NASA finds likely crash site for ESA’s ExoMars probe

Just as we expected, NASA’s Mars Reconnaissance Orbiter (MRO) has detected the potential crash site for the European Space Agency’s missing ExoMars Schiaperelli probe. The MRO located a bright spot and dark patch on the Martian surface near the probe’s planned landing area, which NASA believes to be the remnants of the probe’s parachute and lander module, respectively. While we’ve only got a fairly low-resolution image so far, we should know more next week when the MRO passes over the area again with a higher resolution camera.

The ESA’s ExoMars mission, which aims to search for trace signs of life on the red planet, reached Mars’ orbit on Wednesday following a seven-month journey. After separating itself from its partner ship, the Trace Gas Orbiter, Schiaperelli began transmitting data about the planet’s electric fields as it made its way through the atmosphere. The ESA initially couldn’t confirm if the probe had landed successfully, and later said that it lost contact right before its expected landing.

Jan Woerner, the ESA’s director general, still considers the mission an overall success, despite losing contact with the probe. “This means we will obtain information from a close analysis of the data that Schiaparelli was built for, notably on the performance of elements such as the heat shield, parachute, radar, thrusters and so on,” he wrote on his blog. “This information can subsequently be used to improve the design of the 2020 Exomars mission, since in that mission the survival of the descent module will be of real scientific relevance.”

Via: BBC

Source: NASA

Evidence ties Russia to Podesta and Powell email hacks

Back in March, Hillary Clinton’s campaign chairman John Podesta received a frantic-sounding email about his account security and clicked a shortened link that appeared to be from Google. Instead, it redirected to a spoof page that gave hackers access to his password. Half a year later, WikiLeaks started publicly releasing thousands of his emails on October 9th, a month after the seemingly unrelated leak of Gen. Colin Powell’s personal messages. Security firms, journalists and a hive of independent researchers have spent the interim analyzing the digital break-ins and have arrived at the probable culprit behind these and several other hacks: Russia. But definitively attributing it to the country’s intelligence services is difficult, if not impossible.

When WikiLeaks began publishing thousands of emails from DNC accounts back in July, it only took a few days for the FBI to start investigating Russia’s involvement in the hack. On October 7th, the US government made the rare decision to publicly blame Russia for directing “the recent compromises of e-mails from US persons and institutions.” The DHS declined to state how they came to that conclusion, notes Motherboard, though they probably have data we can’t see.

That left the media and researchers to connect many dots, but a pair of extensive pieces published yesterday by Motherboard and Esquire all but conclude that Russia is most likely behind the seemingly disparate hacks. The full story is a complex chain explaining the handful of mistakes made by two different groups, nicknamed Fancy Bear and Cozy Bear. It heavily suggests that their separate efforts breaking into the email accounts of Podesta, Powell, and members of the DNC and Hillary Clinton’s campaign staff were directed by the Russian government.

The first piece of evidence is the shortened URL that Podesta erroneously clicked on that redirected him to a phony Google page where he likely submitted his password, a tactic known as spear-phishing. This truncated link, it turns out, was one of 12,000 created and used by Fancy Bear to target 5,000 individual Google email addresses from March 2015 to May 2016. But those attacks were too broad and voluminous to be done manually. Fancy Bear made a program that automatically generated the attacking links and fed them through the popular URL-shortening service Bit.Ly.

The firm SecureWorks, which has been tracking the hacker group for the last year, found that each of the slim URLs in question were created by a number of Bit.Ly accounts belonging to the hacker group — but Fancy Bear forgot to make two of them private. That let SecureWorks see many links they’d created, and when the firm figured out how to decode the automatically-created URL, they found that each contained the target’s email address. By decoding each Bit.Ly link created by the accounts, they found a list of targets, giving the firm a macro view of the group’s extensive and varied spear-phishing campaigns, which included addresses in Ukraine, the Baltics, the United States, China, and Iran, according to Esquire.

