Tag: digest

Doctor Who gets lengthy sabbatical as showrunner Steven Moffat quits

Doctor Who fans prepare to be bitterly disappointed: you won’t be getting your timey-wimey fix this year, because season 10 won’t hit our screens until 2017, the BBC has confirmed. The reason? Long-running showrunner Steven Moffat has run out of puff. He will pass the baton (OK, Sonic Screwdriver) to Chris Chibnall—the creator of ITV’s gripping whodunnit, Broadchurch —who will take over the iconic British sci-fi drama at the start of season 11. The BBC, which fiendishly buried this news late on Friday night in the hope that no-one would notice, has promised a Christmas Day special, but that will be the first and only time a new episode of the much-loved show will appear on the TV this year. Read 7 remaining paragraphs | Comments

Link:
Doctor Who gets lengthy sabbatical as showrunner Steven Moffat quits

Media devices sold to feds have hidden backdoor with sniffing functions

(credit: AMX) A company that supplies audio-visual and building control equipment to the US Army, the White House, and other security-conscious organizations built a deliberately concealed backdoor into dozens of its products that could possibly be used to hack or spy on users, security researchers said. Members of Australia-based security firm SEC Consult said they discovered the backdoor after analyzing the AMX NX-1200 , a programmable device used to control AV and building systems. The researchers first became suspicious after encountering a function called “setUpSubtleUserAccount” that added an highly privileged account with a hard-coded password to the list of users authorized to log in. Unlike most other accounts, this one had the ability to capture data packets flowing between the device and the network it’s connected to. “Someone with knowledge of the backdoor could completely reconfigure and take over the device and due to the highest privileges also start sniffing attacks within the network segment,” SEC Consult researcher Johannes Greil told Ars. “We did not see any personal data on the device itself, besides other user accounts which could be cracked for further attacks.” Read 4 remaining paragraphs | Comments

See the original article here:
Media devices sold to feds have hidden backdoor with sniffing functions

DOJ and 4 states want $24 billion in fines from Dish Network for telemarketing

Four states and the US Department of Justice (DOJ) are seeking up to $24 billion in fines from Dish Network after a judge ruled that the company and its contractors made more than 55 million illegal telemarketing calls using recorded messages and phoning people on do-not-call lists. The trial to decide whether Dish was aware that it was breaking the law and whether the company is responsible for calls made by its subcontractors began yesterday. A spokesperson for Dish, which is based outside of Denver, Colorado, noted in an e-mail to Ars that “Most of the Dish calls complained about took place almost ten years ago and Dish has continued to improve its already compliant procedures.” The spokesperson added that in 2008, the satellite TV and Internet provider hired Possible Now, a company that specializes in marketing and regulatory compliance, to make sure that Dish’s marketing practices were legal. According to Dish, Possible Now gave the company a passing grade on compliance with federal regulatory rules. However, the DOJ as well as Ohio, Illinois, California, and North Carolina say that Dish disregarded federal laws on call etiquette. US lawyers are asking for $900 million in civil penalties, and the four states are asking for $23.5 billion in fines, according to the Denver Post . “Laws against phoning people on do-not-call lists and using recorded messages allow penalties of up to $16,000 per violation,” the Post added. Read 4 remaining paragraphs | Comments

Visit site:
DOJ and 4 states want $24 billion in fines from Dish Network for telemarketing

