'Fortnite' is coming to China

av - Posted On:2018-04-23 18:30:02 Source: engadget

The popular battle royale game Fortnite is coming to China, thanks to a partnership between its creator Epic Games and Tencent. The Chinese tech giant, which owns over 40 percent of Epic, will handle distribution and publishing. Tencent will reportedly spend $15 million on Fortnite in China on marketing to its domestic playerbase and clamping down on piracy and illegal clones, the latter of which is a problem in the country. According to a DoNews report, some of that investment will be spent building the game's eSports scene in China. Anyone who played the original will be able to transfer their data, skins and items to the Chinese version for a limited time. Tencent has allegedly already built a dedicated app to teach players about the game and watch live broadcasts, and those who visit the game's Chinese site and pre-order it earn special items. \n\nWhether or not Fortnite blows up there as much as it has in the US, Tencent will have a hold on the genre: The company created the mobile version of PlayerUnknowns Battlegrounds, which launched in China last fall and the US last month. But expanding its eSports portfolio is smart given how much the tech giant invested in other popular competitive games. Tencent announced plans to bring its popular-in-China mobile-only MOBA Arena of Valor\/Honor of Kings to the US back in December, followed by a $500,000 eSports World Cup for the title. Tencent also owns a majority share of Riot Games, makers of League of Legends.

Read More

The 'Unpatchable' Exploit That Makes Every Current Nintendo Switch Hackable

games - Posted On:2018-04-23 18:29:59 Source: slashdot

An anonymous reader quotes a report from Ars Technica: A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusee Gelee coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch. "Fusee Gelee isn't a perfect, 'holy grail' exploit -- though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ. The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code. The exploit can't be fixed via a downloadable patch because the flawed bootROM can't be modified once the Tegra chip leaves the factory. As Temkin writes, "unfortunately, access to the fuses needed to configure the device's ipatches was blocked when the ODM_PRODUCTION fuse was burned, so no bootROM update is possible. It is suggested that consumers be made aware of the situation so they can move to other devices, where possible." Ars notes that Nintendo may however be able to detect "hacked" systems when they sign on to Nintendo's servers. "The company could then ban those systems from using the Switch's online functions." Read more of this story at Slashdot.

Read More

Microsoft Is Adding a Dark Theme to Windows 10's File Explorer

Security - Posted On:2018-04-23 18:14:59 Source: bleepingcomputer

In the latest Redstone 5 skip ahead build for Windows 10 Insiders, Microsoft has added a hidden feature that enables a dark theme in File Explorer. While the new theme is in the very beginning development stages (hopefully!!), it's currently not a sight to behold. [...]

Read More

New hacks siphon private cryptocurrency keys from airgapped wallets

Biz & IT - Posted On:2018-04-23 18:14:59 Source: arstechnica

Researchers have defeated a key protection against cryptocurrency theft with a series of attacks that transmit private keys out of digital wallets that are physically separated from the Internet and other networks.

Like most of the other attacks developed by Ben-Gurion University professor Mordechai Guri and his colleagues, the currency wallet exploits start with the already significant assumption that a device has already been thoroughly compromised by malware. Still, the research is significant because it shows that even when devices are airgapped—meaning they aren't connected to any other devices to prevent the leaking of highly sensitive data—attackers may still successfully exfiltrate the information. Past papers have defeated airgaps using a wide array of techniques, including electromagnetic emissions from USB devices, radio signals from a computer's video card, infrared capabilities in surveillance cameras, and sounds produced by hard drives.

On Monday, Guri published a new paper that applies the same exfiltration techniques to "cold wallets," which are not stored on devices connected to the Internet. The most effective techniques take only seconds to siphon a 256-bit Bitcoin key from a wallet running on an infected computer, even though the computer isn't connected to any network. Guri said the possibility of stealing keys that protect millions or billions of dollars is likely to take the covert exfiltration techniques out of the nation-state hacking realm they currently inhabit and possibly bring them into the mainstream.