SecureWorks built a target portfolio to see who Fancy Bear was working for. Lo and behold, the addresses attacked included a host of military, political, and government leaders in Ukraine, Georgia and other former Soviet states. They also sent spear-phishing emails to NATO military attaches, diplomatic and military personnel from the US and Europe, and critics of the Russian government from around the world. The pieces started to fit together as the firm identified more similarities between the previous hacks and those targeting Podesta, other members of Clinton’s campaign staff and the DNC. Namely, the malware and server infrastructure supporting it are unique, acting like calling cards for Fancy Bear, according to SecureWorks’ Senior Security Researcher Tom Finney.

“The link to Fancy Bear is very firm, germane to the structures they used before. We track these groups by the toolsets they use, the malware they use, because they tend to have bespoke sets of malware that’s only used by one group. That tends to be quite discrete, so you can say that if this malware is being used, it’s being used by this group,” said Finney.

From March to May, SecureWorks saw that Fancy Bear was sending more spear-phishing emails to people in the US. Because Bit.Ly tracks when their URLs are clicked, the firm was able to see that of the 108 email addresses targeted at the Clinton campaign from March to May, 20 of the erroneous links had been opened; And of the 16 targeted at the DNC, 4 people had clicked, as Buzzfeed reported last week.

SecureWorks released this information in a June 16th report, stating with “moderate confidence” that Fancy Bear’s attacks were likely directed by Russia. Most of the group’s targets in the previous year were individuals that were enemies of, or people of interest to, the Russian government.

“The 5,000 emails was quite a big data set,” said Finney. “Added together, we can’t really think of who else would be satisfied by the kind of information targeted by this group. So that’s why we think it’s Russia.”

But they weren’t the only ones paying attention. Fellow firm CrowdStrike released its own report on July 15th after the DNC called on them to investigate a breach in their security. Within a week, WikiLeaks publicly released 19,000 DNC emails that they had acquired.

A hacker entity identifying itself as Guccifer 2.0 claimed credit as a lone hacker. But CrowdStrike identified both the Fancy Bear and Cozy Bear hacker groups’ presences on the DNC’s network, recognizing their tradecraft and tactics used to evade detection. While Cozy Bear was content to target whole departments and quietly collect data for years once inside, it was Fancy Bear’s more aggressive research and intrusion activity that tipped off security experts. Thanks to metadata in the released documents and Russian-language settings, security experts dismissed Guccifer 2.0’s claim to be a Romanian national, rather theorizing it to have been a hollow account created by Fancy Bear or those acting with it as a distraction.

Fancy Bear’s failure to keep its Bit.Ly accounts private gave SecureWorks insight into the group’s targets — which is how researchers identified the link Colin Powell clicked on that lead to his email getting hacked. This helped them confirm other compromises, like that of Clinton campaign staffer William Rinehart, as The Smoking Gun reported in August. Other groups have been targeted by similarly-constructed links, like Bellingcat, the journalist organization investigating the destruction over Ukraine of flight MH17, points out Motherboard.

A third group known as the Shadow Brokers, as detailed by Thomas Rid in Esquire, took documents hacking tools from the NSA itself via its elite cyber infiltration unit, Tailored Access Operations. The group either compromised a computer that TAO used to stage its own attacks or acquired the assets the old-fashioned way using a mole. The Shadow Brokers published these tools on Github and elsewhere, and security researchers confirmed their authenticity.

Meanwhile, Cozy Bear had been using some two hundred Microsoft OneNote cloud storage accounts to “exfiltrate” data back to Moscow, according to Rid. Microsoft provided information to US digital spies to help them confidently identify the DNC hackers as Russian.

These data points, combined with the nigh-unprecedented move by the DHS of openly blaming Russia for these and other hacks, strongly suggests that their government orchestrated a multi-armed campaign to gather documents germane to the US presidential election. But when making those stolen emails publicly available on WikiLeaks impacts public opinion, as Rid describes in Esquire, the campaign looks less like espionage and more like an attempt to influence the outcome of the election.

In the digital intrusion trade, hackers are known to plant diversions to misdirect security. These “false flags” might even be patterned after tactics known to be used by other countries’ teams. A presentation by Kaspersky Lab at this year’s Virus Bulletin security conference pointed out how effective this misdirection can be. According to a summary of the talk by Summit Route’s Scott Piper:

“In one case, of an assumed Russian [advanced persistent threat] actor, it identified researcher systems running the first stage malware, so it sent down Chinese APT to the researchers as the second stage to throw them off, while sending down their real second stage to the actual victims.

In a similar case, when Turla (also Russian APT) worried they’d been detected, as they were pulling out their malware, they sent down a rare Chinese malware named Quarian for the IR team to investigate. This both gave them time to cover their own tracks, while at the same time burning China’s toolset.”

Ergo, there’s a chance that security experts and journalists could wrongly attribute cyber attacks, even with good evidence. Remember the Sony megahack, where the US government first didn’t blame North Korea, then they did, and the security community couldn’t decisively agree?

Hence SecureWorks’ “moderate confidence” that Russia is behind these hacks, a level which generally means that “the information is credibly sourced and plausible but not of sufficient quality or corroborated sufficiently to warrant a higher level of confidence.” In that middleground, they can’t definitively say that it was Russia, but they can illustrate how ludicrously difficult it would be to frame them by creating a Fancy Bear operation and targeting so many individuals over a year and a half, said SecureWorks’ Finney.

“I base my assessment on the evidence. I go back to the overwhelming evidence, I think, of the targeting of this particular group. So we have 5,000 email accounts that were targeted. That’s very difficult to make a false flag operation, to target 5,000 email accounts to make it look like the Russians,” said Finney.

SecureWorks doesn’t have the means or resources of an intelligence agency to definitively prove that Russia was behind the hacks in a criminal case, said Finney. For their business, they examine circumstantial evidence to arrive at conclusions. That’s the benefit for security firms of doing so much research in order to attribute blame: Now that they know with confidence the attackers’ motivations and tactics, SecureWorks can make recommendations to shore up their clients’ security. Against a spear-phishing campaign like this where attackers dupe targets into giving up email passwords, said Finney, clients can increase their protection by taking steps as simple as turning on two-step authentication.

Via: The Daily Dot

Source: Motherboard, Esquire

New York passes law making it illegal to list short-term rentals on Airbnb

New York governor Andrew Cuomo just signed a bill into law that will make it much harder for Airbnb to operate in the state. New York already prohibits rentals of less than 30 days in a multi-unit building if the tenant is not present — a situation that many Airbnb listings advertise. This new law makes even listing an advertisement for such a situation illegal itself, a tool that some think the state will use to go after Airbnb directly.

Those who violate this new law, which the state assembly and senate voted on in June, will be subject to some heavy fines: $1,000 for your first violation, $5,000 for the second, and $7,500 for the third. According to Business Insider, Airbnb will immediately file a lawsuit against New York City and the state attorney general; the suit will claim the new law violates the First Amendment and the Communications Decency Act.

“In typical fashion, Albany back-room dealing rewarded a special interest — the price-gouging hotel industry — and ignored the voices of tens of thousands of New Yorkers,”Josh Meltzer, head of New York Public Policy for Airbnb, said in a statement published by Business Insider. “A majority of New Yorkers have embraced home sharing, and we will continue to fight for a smart policy solution that works for the the people, not the powerful. We are filing a lawsuit in New York this afternoon.”

As for New York, it says that the activities being advertised are already illegal and thus it sees no problem with the new law. “This is an issue that was given careful, deliberate consideration, but ultimately these activities are already expressly prohibited by law,” Cuomo spokesman Richard Azzopardi said, according to New York Daily News. “They also compromise efforts to maintain and promote affordable housing by allowing those units to be used as unregulated hotels, and deny communities significant revenue from uncollected taxes, the cost of which is ultimately borne by local taxpayers.”

