Microsoft’s Patch Tuesday this month had higher-than-usual stakes with fixes for a zero-day Internet Explorer vulnerability under active exploit and an Exchange Server flaw that was disclosed last month with proof-of-concept code.
The IE vulnerability, Microsoft said, allows attackers to test whether one or more files are stored on disks of vulnerable PCs. Attackers first must lure targets to a malicious site. Microsoft, without elaborating, said it has detected active exploits against the vulnerability, which is indexed as CVE-2019-0676 and affects IE version 10 or 11 running on all supported versions of Windows. The flaw was discovered by members of Google’s Project Zero vulnerability research team.
Microsoft also patched Exchange against a vulnerability that allowed remote attackers with little more than an unprivileged mailbox account to gain administrative control over the server. Dubbed PrivExchange, CVE-2019-0686 was publicly disclosed last month, along with proof-of-concept code that exploited it. In Tuesday’s advisory, Microsoft officials said they haven’t seen active exploits yet but that they were “likely.”
Overwork is a longstanding problem in Japan and companies are turning to technology for solutions.
Cartoon figures and young stars will be banned from many adverts in a bid to protect children.
Game publisher Activision-Blizzard will lay off 8 percent of its work force, or around 775 people, CEO Bobby Kotick announced on the company's earnings call today. The move is being made in an effort at "de-prioritizing initiatives that are not meeting expectations and reducing certain non-development and administrative-related costs across the business," Kotick explained.
The layoffs, which will mostly be in non-game-development areas like publishing, will impact Activision, Blizzard, and King. In one case, an entire studio of 78 people was shut down—Seattle-based mobile game studio Z2Live. This is in spite of Kotick saying that the company achieved "record results in 2018." Activision made a statement about exceeding its expectations, but other market-watchers clearly had higher numbers in mind.
The implication is that the positive results reported came thanks to a fairly narrow bench of franchises, with many of the company's efforts outside those franchises not meeting expectations.
In a bid to cut the number of coding errors made in its Firefox browser, Mozilla is deploying Clever-Commit, a machine-learning-driven coding assistant developed in conjunction with game developer Ubisoft.
The tool builds on work by Ubisoft La Forge, Ubisoft's research lab. Last year, Ubisoft presented the Commit-Assistant, based on research called CLEVER, a system for finding bugs and suggesting fixes. That system found some 60-70 percent of buggy commits, though it also had a false positive rate of 30 percent. Even though this false positive rate is quite high, users of this system nonetheless felt that it was worthwhile, thanks to the time saved when it did correctly identify a bug.
Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's own features to protect the bad code. As well as making malware in general harder to examine, bad actors could use this protection to, for example, write ransomware applications that never disclose their encryption keys in readable memory, making it substantially harder to recover from attacks.
The research, performed at Graz University of Technology by Michael Schwarz, Samuel Weiser, and Daniel Gruss (one of the researchers behind last year's Spectre attack), uses a feature that Intel introduced with its Skylake processors called SGX ("Software Guard eXtensions"). SGX enables programs to carve out enclaves where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). The contents of an enclave are transparently encrypted every time they're written to RAM and decrypted upon being read. The processor governs access to the enclave memory: any attempt to access the enclave's memory from code outside the enclave is blocked; the decryption and encryption only occurs for the code within the enclave.
SGX has been promoted as a solution to a range of security concerns when a developer wants to protect code, data, or both, from prying eyes. For example, an SGX enclave running on a cloud platform could be used to run custom proprietary algorithms, such that even the cloud provider cannot determine what the algorithms are doing. On a client computer, the SGX enclave could be used in a similar way to enforce DRM (digital rights management) restrictions; the decryption process and decryption keys that the DRM used could be held within the enclave, making them unreadable to the rest of the system. There are biometric products on the market that use SGX enclaves for processing the biometric data and securely storing it such that it can't be tampered with.
Greetings, Arsians! Courtesy of our friends at TechBargains, we have another round of deals to share. Today's list is absolutely packed with solid discounts but is headlined by a number of deals on various Apple devices, including iPads, Apple Watches, and MacBooks.
This may not come as a huge surprise given that Apple is expected to introduce new hardware sometime in the next few months, but the deals encompass the most recent iterations of the 9.7-inch iPad, the 10.5-inch iPad Pro and Apple Watch Series 3 released in 2017, the 256GB variant of the latest MacBook Air, and the company's HomePod speaker.
Some of the discounts bring these devices close to their all-time lows: the 32GB iPad is currently down to $249, which matches its Black Friday pricing, while the 128GB model is down to $330, which also matches its going rate during the holidays. The 64GB 10.5-inch iPad Pro—which is probably best viewed as a premium iPad than a true laptop replacement—is $150 off, while the 42mm Apple Watch Series 3—which doesn't have the big display of the newer Series 4 but is still a great entry point to smartwatches—is down by $80.
Pennsylvania's attorney general has sued Verizon, alleging that the company promised free Amazon Echo devices and Amazon Prime subscriptions to new customers but failed to deliver the items after customers enrolled in two-year contracts.
Verizon promised the incentives to customers who signed up for two-year FiOS deals between November 2018 and January 2019, the lawsuit said. Customers were given 60 days to claim their incentives, but certain customers were unable to do so because of a broken hyperlink, the complaint said.
"Verizon failed to provide certain consumers with their free Echo and/or Amazon Prime membership as promised and created an unreasonably burdensome process to claim the free Echo and/or Amazon Prime membership," the complaint alleges.
Email provider VFEmail said it has suffered a catastrophic destruction of all of its servers by an unknown assailant who wiped out almost two decades' worth of data and backups in a matter of hours.
“Yes, @VFEmail is effectively gone,” VFEmail founder Rick Romero wrote on Twitter Tuesday morning after watching someone methodically reformat hard drives of the service he started in 2001. “It will likely not return. I never thought anyone would care about my labor of love so much that they'd want to completely and thoroughly destroy it.”
Yes, @VFEmail is effectively gone. It will likely not return.
— Havokmon (@Havokmon) February 12, 2019
The ordeal started on Monday when he noticed all the servers for his service were down. A few hours later, VFEmail’s Twitter account reported the attacker “just formatted everything.” The account went on to report that VFEmail “caught the perp in the middle of formatting the backup server.”
This week, an advocacy group called The Solar Foundation released its ninth annual solar jobs report. In 2018 the industry contracted, shedding 8,000 solar jobs, or a loss of about 3.2 percent from 2017. The solar industry employed 242,343 people in 2018, the report said.
The solar industry is the largest renewable energy employer in the US and the second largest energy employer behind the oil and gas industry. Wind and coal trail far behind solar in terms of the number of people employed. (For comparison, coal mining lost 2,000 jobs between 2016 and 2017, although that industry employs only slightly more than 50,000 people.)
2018 marks the second year in a row that the solar industry has posted job losses. In 2017, The Solar Foundation's report showed that employment contracted by 3.8 percent. The foundation only counts solar jobs where at least 50 percent of a person's time is dedicated to solar energy.
Welcome back to "War Stories," an ongoing video series where we get game designers to open up about development challenges that almost—but not quite—derailed their games. In this edition, we focus on a genre particularly near and dear to my dead, black Gen-X heart: the adventure game.
And not just any adventure game—we were lucky enough to be able to sit down with Louis Castle, co-founder of legendary game developer Westwood Studios. Castle's hands were on some of the most famous titles of the 1990s, including Dune II, the Legend of Kyrandia series, and, most famously, the Command & Conquer franchise. But as wonderful as those games are—and as many hours as I spent lost in the woods of Kyrandia as a teenager—none of those mean as much to me as Westwood's 1997 cinematic adventure game, Blade Runner.You know the score, pal
Adventure games were one of the two ur-genres of true computer games (with the other being the arcade-style shooter), and as a child of the '80s, adventure games were what got me into gaming. The genre reached its peak in the early to mid 1990s, with some of the best-remembered LucasArts and Sierra titles making their appearance thereabouts. But by the end of the decade the wheels had come off the cart, and it was clear that the genre was being eclipsed by the rise of the first-person shooter.
MPs open inquiry into immersive technology such as VR and AR.
Valentine's Day and consumer technology don't exactly go hand in hand. Every couple is different, but if you're getting a loved one a gift for the holiday, it should come from the heart. A new smartphone or portable hard drive is nice, but it doesn't always scream "romance."
For the tech-obsessed robots at Ars Technica, though, good gear will always win out against fickle concepts like "human emotions." So instead of posting a more conventional gift guide, I decided to celebrate this Valentine's Day in a more Arsian manner: by asking my colleagues to point their hearts not toward other people but toward the tech in their lives that they appreciate the most.
Here are a few things we love.
The geo-fencing technology that means drones cannot fly near airports is improved.
In a memorandum released Monday night, the US Department of Defense Office of the Inspector General informed Air Force leadership that it will evaluate the military's certification of SpaceX's Falcon Heavy for national security missions.
"We plan to begin the subject evaluation in February 2019," the memorandum states. "Our objective is to determine whether the US Air Force complied with the Launch Services New Entrant Certification Guide when certifying the launch system design for the Evolved Expendable Launch Vehicle-class SpaceX Falcon 9 and Falcon Heavy launch vehicles."
The memorandum does not explain why the inspector general believes such an evaluation is necessary. Signed by Deputy Inspector General Michael Roark, the memorandum only states that the evaluation will take place at the Space and Missile Systems Center, which is headquartered at Los Angeles Air Force Base in El Segundo, California. This is just a few miles from SpaceX's headquarters in neighboring Hawthorne.
Four Americans are celebrated for their roles in developing the sat-nav Global Positioning System.
LAS VEGAS—For obvious reasons, the automotive coverage at Ars often focuses on ADAS—advanced driver assistance systems. From convenience features like adaptive cruise control and lane keeping to more safety-oriented features like blind spot monitoring or automatic emergency braking, ADAS are becoming more common in new vehicles—usually with brand-specific and potentially confusing names. When the features are implemented well, they can be incredibly useful; I've found that rear cross-traffic alerts regularly come in handy when reversing out of a space in a crowded parking lot. Which is why I was very surprised to find out that these kinds of systems are only now just being rolled out to the biggest, heaviest vehicles on our roads: class 8 semi-trailer trucks.
As we've remarked (or complained about) on more than one occasion, the annual CES trade show in January has effectively turned into an auto show, with OEMs and their suppliers demoing their latest tech advances. And Daimler's truck brand, Freightliner, is part of that crowd. In 2015, it used the Hoover Dam to show off an autonomous truck concept, and this year it returned with the production version. Called "Detroit Assist 5.0," it features many of the same assists you might find in a current Mercedes-Benz passenger vehicle: adaptive cruise control down to zero mph, lane-keeping assistance, automatic emergency braking, and even blind spot monitoring that keeps a virtual eye on the passenger-side length of the trailer as well.
Although Volvo (for instance) has offered automatic emergency braking on its biggest trucks for some years now, Daimler says that the model year 2020 Freightliner Cascadia is the first US class 8 truck to offer a full ADAS suite and is first to market with trailer-length blind spot monitoring and lane keeping.
Amazon has announced that it will acquire Eero, one of the biggest players in the networking hardware space known for its easy-to-set-up mesh Wi-Fi solutions.
Bay Area-based Eero, named after Finnish industrial designer Eero Saarinen, has been in operation since early 2015. It has already shipped several products. Neither Amazon nor Eero revealed how much money the tech giant paid in the acquisition, but Eero had raised $90 million in venture capital since its founding.
In case there was any doubt that the acquisition is part of a larger smart home strategy, a quote in Amazon's press release from SVP of Amazon Devices and Services Dave Limp named that as a reason right off the bat:
The landmark review also recommended the BBC should do more to share its technical and digital expertise.
Bloomberg New Energy Finance predicts that there will be 559 million electric vehicles on the road by 2040. But electric vehicles don't last forever. And their batteries are not always filled with the kinds of materials you would want leaching into the environment if they're disposed of haphazardly. Policy makers and researchers have started considering how to deal with end-of-life on electric batteries, and recycling is often considered as an option.
Researchers from Carnegie Mellon University published a paper in Nature Sustainability this week that looks at the emissions and economic costs associated with recycling automotive batteries. They specifically addressed batteries with three types of cathode chemistry: nickel manganese cobalt oxide (NMC), nickel cobalt aluminum oxide (NCA), and iron phosphate (LFP). The first two cathode chemistries are common in passenger vehicles, and LFP is common in buses (bus maker BYD uses LFP batteries, for example).
Since the packaging of batteries is important to the recycling method, cylindrical batteries (the types of cells that Tesla makes) are compared to pouch cell batteries in the analysis.