Read More

Deezer now creates playlists based on your listening habits (updated)

android - Posted On:2018-04-23 18:00:12 Source: engadget

Not to be left behind by the competition, Deezer is tweaking its Flow feature. The app's latest update augments the automatically curated playlist tool to include tracks from artists related to what you're listening to. More than that, the patch gives Flow its own tab within the navigation panel. \

Read More

Facebook details its fight to stop terrorist content

ai - Posted On:2018-04-23 18:00:02 Source: engadget

Last June, Facebook described how it uses AI to help find and take down terrorist content on its platform and in November, the company said that its AI tools had allowed it to remove nearly all ISIS- and Al Qaeda-related content before it was flagged by a user. Its efforts to remove terrorist content with artificial intelligence came up frequently during Mark Zuckerberg's Congressional hearings earlier this month and the company's lead policy manager of counterterrorism spoke about the work during SXSW in March. Today, Facebook gave an update of that work in an installment of its Hard Questions series. Facebook defines terrorism as, \

Read More

The latest Hyperloop feasibility study aims to connect Cleveland and Chicago

Cars - Posted On:2018-04-23 18:00:00 Source: arstechnica

The drive between Chicago and Cleveland can take about five hours. Taking the train is a little longer—six to seven hours, depending on how many stops the train makes. It's easy to see why people would be interested in bringing a faster type of transportation to the corridor.

Enter Hyperloop, of course. The brainchild of Elon Musk, a Hyperloop is a system of transportation envisioned to carry cargo or passengers at speeds above 700 mph through low-pressure tubes. The train pods would hover above the track, using either magnetic levitation or air-bearings. Stretch a tube across the 344 miles between Chicago and Cleveland and simple math suggests you could cover the distance in half an hour, give or take.

At least, theoretically. No Hyperloop system has (publicly) broken a rail-speed barrier yet, and Hyperloop startups have generally focused on announcing new investments or miles-per-hour achievements rather than describing how safety would work in such a system if a pod were to break down and passengers needed to escape a vacuum-sealed tube.

Read More

Byton teases its second “experience-driven” vehicle

byton - Posted On:2018-04-23 17:45:03 Source: engadget

Byton wowed us at CES back in January with its first autonomous EV concept car, a smart SUV built for passenger comfort. At the Beijing Motor Show, the company teased its second vehicle concept, an electric sedan slated to go into series production in 2021. Byton isn't releasing details for the unnamed sedan until CES Asia in June, though we do know it's built on the same electric platform as the company's SUV concept. The 'Smart Utility Vehicle' as the company named it, is the first in an expected lineup of vehicles prioritizing the passengers' in-car experience with dashboard-spanning screens replacing the instrument panel and swiveling seats. Conceivably, the sedan will integrate all the bells and whistles that debuted in its big brother.\n\nIt's interesting that the SIV hasn't even started production (it's allegedly slated to launch in China in 2019) before the company announced its second car. After the sedan starts rolling off assembly lines in 2021, Byton will begin work on an MPV that seats seven. The ambitious plans follow the company's announcement that it's building a new 'Future Lab' in LA devoted to user experience research.

Read More

Transcription Service Leaked Medical Records

Data Breaches - Posted On:2018-04-23 17:45:00 Source: krebsonsecurity

MEDantex, a Kansas-based company that provides medical transcription services for hospitals, clinics and private physicians, took down its customer Web portal last week after being notified by KrebsOnSecurity that it was leaking sensitive patient medical records — apparently for thousands of physicians.

On Friday, KrebsOnSecurity learned that the portion of MEDantex’s site which was supposed to be a password-protected portal physicians could use to upload audio-recorded notes about their patients was instead completely open to the Internet.

What’s more, numerous online tools intended for use by MEDantex employees were exposed to anyone with a Web browser, including pages that allowed visitors to add or delete users, and to search for patient records by physician or patient name. No authentication was required to access any of these pages.

This exposed administrative page from MEDantex’s site granted anyone complete access to physician files, as well as the ability to add and delete authorized users.