This comes just a few days after Airbnb announced plans to crack down on hosts with multiple listings in New York and San Francisco. It was an effort to reduce illegal hotel situations and keep people from buying up and then renting multiple listings to turn a big profit. It also felt like an effort to help sway NY’s politicians onto their side, but that obviously hasn’t worked yet.

How this will end up remains to be seen, but it sounds like Airbnb’s going to have a tough time — the existing law that was already on the books seems like it’ll make fighting this new legislation much tougher. We’ve reached out to Airbnb and will update this post with any comment we receive.

Source: New York State Assembly, Business Insider, New York Daily News

Blame the Internet of Things for today’s web blackout

Today’s nation-wide internet outage was enabled thanks to a Mirai botnet that hacked into connected home devices, according to security intelligence company Flashpoint. The distributed denial of service attack targeted Dyn, a large domain name server, and took down Twitter, Spotify, Reddit, The New York Times, Pinterest, PayPal and other major websites.

“Flashpoint has observed Mirai attack commands issued against Dyn infrastructure,” Flashpoint writes. “Analysts are still investigating the potential impact of this activity and it is not yet clear if other botnets are involved.”

Mirai is not a new hacking tool. A massive Mirai attack took down the site of popular security researcher Brian Krebs in late September, peaking at a nearly unprecedented 620 Gbps. Mirai takes advantage of weak security protocols on IoT devices — in the Krebs case, 145,000 devices were infiltrated, including security cameras and DVRs in homes and offices around the world.

The author of the Mirai malware made its code open-source, and security experts have been warning of a possible large-scale attack since this information came to light.

For its part, Dyn is attempting to stem Friday’s attack on its servers. At 3:30PM ET, the company announced the attack had entered its third wave.

“We are actively in the third flank of this attack,” Chief Strategy Officer Kyle Owen said, according to TechCrunch. “It’s a very smart attack. As we mitigate, they react.”

To anyone who is still able to read this story: Congrats. Also, we’re doomed.

MacRumors Giveaway: Win a Customizable iPhone 7 or 7 Plus Case From Casetify

For this week’s giveaway, we’ve teamed up with Casetify to offer MacRumors readers a chance to win a customizable iPhone 7 or 7 Plus case from Casetify, a site that offers a range of customizable and community-designed cases.

Made from a soft polycarbonate, Casetify’s cases are available in clear or black to match all of the different iPhone finishes Apple offers. The cases are matte and feature a soft-touch frame for added grip, while also protecting the iPhone from drops, bumps, and scratches.

Casetify says its cases can survive drops of up to four feet onto concrete from all angles thanks to a 2-layer system with a hard exterior shell and an impact-absorbing interior layer. A lip around the case protects the display when it’s face down, and all ports remain accessible for use when the case is on. Volume and power buttons are also protected.

The best part about Casetify’s cases is the wide range of designs available. You can choose from an artist-created case, with hundreds of choices available ranging from florals to abstract designs to cartoon characters, or create your own.

With the clear cases, many designs leave the design of the iPhone visible while overlaying it with a see-through pattern, and on the black cases, designed for the new Jet Black iPhone, rich, colorful patterns are overlaid on a black background.

If you don’t find a pre-designed case you like, Casetify also offers the option of designing your own case with any image or photograph you’ve captured. You can choose a clear or black case and then use a variety of layouts and templates to create a design.

Casetify’s iPhone 7 and 7 Plus cases are normally priced at $40, but 20 MacRumors readers will get one for free. To enter to win, use the Rafflecopter widget below and enter an email address. Email addresses will be used solely for contact purposes to reach the winners and send the prizes. You can earn additional entries by subscribing to our weekly newsletter, subscribing to our YouTube channel, following us on Twitter, or visiting the MacRumors Facebook page.

Due to the complexities of international laws regarding giveaways, only U.S. residents who are 18 years of age or older are eligible to enter. To offer feedback or get more information on the giveaway restrictions, please refer to our Site Feedback section, as that is where discussion of the rules will be redirected.

a Rafflecopter giveawayThe contest will run from today (October 21) at 11:45 a.m. Pacific Time through 11:45 a.m. Pacific Time on October 28. The winners will be chosen randomly on October 28 and will be contacted by email. The winners will have 48 hours to respond and provide a shipping address before new winners are chosen.

