wired – Page 48

NSA’s automated hacking engine offers hands-free pwning of the world

Since 2010, the National Security Agency has kept a push-button hacking system called Turbine that allows the agency to scale up the number of networks it has access to from hundreds to potentially millions. The news comes from new Edward Snowden documents published by Ryan Gallagher and Glenn Greenwald in The Intercept today. The leaked information details how the NSA has used Turbine to ramp up its hacking capacity to “industrial scale,” plant malware that breaks the security on virtual private networks (VPNs) and digital voice communications, and collect data and subvert targeted networks on a once-unimaginable scale. Turbine is part of Turbulence, the collection of systems that also includes the Turmoil network surveillance system that feeds the NSA’s XKeyscore surveillance database. While it is controlled from NSA and GCHQ headquarters, it is a distributed set of attack systems equipped with packaged “exploits” that take advantage of the ability the NSA and GCHQ have to insert themselves as a “man in the middle” at Internet chokepoints. Using that position of power, Turbine can automate functions of Turbulence systems to corrupt data in transit between two Internet addresses, adding malware to webpages being viewed or otherwise attacking the communications stream. Since Turbine went online in 2010, it has allowed the NSA to scale up from managing hundreds of hacking operations each day to handling millions of them. It does so by taking people out of the loop of managing attacks, instead using software to identify, target, and attack Internet-connected devices by installing malware referred to as “implants.” According to the documents, NSA analysts can simply specify the type of information required and let the system figure out how to get to it without having to know the details of the application being attacked. Read 13 remaining paragraphs | Comments

View original post here:
NSA’s automated hacking engine offers hands-free pwning of the world

How CIA snooped on Senate Intel Committee’s files

CIA Headquarters in Langley, Virginia. The CIA gave Senate Intelligence Committee staffers access to its data offsite—in a leased facility the CIA controlled. It sounds like something out of Homeland : at a secret location somewhere off the campus of the Central Intelligence Agency, the CIA leases a space and hires contractors to run a top-secret network, which it fills with millions of pages of documents dumped from the agency’s internal network. But that’s apparently exactly what the CIA did for more than three years as part of an agreement to share data with the staff of the Senate Select Committee on Intelligence on its controversial detention and interrogation program. And it’s also how the agency was able to gain access to the computers and shared network drive used by committee staffers in a search that Senator Diane Feinstein contended today crossed multiple legal and constitutional boundaries. In a speech on the Senate floor this morning, Feinstein detailed the strange arrangement and accused the CIA of breaking its agreement with the committee on multiple occasions. She also accused the agency of reportedly filing a criminal report against committee staffers with the Justice Department in “a potential effort to intimidate this staff.” The details shared by Feinstein show the length to which the CIA went to try to control the scope of the data that was shared with Senate staffers—and still managed to give them more than some officials in the agency wanted to. Even with multiple levels of oversight, the CIA managed to hand over the data along with an internal review of that very data, which included the agency’s own damning assessment of the interrogation program. Read 18 remaining paragraphs | Comments

Review: Mophie’s Space Pack doubles your iPhone’s battery, storage, and size

The Mophie Space Pack is an iPhone case with an integrated battery and 16 or 32GB of internal storage. Andrew Cunningham Specs at a glance: Mophie Space Pack Storage 16 or 32GB integrated NAND Ports MicroUSB 2.0 for charging Size 5.66″ 2.57″ x 0.63″ (143.76 x 65.28 x 16mm) Weight 2.80 oz (79.38g) Battery 1700mAh Warranty 1 year Starting Price $149.95 for 16GB, $179.95 for 32GB Compatibility iPhone 5 and 5S only. Not compatible with fifth-gen iPod touch or iPhone 5C. I bought one of Mophie’s external battery packs not long after we reviewed one in mid-2012 , and since then it’s become one of my favorite travel companions. My phone is in near-constant use while I’m traveling for work, whether I’m transmitting communications to the Ars Orbiting HQ , tethering my computer to my phone, or shooting some quick on-the-fly video or pictures without digging out my DSLR. The upside to an external battery pack is that I can plug pretty much anything into it, from an iPhone to an Android tablet to a Chromebook 11 . The bad thing is that you have to remember to have it on you, and you also need to carry around the necessary cables at all times. That’s where Mophie’s Space Pack comes in—it’s a revised version of the company’s Juice Pack battery cases with a twist. In addition to a 1,700mAh battery, it includes either 16GB or 32GB of storage that you can use to augment your iPhone’s internal storage. It’s not for everyone, but for some iPhone 5 and 5S users among you, it just might be able to kill three birds with one stone. The case The case slides on to your iPhone 5 or 5S. Pull the two parts back apart to get the phone out of the case. Andrew Cunningham The case itself is very similar to Mophie’s existing Juice Pack Plus or Juice Pack Air, the largest and second-largest battery cases the company sells. Its 1,700mAh battery is identical to the Air, and they share roughly equal physical dimensions and weight (the Space Pack is very slightly larger and heavier, but it’s hard to tell the difference). It comes apart in two pieces that slide onto the phone and interlock. The bottom of the case has a male Lightning connector that goes into the phone, but you charge the case itself with the same micro USB port that you might find in an Android or Windows phone or tablet. Read 15 remaining paragraphs | Comments

Read the article:
Review: Mophie’s Space Pack doubles your iPhone’s battery, storage, and size

Teens get banned from an app after vicious attacks and threats

simon_bramwell The developers of Yik Yak , an app that works as an anonymous message board for up to 500 people in close proximity to one another, have selectively disabled the app’s use in Chicago following vicious sniping and rumor mongering by children using it at school. WLS-TV in Chicago reports that people in the city won’t be able to use Yik Yak until the developers figure out a way to get youth usage under control. Apps for sharing information anonymously like Wut and Secret have seen a recent surge in popularity. In the case of Wut and Secret, users are connected to people they actually know—Secret uses the mobile device’s contact list, and Wut’s (anonymous) contacts are powered by Facebook. Yik Yak, by contrast, connects a large swath of people—friends, enemies, and strangers—based entirely on their location. Among middle and high schoolers, this becomes many lockers’- and bathroom walls’-worth of pain and drama. WLS-TV reports students in Chicago have used it to spread rumors about rape, and in other locales, schools have been evacuated because of bomb threats on the service. Read 1 remaining paragraphs | Comments

Original post:
Teens get banned from an app after vicious attacks and threats

First OS X 10.9.3 beta improves support for 4K displays

An OS X 10.9.3 beta running in Retina mode on what appears to be a 39-inch Seiki 4K display. 9to5Mac OS X 10.9.2 was just released last week, but Apple has already begun testing for version 10.9.3, and the update will apparently come with some goodies for users of 4K displays. According to a report by 9to5Mac , the new update enables HiDPI “Retina” scaling on 4K displays that didn’t offer the option in previous OS X versions. It’s possible to enable HiDPI display modes on any monitor in OS X with some tweaking, but Apple is apparently interested in supporting Retina-style output on high-resolution monitors by default. Apple made a big 4K push with its new Mac Pro, which can support up to three 4K displays at once thanks to its twin GPUs and six Thunderbolt 2.0 ports. However, the company doesn’t yet make its own 4K Thunderbolt Display—current Mac Pro buyers can add $3,600 32-inch Sharp 4K displays to their orders, or they can bring their own monitors. 9to5Mac’s testing was conducted with what appears to be a 39-inch Seiki Digital display , which as of this writing can be had on Amazon for $500 (though it doesn’t support a 60Hz refresh rate at 4K). According to others who have installed the new beta , 10.9.3 also apparently enables 60Hz 4K output on the 2013 Retina MacBook Pros. The Intel and Nvidia GPUs that power these MacBooks were previously capable of 60Hz 4K output when running Windows, but were limited to lower refresh rates in OS X. Higher refresh rates make for a smoother, more pleasant viewing experience, and are especially useful when editing movies, playing games, or in any other activities where response time is important. Those with older Macs likely won’t see 60Hz 4K support even after installing the update—the 2013 Retina MacBook Pros and 2013 Mac Pro are the only systems that support the requisite DisplayPort 1.2 spec. iMacs, MacBook Airs, and the Mac Mini will need to wait for a Thunderbolt 2 upgrade before they can drive high-resolution displays at the higher refresh rate. Read 1 remaining paragraphs | Comments

Read the original:
First OS X 10.9.3 beta improves support for 4K displays

Microsoft is a “2.5-trick pony” according to Steve Ballmer

In Conversation with Steve Ballmer at Saïd Business School Most companies fail, successful companies are often one-trick ponies, but Microsoft is a two-and-a-half trick pony, according to former CEO Steve Ballmer, speaking at Oxford’s Said Business School . He was responding to a question about why Microsoft had failed to innovate in the mobile space, particularly given that it had invented the tablet computer way before it was popularized by Apple. “Most tech companies fail,” Ballmer replied. “They are zero-trick ponies. They never do anything well and they go away. You are a genius in the industry if you are a one-trick pony. You get some innovation right and then spin it. I am very proud of the fact that [Microsoft] has done at least two tricks. Tricks are worth billions and billions and billions of dollars.” Read 11 remaining paragraphs | Comments

View original post here:
Microsoft is a “2.5-trick pony” according to Steve Ballmer

Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

A. Strakey Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library. The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn’t be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers. The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates . The coding error, which may have been present in the code since 2005 , causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical “goto fail” flaw that for months put users of Apple’s iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug . Read 7 remaining paragraphs | Comments

Link:
Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

MtGox code posted by hackers as company files for bankruptcy protection

Cross Office Shibuya Medio, the office building in Tokyo that is home to MtGox and Mark Karpeles’ other companies. Tokyo Apartments As MtGox CEO Mark Karpeles and his lawyers officially filed for court-supervised restructuring of the Bitcoin exchange, someone posted a chunk of code to Pastebin that would appear to lend credence to Karpeles’ contention that his company was hacked. The block of PHP code appears to be part of the backend for MtGox’s Bitcoin exchange site, and it includes references to IP addresses registered to Karpeles’ Web hosting and consulting company, Tibanne . In an update to the MtGox website late Monday, the company reasserted its claim that it had been hacked through an exploit of a weakness in its exchange website code. “Although the complete extent is not yet known, we found that approximately 750,000 bitcoins deposited by users and approximately 100,000 bitcoins belonging to us had disappeared,” the company’s spokesperson said in the latest update at the MtGox website. “We believe that there is a high probability that these bitcoins were stolen as a result of an abuse of this bug and we have asked an expert to look at the possibility of a criminal complaint and undertake proper procedures.” That loss was discovered on February 24. On the same day, the company found “large discrepancies between the amount of cash held in financial institutions and the amount deposited from our users. The amounts are still under investigation and may vary, but they approximate JPY 2.8 billion [$27 million US].” Read 2 remaining paragraphs | Comments

Originally posted here:
MtGox code posted by hackers as company files for bankruptcy protection

Snow Leopard updates are probably done—here are your OS X upgrade options

End of the line, Snowy. Apple Apple offers no end-of-life roadmaps for its operating systems, and it doesn’t officially comment on whether support has dried up for this or that version of OS X. The best you can do is look at historical data. Since switching to a yearly release cadence with Lion back in 2011, Apple seems to be willing to support whatever the latest version is plus the two preceding versions. When OS X 10.9.2 was released earlier this week, it was accompanied by security updates for OS X 10.8 and 10.7 but not for 2009’s OS X 10.6. It’s the first major security update that Snow Leopard has missed—the OS is still getting iTunes updates, but its last major security patch happened back in September. This has prompted a flurry of posts from various outlets. All point out the same Net Applications data that says 10.6 still powers around 19 percent of Macs. Most compare the OS X support cycle to the much-longer Windows cycle. Some make a bigger deal about it than others. None really tell anyone in that 19 percent what to do next. You’ll need to know the exact kind of Mac you’re using before proceeding—typing your serial number into this Service and Support page should give you the information you need if you’re not sure. Launching the System Profiler application from the Utilities folder will show you your serial number and your Mac’s specific model identifier (something like MacBook4,1 or iMac11,2), the latter of which can be used with this EveryMac lookup page to find what you’re looking for. Read 17 remaining paragraphs | Comments

Read the article:
Snow Leopard updates are probably done—here are your OS X upgrade options

Two new Windows 8.1 SKUs coming: Standalone Enterprise and low-cost Bing edition

Microsoft is expected to expand the lineup of Windows 8.1 versions with at least one, and probably two, new editions of the operating system. The first is a straightforward affair. At the moment, Windows Enterprise is only available to organizations buying Software Assurance agreements. Microsoft has confirmed to ZDNet that from March 1, Windows Enterprise will be sold to any company with an Open, Select, or Select Plus plan. This will enable companies that don’t want to pay for Software Assurance’s features such as the automatic upgrade entitlements and extras such as the Microsoft Desktop Optimization Pack to have a way to get their hands on the Enterprise edition. Microsoft is also making changes to the interactions between Software Assurance and Windows Pro; you can read the full, complicated story at Directions on Microsoft , written by perhaps the only people on earth with a solid understanding of how Microsoft’s licensing works. Read 3 remaining paragraphs | Comments

See more here:
Two new Windows 8.1 SKUs coming: Standalone Enterprise and low-cost Bing edition

Ken May

Tag: wired