SpaceX’s Starlink will come out of beta next month, Elon Musk says

Enlarge / Screenshot from the Starlink order page, with the street address blotted out. (credit: SpaceX Starlink)
SpaceX’s Starlink satellite-broadband service will emerge from beta in October, CEO Elon Musk said last night. Musk provided the answer of “next month” in response to a Twitter user who asked when Starlink will come out of beta.
SpaceX began sending email invitations to Starlink’s public beta in October 2020. The service is far from perfect, as trees can disrupt the line-of-sight connections to satellites and the satellite dishes go into “thermal shutdown” in hot areas. But for people in areas where wired ISPs have never deployed cable or fiber, Starlink is still a promising alternative, and service should improve as SpaceX launches more satellites and refines its software.
SpaceX has said it is serving over 100,000 Starlink users in a dozen countries from more than 1,700 satellites. The company has been taking preorders for


Original URL: https://arstechnica.com/?p=1796340

Original article

Trusted platform module security defeated in 30 minutes, no soldering required

Enlarge (credit: Getty Images)
Let’s say you’re a large company that has just shipped an employee a brand-new replacement laptop. And let’s say it comes preconfigured to use all the latest best security practices, including full-disk encryption using a trusted platform module, password-protected BIOS settings, UEFI SecureBoot, and virtually all other recommendations from the National Security Agency and NIST for locking down federal computer systems. And let’s say an attacker manages to intercept the machine. Can the attacker use it to hack your network?
Research published last week shows the answer is a resounding yes. Not only that, but a hacker who has done her homework needs a surprisingly short stretch of time alone with the machine to carry out the attack. With that, the hacker can gain the ability to write not only to the stolen laptop, but to the fortified network it was configured to connect to.
Researchers at the security


Original URL: https://arstechnica.com/?p=1784665

Original article

Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices

Enlarge (credit: Getty Images)
Last week’s mass-wiping of Western Digital My Book Live storage devices involved the exploitation of not just one vulnerability, but a second critical security bug that allowed hackers to remotely perform a factory reset without a password, an investigation shows.
The vulnerability is remarkable not only because it made it trivial to wipe what’s likely petabytes of user data. More notable still was the fact that, according to the vulnerable code itself, a Western Digital developer actively removed code that required a valid user password before allowing factory resets to proceed.
Done and undone
The undocumented vulnerability resided in a file aptly named system_factory_restore. It contains a PHP script that performs resets, which allows users to restore all default configurations and to wipe all data stored on the devices.Read 22 remaining paragraphs | Comments


Original URL: https://arstechnica.com/?p=1776939

Original article

“I’m totally screwed.” WD My Book Live users wake up to find their data deleted

Enlarge (credit: Western Digital)
Western Digital, maker of the popular My Disk external hard drives, is recommending customers unplug My Disk Live storage devices from the Internet until further notice while company engineers investigate unexplained compromises that have completely wiped data from devices around the world.
The mass incidents of disk wiping came to light in this thread on Western Digital’s support forum. So far, there are no reports of deleted data later being restored.
All my data is gone
“I have a WD mybook live connected to my home LAN and worked fine for years,” the person starting the thread wrote. “I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full but now it shows full capacity.”Read 10 remaining paragraphs | Comments


Original URL: https://arstechnica.com/?p=1776180

Original article

DarkSide ransomware makers accused of skipping town without paying affiliates

Enlarge (credit: Getty Images)
A crime forum is holding a quasi-judicial proceeding against the makers of DarkSide, the ransomware that shut down Colonial Pipeline two weeks ago, to hear claims from former affiliates who say the makers skipped town without paying. Or, at least that’s what members of crime forum XSS.is want us all to believe.
A Russian-speaking person using the handle “darksupp” took to XSS.is in November to recruit affiliates for DarkSide, researchers at security firm FireEye said recently. At the time, DarkSide was the new ransomware-as-a-service on the block, and it was in search of business partners.
Since then, DarkSide has cashed in spectacularly. According to newly released figures from cryptocurrency tracking firm Chainalysis, DarkSide netted at least $60 million in its first seven months, with $46 million of it coming in the first three months of this year.Read 8 remaining paragraphs | Comments