Tags: giveaway, Casetify
Discuss this article in our forums

Chromecast Ultra vs. Roku Premiere: Battle of 4K Streamers

These two great choices for 4K streaming, the Chromecast Ultra and Roku Premiere, are affordable and easy ways to find the UHD content you want to watch. See which one is best for you.

Media streaming has come a long way. The latest hardware is fast, the feature lists are filled with just the right things, and the content available just keeps growing and growing. As more people cut the cord and say goodbye to cable, companies have more incentive to improve your streaming experience. This is great for both the true cord-cutter and the casual streamer.

There are two major players when it comes to streaming media devices, and both Google’s Chromecast and Roku’s streaming stick have seen recent updates that beef up the hardware and support 4K streaming in HDR. Both are powerful and affordable, but which one is best for you? Let’s take a look at the Chromecast Ultra vs. the Roku Premiere!

The Chromecast Ultra

The Chromecast Ultra is the high-end of Google’s Chromecast family and was designed to be able to stream UHD 4K video in HDR to any TV or monitor in your home.

Chromecast devices have a legacy of being affordable and simple, and the Ultra follows that trend. Once plugged into an available HDMI port on and set up through Google’s Cast app for Android or iOS (and attached to your network with an optional Ethernet port if desired) you’ll be able to “cast” video from an app on your smartphone or tablet through the device to your television. Once the initial connection is setup, your phone breaks the primary connection and the Chromecast takes over, streaming audio and video directly from the source. Your phone can still act as a remote to change volume or navigate through your stream.

The content library for Chromecasts is huge. Google uses the term “endless,” and while we won’t go that far there are hundreds and hundreds of apps with Google Cast support. From favorites like Netflix and Hulu to your own content through Google photos or local streaming, you’ll easily find something you and your family or friends want to watch.

What we like about the Chromecast Ultra

• It’s inexpensive ($69)
• It has Google Home integration
• It comes with an optional Ethernet port for faster, more stable connections
• Finding content via your phone is a better experience

See at Google

The Roku Premiere

Roku offers an extensive line of products that cover all price ranges. The Premiere series is an excellent option that can stream 4K UHD video and HDR video (Premiere+).

Roku is a name that’s well known amongst cord cutters. One of the first companies to offer an all-in-one streaming solution, you’ll find plenty of people who are happy customers. The internals are faster and more powerful that the entry-level offerings and are ready to stream demanding UHD video in HDR at 60fps with compatible video equipment and sources. Roku offers a standalone remote to control everything as well as a dedicated Android and iOS app. The Roku can also act as a Google Cast target to stream from compatible apps on your phone or tablet.

Like the Chromecast, Roku offers a vast content library with all the favorites as well as a few up and comers like Crackle. Using the Roku’s integrated search feature finding content to stream is simple.

What we like about the Roku Premiere

• It has a dedicated remote
• You can plug headphones into the remote
• It has Amazon Prime Video and Amazon Echo integration
• It has a microSD slot for channel storage

See at Amazon

Which one should you buy?

Both choices are great, especially if you’re an Android or iOS user. Our recommendation is to go with the Chromecast Ultra if you haven’t yet fully cut the cord.

The Chromecast Ultra is just dead simple. It features an intelligent one-tap setup, is fast, and streaming content is super easy. You can have a room full of friends connect and binge watch YouTube videos, or entertain the kids with some educational programming all at the tap of an icon. Frequent automatic updates from Google keep things running smoothly and the price means you can put one at every TV in your house. If you’re entrenched in the Google ecosystem, Google Home integration means you can command your Chromecast through Google Assistant using only your voice.