Several MEDantex portal pages left exposed to the Web suggest that the company recently was the victim of WhiteRose, a strain of ransomware that encrypts a victim’s files unless and until a ransom demand is paid — usually in the form of some virtual currency such as bitcoin.

Contacted by KrebsOnSecurity, MEDantex founder and chief executive Sreeram Pydah confirmed that the Wichita, Kansas based transcription firm recently rebuilt its online servers after suffering a ransomware infestation. Pydah said the MEDantex portal was taken down for nearly two weeks, and that it appears the glitch exposing patient records to the Web was somehow incorporated into that rebuild.

“There was some ransomware injection [into the site], and we rebuilt it,” Pydah said, just minutes before disabling the portal (which remains down as of this publication). “I don’t know how they left the documents in the open like that. We’re going to take the site down and try to figure out how this happened.”

It’s unclear exactly how many patient records were left exposed on MEDantex’s site. But one of the main exposed directories was named “/documents/userdoc,” and it included more than 2,300 physicians listed alphabetically by first initial and last name. Drilling down into each of these directories revealed a varying number of patient records — displayed and downloadable as Microsoft Word documents and/or raw audio files.

Although many of the exposed documents appear to be quite recent, some of the records dated as far back as 2007. It’s also unclear how long the data was accessible, but this Google cache of the MEDantex physician portal seems to indicate it was wide open on April 10, 2018.

Among the clients listed on MEDantex’s site include New York University Medical Center; San Francisco Multi-Specialty Medical Group; Jackson Hospital in Montgomery Ala.; Allen County Hospital in Iola, Kan; Green Clinic Surgical Hospital in Ruston, La.; Trillium Specialty Hospital in Mesa and Sun City, Ariz.; Cooper University Hospital in Camden, N.J.; Sunrise Medical Group in Miami; the Wichita Clinic in Wichita, Kan.; the Kansas Spine Center; the Kansas Orthopedic Center; and Foundation Surgical Hospitals nationwide. MEDantex’s site states these are just some of the healthcare organizations partnering with the company for transcription services.

Unfortunately, the incident at MEDantex is far from an anomaly. A study of data breaches released this month by Verizon Enterprise found that nearly a quarter of all breaches documented by the company in 2017 involved healthcare organizations.

Verizon says ransomware attacks account for 85 percent of all malware in healthcare breaches last year, and that healthcare is the only industry in which the threat from the inside is greater than that from outside.

“Human error is a major contributor to those stats,” the report concluded.

Source: Verizon Business 2018 Data Breach Investigations Report.

According to a story at BleepingComputer, a security news and help forum that specializes in covering ransomware outbreaks, WhiteRose was first spotted about a month ago. BleepingComputer founder Lawrence Abrams says it’s not clear how this ransomware is being distributed, but that reports indicate it is being manually installed by hacking into Remote Desktop services.

Fortunately for WhiteRose victims, this particular strain of ransomware is decryptable without the need to pay the ransom.

“The good news is this ransomware appears to be decryptable by Michael Gillespie,” Abrams wrote. “So if you become infected with WhiteRose, do not pay the ransom, and instead post a request for help in our WhiteRose Support & Help topic.”

Ransomware victims may also be able to find assistance in unlocking data without paying from nomoreransom.org.

KrebsOnSecurity would like to thank India-based cybersecurity startup Banbreach for the heads up about this incident.

Read More

Google Accused of Showing 'Total Contempt' for Android Users' Privacy

technology - Posted On:2018-04-23 17:45:00 Source: slashdot

On the heels of a terse privacy debate, Google may have found another thing to worry about: its attempt to rethink the traditional texting system. From a report: Joe Westby is Amnesty International's Technology and Human Rights researcher. Recently, in response to Google's launch of a new messaging service called "Chat", Westby argued that Google, "shows total contempt for Android users' privacy." "With its baffling decision to launch a messaging service without end-to-end encryption, Google has shown utter contempt for the privacy of Android users and handed a precious gift to cybercriminals and government spies alike, allowing them easy access to the content of Android users' communications. Following the revelations by CIA whistleblower Edward Snowden, end-to-end encryption has become recognized as an essential safeguard for protecting people's privacy when using messaging apps. With this new Chat service, Google shows a staggering failure to respect the human rights of its customers," Westby contended. Westby continued, saying: "In the wake of the recent Facebook data scandal, Google's decision is not only dangerous but also out of step with current attitudes to data privacy." Read more of this story at Slashdot.