Original URL: https://arstechnica.com/?p=1766911

Original article

Verizon tries to sell Yahoo and AOL after spending $9 billion on fallen giants

Enlarge / Yahoo logo at the 2014 International CES conference in Las Vegas. (credit: Getty Images | Ethan Miller )
Verizon is reportedly ready to give up on Yahoo and AOL after spending a combined $9 billion on the once-dominant Internet brands that fell from prominence years before Verizon bought them.
“Verizon is exploring a sale of assets including Yahoo and AOL, as the telecommunications giant looks to exit an expensive and unsuccessful bet on digital media,” The Wall Street Journal reported yesterday. The sale process involves private-equity firm Apollo Global Management and “could lead to a deal worth $4 billion to $5 billion,” the Journal wrote, citing “people familiar with the matter.”
We asked Verizon if it has a response to the WSJ report today, and a spokesperson told us the company has “nothing to add.”Read 10 remaining paragraphs | Comments


Original URL: https://arstechnica.com/?p=1761189

Original article

Pentagon explains odd transfer of 175 million IP addresses to obscure company

Enlarge (credit: Getty Images | Andriy Onufriyenko)
The US Department of Defense puzzled Internet experts by apparently transferring control of tens of millions of dormant IP addresses to an obscure Florida company just before President Donald Trump left the White House, but the Pentagon has finally offered a partial explanation for why it happened. The Defense Department says it still owns the addresses but that it is using a third-party company in a “pilot” project to conduct security research.
“Minutes before Trump left office, millions of the Pentagon’s dormant IP addresses sprang to life” was the title of a Washington Post article on Saturday. Literally three minutes before Joe Biden became president, a company called Global Resource Systems LLC “discreetly announced to the world’s computer networks a startling development: It now was managing a huge unused swath of the Internet that, for several decades, had been owned by the US military,”


Original URL: https://arstechnica.com/?p=1760167

Original article

How to achieve smart home nirvana (or, home automation without subscription)

What comes to mind when you think of a smart home? Wi-Fi enabled light bulbs, video doorbells, cloud-connected robot vacuums, or smart fridges perhaps? Brands like Google/Nest or everything enabled with Amazon’s Alexa? While often providing some genuine convenience, these devices are also usually designed to invite and lock users into manufacturers’ ecosystems. Create a cool piece of hardware, you’ll make one sale. Create a cool piece of hardware that extracts recurring monthly service fees for cloud storage or to unlock extra functionality, and you’ll have sales for life.
Compounding our collective frustration, these ecosystems are often incompatible with each other and require multiple different apps for control. Not only are subscriptions and upselling part of the game, the underlying business models for these products are built around planned obsolescence and mining user data.
Luckily, aspirational smart home folks in 2021 have at least one viable alternative: Home Assistant. This piece of


Original URL: https://arstechnica.com/?p=1751319

Original article

Hackers backdoor PHP source code after breaching internal git server

Enlarge (credit: BeeBright / Getty Images / iStockphoto)
A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open source project said.
Two updates pushed to the PHP Git server over the weekend added a line that, if run by a PHP-powered website, would have allowed visitors with no authorization to execute code of their choice. The malicious commits here and here gave the code the code-injection capability to visitors who had the word “zerodium” in an HTTP header.
PHP.net hacked, code backdoored
The commits were made to the php-src repo under the account names of two well-known PHP developers, Rasmus Lerdorf and Nikita Popov. “We don’t yet know how exactly this happened, but everything points toward a compromise of the git.php.net server (rather than a compromise of an individual git account),”


Original URL: https://arstechnica.com/?p=1752909

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: