news

A Large Chunk of Ethereum Clients Remain Unpatched

Slashdot - Fri, 17/05/2019 - 17:01
The Ethereum ecosystem is no different than the Windows or IoT landscape, where security flaws remain unpatched for long periods of time, despite the availability of public patches. From a report: In a report shared with ZDNet today, security researchers from SRLabs revealed that a large chunk of the Ethereum client software that runs on Ethereum nodes has yet to receive a patch for a critical security flaw the company discovered earlier this year. "According to our collected data, only two thirds of nodes have been patched so far," said Karsten Nohl, one of the researchers. The vulnerability is a denial of service (DoS) vulnerability in the Parity client that can be used to run Ethereum nodes. Per SRLabs, the vulnerability allows an attacker to remotely crash Ethereum nodes (that run Parity) by sending malformed packets. The issue was fixed with the release of the Parity Ethereum client v2.2.10, in mid-February this year, a few days after it was reported. While most DoS flaws are considered "low impact" for most products, this is not the case in the cryptocurrency world.

Read more of this story at Slashdot.

Categories: Geeky Stuff

Riot Games refuses to budge on arbitration for ongoing employee lawsuits, despite mass walkout

Eurogamer - Fri, 17/05/2019 - 16:50

UPDATE 4.30PM In a fresh blog post on last week's walkout, Riot has detailed two new measures it has put in place since.

First, there will be a new Diversity and Inclusion Rioters Council led by "engaged, thoughtful Rioters" to encourage discussions and highlight ways the company can improve. Second, Riot has invited "a diverse group" of staff to review the company's Code of Conduct.

The blog describes the walkout as "an important moment in our company's transformation".

Read more

Categories: Video Games

Wikipedia Is 'Doing Very Well Financially', Says Co-Founder Jimmy Wales

Slashdot - Fri, 17/05/2019 - 16:10
Wikipedia co-founder Jimmy Wales said this week that the free online encyclopedia is in good financial shape, although increasing mobile phone use may cut into future donations. From a report: "We are doing very well financially," Wales told AFP ahead of Vivatech, a Paris tech fair for start-up companies. "We spend less than we bring in every year," he said. Wikipedia had "never been really good" at attracting major donors, with most of its money coming from people each giving around 15 euros ($16.80) in endowment money, he said. Wikipedia has published nearly 350 million articles, and has clocked up more than 190 billion views over the past 12 months. But Wales also said he feared a threat to Wikipedia's business model from increasing use of mobile devices coupled with personal assistant applications like Apple's Siri. "We see a rise of people using Wikipedia in ways that don't involve websites," he said. "We love that but you don't come to the website and see the (request for donations) banner. We haven't seen any impact yet but we worry, we think we should raise money."

Read more of this story at Slashdot.

Categories: Geeky Stuff

Get your haunt on with Betrayal at House on the Hill for £26

Eurogamer - Fri, 17/05/2019 - 16:00

There's treachery afoot in Betrayal at House on the Hill: the popular board game where you can murder your friends, summon unknowable horrors and everything in between. It's down to £25.89 at Amazon with free delivery currently, and the lowest price it's been this year thus far. Stick with us to learn all about it.

Steeped in all the horror tropes, Betrayal involves building a haunted mansion with randomly generated tiles and uncovering its mysteries cooperatively. So far, so standard. However, and here's where it gets interesting: when a certain chain of events are triggered, one lucky player is selected by the game to be the traitor, and must carry out a secret dastardly plan to snuff out their fellow investigators.

There are 50 different possible traitor scenarios contained within Betrayal's rules, each with its own unique story and planned actions. For example, you might be turned into a werewolf and tasked with turning your buddies into lupine monstrosities, or another where you must offer a team-mate in sacrifice to the Lord of Hell. It's no easy feat defeating the traitor: they tend to be granted unholy powers and hidden knowledge about the house.

Read more

Categories: Video Games

Do you like board games? Then come join us at Gamer Network

Eurogamer - Fri, 17/05/2019 - 16:00

Hi, hello and how do you do? Oh, and while you're here - would you like to come and join us in our not-so-terrible-at-all Brighton offices to work on an exciting venture we're launching in the not-too-distant future? You would? Well, come and have a look at this.

We're in the process of building a team for a now not-so-secret venture into the world of tabletop, where we're hoping to bring a little of our editorial expertise to one of the most vibrant, creative and exciting areas in gaming. There are a handful of positions, namely for an editor-in-chief, section editor, staff writer, video producer and presenter and, finally, account executive.

