Author Archives: Peter Bright

EA closes SimCity studio Maxis Emeryville

Electronic Arts is closing the Maxis office in Emeryville, California. While other Maxis studios around the world will remain open, the Emeryville location was the studio’s headquarters, and was home to the principals behind the poorly-received and poorly-conceived 2013 reboot of the legendary SimCity franchise.

News of the closure was initially made public by the now former staff on Twitter. Lead gameplay scripter and designer on SimCity, Guillaume Pierre, tweeted that everybody at the site had lost their jobs.

EA subsequently confirmed the closure in a statement saying that development effort is now being “consolidated” to the other Maxis offices in Redwood Shores, Salt Lake City, Helsinki, and Melbourne. It has subsequently been reported by Polygon that there have been some job losses at the Redwood Shores location.

Read 2 remaining paragraphs | Comments

When Google Squares Off With Microsoft on Bug Disclosure, Only Users Lose

The perennial problem of bug disclosure has provoked a new squabble between Microsoft and Google. On Sunday, Google disclosed the existence of a Windows elevation of privilege flaw that the company reported privately in October. That flaw hasn’t been patched yet. It will be very soon—the update is due to land on Patch Tuesday, tomorrow—but Google’s publication of the flaw means that, for a couple of days, Windows users are vulnerable to an unfixed flaw.

In response, Chris Betz, senior director of the Microsoft Security Response Center, published a lengthy complaint calling for “better coordinated vulnerability disclosure.”

Microsoft has been promoting “coordinated vulnerability disclosure” since 2010, but the security community has long been split on how best to disclose security flaws. On one extreme is the full disclosure crowd; security flaws are documented and described in full, in public, typically onto a mailing list. In the early days, that disclosure was typically the first time the software developer responsible even heard of the flaw, though some researchers promised to disclose to vendors first.

Read 12 remaining paragraphs | Comments

Alibaba to Join Microsoft’s Fight Against Pirate Software in China

Microsoft and Chinese online commerce giant Alibaba have signed a memorandum of understanding that will see the Chinese firm take measures to help protect Microsoft’s intellectual property in its online stores.

Microsoft has long struggled with software piracy in China, with then-CEO Steve Ballmer saying in 2011 that the company was missing something like 95 percent of potential revenue due to lax protection of intellectual property rights.

With the new agreement in place, Alibaba will remove counterfeit and unlicensed software from its eBay-like Taobao marketplace and its Tmall B2C site. The two companies will also work together to tell consumers that counterfeit software poses risks to their security and privacy, with Alibaba also helping the unwitting buyers of unlicensed software seek compensation from sellers. A Microsoft-sponsored study claimed that some 85 percent of PCs sold with pirated software in China were infected with malware.

Read 1 remaining paragraphs | Comments

Nokia Launches an Android Tablet, with Smartphones Likely to Follow

After selling its Devices and Services division to Microsoft earlier this year, Nokia has gotten back into the consumer electronics game with the launch today of the N1 Android tablet.

Ramzi Haidamus, president of Nokia Technologies (Nokia’s industrial research division) described the N1 as being as good as the iPad mini but cheaper. The design is clearly inspired by Apple’s device, as is the copycat 7.9-inch, 2048×1536 screen, but the internals are quite different: the N1 uses a quad core 64-bit Intel Atom Z3580 processor at 2.3GHz. This is paired with 2GB RAM and 32GB of internal storage. There are two cameras, an 8MP rear-racing one and a 5MP front-facing one. Connectivity comes from 2.4GHz and 5GHz 802.11a/b/g/n/ac Wi-Fi. It will also be ever so slightly lighter than the iPad mini, coming in at 318 grams to the iPad’s 331, though the N1’s battery is much smaller, at 18.5Wh compared to 23.8.

The N1 will also be one of the first devices to use the new reversible USB Type C connector.

Read 8 remaining paragraphs | Comments

RemoteIE gives free access to Internet Explorer VMs without the VM

For some time now, Microsoft has offered free Windows virtual machine images to make it easier for Web developers to test their work in a bunch of different Internet Explorer versions. A new beta scheme launched today takes that one step further: with RemoteIE, devs don’t even need to download and run the virtual machine. Microsoft will run the VMs instead, using its Azure RemoteApp service to provide remote access.

Access to the remote Internet Explorer is provided through the RemoteApp client. This is a close relative of the regular Windows Remote Desktop app, and like the Remote Desktop app, it’s available on a number of platforms; not just Windows and OS X, but also iOS, and Android.

With RemoteIE, developers have full access to Internet Explorer and all its features, albeit only with software-mode WebGL. F12 developer tools are available, though there’s no ability to install add-ons or extensions to the remote browser. Sessions are limited to 60 minutes presently and will disconnect after 10 minutes of inactivity.

Read 1 remaining paragraphs | Comments

Microsoft Band and Microsoft Health: The $199 All-Platform Fitness Band

Microsoft

After being leaked just a few hours ago, it’s now official: Microsoft’s first entry into the wearable space is Microsoft Band, a fitness band.

The gadget isn’t a smartwatch and isn’t intended to replace your watch. It’s a Bluetooth fitness band packed full of sensors: optical heart rate sensing, 3-axis accelerometers with a gyroscope to track movement, GPS to track your runs even if you leave your phone at home, skin temperature, galvanic skin response presumably to measure sweating, ambient light and UV light, and a microphone so it can be used with Cortana on Windows Phone.

Microsoft

The 1.4-inch touch screen with its 320×106 resolution can deliver alerts, and there’s a vibration motor too. Twin 100mAh batteries give it 48 hours of what Microsoft calls “normal use” though GPS can shorten this. The charge time is 1.5 hours, using a magnetically attached USB charger. There are three different sizes, so it should fit on most wrists.

Read 7 remaining paragraphs | Comments

Microsoft Wraps up Its Layoffs with Another 3,000 Cuts

With another 3,000 positions cut today, Microsoft’s protracted series of layoffs is now at an end, according to GeekWire. A few more jobs may still be cut in early 2015, but the largescale redundancies are over.

Starting in July, the company eliminated close to 18,000 positions in total. After an initial wave of almost 13,000 layoffs, a further 2,100 people were cut in September and 3,000 more were cut today.

About 12,500 of the job losses are in the recently acquired Nokia Devices and Services business. Of the remaining cuts, some 2,700 were in and around the company’s main campus in Redmond.

Read on Ars Technica | Comments

Microsoft Mashes All Its IT Conferences into One Event—Ignite

Microsoft is replacing a whole set of its IT-oriented conferences—TechEd, Management Summit, Exchange Conference, SharePoint Conference, Project Conference, and Lync Conference—with one new event: Ignite.

The first Ignite conference will be a five-day event in Chicago, running May 4-8, 2015. Microsoft CEO Satya Nadella will give the keynote speech with Brad Anderson (CVP Enterprise Client & Mobility), Joe Belfiore (CVP Operating Systems Group), Dave Campbell (CTO), Peggy Johnson (EVP Business Development), Chris Jones (VP), Julie Larson Green (Chief Experience Officer of “My Life and Work”), Gurdeep Singh Pall (VP Skype), and others.

With the announcement of Ignite, Microsoft has announced its full set of major 2015 conferences. The year will kick off with business event Convergence in Atlanta, March 16-19. Next is Build, once again in San Francisco, April 29-May 1. After Ignite, the final event will be Worldwide Partner Summit in Orlando, July 12-16.

Read on Ars Technica | Comments

The Secure Smartphone that Won’t Get You Beaten with Rubber Hoses

Interest in secure communications is at an all time high, with many concerned about spying by both governments and corporations. This concern has stimulated developments such as the Blackphone, a custom-designed handset running a forked version of Android that’s built with security in mind.

But the Blackphone has a problem. The mere fact of holding one in your hand advertises to the world that you’re using a Blackphone. That might not be a big problem for people who can safely be assumed to have access to sensitive information—politicians, security contractors, say—but if you’re a journalist investigating your own corrupt government or a dissident fearful of arrest, the Blackphone is a really bad idea. Using such a phone is advertising that you have sensitive material that you’re trying to keep secret and is an invitation to break out the rubber hoses.

That’s what led a team of security researchers to develop DarkMatter, unveiled today at the Hack In The Box security conference in Kuala Lumpur. DarkMatter is a secure Android fork, but unlike Blackphone and its custom hardware, DarkMatter is a secure Android that runs on regular Android phones (including the Galaxy S4 and Nexus 5) and which, at first glance, looks just like it’s stock Android. The special sauce of DarkMatter is secure encrypted storage that selected apps can transparently access. If the firmware believes it’s under attack, the secure storage will be silently dismounted, and the phone will appear, to all intents and purposes, to be a regular non-secure device.

Read 9 remaining paragraphs | Comments

SSL broken, again, in POODLE attack

From the researchers that brought you BEAST and CRIME comes another attack against Secure Sockets Layer (SSL), one of the protocols that’s used to secure Internet traffic from eavesdroppers both government and criminal.

Calling the new attack POODLE—that’s “Padding Oracle On Downgraded Legacy Encryption”—the attack allows a man-in-the-middle, such as a malicious Wi-Fi hotspot or a compromised ISP, to extract data from secure HTTP connections. This in turn could let that attacker do things such as access online banking or e-mail systems. The flaw was documented by Bodo Möller, Thai Duong, and Krzysztof Kotowicz, all of whom work at Google. Thai Duong, working with Juliano Rizzo, described the similar BEAST attack in 2011 and the CRIME attack in 2012.

The attack depends on the fact that most Web servers and Web browsers allow the use of the ancient SSL version 3 protocol to secure their communications. Although SSL has been superseded by Transport Layer Security, it’s still widely supported on both servers and clients alike and is still required for compatibility with Internet Explorer 6. SSLv3, unlike TLS 1.0 or newer, omits validation of certain pieces of data that accompany each message. Attackers can use this weakness to decipher an individual byte and time of the encrypted data, and in so doing, extract the plain text of the message byte by byte.

Read 8 remaining paragraphs | Comments

7 million Dropbox Username/Password Pairs Apparently Leaked [Updated]

Popular online locker service Dropbox appears to have been hacked. A series of posts have been made to Pastebin allegedly containing login credentials for hundreds of Dropbox accounts. The poster claims that 6,937,081 account credentials in total have been compromised.

reddit users who tested some of the leaked credentials have confirmed that at least some of them work. Dropbox seems to have bulk reset all the accounts listed in the Pastebin postings, though thus far passwords for other accounts do not appear to have been reset.

The hackers claim that they will release more username/password pairs if they receive donations to their Bitcoin address.

Read 2 remaining paragraphs | Comments