Blog

The Elizabeth Holmes Theranos trial will start next summer

[ad_1]

After the scandal, the book, the podcasts and the documentary, the Theranos debacle is finally going to court — in 2020. U.S. District Court Judge Edward Davila set the start date of co-founder Elizabeth Holmes’ criminal trial for August 4th of next year, with jury selection kicking off the week before. She’s been indicted — along with Theranos president Ramesh “Sunny” Balwani — on 11 counts of wire fraud and conspiracy to commit wire fraud.

After the SEC announced charges last year Theranos finally announced it would shut down, well after it was exposed in 2016 for promoting “fingerprick” blood test technology that didn’t work as promised and it largely wasn’t using. In pretrial motions, lawyers representing Holmes targeted communications between regulators and a Wall Street Journal reporter and Bad Blood author John Carreyrou. Bloomberg reports they claimed he “was exerting influence on the regulatory process in a way that appears to have warped the agencies’ focus on the company and possibly biased the agencies’ findings against it.”

[ad_2]

Source link

Tesla’s dashboard Sketchpad is getting an upgrade

[ad_1]

While it didn’t spell out exactly what’s on the way to Sketchpad, last month, one Tesla owner asked for a color picker, saturation controls and more extensive undo options. Tesla retweeted that request with a simple “wish granted” comment, so you might expect those features to arrive in Sketchpad soon. Other potential options include animation support, after one person asked for that and Elon Musk replied with a deadpan “ok.”

It seems other creative features are on the way, including a music tool and even karaoke, according to the company’s CEO. We’ll wait with bated breath until the first album recorded using Tesla’s dashboard drops. Whatever the case, it can’t possibly be much worse than Musk’s own supposed Soundcloud rap track.



[ad_2]

Source link

GrubHub is buying web domains for the restaurants it lists

[ad_1]

Moreover, GrubHub appears to run “shadow” pages on some of these domains without the permission of the restaurants themselves. While both the real and shadow pages ultimately result in orders, GrubHub’s unsurprisingly points foodies solely to its own services. That could deprive restaurants of revenue by steering would-be customers away from the actual sites, where the companies don’t have to share some of their money with GrubHub.

We’ve asked GrubHub for comment. However, some restaurant owners are already irked by the practices. This might prevent restaurateurs from using the most obvious web address, reducing the chances that customers will find their online presences. Shadow pages could even outrank the real pages in search results and make it harder to see menus and ordering options beyond what GrubHub offers. In other words, your favorite Thai place or pizza joint might have trouble retaining their independence.

[ad_2]

Source link

Scientists think some supermassive black holes didn’t start as stars

[ad_1]

In the most simple terms, the model suggests that supermassive black holes formed “very, very quickly over very, very short periods of time” and then stopped suddenly. “Supermassive black holes only had a short time period where they were able to grow fast and then at some point, because of all the radiation in the universe created by other black holes and stars, their production came to a halt,” Basu said. Until now, the current understanding was that stellar-mass black holes form when the center of a massive star collapses in on itself. In contrast, Basu and Das suggest that some black holes originate from direct-collapses, not stellar remnants.

According to the researchers, many supermassive black holes billions of times more massive than the Sun have been discovered in the last decade. Scientists believe they formed within 800 million years of the Big Bang, but that challenges our understanding of black hole formation and growth. This new direct-collapse scenario could provide an explanation for how these early supermassive black holes formed.

[ad_2]

Source link

How a trivial cell phone hack is ruining lives

[ad_1]

“This is still very raw (I haven’t even told my family yet),” Coonce wrote in an anguished Medium post. “I can’t stop thinking about the small, easy things I could have done to protect myself along the way.”

On a Monday night in June, Matthew Miller’s daughter woke him up to say that his Twitter account had been hacked. He had no cell phone service; within a few days Miller lost his Gmail and Twitter account and $25,000 from his family bank account.

In Miller’s case, the attacker deactivated all his Google services, deleted all his tweets, and blocked most of his 10K followers. Once he got his phone number back from the hacker, T-Mobile let the hacker steal it a second time. “I’ve been considering changing my bank account number, social security number, and other accounts that are critical to living and working in the US,” Miller wrote in a post. “I am also freaked out about using cloud services so my strategy at the moment is … writing my passwords down on paper and leaving everything else off the cloud.”

