Hulu live TV brings CW broadcasts to select cities
You’ve been able to watch CW shows like Jane The Virgin, Crazy Ex-Girlfriend, Supergirl, Arrow and The Flash on-demand via Hulu for a while now. Last year, the streaming company promised to bring the CW network to its live TV service, but it’s taken until now to make that a reality. The company announced that it’s rolling live CW service out to eight cities, with more coming “soon.”
Hulu subscribers in Philadelphia, San Francisco, Atlanta, Tampa, Detroit, Seattle, Sacramento and Pittsburgh can now tune in to CW television as it airs on broadcast TV. You can enter your zip code here to find out if you can watch Riverdale and Supernatural live in your area.
Spike Lee’s ‘Pass Over’ brings the drama of live theater to Amazon Prime
Despite Spike Lee going over to Netflix to reimagine his classic film She’s Gotta Have It as a series, the cinema auteur has deep ties with Amazon. He created its first original film, the musical Chi-Raq, and has another project debuting on the streaming provider later next month: Pass Over, a film-play hybrid.
My new film @PassOverMovie is coming to @PrimeVideo on April 20. Check out the official trailer.pic.twitter.com/PMyjhyHL6n
— Spike Lee (@SpikeLee) March 29, 2018
Lee filmed a 2017 performance of the play Pass Over during the its run at Chicago’s Steppenwolf Theater. The production takes Waiting For Godot’s two-person existentialist setup and stages it in a city, besetting the pair of black leads with a predatory cop and clueless white bystander. It’s a recording of a play before an audience, but this isn’t local Shakespeare on public access: Lee brings all his deft cinematic flair to frame powerful performances by actors Jon Michael Hill and Julian Parker. The filmed play comes to Amazon Video on April 20th.
Via: Birth Movies Death
Source: YouTube
FCC approves SpaceX plan for satellite-provided internet
The SpaceX plan for a global wireless internet network provided by 4,425 satellites has been approved by the FCC. The $10 billion Starlink proposal calls for the satellites to launch in two phases between 2019 and 2024, then fly between 714 and 823 miles above the Earth providing a 1 Gbps connection. Commissioners voted 5-0 to approve, with the plan following similar requests by OneWeb, Space Norway, and Telesat.
In a statement, SpaceX president Gwynne Shotwell said: “Although we still have much to do with this complex undertaking, this is an important step toward SpaceX building a next-generation satellite network that can link the globe with reliable and affordable broadband service, especially reaching those who are not yet connected.”
There are still some issues to figure out, like the exact process for dealing with space debris, interference with radio telescopes and managing the distance between all of these proposed networks. You can read through the entire opinion here (PDF), or just wait for more launches of internet satellites starting next year.
Source: FCC
MyFitnessPal Data Breach Impacts 150 Million User Accounts
MyFitnessPal parent company Under Armour today announced that MyFitnessPal has been the victim of a hacking incident, which has seen personal details of approximately 150 million user accounts accessed in a data breach.
MyFitnessPal is a popular health and fitness iOS app and website that’s used by many iPhone and iPad owners, and it is consistently among the top Health and Fitness apps in the App Store.
The breach, which happened in late February, included usernames, emails, and encrypted passwords. Social security numbers, driver license numbers, and credit/debit card information were not accessed.
Under Armor has already been sending emails and in-app messages to its customers who were affected by the breach. The company says it is working with “leading data security firms” to assist in its investigation.
MyFitnessPal users will be required to change their passwords.
Discuss this article in our forums
Apple Releases macOS High Sierra 10.13.4 With eGPU Support, Business Chat in Messages, and More
Apple today released macOS High Sierra 10.13.4, the fourth major update to the macOS High Sierra operating system available on Apple’s Macs. macOS High Sierra 10.13.4 comes more than two months after the release of macOS High Sierra 10.13.3, which brought fixes for the Spectre vulnerability.
macOS High Sierra 10.13.4 can be downloaded directly from the Mac App Store or through the Software Update function in the Mac App Store on all compatible Macs that are already running macOS High Sierra.
macOS High Sierra 10.13.4 introduces bug fixes and performance improvements for issues that have been discovered since the release of macOS High Sierra 10.13.3. The update brings support for Business Chat, which will allow you to interface with businesses like Wells Fargo and Lowe’s right in the Messages app, and it includes official support for external graphics processors (eGPUs).
There are also several other small bug fixes and tweaks, as listed in the release notes:
The macOS High Sierra 10.13.4 update improves the stability, performance, and security of your Mac, and it is recommended for all users. This update:
– Adds support for Business Chat conversations in Messages in the US
– Adds support for external graphics processors (eGPUs)
– Fixes graphics corruption issues affecting certain apps on iMac Pro
– Allows jumping to the right-most open tab using Command+9 in Safari
– Enables sorting Safari bookmarks by name or URL by right clicking and choosing “Sort by…”
– Fixes an issue that may prevent web link previews from appearing in Messages
– Helps protect privacy by only AutoFilling usernames and passwords after selecting them in a web form field in Safari
– Displays warnings in the Safari Smart Search Field when interacting with password or credit card forms on non-encrypted web pages
– Displays privacy icons and links to explain how your data will be used and protected when Apple features ask to use your personal informationFor more detailed information about this update, please visit: https://support.apple.com/en-us/HT208533
For more detailed information about the security content of this update, please visit: https://support.apple.com/en-us/HT201222
The update also introduces the smoke cloud wallpaper that was previously only available on the iMac Pro and it introduces a warning when opening up a 32-bit app as part of an effort to phase them out.