The Roku has some features designed for the “power user” like an SD card slot and a dedicated remote with a headphone jack. You can store your own “channels” on the card to create content streams tailored just for you — or your partner or your kids. The headphone jack on the stand-alone remote makes the Roku perfect for the bedroom or anytime you don’t want to disturb others. The big addition is Amazon Prime video support through a stand-alone app on the Roku and an open API for Alexa that lets the Roku be controlled through the Echo. You exchange some of the ease-of-use (though using a Roku is by no means hard) for some features you won’t find with the Chromecast.

No matter what choice you go with, You’ll find a rich content library and will have a great streaming experience.

Chromecast and Chromecast Audio

• New Chromecast and Chromecast Audio review
• All the latest Chomecast news
• Join the discussion in our forums

Chromecast:

Google
Walmart
Best Buy
Currys UK

Chromecast Audio:

Google
Walmart
Best Buy
Currys UK

Google’s control of Pixel updates isn’t great for everyone

The value of carrier updates is sometimes overlooked.

Stop me if you’ve heard this one before: Updates straight from Google = good. Updates that go through carriers, which have to pass certain quality control and network performance tests and are therefore mired in delays and bugs = bad.

That’s the story that we often tell people, directly or indirectly, and as a straight narrative it’s largely true. But like any narrative in this world, there is nuance. To explain, I’ll tell you a story.

Back in 2015, I bought an unlocked Galaxy S6 from eBay. It was a British model, with LTE bands that worked in Canada and software updates that came much more regularly — British carriers do a much better job at this than their North American counterparts, for some reason — than the same model in Canada. (It took Canada’s largest carrier, Rogers, until just last month to update the Galaxy S6 and S6 edge to Marshmallow.) But then Rogers launched VoLTE and Wi-Fi Calling for the majority of its new flagships, and I realized that I would never benefit from those features running a British Telecom variant of the GS6.

Fast forward to earlier this year, when I bought a Galaxy S7 edge and embraced Rogers’ slow update cadence, knowing full well that the end result would eventually be compatibility with those Enhanced Voice Services (EVS) like VoLTE. It took a few months, but the update came, and I now have those features.

Unless Google has your carrier’s specific needs in mind, its network-specific features will likely be overlooked.

This week, I unboxed my shiny, beautiful new Pixel and slapped that same SIM card in it only to discover it wasn’t compatible with VoLTE. This didn’t surprise me, but it was frustrating, since Google ostensibly worked with Verizon — its only U.S. carrier partner — to sell the phone down south. It baked those EV services into the software from the beginning. But despite selling the phone at Rogers, Bell, and Telus, Google has not expanded those network-specific features outside of Verizon and T-Mobile, and, according to representatives at the carriers, has no plans to do so.

What does this mean? It means that, sure, your Pixel may be updated directly from the source, but unless Google has your carrier’s specific needs in mind, its network-specific features will likely be overlooked.

I can’t say with certainty that Google will never add VoLTE and Wi-Fi Calling support for carriers that aren’t Verizon and T-Mo, but it does expose one fundamental flaw with these direct-to-consumer updates. Your carrier may delay the hell out of a Galaxy S7 update, but at least, when it does hit your phone, it arrives with you in mind.

Apple has figured this out: It allows providers to roll out independent “carrier settings” bundles upon the insertion of a new SIM card, or when new features are available. These are standalone pieces of software rather than the core OS itself, and therefore don’t need to be included alongside new versions of iOS. Google has the capability to do this, but in the past has bifurcated the delivery of Android entirely between itself and the carriers. If Google wants to make the Pixel a true carrier success, though, it may want to set some Apple-like terms, allowing a small amount of software customization without impeding core OS updates as a whole.

I have no doubt that with enough time, and enough complaining, Google will roll out EVS to carriers outside the U.S. But in the meantime, as a Canadian, it’s frustrating to use a phone — even if it’s the best phone — that lacks the features I’ve taken for granted for so long.

Google Pixel + Pixel XL

• Google Pixel and Pixel XL review
• Google Pixel XL review: A U.S. perspective
• Google Pixel FAQ: Should you upgrade?
• Pixel + Pixel XL specs
• Understanding Android 7.1 Nougat
• Join the discussion in the forums!

Google Store
Verizon