Google's Nest smart home brand is in hot water this week after news surfaced (via Daring Fireball) that its home security system, Nest Secure, shipped with an undisclosed microphone. Google activated the microphone earlier this month for Google Assistant functionality, but that meant the device sat in users' homes for up to a year as an unknown potential listening device.
Nest Secure launched last year as a $500 home security system. It's just a collection of door, window, and motion sensors, along with a small desktop box that acts as a hub for the devices and a security code keypad. It has a speaker for alarms and other sounds, but it isn't something you would ever expect to have a microphone.
Google gave a statement to Business Insider yesterday, saying, “The on-device microphone was never intended to be a secret and should have been listed in the tech specs. That was an error on our part.” According to the company, "the microphone has never been on and is only activated when users specifically enable the option.”
In a console industry first, Paradox Interactive and Microsoft are allowing Xbox One players to get direct access to game modifications created on the PC without any pre-approval from the console maker or publisher.
This isn't the first time players have been able to add their own modified content to a console game. Bethesda enabled Fallout 4 mods on Xbox One back in May 2016 and on PlayStation 4 months later. Paradox itself followed with a similar modding program for the Xbox One version of Cities: Skylines early last year.
But the player-made mods made available on those and other console games in the past had one major distinction from their PC cousins: they had to be individually and manually approved by the platform holder and game publisher for potential content and security issues.
Tesla announced Wednesday that it is replacing general counsel Dane Butswinkas, who had been on the job for only two months. Tesla Legal Vice President Jonathan Chang will take the job.
The groundbreaking electric carmaker has suffered a number of senior executive departures in the last couple of years—and some were of surprisingly short tenure. Last September, Chief Accounting Officer Dave Morton announced that he was leaving after less than a month on the job.
Tesla short-sellers have revelled in this kind of news. Especially last year, as Tesla was struggling to ramp up Model 3 production and Musk was dealing with the fallout from several self-inflicted problems, critics portrayed each departure as the latest sign that rats were fleeing a sinking ship.
A new report from Bloomberg's Mark Gurman suggests that Apple is serious about combining apps across the iOS and macOS App Stores. The iPhone maker is reportedly planning on expanding Project Marzipan, a multistep initiative that will allow developers to create one app that works across iPhone, iPad, and Mac devices. Apple may reveal the first steps of this program as early as June 2019 at its annual Worldwide Developers Conference.
We first heard about Marzipan back in 2017, but this is the first hint of Apple's tentative schedule for its rollout and application. The company may debut an SDK later this year that will allow developers to port iPad apps to Mac computers. While developers will still have to submit two separate apps to the iOS App Store and the Mac App Store, the SDK reportedly makes it so developers only have to write the underlying code once.
By next year, Apple plans to expand the SDK to include iPhone apps, meaning developers could port iPhone apps to Macs in the same way. By 2021, developers may be able to merge iPhone, iPad, and Mac apps, creating one application that works across all of those Apple devices (what the report calls a "single binary"). At this stage, developers will not have to submit multiple versions of apps to different app stores—and Apple may be able to merge its separate stores into one all-encompassing app store.
The decision comes after social media use by soldiers raised national security issues.
WinRAR, a Windows file compression program with 500 million users worldwide, recently fixed a more than 14-year-old vulnerability that made it possible for attackers to execute malicious code when targets opened a booby-trapped file.
The vulnerability was the result of an absolute path traversal flaw that resided in UNACEV2.DLL, a third-party code library that hasn’t been updated since 2005. The traversal made it possible for archive files to extract to a folder of the archive creator’s choosing rather than the folder chosen by the person using the program. Because the third-party library doesn’t make use of exploit mitigations such as address space layout randomization, there was little preventing exploits.
Researchers from Check Point Software, the security firm that discovered the vulnerability, initially had trouble figuring out how to exploit the vulnerability in a way that executed code of their choosing. The most obvious path—to have an executable file extracted to the Windows startup folder where it would run on the next reboot—required WinRAR to run with higher privileges or integrity levels than it gets by default.
There's a new meteorologist on Mars. Although NASA's InSight spacecraft landed on the red planet late in 2018 to measure the planet's geology—primarily by listening for Mars quakes—it also brought some sophisticated meteorology equipment with it.
The space agency has set up a website to share that information, which includes not only daily high and low temperatures but also unprecedented hourly data on wind speed, direction, and air pressure for InSight's location near the equator in Elysium Planitia. "We thought it was something that people might have some fun with," Cornell University's Don Banfield, who leads InSight's weather science, told Ars.
Other spacecraft have brought comparable temperature and wind sensors to Mars before, but none have carried such a precise air pressure sensor. The new sensor is 10 times more sensitive than any previous instrument because InSight needs to detect slight movements in the Martian ground, and from such movements infer details about the red planet's interior. For this, weather matters.
In a table of 77 countries, the UK ranked 35th for download speeds, a report finds.
The time loop is pretty much a classic science fiction trope, thanks in large part to the enormous success of the 1993 film Groundhog Day. It's been used so often, in fact, that it's challenging to come up with a fresh take. But the Netflix series Russian Doll and the new film Happy Death Day 2 U manage to do just that, giving us time loops with a multiverse twist.
Wikipedia has amassed an impressive list of films featuring time loops: 49 so far, and that's not counting TV shows, like The X-Files episode "Monday" (in turn referenced on a Buffy the Vampire Slayer episode, "Life Serial"). The earliest film dates back to 1933: Turn Back the Clock, in which a tobacconist named Joe is killed in a hit-and-run and wakes up 20 years earlier. But it's not a true time loop tale, having more in common with It's a Wonderful Life.
A 1987 Russian film, Zerkalo dlya geroya (Mirror for a Hero), does have a lot of the key elements in place. But the real original source material is probably Richard A. Lupoff's 1973 short story, "12:01 PM," adapted into an Oscar-nominated short film in 1990 and a full-length feature in 1993—the same year Groundhog Day came out. (Lupoff definitely noticed the similarities and considered suing for plagiarism, but eventually dropped the idea.) It's pretty much been a sci-fi mainstay ever since.
Passwords stored in RAM could lead to theft, but the report has to be considered in a risk-based context.
A deceptively simple malware attack has stolen a wide array of credentials from thousands of computers over the past few weeks and continues to steal more, a researcher warned on Tuesday.
The ongoing attack is the latest wave of Separ, a credential stealer that has been known to exist since at least late 2017, a researcher with security firm Deep Instinct said. Over the past few weeks, the researcher said, Separ has returned with a new version that has proven surprisingly adept at evading malware-detection software and services. The source of its success: a combination of short scripts and legitimate executable files that are used so often for benign purposes that they blend right in. Use of spartan malware that's built on legitimate apps and utilities has come to be called "living off the land," and
The latest Separ arrives in what appears to be a PDF document. Once clicked, the file runs a chain of other apps and file types that are commonly used by system administrators. An inspection of the servers being used in the campaign show that it, so far, has collected credentials belonging to about 1,200 organizations or individuals. The number of infections continues to rise, which indicates that the spartan approach has been effective in helping it fly under the radar.