In the future, Apple plans to phase out 32-bit Mac apps, just like it did with 32-bit iOS apps. Apple says macOS High Sierra is the last version of macOS that will support 32-bit apps “without compromises.”
Related Roundup: macOS High Sierra
Discuss this article in our forums
5 Minute Yoga will limber you up, for a price (review)
There are plenty of Android fitness apps available to you nowadays. Amongst the plethora of fitness apps out there in the Play Store market is 5 Minute Yoga, from developer Olson Applications, Ltd. Olson also offers other “5-minute”-style apps, including meditation and relaxation versions. While 5 Minute Yoga is marketed as a free app, it’s more what I’d call a “limited-free” app….I’ll explain shortly.
Setup
Setup is pretty minimal; simply download from the Play Store and open it up. Upon opening, you have a pretty simple main page. You can choose to dive in right away, or you can go to the Settings menu.
Within Settings, you can:
- Go directly to your favorite workout.*
- Select your background music.*
- Set reminders for your workouts, choosing the interval (in days) and time of day for your reminder.
Set a reminder to practice..
Pick your day….
App Experience
Once you dive into 5 Minute Yoga, the simplicity of the interface continues, in a good way. Starting on your Day 1 workout and going forward, you are provided five yoga poses to perform in sequence. Obviously, these start out with pretty simplistic moves, to get you used to it.
Moves such as “Big Toe” and “Bound Angle” get you going, giving you a 40-second countdown timer for you to hold the pose. For the less-flexible of us (including me), the app provides an illustrated example the of the pose you’re trying for.
When your timer reaches zero, the screen switches to the next pose, waiting for you to push “play” for the next round. You get five total poses, and the total time spent in your workout is a little less than 5 minutes. Then the next day, you’re on to the next set of five poses.
If you noticed some asterisks above, it has to do with the *free part of the app. While the app is indeed free to download and try your first day’s set of poses, after that it is a different story.
5 Minute Yoga allows the second day of poses, but only if you first tell it where you discovered the app via multiple choice, and post a starred review.
Beyond the second day, you can only enjoy 5 Minutes Yoga by being a paying customer. You are given a couple of choices to pay, either by a single lump sum of $8.49, or via a subscription; at $1.99 per month or $5.99 per year. Now granted, there are a year’s worth (365 days) of workouts available; you won’t get bored with the variety anytime soon.
So if you’re not totally convinced about the value in the app, for a minimal cost you can explore further.
Wrap-Up
If you’re looking for an easy intro to some daily yoga practice, with no-to-minimal investment in both time and money, then 5 Minute Yoga could be the ideal app for you to try. It’s simple, attractive, and offers a lot of variety for you and your family.
Download 5 Minute Yoga from the Play Store here.
Wirecutter’s best deals: Save $70 on an Amazon Echo Show
This post was done in partnership with Wirecutter. When readers choose to buy Wirecutter’s independently chosen editorial picks, it may earn affiliate commissions that support its work. Read their continuously updated list of deals here.
Echo Show
Street price: $230; Deal price: $160
We’ve seen the Echo Show as low as $150 on one rare occasion, but this drop to $160 is still a very nice discount from the typical $230 street price. We saw a similar deal last week and it’s good to see it back, confirming a trend that has seen the Show drop below $200 with greater frequency this year. Both the black and white colors are on sale.
The Echo Show is our video chat Echo pick in our Alexa speaker guide. Grant Clauser wrote, “The Echo Show may appeal to people who like the idea of video chatting with friends or relatives, but who don’t like using a phone’s small screen for it. The Show’s built-in 7-inch display makes it look like an old Mitsubishi rear-projection TV for a dollhouse. In addition to the display screen, there’s a small camera you can use for taking selfies, but the camera’s primary purpose is for free video chats. The display also works with a few Wi-Fi security cameras and Amazon’s new Cloud Cam.”
AmazonBasics Single Monitor Display Mounting Arm
Street price: $100; Deal price: $81
The AmazonBasics Single Monitor Display Mounting Arm, our top monitor arm pick, is down to $81. This beats a previous deal we saw last week and is nearly $20 less than the typical street price. Deals on this product are usually short-lived, and while we’ve seen them more consistently lately, this monitor arm is worth grabbing at this price before it goes back up.
The AmazonBasics Single Monitor Display Mounting Arm is our top pick in our guide to the best monitor arms. Anna Perling wrote, “The AmazonBasics Single Monitor Display Mounting Arm is the monitor arm we recommend for most people because it’s the most adjustable, the easiest to set up, and the sturdiest arm for the price.”
Perling continues, “The AmazonBasics is one of the most agile monitor arms we found, with more vertical range than most of the models we considered. With 13 inches of height adjustment, the AmazonBasics will help most people find the proper ergonomic position for their monitor. (If you’re over 6 feet tall and you need a few extra inches, we have a pick for you, too.) It can extend outward up to 25 inches to move your monitor from side to side, and it can tilt your monitor at an angle up to 70 degrees back and 5 degrees forward. The arm can pan 360 degrees and can rotate a full 360 degrees for vertical alignment, too.”
Nespresso Essenza Mini
Street price: $120; Deal price: $81
This is one of the lowest prices we’ve seen for the Nespresso Essenza Mini, available in black for $76 + $5 shipping. Prime members get that $5 shipping fee waived, increasing the savings even further. The Essenza Mini, available for this price in black only, is our fully automatic espresso machine pick. It includes a 90 day Woot warranty.
