california – Page 40

vBulletin password hack fuels fears of serious Internet-wide 0-day attacks

Enlarge (credit: Coldzer0) Developers of the vBulletin software package for website forums released a security patch Monday night, just hours after reports surfaced that a hack on the developers’ site leaked password data and other sensitive information belonging to almost 480,000 subscribers. vBulletin officials have put in place a mandatory password reset for all users after discovering it was subjected to a hack attack. They went on to warn that the attacker “may have accessed customer IDs and encrypted passwords on our system.” A separate post on the vBulletin site makes reference to a security patch for versions 5.1.4 through 5.1.9 of the vBulletin Connect software package. Noticeably missing from either link is an explicit warning that there is a critical vulnerability in vBulletin that has already been actively exploited and puts thousands of sites at risk until they install the patch. Ars asked vBulletin officials to clarify the reports and to confirm or disconfirm the speculation they have generated, but so far the request has gone unanswered. This post contains inferences and information from alternative sources that has yet to be explicitly confirmed. Read 4 remaining paragraphs | Comments

AMD Radeon Software Crimson: A new name and a new look for Catalyst

AMD’s Radeon Software Crimson replaces Catalyst. 16 more images in gallery AMD is taking the fight directly to Nvidia with the long-overdue launch of a new driver software package and UI. Called Radeon Software Crimson, the new software replaces the old AMD Catalyst Control Center (CCC) with a flat modern UI, and simplified menus. Most importantly, AMD is promising that a new major version of the software will be released every year, with minor versions arriving every month. Each new major version will have a different, colour-themed name. The software is due to roll out later this year. Crimson has been developed in QT, a cross-platform application framework that AMD says is much quicker than the old .NET framework CCC used to use. It claims that start-up time has been reduced from eight seconds to 0.6 seconds on a mid-performance AMD E-350-based laptop; high-end desktops will be even faster. Crimson is the first in a number of software changes that AMD is implementing following the restructuring of its graphics group into the Radeon Technologies Group under the leadership of Raja Koduri. For now, AMD is only talking about the UI changes in Crimson, which is dramatically different from the old CCC. (More will be revealed about underlying driver changes at a later date, but AMD was vague about when that might be.) The new flat design features five tabs at the top for Gaming, Video, Display, Eyefinity, and System, while then buttons at the bottom for Updates, Preferences, and Notifications. In the middle, taking up the lion’s share of the window, there’s a carousel that displays announcements and promotions about games when not being used to display settings. Read 6 remaining paragraphs | Comments

Original post:
AMD Radeon Software Crimson: A new name and a new look for Catalyst

Windows 10 will be made an automatic “recommended” update early next year

The Windows 10 free upgrade program has so far concentrated on those Windows 7 and 8 users who reserved their copy in the weeks leading up to the operating system’s release. Over the coming months, Microsoft will start to spread the operating system to a wider audience . The Windows 10 upgrade will soon be posted as an “Optional Update” in Windows Update, advertising it to anyone who examines that list of updates. Then, early next year, it will be categorized as a “Recommended Update.” This is significant, because it means that systems that are configured to download and install recommended updates—which for most people is the safest option—will automatically fetch the upgrade and start its installer. The installer will still require human intervention to actually complete—you won’t wake up to find your PC with a different operating system—but Windows users will no longer need to actively seek the upgrade. This mirrors an accidental change that Microsoft did earlier this month. The Windows 10 upgrade was showing up for some people as a recommended update and the installer started automatically. Read 3 remaining paragraphs | Comments

View post:
Windows 10 will be made an automatic “recommended” update early next year

Low-cost IMSI catcher for 4G/LTE networks tracks phone’s precise locations

Enlarge (credit: Shaik, et al. ) Researchers have devised a low-cost way to discover the precise location of smartphones using the latest LTE standard for mobile networks , a feat that shatters widely held perceptions that it’s immune to the types of attacks that targeted earlier specifications. The attacks target the LTE specification , which is expected to have a user base of about 1.37 billion people by the end of the year. They require about $1,400 worth of hardware that run freely available open-source software. The equipment can cause all LTE-compliant phones to leak their location to within a 32- to 64-foot (about 10 to 20 meter) radius and in some cases their GPS coordinates, although such attacks may be detected by savvy phone users. A separate method that’s almost impossible to detect teases out locations to within an area of roughly one square mile in an urban setting. The researchers have devised a separate class of attacks that causes phones to lose connections to LTE networks, a scenario that could be exploited to silently downgrade devices to the less secure 2G and 3G mobile specifications. The 2G, or GSM, protocol has long been known to be susceptible to man-in-the-middle attacks using a form of fake base station known as an IMSI catcher (like the Stingray). 2G networks are also vulnerable to attacks that reveal a phone’s location within about 0.6 square mile . 3G phones suffer from a similar tracking flaw . The new attacks, described in a research paper published Monday, are believed to be the first to target LTE networks, which have been widely viewed as more secure than their predecessors. Read 12 remaining paragraphs | Comments

See original article:
Low-cost IMSI catcher for 4G/LTE networks tracks phone’s precise locations

How dynamic resolution scaling keeps Halo 5 running so smoothly

Digital Foundry’s analysis shows how occasional resolution drops keep Halo 5 running at 60fps. Over the years, gamers have gotten used to highly detailed games that drop frames and get distractingly choppy when the action gets too intense (a deep pain I’ve personally been suffering through since at least Gradius III on the SNES ). Now it seems some developers are toying with the idea of dropping a few pixels of resolution in those cases in order to keep the frame rate silky smooth. The technique is called dynamic resolution scaling, and a recent analysis by Digital Foundry goes into some detail about how it works in Halo 5: Guardians . Basically, the developers at 343 have prioritized hitting 60fps consistently through the entire game, a big boon for a twitchy first-person shooter (and a first for the Halo series). The level of graphical detail in some game scenes, though, means that such a high frame rate can only be delivered at resolutions well below the Xbox One’s highest 1080p standard. Instead of just statically setting a low resolution ceiling for the entire game, though, Halo 5 dynamically changes the resolution based on the detail of the current in-game scene. This on-the-fly adjustment takes place on both the X and Y axes, with resolutions jumping from as low as 1152×810 to as high as 1536×1080 in Digital Foundry’s analysis. The apparent on-the-fly change in resolution wasn’t even noticeable to my eye during some recent testing. Read 5 remaining paragraphs | Comments

Original post:
How dynamic resolution scaling keeps Halo 5 running so smoothly

Xbox One gets Xbox 360 backwards compatibility with November 12 update

The new Xbox One dashboard, as originally shown off in June. The new Xbox One dashboard, which will usher in a bunch of new features including Xbox 360 backwards compatibility, will be released on November 12. Confirmation came via a tweet by Larry “Major Nelson” Hryb very early this morning. Microsoft first showed off the “New Xbox One Experience” (that’s its official name) back at E3 in June. The dashboard interface has been completely overhauled: now, instead of looking like the Windows 8 Start screen, it looks a bit more like a Windows 10 app. The interface is very flat, with a heavy focus on typography. Perhaps most importantly, settings, games, social updates, and all of the good stuff is much more easily accessible with a gamepad. The primary focus of the new dashboard, you’ll be happy to hear, is to make it faster and easier to do things. Read 5 remaining paragraphs | Comments

View post:
Xbox One gets Xbox 360 backwards compatibility with November 12 update

Joomla bug puts millions of websites at risk of remote takeover hacks

Enlarge / Here’s the control panel hackers can access by exploiting a just-patched Joomla vulnerability. (credit: Spiderlabs) Millions of websites used in e-commerce and other sensitive industries are vulnerable to remote take-over hacks made possible by a critical vulnerability that has affected the Joomla content management system for almost two years. The SQL-injection vulnerability was patched by Joomla on Thursday with the release of version 3.4.5 . The vulnerability, which allows attackers to execute malicious code on servers running Joomla, was first introduced in version 3.2 released in early November 2013. Joomla is used by an estimated 2.8 million websites. “Because the vulnerability is found in a core module that doesn’t require any extensions, all websites that use Joomla versions 3.2 and above are vulnerable,” Asaf Orpani, a researcher inside Trustwave’s Spiderlabs, wrote in a blog post (the post appears to be offline at the moment, but it was working through most of Friday morning). The vulnerability, and two closely related security flaws, have been cataloged as CVE-2015-7297, CVE-2015-7857, and CVE-2015-7858. Read 4 remaining paragraphs | Comments

Original post:
Joomla bug puts millions of websites at risk of remote takeover hacks

Descent Underground recaptures that Descent multiplayer magic [Updated]

Video: the Descent Underground Early Access gameplay trailer. AUSTIN, TX—About a month ago, we called the retro-themed Descent -style shooter Sublevel Zero an awesome Descent -like experience but lamented its lack of multiplayer. Well, good news this morning for folks who are still craving multiplayer tunnel-shooting: as of 11:00 EDT, Descent Underground is available on Steam Early Access for $29.99. Players will be able to jump in and fly three classes of ships in five maps and a few different game modes. The product of a small Austin company called Descendent Studios founded by former Star Citizen Austin studio head Eric “Wingman” Peterson, Descent Underground was originally envisioned as a Descent clone under the working title “Ships That Fight Underground” (abbreviated as “STFU” ). However, the game changed course when an encounter with an Interplay shareholder led to a licensing agreement with Interplay, the studio that controls the bulk of the Descent intellectual property. The licensing deal meant that the game could be re-envisioned as an actual branded Descent game—though because the licensing agreement doesn’t include the character models or sound assets from the original trilogy, some creativity had to be applied. The result is Descent Underground, a prequel to the original Descent series. In it, the player takes on the role of a miner who remote-pilots drones through mines, blasting other drones and occasionally doing some actual mining to collect resources. Lead designer Peterson explained to us that the eventual goal is to have a metagame that has some hints of Dune about it: players will fly around in a large mothership, cruising through asteroid fields and looking for choice places to mine. A nice asteroid might already have another player group’s ship docked on it, and you can fly up next to it and deploy your own drones to try to fight them for the asteroid. (This is what’s going on in the launch trailer at the top of the page.) Read 20 remaining paragraphs | Comments

Originally posted here:
Descent Underground recaptures that Descent multiplayer magic [Updated]

950 Pro review: Samsung’s first PCIe M.2 NVMe SSD is an absolute monster

(credit: Orestis Bastounis) The 950 Pro isn’t Samsung’s first consumer M.2 SSD, or even the company’s first PCIe M.2 drive. It is, however, Samsung’s first consumer M.2 and NVMe drive that uses the full performance of four PCIe 3.0 lanes. It is also an upgrade from its predecessor the SM951, in that it uses 3D V-NAND rather than planar NAND. Somewhat disappointingly, the 950 Pro comes in only two capacities for now: 256GB or 512GB, with a 1TB model promised for next year. Samsung is resolute in only producing single-sided M.2 devices to keep the drive’s thickness to a minimum, so the 1TB drive will have to wait until 48-layer 3rd-generation V-NAND is available. Thankfully, no 128GB model will be sold, indicating that 128GB SSDs may be on their way out. UK pricing is pegged at £150 for the 256GB model and £270 for 512GB; in the US, it’s $200 and $350, respectively. As always, expect some variation between retailers with these prices, and in these early days, prices may be slightly higher than what Samsung is quoting. We’re told that the 950 Pro will hit retailers today; we’ll update this story with some links when they first appear. Read 44 remaining paragraphs | Comments

More:
950 Pro review: Samsung’s first PCIe M.2 NVMe SSD is an absolute monster

Couple sues Pandora and SiriusXM over copyright in pre-1972 songs

(credit: Getty Images) An Illinois couple who owned several recording companies specializing in doo-wop, jazz, and rhythm and blues have filed suit against the major satellite and Internet radio companies over their playing of pre-1972 songs. It’s the third lawsuit that highlights how the patchwork of state copyright laws over older music is putting a drag on Internet radio—sound recordings made before 1972 aren’t protected by federal copyright but are protected by many states. On Monday, Arthur and Barbara Sheridan filed two lawsuits in New Jersey federal court: one against Pandora and Sirius XM (PDF) and another against iHeartMedia (PDF), the parent company of online music service iHeartRadio. Their lawsuits seek class action status, looking to represent owners of pre-1972 songs. The companies have derived “significant benefits,” including “millions of dollars in annual revenue,” by playing those songs without permission, the suit alleges. “The Pre-1972 Recordings, when created, were the novel product of mental labor embodied in material form,” the complaint against Sirius and Pandora states. “Plaintiffs and the Misappropriation Class thus have property rights in them as recognized by New Jersey common law.” Read 4 remaining paragraphs | Comments

More here:
Couple sues Pandora and SiriusXM over copyright in pre-1972 songs

Ken May

Tag: california