Have a passion and deep-seated knowledge for board games and want to share it with the world? Then drop us a line! You can find more details on our jobs page, and when you do eventually wow us all, land the role and take up position at your lovely new desk, don't forget to come over and say hullo!

Read more

Categories: Video Games

Microsoft's Pokémon Go take on Minecraft will allow collaborative building and adventures anywhere

Eurogamer - Fri, 17/05/2019 - 15:51

Microsoft has revealed its Pokémon Go-esque take on Minecraft. It's named Minecraft Earth and will launch in beta sometimes this summer for iPhone and Android.

The AR-based smartphone game will allow multiple people to build structures using Minecraft blocks and place them permanently in the world.

You can also venture out and track down adventures: quick scenarios where you interact with Minecraft creatures or enemies, solo or with friends.

Read more

Categories: Video Games

Team Sonic Racing review - a smart spin on the character kart formula

Eurogamer - Fri, 17/05/2019 - 15:00

Here's hyperbole for you. Just as Sonic Mania saw a group of talented fans going wild with Sega's icon to create something as good as, if not better than the very best 2D Sonic games, then the enthusiasts at Sumo Digital have worked similar magic here. Not that it's saying particularly much, but this might well be the best 3D Sonic in a generation or two.

Maybe that shouldn't come as much of a surprise - not if you've been paying attention, anyway. Some seven years ago Sumo Digital made, in All-Stars Racing Transformed, an arcade racer worthy of the greats, helped in no small part by how it leaned on so many of Sega's legends. Panzer Dragoon! Skies of Arcadia! Burning Rangers! For players of a certain vintage, it was pure heaven.

Team Sonic Racing is a very different game led by a different team, with development primarily handled by Sumo's Nottingham studio, staffed in part by former Free Radical team members. For Sumo Digital's third kart racer for Sega, it sees the biggest departure from the formula yet. There are none of the rich, broad references to Sega's past - instead, this is a pure, dedicated Sonic game (a reverse trajectory to that of Mario Kart, funnily enough, which with the eighth instalment became a Nintendo all-stars series). Jet Set Radio's Beat is out, in other words, but Big the Cat is in.

Read more

Categories: Video Games

Trump Administration Pulls $929 Million In Funding For California's High-Speed Rail

Slashdot - Fri, 17/05/2019 - 15:00
An anonymous reader shares a report from CNBC: The Federal Railroad Administration announced Thursday that it terminated a 2010 agreement with the California High-Speed Rail Authority and will pull a nearly $929 million federal grant. In a release, the FRA said the California agency "repeatedly failed to comply with the terms of the FY10 agreement and has failed to make reasonable progress on the project." At the same time, the federal agency said, "California has abandoned its original vision of a high-speed passenger rail service connecting San Francisco and Los Angeles, which was essential to its applications for FRA grant funding." In addition, the FRA said it "continues to consider all options regarding the return of $2.5 billion in American Recovery and Reinvestment Act funds awarded to CHSRA." "The Trump administration's action is illegal and a direct assault on California, our green infrastructure, and the thousands of Central Valley workers who are building this project," Newsom said in a statement Thursday. "Just as we have seen from the Trump administration's attacks on our clean air standards, our immigrant communities and in countless other areas, the Trump administration is trying to exact political retribution on our state. This is California's money, appropriated by Congress, and we will vigorously defend it in court."

Read more of this story at Slashdot.

Categories: Geeky Stuff

Skyrim mods let you add Game of Thrones' Starbucks cup

Eurogamer - Fri, 17/05/2019 - 13:44

Apparently a very popular TV series has been airing its final season over the past few weeks - and you may have heard that one of its episodes had an extra special treat for keen-eyed viewers: a Starbucks coffee cup accidentally left on-set.

Naturally, the photo was instantly spread around the internet and became an overnight sensation. In fact, it's now spilling into the world of Skyrim, as several modders have answered a call to create Starbucks cups for the world of The Elder Scrolls.

Reddit user DarkMaster06 began the craze by putting out a mod request in r/skyrimmods, which swiftly prompted many to offer up their work. I tested out this one by Sphered (via Nexusmods), which places a single coffee cup on the banquet table in Dragonsreach (and also the Solitude throne room). Here I am doing my best to recreate the iconic scene. Please ignore the raccoon eye makeup - my Skyrim character never left the teen phase.