Both men were victims of SIM-swap attacks, where someone uses pieces of personal information to convince your cell service provider to transfer (port) your number and associated phone account to a device in the attacker’s possession. With control of your phone number and account, they proceed to break into all connected accounts, usually beginning with email. The attacker changes info in your accounts so you can’t get them back, sets up email forwarding in case you regain control of your email, and goes through all your cloud-stored documents looking for things of value.

It is a uniquely personal and invasive attack. Thanks to Coonce and Miller, we now know a lot more about how these attacks are done, and how terrible the destruction is. In Miller’s case, we learned how unhelpful T-Mobile, Google, and Twitter were — with both Twitter and Google, Miller was stuck in a hell of filling out online account recovery forms and sending them off into an abyss of automated response. And for those wondering, Miller used two-factor (text/SMS) as an extra layer of security for his accounts. But with his phone out of his hands, it didn’t matter.

1155556290

Miller eventually recovered his accounts, but only because he is special: In both articles about his experience, Miller mentions his “well-connected friends” at both companies who helped him out, as well as leveraging his platforms as a tech journalist.

That is both sobering and problematic, as few regular users have this kind of privilege and access. Like you probably are right now, I’m wondering what kind of hell everyone else would be in. Engadget reached out to both Twitter and Google for comment. We did not receive a response from Twitter by time of publication.

According to Google, victims of account hijacking should fill out this claim form. The company also posted information to mitigate SIM-swap attacks and hijacks in this brief October 2018 post about (the 2018) updates to Google’s Security Checkup process and sign-in security. Google also indicated that SIM swapping will not compromise a Google account that is protected by two-step verification.

Furthermore, the company said a non-SMS two-factor method (like a YubiKey) was an option only if the attacker knows the victim’s password. Google recommends Google Prompt or Google Authenticator, with physical keys as the strongest form of two-factor. Google also said that SIM-swap attacks are rare and confined to specific targets, and that most people don’t need two-factor stronger than SMS (text-based).

Needless to say, Google’s email was a confusing response to the details we learned in the SIM-swap attack and account hijacks experienced by Coonce and Miller. And I, for one, believe that saying most people are fine with SMS as their two-factor, that most people shouldn’t worry about SIM-swap attacks, is too conservative to feel like safe advice.

Especially when we consider the context of two important things. First, that we’re hearing about SIM swaps more than ever and only from high-profile techies — we won’t hear about what’s happening to regular people. And secondly, there was a big breach which likely made an attack typically considered a high-effort, targeted attack, into a much easier way to grab cash and steal accounts.

That T-Mobile data breach was actually a big deal

Coonce uses AT&T, while Miller uses T-Mobile and Google Fi. The SIM porting process for both networks has terrifyingly minimal security, both companies had customer pins exposed for an unknown amount of time in 2018, and T-Mobile suffered a fairly recent breach of all the info anyone needs to do a SIM-swap attack.

According to AT&T documentation, all that is required for transfer is the information one could find on a recent cell phone bill: Account number, name of the account holder, billing address, and “pin or password if applicable” — noting that the minimal billing info is all that’s required if someone “can’t remember” their pin or password. It is the same for a T-Mobile transfer, just info on a bill, though they don’t state if a password or pin is required at all.

In August 2018, T-Mobile was hacked and the billing information of 2.5 million customers was stolen. The company reassured press by stating no financial data was compromised — but I’ll bet that wasn’t the point. It was all that juicy billing information, with which attackers can get way, way more by SIM porting and stealing people’s phone numbers and accounts.

The day after T-Mobile’s breach news, a researcher discovered that all T-Mobile and AT&T customer account PINs had been sitting there for an unknown amount of time exposed by website flaws.

Obviously, the SIM porting processes at both companies should’ve been made way more secure a long time ago — about the time we started to live our entire lives through our phones. But it became even more urgent for T-Mobile to do so after their massive breach. Yet they didn’t, and here we are.

