The UpStream

New iPhone Models Are Less Affected by Controversial Feature

posted Saturday Feb 10, 2018 by Scott Ertz

New iPhone Models Are Less Affected by Controversial Feature

Ever since Apple admitted to throttling their users' older iPhones, the company has been in hot water. A handful of lawsuits have been filed, with class action status being considered. All of this was expected, though, considering Apple had hidden the practice from the public. The one thing that was uncertain, however, was how future devices would be affected by the practice, if at all.

Apple revealed the answer to that question by way of the support document for the new Battery Health feature, introduced in iOS 11.3 beta this week. The feature in the operating system is to officially notify users of Apple limiting the capabilities of their devices, and to give users the ability to disable Apple's control over their phones. While there is a lot of information contained within the document, the most interesting paragraph deals with the current generation iPhones.

iPhone 8, iPhone 8 Plus, and iPhone X models use a more advanced hardware and software design that provides a more accurate estimation of both power needs and the battery's power capability to maximize overall system performance. This allows a different performance management system that more precisely allows iOS to anticipate and avoid an unexpected shutdown. As a result, the impacts of performance management may be less noticeable on iPhone 8, iPhone 8 Plus, and iPhone X. Over time, the rechargeable batteries in all iPhone models will diminish in their capacity and peak performance and will eventually need to be replaced.

This means that Apple, who was aware of the power management issues long enough ago that they shoehorned a stopgap solution into iOS, was also able to compensate for the issue in their current devices. Obviously this is a major step in the right direction, as the issue that Apple has been "trying to solve" with their throttling program is one that BlackBerry OS, Palm OS, webOS, Windows CE, Windows Mobile, Windows Phone, Symbian and Android have never experienced, across hundreds of manufacturers, despite Apple's assurances that this is a natural issue.

Obviously this is not going to make owners of older devices feel any better, though being able to disable the "feature" might, and it certainly won't make the lawsuits go away. It will, however, make current and future generation owners feel a little better about the longevity of their devices.

YouTube Advertising Serves Unauthorized Drive-By Mining Attacks

posted Saturday Jan 27, 2018 by Scott Ertz

YouTube Advertising Serves Unauthorized Drive-By Mining Attacks

Browser-based cryptocurrency mining has become a bit of a drain, both on the internet and on people's computers. Some sites have implemented the process as a supplement for lost ad revenue due to ad blockers. Others have taken it a step farther, introducing mining software into the ads that show on those websites themselves.

While this process would be expected from ads served by smaller ad exchanges, you would probably expect an ad network like Google AdSense or Google DoubleClick to have policies and procedures in place to prevent any malicious software from being served by their own ads. Unfortunately, you are giving Google more credit than is deserved, as that is exactly what happened this week.

Ads being shown on Google's own YouTube were found to be taking advantage of viewers' CPU cycles to mine cryptocurrency without the viewers' knowledge or permission. Using an ad to mine coins on a site like YouTube is clever, if not devious. Users tend to stay on the site for a longer period of time than most other sites, and even stay on a single page for an extended period, while doing little else on the computer. This means that the mining will be consistently run for a longer period of time, and will not be as detectable because users are not using their computers heavily.

As Google became aware of the issue, a spokesperson sent an email saying,

Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we've been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.

The problem with the statement is that the two hours referenced by the representative was, in reality, over a week. That is according to a report from Trend Micro, who has been studying the practice of web-based mining carefully. Trend Micro, as well as Avast and other antivirus platforms, have begun warning users when a site is running mining code in the browser, and allows users to block that code temporarily or permanently.

While these drive-by minings are becoming more common, and approaching an epidemic, there is no evidence that there is any lasting effects after the browser window is closed, or the website is left.

Another Bad Week for the Security of Cryptocurrencies

posted Saturday Jan 27, 2018 by Scott Ertz

Another Bad Week for the Security of Cryptocurrencies

Over the past year, the value of cryptocurrencies has fluctuated up and down, with Bitcoin reaching unimaginable highs. While value has been variable, there has been one constant: insecurity. Despite the idea that these coins are based on encryption, somehow the way the coins are stored, in digital wallets, is far from it. In fact, it seems that stealing these coins might be the easiest way to make a quick buck. This week, two more exchanges suffered breaches, in one form or another.

First, and most damaging, was the Japanese exchange Coincheck. The company ceased operations on Friday, after 500 million XEM coins, created by the NEM foundation, were stolen. At noon local time, all deposits of XEM were suspended. By 4PM, all deposits were suspended, and by 6PM all transactions of any kind were suspended. Shortly after, police were spotted at the offices of Coincheck.