The Nespresso Essenza Mini is our fully automatic pick in our guide to the best espresso machine, grinder, and accessories for beginners. Cale Guthrie Weissman wrote, “If you want a decent espresso drink at home, but don’t have the time or patience to practice and learn the ins and outs of making espresso, try Nespresso. Machines start at just over $100 and you can pay more for features like faster preheating, and built-in milk frothing—but they all share the same brewing mechanism and produce the same decent-tasting coffee. The coffee pods themselves cost about 70¢ a shot (it works out to about $50/pound), which isn’t bad for a consistently decent espresso (with crema!) that tastes as good (or better than) Starbucks, yet requires almost no effort on your part. Just fill the water reservoir and pop in a pod. And unlike some other single-serving coffee systems, Nespresso has a prepaid pod-recycling program in place already. To be clear, Nespresso makes decent coffee every time, but even a beginner working with a cheap espresso machine can achieve better results with just a bit of practice. Nespresso is just a whole lot easier.”
Apple Watch Series 1 38mm
Street price: $250; Deal price: $150
If you’re seeking an Apple Watch and don’t need integrated cellular connectivity, the Series 1, still our top pick in our guide to the best smartwatch for iPhone users, is discounted again, and at $150 this is the lowest price we’ve seen for it. While only the 38mm Space Gray model is available at this price, it’s a tremendous value at this new low.
The Apple Watch Series 1 is our top pick in our Apple Watch guide. Nick Guy and Dan Frakes wrote, “Though not as fast as the Series 3, the Series 1 is still snappy (and much faster than the original Apple Watch), and has all of the same features that make the Apple Watch appealing to those who want to look at their phones less and view (and respond to) notifications more quickly. The Series 1 does a good job tracking most kinds of workouts, and looks a whole lot better than most fitness trackers—and with two size options, the Apple Watch is one of the few smartwatches that looks good on even the smallest wrists. (We talk below about which size to get.) Apple Watch apps are more capable than those of its competitors, and hundreds of swappable bands, from Apple and others, let you customize the appearance of an Apple Watch more easily than any other smartwatch.”
Because great deals don’t just happen on Thursday, sign up for our daily deals email and we’ll send you the best deals we find every weekday. Also, deals change all the time, and some of these may have expired. To see an updated list of current deals, please go here.
Under Armour data breach affects 150 million MyFitnessPal users
Under Armour has just disclosed that 150 million MyFitnessPal accounts were affected by a security breach. The company became aware of it on March 25th, and deduced that unauthorized parties had access to the accounts since late February 2018 — but only users’ usernames, email addresses, and hashed passwords were exposed.
Government-issued identification like driver’s licenses or social security numbers weren’t included since the company doesn’t collect that information. Under Armour also stated that payment data (including credit cards) weren’t exposed because that is collected and processed separately.
Today, four days after discovering the breach, the company told MyFitnessPal users through email and app notifications, recommending ways to safeguard their account and information as well as requiring them to change passwords. Under Armour announced it had acquired MyFitnessPal in early 2015 for $475 million. We’ve reached out to Under Armour for comment and to determine whether the breach extends to data for the company’s other apps like MapMyRun.
Source: Under Armour
From pranks to nuclear sabotage, this is the history of malware
Since the dawn of modern computing, software has been as capable as the programmers who created it. Their intentions became its capabilities, and that’s brought us a world of wondrous and powerful applications across a wide variety of platforms and mediums. Along the way, it’s also lead to the creation of incredibly malicious, and in some cases downright dangerous, software. We are, of course, talking about malware.
We’ve all come across malware at some point. You might’ve been spammed during the heyday of adware and popups, faced off against a nasty trojan that tried to steal your identity, or even dealt with a system-paralyzing piece of blackmailing ransomware. Today, millions upon millions of unique programs are designed to target your system, your files, and your wallet. While they all have different footprints and trajectories, they all have their roots in humble beginnings.
To understand malware, you must return to the digital primordial soup that would one day evolve into the millions of nefarious programs we face off against today. This is the history of malware, and of the techniques used over decades to combat it.
An innocent birth
The modern world faces criminal and nation state hacking that could threaten everyone’s way of life. Yet the early days of malware were free of malice. Back then, the intention was to see what was truly possible with computing, not to harm, steal, or manipulate.
The idea for a virus, or a self-replicating string of code, was first coined by computing visionary John Von Neumman. In 1949, he postulated the potential for a “self-reproducing automata” that would be able to pass along its programming to a new version of itself.
‘I’m the Creeper:
Catch me if you can.’
The first known recorded instance of a computer virus was the Creeper Worm, developed by Robert H. Thomas in 1971. The first iteration of Creeper couldn’t clone itself, but it was able to move from one system to another. It would then display the message, ‘I’m the Creeper: Catch me if you can.’
While it seems likely the first self-replicating code and its creator are lost, the first recorded instance of such software is the Creeper Worm, developed by Robert H. Thomas in 1971 at BBN Technologies. Creeper ran on the TENEX operating system and was impressively sophisticated for its time. Unlike many of its successors, which would require physical mediums to spread their payloads, Creeper was able to move between DEC’s PDP-10 mainframe computers over the earliest iteration of the ARPANET, a progenitor network of the internet the world would come to adopt in later years. The first iteration of Creeper couldn’t clone itself, but it was able to move from one system to another. It would then display the message, “I’m the Creeper: Catch me if you can.”
A new version of Creeper was later created by Thomas’ colleague at BBN Technologies, Ray Thomlinson – better known as the inventor of email. It did duplicate itself, leading to an early understanding of the problem such viruses, or worms, could cause. How do you control them once you send them off? In the end, Thomlinson created another program called Reaper, which moved around the network and deleted any copies of Creeper it found. Thomlinson didn’t know it, but he had created the very first piece of anti-virus software, starting an arms race between hackers and security professionals that continues to this day.