Read more

Categories: Video Games

Scientists Invent Light-Activated Bio-Glue That Stops Bleeding In Seconds

Slashdot - Fri, 17/05/2019 - 13:30
hackingbear shares a report from CNN: A team of researchers from Zhejiang University School of Medicine in Hangzhou, China, created a gel composed of a network of proteins, inspired by the matrix composition of human connective tissues, and other molecules. The product, which requires ultraviolet light to activate, can adhere within seconds and then bond to wet biological tissue surfaces without suturing. In pigs, the bio-glue sealed a punctured carotid artery, a major blood vessel in the neck, in less than a minute and also filled holes in the cardiac wall. The Chinese researchers monitored their post-surgical pigs for a two-week recovery period and saw natural healing with no abnormalities or unusual inflammation. Around the globe, more than 234 million surgeries are performed each year, the World Health Organization estimates. Additional research confirming the safety of this product is needed before experiments can begin in humans, according to the authors of a study published Wednesday in the journal Nature Communications.

Read more of this story at Slashdot.

Categories: Geeky Stuff

Epic's first big sale is having teething problems

Eurogamer - Fri, 17/05/2019 - 12:37

Yesterday, the Epic Games Store launched its first ever major sale, complete some eye-opening price reductions that almost seemed too good to be true. Well, it turns out many were, as some of the games initially listed in the sale have been pulled from the store, while others have re-jigged their prices several times.

The first to pull a vanishing act was upcoming game Vampire: The Masquerade - Bloodlines 2, which briefly appeared for a discounted price, but now displays a 404 error. Epic explained Paradox chose to remove the title at the last moment, as the publisher decided it no longer wished to participate in the sale.

"If a developer or publisher chooses to not participate in our sales, we will honor that decision," Epic told Kotaku via email. "Paradox Interactive has chosen to not participate in the Epic Mega Sale and the game has been temporarily removed from sale. If you've purchased Vampire: The Masquerade - Bloodlines 2 during the period when the discount did apply at the time of check out, Epic will honour that price."

Read more

Categories: Video Games

Verizon's 5G Network Is Now Hitting Gigabit Download Speeds

Slashdot - Fri, 17/05/2019 - 12:00
A month ago, Verizon's 5G coverage in Chicago was exceedingly difficult to find and the speeds were only noticeably faster than LTE. Now, Chris Welch from The Verge says the company "has ramped things up." While coverage "remains extremely limited" and "varies widely block by block," the speed is lightning fast. From the report: I just ran a speed test that crossed 1Gbps, and my mind is frankly a little blown. This is in the real world, where my iPhone XS Max is barely hitting 20Mbps in the same spot. Download speeds on Verizon's 5G network now feel like a proper next-gen leap over current LTE performance. Going over 700Mbps is very typical, and crossing that gigabit marker can happen regularly if you're standing near one of the carrier's 5G nodes, which utilize millimeter wave technology to achieve the faster download rates. I'm still walking around Chicago and testing things out, but here are a few quick tests I ran: The pilot episode of The Office downloaded from Netflix at "high" quality in eight seconds. That's not a typo. I pulled down Marvel's Iron Man 2 from the Amazon Prime Video app at "best" quality in 90 seconds. Welch balances his excitement by saying that "indoor coverage on Verizon's 5G network is basically nonexistent." Also, "uploads are still limited to LTE on Verizons 5G network" and "tethering with the Galaxy S10 5G isn't yet supported (at 5G speeds)." Another thing to think about is the fact that barely anyone is on Verizon's 5G network right now. When people actually start buying 5G devices, the 1Gbps speeds will surely drop.

Read more of this story at Slashdot.

Categories: Geeky Stuff

Pokémon Go's big raid event will offer free passes, likely your best chance at Shiny Lapras

Eurogamer - Fri, 17/05/2019 - 11:59

Pokémon Go's next big event will focus on raiding, with a week of extra raid passes for free, a bumper raid hour, and a raid day specifically for Lapras.

The week will run from next Tuesday, 21st May, at 9pm (so, after raids finish here in the UK) until 28th May at the same time.

Over the week, an interesting selection of bosses will be available - including the release of Shiny Bronzor via Tier 1 raids. All raids will give double Stardust and double XP. Happily, two raid passes will be given out every day instead of the usual one. [UPDATE: Mention of this has subsequently been removed.]

Read more

Categories: Video Games

Lords of the Fallen 2 ditches developer and hits the ropes again

Eurogamer - Fri, 17/05/2019 - 11:43

Lords of the Fallen 2 appears to be back on the ropes again.

No sooner had the game attached a new developer, Defiant Studios in New York, than we now hear the partnership has ended and the Polish company in charge, CI Games, has decided to finish the game in-house with outsourcing help.

The break doesn't sound amicable. Here's how CI Games announced it in a Polish press release on Wednesday, 15th May (translated for Eurogamer by Daniel Kłosiński - thank you).

