Tech News courtesy of Ars Technica
- Ulbricht at sentencing: “I respect the law and its authority“
- Rumors point to different kind of launch for Windows 10 in July
- Sunk: How Ross Ulbricht ended up in prison for life
- Report: US tried Stuxnet variant on N. Korean nuke program, failed
- Silk Road mastermind Ross Ulbricht sentenced to life in prison
- Proposed rule change to expand feds’ legal hacking powers moves forward
- Verizon FiOS reps know what TV channels you watch
- Low-end VR: Playing with Google’s new Cardboard headset
- “Lone wolf” and “roving wiretap” US surveillance powers expire Sunday
- Crypto flaws in Blockchain Android app sent bitcoins to the wrong address
Before he was sentenced to life in prison, Ross Ulbricht made the longest public statement since his arrest, standing up and addressing the judge who had his life in her hands.
"I've changed," he told US District Judge Katherine Forrest. "I'm not the man I was when I created Silk Road. I'm not the man I was when I was arrested. I'm a little wiser, a little more mature, and a lot more humble."
"I've spent a lot of time grappling with the possibility that I'll never be free," said Ulbricht, noting he had already been in prison for 20 months, with plenty of time to think. "Asking myself, where did I go wrong? I wish I could go back and convince myself to take a different path. I can't do that. But I can learn from my past."
AMD's Lisa Su let slip in April that the Windows 10 release is scheduled for late July. The Verge is now reporting that Microsoft is still on track to hit a July date, according to sources "familiar with the matter."
The Verge's sources give a little more structure to the timeline. They claim that Microsoft was originally considering announcing a July 29 launch date on April 29 at its Build conference, putting three months between the announcement and the launch. The company didn't go forward with the announcement for fear of not hitting the date.
The report says that the company is aiming to finalize the Windows 10 code by the end of June. This point would traditionally be known as "release to manufacturing" (RTM), and historically there has been a gap of several months between RTM and actual end-user availability. This time was used by OEMs to prepare new machines and get them into sales channels in time for the official launch.
On October 1, 2013, the last day that Ross Ulbricht would be free, he didn't leave his San Francisco home until nearly 3:00pm. When he did finally step outside, he walked ten minutes to the Bello Cafe on Monterey Avenue but found it full, so he went next door to the Glen Park branch of the San Francisco Public Library. There, he sat down at a table by a well-lit window in the library's small science fiction section and opened his laptop.
From his spot in the library, Ulbricht, a 29-year-old who lived modestly in a rented room, settled in to his work. Though outwardly indistinguishable from the many other techies and coders working in San Francisco, Ulbricht actually worked the most unusual tech job in the city—he ran the Silk Road, the Internet’s largest drug-dealing website.
Shortly after connecting to the library WiFi network, Ulbricht was contacted on a secure, Silk Road staff-only chat channel.
It looks like North Korea's "hermit nation" status has paid off in at least one way: the US was unable to infect the systems controlling centrifuges for North Korea's nuclear program, even after using a variant of the Stuxnet virus designed specifically for Korean systems. According to an exclusive report by Reuters, the National Security Agency led an effort in parallel to the one that went after Iran's nuclear program, but the agency failed to get its malware into North Korea's nuclear labs because they were so isolated—both in a geographic and communications sense.
Reuters' Joseph Menn cites an unnamed US intelligence official as saying the same team that developed Stuxnet—which was reportedly a joint US-Israeli development effort called "Olympic Games"—also developed a similar set of malware that would activate itself only when it encountered Korean language settings on the computers it infected.
Like Iran, North Korea used centrifuges obtained from the Pakistani scientist, A.Q. Khan, who led his own country's nuclear weapons effort. The P-2 centrifuges used by Iran were controlled by supervisory control and data acquisition (SCADA) systems from Siemens, with control software running on the Windows operating system. It was believed that North Korea used similar software because of the similarity between the two research efforts, so the STUXNET malware could in theory be used with minor modifications.
NEW YORK—Ross Ulbricht was sentenced to life in prison Friday, following a jury's finding in February that the 31-year-old was the mastermind behind the Silk Road, once the Internet's largest online drug marketplace.
Operating online as "Dread Pirate Roberts," Ulbricht worked with a small staff to control everything sold on the site. He was arrested in October 2013, and the government made its case against him during a three-week trial here earlier this year.
Ulbricht pleaded for leniency during the hearing. "I wish I could go back and convince myself to take a different path," he said.
A controversial proposed judicial rule change allowing judges to issue warrants to conduct “remote access” against a target computer regardless of its location has been approved by a United States Courts committee, according to the Department of Justice.
Federal agents have been known to use such tactics in past and ongoing cases: a Colorado federal magistrate judge approved sending malware to a suspect’s known e-mail address in 2012. But similar techniques have been rejected by other judges on Fourth Amendment grounds. If this rule revision were to be approved, it would standardize and expand federal agents’ ability to surveil a suspect and to exfiltrate data from a target computer regardless of where it is. (Both the United States Army and the Drug Enforcement Administration are known to have purchased such exploits, most likely zero-days.)
In the United States, federal warrants are issued by judges who serve one of the 94 federal judicial districts and are typically only valid for that particular jurisdiction. Typically those warrants are limited to the district in which they are issued.
If you call Verizon FiOS and try to cancel or downgrade your TV package, you might find that the FiOS rep knows almost as much about your TV viewing habits as you do.
Verizon's Rep Guidance software tells Verizon representatives what channels you watch to help them make a more effective sales pitch. The system, which also shows them how much Internet data you use and which pieces of TV equipment you use most, was detailed by a Verizon executive in a public presentation hosted by Data Driven NYC. A Quartz reporter wrote about the presentation yesterday.
Verizon "is now closely tracking exactly what you watch, what devices you use, and how much data you consume," Quartz wrote. "It knows whether your household spars over DVR conflicts and how many hours your kids spend binge-watching shows on HBO. What’s more, the company is listening in on phone calls to customer service in real time, with supervisors poised to jump at the moment they sense a fight brewing or hear trigger words from an unhappy customer, such as 'switching to Time Warner Cable.'"
For whatever reason, I basically ignored Google Cardboard at I/O last year. I blame the volume and importance of all the company's other announcements—Android L's big visual overhaul, the entire Material Design concept, and the typical plethora of app and service updates—as well as the fact that Cardboard is a weird concept to wrap your head around. What? It's VR? But it's made of cardboard and rubber bands? OK, sure, Google.
This year's announcements were more low-key, at least in terms of things we can play with and examine today, so I actually had the time to unfold the new Cardboard and play around a bit. It's surprisingly fun.
Cardboard is decidedly low-tech, which is kind of the point. It's predominantly, well, cardboard, with lenses, a few patches of padding and velcro, and a rubber band thrown in. The velcro holds the various flaps together, your phone rests on the rubber band to keep it from sliding around, and the lenses obviously magnify the screen. The most expensive part of the whole thing is your phone, though in most people's cases that will be something they own already rather than an extra expenditure.
The legal authority for the bulk telephone metadata program Edward Snowden disclosed is set to expire at the stroke of midnight on Monday. But there are lesser known Patriot Act surveillance measures also set to sunset at that time unless the Senate acts quickly.
Senate Majority Leader Mitch McConnell, a Republican of Kentucky, has ordered the Senate to session on Sunday in an 11th-hour bid to salvage the Patriot Act. Unless lawmakers approve extending those provisions under the guise of the USA Freedom Act—which has already passed the House—all three surveillance powers will be no more.
President Barack Obama is expected to sign the act if it passes the Senate. And even if it does, the House's measure removes the bulk telephone metadata from the hands of the National Security Agency and lets it rest with the telecoms. The government could still search the metadata with a warrant from a secret court, as long as the nation's spies articulate a reasonable suspicion that the phone data is relevant to a terror investigation. The Fourth Amendment's probable cause standard does not apply to searching the metadata that includes phone numbers of both parties in a call, calling card numbers, the length and time of the calls, and the international mobile subscriber identity (ISMI) number for mobile callers.
Blockchain, one of the Internet's most widely used Bitcoin wallets, has rushed out an update for its Android app after discovering critical cryptographic and programming flaws that can cause users to send digital coins to the wrong people with no warning.
The vulnerabilities affect a subset of people who run Blockchain for Android on versions 4.1 or older of the mobile OS, according to an advisory published Thursday. The most serious of the flaws is the use of the unencrypted HTTP connections when the app's cryptographic engine contacts random.org to obtain random numbers used to generate private keys for Bitcoin addresses. Since January, random.org has required the use of the more secure HTTPS protocol and has returned a 301 Moved Permanently response when accessed through HTTP. As a result, vulnerable installations of Blockchain for Android generated the private key corresponding to the address 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F, regardless of the address specified by the user.
"To our knowledge, this bug resulted in one specific address being generated multiple times, leading to a loss of funds for a handful of users," Thursday's advisory stated.