Researchers discovered that a Transmission Control Protocol (TCP) specification implemented in Linux creates a vulnerability that can be exploited to terminate connections and conduct data injection attacks.
The flaw, tracked as CVE-2016-5696, is related to a feature described in RFC 5961, which should make it more difficult to launch off-path TCP spoofing attacks. The specification was formulated in 2010, but it has not been fully implemented in Windows, Mac OS X, and FreeBSD-based operating systems. However, the feature has been implemented in the Linux kernel since version 3.6, released in 2012.
A team of researchers from the University of California, Riverside and the U.S. Army Research Laboratory identified an attack method that allows a blind, off-path attacker to intercept TCP-based connections between two hosts on the Internet.
Researchers noted that data cannot be injected into HTTPS communications, but the connection can still be terminated using this method. One attack scenario described by the experts involves targeting Tor by disrupting connections between certain relays so that users are forced to use attacker-controlled exit relays.
As the podcast mentions, mobile OS vendors and online services are getting a lot better at encrypting traffic and obscuring metadata, and one of the primary reasons for this was Edward Snowden's revelations about the ubiquity and sophistication of the NSA's surveillance, and by extension, the dangers of surveillance from other state agencies, black hat hackers, and legions of scammers. The Snowden revelations hit Silicon Valley right in the pocketbook, so that did impel a vast new rollout of encryption and bug fixing, but there's still a long way to go.
As a way of both highlighting and trying to fix some of the inherent vulnerabilities of smartphones in particular, Ed Snowden teamed up with famed hardware hacker Bunny Huang have been working on a hardware tool, specifically, a mobile phone case, that monitors the radio signals from a device and reports to the user what's really being transmitted. They explain their project in a fascinating article at PubPub.
Mobile phones provide a wide attack surface, since their multitude of apps are sharing data with the network at all times, and even if the core data is encrypted, a lot can be gleaned from metadata and snippets of unencrypted data that leak through. Journalists and activists generally know this, and often use Airplane Mode when they're worried their location may be tracked. Problem is, when agencies are using spearphishing attacks to remotely jailbreak iPhones and install tracking software, and there are even fears that OS vendors themselves might be cooperating with authorities, Snowden and Huang set out to allow users to monitor their devices in a way that doesn't implicitly trust the device's user interface, which may be hiding the fact that it's transmitting data when it says it's not. The article goes into great detail about the options they considered, and the specific design they've worked down to, and it looks terrific.
Ahmed Mansoor is an internationally recognized human rights defender, based in the United Arab Emirates (UAE), and recipient of the Martin Ennals Award (sometimes referred to as a “Nobel Prize for human rights”). On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product. NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management.
The ensuing investigation, a collaboration between researchers from Citizen Lab and from Lookout Security, determined that the links led to a chain of zero-day exploits (“zero-days”) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware. We are calling this exploit chain Trident. Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.
Already more than a decade old and with roots reaching back half a decade before the World Wide Web itself, the GIF was showing its age. It offered support for a paltry 256 colors. Its animation capabilities were easily rivaled by a flipbook. It was markedly inferior to virtually every file format that had followed it. On top of that, there were the threats of litigation from parent companies and patent-holders which had been looming over GIF users for five long years before the fiery call to action. By Burn All GIFs Day, the GIF was wobbling on the precipice of destruction. Those who knew enough to care deeply about file formats and the future of the web were marching on the gates, armed with PNGs of torches and pitchforks.
And yet, somehow, here we are. Seventeen years later, the GIF not only isn't dead. It rules the web.
Sometimes, things just work - even if it sucks.
Ars has an in-depth review of Android 7.0 Nougat, so sit back, relax, and have fun.
After a lengthy Developer Preview program starting in March, the final version of Android 7.0 (codenamed "Nougat") is finally launching today. The OS update will slowly begin to rollout to devices over the next few weeks. This year, Google is adding even more form factors to the world's most popular operating system. After tackling watches, phones, tablets, TVs, and cars, Nougat brings platform improvements aimed at virtual reality headsets and - with some help from Chrome OS - also targets laptops and desktops.
For Android's primary platform (still phones and tablets), there's a myriad of improvements. Nougat brings a new multitasking split screen mode, a redesigned notification panel, an adjustable UI scale, and fresh emoji. Nougat also sports numerous under-the-hood improvements, like changes to the Android Runtime, updates to the battery saving "Doze" mode, and developer goodies like Vulkan and Java 8 support.
It's Android 7.0 Nougat day! Well, for the owners of a small number of Nexus devices, and even then, of a small subset of them, because of the staged rollout - well, for them, it's Android 7.0 Nougat day! If you have a Nexus 6, Nexus 5X, Nexus 6P, Nexus 9, Nexus Player, Pixel C or General Mobile 4G (Android One), you can try checking for updates starting today. Alternatively, you can manually install a factory image once they become available.
Since Nougat's been out as a developer preview for a while - I've been running it on my 6P for months - I doubt any of you will be surprised by what Nougat brings to the table. It's a relatively small release compared to some other Android releases, but it still brings a number of interesting refinements and new features - the biggest of which is probably the new multiwindow feature.
