Copy Link
Add to Bookmark
Report
Atari Online News, Etc. Volume 17 Issue 11
Volume 17, Issue 11 Atari Online News, Etc. March 13, 2015
Published and Copyright (c) 1999 - 2015
All Rights Reserved
Atari Online News, Etc.
A-ONE Online Magazine
Dana P. Jacobson, Publisher/Managing Editor
Joseph Mirando, Managing Editor
Rob Mahlert, Associate Editor
Atari Online News, Etc. Staff
Dana P. Jacobson -- Editor
Joe Mirando -- "People Are Talking"
Michael Burkley -- "Unabashed Atariophile"
Albert Dayes -- "CC: Classic Chips"
Rob Mahlert -- Web site
Thomas J. Andrews -- "Keeper of the Flame"
With Contributions by:
Fred Horvat
To subscribe to A-ONE, change e-mail addresses, or unsubscribe,
log on to our website at: www.atarinews.org
and click on "Subscriptions".
OR subscribe to A-ONE by sending a message to: dpj@atarinews.org
and your address will be added to the distribution list.
To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE
Please make sure that you include the same address that you used to
subscribe from.
To download A-ONE, set your browser bookmarks to one of the
following sites:
http://people.delphiforums.com/dpj/a-one.htm
Now available:
http://www.atarinews.org
Visit the Atari Advantage Forum on Delphi!
http://forums.delphiforums.com/atari/
=~=~=~=
A-ONE #1711 03/13/15
~ World's Oldest Dot-com ~ People Are Talking! ~ Facebook Bug Bounty!
~ Epsilon Hackers Busted ~ "Killer" USB Drives! ~ Uncharted 4 Delayed!
~ Story of Yars' Revenge ~ Facebook Gender Option ~ Tails 1.3 Is Released!
~ Feds Halt Email System ~ PSN Attacked Every Day ~ Chrome Beta 42 Notes
-* NSA Sued Over Online Snooping *-
-* Microsoft Patches Old Stuxnet Flaw! *-
-* Google System Targets "Unwanted Software"! *-
=~=~=~=
->From the Editor's Keyboard "Saying it like it is!"
""""""""""""""""""""""""""
Happy Friday the 13th - for the second time within a month! How often
can you use that greeting?
Well, I have to admit that I enjoyed the one day this past week in which
the temperatures were well above "normal" - in the 50's! It was beautiful,
albeit short-lived. The ice dams on my roofs are finally gone; the snow
in the yard has melted/packed down to around two feet (started off at 5-6
feet!); and I can actually see some patches of what is supposed to be my
lawn! As long as we don't fall back into that bone-chilling cold pattern,
I'll be fairly happy. And, I certainly don't want to see any more snow
(let them have more in Boston if they want to break the record - just let
it stay down there!).
St. Patrick's Day is coming up shortly - looking forward to an attempt to
cook some corned beef and cabbage! Why not - everyone's Irish at this time
of the year, so we may as well enjoy ourselves!
So, while I continue to think of my menu, I'll let you work on your
appetite with another edition of A-ONE!
Until next time...
=~=~=~=
->In This Week's Gaming Section - Sony PlayStations Uncharted 4' Delayed!
""""""""""""""""""""""""""""" PSN Attacked 'Literally Every Day'!
The Story of Yars' Revenge!
And more!
=~=~=~=
->A-ONE's Game Console Industry News - The Latest Gaming News!
""""""""""""""""""""""""""""""""""
Sony PlayStations Uncharted 4' Delayed to Spring 2016
Sony PlayStation has delayed the release of Uncharted 4: A Thiefs End
to spring 2016 the same year that Sony Pictures plans to release the
first film based on the popular videogame franchise.
PlayStation had originally been eyeing a holiday 2015 release, but its
developer Naughty Dog requested more time to finish the next installment
of the Uncharted series. The third was released in 2011.
Since we showed you our first gameplay reveal of Uncharted 4: A
Thiefs End, more of the game and story have come together, and its
become clear to us that this game is much more ambitious than we
originally envisioned, wrote Uncharted 4? directors Bruce Straley and
Neil Druckmann in a Sony PlayStation blog post on Wednesday.
The new release strategy will actually benefit PlayStations sister
company, Sony Pictures, given that the studio has dated its Uncharted
film for June 10, 2016.
Moving the release date of the game by a few months was a difficult
choice for Straley and Druckmann, but after spending so many years with
Nathan Drake, he means a lot to the team, and telling the climactic
chapter of his adventures is a task we dont take lightly this game
deserves every bit of the attention to detail, precise pacing, and
nuanced storytelling Naughty Dog is known for, they added. Giving us a
few extra months will make certain that Uncharted 4: A Thiefs End not
only meets the teams high standards but the high standards that gamers
have come to expect from a Naughty Dog title.
The games biz has been looking forward to Uncharted 4, given that the
title will be the first in the franchise to launch on the PlayStation 4.
The title certainly looks ambitious, with the games graphics pushed to
levels previously not seen in prior installments.
Uncharted 4? will take place three years after Uncharted 3: Drakes
Deception and force the games hero and treasure hunter Nathan Drake out
of retirement to locate a lost pirate colony.
Shuhei Yoshida: PSN Attacked 'Literally Every Day'
President of Sony's Worldwide Studios Shuhei Yoshida recently spoke about
DDoS (Distributed Denial of Service) attacks on PlayStation Network and
the surprising frequency at which they occur.
At GDC this week, Yoshida told Game Informer that PSN is attacked
"literally every day" and that Sony is working diligently to combat each
effort.
"We are always always working against these attacks," Yoshida said.
"Actually, an attack happens every day. Literally every day. Some days are
bigger and some days smaller. Some days they devise new means, new ways -
it's like cat and mouse. We have a partner company we work with, and we
always update the new ways the attacker might deploy, so it is a constant
battle."
Last year, on December 25, both PSN and Xbox Live were knocked offline due
to large scale DDoS attacks.
Earlier this week, Head of Xbox Phil Spencer called the Christmas Day
attacks a "learning experience".