SOS — Save our SIMS

SIM card character holding crowbar

It would be really great if there was a security trick or technique I could offer or recommend for people to do to prevent their SIMs from being ported (swapped, stolen). Like “here’s this extra, annoying security step you can add to your SIM account.” The truth is, cell carrier companies haven’t done much, if anything, to increase SIM security.

In January 2018, before that breach, T-Mobile quietly published a post about unauthorized SIM porting in which it recommends that customers add a secondary password to their accounts, which the company calls “port validation.” However, nothing about port validation is mentioned on T-Mobile’s SIM transfer information page, where a link could seriously raise customer awareness about this very serious threat.

On AT&T’s “Prevent Porting to Protect Your Identity” page, little is offered outside “don’t share your phone number” and “keep your inbox clean.” AT&T’s only extra security step on offer is “Add all ‘extra security’ measures to your AT&T Wireless accounts.” Following that link, we learn that the “extra security measures” only make it so someone has to provide your pin when signing in online, getting secondary online access, or when in-person in a retail store.

Yeah, we’re scratching our heads, too. To be clear, AT&T’s extra security measures are not anything extra, they just extend pin requirements to do online and in-person account management. Like T-Mobile, no information about unauthorized SIM porting or taking extra security measures is on AT&T’s customer information page on SIM transfers.

It’s bad. And it probably won’t change until an executive at T-Mobile or AT&T experiences the stomach-plummeting terror of having their Gmail account taken (along with Google Photos, Google Drive, Calendar, Contacts) and any number of their other accounts raided — like with Miller and Coonce, their Coinbase accounts, and financial accounts drained.

Security mistakes were made

We can, however, learn from the security mistakes Coonce and Miller made before losing their SIMs and connected accounts. Both state in their write-ups that they are not security nerds, and admit they did some lazy things with general account security that they deeply regret. Coonce wrote, “Given my naive security practices, I probably deserved to get hacked  —  I get it. It doesn’t make it hurt any less (…)” In a heartfelt, raw plea concluding his writeup, Coonce tells readers, “I urge you to learn from these mistakes.”

So it’s pretty easy for attackers to steal our SIMs (port our phone numbers with the associated account onto a phone they control). Especially if you’re on AT&T or T-Mobile and haven’t changed your pin since all customer pins were found exposed in late 2018. That means the security mistakes Coonce and Miller are referring to aren’t about securing our SIMs, their mistakes were in how their other accounts were — or weren’t — secured.

If we can’t protect our SIMs, we need to secure what they would give a stranger access to.

One way both men could have prevented the attackers from getting around two-factor is if they had instead used a physical USB security key, such as a YubiKey or Google’s Titan, with accounts that are compatible with these keys. Yes, they can be a pain in the ass when you’re in a hurry, even if somewhat conveniently carried on your keychain with your house keys. Yet if someone can intercept your text messages without you even knowing it, it’s worth not losing your email account and having your bank balance drained so some jerkface thief can buy Bitcoin.

Coonce and Miller regretted having so much personal information about themselves floating around online, though it’s difficult to see how anyone can prevent breach data from being passed around. Coonce emphasized that people should use an offline password manager (such as LastPass or 1Password) to create and securely store complicated passwords. This should be done instead of letting operating systems, browsers, or your Google Account save your passwords.

Miller in particular wished he hadn’t used the convenient “sign in with your Facebook/Google/etc account” buttons on apps and websites. “In the past I would just click the Facebook, Google, or Twitter button to setup an account or login,” he wrote. “I’m done doing that and gave up convenience for better security.”

Images: Diy13 via Getty Images (Hacker with phone); Talaj via Getty Images (SIM with crowbar)

[ad_2]

Source link

NVIDIA ‘Super’ GPU leaks hint at not-so-super speed boosts

[ad_1]

The pricing would be the selling point. The RTX 2070 Super will reportedly start at $499 when it arrives on July 9th, or $100 less than the Founder’s Edition of the plain 2070 when it surfaced in 2018. The RTX 2060 Super would cost more than the plain 2060 at $399, but you might be willing to pay that $50 premium due to the memory — it’s expected to come with 8GB of video RAM instead of the 2060’s usual 6GB. That could make it the best value of the bunch if you’re more interested in avoiding memory bottlenecks than boosting frame rates.

