A deceptively simple malware attack has stolen a wide array of credentials from thousands of computers over the past few weeks and continues to steal more, a researcher warned on Tuesday.
The ongoing attack is the latest wave of Separ, a credential stealer that has been known to exist since at least late 2017, a researcher with security firm Deep Instinct said. Over the past few weeks, the researcher said, Separ has returned with a new version that has proven surprisingly adept at evading malware-detection software and services. The source of its success: a combination of short scripts and legitimate executable files that are used so often for benign purposes that they blend right in. Use of spartan malware that's built on legitimate apps and utilities has come to be called "living off the land," and
The latest Separ arrives in what appears to be a PDF document. Once clicked, the file runs a chain of other apps and file types that are commonly used by system administrators. An inspection of the servers being used in the campaign show that it, so far, has collected credentials belonging to about 1,200 organizations or individuals. The number of infections continues to rise, which indicates that the spartan approach has been effective in helping it fly under the radar.
The app Superpersonal can capture a user's face and movements to create a realistic moving image.
Cyber-crime gangs are injecting their own code on to websites to steal payment data, an annual study suggests.
Although we make every effort to cover our own travel costs, in this case McLaren flew us to Phoenix to drive the 600LT (and the 720S Spider; more on that next week) and provided two nights in a hotel.
I'll admit it: I wasn't sure if I was going to like the McLaren 600LT Spider. I wasn't the biggest fan of the McLaren 570S, the car it's based on—unlike almost everyone else who's driven one, I'd pick an Audi R8 as my daily drivable mid-engined supercar. While the 570S made concessions to practicality, I never gelled with the way it looks, and it had enough electronic foibles that they became one of my overriding memories of my time with the car. But the 600LT makes many fewer compromises in the name of everyday use, and it's all the better for it.
Veteran McLaren watchers will know from just the name that there's something special about this one: in McLaren-speak, LT means "long tail." The first long-tail McLarens—ten F1 GTR race cars and three F1 GT road cars—appeared in 1997, with new bodywork that extended the nose and tail to increase downforce at speed.
It will be illegal to fly a drone within three miles of an airport, following drone disruption at Gatwick.
Excavations at two ancient quarry sites in western Wales suggest how ancient people probably quarried some of the stones now standing at Stonehenge.
The 42 stones in question are some of the smaller parts at Stonehenge, relatively speaking: they still weigh two to four tons each. They're called the bluestones, and they came all the way from western Wales. Chemical analysis has even matched some of them to two particular quarries on the northern slopes of the Preseli Hills.
One, an outcrop called Carn Goedog, seems to have supplied most of the bluish-gray, white-speckled dolerite at Stonehenge. And another outcrop in the valley below, Craig Rhos-y-felin, supplied most of the rhyolite. University College London archaeologist Michael Parker Pearson and his colleagues have spent the last eight years excavating the ancient quarry sites, and that work has revealed some new information about the origins of Stonehenge.
Two months ago, Qualcomm held the Snapdragon Tech Summit in Hawaii. That's where the company talked for two days about how the Snapdragon X50 modem would usher in the era of 5G mmWave. That was all for this year, and while there still isn't a single product readily for sale with the X50 modem, Qualcomm is already talking about its 5G solution for next year.
Today, Qualcomm announced its "second-generation 5G solution," the Snapdragon X55 5G modem. To go along with the new modem is a new 5G mmWave RF antenna called the QTM525, which obsoletes the QTM052 the company was pairing with the X50 modem. Overall, it's a faster, smaller, and more-compatible version of Qualcomm's 5G chip solution. We tore into Qualcomm's first-generation 5G parts after Qualcomm's big tech show, and while these "second-generation" components don't really address the issues raised in that article, they are a step in the right direction.
Qualcomm says these new chips won't be out until "late 2019." That means the X50 and QTM052 will still be filling smartphones and sucking down batteries for the majority of 2019. With Mobile World Congress happening at the end of February, a bunch of OEMs are going to announce 5G hardware this week and next week, and those devices should run previously announced X50 hardware. The X55 is more like "Next year's 5G hardware," but Qualcomm likes to talk about these things a year in advance.
The US Food and Drug Administration issued an alert Tuesday, February 19, warning older consumers against seeking infusions of blood plasma harvested from younger people. Despite being peddled as anti-aging treatments and cures for a range of conditions, the transfusions are unproven and potentially harmful.
In a statement, FDA Commissioner Scott Gottlieb and the director of FDA's Center for Biologics Evaluation and Research, Peter Marks, wrote:
Simply put, we're concerned that some patients are being preyed upon by unscrupulous actors touting treatments of plasma from young donors as cures and remedies.
Establishments in several states are now selling young blood plasma, which is the liquid portion of blood that contains proteins for clotting. The sellers suggest that doses of young plasma can treat conditions ranging from normal aging and memory loss to dementia, Parkinson's disease, multiple sclerosis, Alzheimer's disease, heart disease, or post-traumatic stress disorder, according to the FDA.
Electronic Arts is opting all users out of the "real name sharing" option on its Origin gaming service following complaints that some users may have been entered into the program without their consent.
The option to "show my real name on my profile" (as opposed to just sharing an online handle) is buried in the privacy settings for every EA Origin account, as it is for many other gaming networks. But Randi Lee Harper, the founder of the nonprofit Online Abuse Prevention Initiative, recently noted in a Twitter thread that her real name was being shared via the account without any opt-in.
Harper said anecdotal reports and spot checks of others with Origin accounts showed that the setting "has been seemingly randomly enabled" for a number of other Origin users. Accounts created between 2013 and 2015 seem to have more likelihood of having the option enabled by default, Harper said, but she added that she "can't find any kind of commonality in the data. It seems so random." (New accounts created today default the real name sharing to be off.)
Most of the major Hollywood movie studios are trying to cripple multiple alleged pirate TV services with a single lawsuit.
The studios last week filed a copyright infringement suit against Omniverse One World Television Inc., which provides streaming video to several online TV services. Omniverse claims to have legal rights to the content, but the studios say it doesn't.
The complaint was filed Thursday in US District Court for the Central District of California by Columbia Pictures, Disney, Paramount Pictures, 20th Century Fox, Universal, and Warner Bros. The studios previously used lawsuits to shut down the maker of a streaming device called the Dragon Box and another called TickBox. The studios' new lawsuit says that Omniverse supplied content to Dragon Box and to other alleged pirate services that are still operating.
Greetings, Arsians! Courtesy of our friends at TechBargains, the Dealmaster is back with another round of deals to share. Today's list is headlined by a discount on the current-gen model of Lenovo's ThinkPad X1 Carbon notebook, which is down to $1,063 at Lenovo with the code "THINKPRESDAY." And yes, the coupon has to be in ALL CAPS for it to work.
Lenovo's on-site prices tend to fluctuate wildly, but the X1 Carbon typically goes for around $1,400, making this good for a roughly $340 discount. As of this writing, Lenovo is telling users to apply the code "THINKPRESIDENT," but the code above actually cuts the price by another $75 or so. Why? No clue, but the Dealmaster isn't complaining.
As for the X1 Carbon itself, it's great. You can check out our review for a full rundown, but in short, we said it ticked all the necessary boxes for a high-end Ultrabook. It's not a convertible, and there's no 4K option, but it performs well, gets good battery life, and has the necessary Thunderbolt 3 ports without ditching legacy ports like USB-A or HDMI. It's sufficiently thin (0.63 inches), light (2.49 pounds), and well-made, and its keyboard, as is typical of a ThinkPad, is excellent. Its big downside is that it's relatively expensive, but that's obviously negated here.
Users can generate false faces, using artificial intelligence.
BioWare, the developer responsible for Mass Effect and Dragon Age, has returned with its first new series in over a decade, Anthem. It's a pretty big departure for the RPG-heavy studio: a jetpack-fueled, action-first online "looter-shooter." And after a disastrous demo launched weeks ago, we wondered whether we'd even get a playable game.
The good news is that we did, and at its best, Anthem feels brilliant, beautiful, and thrilling. At its worst, though, this is a stuttering, confusing, heartbreaking mess of an action game.
The good stuff Anthem ultimately offers—artistic design, BioWare-caliber plot, and that freakin' Iron Man feeling—fails to coalesce. Players are expected to log in again and again for missions with friends in true "online shared shooter" style (à la Destiny and Warframe), but the game's inherent structure makes this basic loop difficult to pull off.
Last week, The Verge got a reminder about the power of the Streisand effect after its lawyers issued copyright takedown requests for two YouTube videos that criticized—and heavily excerpted—a video by The Verge. Each takedown came with a copyright "strike." It was a big deal for the creators of the videos, because three "strikes" in a 90-day period are enough to get a YouTuber permanently banned from the platform.
T.C. Sottek, the Verge's managing editor, blamed lawyers at the Verge's parent company, Vox Media, for the decision.
"The Verge's editorial structure was involved zero percent in the decision to issue a strike," Sottek said in a direct message. "Vox Media's legal team did this independently and informed us of it after the fact."
Windows 7 and Windows Server 2008 users will imminently have to deploy a mandatory patch if they want to continue updating their systems, as spotted by Mary Jo Foley.
Currently, Microsoft's Windows updates use two different hashing algorithms to enable Windows to detect tampering or modification of the update files: SHA-1 and SHA-2. Windows 7 and Server 2008 verify the SHA-1 patches; Windows 8 and newer use the SHA-2 hashes instead. March's Patch Tuesday will include a standalone update for Windows 7, Windows Server 2008 R2, and WSUS to provide support for patches hashed with SHA-2. April's Patch Tuesday will include an equivalent update for Windows Server 2008.
The SHA-1 algorithm, first published in 1995, takes some input and produces a value known as a hash or a digest that's 20 bytes long. By design, any small change to the input should produce, with high probability, a wildly different hash value. SHA-1 is no longer considered to be secure, as well-funded organizations have managed to generate hash collisions—two different files that nonetheless have the same SHA-1 hash. If a collision could be generated for a Windows update, it would be possible for an attacker to produce a malicious update that nonetheless appeared to the system to have been produced by Microsoft and not subsequently altered.
An 86-year-old's thank you note, shared on social media, spurs similar stories of kindness
An Instagram post featuring the image has since been taken down.
During the last 15 years, the US Congress has authorized budgets totaling $46 billion for various NASA deep-space exploration plans. By late summer, 2020, that total is likely to exceed $50 billion, most of which has been spent on developing a heavy-lift rocket and deep-space capsule that may carry humans into deep space.
In a new analysis that includes NASA's recently approved fiscal year 2019 budget, aerospace analyst Laura Forczyk found that, of this total, NASA has spent $16 billion on the Orion capsule, $14 billion on the Space Launch System rocket, and most of the remainder on ground systems development along with the Ares I and Ares V rockets.
For all of this spending on "exploration programs" since 2005, NASA has demonstrated relatively little spaceflight capability. The Ares I launch vehicle flew one time, in 2009, to an altitude of just 40km. (It had a dummy upper stage and fake capsule). The Ares project, as part of NASA's Constellation Program, would be abandoned the next year, as it was behind schedule and over budget. Later, in 2014, NASA launched an uncrewed version of its Orion spacecraft on a private rocket to an altitude of 3,600km. The first flight of the new SLS rocket, again with an uncrewed Orion vehicle, may occur in 2021.
Gene editing has been in the news lately due to an ethically reckless experiment in which human embryos were subjected to an inefficient form of gene editing. The subjects, now born, gained uncertain protection from HIV in exchange for a big collection of potential risks. A large number of ethicists and scientists agreed that this isn't the sort of thing we should be using gene editing for.
That response contains an implicit corollary: there are some things that might justify the use of gene editing in humans. Now, a series of papers looks at some reasonable use cases in mice and collectively finds that the technology really isn't ready for use yet.Use cases
Gene editing will likely always come with a bit of risk; when you're cutting and pasting DNA in millions of cells, extremely rare events can't be avoided. So the ethical questions come down to how we can minimize those risks and what conditions make them worth taking.
Capturing carbon emissions before they enter the atmosphere is a white whale for the fossil fuel industry.
In theory, if a power plant or a factory could easily eliminate carbon emissions by filtering them out of flue gas, the plant would be able to pursue business as usual with some simple retrofits—no threat of future regulations mandating lower emissions, no push to switch to completely new technologies.
The problem is that carbon capture is energy-intensive and expensive, it doesn't capture all the carbon dioxide being released, and it's not always clear what to do with the gas after it's captured. (The current best option is to find underground caverns in which the carbon can be stored, or sell the CO2 to older oil fields for enhanced oil recovery.)