The Verge's got a review up, and mentions some of the less obvious features that I think are quite important:
A lot of what's new in Nougat are features you can't really see. I'm talking about deeply nerdy (but important) stuff like a JIT compiler for ART apps and support for the Vulkan API for 3D graphics. The former should provide some performance gains while the latter will help Android games look way better. Google also fixed up the way Android handles media so that it's more secure, added file-based encryption, and added some features for enterprise users.
Another important feature laying groundwork for the future: seamless updates. Starting with Nougat, Android will use two separate partitions so updates can be installed and applied in the background, so that the next time you reboot, it's ready to go.
As always - no idea when any of you will get to use Nougat, but it's out there now.
Starting later this month, Uber will allow customers in downtown Pittsburgh to summon self-driving cars from their phones, crossing an important milestone that no automotive or technology company has yet achieved. Google, widely regarded as the leader in the field, has been testing its fleet for several years, and Tesla Motors offers Autopilot, essentially a souped-up cruise control that drives the car on the highway. Earlier this week, Ford announced plans for an autonomous ride-sharing service. But none of these companies has yet brought a self-driving car-sharing service to market.
Uber's Pittsburgh fleet, which will be supervised by humans in the driver's seat for the time being, consists of specially modified Volvo XC90 sport-utility vehicles outfitted with dozens of sensors that use cameras, lasers, radar, and GPS receivers. Volvo Cars has so far delivered a handful of vehicles out of a total of 100 due by the end of the year. The two companies signed a pact earlier this year to spend $300 million to develop a fully autonomous car that will be ready for the road by 2021.
The robotisation of transportation - personal, professional, commercial, and industrial - will be one of the most far-reaching and uprooting developments in recent human history. Transportation is a relatively large part of the workforce, and over the coming decades, many of those jobs will disappear - putting a huge strain on the economy and society.
On top of that, car ownership will start to slow down, and since automated cars will make more efficient use of available road surface, we'll eventually get to the point where we need to rethink our entire infrastructure and the way we design our living space - only 60-70 years after the last time we completely rethought our living space.
We've talked about this before, but The Netherlands completely redesigned (at least the western half of) the country for two things: one, to maximise agricultural production, and two, to prepare the environment for mass car ownership. We succeeded at the former (The Netherlands is the second largest exporter of agricultural products, after the US, but before Germany - despite our tiny surface area), but we only partially succeeded at the latter (traffic jams are a huge problem all over the country).
As an aside: when I say "redesigned the country", I literally mean that the entire map was redrawn. This map should illustrate really well what the Dutch government, the agricultural sector, and industry agreed upon to do; the 'messy' part is the swampy, irregularly shaped way it used to look, while the straight and clean part is what they turned it into. Gone are the irregularly shaped, inefficient patches of farmland only navigable on foot and in boats, and in their place we got large, patches of land, easily reachable by newly drawn roads to make way for cars and trucks (still countless waterways though; they are crucial for making sure the entire western half of the country doesn't flood).
My parents and grandparents lived through this massive redesign, and according to them, it's very difficult to overstate just how massive the undertaking really was.
It's unlikely said redesign will be undone on a massive, regional scale, but at the local level, I can foresee countless pro-car infrastructure and landscaping changes being undone because it's simply not needed anymore. For instance, many towns in my area - including my own - used to have a waterway (like so) running alongside their Main Street (generally 'Dorpsstraat' in Dutch), but in order for a Main Street to be ready for cars, people had to walk elsewhere; the waterways were often filled up and turned into footpaths or sidewalks, so cars could drive on Main Street.
Over the coming decades, I can definitely see such changes being undone in certain places - especially more tourist-oriented towns such as my own. With fewer and fewer cars on the roads, we can start giving space back to people, and while this may not be a big deal in a spacious country like the United States, it will be a revolution here in The Netherlands, the most densely populated western country (that isn't a city state), and in classic cities like, say, Rome or Amsterdam.
All I'm trying to say is that self-driving car technology will, inevitably, have side-effects that many people simply haven't even considered yet. All of us consider cars a normal aspect of our everyday lives and environment, to the point where we've forgotten just how much space we've conceded to the things. Once the dominance of cars starts to come down like a house of cards, our environment will, quite literally, change.
I am extremely excited to share that PowerShell is open sourced and available on Linux. (For those of you who need a refresher, PowerShell is a task-based command-line shell and scripting language built on the .NET Framework to help IT professionals control and automate the administration of the Windows, and now Linux, operating systems and the applications that run on them.) I’m going to share a bit more about our journey getting here, and will tell you how Microsoft Operations Management Suite can enhance the PowerShell experience.
In their own side event this week, AMD invited select members of the press and analysts to come and discuss the next layer of Zen details. In this piece, we're discussing the microarchitecture announcements that were made, as well as a look to see how this compares to previous generations of AMD core designs.
AnandTech - so the only article you'll need to read on Zen.
Three years ago (has it really been that long?), I published a quite detailed (and at times, mildly emotional) retrospective article on the history of Palm and the Palm OS, which I still think is a pretty decent read. For a different perspective on the matter, there's now an excellent article series at LowEndMac.
Palm Computing was largely the creation and vision of one man, Jeff Hawkins. Palm first brought tablet computing to consumers in the form of PDAs (but was beaten by Apple and its scions). The later - and more momentous - goal was to bring consumers to PDAs through simple and very fast user interfaces. This second goal brought us the original Pilot and an entirely new form-factor that millions embraced.
It was only until the introduction of multimedia-rich smartphones that Palm stumbled, though it was one of the leading manufacturers.
An excellent different and detailed perspective on the history of Palm.
In light of our discussion a week ago about how computers have trouble with non-standard dialects and accents, it's interesting to note that according to Quartz, Google is recruiting Scottish people - through a third party company called Appen - to record their own voice.
The tech giant is on the hunt for people with a Scottish accent to record a set of phrases to help improve its speech recognition software. An employee from speech technology company Appen - which has been contracted by Google - started the search by posting on Reddit, in hopes of finding Scots who will record their voices in return for £27 ($36). The task, which takes up to three hours, involves participants recording phrases such as "Indy now" or "Google, what’s the time?"
That's one way of doing it, I guess - but I just don't see how this will make any meaningful dent in broader terms. Getting relatively standard Google Now commands to better recognise people with Scottish accents is very welcome for our friends in the beautiful country of Scotland, but I don't think this will scale very well beyond a limited set of standard Google Now commands (I didn't call Siri and Google Now "slow and cumbersome command line interfaces" for nothing), let alone other English accents and dialects or those of other languages.
Unless, perhaps, Google is planning on doing this for numerous dialects and languages, at which point I wish them good luck - they might be done with English by the time the sun explodes.
The Windows 10 Anniversary Update has begun rolling out for Windows 10 Mobile. The Anniversary Update includes additional features and improvements for your Windows 10 phone. To manually check for the update, on Start, swipe over to the All apps list, then select Settings > Update & security > Phone update > Check for updates. Note that availability may vary by manufacturer, model, country or region, mobile operator or service provider, hardware limitations and other factors.
In other words, it'll be a crapshoot if and when Windows Phone users actually get the update. Not that it matters - most Windows Phone users have already had to move to different platforms due to Microsoft's horrid mismanagement of an otherwise incredibly promising operating system.
Intel has entered into a new licensing agreement with competitor ARM to produce ARM-based chips in Intel factories. The deal, announced today at the Intel Developer Forum, is a strategic move from the Santa Clara, CA company to offer its large-scale custom chip manufacturing facilities, which include 10-nanometer production lines, to third-parties, including those using its rival's technology.
I have a ton of Intel ARM devices already. Perhaps Intel could call these new chips "XScale". Just thought that up. I'm kind of proud of it.
The Note 7 is Samsung's best device ever, and arguably the best big phone ever made. If that's all you're looking to know, then you can stop reading right now and go place your order. It will cost you $849 or more, depending on carrier, and can be preordered now. It will be available in stores starting on August 19th.
But it's interesting to explore why the Note 7 is the best big phone ever. Samsung has more experience with big phones than any other company, and it is leveraging that to improve the big phone experience. It's the only company that's saying a big phone doesn't have to feel like a big phone or be saddled with compromises often associated with them. Samsung wants you to have your cake and eat it too, and that cake’s flavor is the Note 7.
I tried a big phone for the first time. I bought a Nexus 6P, set my iPhone 6S aside. While Android is without a doubt the superior platform compared to iOS, the Nexus 6P just isn't the right phone for me - it's just too big. Big phones are heavy phones, and the whole experience just left my frustrated and annoyed. So for now, I'm back to the iPhone 6S, because despite the inferior software, the smaller size is just a lot more pleasant.
So, I gave the big phone so many people swear by a shot, and it didn't work out for me.
ReactOS 0.4.2 has been released, as part of the project's new, faster release cycle.
Beyond the usual updates to external dependencies such as Wine and UniATA, much work has gone into refining the experience of using ReactOS, especially with respect to the graphical shell and the file explorer. Perhaps the most user visible change however is the ability now to read from and write to several Unix filesystems, namely ext family, ReiserFS, and UFS. Native built-in support for these filesystems should make for considerably easier interoperability than the current out-of-box experience provided by Windows, and there is more to come in the future.
At IDF in San Francisco today, Microsoft's Terry Myerson said that the Windows Holographic experience, including the shell used on the HoloLens hardware, will be made available as an update to the standard Windows 10 desktop operating system some time next year.
Currently, the HoloLens runs a specialized variant of Windows. Desktop Windows offers many of the same APIs as the HoloLens, but the 3D user interface that mixes existing 2D apps with new 3D ones is only available on the augmented reality headset. Next year's update will make it available to all, opening it up not just to Microsoft's standalone device but also to hardware such as the Oculus Rift and HTC Vive that provide tethered virtual reality.
Virtual reality and Microsoft's HoloLens stuff seems like great products for professional applications, but I'm still not sold on the current crop of devices having any broader appeal. Maybe five years from now.