Spectre, Meltdown researchers unveil 7 more speculative execution attacks

Spectre, Meltdown researchers unveil 7 more speculative execution attacks

Enlarge (credit: Aurich Lawson / Getty Images)

Back at the start of the year, a set of attacks that leveraged the speculative execution capabilities of modern high-performance processors was revealed. The attacks were named Meltdown and Spectre. Since then, numerous variants of these attacks have been devised. In tandem, a range of mitigation techniques has been created to enable at-risk software, operating systems, and hypervisor platforms to protect against these attacks.

A research team—including many of the original researchers behind Meltdown, Spectre, and the related Foreshadow and BranchScope attacks—has published a new paper disclosing yet more attacks in the Spectre and Meltdown families. The result? Seven new possible attacks. Some are mitigated by known mitigation techniques, but others are not. That means further work is required to safeguard vulnerable systems.

The previous investigations into these attacks has been a little ad hoc in nature; examining particular features of interest to provide, for example, a Spectre attack that can be performed remotely over a network, or Meltdown-esque attack to break into SGX enclaves. The new research is more systematic, looking at the underlying mechanisms behind both Meltdown and Spectre and running through all the different ways the speculative execution can be misdirected.

Read 13 remaining paragraphs | Comments



Source: Ars Technica – Spectre, Meltdown researchers unveil 7 more speculative execution attacks

Man pleads guilty to swatting attack that lead to death of Kansas man

Man pleads guilty to swatting attack that lead to death of Kansas man

Enlarge (credit: Chatsimo / Getty Images)

Federal prosecutors in Kansas announced Tuesday that a 25-year-old Californian has admitted that he caused a Wichita man to be killed at the hands of local police during a swatting attack late last year.

Swatting is a way to harass or threaten someone by calling in a false threat to law enforcement, and when successful, it usually results in a police SWAT team showing up needlessly at its victim’s house.

According to the United States Attorney’s Office for the District of Kansas, Tyler Barriss pleaded guilty to making a false report resulting in a death, cyberstalking, and conspiracy. He also admitted that he was part of “dozens of similar crimes in which no one was injured.”

Read 9 remaining paragraphs | Comments



Source: Ars Technica – Man pleads guilty to swatting attack that lead to death of Kansas man

What is going on with California’s horrific fires?

Wildfire smoke blows westward on November 9.

Enlarge / Wildfire smoke blows westward on November 9. (credit: NASA)

Late last year, California experienced terrible—and in the case of the October Tubbs Fire, record-setting—wildfires. The fires were especially intense due to an unusually late start to the rainy season, which left vegetation dry as seasonal mountain winds kicked up like bellows in a forge.

This year, the situation has repeated. The Camp Fire in Northern California not only broke last year’s all-time record for area burned, it also broke a much older record for the deadliest wildfire in the state’s history. And in Southern California, the Hill and Woolsey Fires have burned through homes on the north side of Los Angeles.

So what is going on with these extreme fires? Are they just chance or part of a trend? President Trump, via his Twitter account, has repeatedly blamed California for its fires and claimed that environmental policies for water use or forestry are somehow responsible. But these claims make no sense to anyone working in the state—or anyone who knows that forest fires aren’t put out by hose-carrying fire engines. In reality, many factors contribute to the current situation. And climate change is one of them.

Read 10 remaining paragraphs | Comments



Source: Ars Technica – What is going on with California’s horrific fires?

Dealmaster: Take 22% off an Nvidia Shield TV 4K media streamer

Dealmaster: Take 22% off an Nvidia Shield TV 4K media streamer

Enlarge (credit: TechBargains)

Greetings, Arsians! Courtesy of our friends at TechBargains, we have another round of deals to share. Today’s list is headlined by a deal on Nvidia’s Shield TV, which is currently down to $140. That’s a $40 discount, tied for the lowest price we’ve seen for the 4K media streamer.

The Shield TV has been around for a few years, but it’s still the box to own if you want Android TV. Nvidia continues to support the device with regular updates, and the hardware remains more than fast enough to keep everything smooth. While Roku and Amazon offer 4K HDR streamers for far less, the Shield is more flexible when it comes to local file support, with a couple of USB ports for connecting external peripherals and the ability to serve as its own Plex server.

It works with both the Google Assistant and Alexa—the latter requires a pre-existing Alexa device—and can be paired with a tuner to show live TV. The Shield also works like a pseudo game console with Nvidia’s GeForce Now streaming service, though this deal doesn’t include the company’s game-controller accessory. The only glaring downside is that it lacks Dolby Vision HDR, unlike the Apple TV 4K.

Read 6 remaining paragraphs | Comments



Source: Ars Technica – Dealmaster: Take 22% off an Nvidia Shield TV 4K media streamer

We unbox the $200 “power armor” Fallout ’76 version so you don’t have to

Sam Machkovech

A surprise showed up at my doorstep last night: the Fallout ’76 “power armor” edition, arriving ahead of the game’s official launch at 12:01am tomorrow morning (Wednesday, November 14). This $200 special edition has been sold out for quite some time, as it was announced well before the game began receiving more public scrutiny.

But even though its sticker price includes a DLC-loaded version of the retail game, most of its cost is made up of Fallout series swag. Even if you’re wary about the game’s buggy beta period, is there still enough here to justify the insane cost for a series diehard?

Read 7 remaining paragraphs | Comments



Source: Ars Technica – We unbox the 0 “power armor” Fallout ’76 version so you don’t have to

Thermal power plants use a lot of water, but that’s slowly changing

nuclear cooling towers

Enlarge / A view of the decommissioned Duke Energy Crystal River Nuclear Power Plant. (credit: Photo by: Jeffrey Greenberg/UIG via Getty Images)

It may come as a surprise that as of 2015, most of the water taken out of US ground- and surface-water sources was withdrawn by the electricity sector. Irrigation is a close second, and public supply is a distant third.

In 2015, thermal power generation—anything that burns fuel to create gas or steam that pushes a turbine—used 133 billion gallons of water per day. That water is mostly for cooling the equipment, but some of it is also used for emissions reduction and other processes essential to operating a power plant.

Those gallons are mostly freshwater, but some near-coast power generators do use saline or brackish water to operate. Much of the water is returned to the ecosystem, but some of it is also lost in evaporation. The water that is returned can often be thermally polluted, that is, it’s warmer than what’s ideal for the local ecosystem.

Read 6 remaining paragraphs | Comments



Source: Ars Technica – Thermal power plants use a lot of water, but that’s slowly changing

Windows 10 October 2018 Update is back, this time without deleting your data

This message, shown during Windows upgrades, is going to be salt in the wound.

Enlarge / This message, shown during Windows upgrades, is going to be salt in the wound.

Just over a month since its initial release, Microsoft is making the Windows 10 October 2018 Update widely available today. The update was withdrawn shortly after its initial release due to the discovery of a bug causing data loss.

New Windows 10 feature updates use a staggered, ramping rollout, and this (re)release is no different. Initially, it’ll be offered only to two groups of people: those who manually tell their system to check for updates (and that have no known blocking issues due to, for example, incompatible anti-virus software), and those who use the media-creation tool to download the installer. If all goes well, Microsoft will offer the update to an ever-wider range of Windows 10 users over the coming weeks.

For the sake of support windows, Microsoft is treating last month’s release as if it never happened; this release will receive 30 months of support and updates, with the clock starting today. The same is true for related products; Windows Server 2019 and Windows Server, version 1809, are both effectively released today.

Read 8 remaining paragraphs | Comments



Source: Ars Technica – Windows 10 October 2018 Update is back, this time without deleting your data

Here’s the first teaser for the final season of Game of Thrones

Read 7 remaining paragraphs | Comments



Source: Ars Technica – Here’s the first teaser for the final season of Game of Thrones

Indonesia 737 crash caused by “safety” feature change pilots weren’t told of

Read 6 remaining paragraphs | Comments



Source: Ars Technica – Indonesia 737 crash caused by “safety” feature change pilots weren’t told of

Amazon is getting more than $2 billion for NYC and Virginia expansions

Amazon CEO Jeff Bezos on September 13, 2018.

Enlarge / Amazon CEO Jeff Bezos on September 13, 2018. (credit: Alex Wong/Getty Images)

Over the last year, Amazon has dangled in front of cities the possibility that they could host the company’s “second headquarters”—a massive $5 billion facility that would provide 50,000 white-collar jobs. On Tuesday, Amazon confirmed what had been widely reported: nobody would be getting this massive prize. Instead, the expansion would be split in half, with New York City and Arlington, Virginia, (just outside Washington, DC) each getting smaller facilities that will employ around 25,000 people each.

Amazon’s Seattle offices will continue to be the company’s largest and will continue to be Amazon’s headquarters by any reasonable definition. But pretending to have three “headquarters” undoubtedly makes it easier for Amazon to coax taxpayer dollars out of local governments.

The announcement is underwhelming in other ways, too. The Washington, DC, area has been widely seen as the frontrunner since the competition was announced last year. When Amazon announced a list of 20 finalists, the region claimed three of those 20 spots, with separate entries for Northern Virginia; Montgomery County, Maryland; and the district itself. Amazon CEO Jeff Bezos bought The Washington Post in 2013 and bought the largest house in Washington DC in 2016.

Read 13 remaining paragraphs | Comments



Source: Ars Technica – Amazon is getting more than billion for NYC and Virginia expansions

Google adds always-on VPN to its Project Fi cellular service

Read 3 remaining paragraphs | Comments



Source: Ars Technica – Google adds always-on VPN to its Project Fi cellular service

AT&T CEO: State net neutrality and privacy laws are a “total disaster”

AT&T CEO Randall Stephenson speaking and gesturing with his hand while being interviewed at a tech conference.

Enlarge / AT&T CEO Randall Stephenson. (credit: Getty Images | Bloomberg)

AT&T CEO Randall Stephenson yesterday urged Congress to pass net neutrality and consumer data privacy laws that would prevent states from issuing their own stricter laws.

“There are a number of states that are now passing their own legislation around privacy and, by the way, net neutrality,” Stephenson said in an interview at a Wall Street Journal tech conference (see video). “What would be a total disaster for the technology and innovation you see happening in Silicon Valley and elsewhere is to pick our head up and have 50 different sets of rules for companies trying to operate in the United States.”

There was a single US standard for net neutrality passed by the Federal Communications Commission in 2015. But AT&T and other ISPs opposed it and sued the FCC in a failed effort to get the regulation thrown out by a court.

Read 8 remaining paragraphs | Comments



Source: Ars Technica – AT&T CEO: State net neutrality and privacy laws are a “total disaster”

Russian space leader suggests engineers test spacecraft Stalin’s way

Read 5 remaining paragraphs | Comments



Source: Ars Technica – Russian space leader suggests engineers test spacecraft Stalin’s way

Apple’s T2 chip will block some third-party repairs of new devices

Apple’s T2 chip will block some third-party repairs of new devices

Enlarge (credit: Samuel Axon)

Small repair shops and tech enthusiasts who attempt to fix their new Apple devices may be taking a serious risk in doing so. According to a report from The Verge, Apple confirmed that its new T2 security chip is designed to lock down devices after repair if it doesn’t recognize certain authorized replacement parts.

Word of this new policy came out last month in an Apple document circulated among authorized service providers. In order to replace certain hardware components, such as the Touch ID sensor or the logic board on new Macs, the provider must run a specific piece of diagnostic software.

This program, called “AST 2 System Configuration,” works in conjunction with the T2 security chip. If this step isn’t performed on devices with the T2 chip, it could result in an inoperable machine.

Read 4 remaining paragraphs | Comments



Source: Ars Technica – Apple’s T2 chip will block some third-party repairs of new devices

The Ars Holiday Gift Guide 2018—tech and gear for travel that we’d buy

Read 54 remaining paragraphs | Comments



Source: Ars Technica – The Ars Holiday Gift Guide 2018—tech and gear for travel that we’d buy

Google goes down after major BGP mishap routes traffic through China

Google goes down after major BGP mishap routes traffic through China

Enlarge (credit: https://www.flickr.com/photos/bfishadow/5668460325)

Google lost control of several million of its IP addresses for more than an hour on Monday in an event that intermittently made its search and other services unavailable to many users and also caused problems for Spotify and other Google cloud customers. While Google said it had no reason to believe the mishap was a malicious hijacking attempt, the leak appeared suspicious to many, in part because it misdirected traffic to China Telecom, the Chinese government-owned provider that was recently caught improperly routing traffic belonging to a raft of Western carriers though mainland China.

The leak started at 21:13 UTC when MainOne Cable Company, a small ISP in Lagos, Nigeria, suddenly updated tables in the Internet’s global routing system to improperly declare that its autonomous system 37282 was the proper path to reach 212 IP prefixes belonging to Google. Within minutes, China Telecom improperly accepted the route and announced it worldwide. The move by China Telecom, aka aka AS4809, in turn caused Russia-based Transtelecom, aka AS20485, and other large service providers to also follow the route.

The redirections, BGPmon said on Twitter came in five distinct waves over a 74-minute period. The redirected IP ranges transmitted some of Google’s most sensitive communications, including the company’s corporate WAN infrastructure and the Google VPN. This graphic from regional Internet registry RIPE NCC shows how the domino effect played out over a two-hour span. The image below shows an abbreviated version of those events.

Read 10 remaining paragraphs | Comments



Source: Ars Technica – Google goes down after major BGP mishap routes traffic through China

Report: Amazon chooses New York City neighborhood, DC suburb for HQ2

A pedestrian walks past a mural in the Long Island City neighborhood in the Queens borough of New York, U.S., on Friday, Nov. 9, 2018.

Enlarge / A pedestrian walks past a mural in the Long Island City neighborhood in the Queens borough of New York, U.S., on Friday, Nov. 9, 2018. (credit: Christopher Lee/Bloomberg via Getty Images)

Amazon has reportedly selected two joint sites for its second headquarters, or HQ2: Long Island City—a neighborhood in Queens, New York City—and Crystal City, Virginia, adjacent to Washington DC.

According to the Wall Street Journal, which broke the news on Monday evening, the selection caps a process that lasted over a year to lure the Seattle-based retail giant.

In January 2018, 20 “finalist” cities were named, including Raleigh, Toronto, Chicago, and Atlanta, among others.

Read 4 remaining paragraphs | Comments



Source: Ars Technica – Report: Amazon chooses New York City neighborhood, DC suburb for HQ2

A new “fuzzy Pikachu” debate headlines a trailer-filled Monday

Read 7 remaining paragraphs | Comments



Source: Ars Technica – A new “fuzzy Pikachu” debate headlines a trailer-filled Monday

Cats, beetles, other mummified animals found—along with a sealed door

Read 7 remaining paragraphs | Comments



Source: Ars Technica – Cats, beetles, other mummified animals found—along with a sealed door

French investigators to work directly with Facebook to monitor hate speech

Read 6 remaining paragraphs | Comments



Source: Ars Technica – French investigators to work directly with Facebook to monitor hate speech