Creeper, although mocking in its message, was not designed to cause problems for the system. Indeed, as Thomlinson himself explained to computing historian, Georgei Dalakob, “The creeper application was not exploiting a deficiency of the operating system. The research effort was intended to develop mechanisms for bringing applications to other machines with intention of moving the application to the most efficient computer for its task.”
Peaks and Troughs
In the years that followed the proliferation and subsequent deletion of the Creeper virus from those ancient mainframe systems, a few other pieces of malware appeared and iterated upon the idea. The self-replicating Rabbit virus was created by an unknown – but supposedly, very much fired – programmer in 1974, and was followed shortly afterwards by the Animal virus, which took the form of a quiz game.
Malware creation then went through one of its periodic developmental droughts. But that all changed in 1982, when Elk Cloner made its appearance, and a new wave of viruses began to rise.
“With the invention of the PC, people started writing boot sector viruses that were spread on floppies,” Zone Lab’s Skyler King told Digital Trends. “People who were pirating games or sharing them on floppies [were being infected].”
Elk Cloner was the first to use that attack vector, though it was completely benign, and not thought to have spread far. Its mantle was picked up four years later by the Brain virus. That piece of software was technically an anti-piracy measure created by two Pakistani brothers, though it had the effect of making some infected disks unusable due to timeout errors.
“Those were kind of the first viruses as we would consider them,” King said. “And they were propagating so that if you put in a floppy, they could copy to it, and spread that way.” The change in attack vector was noteworthy, because targeting a system from a different angle would become the hallmark of new malware in the years that followed.
“Things kind of shifted over to the Unix side with the mainstream use of the internet and universities, like the Morris worm in November 1988,” King continued. “That was interesting, because the Morris worm was [written by] the son of the head of the NSA […] He found a flaw in two protocols that were used in Unix. The flaw in SMTP, the mail protocol that allowed you to send email, [was used to] propagate it, and within a day it took down the internet as it existed in 1988.”
The Morris worm was said to be originally designed to map the internet, but it bombarded computers with traffic, and multiple infections could slow them to a crawl. It is ultimately credited with bringing down around 6,000 systems. Robert Morris, the worm’s creator, became the first person ever tried under the Computer Fraud and Abuse Act of 1986. He was sentenced to three years of probation and fined $10,050. Today, Morris is an active researcher of computer network architectures and tenured professor at MIT.
The Morris Worm became the proof of concept for a variety of other pieces of malware from that same period, all of which targeted boot sectors. It started the next wave in virus development. Many variants of that idea were collected under the “Stoned,” label, with notable entries like Whale, Tequila, and the infamous Michelangelo, which annually created panic in organizations with infected systems.
The last days of summer
For the first decades of their existence, even the prolific and damaging viruses were of relatively benign design. “They were just people having fun trying to get street cred in the underground scene to show what they could do,” King told Digital Trends.
Defensive methods were still far behind the virus writers, however. Even simple malware like the ILoveYou Worm — which made its appearance in the year 2000 — could cause unprecedented damage to systems worldwide.
Malwarebytes‘ VP of technology, Pedro Bustamante, remembers it well. “It was a visual basic script that was a mass mailer that would auto-attach a script, and the [anti-virus firms] weren’t ready to do a lot of script based detection back then,” he said.
Filipino programmer Onel de Guzman is most often credited with the worm’s creation, though he has always denied developing its attack vector, and suggests that he may have released the worm by accident. Some rumors suggest the real culprit behind its creation was a friend of his, Michael Buen, who tricked Guzman into releasing it because of a love rivalry. The ILoveYou Worm caused over $15 billion in damage globally.
“We were on lockdown at Panda labs for like three days for that one. People didn’t sleep.”
“We were on lockdown at Panda labs for like three days for that one,” Bustamante continued. “People didn’t sleep. That was the epicenter of that script kiddie movement where anyone could create a script and make a mass mailer and it would have a huge propagation. Massive number of infections. That was typically only possible with an advanced network worm back in the day.”
Zone Labs’ King faced similarly sleepless nights with some other malware spreading across the growing internet during that time, citing the likes of Code Red and SQL Slammer as particularly problematic.
While worms and viruses had security experts pulling their hair out, and company executives scared of the millions or billions of dollars of damage they were doing, nobody knew that the malware wars were only just getting started. They were about to take a dark and dangerous turn.
No longer a game
As internet use grew, advertising networks started to earn money online, and dot-coms raked in investor cash. The internet transformed from a small community known by few into a widespread, mainstream avenue of communication, and a legitimate way to make millions of dollars. The motive for malware followed, shifting from curiosity to greed.
Kaspersky Cyberthreat real-time map shows cyberattacks taking place right now throughout the world.
“When more people started using the internet and people were looking at ads online and companies were out there making money on ad clicks, that’s when you started seeing the rise of adware and spyware,” King continued. “You started to see viruses that ran on individual computers that sent out spam to try and buy into products, or adware that used clickfraud that showed ads for things so that it would simulate you clicking on the link, so they’d make money.”
Organized crime soon realized that clever programmers could make established underground enterprises a lot of money. With that, the malware scene turned several shades darker. Prepackaged malware kits created by criminal organizations began to appear online. Famous ones like MPack were ultimately used to infect everything from individual home systems, to banking mainframes. Their level of sophistication, and link to real-world criminals, up the stakes for security researchers.
“That’s when we started seeing some of the gangs that were behind some of these more modern attacks and malware. It was scary.”