Sony, Microsoft & Nintendo Are Having Conversations About DDoS Attacks
As we all remember, these past Christmas holidays brought a DDoS attack on
the PlayStation Network, which made the service virtually unusable. At the
same time this was going on, Xbox Live was suffering a DDoS attack,
impacting their online functions as well.
At the Game Developers Conference this week, Game Informer sat down with
Xbox Boss Phil Spencer, where he revealed that Microsoft, Sony, and
Nintendo are having conversations and working together when it comes to
protecting against these attacks:
I dont think its great when PSN goes down. It doesnt help me. All it
does is put the fear and distrust from any gamer thats out there, so I
look at all of us together as this is our collective opportunity to share
what we can about what were learning and how things are growing. Those
conversations happen, which I think is great.
Spencer didnt go into any further detail, only adding that the holiday
downtime was a big learning experience for Microsoft.
=~=~=~=
->A-ONE Gaming Online - Online Users Growl & Purr!
"""""""""""""""""""
The Story of Yars' Revenge Is A Journey Back to A Lost World of Video Games
There is always a moment when the presenter will look back at the time
when their particular classic game was made and say something along the
lines of "crazy, crazy days."
We all know that, in the past, they do things differently. But there is
one section of game-making history that is so outlandishly different from
everything that came after that it takes on the quality of fantasy. The
age of the Atari 2600 is a such foreign country to us, it makes later
"golden eras" seem positively humdrum.
Howard Scott Warshaw's GDC look back at his 1982 hit Yars' Revenge offered
a window into a lost world of gaming that glows for us, like a
daguerreotype in moonlight.
This single-screen game of his is not some daffy adventure beloved of
crusty collectors and nostalgists. Yars'Revenge, a side-ways Space
Invaders-meets-Breakout with touches of Asteroids, was the most
successful non-license game on the Atari 2600, a console that sold around
30 million units.
Prior to making this game, Warshaw had zero experience in game
development. His main qualification was that he had "read the programming
manual" for the 2600. He was motivated to work for Atari by a deep
loathing of his job as a coding zombie at Hewlett-Packard.
But once he landed a job at Atari and began creating the game, he
understood that a programmer could create a work of art, and enjoy the
peculiar game developer thrill of watching other people enjoy that art.
This was what he wanted.
Yars' Revenge was coded with 4K bytes of ROM and 128 bytes of RAM. By way
of contrast, the sound alone in 1982 arcade hit Robotron used a similar
amount of memory.
Warshaw had trained as an economist. Looking back, he said, this was more
valuable to him than his knowledge of programming. In an economy of
scarcity, he understood how to make everything count.
Here's an insight into just how daft those days were. Warshaw was given
the task of converting arcade game Star Castle to the 2600. He thought
the idea of converting that game to a console would suck, and he said so
to his boss. They might just as well make a new game from scratch. Sure,
the boss said, why not.
Now try to imagine that conversation going down in the meeting rooms of
2015.
It is literally made out of code
Yars' Revenge features an insectoid space ship (Yar) ranged against an
enemy ship (Qotile), encased in a defensive barricade. Yar avoids nasty
missiles while shooting at, or nibbling the shield. This nibbling powers
up a super weapon that can be used to destroy the Qotile, which itself
powers up and attacks Yar from time-to-time.
There is an ion strip down the center of the screen. It is literally made
out of code.
In its time, the game did things that were new. There was no on-screen
frame to encase the action. There was no on-screen running score. The
game featured an Easter egg that was part of its marketing. It was based
on an elaborate back-story which included a comic-book.
This is all very interesting, especially if you enjoy those Wild West
aspects of the time. But firsts were very much in the air, back in the
world of 1981 video game development. You could hardly move without
bumping into one.
There are a couple of stories that Warshaw shared that manage to both
speak of that time, and offer lessons for today.
Firstly, he admitted that his initial run at developing the game did not
go well. "The control scheme sucked," he recalled. The problem was in
trying to maneuver the ship while controlling the weapon. People who
played the early builds found it irksome and difficult. But instead of
trying to fix this particular problem, he changed the entire game. This
was where the nibbling mechanic was born. You powered up the weapon by
on-screen movement, instead of hitting a button on your controller.
The other story is more about managing hierarchies. Once an Atari game
was completed, the usual form was to hand it over to the marketing team,
who would weave their own particular web of magic, including giving the
game a name. Then, as now, the magic of marketing wasn't very magical.
"They would always end up calling the game Rock Fight or Car Drive or
some two-word name like that," he said. "They all sounded stupid."
It is well known now that Yars' Revenge was named by Warshaw, that the
name is an inverse of then-Atari chief Ray Kassar (Ray = Yar). Warshaw's
fiction for the game includes a planet called Razak. "I always wanted to
add a word to the language," said Warshaw. "I liked secret messages and
hidden ideas."
I trusted that the marketing guy, when sworn to secrecy, would blab
Less well known is the story of how Warshaw managed to persuade Atari's
marketing team to agree to use a name like Yars' Revenge. The truth is,
he tricked them. The story illuminates the weirdness of the time, while
offering inspiration to those creators at the mercy of marketing goons.
Warshaw told one of the marketing guys he wanted to pitch this name,
'Yars' Revenge.' The marketing dude was like, "OK sure, I'll talk to the
team." Warshaw knew it wouldn't fly, so he said to the marketing dude,
"It's based on Ray's name, but you must keep this a secret as I would
not want to influence the decision." Warshaw did not mention that Ray
Kassar had no notion of this game name. It was enough that the
marketing guy thought Ray had sanctioned the idea.
"I trusted that the marketing guy, when sworn to secrecy, would blab,"
said Warshaw. Sure enough, the marketing team decided that "Yars'
Revenge" would be a splendid name. Only later did Kassar find out.
After Yars' Revenge came out, and was a hit, Warshaw became Atari's feted
developer. He worked on the important Raiders of the Lost Ark game, and
did a good job. He met with Steven Spielberg. (All this is recounted in
the excellent documentary Atari: Game Over.)
Warshaw then wanted to work on a sequel to Yars, but Atari had other
ideas. They needed him to knock out a game for the holidays. That game
was E.T.
During his presentation, Warshaw made a few jokes about E.T. but there
was one moment when he asked the audience how many had actually played
the game. A lot of hands went up. (Rare is the game developer who can
count on a room full of people having played his or her game, 30-odd
years after its release.)
He then asked the audience how many thought it was the worst game they
had ever played. Not one hand was raised.
Warshaw's reputation as an important game developer has been somewhat
resurrected by last year's E.T. dig and by Atari: Game Over. He now works
as a successful psychotherapist in Silicon Valley. But I wondered how it
had been for him, all these years, having made one of the most successful
games ever, a model of innovation and creativity, and yet to be
remembered for a game, rushed out by commercial folly? After the
presentation, I asked him this question.
"The truth is, I never saw it as such a horrible game," he said. "But I
never argued with people who did. They are entitled to their opinion. I
will say this, though ... I always saw games as a broadcast medium. To
me, the point of media is to generate social discourse in whatever
direction. The idea that 30 years later we are still talking about it...
well, that feels like a great success to me. How many other 2600 games
are still in the media spotlight?"
It is good that games like Yars' Revenge are being talked about, as well
as games like E.T.
=~=~=~=
A-ONE's Headline News
The Latest in Computer Technology News
Compiled by: Dana P. Jacobson
US Lawsuit Challenges Legality of NSA Online Snooping
A lawsuit filed Tuesday by the operator of Wikipedia and other
organizations challenges the US government's mass online surveillance
programs, claiming that tapping into the Internet "backbone" is illegal.
The lawsuit was filed in Maryland federal court by the Wikimedia
Foundation, Amnesty International USA, Human Rights Watch and other
organizations.
It said the effort by the National Security Agency and other intelligence
services "exceeds the scope of the authority that Congress provided" and
violates US constitutional guarantees.
"We're filing suit today on behalf of our readers and editors
everywhere," said Jimmy Wales, founder of Wikipedia, in a statement.
"Surveillance erodes the original promise of the Internet: an open space
for collaboration and experimentation, and a place free from fear."
The lawsuit claims that by tapping into the Internet backbone, "the NSA
is seizing Americans' communications en masse while they are in transit,
and it is searching the contents of substantially all international
text-based communications," effectively sweeping up data of many people
unrelated to the effort to thwart terrorism.
"Rather than limit itself to monitoring Americans' communications with
the foreign targets, the NSA is spying on everyone, trying to find out
who might be talking or reading about those targets," said Patrick Toomey
of the American Civil Liberties Union, which is representing the
organizations.
"As a result, countless innocent people will be caught up in the NSA's
massive net."
The lawsuit argues that based on documents leaked by former NSA
contractor Edward Snowden, the NSA intercepts virtually all Internet
communications flowing across the network of high-capacity cables,
switches, and routers that make up the Internet backbone.
Also joining the suit are The National Association of Criminal Defense
Lawyers, Pen American Center, Global Fund for Women, The Nation Magazine,
The Rutherford Institute, and Washington Office on Latin America.
The defendants include the NSA and chief Michael Rogers, the office of
the Director of National Intelligence and its chief James Clapper, and
US Attorney General Eric Holder.
There was no immediate comment from US officials on the case.
A similar lawsuit was filed last year by the Electronic Frontier
Foundation.
State Dept. Temporarily Halting Parts of Email System
The Department of State is temporarily crippling part of its main
unclassified email system to boost security, according to a statement
released Friday.
The agency is taking the action in order to rid the system of malware
introduced by suspected Russian hackers, tweeted ABC digital reporter
Justin Fishel shortly before 4 p.m. EDT.
But a statement released by the agency addressed the issue in more
general terms.
"As a part of the Department of State's ongoing effort to ensure the
integrity of our unclassified networks against cyber attacks, the
Department is implementing improvements to the security of its main
unclassified network during a short, planned outage of some
internet-linked systems," the statement read.
It continued, "There has been no compromise of any of the Department's
classified systems, nor of our core financial, consular and human resource
systems."
Shortly after 4 p.m. EDT, Fishel tweeted that large parts of the system
could remain down throughout the weekend.
Friday's revelations come in the wake of controversy over the use of
personal email accounts for work business by former U.S. Secretary of
State Hillary Clinton.
Earlier this week, news reports indicated that suspected Russian hackers
have threatened the integrity of the State Department's email system for
the last year.
Feds Indict Three in 2011 Epsilon Hack
U.S. federal prosecutors in Atlanta today unsealed indictments against two
Vietnamese men and a Canadian citizen in connection with whats being
called one of the largest reported data breaches in U.S. history. The
government isnt naming the victims in this case, but all signs point to
the 2011 hack of Texas-based email marketing giant Epsilon.
The government alleges the defendants made more than $2 million blasting
out spam to more than one billion email addresses stolen from several
email service providers (ESPs), companies that manage customer email
marketing on behalf of major corporate brands. The indictments further
allege that the men sent the junk missives by hijacking the email servers
used by these ESPs.
This case reflects the cutting-edge problems posed by todays cybercrime
cases, where the hackers didnt target just a single company; they
infiltrated most of the countrys email distribution firms, said Acting
U.S. Attorney John Horn. And the scope of the intrusion is unnerving,
in that the hackers didnt stop after stealing the companies proprietary
datathey then hijacked the companies own distribution platforms to send
out bulk emails and reaped the profits from email traffic directed to
specific websites.
To be clear, prosecutors havent specifically outed Epsilon as the
victim, nor did they name any of the other email service providers (ESPs)
allegedly harmed by the defendants. But a press release issued today
Horns office states that the data breach into certain ESPs was the
subject of a congressional inquiry and testimony before a U.S House of
Representatives subcommittee on June 2, 2011.
That date aligns with a June 2, 2011 House Energy and Commerce Committee
panel on the data breaches at Sony and Epsilon. Epsilon officials could
not be immediately reached for comment.
Update: Epsilon confirmed that it is among the victims in this case. See
the end of this story for their full statement.
Original story:
In early April 2011, customers at dozens of Fortune 500 companies began
complaining of receiving spam to email addresses theyd created
specifically for use with those companies. On April 2, 2011, Epsilon
started notifying consumers that hackers had stolen customer email
addresses and names belonging to a subset of its clients.
Those clients were ESPs that send email to customers on behalf of some the
biggest firms in the world. Epsilon didnt name which ESPs were impacted,
but the voluminous complaints from consumers about spam indicated that
those ESPs served a broad range of major companies, including JP Morgan
Chase, U.S. Bank, Barclays, Kroger, McDonalds, Walgreens, and Honda, to
name but a few.
A scam web site that tried to sell copies of Adobe Reader.
As I noted in that April 2011 story, consumers had complained of received
junk email with links to sites that tried to sell versions of software
made by Adobe Systems Inc. Some of the sites reportedly even tried to
sell copies of Adobe Reader software that Adobe gives away for free.
Sure enough, the men indicted today are accused of hacking into a major
ESP to steal more than a billion email addresses, which they allegedly
used to promote knockoff versions of Adobe software (among other dubious
products).
Prosecutors in Atlanta today unsealed indictments against Viet Quoc Nguyen
and Giang Hoang Vu, both citizens of Vietnam who resided for a period of
time in the Netherlands. The government also unsealed an indictment
against David-Manuel Santos Da Silva, a Canadian citizen who was charged
with conspiring with Nguyen and others to launder the proceeds of
Nguyens alleged computer hacking offenses.
The government alleges that Nguyen used various methods including
targeted email phishing campaigns to trick recipients at email
marketing firms into clicking links to sites which attempted to exploit
browser vulnerabilities in a bid to install malicious software. For more
on those targeted attacks, see my Nov. 24, 2010 story, Spear Phishing
Attacks Snag E-Mail Marketers.
Nguyens phishing campaigns allegedly delivered malware, which allowed
him backdoor access to the ESP employees computer systems and enabled
him to steal sensitive information, including the employees access
credentials for the ESPs computer systems, the government alleged.
Using stolen access credentials, Nguyen was not only able to allegedly
steal confidential information by downloading the information from the
ESPs computer systems to a server that he controlled in the Netherlands,
but was also able to utilize the ESPs computer systems to launch spam
attacks on tens of millions of stolen email addresses.
Vu allegedly assisted in the spamming. Da Silva allegedly helped launder
the proceeds of the spam campaigns. Prosecutors say Da Silva ran an
affiliate marketing firm called Marketbay.com, and that through that
service he provided Vu and Nguyen a way to monetize their spam campaigns.
If recipients of the spam emails clicked through and paid for the products
advertised in the junk email, those customers would be directed through
Marketbays affiliate links. According to the government, Da Silva knew Vu
and Nguyen were using stolen email addresses and hijacked ESPs to drum up
sales, which prosecutors allege generated more than $2 million for the
men.
Vu was arrested by Dutch authorities in 2012 and was later extradited to
the United States. He has pleaded guilty to conspiracy to commit computer
fraud, and is slated to be sentenced in April 2015.
Da Silva was arrested in Ft. Lauderdale, Fla. on Feb. 12, and is expected
to make his first appearance today before a federal magistrate in Atlanta.
Nguyen is not in custody and remains a fugitive.
Epsilon confirms that it is among the victims of the cybercrime
referenced in the Department of Justices indictment unsealed on March 5
against three individuals for their roles in hacking email service
providers throughout the United States. We are pleased with the outcome
of the investigation carried out by the U. S. Secret Service and the
resulting indictment by the Department of Justice, and thank them for
bringing this criminal activity to prosecution. Data protection is,and
always has been, the top priority at Epsilon, and businesses and law
enforcement must work together to prevent this type of criminal
activity.
Microsoft Patches Old Stuxnet Flaw for New Attack Vectors
The Stuxnet worm was an exploit that was used against a nuclear facility
in Iran back in 2010, in part by taking advantage of a vulnerability in
Windows. The vulnerability that enabled Stuxnet was identified as
CVE-2010-2568, which was thought to have been patched by Microsoft in
October 2010. More than four years later, Hewlett-Packard's (HP) Zero
Day Initiative (ZDI) has discovered that the CVE-2010-2568 fix was not,
in fact, complete and the underlying vulnerability has remained
exploitable the whole time.
"CVE-2015-0096 is a vulnerability in the Microsoft Windows operating
system that allows remote attackers to execute arbitrary code by having
the target simply browse to a directory containing a malicious .LNK
file," Brian Gorenc manager of vulnerability research for HP Security
Research,"The patch for CVE-2010-2568 did not completely address the
issues present in the Windows Shell, and the weaknesses left are now
being resolved five years later as CVE-2015-0096."
For it's part Microsoft sees the issue in slightly different light. In
an email statement Microsoft stated that:
"This is a new vulnerability that required a new security update.
Microsoft released a comprehensive security fix in 2010 to address the
vulnerability the Stuxnet virus exploited. As technology is always
changing, so are the tactics and techniques of cybercriminals. It is an
unfortunate reality of todays interconnected world that some people and
organizations seek to disrupt technology and steal information for
nefarious purposes. We will continue to stand guard against any attempts
to exploit our products and do what is necessary to help further protect
our customers."
The Top Software Exploit of 2014?
The Stuxnet XP Flaw from 2010, Reckons HP
For cyber-attackers, the old flaws are still the best, according to HP's
Cyber Risk Report 2014 and it has a startling piece of evidence to back
up its claim the most commonly exploited software vulnerability for
last year was the infamous .lnk flaw in Windows XP made famous by Stuxnet
in the distant summer of 2010.
Designated CVE-2010-2568, this on its own accounted for a third of all
exploits the firm detected being used against its customers, just ahead
of the even older CVE-2010-0188, a flaw in Adobes Reader and Acrobat,
responsible for 11 percent of exploits.
The rest of the top-ten list was a rag-tag of mainly Java vulnerabilities
dating from 2012 and 2013 with one in Microsoft Office, CVE-2009-3129,
dating back to themists of September 2009.
