The UpStream

Forget Rickrolling - Jeb Bush Releases Viruses Online

posted Sunday Feb 15, 2015 by Scott Ertz

Did you hear? Jeb Bush might be running for President. If you haven't heard yet, don't worry - you will. He is likely to be this election cycle's Hillary with a will he/won't he media blitz. In the end, there is no doubt that he will appear all over television before finally announcing that he is running, and making a showing at that.

In an attempt to be more like Obama and less like Hillary, however, Jeb is trying his hand at the Internet. Some say it is what ended up winning Obama his first term. However, it would appear that Jeb might have never used the Internet before. If he has, he used it more like an old person than a young person: a scenario that should be kept private, right?

Well, that isn't quite how things went down. Instead of pretending he knew what he was doing on the web, he released a huge cache of emails that he sent and received while he was governor of Florida. His goal was to show he uses computers and that he is willing to be open with the people. Being open is great, but some information should be redacted - it's why the concept was invented. You shouldn't release it with only the words "it," "he" and "the" left in, but you should probably remove some stuff.

For example, before releasing emails, you should probably scrub all of the email and physical addresses that might be contained within them. The alternative is, you just released a spammer's dream document: email addresses of people in Florida, who are probably just as adept at the computer as you are.

More importantly, you should verify that there are no attachments in the emails that will make you look like an old Floridian - for example, viruses. In this case, Jeb received viruses to his jeb@jeb.org email address: likely from the same people who are scanning these emails for new addresses. Contained within these released emails is a veritable museum of the early 2000's best viruses: Happy99, JS/Kak@M and W32.Badtrans.B@mm, just to name a few.

Since this gaff, the unaltered Outlook PST files have been removed and a new, intelligently redacted version has been released instead.

Evolve Does not Receive Warm Welcome from Gamers

posted Sunday Feb 15, 2015 by Scott Ertz

<i>Evolve</i> Does not Receive Warm Welcome from Gamers

A lot of people were really excited for the release of Evolve. I was not counted among them, but I know several people on the team who were. I did, personally, hold a Mirror's Edge type curiosity for a relatively unknown game style from a relatively well-known studio. Unfortunately, publisher 2K was not doing anything to try and win me over - like release information about the game.

While you could play in a series of betas, it was unknown what would come with the game, how it would be distributed, etc. Despite this, people pre-ordered the game online and at retailers, not knowing whether their money would be well-spent, but certainly hoping. Then came the tiers: $60, $80, $100 - all for an online-only, multiplayer-only game. So what magical content could you possibly get for $100?

As it turns out, almost nothing more than the $60 game. In fact, the big difference is in the number of skins available: 12 hunters and 3 monsters for $60 or 18 hunters and 4 monsters and 4 skins for $100. Yes, you had to pay almost double to receive less than double the CHARACTERS. No extra play, no new content - just characters.

So, clearly the idea of asking $100 for a few minor components is insane, and that does seem to be the general consensus with online reviews. Add to it the idea that there are a slew of $4.99 and $6.99 additional add-ons you can purchase for even more skins, and a $24.99 "Hunting Season Pass" can bring the price to half that of a console.

Unfortunately, this isn't where gamers' frustrations with the game end. The base price, $60, is said to be too high, even if it came with all of the add-ons. Gamers are used to the $60 price tag, but are also used to a healthy single player campaign and a well-considered multiplayer scenario. With Evolve you only get the latter, which may be the part that gets played repeatedly, but isn't the part that makes you fall in love with the game, mechanics and, in some instances, the characters (I'm looking at you Cortana).

Have you played the game? Are you happy with what you bought? Let us know in the comments.

Google Changes Policy on 90 Day Bug Release

posted Sunday Feb 15, 2015 by Scott Ertz

Google Changes Policy on 90 Day Bug Release

Google's Project Zero has not been met with a lot of acceptance from the software community, but has received particular flack from Microsoft. It is a reasonable response from a company who seems to have been specifically damaged by Project Zero's 90 day release policy. That policy, which has been unalterable by the company, has unfortunately released information about Microsoft vulnerabilities before the company has had a chance to patch them. That is an incredibly unusual circumstance in the security world, where the normal policy is to inform the developer of their issue, allow them to patch it, then release the terms of the issue.

This week, Google revised its policy on releasing information on a strict 90 day schedule. They said that they would begin to give their vendors an additional 14 days, so long as the company promised to fix the issue within that 2 week period.

We now have a 14-day grace period. If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch. Public disclosure of an unpatched issue now only occurs if a deadline will be significantly missed (2 weeks+).

Unfortunately, as any software developer will tell you, a hard-set release schedule set by someone outside of your development environment is insane. Some patches are deeper into the system and require significant changes higher up as the initial change is made. Some of these changes simply cannot be made within a 90 day period, and to expect it shows a complete lack of understanding of the software process. It is understandable, though, for a company so totally removed from well-built software.

It will be interesting to see in the coming months which "vendors" they decide to apply these more lenient rules to. Will Microsoft see 14 day grace periods, or will it be just for, as they say, "bugs in the pipeline for Google products?"

Microsoft and Samsung Settle Lawsuit Over Android Patent Royalties

posted Sunday Feb 15, 2015 by Nicholas DiMeo

Microsoft and Samsung Settle Lawsuit Over Android Patent Royalties

Six months ago, Microsoft sued Samsung over missing royalty payments for Android patents Samsung was using. Samsung claimed that since Microsoft purchased Nokia, the company didn't have to pay anymore. Microsoft decided to sue, and because of that, the two parties have agreed to settle outside of the courtroom.

