wired – Page 21 – Tech Today w/ Ken May

New Firefox version says “might as well” to encrypting all Web traffic

Developers of the Firefox browser have moved one step closer to an Internet that encrypts all the world’s traffic with a new feature that can cryptographically protect connections even when servers don’t support the HTTPS protocol. Opportunistic encryption, as the feature is known, acts as a bridge between plaintext HTTP connections and fully compliant HTTPS connections based on transport layer security or its predecessor, protocol secure sockets layer. These traditional Web-based encryption measures require site operators to obtain a digital credential issued by a browser-recognized certificate authority and to implement TLS protection through OpenSSL or a similar code library. Even then, many sites are unable to fully encrypt their pages because they embed ads and other third-party content that’s still transmitted in plaintext. As a result, large numbers of sites (including this one) continue to publish some or all of their content in HTTP, which can be readily manipulated by people with the ability to monitor the connection. OE, as opportunistic encryption is often abbreviated, was turned on by default in Firefox 37, which was released this week. The move comes 17 months after an Internet Engineering Task Force working group proposed OE become an official part of the HTTP 2.0 specification . The move garnered critics and supporters alike, with the former arguing it may delay some sites from using the more secure HTTPS protections and the latter saying, in effect, some protection is better than none. The chief shortcoming of OE is its lack of authentication for cryptographically validating that a connected server is operated by the organization claiming ownership. Read 2 remaining paragraphs | Comments

View article:
New Firefox version says “might as well” to encrypting all Web traffic

New ARM-powered chip aims for battery life measured in decades

The number of things getting plugged into the “Internet of Things” has already reached the point of satire . But there’s a new, extremely low power technology that’s being prepared for market that could put computing power and network access into a whole new class of sensors, wearables, and practically disposable devices. That’s because it can run off a battery charge for over over 10 years. Atmel, the San Jose-based microcontroller maker, today released samples of a new type of ultra-low power, ARM based microcontroller that could radically extend the battery life of small low-power intelligent devices. The new SAM L21 32-bit ARM family of microcontroller (MCUs) consume less than 35 milliamps of power per megahertz of processing speed while active, and less than 200 nanoamps of power overall when in deep sleep mode—with varying states in between. The chip is so low power that it can be powered off energy capture from the body, as Andreas Eieland, Atmel’s Director of Product Marketing for low-power products, demonstrated at CES earlier this year. Read 7 remaining paragraphs | Comments

Continued here:
New ARM-powered chip aims for battery life measured in decades

Zynga investors can sue FarmVille creator for alleged IPO fraud, judge says

Earlier this week, a judge ruled (PDF) that Zynga would have to face a revised lawsuit over allegations that it defrauded investors by offering overly-zealous news about the company’s future at the time of its Initial Public Offering (IPO). The investors allege that Zynga knew that an upcoming platform change at Facebook would decrease the company’s ability to rake in revenue, but executives concealed that information. After the successful IPO, the complaint says, the executives sold off their Zynga shares before the stock price collapsed . The investors applied for a class-action lawsuit in July 2012 , just after Zynga shares tumbled to $3 per share from a price peak of $15.91 per share. US District Judge Jeffrey White dismissed an earlier version of the lawsuit a year ago, but ruled that the game company would have to face a revised complaint from the same investors. Although Zynga denies the investors’ claims, the plaintiffs say they have at least six confidential witnesses who had access to daily reports on Zynga’s bookings before the IPO. Those witnesses say the company was in decline before the IPO. “Although the company may have reported large bookings after the fact,” the judge’s order writes, “Plaintiff contends that the bookings declined significantly during the class period and yet Defendants continued to represent to the public that the bookings were strong.” Read 2 remaining paragraphs | Comments

More:
Zynga investors can sue FarmVille creator for alleged IPO fraud, judge says

Lone modder’s Half-Life 2: Update brings modern graphics to a classic

As amazing as Half-Life 2 was when it was first released in 2004, time has not been kind to the original release’s graphics, which can look a bit flat and dated compared to modern PC games. Enter Romanian modder Filip Victor , who’s ready to release the final version of a massive, Source engine-powered graphical update for the game on Steam for free tomorrow. As shown in a slick comparison trailer and detailed in a PDF brochure , Half-Life 2: Update offers graphical improvements like high dynamic range lighting, improved fog and particle effects, world reflections, more detailed water rendering, improved background models, and other effects that just weren’t feasible back in 2004. The update also fixes a number of animation and cut-scene-activation bugs that have persisted in the original release and adds optional fan commentary from a number of high-profile YouTube personalities. Despite all the graphical changes, the update leaves the original gameplay, level design, character models, textures, and animations intact. “The goal of Half-Life 2: Update is to fix up, polish, and visually enhance Half-Life 2 , without ever changing the 2004 original’s core gameplay, or time-tested style,” Victor wrote in the update’s brochure. “I wanted to ensure that the update was something that would be enduring, and worth the time it takes to play it. I hope that both newcomers and veterans of the Half-Life series will enjoy seeing the work that went into its creation.” Read 2 remaining paragraphs | Comments

Graphene allows strange form of ice to occur at room temperature

We are all familiar with water, and we see it every day in many forms: in the bulk as a glass of water, in the crystal phase as ice, and the vapor phase as steam. While the behavior of these phases seems predictable, water is an unusual substance that behaves unlike any other small molecule we know of. This fact is particularly notable when water is viewed at small-length scales or confined to small compartments. An international team of scientists recently discovered some intriguing structural characteristics of water confined in graphene nanocapillaries. In these studies, the researchers deposited a graphene monolayer on a small grid, added a small amount of water, and then covered it with another monolayer of graphene. This sample was left overnight to allow excess water to evaporate, eventually bringing the graphene layers together so that only a small amount of adsorbed water remained between them. The water left behind showed some unusual structural properties. Structural characteristics of water are influenced by hydrogen bonding among adjacent water molecules. In the liquid state, water exhibits a partially ordered structure. In the crystal state, water molecules begin to conform to more rigid lattice structures, forming ice. As ice, the water molecules typically take on a geometry that is a three-dimensional “tetrahedral” structure, which basically looks like a square pyramid. Read 4 remaining paragraphs | Comments

Big solar plants produced 5% of California’s electricity last year

Today, the US Energy Information Agency announced that California had passed a key milestone, becoming the first state to produce five percent of its annual electricity using utility-scale solar power. This represents more than a doubling from the 2013 level, when 1.9 percent of the state’s power came from utility-scale solar, and means that California produces more electricity from this approach than all of the remaining states combined. The growth in California was largely fueled by the opening of two 550MW capacity photovoltaic plants, along with two large solar-thermal plants. In total, the state added nearly two GigaWatts of capacity last year alone. The growth is driven in part by a renewable energy standard that will see the state generate 33 percent of its electricity from non-hydro renewables by 2020; it was at 22 percent in 2014. Other states with renewable standards—Nevada, Arizona, New Jersey, and North Carolina—rounded out the top five. Both Nevada and Arizona obtained 2.8 percent of their electricity from solar; all other states were at one percent or less. Read 2 remaining paragraphs | Comments

View article:
Big solar plants produced 5% of California’s electricity last year

We know where you’ve been: Ars acquires 4.6M license plate scans from the cops

OAKLAND, Calif.—If you have driven in Oakland any time in the last few years, chances are good that the cops know where you’ve been, thanks to their 33 automated license plate readers (LPRs). Now Ars knows too. In response to a public records request, we obtained the entire LPR dataset of the Oakland Police Department (OPD), including more than 4.6 million reads of over 1.1 million unique plates between December 23, 2010 and May 31, 2014. The dataset is likely the largest ever publicly released in the United States—perhaps in the world. Read 59 remaining paragraphs | Comments

View article:
We know where you’ve been: Ars acquires 4.6M license plate scans from the cops

New DNA construct can set off a “mutagenic chain reaction”

A technique for editing genes while they reside in intact chromosomes has been a real breakthrough. Literally . In 2013, Science magazine named it the runner-up for breakthrough-of-the-year, and its developers won the 2015 Breakthrough Prize . The system being honored is called CRISPR/Cas9, and it evolved as a way for bacteria to destroy viruses using RNA that matched the virus’ DNA sequence. But it’s turned out to be remarkably flexible, and the technique can be retargeted to any gene simply by modifying the RNA. Researchers are still figuring out new uses for the system, which means there are papers coming out nearly every week, many of them difficult to distinguish. That may be precisely why the significance of a paper published last week wasn’t immediately obvious. In it, the authors described a way of ensuring that if one copy of a gene was modified by CRISPR/Cas9, the second copy would be—useful, but not revolutionary. What may have been missed was that this process doesn’t stop once those two copies are modified. Instead, it happens in the next generation as well, and then the generation after that. In fact, the modified genes could spread throughout an entire species in a chain reaction, a fact that has raised ethical and safety concerns about the work. Read 14 remaining paragraphs | Comments

Continue Reading:
New DNA construct can set off a “mutagenic chain reaction”

Google warns of unauthorized TLS certificates trusted by almost all OSes

In the latest security lapse involving the Internet’s widely used encryption system, Google said unauthorized digital certificates have been issued for several of its domains and warned misissued credentials may be impersonating other unnamed sites as well. The bogus transport layer security certificates are trusted by all major operating systems and browsers, although a fall-back mechanism known as public key pinning prevented the Chrome and Firefox browsers from accepting those that vouched for the authenticity of Google properties, Google security engineer Adam Langley wrote in a blog post published Monday . The certificates were issued by Egypt-based MCS Holdings , an intermediate certificate authority that operates under the China Internet Network Information Center (CNNIC). The Chinese domain registrar and certificate authority, in turn, is included in root stores for virtually all OSes and browsers. The issuance of the unauthorized certificates represents a major breach of rules established by certificate authorities and browser makers. Under no conditions are CAs allowed to issue certificates for domains other than those legitimately held by the customer requesting the credential. In early 2012, critics blasted US-based CA Trustwave for doing much the same thing and Langley noted an example of a France-based CA that has also run afoul of the policy. Read 6 remaining paragraphs | Comments

All four major browsers take a stomping at Pwn2Own hacking competition

The annual Pwn2Own hacking competition wrapped up its 2015 event in Vancouver with another banner year, paying $442,000 for 21 critical bugs in all four major browsers, as well as Windows, Adobe Flash, and Adobe Reader. The crowning achievement came Thursday as contestant Jung Hoon Lee, aka lokihardt, demonstrated an exploit that felled both the stable and beta versions of Chrome, the Google-developed browser that’s famously hard to compromise . His hack started with a buffer overflow race condition in Chrome. To allow that attack to break past anti-exploit mechanisms such as the sandbox and address space layout randomization, it also targeted an information leak and a race condition in two Windows kernel drivers, an impressive feat that allowed the exploit to achieve full System access. “With all of this, lokihardt managed to get the single biggest payout of the competition, not to mention the single biggest payout in Pwn2Own history: $75,000 USD for the Chrome bug, an extra $25,000 for the privilege escalation to SYSTEM, and another $10,000 from Google for hitting the beta version for a grand total of $110,000,” Pwn2Own organizers wrote in a blog post published Thursday . “To put it another way, lokihardt earned roughly $916 a second for his two-minute demonstration.” Read 2 remaining paragraphs | Comments

Taken from:
All four major browsers take a stomping at Pwn2Own hacking competition