Department of Transportation going full speed ahead on self-driving cars

The world as seen by a self-driving car. (credit: Jonathan Gitlin) We’ve been hitting the tech of self-driving cars pretty heavily this week, taking a look at what companies like Audi , BMW , Ford , QNX , and Tesla are doing in the field. But it’s looking more and more likely that it’s not going to be the technology itself that determines when  we’ll be able to buy a self-driving car for that morning commute. Instead, all the other stuff— regulations, laws, insurance questions, and society’s comfort level —appear ready to own the issue of timing. At this week’s North American International Auto Show in Detroit, Transportation Secretary Anthony Foxx announced that “i n 2016, we are going to do everything we can to promote safe, smart and sustainable, vehicles. We are bullish on automated vehicles.” Still, w orking out how to regulate self-driving cars is far from settled. Each state (well, OK maybe every state but Maryland) has a pretty good idea of how to test young drivers to determine whether they’re ready to mix it with the rest of us in traffic. Figuring out how to apply that to a car itself is proving to be more of a challenge. California, for instance, is about to hold a couple of public workshops to get input into its draft regulations on the the matter, and DMVs in other states are being told by their respective legislatures to start working on the problem. Today, there’s a real fear in the industry that we could end up with a patchwork of different state laws (something Cars Technica even talked about on the radio yesterday ). Then there’s the federal government, where crafting policies, regulations, and guidances can be slow work. Take recent advances in headlight technology for example. Over in Europe, you can now buy cars that use LED lasers to supplement their high-beams. Those lights are intelligent enough to avoid blinding other cars on the road, and they represent a significant safety advantage. But the Federal Motor Vehicle Safety Standards for headlights in the US went into effect in 1968 and haven’t been updated since. And because they don’t make any allowances for anything other than a high beam and a low beam, such systems are illegal here in the US. Read 4 remaining paragraphs | Comments

View original post here:
Department of Transportation going full speed ahead on self-driving cars

Security firm sued for filing “woefully inadequate” forensics report

(credit: ErrantX ) A Las Vegas-based casino operator has sued security firm Trustwave for conducting an allegedly “woefully inadequate” forensics investigation that missed key details of a network breach and allowed credit card thieves to maintain their foothold during the course of the two-and-a-half month investigation. In a legal complaint filed in federal court in Las Vegas, Affinity Gaming said it hired Trustwave in October 2013 to investigate and contain a network breach that allowed attackers to obtain customers’ credit card data. In mid January 2014, Trustwave submitted a report required under payment card industry security rules on all merchants who accept major credit cards. In the PCI forensics report, Trustwave said it had identified the source of the data breach and had contained the malware responsible for it. More than a year later after Affinity was hit by a second credit card breach, the casino operator allegedly learned from Trustwave competitor Mandiant that the malware had never been fully removed. According to the December, 2015 complaint : Read 4 remaining paragraphs | Comments

Read More:
Security firm sued for filing “woefully inadequate” forensics report

Et tu, Fortinet? Hard-coded password raises new backdoor eavesdropping fears

(credit: Fortinet) Less than a month after Juniper Network officials disclosed an unauthorized backdoor in the company’s NetScreen line of firewalls , researchers have uncovered highly suspicious code in older software from Juniper competitor Fortinet. The suspicious code contains a challenge-and-response authentication routine for logging into servers with the secure shell (SSH) protocol . Researchers were able to unearth a hard-coded password of “FGTAbc11*xy+Qqz27” (not including the quotation marks) after reviewing this exploit code posted online on Saturday . On Tuesday, a researcher posted this screenshot purporting to show someone using the exploit to gain remote access to a server running Fortinet’s FortiOS software. This exploit code provides unauthorized SSH access to devices running older versions of FortiOS. (credit: Full Disclosure mailing list ) This partially redacted screenshot purports to show the exploit in action. (credit: @dailydavedavids ) Ralf-Philipp Weinmann, a security researcher who helped uncover the innerworkings of the Juniper backdoor , took to Twitter on Tuesday and repeatedly referred to the custom SSH authentication as a “backdoor.”  In one specific post , he confirmed he was able to make it work as reported on older versions of Fortinet’s FortiOS. Read 4 remaining paragraphs | Comments

Taken from:
Et tu, Fortinet? Hard-coded password raises new backdoor eavesdropping fears

Big names gamble big bucks on blood tests for early cancer detection

Forget biopsies, ultrasounds, mammograms, pap smears, rectal exams, and other unpleasant cancer screenings—the race is now on for simple, affordable blood tests that can detect all sorts of cancers extremely early. On Sunday, genetic sequencing company  Illumina Inc. announced the start of a new company called Grail, which will join dozens of companies developing such blood tests. Toting big-name investors including Microsoft co-founder Bill Gates and Amazon founder Jeff Bezos, Illumina’s high-profile startup raised more than $100 million to get Grail going. The company hopes that Grail’s tests will be on the market by 2019 and cost around $500 a pop. Though researchers have recently questioned the benefits of early cancer screening—showing in some cases that early detection does not generally save lives —Illumina is confident that the science behind the blood-based screens is at least possible. Illumina Chief Executive Jay Flatley, who will be Grail’s chairman, said Illumina has been working on the tests for about a year and a half. “We’ve made tremendous progress, which gives us the confidence that we can get to the endpoint that we expect.” Read 5 remaining paragraphs | Comments

Read the original post:
Big names gamble big bucks on blood tests for early cancer detection

Intel Skylake bug causes PCs to freeze during complex workloads

Intel has confirmed that its Skylake processors suffer from a bug that can cause a system to freeze when performing complex workloads. Discovered by mathematicians at the Great Internet Mersenne Prime Search (GIMPS), the bug occurs when using the GIMPS Prime95 application to find Mersenne primes. “Intel has identified an issue that potentially affects the 6th Gen Intel Core family of products. This issue only occurs under certain complex workload conditions, like those that may be encountered when running applications like Prime95. In those cases, the processor may hang or cause unpredictable system behaviour.” Intel has developed a fix, and is working with hardware partners to distribute it via a BIOS update. Read 6 remaining paragraphs | Comments

Originally posted here:
Intel Skylake bug causes PCs to freeze during complex workloads

Five years later, Thunderbolt is finally gaining some traction in PCs

Walking around Pepcom at CES 2016, putting our hands on some laptops and plenty of other things. Video shot by Nathan Fitch and Jennifer Hahn, edited by Jennifer Hahn. (video link) For many years, it looked like Thunderbolt was destined to be a modern version of FireWire: faster and smarter than contemporary USB interfaces, but so rare outside of Macs that we haven’t seen a very wide range of Thunderbolt accessories beyond adapters and external hard drives. Thunderbolt versions 1 and 2 are available in most Macs sold between 2011 and now, but it has been included in just a handful of PC laptops and high-end motherboards. Thunderbolt 3 is turning that around. The port is suddenly beginning to show up in high-end offerings from just about every major PC OEM, starting with some Lenovo workstation laptops and Dell’s new XPS lineup and continuing in laptops and convertibles from HP , Acer , Intel , and others . Read 11 remaining paragraphs | Comments

Read More:
Five years later, Thunderbolt is finally gaining some traction in PCs

Latest tech support scam stokes concerns Dell customer data was breached

Enlarge (credit: Jjpwiki ) Tech-support scams, in which fraudsters pose as computer technicians who charge hefty fees to fix non-existent malware infections, have been a nuisance for years . A relatively new one targeting Dell computer owners is notable because the criminals behind it use private customer details to trick their marks into thinking the calls come from authorized Dell personnel. “What made the calls interesting was that they had all the information about my computer; model number, serial number, and notably the last item I had called Dell technical support about (my optical drive),” Ars reader Joseph B. wrote in an e-mail. “That they knew about my optical drive call from several months prior made me think there was some sort of information breach versus just my computer being compromised.” He isn’t the only Dell customer reporting such an experience. A blog post published Tuesday reported scammers knew of every problem the author had ever called Dell about. None of those problems were ever discussed in public forums, leading the author to share the suspicion that proprietary Dell data had somehow been breached. Read 7 remaining paragraphs | Comments

Read more here:
Latest tech support scam stokes concerns Dell customer data was breached