Read More

Microsoft Is Adding a Dark Theme Coming to Windows 10's File Explorer

Security - Posted On:2018-04-23 17:30:00 Source: bleepingcomputer

In the latest Redstone 5 skip ahead build for Windows 10 Insiders, Microsoft has added a hidden feature that enables a dark theme in File Explorer. While the new theme is in the very beginning development stages (hopefully!!), it's currently not a sight to behold. [...]

Read More

Twitch's custom extensions can now ask for Bits

amazon - Posted On:2018-04-23 17:15:03 Source: engadget

You didn't think Twitch would offer streamer extensions without finding a way to generate money from them, did you? Sure enough, the customization feature now accepts Bits (the microtransactions you normally use to tip streamers) for on-page games and other features. Chip in a few cents and you can participate in games with broadcasters (such as arcade or trivia titles), predict who's likely to win and mess with the streamer by voting in polls that decide what they do next. The support is available today through dozens of extensions on launch, and it's available to both Affiliates and Partners.\n\nNo, the thought of having to pay just to interact with a streamer isn't thrilling -- some of these features have been available for free, including channel bots that don't require extensions. This does give you a better reason to buy Bits outside of pure financial support, however. And it's not just another source of revenue for Twitch streamers -- they can use it as a gatekeeper that keeps (some) trolls out of on-stream events. There is the chance that hosts could misuse their newfound power, but it could also create new opportunities.

Read More

Adobe Premiere makes it easier to edit Insta360 Pro footage

0 - Posted On:2018-04-23 17:15:02 Source: engadget

Insta360's more affordable 8K VR camera was made available for pre-orders in 2017, with a major software update in December of that same year that kicked the high-end 360-degree camera's image processing up a notch. The camera got a stamp of approval from Google last year, too, which gives you the power to contribute to the tech giant's Street View mapping with the device. Now Adobe just made editing 360 video captured with the Insta360 Pro much easier with a new plugin for Adobe Premiere Pro CC. 360 video typically needs to be stitched together before and after editing, making for a pretty tedious process. Now, if you've got an Insta360 Pro camera and a copy of Premiere, you can start editing right after import - no pre-editing stitching required. The plug-in that allows this basically creates proxy footage, a quick-stitched, lower-resolution substitute that you can edit just like regular source footage. This makes for a much quicker start to the editing workflow, and will help ameliorate any chugging your processor might do when editing 8K video. When you're all done editing, Premiere will stitch together only the video you used in your project, further reducing the time to export.

Read More

AI Trained on Images from Cosmological Simulations Surprisingly Successful at Classifying Real Galaxies in Hubble Images

science - Posted On:2018-04-23 17:15:00 Source: slashdot

A machine learning method which has been widely used in face recognition and other image- and speech-recognition applications, has shown promise in helping astronomers analyze images of galaxies and understand how they form and evolve. From a report: In a new study, accepted for publication in Astrophysical Journal and available online [PDF], researchers used computer simulations of galaxy formation to train a deep learning algorithm, which then proved surprisingly good at analyzing images of galaxies from the Hubble Space Telescope. The researchers used output from the simulations to generate mock images of simulated galaxies as they would look in observations by the Hubble Space Telescope. The mock images were used to train the deep learning system to recognize three key phases of galaxy evolution previously identified in the simulations. The researchers then gave the system a large set of actual Hubble images to classify. The results showed a remarkable level of consistency in the neural network's classifications of simulated and real galaxies. "We were not expecting it to be all that successful. I'm amazed at how powerful this is," said coauthor Joel Primack, professor emeritus of physics and a member of the Santa Cruz Institute for Particle Physics (SCIPP) at UC Santa Cruz. "We know the simulations have limitations, so we don't want to make too strong a claim. But we don't think this is just a lucky fluke." Read more of this story at Slashdot.