Of course, there is plenty of blame to go around, though some of the organizations involved are looking for ways to be uninvolved. The president of the NEM foundation, Lon Wong, was quoted as saying,

This is the biggest theft in the history of the world.

In reality, the value of the loss was around $400 million. The 2014 hack of Mt. Gox resulted in just shy of $492 million being stolen, bankrupting the company and likely singlehandedly delaying the overall acceptance of cryptocurrency until this past year. But, size and scale not withstanding, Wong also claims that the reason for the hack was because Coincheck did not implement an important part of the transfer contract.

Alos this week, around $4 million worth of IOTA coins was stolen. This was a far less high-tech method, involving poor planning on the part of IOTA themselves and a creative phishing site. Because IOTA requires a generated seed to begin and to secure the wallet, someone created a website that masqueraded as the official seed generator and bought their way to the top of Google's search results for the term. Founder David Sønstebø, described it saying,

What actually happened was a lot of unfortunate users were generating their unique seed (which is what you derive your password from) from a false website, a phishing website. It was meticulously crafted in such a way that it ended up being at the top of a Google search for IOTA seed generator, it was the first thing listed in the ads…So, this malicious actor essentially had people go there, and he/she created a website that looked very legitimate to new users. Therefore, they trusted it, and generated a seed there. That essentially means that they gave away their private key to a thief. It's equivalent to giving your keys to someone as you go into a store, and then coming back out to find that your car is gone.

So, in this case, the blame falls squarely on the shoulders of the organization that allowed their security structure to be dependent on an outside tool, which was easily duplicated. There are bound to be more technological and security-related blunders as this new industry tries to find its footing. Investing now could bring in large rewards, but could also lead to major failures, such as in these cases.

Microsoft Might be Responsible for GameStop's Troubles

posted Saturday Jan 27, 2018 by Scott Ertz

Microsoft Might be Responsible for GameStop's Troubles

While the company has expanded its offerings in recent years, there is no doubt that GameStop's main business is in used games. A number of threats have caused the company's diversification, but analysts at The Motley Fool believe that a new move from Microsoft could be a nail in GameStop's coffin.

GameStop has been in trouble over the past year or so, even as the rest of the stock market has rallied. In 2017, GameStop took a slide of over 10%, one of few companies the end the year that way. The company has continued to see a slide in its stock price, as other companies in the industry have recovered or improved on their positions.

The move from Microsoft that could continue GameStop's trouble is the expansion of the Xbox Game Pass. As the service stands today, it offers a large, rotating catalog of games available to Xbox One owners for $10 per month. It's essentially the Netflix treatment for Xbox games: one price, all you can play. Already this is a problem for GameStop, who relies on the sale of older games to keep them alive, and with Game Pass, they are already getting hit.

At least GameStop still has newer releases, right? Wrong. Microsoft has announced that they are expanding the lineup of Game Pass to include Day One releases of first party titles. This will begin with Sea of Thieves, which will release to market in 2 months, and will be available for Game Pass subscribers at the same time. This means that gamers who would normally wait a few weeks for the hype to die down and buy the game used from GameStop in April for 20% off, will be able to play the game Day One for only $10.

If ever there was a threat to the business model of GameStop, this is it. Luckily for GameStop, this only affect Xbox titles, and currently only first party titles. There are still third party titles, and of course PlayStation and Switch consoles, in the mix. But, how long before Sony makes a similar move to include first party titles into their PlayStation Now offering? How will GameStop respond to this new threat to their aging business model? Only time will tell.

For the First Time in Years, Apple Has Analysts Guessing

posted Saturday Jan 27, 2018 by Scott Ertz

For the First Time in Years, Apple Has Analysts Guessing

This week has been a whirlwind of analyst predictions for Apple's future, and for the first time in several years, there is no clear story. Normally analysts are able to piece together the company's plans based on just a few factors, such as current product sell-through rates, parts orders and manufacturer contracts. This years, the numbers are all over the place, and there is no picture coming to light.

A number of analysts, including KGI securities, have said that, because of Apple's lower than expected demand for the iPhone X, and the lower than average satisfaction from those who own them, the iPhone X might not survive the generation. This is significant for a number of reasons. First, this is Apple's first real attempt at any sort of innovation in a decade. The iPhone has been the same device with moderate improvements since the first model. The iPad is a larger iPhone, with a model that incorporates a Microsoft-style stylus. The HomePod is an Amazon Echo, Google Home, Harmon Kardon Invoke catchup device, whose assistant seems to be not up to the task. It would appear that, without Steve Jobs' hands-on management, the iPhone X has not been the success Apple needed.

Second, Apple is notorious for keeping the previous generation devices around after their successors reach the market, as an option for those who do not want the latest device, or are looking for a more budgeted entry into Apple's ecosystem. Infrequently does an iPhone not survive to live another day after its official retirement. The iPhone 4c and iPhone SE are the only modern examples that I can think of that didn't make the cut, and that is because they were bottom of the ecosystem at launch. The flagship device has never been skipped over for retention.

On the other hand, analysts at The Investor have other beliefs. They suggest that the iPhone X will survive the model cut, possibly as the only device to survive, with the iPhone 8 and iPhone 8 Plus being cut instead. The rest of the line is believed to be an upgraded version of both, presumably being marked iPhone 8s and iPhone 8s Plus. Rounding out the line would be a new version of the iPhone SE, perhaps iPhone SE 2 (launched well ahead of the next generation). These devices are tipped to be larger models, possibly leaving the iPhone X as the smallest device in the family.

Depending on who you ask, the new models, which are definitely coming, could have a variety of screens. Some analysts suggest that all models will feature OLED screens, while other suggest that it will be 2 with OLED and 2 with more traditional LCD. Some report that all of the OLED screens will continue to come from Samsung, who supplied the screen for the iPhone X, while others suggest that Apple is in talks to bring LG's screens into the fold as well.

No matter the outcome, there is on thing that is clear: Apple seems to actually have people guessing what their next move will be, and that is a major change for the industry. Whatever informational hole has existed within the company seems to have been sealed. Whether that is in the company's best interest remains to be seen.

DMCA Regulations on Abandoned Videogames: A Step toward Videogame Preservation or a Path toward Legal Piracy?

posted Wednesday Jan 17, 2018 by Guest Blogger

When you buy a book at the store, you expect to read it from start to finish, without any interruption or pages missing, for as long as you want. Often times, revisiting the stories from the book brings back fond memories and nostalgia that you hope to share one day with your kids, family and friends. Unfortunately, this is not the case when you purchase abandoned videogames. When these games are shut down, they often disappear for good, erasing big portions of gaming history forever.

This is because the Digital Millennium Copyright Act's ("DMCA") anti-circumvention provisions (17 U.S.C. § 1201) prohibit consumers from circumventing copyright protection measures put in place on games or any other digital media. However, the United States Patent and Trademark Office ("USPTO") has proposed a set of exemptions to the DMCA that would allow gamers to keep abandoned games running.

What is DMCA § 1201 Exemption for Videogames?

In 2015, the USPTO enacted an exemption to Section 1201 that directly impacts the game industry: an exemption for museums, libraries and other archival efforts circumventing the DMCA to preserve (in a playable state) games that require one-time server checks that are no longer available. This exemption allowed for the circumvention of authentication servers in order to render games playable (often called "jailbreaking"), so long as the game content is stored on the player's computer or console. Although there were flaws in the exemption, it was a victory for the videogame archiving community. Additionally, this exemption must be renewed by the USPTO on a triennial basis.

As it currently stands now, the DMCA exemption does not expand to multi-player games; however, the Museum of Art and Digital Entertainment (MADE) petitioned the USPTO to expand the exemption so that it covers multi-player games and allows people affiliated with them the ability to play.

These new set of proposed exemptions to the DMCA has stirred much debate in the gaming industry. Proponents claim that they should be able to 'play the videogames they have already paid for' and that keeping it illegal to fix broken, abandoned games effectively forces people to keep buying newer releases. Whereas opponents argue that the proposed exemptions would, in effect, eviscerate virtually all forms of access protection used to prevent videogame piracy. Specifically, the Entertainment Software Association (ESA) submitted oppositions to the exemption to the USPTO, stating that, "(h)acking videogame access controls facilitates piracy and, therefore, undermines the core anti-piracy purposes of (the DMCA)."

On October 26, 2017, the UPSTO reviewed all submissions regarding the new set of proposed exemptions to the DMCA and agreed to continue to preserve old videogames, and thus recommended that all of them be renewed. The USPTO indicated that it didn't "find any meaningful opposition to renewal." At this point, the USTPO is now seeking public comments on the new set of proposed exemptions to the DMCA.

What Happens Next?

Whether or not the new set of proposed exemptions to the DMCA benefits gaming archivists and historians alike - or creates a new path toward legal piracy - a good place to start is to submit public comment regarding this topic to the USPTO. The USPTO has initiated three rounds for public comments, with the first round due on December 18, 2017. If the new set of exemptions to the DMCA gets approved, then your kids might get to play some of the old videogames you once enjoyed as a child someday.

Leia V. Leitner is in an attorney at Watson LLP where she counsels businesses on cybersecurity and other aspects of technology law. She may be reached at (407) 377-6634 or by email at leia@watsonllp.com.

We're live now - Join us!
PLuGHiTZ Keyz

Email

Password

Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats