california – Page 58

We know where you’ve been: Ars acquires 4.6M license plate scans from the cops

OAKLAND, Calif.—If you have driven in Oakland any time in the last few years, chances are good that the cops know where you’ve been, thanks to their 33 automated license plate readers (LPRs). Now Ars knows too. In response to a public records request, we obtained the entire LPR dataset of the Oakland Police Department (OPD), including more than 4.6 million reads of over 1.1 million unique plates between December 23, 2010 and May 31, 2014. The dataset is likely the largest ever publicly released in the United States—perhaps in the world. Read 59 remaining paragraphs | Comments

View article:
We know where you’ve been: Ars acquires 4.6M license plate scans from the cops

New DNA construct can set off a “mutagenic chain reaction”

A technique for editing genes while they reside in intact chromosomes has been a real breakthrough. Literally . In 2013, Science magazine named it the runner-up for breakthrough-of-the-year, and its developers won the 2015 Breakthrough Prize . The system being honored is called CRISPR/Cas9, and it evolved as a way for bacteria to destroy viruses using RNA that matched the virus’ DNA sequence. But it’s turned out to be remarkably flexible, and the technique can be retargeted to any gene simply by modifying the RNA. Researchers are still figuring out new uses for the system, which means there are papers coming out nearly every week, many of them difficult to distinguish. That may be precisely why the significance of a paper published last week wasn’t immediately obvious. In it, the authors described a way of ensuring that if one copy of a gene was modified by CRISPR/Cas9, the second copy would be—useful, but not revolutionary. What may have been missed was that this process doesn’t stop once those two copies are modified. Instead, it happens in the next generation as well, and then the generation after that. In fact, the modified genes could spread throughout an entire species in a chain reaction, a fact that has raised ethical and safety concerns about the work. Read 14 remaining paragraphs | Comments

Continue Reading:
New DNA construct can set off a “mutagenic chain reaction”

Google warns of unauthorized TLS certificates trusted by almost all OSes

In the latest security lapse involving the Internet’s widely used encryption system, Google said unauthorized digital certificates have been issued for several of its domains and warned misissued credentials may be impersonating other unnamed sites as well. The bogus transport layer security certificates are trusted by all major operating systems and browsers, although a fall-back mechanism known as public key pinning prevented the Chrome and Firefox browsers from accepting those that vouched for the authenticity of Google properties, Google security engineer Adam Langley wrote in a blog post published Monday . The certificates were issued by Egypt-based MCS Holdings , an intermediate certificate authority that operates under the China Internet Network Information Center (CNNIC). The Chinese domain registrar and certificate authority, in turn, is included in root stores for virtually all OSes and browsers. The issuance of the unauthorized certificates represents a major breach of rules established by certificate authorities and browser makers. Under no conditions are CAs allowed to issue certificates for domains other than those legitimately held by the customer requesting the credential. In early 2012, critics blasted US-based CA Trustwave for doing much the same thing and Langley noted an example of a France-based CA that has also run afoul of the policy. Read 6 remaining paragraphs | Comments

Classic FPS Descent to be rebooted by Star Citizen alums

The last time we checked in with Eric “Wingman” Peterson was August of 2014, where he was running Cloud Imperium Games’ Austin office and overseeing development on Star Citizen’s persistent universe. However, just a few months after that, Peterson left Cloud Imperium to develop his own game: a reboot of the mid-’90s first-person shooter game Descent. Peterson has formed Descendent Studios , hired a development staff, and is currently overseeing a Kickstarter to pull together a minimum of $600,000 to finance development of the game, which is titled Descent Underground . Critically, Descent Underground has something that previous attempts to resurrect the Descent franchise have lacked: a licensing agreement with IP-holder Interplay. Kickstarter teaser for Descent Underground , formerly code-named “Ships That Fight Underground.” Old name, new presentation Descent was published by Interplay more than 20 years ago, in 1994. The first-person shooter developed by Parallax Software had players zipping around underground in a series of cavernous (and sometimes claustrophobic) mines filled with mad killer robots. Players navigated the underground environment in a Pyro GX spacecraft, which led to the game’s main selling point: it wasn’t just a regular FPS, but one which offered “six degrees of freedom.” In other words, you could move in any direction (X, Y, and Z) and turn in any direction (roll, pitch, yaw). Read 14 remaining paragraphs | Comments

Read the article:
Classic FPS Descent to be rebooted by Star Citizen alums

HTTPS-crippling FREAK exploit hits thousands of Android and iOS apps

While almost all the attention paid to the HTTPS-crippling FREAK vulnerability has focused on browsers, consider this: thousands of Android and iOS apps, many with finance, shopping, and medical uses, are also vulnerable to the same exploit that decrypts passwords, credit card details, and other sensitive data sent between handsets and Internet servers. Security researchers from FireEye recently examined the most popular apps on Google Play and the Apple App Store and found 1,999 titles that left users wide open to the encryption downgrade attack. Specifically, 1,228 Android apps with one million or more downloads were vulnerable, while 771 out of the top 14,079 iOS apps were susceptible. Vulnerable apps were those that used—or in the case of iOS, could use—an affected crypto library and connected to servers that offered weak, 512-bit encryption keys. The number of vulnerable apps would no doubt mushroom when analyzing slightly less popular titles. “As an example, an attacker can use a FREAK attack against a popular shopping app to steal a user’s login credentials and credit card information,” FireEye researchers Yulong Zhang, Zhaofeng Chen, Hui Xue, and Tao Wei wrote in a blog post scheduled to be published Tuesday afternoon. “Other sensitive apps include medical apps, productivity apps and finance apps.” The researchers provided the screenshots above and below, which reveal the plaintext data extracted from one of the vulnerable apps after it connected to its paired server. Read 3 remaining paragraphs | Comments

See original article:
HTTPS-crippling FREAK exploit hits thousands of Android and iOS apps

A $6 commute with Wi-Fi, USB ports, and coconut water

SAN FRANCISCO—In a city replete with not only local buses, and the famously-hated tech company buses that shuttle hundreds of workers daily 40 miles south, a new startup is set to debut a private luxury commuter bus line, charging $6 for a roughly three-mile ride. At its Wednesday launch, Leap will only operate four buses (with one more in reserve) during commuting hours, focusing on giving rides from the Marina neighborhood in the city’s north, going southeast to downtown in the morning, and the reverse in the evening. There’s no fixed schedule—the buses are just constantly rolling at 10 to 15 minute intervals, and passengers can check the iOS or Web apps to see when they will arrive. (Ars first profiled Leap in March 2014.) Leap is betting that riders are willing to pay nearly three times what a ride on a local Muni bus costs, and a fair bit less than what a taxi (or its newer cousins, Uber, Lyft, and Sidecar) would charge for a similar journey. What makes it worth that price? Free Wi-Fi, comfortable seats (limited to just 27, no standing passengers), USB ports, plus food and drinks. Read 24 remaining paragraphs | Comments

A look at Android 5.1: speed, security, tweaks

Four months after the first release of Android 5.0 Lollipop , Google has followed up with a second version: Android 5.1. The speedy turnaround time compared to Android 5.0 (which appeared a year after 4.4) means that there aren’t many large-scale changes to look at—but the release does feature numerous little improvements and tweaks. It’s faster! (on the Nexus 6, at least) Ron Amadeo 5.1 brings much faster random read and write speeds to the Nexus 6, and the Nexus 5 improves a little, too. 3 more images in gallery 5.1 seems to have eliminated many of the performance issues with the Nexus 6. When we initially reviewed the device, the Nexus 6 was slower at loading apps and switching tasks than the older Nexus 5 had been. With 5.1, the newer phone feels much snappier; with non-game apps, it can now keep pace with the Nexus 5. On benchmarks, we’re seeing much higher random read and write scores on the Nexus 6 with 5.1; random read gets a 2x speed boost, while random write is a whopping 9x faster. The same dramatic speed boosts aren’t present on the Nexus 5, and we suspect the difference is that the Nexus 6 is encrypted while the Nexus 5 is not. According to Francisco Franco , a longtime third-party Android kernel developer, Google is now using NEON instructions on the Nexus 6 to speed up encryption performance. Performance could be further improved by enabling hardware-accelerated encryption, which the Nexus 6 still doesn’t use, but Google has been experimenting with the feature in the Android Open Source Project. Read 7 remaining paragraphs | Comments

First look at the Office 2016 Preview for Windows

Hot on the heels of Office 2016 for Mac , Microsoft today released a preview of Office 2016 for the operating system that it actually earns money from. You know—Windows. In fairness, Windows isn’t in such desperate need for an updated Office. Office 2013 is fresher than Office 2011 was, and so it’s not altogether surprising that Office 2016 is to Office 2013 much the same as what Office 2013 was to Office 2010. This is a minor update with some small new features and a visual refresh. The preview is currently aimed at IT professionals and developers, and as such it requires an active Office 365 subscription. A consumer-oriented preview should be released later in the year, but it’s pretty clear that Microsoft wants people to subscribe to Office 365, and the company is going to continue to offer small perks for having a subscription. Last year’s Outlook for Mac update was similarly an Office 365-only benefit. Read 18 remaining paragraphs | Comments

See more here:
First look at the Office 2016 Preview for Windows

Cops are freaked out that Congress may impose license plate reader limits

Despite the fact that no federal license plate legislation has been proposed, the International Association of Chiefs of Police (IACP) has sent a pre-emptive letter to top Congressional lawmakers, warning them against any future restrictions of automated license plate readers. The IACP claims to be the “world’s oldest and largest association of law enforcement executives.” As the letter, which was published last week, states: We are deeply concerned about efforts to portray automated license plate recognition (ALPR) technology as a national real-time tracking capability for law enforcement. The fact is that this technology and the data it generates is not used to track people in real time. ALPR is used every day to generate investigative leads that help law enforcement solve murders, rapes, and serial property crimes, recover abducted children, detect drug and human trafficking rings, find stolen vehicles, apprehend violent criminal alien fugitives, and support terrorism investigations. Sarah Guy, a spokeswoman for the IACP, told Ars that current state and local restrictions have made the police lobby group concerned at the federal level. Read 14 remaining paragraphs | Comments

View article:
Cops are freaked out that Congress may impose license plate reader limits

Indian ISP’s routing hiccup briefly takes Google down worldwide

For a short time today, people all over the world trying to access Google services were cut off because of what Dyn Research Director of Internet Analysis Doug Madory identified as a “routing leak ” from an Indian broadband Internet provider. The leak is similar to a 2012 incident caused by an Indonesian ISP , which took Google offline for 30 minutes worldwide. Routing leaks occur when a network provider broadcasts all or part of its internal routing table to one or more peered networks via the Border Gateway Protocol, causing network traffic to be routed incorrectly. In this case, the Indian ISP Hathway’s boundary router incorrectly announced routing data for over 300 network prefixes belonging to Google to the Internet backbone via its provider Bharti Airtel. “Bharti in turn announced these routes to the rest of the world,” Madory wrote in a Dyn Research blog entry posted this morning, “and a number of ISPs accepted these routes.” In the US, Cogent and Level 3 accepted the routes; a number of overseas carriers, including Orange, were also affected. Read 1 remaining paragraphs | Comments

See the article here:
Indian ISP’s routing hiccup briefly takes Google down worldwide

Ken May

Tag: california