Read More

The “unpatchable” exploit that makes every current Nintendo Switch hackable

Gaming & Culture - Posted On:2018-04-23 16:59:59 Source: arstechnica

A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Tempkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusée Gelée coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch.

"Fusée Gelée isn't a perfect, 'holy grail' exploit—though in some cases it can be pretty damned close," Tempkin writes in an accompanying FAQ.

The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code.

Read More

Despite bigger ambitions, Google is still an ad business

alphabet - Posted On:2018-04-23 16:45:02 Source: engadget

As we already know, Google's parent company Alphabet makes the bulk of its money from ads. We also learned in quarters past that revenue from its non-Google projects, which it calls \

Read More

Orangeworm Hackers Infect X-Ray and MRI Machines In Their Quest for Patient Data

Security - Posted On:2018-04-23 16:44:59 Source: bleepingcomputer

Security researchers can't explain how and why malware has infected computers that control MRI and X-ray machines at countless of healthcare organizations across the world. [...]

Read More

Man behind Cambridge Analytica’s Facebook data mining says he’s sorry

Policy - Posted On:2018-04-23 16:44:59 Source: arstechnica

In advance of his upcoming testimony before the UK Parliament, Aleksandr Kogan wants the public to know two things: he's sorry, and he's not a Russian agent. (Kogan, who was born in Moldova, moved to Moscow as a child before eventually emigrating to the United States, where he became a citizen.)

Kogan, who authored the initial Facebook app created at the behest of Cambridge Analytica, has now come forward. He recently granted interviews to The New York Times, BuzzFeed News, and CBS' 60 Minutes. (Kogan did not respond to Ars' request for comment.)

It was Kogan's 2014 app, "This is Your Digital Life," which invited users to log in with their Facebook credentials and answer a slew of survey questions in exchange for $4. Those respondents also allowed Kogan and his team access to their friends' public profile data. In the end, this system captured data on 87 million Facebook users. This data trove ultimately wound up in the hands of Donald Trump's presidential campaign when it hired the London-based firm.

Read More

Atlanta spends more than $2 million to recover from ransomware attack

atlanta - Posted On:2018-04-23 16:30:02 Source: engadget

Last month, Atlanta's city government was hit with a ransomware attack that caused courthouse documents and services like payment processing to become inaccessible. The ransom demand was approximately $51,000 but according to the city's Department of Procurement, Atlanta has spent much more than that on efforts to rectify the situation. It appears that firms Secureworks and Ernst & Young were paid $650,000 and $600,000, respectively, for emergency services while Edelman was paid $50,000 for crisis communication services. Overall, the funds seemingly applied to the ransomware attack response add up to approximately $2.7 million. \n\nAtlanta .gov ransomware attack costs pic.twitter.com\/xgQEpbeZPZ\n— Ryan Naraine (@ryanaraine) April 23, 2018\n\n\nIt's unclear whether Atlanta paid or tried to pay the ransom, but evidence suggests city officials didn't attempt to or were unsuccessful. The affected services are still not fully up and running and ahead of the ransom deadline, the attackers took down the communication portal that would have been used to pay the fee.\n\nThe question of whether to pay a ransom or not isn't always an easy one to answer. Agencies like the FBI typically discourage paying these types of ransoms, with one reason being it might encourage attackers to keep doing what they're doing. But not everyone agrees with that reasoning. \

Read More

Google beats expectations again with $31.15B in revenue

Mobile - Posted On:2018-04-23 16:30:01 Source: techcrunch

Alphabet, Google’s parent company, reported another pretty solid beat this afternoon for its first quarter as it more or less has continued to keep its business growing substantially — and is growing even faster than it was a year ago today. Google said its revenue grew 26% year-over-year to $31.16 billion in the first quarter […]

Read More