Don’t worry, enthusiasts, there’s supposed to be a high-end chip as well. The RTX 2080 Super would boast more cores and higher memory bandwidth than the regular 2080, all the while costing a familiar $699. You may have to wait a little while longer, though, as the rumor has this Super variant shipping on July 23rd.

If the leak is accurate, you’ll hear about all the new GPUs on July 2nd, or just days before AMD’s new Radeons hit shelves. NVIDIA clearly wants to spoil its rival’s party, then. Not that there’s much room o complain. Competition is forcing NVIDIA to step up its game, and that’s good news if you’re determined to get the fastest possible graphics hardware for your PC.

[ad_2]

Source link

Samsung Galaxy Watch Active 2 leaks soon after the first model arrived

[ad_1]

That version will apparently have a larger battery (340 mAh) than the WiFi model (237 mAh). There appear to be some design changes too. As with the Galaxy Watch Active, the rotating bezel present on other Samsung smartwatches looks to be absent here. Some of the buttons have different shapes (the circular home/power button has a red ring around it), while the rear of the watch has a rim around the heart rate sensor. It remains to be seen what new functions the updated form has to offer.

It’s only been a few months since Galaxy Watch Active debuted, so it might be some time before the sequel hits shelves and the device might change between now and when Samsung formally reveals it. Still, this is an intriguing snapshot into what Samsung has up its sleeves for the next incarnation.

[ad_2]

Source link

EA Access game subscriptions come to PS4 July 24th

[ad_1]

Be careful — subscriptions are specific to a given platform, so you’ll have to pay for two memberships if you want EA Access on both a PS4 and an Xbox One.

The release date marks an end to a five year wait for EA Access on the console since Sony rejected it in 2014. While it’s not clear what led Sony to change its mind, the improved catalog and the rise of services might have prompted the rethink. It’s safe to say that having a choice of platforms won’t hurt.

[ad_2]

Source link

Chance the Rapper’s first two mixtapes hit Apple Music and Spotify

[ad_1]

Before Chance the Rapper released his 2016 streaming-only album Coloring Book, he shared his first two mixtapes, 10day and Acid Rap, for free on SoundCloud. They’ve lived there since 2012 and 2013, respectively, but as of today, they’re available on Apple Music, Spotify and other major streaming services, too. As Engadget’s Billy Steele wrote when Drake’s So Far Gone mixtape hit streaming services, these early works don’t always make it to streaming platforms, so it’s significant when they do.

[ad_2]

Source link

Valve Index review: Next-level VR

[ad_1]

The refined PC VR headset

As for the Index headset itself, it doesn’t look much different than the Rift or Vive. But there are some notable upgrades once you dig a bit deeper. There’s a huge emphasis on comfort here: The head strap is easy to put on, and you can secure it by turning a dial. There’s no awkward velcro to fight with, like you’d find on the Rift and Vive.

A generous amount of plush cushioning covered in breathable microfiber cloth surrounds the eyepiece and rear head strap. There’s also a dial to adjust the distance of the lenses to your eyes, which is particularly helpful if you’re wearing glasses. And instead of headphones, the Index has two near-field speakers, which produce high-quality sound without even touching your ears.

Valve Index

Valve claims it wanted to make a headset that you could wear for hours without feeling fatigued, and it seems like it succeeded. The Index feels well balanced on my head, with none of the front heaviness that annoyed me on the wireless Oculus Quest.

As you’d expect, there’s a ton of high-end tech inside the Index. It features two RGB LCDs each running at 1,440 by 1,600 pixels instead of the lower-resolution OLED panels on first-gen headsets. Valve says its LCDs feature 50 percent more subpixels, which means they’ll look even sharper than an OLED panel at the same resolution.

The new displays can also run at 120Hz or 144Hz, a huge leap beyond the 90Hz refresh rate we’ve seen on most headsets. A higher refresh rate means your VR experience will look smoother — assuming your computer can actually reach the higher frame rates required. The Oculus Rift S, the company’s most recent half-hearted stab at a PC headset, actually scaled down its refresh rate to 80Hz from the original Rift’s 90Hz. While Oculus is more focused on making its tech cheaper and easier to consume, Valve is taking the exact opposite approach.

[ad_2]

Source link