Read more

Categories: Video Games

Rage 2 review - sparkling combat is let down by a hollow open world

Eurogamer - Fri, 17/05/2019 - 09:00

For all its promise of anarchic mayhem and its striking punk palette, Rage 2 is a surprisingly vanilla experience. Though on paper it delivers a lot of the contemporary triple-A features we've come to expect - meaty combat, open-world exploration, sassy (if occasionally grossly stereotypical) NPCs that offer secrets and side missions, unlockable fast travel, and a perfectly serviceable, if somewhat derivative, post-apocalyptic story - it sometimes feels as though these disparate parts are pieces of a puzzle that don't quite mesh together as a whole. Despite its deliciously decadent violence and unapologetic gore, Rage 2 is trying to be all things to all people, and its own identity just might have been lost in the shuffle.

While this sequel includes a handful of subtle, hat-tipped references to its predecessor, you can safely embark on this adventure without having jumped into the last. You play as one of the last remaining Rangers, an almost unique symbol of virtue and citizenship in an otherwise lawless, impoverished society rife with bandits, mutants, and ne'er-do-wells.

You can select either a female or male Ranger and they're fully-voiced and fully-realised, complete with an intriguing-if-not-particularly-unique backstory that drives much of the main campaign's impetus. Consequently, your foes are numerous, ranging from mutants who have been physically and intellectually scarred by experimentation, lawless bandits - including the oh-so-colourful punks you've seen adorning the marketing materials - and the military might of the Authority, a technologically-savvy army led by General Cross. It's the latter that is the most formidable, and it's those battles that are likely to be the most challenging, too.

Read more

Categories: Video Games

China's Rover Reveals Moon's Hidden Depths

Slashdot - Fri, 17/05/2019 - 09:00
China's Chang'e-4 mission to the dark side of the moon has discovered signs of mantle material at the moon's surface, "effectively setting an 'X' on lunar maps for future explorers seeking this not-so-buried geological treasure," reports Scientific American. From the report: China's Chang'e-4 mission touched down near the south pole on the lunar far side on January 3, 2019, the first spacecraft ever to land intact on this largely unexplored region of the moon. Consisting of a lander and rover, the mission is still going strong today, with the rover -- called Yutu-2 -- continuing its journey across the surface. On board are a variety of instruments, and today in Nature scientists from the Chinese Academy of Sciences in Beijing report the mission's first scientific results, suggesting lunar mantle material has at last been located. "We found that the material of the Chang'e-4 landing site is mainly composed of olivine and low-calcium pyroxene," says Dawei Liu, one of the paper's co-authors. "This mineral combination is the candidate mantle-derived material." Chang'e-4 rests inside the South Pole-Aitken (SPA) basin, which, at 2,500 kilometers across, is one of the solar system's oldest and largest known impact craters. Specifically, the mission touched down in the 186-kilometer-wide Von Karman crater within this larger basin. Von Karman was produced billions of years ago by the impact of a large comet or asteroid; such collisions can excavate mantle material from deep underground, allowing it to be scattered across the surface by subsequent impacts. The mantle material was discovered using the Visible and Near Infrared Spectrometer on Yutu-2, which can ascertain the chemical composition of rocks by studying their reflected light. Both olivine and pyroxene are believed to be among the first minerals that froze out from the moon's magma ocean as it cooled, falling to its solid base deeper in the mantle. Because previous surveys from orbit have revealed much of Von Karman's floor to be composed of lava from volcanic eruptions rather than excavated mantle, the paper's authors suspect the material detected by Yutu-2 was actually blasted into Von Karman from the upper mantle beneath another nearby impact structure, the 72-kilometer-wide Finsen crater.

Read more of this story at Slashdot.

Categories: Geeky Stuff

Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)

Microsoft Security Response Blog - Tue, 14/05/2019 - 19:05

Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware. 

Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows. 

Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected.  

Out-of-support systems include Windows 2003 and Windows XP. If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705

Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected. Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows.  

There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate. 

It is for these reasons that we strongly advise that all affected systems – irrespective of whether NLA is enabled or not – should be updated as soon as possible.  

Resources
Links to downloads for Windows 7, Windows 2008 R2, and Windows 2008
Links to downloads for Windows 2003 and Windows XP  

Simon PopeDirector of Incident ResponseMicrosoft Security Response Center (MSRC)

Categories: IT

May 2019 Security Update Release

Microsoft Security Response Blog - Tue, 14/05/2019 - 19:00

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.

More information about this month’s security updates can be found on the Security Update Guide.

Categories: IT
Syndicate content