“We discovered MPack at Panda Security, and we did an investigation and a big paper that was all over the news,” Malwarebytes’ Bustamante explained. “That’s when we started seeing some of the gangs that were behind some of these more modern attacks and malware. It was scary. Most researchers at Panda said that they didn’t want their name anywhere near the report.”
But the report was released, and it highlighted how deeply malware and organized criminal gangs had become.
“It was a lot of Russian gangs. We had pictures of their gatherings. It was like a company,” Bustamante said. “They had people doing marketing, executives, company get togethers, competitions for programmers who wrote the best malware, tracking affiliates, they had everything. It was amazing. They were making more money than we were.”
That money was shared with talented programmers, ensuring the organizations attracted the best talent they could. “We started seeing pictures of mafia looking guys from Eastern Europe giving away fancy cars to the programmers, and suitcases full of money,” he said.
Vulnerabilities exploited
The pursuit of profit lead to more sophisticated malware and new attack vectors. The Zeus malware, which appeared in 2006, used basic social engineering to trick people into clicking email links, ultimately letting the creator steal victims’ login information, financial details, PIN codes, and more. It even facilitated so-called “man in the browser,” attacks, where malware can request security information at the point of login, harvesting even more information from victims.
News clips showing various malware through the years.
Those creating malware also learned they didn’t have to use the software themselves, and could simply sell it to others. The MPack kit Bustamante came across at Panda Security in the mid ’00s was a perfect example. It was updated month to month since its early creation, and regularly resold. Even the alleged author of Zeus, Russian-born Evgeniy Mikhailovich Bogachev, began to sell his malware, before handing off control of the Zeus malware platform to another programmer. He’s still at large today. The FBI has a bounty on information leading to Bogachev’s arrest, offering as much as $3 million to anyone who can help catch him.
By 2007, more malware was being created every year than had existed in the entire history of malware, and each new mass attack fueled the fire.
Selling pre-packaged malware the way that Bogachev did marked another shift in malware creation. Now that malware could be used to make money, and virus writers could make money selling it as a tool, it became more professional. Malware was crafted into a product, commonly termed an exploit kit.
“It was really sold as a business,” Zone Labs’ King told Digital Trends. “They [offered] support, software updates to the latest exploits, it was pretty amazing.”
By 2007, more malware was being created every year than had existed in the entire history of malware, and mass attacks on the ever-growing number of computers drove business. This spurred the rise of large-scale botnets which were offered for rent to those wishing to conduct denial of service attacks. But end-users could only be tricked into clicking links for so long. As they became more educated, the exploit kits and their authors needed to evolve again.
“[Malware writers] had to come up with a way to install the threat automatically,” MalwareBytes CEO Marcin Kleczynski told Digital Trends. “That’s where the exploit techniques, social engineering, and macros in Powerpoint and Excel started getting way more [sophisticated].”
MalwareBytes CEO Marcin Kleczynski. MalwareBytes
Fortunately for the malware authors, websites and offline software began to adopt Web 2.0 principles. User interaction and complex content creation were becoming far more prevalent. To adapt malware writers started targeting Internet Explorer, Office applications, and Adobe Reader, among many others.
“The more complex software gets, the more it can do, the more engineers working on it […] the more mistake prone that software is and the more vulnerabilities you’ll find over time,” Kleczynski said. “As software gets more complex and Web 2.0 happened, and Windows kept evolving, it got more complex and more vulnerable to the outside world.”
By 2010, it seemed that not-for-profit malware had all but died out, with for-profit being the near-exclusive motivation for crafting it. That, it turned out, was wrong. The world abruptly learned that organized crime was nothing compared to the most dangerous malware, crafted in secret by nations.
Digital warfare
The first example of a nation flexing its military might online was the Aurora attack on Google. The search giant, long standing as one of the world’s most prominent digital entities, found itself under sustained attack at the close of 2009 by hackers with ties to the Chinese Liberation Army. When the rest of the world learned about it in January 2010, it marked a turning point in what experts realized malware, and its authors, were capable of.
How Stuxnet Worked K-Lopa/IEEE Spectrum
The attack targeted dozens of high-level tech firms like Adobe, Rackspace, and Symantec, and were thought to be an attempt to modify the source code of various software suites. Later reports suggested it was a Chinese counterintelligence operation to discover U.S. wiretap targets. As ambitious and impressive as that attack was, however, it was surpassed just months later.
“The cat really came out of the bag with Stuxnet,” Bustamante told Digital Trends. “Before that […] you could see it in certain attacks and in the things like Pakistan, India internet being cut down undersea, [but] Stuxnet is where the shit hit the fan, and everyone started freaking out.”
“Chaining together several zero-day vulnerabilities [in Stuxnet], really advanced targeting of specific nuclear facilities. It’s amazing. It’s the type of stuff that you would only see in a novel.”
Stuxnet was built to sabotage Iran’s nuclear program, and it worked. Even now, eight years after its appearance, security professionals speak of Stuxnet with a tone of awe. “Chaining together several zero-day vulnerabilities, really advanced targeting of specific nuclear facilities. It’s amazing,” Bustamante said. “It’s the type of stuff that you would only see in a novel.”
Kleczynski was just as impressed. “[…] if you look at exploits being used for an offensive cyber-security capability, it was a pretty damn good one. The [way it went after the] Siemens programmable logic computers? It was beautifully architected to destroy the centrifuges.”
Although no one claimed responsibility for Stuxnet in the years that followed, most security researchers think it the work of a combined U.S.-Israeli taskforce. That only seemed more likely when other revelations, like NSA hard drive firmware hacking, showed the true potential of nation state hackers.
The Stuxnet style of attack would soon become commonplace. Exploit kits continued to be a major attack vector in the years that followed, but as Bustamante told us in our interview, zero-day vulnerabilities chained together are now something that Malwarebytes and its contemporaries see every day.
That’s not all they see. There’s a new phenomenon with origins that can be traced almost back to the start of our story. It has caused no end of trouble as of late, and may well do so into the future.
Your money or your files
The very first ransomware attack technically happened as far back as 1989, with the AIDS Trojan. Sent out to AIDS researchers on an infected floppy disc, the malware would wait for the system to be booted 90 times before encrypting files and demanding a payment of $189 in cash, sent to a PO Box address in Panama.
Although that piece of malware was called a trojan at the time, the idea of forcibly obfuscating files, denying a user access to their own system, and demanding some form of payment to return it to normal, became the key components of ransomware. It began to resurface again in the mid-00s, but it was the growth of anonymous cryptocurrency Bitcoin that made ransomware common.
“If you infect someone with ransomware and ask them to deposit into a bank account, that account is going to get closed down pretty quick,” Zone Labs’ King explained. “But if you ask someone to deposit some bitcoin in a wallet, the consumers pay. There’s really no way to stop it.”
Ransomware developers make it easy for victims to purchase cryptocurrency and send it to them.
Considering how difficult it is to regulate bitcoin in everyday functions with legitimate uses, it makes sense that stopping it from being leveraged by criminals is even more so. Especially since people pay the ransoms. Just as with the exploit kits and the corporate structure that backs them, ransomware developers make it as easy as possible for victims to purchase cryptocurrency and send it to them.
But in the latter half of the teen years of the 21st century, we’ve started to see further evolution of these tactics, as once again those writing the malicious software have followed the money.
“What’s surprised me with ransomware is how quickly it went from you and I, to our companies,” Kleczynski said. “A year or two ago it was us who were getting infected, not Malwarebytes, not SAP, Oracle and so on. They’ve clearly seen the money and companies are willing to pay it.”
What’s next?
For most of the experts we spoke to, ransomware continues to be the big threat they’re concerned with. Zone Labs’ King was keen to talk about his company’s new anti-ransomware protections and how businesses needed to be aware of how dangerous the tactic was.
Kleczynski sees it as a hugely profitable model for malware writers, especially when you bring in the rise of infected Internet of Things devices, which have made up some of the largest botnets the world has ever seen.
Timelapse of a DDoS attack that took place in 2015 on Christmas Day.
Using British Airways’ website as an example, he asked the rhetorical question of how much it would be worth it for that company to maintain its online ticketing system if threatened. Would such a company be willing to pay an extorter $50,000 if its website were to go down for even a few hours? Would it pay $10,000 at the mere threat of such an action?
With the potential to lose millions in sales, or even billions in market value should stock prices react to such an attack, it’s not hard to imagine a world where that’s a regular occurrence. To Kleczynski, this is just the old world finally catching up with the new. It’s the organized crime tactics of yesteryear being applied to a modern world.
“Today, it’s ‘would you like to purchase some ransomware insurance? It’d be a shame if your website went down for 24 hours.’”
“This used to just be racketeering. ‘Would you like to purchase some fire insurance? It would be a shame if something happened to your building,’” he said. “Today, it’s ‘would you like to purchase some ransomware insurance? It’d be a shame if your website went down for 24 hours.’”
That criminal involvement still scares MalwareBytes’ Bustamante, who tells us that the company regularly sees threats to its developers hidden in malware code.
As concerned as he and the company are about their own personal safety though, he sees the next wave as something more than just ransomware. He sees it as an assault on our ability to perceive the world around us.
“If you ask me what the next wave is, it’s fake news,” he said. “Malvertising has moved on […] it’s now clickbait and fake news. Disseminating this kind of news is the name of the game and it’s going to be the big next wave.” Considering how involved nation states appear to have been in that practice themselves in recent years, it’s hard to imagine he’s wrong.
As threatening as malware attacks from organized crime, government-sponsored vigilantes, and militarized hackers are, the most reassurance you can take in such a time of uncertainty is that the weakest link in the security chain is almost always the end user. That’s you..
It’s scary, but empowering, too. It means that although the people writing the malware, the attack vectors and the very reason for creating viruses and trojans in the first place may have changed, the best ways of staying safe online are the old ways. Keep strong passwords. Patch your software. And be careful what links you click.
As Malwarebytes Klecyzinski told us after our interview, “If you’re not paranoid, you’re not going to survive.”
Editors’ Recommendations
- The best keyboards for Android will have you texting faster than a 13-year-old
- Corning’s glass is half full and rising
- Step into the past with the best history podcasts of the present
- The best free antivirus for Mac
- ‘Civilization VI’ for iPad brings the full sweep of history to your fingertips
Intel Hades Canyon NUC8i7HVK
Research Center:
Intel Hades Canyon NUC8i7HVK
What if your gaming desktop didn’t have to be big and loud? What if it were smaller than a tissue box, and no louder than a laptop? And what if that exact same desktop could handle just about anything else you throw at it, from everyday web browsing to video editing?
Those are the questions posed by Intel’s latest Next Unit of Computing (NUC), better known by its ‘Hades Canyon’ codename. The way it answers is a big deal. NUC isn’t a mainstream brand for Intel, but the hardware inside Hades Canyon is important. The processor is Intel’s Core i7-8809G, which pairs an Intel Core processor with AMD’s Radeon RX Vega graphics.
It’s an unholy, and consequential, alliance. Hades Canyon promises performance equal to a mid-range gaming desktop in a thin box that measures just eight inches wide and less than two inches thick. Is this the dawn of a new era for power-efficient PC gaming, or does the NUC choke on its aspirations?
What the NUC?
The first Next Unit of Computing, or NUC, was built by Intel six years ago to re-imagine what a basic desktop might look like. Small and boxy, the line has continually pioneered cutting-edge performance in pint-sized machines. If you haven’t heard of it, however, don’t be surprised. The goal of NUC is not to compete with PC builders like Dell and HP. Instead it’s meant to inspire new, thinner, smaller designs, as well as entice business customers who may see value in rolling out hundreds of small, identical computers.
Oh, and it can handle up to six displays at once. That’s nuts.
The Hades Canyon NUC, like its predecessors, isn’t meant for the average joe. It doesn’t ship with RAM or a hard drive installed. A Windows license is MIA. You must buy and install all that yourself.
The absence of key hardware doesn’t mean a bargain price, either. There’s two versions of the Hades Canyon NUC. Our review unit, which is VR-Ready and includes an unlocked GPU, is $1,000. A less powerful version, which has Intel’s locked Core i7-8705G and a less powerful version of AMD’s Radeon RX Vega, is available for $800. The RAM, storage and operating system you must buy will add $300 to $500 to the price of either, depending on what you choose.
Little box, with lots of ports
Though small by most standards, Hades Canyon is the biggest NUC so far. Measuring almost nine inches wide, about five inches deep, and 1.75 inches tall, it’s quite a bit larger than even Skull Canyon, Intel’s first attempt at a gaming NUC. Compared to a full desktop, however, Hades Canyon is diminutive. The Alienware’s Alpha R2 is almost as small at 8 inches on a side and two inches thick, but it’s about 60 percent larger by volume. That’s a difference you’ll notice if you see them side-by-side.
The bulk Hades Canyon adds over Skull Canyon goes to the cooling solution, which is much larger than before and now uses a vapor chamber design comparable to that found in Razer’s Blade Pro laptop and the Xbox One X.
Despite its size, the Hades Canyon NUC wants to prove itself equal to a big tower desktop, and not just in performance. It also brings an impressive array of connectivity. That includes front and rear HDMI 2.0a ports, two Mini-DisplayPort, two Thunderbolt 3, two gigabit Ethernet, front-mounted USB-C 3.1 Gen2, and five total USB 3.0 Type-A. There’s an SDXC slot, stereo jacks, TOSLINK, and even a far-field microphone. But wait, it gets even better! There’s also a VESA mounting plate, so you can attach the device to the back of a VESA-compatible monitor or television.
Oh, and it can handle up to six displays at once. That’s nuts. Most tower PCs can’t do that.
The internals are equally impressive. The lid, once removed, provides easy access to two DDR4-2400+ slots that can handle up to 32GB of memory. There’s also two M.2 hard drive connectors with support for NVMe, SATA3, and Intel’s Optane memory. 802.11ac Wi-Fi and Bluetooth 4.2 are present, as well.
All that’s unimportant, though, compared to Hades Canyon’s key feature. A glowing skull on the lid. It lights up whenever it’s powered on — the skull outlined in blue, while angry eyes shine red. It’s a simple, effective touch that makes the NUC more than another black box. Don’t worry – you can turn the skull off if it annoys you.
A laptop CPU does its best desktop impression
The Intel Core i7-8809G is a new chip, but the processor itself isn’t the real story. It’s a typical example of high-end mobile hardware from Intel with four cores, eight threads, and a maximum boost clock speed of 4.2GHz. The i7-8809G does benefit from a thermal design power well beyond what most laptops allow, which means it doesn’t have to throttle its performance as often as a laptop chip. That pays dividends in benchmarks.
Hades Canyon hit a single-core score of 4,588 in Geekbench 4, and a multi-core score of 16,176. Those numbers beat laptops with 8th-generation Core processors, as well as the Core i3-8100 quad-core in Dell’s XPS 8930 desktop. You’ll see better performance from a god-tier desktop like Origin’s Millennium, which scored 25,857 in the multi-core test, but Hades Canyon does not disappoint. Its performance is on-par with what we expect from desktop computers sold for around $1,000 (though remember the hard drive and RAM you must purchase will up the NUC’s cost).
Our video encoding test, which uses Handbrake to transcode a 4K trailer from h.264 to h.265, was also favorable for the NUC. It needed two minutes and 47 minutes to complete the task. Even top-tier laptops, like the Dell XPS 13 and Lenovo ThinkPad X1 Yoga, need four to five minutes.
Intel shipped our review unit with an 120GB Optane drive alongside a 512GB solid state drive. That’s a lot of fast storage but, as mentioned, the NUC doesn’t ship with it included. You must buy storage separately. We imagine most owners will purchase more affordable storage, like WD’s Blue 500GB M.2 drive.
Raising the on-board graphics bar
While the NUC’s processor performance is excellent, the real story is what it’s paired with; AMD Radeon RX Vega graphics. The specific configuration included with the Core i7-8809G is called Radeon RX Vega M GH. It has 24 compute units, a base clock speed of 1,063MHz, and a maximum “dynamic” frequency of 1,190MHz, all pairs with four gigabytes of HBM2 memory. The GPU alone rivals the performance of a PlayStation 4 Pro.
The Vega GPU fully supports DirectX 12, Vulkan, and OpenGL 4.5, as well as 4K output at 60Hz. You can, in fact, power up to six displays off Hades Canyon – incredibly impressive for such a small rig.
All this is controlled by a reskin of AMD’s Radeon driver software. The color scheme has changed from red to blue and AMD logos have been substituted for Intel, but it’s the same look with most of the same features, including Wattman for overclocking, Chill for quieter use in less demanding scenarios, and FreeSync.
The use of AMD drivers is reassuring because driver support has been a major problem for Intel graphics in the past. We’re skeptical about future updates, however, because Intel hasn’t committed to a schedule. It’ll be a disappointment if the drivers are updated once every few months or even less.
What the future holds we can’t say, but we can tell you how Hades Canyon performs right now – and it’s impressive.
Hades Canyon enters the 3DMark test strong, scoring 8,469 in the Fire Strike test. That’s almost exactly what we saw from Dell’s Inspiron 15 7577 Gaming, which we tested with Nvidia’s GTX 1060 Max-Q graphics. It’s just slightly behind the HP Omen 15 which, again, had the GTX 1060 Max-Q.
The Dell XPS 8930, a tower desktop with a standard GTX 1060 card, scored notably better at 9,767, but Hades Canyon is still in the same ballpark. And the NUC easily beats the Acer Nitro 5 Spin, which scored 5,209 when equipped with a GTX 1050 Ti.
We saw similar results in games. Rocket League and Civilization VI were handled with ease; even the latter averaged 47 frames per second at 1440p and Ultra detail settings. Battlefield 1 averaged better than 60 FPS at 1080p resolution and Ultra detail. The game managed an average of 49 FPS at 1440p resolution and Ultra detail.
You can play jaw-dropping titles at maximum detail, if you settle for 1080p resolution
Deus Ex: Mankind Divided was, as usual, the real challenge. Still, the game averaged 33 frames per second at 1080p resolution and Ultra detail. It also averaged 31.7 FPS at 1440p and High detail. The game is entirely enjoyable – if you give up on the dream of 60 FPS gameplay or anything close to it.
Benchmarks aside, we wanted to see what it was like in the real world – so we used it for a long weekend of gaming. Hades Canyon proved a capable gaming companion. This isn’t just because its powerful, though the benchmarks do show it’s a quick machine. The NUC also benefits from today’s more forgiving mainstream games.
Want to play The Witcher 3 or Final Fantasy XV with everything turned up? This isn’t the machine for you. That’s not what we usually do, though – we more often find ourselves playing Overwatch, Fortnite, or Rocket League. Games like those run without trouble on Hades Canyon.
You can play jaw-dropping titles at high or even maximum detail, however, if you settle for 1080p resolution and 30 to 45 frames per second. For that reason – and because you can’t upgrade the GPU in the future — we think Hades Canyon is best when paired with a high-refresh 1080p monitor.
Virtual reality
Gaming is enough ambition for a PC as small as Hades Canyon, but Intel hasn’t stopped there. The company also says it can handle virtual reality. In fact, that seems half the reason for its incredible buffet of connectivity. VR headsets demand plenty of USB and video connections.
Enjoying VR on a system this small may seem crazy, but there’s logic to it. It’s quite difficult and annoying to hook up a headset to a large desktop. That goes double if the headset is ever moved between computers – as is common, because having a VR headset connected 24-7 can be annoying. Better still, a small PC opens the possibility of pairing it with a battery pack and enjoying tether-free VR.
The NUC’s power is cutting the minimum requirements for VR close, however. VRMark’s easiest test, Orange, reached a score of 2,583. The benchmark’s notes said that score was insufficient to promise a smooth VR experience, since framerates often dipped below 60 frames per second, nevermind the 90 FPS that’s preferable.
Our limited experience showed success will depend entirely on what you try to do. Star Trek: Bridge Crew was no problem on the Vive, but you’re not going to be able to use the Vive Pro smoothly. In the end, the VR verdict is a lot like the system’s gaming performance – it’s more than enough for many titles, but it’s not going to handle cutting-edge VR experiences with all the settings turned up.
Intel Hades Canyon NUC8i7HVK Compared To
Alienware Alpha R2
Origin Chronos (2016)
iBuyPower Revolt 2 Pro
Maingear X-Cube Z170
Origin Chronos (2015)
Digital Storm Eclipse
Falcon Northwest Tiki-Z
Syber Vapor I
iBuyPower SBX
Maingear Torq
Falcon Northwest Fragbox 2013
Alienware X51
Falcon Northwest FragBox
HP Firebird 802
Maingear Dash
Our Take
Intel’s Hades Canyon NUC is early, definitive proof that the company’s partnership with AMD will be fruitful. We’re amazed to see a system so small handle all the titles in our test suite at 1080p and maximum detail. Pricing, and the NUC’s niche audience, are its only obstacles. $1,000 is a lot to ask for a PC lacking a hard drive, RAM, or operating system, no matter how impressive its other hardware.
Is there a better alternative?
The Alienware Alpha R2 was the gold standard in this segment, but a lack of updated hardware means it still offers only a sixth-generation Intel Core processor and Nvidia GeForce GTX 960 graphics.
Other options include the MSI Trident 3 and Zotac’s Magnus line – but again, these systems are a generation or two behind the Hades Canyon NUC. The competitors are less expensive, but none offer as much performance per cubic inch.
How long will it last?
Intel ships Hades Canyon with a three-year warranty. That’s unusual for a desktop. We think it’ll struggle to remain relevant to gaming for longer than its warranty, as more demanding games will certainly push beyond the system’s limits.
Should you buy it?
Yes, if you’re a hardware geek.
Hades Canyon fills a wonderful niche. If you’re willing to slap in a hard drive and RAM yourself, this NUC will prove an outstanding compact gaming PC. If that’s not you, don’t worry. We’re sure the Core i7-8809G will appear in rigs built by major brands later this year.
AIVAnet 