As for the Stuxnet flaw, its use was no accident, a legacy of old exploits
criminals keep trying out of habit unlike most of the old
vulnerabilities its use in attacks actually grew throughout the year.
In contrast, the most targeted of the 30 popular flaws discovered in 2014
was last Februarys Internet Explorer 10 remote code execution zero day,
CVE-2014-0322, followed by CVE-2014-0307, also in IE. All of the other
top ten discovered during the year were in Flash, Firefox, Office and
Windows, meaning, HP suggests, that Java might finally be getting on top
of its security problems.
Many of the biggest security risks are issues weve known about for
decades, leaving organisations unnecessarily exposed, said HPs senior
VP of Enterprise Security Products, Art Gilliland.
HP didnt give absolute numbers for comparison but had calculated that
44 percent of flaws came from vulnerabilities that were between two and
four years old.
We cant lose sight of defending against these known vulnerabilities by
entrusting security to the next silver bullet technology; rather,
organisations must employ fundamental security tactics to address known
vulnerabilities and in turn, eliminate significant amounts of risk.
Overall, HPs Zero Day Initiative (ZDI) had dealt with a record number of
vulnerabilities during 2014, the firm said.
According to HP, the commonest non-Windows exploit was the Android Master
Key vulnerability, CVE-2013-4787, discovered in July 2013, which
accounted for one percent of all samples.
Google's Safe Browsing System Targets 'Unwanted Software'
Get ready to see more red warning signs online as Google adds ammunition
to its technological artillery for targeting devious schemes lurking on
websites.
The latest weapon is aimed at websites riddled with "unwanted software"
a term that Google uses to describe secretly installed programs that can
change a browser's settings without a user's permission. Those revisions
can unleash a siege of aggravating ads or redirect a browser's users to
search engines or other sites that they didn't intend to visit.
Google had already deployed the warning system to alert users of its
Chrome browser that they were about to enter a site distributing
unwanted software. The Mountain View, California, company just recently
began to feed the security information into a broader "safe browsing"
application that also works in Apple's Safari and Mozilla's Firefox
browsers.
All told, the safe browsing application protects about 1.1 billion browser
users, according to a Thursday blog post that Google Inc. timed to
coincide with the 26th anniversary of the date when Tim Berners-Lee is
widely credited for inventing the World Wide Web.
Microsoft's Internet Explorer doesn't tap into Google's free safe
browsing application. Instead, Explorer depends on a similar warning
system, the SmartScreen Filter.
Google's alerts about unwanted software build upon the warnings that the
safe browsing system has already been delivering for years about sites
infected with malware, programs carrying viruses and other sinister
coding, and phishing sites that try to dupe people into sharing
passwords or credit card information.
Whenever a potential threat is detected by the safe browsing system, it
displays a red warning sign advising a user to stay away. Google also is
demoting the nettlesome sites in the rankings of its dominant Internet
search engine so people are less likely to come across them in the first
place. Google disclosed Thursday that the safe browsing application has
been generating about 5 million warnings a day, a number likely to rise
now that unwanted software is now part of the detection system.
As it is, Google says it discovers more than 50,000 malware-infected
sites and more than 90,000 phishing sites per month.
The safe browsing application had gotten so effective at flagging malware
and phishing that shysters are increasingly creating unwanted software in
an attempt to hoodwink people, said Stephan Somogyi, Google's product
manager of safe browsing.
"The folks trying to make a buck off people are having to come up with
new stuff and that puts us in a position where we have to innovate to
keep pace with these guys," Somogyi said in an interview. "You are now
going to see a crescendo in our enforcement on sites that meet our
standard of having unwanted software."
Facebook Employees Can Access Your Account Without Password
Do you know that your Facebook account can be accessed by Facebook
engineers and that too without entering your account credentials? Recent
details provided by the social network giant show who can access your
Facebook account and when.
No doubt, Facebook and other big tech companies including Google, Apple
and Yahoo! are trying to keep their data out of reach from law
enforcement and spies agencies by adopting encrypted communication and
end-to-end encryption solutions in near future, but right now they have
access to your personal data, and at least few of their employees can
access it with one click.
Earlier this week, director at the record label Anjunabeats, Paavo
Siljamäki, brought attention to this issue by posting a very interesting
story on his Facebook wall. During his visit to Facebook office in LA, a
Facebook engineer logged into his Facebook account after his permission,
but the strange part they did it without asking him for the password.
Facebook even didnt notify Siljamäki that someone else accessed his
private Facebook profile, as the company does when your Facebook account
is accessed from any new device or from a different Geo-location.
Siljamäki got in contact with Facebook in order to know how many of
Facebook's staff have this kind of 'master' access to anyone's Facebook
account and when exactly they can access users private data, and also,
how would anyone know if his/her Facebook account has been accessed.
When the social network giant asked about how the employee got access to
users Facebook account without entering the account credentials,
Facebook issued the following statement:
"We have rigorous administrative, physical, and technical controls in
place to restrict employee access to user data. Our controls have been
evaluated by independent third parties and confirmed multiple times by
the Irish Data Protection Commissioners Office as part of their audit
of our practices."
The company didnt explain exactly who can access what, but it assured
its users that the accounts access is tiered and limited to specific job
function. The access to accounts are granted to most employees in order
to reply to a customer request for information or error report.
"Designated employees may only access the amount of information thats
necessary to carry out their job responsibilities, such as responding to
bug reports or account support inquiries," Facebook goes on explaining.
"We have a zero tolerance approach to abuse, and improper behavior
results in termination."
In short, the social network giant has a customer service tool that can
grant Facebook employees access to a users account. Facebook runs two
separate monitoring systems that generate weekly reports on suspicious
behavior which are then reviewed and analyses by two independent security
teams, specifically a selected group of employees.
Facebook gives a strict warning when hired employees to use this tool and
fired any employee directly who abuse it. So, you need not to worry about
Mark Zuckerberg accessing your account, unless you yourself ask Facebook
for help with something and have given permission.
Panda Antivirus Labels Itself As Malware, Then Borks Everything
Panda users had a bad hair day on Wednesday, after the Spanish security
software firm released an update that classified components of its own
technology as malign.
As a result, enterprise PCs running the antivirus software tied themselves
in something of a knot, leaving some systems either unstable or unable to
access the internet. A Panda spokesman confirmed the problem while
advising that the issue was well in hand.
"A bad update was published temporarily today [Wednesday] that resulted
in some system files being detected by the Panda engine, a replacement
update was promptly published removing the error and restoring the
wrongly quarantined files," a Panda representative told El Reg.
"At present we recommend NOT rebooting systems. This will allow us to
update the system with the amended update. This update will also restore
files previously detected," he added.
An official advisory on the problem says that the issue was limited to
Panda Cloud Office Protection, Retail 2015 products and Panda Free AV.
Users are strongly advised not to restart their computer until a fix is
available.
El Reg heard about the Panda slip-up via a tip from reader Austin, who
ought to be excused claiming overtime on the back of the problem.
"Dozens of installs of Panda Antivirus across multiple sites all just
detected components of itself as a virus, simultaneously," Austin
explained. "Perhaps 60 in total across five sites, out of an installed
base of around 300."
"If you let it disinfect 'the problem' with a reboot, you have no network
access post-reboot."
"Files we've seen 'detected' include psanmodrep.dll and alertsmanager.dll
both key components of Panda Antivirus itself," he added.
Users of Panda's antivirus took to Twitter to air their woes.
False positives involving antivirus updates have affected all vendors
from time to time.
The consequent problems are at their worst when Windows operating system
files are falsely classified as potentially malign and quarantined,
resulting in unusable Windows systems. Panda's auto-immune screw-up would
have caused comparable problems.
BBC Gives Children Mini-computers in Make It Digital Scheme
The BBC will be giving away mini-computers to 11-year-olds across the
country as part of its push to make the UK more digital.
One million Micro Bits - a stripped-down computer similar to a Raspberry
Pi - will be given to all pupils starting secondary school in the autumn
term.
The BBC is also launching a season of coding-based programmes and
activities.
It will include a new drama based on Grand Theft Auto and a documentary
on Bletchley Park.
The initiative is part of a wider push to increase digital skills among
young people and help to fill the digital skills gap.
The UK is facing a significant skills shortage, with 1.4 million "digital
professionals" estimated to be needed over the next five years.
The BBC is joining a range of organisations including Microsoft, BT,
Google, Code Club, TeenTech and Young Rewired State to address the
shortfall.
At the launch of the Make it Digital initiative in London,
director-general Tony Hall explained why the BBC was getting involved.
One of the BBC's 50 partners, Barclays, already runs coding sessions in
its branches
"This is exactly what the BBC is all about - bringing the industry
together on an unprecedented scale and making a difference to millions,"
he said.
"Just as we did with the BBC Micro in the 1980s, we want to inspire the
digital visionaries of the future. Only the BBC can bring partners
together to attempt something this ambitious, this important to Britain's
future on the world stage."
It is hoped that the Micro Bit will encourage children to get involved in
coding and programming.
The BBC Micro, launched in the 1980s, played a big role in making
computing mainstream but it was not without controversy.
The broadcaster's decision to link up with Acorn Computers angered Sir
Clive Sinclair as he prepared to launch a rival machine, the ZX Spectrum.
The BBC does not see Micro Bit as a rival to similar computing devices
such as Raspberry Pi, Arduino, Galileo and Kano, but rather hopes it will
act as a "springboard" to these more complex machines.
The tiny programmable machine is still a prototype and the BBC is working
with several partners, including chip-designer Arm, Microsoft and
Samsung, to get the end product right.
When it launches in September it will be compatible with three coding
languages - Touch Develop, Python and C++.
The device is tiny - fitting easily into the palm of a hand. Children
will be able to create text via a series of LED lights and they will also
be able to use it to create basic games.
The final version will have a Bluetooth link enabling it to be hooked up
to other devices such as a Raspberry Pi.
The Raspberry Pi Foundation is helping to develop learning resources for
it and the BBC is being careful not to repeat the mistakes of the BBC
Microcomputer launch, which angered rivals such as Sinclair.
BBC Learning's Gareth Stockdale, who is developing the device, said: "The
BBC's role is to bring focus to the issue, and then we will withdraw from
the market."
After the first million Micro Bits go out to schools, there will be no
more.
One day they might become a museum piece like the BBC Micro, which is now
housed at the National Museum of Computing at Bletchley.
As part of its Make it Digital programme, the BBC has also launched an
apprenticeship scheme for 5,000 young unemployed people to boost their
digital skills.
The scheme is the first of its kind to be developed in partnership with
the Department for Work and Pensions.
Radio 1, which is closely involved in the initiative, will offer
top-performing trainees the opportunity to go on to an apprenticeship at
the station.
The nine-week traineeship, which will include training from the BBC
Academy, aims to teach basic digital skills such as creating websites and
short videos for the web.
The BBC is also drawing on its vast vault of content to bring digital
content into shows such as Doctor Who, EastEnders and the One Show.
Radio 4 will have a series of programmes that look at the history of
coding, digital content and future technologies.
"With a dedicated season of programming on the BBC, 5,000 digital
trainees, one million children who take their first steps with a Micro
Bit, and a host of educational activity, we hope to inspire a new
generation to get creative with digital," said Jessica Cecil, controller
of Make it Digital.
Tails 1.3 Released
Tails 1.3 has been released.
Tails is a live system that aims to preserve your privacy and anonymity.
It helps you to use the Internet anonymously and circumvent censorship
almost anywhere you go and on any computer but leaving no trace unless
you ask it to explicitly.
It is a complete operating system designed to be used from a DVD, USB
stick, or SD card independently of the computer's original operating
system. It is Free Software and based on Debian GNU/Linux.
https://tails.boum.org/news/version_1.3/index.en.html
Chrome Beta 42 Adds Website Push Motifications,
Banners for Saving Web Apps to Android Home Screens
Google released Chrome 42 this week through its beta channel for Android,
Windows, Mac, Linux and Chrome OS. The latest Chrome beta previews a
couple of interesting features that make web apps more like native apps
including push notifications and saving web apps to your Android home
screen faster
Chrome 42 Beta allows web developers to support push notifications to
users through Googles web browser. Similar to Safari on OS X, push
notifications on Chrome require explicit user permission before being
turned on. But unlike Safari push notifications, Chrome will present a
somewhat unattractive but highly useful site settings link right on
each notification banner to allow users to easily opt out of future
alerts without having to actually find the correct settings menu to opt
out.
After the user has granted permission, a developer can use the new Push
API to remotely wake up their service worker using Google Cloud
Messaging. Once awake, the service worker may run JavaScript for a short
period but in this release it is required at minimum to show a
user-visible notification.
Specifically on the Android side, web developers can now promote their
high quality web apps to frequent site visitors with a new add to home
screen button. The banner will appear on the bottom of the web site and
allow users to save sites that meet eligibility criteria that ensure
that users have a good experience when launching sites from the home
screen, even when offline.
Aside from push notifications and better web app saving, Chrome 42 Beta
includes under-the-hood changes for developers as well. You can read
more about the latest version on the official Chromium blog.
Facebook Adds New Gender Option for Users: Fill in the Blank
Facebook users who don't fit any of the 58 gender identity options
offered by the social media giant are now being given a rather big 59th
option: fill in the blank.
"Now, if you do not identify with the pre-populated list of gender
identities, you are able to add your own," said a Facebook announcement
published online Thursday morning and shared in advance with The
Associated Press.
Facebook software engineer Ari Chivukula, who identifies as transgender
and was part of the team that made the free-form option, thinks the
change will lead to more widespread acceptance of people who don't
identify themselves as a man or woman.
"We're hoping this will open up the dialogue," Chivukula said.
Alison C.K. Fogarty, a gender identity researcher at Stanford University,
said giving users control over the words describing their gender is a
significant step in social recognition of a growing trans community,
especially coming from the world's largest social media company.
"People are still fighting to make room for gender identity within the
socially constructed binary of male and female," Fogarty said. "Labels
and identities are powerful in that they give a sense of community, a
way of articulating one's experience."
In February 2014, Facebook expanded gender identity from male and female
to a list of dozens of options, including Androgyne, Gender Fluid,
Intersex, Neither and Transgender. Those choices will all still be
available.
People who choose a custom gender can also choose the pronoun they would
like to be referred to publicly: he/his, she/her or they/their.
Facebook has a setting for users to control the audience who sees their
gender.
Last year's changes created an online stir, with thousands of comments
some grateful, others confused or hostile. But staff at Facebook said
there was full support to take it even further this year, from CEO Mark
Zuckerberg on down.
As of Thursday, the free-form option rolled out to U.S. users, while the
custom gender identity option with a list of words was available in the
United Kingdom, Canada, Australia, France, Spain, Italy, Germany,
Argentina and Denmark.
One thing that has not changed is an "interested in" option for Facebook
users to define whom they might want to date. That option still only
allows men or women, but users can click both options, one option or
neither option. They can also hide it entirely.
Facebook, which has 1.23 billion active monthly users around the world,
would not release how many users have chosen gender identity options
beyond man or woman, citing privacy concerns and a general practice of
not sharing user information.
The Williams Institute, a think tank based at the University of
California, Los Angeles, estimates there are at least 700,000 people in
the U.S. who identify as transgender, an umbrella term that includes
people who live as a gender different from the one assigned to them at
birth.
Sarah Kate Ellis, CEO and president of the advocacy group GLAAD, said
that the past few years have brought "real movement in trans visibility"
and that Facebook has been a leader in making that happen.
"This helps to accelerate trans acceptance in our country," Ellis said.
"I'm excited about the future for gender identity."
Facebook Bug Bounty Report for 2014:
$1.3 Million Paid Out to More Than 700 Bug Finders
We first wrote about Facebook bug bounties a shade under four years ago.
As we pointed out back then, early detractors of Facebook's bounty
program were quick to call it cheap, because the bottom-level payout
was $500, as it still is today.
To be fair to Facebook, that's the smallest payout you can get.
Apart from zero, of course, if you report a bug that doesn't count or
isn't new.
Other companies with bug bounties actually have similar minima.
(Yahoo! famously paid out just $12.50 in company store credit to its
first bug bounty winner although the company that found the bug was
actually conducting its own research to see how quickly Yahoo! would
react, rather than doing it for the payout.)
At the other end of the scale, the limit on Facebook's maximum payout is
pretty generous: there isn't one.
So you can do quite nicely out of a reponsible vulnerablity report, as
Facebook's recently-released 2014 Bounty Statistics reveal.
The company paid out a total of $1,300,000 in 2014, which is actually
slightly down from 2013's total of $1.5M.
The average payout (we're assuming this is a mean average) was $1788,
meaning that just over 700 people submitted bugs that were new, relevant
and responsibly disclosed.
Interestingly, that means most bug submitters came away empty handed,
because Facebook reported a grand total of 17,011 reports.
Of course, that's one of the downsides of a bug bounty programme: the
need to sort the 96% of bug chaff from the 4% of exploitable wheat.
For that reason, we recommend taking a careful look at what does and
doesn't count for any bug bounty programme in which you are thinking of
participating.
Facebook, for example, has published a handy list of "These Do Not
Qualify" examples to help you avoid disappointment.
Notably, Facebook will not pay out on bug reports of security issues in
third-party apps:
These apps are not written or managed by Facebook. We cannot authorize
security testing against them and we cannot reward you for any findings.
You could earn a lot more than that $1788 average, though.
A good bet for pulling in ten times as much seem to be finding a way to
delete other people's photographs.
Facebook has paid out $12,500 on at least two separate occasions, for two
different sorts of bug that could lead to unexpectedly vanishing images.
As for just how high Facebook's unbounded-above payouts went in 2014: we
don't know.
But we can guess, because the company did note that the Big Five bug
reports pulled in a total of $256,750, for a mean of just over fifty
large ones each.
Another thing we don't know is whether you can qualify for a payout by
finding a bug in the "don't bother to report these bugs" guidelines.
We spotted one, but we're not ready to risk the embarrassment of being
turned down for pedantry by reporting it. (You are welcome to try
yourself, but leave a note in the comments if you do, so everyone else
knows not to bother.)
Facebook explicitly warns you not to report as a bug the fact that you
can enter your password with [Caps Lock] turned on and still get into
the site.
That's not a bug, it says, but a feature "to help overcome [one of the
two] most common reasons that authentic logins are rejected."
(The other reason is wrongly typing in a capital letter at the start of
your password, for example because your spelling checker decided you were
beginning a sentence.)
Oh, really?
This 'Killer USB' Can Make Your Computer Explode
Can Hackers turn a remote computer into a bomb and explode it to kill
someone, just like they do in hacker movies? Wait, wait! Before answering
that, Let me tell you an interesting story about Killer USB drive:
A man walking in the subway stole a USB flash drive from the outer pocket
of someone else's bag. The pendrive had "128" written on it. After coming
home, he inserted the pendrive into his laptop and instead discovering
any useful data, he burnt half of his laptop down. The man then took out
the USB pendrive, replaced the text "128" with "129" and put it in the
outer pocket of his bag
Amen!
Im sure, you would really not imagine yourself being the 130th victim of
this Killer perdrive, neither I.
This above story was told to a Russian researcher, nicknamed Dark Purple,
who found the concept very interesting and developed his own
computer-frying USB Killer pendrive.
He is working with electronic manufacturing company from where he ordered
some circuit boards from China for creating his own USB killer stick.
"When we connect it up to the USB port, an inverting DC/DC converter runs
and charges capacitors to -110V," the researcher explained. "When the
voltage is reached, the DC/DC is switched off. At the same time, the
field transistor opens."
At last, he successfully developed a well functioning USB killer pendrive
which is able to effectively destroy sensitive components of a computer
when plugged-in.
"It is used to apply the -110V to signal lines of the USB interface. When
the voltage on capacitors increases to -7V, the transistor closes and the
DC/DC starts. The loop runs till everything possible is broken down.
Those familiar with the electronics have already guessed why we use
negative voltage here."
It is not possible for hardware to prevent all damage to physical systems
in some scenarios. It may be possible for an attacker to exploit SCADA
vulnerabilities and remove safety controls used by power plants or put it
into an unstable state.
Stuxnet worm is one of the real example of such cyber attacks, which was
designed to destroy centrifuges at the Nuclear facility and all this
started from a USB drive.
Also in 2014, a security firm demonstrated an attack on Apples Mac
computer by overriding temperature controls, which can actually set the
machine on fire.
So if we say that a computer could be converted into a bomb, then of
course its true, a hacker can probably make your computer explode as
well.
Therefore, next time when you find an unknown USB flash drive, just beware
before inserting it into your laptop. Because this time it will not fire
up your important files or data stored on your laptop like what malwares
do, instead it will fire up your Laptop.
The Surprising Story of the World's Oldest Dot-com
The Internet is celebrating a big birthday next week: The world's oldest
dot-com domain, symbolics.com, is turning 30 on Sunday.
The first dot-com was purchased by a Massachusetts-based computer company
Symbolics on March 15, 1985 - four years before the World Wide Web even
existed. (Email and the Internet pre-date the Web).
Symbolics was one of the original makers of computer workstations, and
the company even got a mention in the movie "Jurassic Park." But the
"Lisp" computer language that Symbolics developed eventually faded in
popularity. Symbolics went belly-up and filed for bankruptcy in 1993.
The company and its symbolics.com website continue to exist today.
Symbolics maintains the Lisp operating system that is still used by some
companies and government agencies, albeit in a very limited way.
But in 2009, Symbolics got an unsolicited call from an entrepreneur named
Aron Meystedt. He had built up a small domain name registry business
called XF.com Investments, and he thought he'd take a shot in the dark by
asking if symbolics.com might be up for sale.
Meystedt said his call was perfectly timed: The company was looking to
raise money to continue its operations. Symbolics transferred the domain
name to Meystedt (he can't share terms of the deal, since they were
subject to a nondisclosure agreement), and the company moved its site
(still the same since 2005) to symbolics-dks.com.
So what to do with symbolics.com? Meystedt said it had been - and
continues to be - a frequent topic among friends, family and colleagues.
He quickly noticed that the site had been getting traffic without any
advertising. Hundreds and sometimes thousands of people visit each day,
and hundreds of thousands of clicks come into symbolics.com each year
from curious Web browsers who happened to come across the fact that
symbolics.com was the first dot-com.
Meystedt thought there could be a revenue opportunity there. So he
turned it into a kind of Internet history archive. A cartoonish city on
the homepage reveals fast facts about the Internet and Worldwide Web
when you click on buildings' windows.
To make money on his purchase, he allows companies to sell ads. Though
he brought in some ad sales in the past (he says he's unsure of the
total amount), Meystedt has since taken a job that has put his
symbolics.com hopes on the back burner.
Meystedt is now director of auctioning off domain names at Heritage
Auctions. He recently auctioned off classic.com for $172,500 and NL.com
for $575,000. His XF.com Investments company also owns the rights to
tablets.com and copier.com.
Even though he isn't getting to work on his symbolics.com passion
project, he doubts that he'll sell it. As a piece of Internet history,
he says he is "very humbled" to be able to own it.
=~=~=~=
Atari Online News, Etc. is a weekly publication covering the entire
Atari community. Reprint permission is granted, unless otherwise noted
at the beginning of any article, to Atari user groups and not for
profit publications only under the following terms: articles must
remain unedited and include the issue number and author at the top of
each article reprinted. Other reprints granted upon approval of
request. Send requests to: dpj@atarinews.org
No issue of Atari Online News, Etc. may be included on any commercial
media, nor uploaded or transmitted to any commercial online service or
internet site, in whole or in part, by any agent or means, without
the expressed consent or permission from the Publisher or Editor of
Atari Online News, Etc.
Opinions presented herein are those of the individual authors and do
not necessarily reflect those of the staff, or of the publishers. All
material herein is believed to be accurate at the time of publishing.