While the specifics of the deal were not disclosed, both companies posted very short statements on their respective websites. Samsung's EVP Jaewan Chi wrote,

Samsung and Microsoft are pleased to announce that they have ended their contract dispute in U.S. court as well as the ICC arbitration. Terms of the agreement are confidential.

Aside from the very brief statement, Microsoft officials would not comment or verify the terms of the settlement. The good news is that Samsung and Microsoft can continue their seven-plus-year contract, with Samsung paying over $1 billion in 2013 alone for the use of patents Microsoft owns.

This puts Samsung back in line with LG and HTC for complying with patent licensing agreements. Still disputing contractual obligations is Motorola, and that's been ongoing since 2010, with no imminent end in sight. Microsoft currently licenses its patents to almost two dozen different companies who manufacture Android, Chrome and Linux-based products.

Sling TV is Open for the Public to Try, Announces Deal with AMC Networks

posted Sunday Feb 15, 2015 by Nicholas DiMeo

Sling TV is Open for the Public to Try, Announces Deal with AMC Networks

Sling TV was announced back in January at the International CES in Vegas, and for about a month, the cord-cutter's alternative was open to those only with an invitation, and contained a select list of channels. Now, Dish has announced that its pay-TV service will be open to the public to sign up, and will have a lot more than what it initially offered in its closed testing.

For only $20 per month, customers can access content such as TNT, TBS, Food Network, HGTV, Travel Channel, El Rey Network, Maker, Adult Swim, Cartoon Network, Disney, ABC Family, CNN and Galavision. More importantly, that same $20 will also include live sports on ESPN, ESPN2 and ESPN3, finally severing the tie between ABC's primetime sports content and having to have a cable subscription to view it online. Dish also announced this week that it will be adding AMC Networks to the lineup in the very near future, after completing a deal with the network shortly after announcing that Sling was open to the public. AMC's content will be available in the same $20 per month tier.

Roger Lynch, CEO of Sling TV, announced the agreement with AMC, saying that its something a lot of people have been wanting.

We flipped the switch this morning opening up Sling TV to all consumers, and we’re giving them something they’ve been asking for: AMC. Soon Sling TV will deliver hits like The Walking Dead and Mad Men with AMC included in our core package. We found a great partner in AMC Networks with a wide range of popular channels to help us quickly make that a reality.

For those looking for more sports, more kid-centric content or for more news and information-based shows, Sling has lined up a view a la carte items to select from. Three additional packages are available for $5 per month on top of your base of $20. HLN, DIY, Bloomberg and the Cooking Channel are lumped into the "News & Info Extra" package. Disney Junior, Disney XD, Boomerang, BabyTV and DucksTV are all available with the "Kids Extra" package. And finally, for those who can't cut the cord because of the lack of live sports available outside of a cable subscription, $5 more per month with Sling will get you the "Sports Extra" package, consisting of ESPN U, ESPN's SEC Network, ESPNEWS, ESPN Bases Loaded, ESPN Buzzer Beater, ESPN Goal Line, BeinHD Sport, Univision's IDN and NBC Universal Sports Network.

A couple of kickers should be noted here. First, some networks will not allow you to rewind and fast forward content, kind of like the on-demand channels on your cable box currently. This is due to contractual restrictions with the networks in question but only exists with shows that have aired in the past 3 days. Also, Sling TV is only available to be viewed from one device at a time, so you can't go all Netflix with this service and share it to four other people at once.

Now for the perks that will simply be listed in succession. Another plus to the sports fan is that the WatchESPN is also available with Sling's basic package. Sling TV customers do not need to sign up to any contracts or commitments for service. Lastly, there's a seven-day trial waiting for anyone who wants to sign up and give this new service a go. I know I'm going to.

Sling TV is available on all the usual platforms you'd expect, with Dish partnering with Roku and Amazon with device offerings. And while we don't see the app on the Windows Store (and there's no plans for it on the site yet), Sling TV is smart and has offered up a standalone download to install the software on any laptop or PC. An especially exciting plus is that under the supports devices for gaming consoles, the Xbox brand is listed as "Coming Soon!" Sony's PlayStation line of devices is not listed as supported on Sling's website.

Malware Attack on Banks Allows Thieves to Walk Away with Over $300 Million

posted Sunday Feb 15, 2015 by Nicholas DiMeo

Malware Attack on Banks Allows Thieves to Walk Away with Over $300 Million

In what is one of the largest and intricate Internet attacks of all time, banks across the globe have been breached since 2013, allowing hackers to walk away with over $300 million in less than two years. Among the 100 banks from 30 countries that have been affected, Russia, Japan, Europe and the US are within that pool of nations.

An extremely advanced malware attack seems to be part of the cause, as discovered by Kaspersky Labs, the team which completed a report on the matter. So far, no banks have stepped up to admit they've been attacked, probably due to the severe nature of the breach. On the heist, Kaspersky NA's manager Chris Doggett said,

This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert.

Just how covert were these criminals? According to the report, the robbers were calculated and meticulous with their actions, going so far as to install surveillance software onto bank computers in order to track and measure operations over a long period of time. Then, they were able to disguise themselves as actual bank employees to draw up to $10 million out of customers' accounts. A particular client of Kaspersky has alleged that they are missing over $7.3 million from their bank account from ATM withdrawals.

The good news, for us in the United States at least, is that almost all of the banks affected are based out of Russia. However, Kaspersky says the malware is spreading and still active. When the security firm reached out to the Financial Services Information Sharing and Analysis Center, the financial industry's advisory board on cyber attacks and malicious software, the agency said that it is aware of the breach and has "disseminated intelligence on this attack to the members." Customers of affected banks have not yet been informed of the attack.

We're live now - Join us!
PLuGHiTZ Keyz

Email

Password

Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats