science's struggles are nothing compared to those of the financial industry, where only about 1% of fund managers are women or minorities. While there have been some efforts made to increase diversity, finance stubbornly remains the domain of white males, even though firms run by women and minorities have, on average, produced equivalent returns.
To find out why this disparity exists, a group of Stanford researchers collaborated with a diverse financial firm to perform a relatively simple experiment. They created fake financial firms, swapped in headshots of black and white "managers," and asked actual asset managers to rate the firm's performance. The results showed that when performance was good, having black managers led to lower ratings than when the same performance was supposedly delivered by a white-led firm. While there were some differences when performance wasn't as high, the likely reasons for those differences aren't reassuring.Assets and allocators
For everything from hedge funds to retirement investments, it's rare to have direct ownership of stocks. Instead, investments tend to go into funds that focus on specific aspects of the market, like energy or small capitalization firms. But these funds often don't invest in the stocks directly, either. Instead, financial specialists called "asset allocators" identify firms that have funds with the right mix of performance and targets, and these allocators invest in a number of them.
Netflix has released the first full trailer for its new fantasy series, The Dark Crystal: Age of Resistance. It's a prequel to the 1982 cult classic fantasy/adventure film The Dark Crystal and features a star-studded cast that includes Sigourney Weaver as the narrating Myth Speaker and Mark Hamill—fresh off voicing Chucky in the Child's Play reboot—as The Scientist.
(Some spoilers for the original film below.)
The original film was a marked departure for Jim Henson and his co-director Frank Oz, significantly darker in tone than his previous work. It tells the story of the planet Thra, which gets its power from a magical Crystal. That crystal cracks, producing two new species: the evil Skeksis and kindly wizards called the Mystics. The task of restoring a missing shard to heal the crystal falls to a young Gelfling named Jen, aided by a wise astronomer named Aughra and his fellow Gelfling Kira. And he's on a tight schedule: the shard must be restored before the planet's three suns align or the Skeksis will rule forever.
On Friday, NASA Administrator Jim Bridenstine will visit the Marshall Space Flight Center in Alabama. At 3pm local time, he will address employees in an "all hands" meeting in Morris Auditorium to make an announcement regarding the space agency's Artemis program to land humans on the Moon by 2024.
According to multiple sources, Bridenstine plans to announce that the Alabama-based field center will manage the program to develop the lunar lander for the Moon program. In political terms, this is a big win for the center, which has powerful congressional backing in both the US Senate as well as the House of Representatives. (Employees were, umm, strongly encouraged to attend the meeting).
As part of the carefully negotiated agreement, Marshall will have responsibility for the overall program as well as two elements of what is planned to be a three-stage lander. The center in northern Alabama will oversee commercial development of the Transfer Element—planned to ferry the lander from the Lunar Gateway down to low-lunar orbit—as well as the Descent Element that will fly down to the surface.
Greetings, Arsians! The Dealmaster is back with another round of deals to share. Today's list is headlined by a nice discount on Anker's PowerLine II USB-C to Lightning cable, the three-foot variant of which is down to $11.99 at Amazon when you use the code "ANPL2CL3" at checkout. This cable dropped about 50 cents lower during a one-day lightning deal last month, but otherwise this price is tied for the lowest we've seen. It normally retails for $18. If you want a longer cable, meanwhile, the six-foot variant is down to $15.99 with the code "ANPL2CL6". That's tied for an all-time low from its usual price of $20.
Either way, these kind of USB-C to Lightning cables are what you'll need to take advantage of the fast-charging capabilities of newer iPhones and iPads. While there are rumors that Apple may include such cables and USB-C chargers in the box with its forthcoming iPhones, currently it requires iOS users to buy these accessories separately. The company sells three-foot and six-foot cables for $19 and $35, respectively, so you currently save a good chunk of change by going third-party.
Crucially, these Anker cables are also MFi-certified by Apple to work safely with iPhones and iPads. The Dealmaster has actually had the six-foot version on hand for the past few months and hasn't had any issues with durability or fraying. In fact, the rubberized housing around the cable is thicker than that of Apple's own cables, and if something does go wrong, Anker says the product is covered by a lifetime warranty. Just remember that you'll need an appropriate USB-C charger to actually get these faster charges, one with that supplies at least 18W for a newer iPhone or at least 29W for a newer iPad Pro—Anker's own PowerPort Speed PD 30 is a good USB-IF certified choice, but there are plenty of others as well.
The relationship between Americans and their automobiles is a complicated one. More than mere transport, cars can become extensions of one's personality—think of stereotypes about drivers of a particular model like a Corvette, for instance. Since cars are mass-produced, it's natural that people want to personalize them. Sometimes it's covering them with every bit of chromed plastic you can find at JC Whitney. Sometimes it's plastering them in stickers. And sometimes, it might just be a personalized number plate.
The rules for personalized plates vary depending on the state in which you're registering your car. These can foster creativity, but today we have a cautionary tale from California, which reveals the risks of being too creative. It's the story of a security researcher known as Droogie, who presented his experience at the recent DEF CON conference in Las Vegas. Droogie decided his new vanity plate should read "NULL." While he did this mainly for the giggles, he told the audience that there was an ulterior motive, as reported by Mashable:
"I was like, ‘I'm the shit,'" he joked to the crowd. "'I’m gonna be invisible.' Instead, I got all the tickets."
Droogie's hope was that the new plate would exploit California's DMV ticketing system in a similar manner to the classic xkcd "Bobby Tables" cartoon. With any luck, the DMV's ticket database would see "NULL" and consign any of his tickets to the void. Unfortunately, the exact opposite happened.
Back in May, Google settled the defective Pixel 1 lawsuit brought against it in 2018 for $7.25 million, and now owners can file a claim at a new Pixel Settlement website. Owners of a first-generation Pixel could get up to $500 if they bought multiple defective devices, and everyone that bought an original Pixel before the cut-off date is entitled to $20, even if they didn't experience a defect.
Some of the first-generation Pixel phones went out the door with defective microphones, and a class action lawsuit alleged that Google couldn't or wouldn't fix the problem. Google denies these allegations, but the company still agreed to pay out $7.25 million. According to the settlement site, Pixel 1 owners are eligible for a payout if they live in the United States and bought "a new Pixel or Pixel XL smartphone manufactured before January 4, 2017 and did not receive a replacement Pixel manufactured after January 3, 2017 or refurbished after June 5, 2017."
The site details four payment tiers that customers can land in:
After two years of review and revision, the US Fish and Wildlife Service announced a set of changes to the regulations that spell out how it will implement parts of the Endangered Species Act. The changes focus on how officials should decide whether to list a species as endangered or threatened, what kind of protections threatened species should receive, and how officials will decide which areas of habitat to protect.
In practice, the changes may weaken the Endangered Species Act’s protections. Depending on how this and future administrations interpret the wording of the regulation, these changes could make it easier to remove species from the endangered and threatened species lists. The wording may also give officials tacit permission to dismiss climate change as an irrelevant threat to species’ survival and to consider economic factors when they’re deciding whether to protect a species.
There were many signs this was coming. The Trump administration proposed some of the revisions, including removing the phrase “without reference to economic impact,” last July. And overall, this batch of regulatory changes fits into the administration’s broader theme of eliminating regulation and rolling back environmental protections.
Biometrics Commissioner calls for new laws following revelation of facial checks at London King's Cross.