News
1. THE AD-BLOCKING HACKER MAKING YOUR BROWSER MORE PARANOID
AUTHOR: KLINT FINLEYKLINT FINLEY BUSINESS Date: 05.09.16 Time: 07:00 AM
WE'VE LOST CONTROL of our web browsers. Sure, we tell them what sites to load. But after that, browsers do the bidding of someone else's server, executing code that could, for all we know, install malware on our phones and computers to spy on our every digital move. And sometimes they do. In 2009, The New York Times inadvertently served an ad that redirected readers to a page claiming that their computers were already infected with malware. It urged them to download fake antivirus software that actually hijacked their machines instead. Since then, the problem has only grown worse. In March, several major publishers, including the Times and the BBC , were found to be serving malicious ads. Between June 2014 and February of this year, researchers observed a 325 percent increase in malicious advertising. And that's all to say nothing of the way websites routinely share our browsing data with advertising networks.
"It is something with ubiquitous effects on anyone who uses the Internet," says Yan Zhu, a 25-year-old physics major turned hacker who has spent the last three years building tools to make our browsers less credulous.
In that time, among other projects, she's helped the Electronic Frontier Foundation build Privacy Badger, a browser plugin that blocks web trackers. The catch is that although Privacy Badger is only designed to block trackers, not ads, the ads are often blocked as a side effect.
And the modern web is still heavily dependent on advertising to make money. Surfing the web has become a choice between sacrificing your privacy or undermining the way journalists and other content creators get paid.
DAN TENTLER
that blocks ads right out of box, with no need for users to
install plugins or change their settings. But instead of simply blocking ads,
Brave will try to replace them with ads that actually respect your privacy,
and give publishers a cut of the revenue. That's a near complete
reinvention of the way browsers typically work. Not only could it shift the
way publishers get paid, but it also gives you more say over
what actually runs on your computer.
That's particularly important now because despite the rise of mobile apps, web
browsers are still one of the most important ways we interact
with the Internet. That puts Zhu at the center of several debates about the future
of privacy, online anonymity and individual control over the technologies we use.
Learning to Be Paranoid
For Zhu, the importance of digital security and online privacy aren't hypothetical. In 2009, Zhu met Chelsea Manning,
then known as Bradley Manning, through a mutual friend in Cambridge, Massachusetts, where Zhu was a physics student at MIT.
The two lost touch around the time Manning was deployed to Iraq.
After Manning was arrested for leaking a large cache of diplomatic cables to Wikileaks, some of Manning's acquaintances were questioned by the authorities, apparently under the suspicion that they had been involved in helping Manning with the leak. One student told the MIT student newspaper that he'd been questioned simply for copying Manning on a mass email soliciting advice on what brand of padlock to buy to secure a storage unit. Another student, David House, who co-founded the Bradley Manning Support Network, later reached a settlement with the federal government after he was detained by Homeland Security in 2011 and had his computer and phone confiscated.
Zhu says she wasn't questioned but describes the investigation into her former classmates as baseless. "[The students] had to be a little paranoid about their email communications," Zhu says. "That was the first time I realized that even if you haven't done something wrong, computer security and privacy is something you should be worried about."
In 2012, Zhu moved to California to work on her PhD in physics at Stanford University but soon decided to take a leave of absence. "As much as I liked doing math and working on hard problems like 'How did the world start?', it just didn't seem relevant enough to real people," she says. Digital security, on other other hand, seemed like a pressing issue that could help whistleblowers and private citizens wrongly suspected of illegal activity alike.
But her focus on the browser was something of an accident. She didn't know much about security when she left Stanford, and had only studied basic computer programming as a physics student at MIT. "I'm probably over 90 percent self-taught," she says.
To learn the trade, she volunteered her time fixing bugs in open source projects for the Tor Project, the team behind the popular Internet anonymity tool. She also interned for organizations such as the Freedom of Press Foundation, where she worked on SecureDrop, a tool designed to make it easier for whistleblowers to anonymously share documents with journalists, and for the Electronic Frontier Foundation.
"Her first role at EFF was an internship," says Peter Eckersley, the chief computer scientist, at the EFF in an email. "She didn't start with a deep computer security background, but she learned really, really fast."At the EFF, she worked on Privacy Badger and HTTPS Everywhere, which forces your browser to use secure connections to websites when one is available. Later, as an employee at Yahoo, she worked on End-to-End, a tool designed to encrypt your email within the browser before it ever touches a cloud, so that even Yahoo can't decrypt it.
To learn the trade, she volunteered her time fixing bugs in open source projects for the Tor Project, the team behind the popular Internet anonymity tool. She also interned for organizations such as the Freedom of Press Foundation, where she worked on SecureDrop, a tool designed to make it easier for whistleblowers to anonymously share documents with journalists, and for the Electronic Frontier Foundation.
"Her first role at EFF was an internship," says Peter Eckersley, the chief computer scientist, at the EFF in an email. "She didn't start with a deep computer security background, but she learned really, really fast."At the EFF, she worked on Privacy Badger and HTTPS Everywhere, which forces your browser to use secure connections to websites when one is available. Later, as an employee at Yahoo, she worked on End-to-End, a tool designed to encrypt your email within the browser before it ever touches a cloud, so that even Yahoo can't decrypt it.
Fighting Apathy
Zhu landed at Brave after the company's controversial founder–JavaScript creator and Mozilla co-founder Brendan Eich–reached out to her. She says Brave's idea of finding a way to support journalism while still protecting readers' privacy is what attracted her to the company. "Brave is one of the few groups trying to find a middle ground," she says. "People can keep using ad blockers, which they seem to like, and publishers can make money."
But it's going to be something of a tough sell. A coalition of publishers, including the companies behind The New York Times and the Washington Post , have threatened to sue Brave if the company goes forward with its ad replacement plan.
But the question could remain academic unless enough users actually adopt Brave, which doesn't have the marketing force of a company like Microsoft or Google behind it. The bigger issue, Zhu says, is getting people to care about online privacy to demand change. "I think the problem is that people will stop caring about privacy and security," she says. "So a lot of what I work on is getting people to care abut having a more secure private web." That part of her job is getting easier, though. Every time a major retailer or government website gets hacked and leaks people's personal information online, we realize that perhaps we haven't been careful enough. Fortunately, people like Zhu are out there helping us learn to be paranoid.
2. REVIEW: MICROSOFT SURFACE STUDIO 2
Microsoft's Surface Studio 2 has everything you ever wanted in a creative desktop, and costs more than you probably ever wanted to spend.
2. REVIEW: MICROSOFT SURFACE STUDIO 2
Microsoft's Surface Studio 2 has everything you ever wanted in a creative desktop, and costs more than you probably ever wanted to spend.
LAUREN GOODE GEAR Date: 11.15.18 Time: 09:01 AM
Rate: Rate 8/10
PRICE: $3499
Clear your desk: Microsoft’s Surface Studio 2 is here. Actually, you might want to get a new desk. That’s what I had to do, because the Surface Studio’s 28-inch display didn’t fit well on the cluttered desk where I normally sit. All week, WIRED people walked by my (new) desk and said one of two things: Why are you sitting over here? Or, Oh wow, look at that screen.
The Surface Studio 2 is a personal computing workstation, a glossy hulk of a display with a sleek aluminum frame, a minimal base, and a hinge that lets you tilt the touchscreen display so that it hovers, nearly-flat, above your desk. It’s the second-generation Surface Studio—the first one came out in the fall of 2016—and most of its updates are internal. It runs Windows 10 Pro. This is a performance PC, designed for people who do a lot of heavy multimedia work. To an extent, it’s for people who enjoy playing PC games too.
It also costs $3,500. Or really, for a configuration with the maximum amount of memory, $4,200. That price does include the keyboard, mouse, and a Surface Pen, but not the $99 Surface Dial, a puck can you place directly on the Studio’s giant display and turn and press and click to interact with apps. (You really don’t need this dial, though it’s a fun tool to take for a spin, pun intended.) While the Surface Studio 2 isn’t as costly or as powerful as Apple’s $5,000 iMac Pro, the machine that Microsoft is taking direct aim at with this, the price still puts it in the category of you-really-need-to-justify-it computers.
But just look at this thing! (You can’t, because you are not here, staring at the screen alongside me; you’ll have to trust me.) It’s the kind of computer that makes you believe you’ll make great things with it when you’re not, you know, playing Forza or watching Netflix. You’ll be so productive! Think of how much you can fit on the screen, and more importantly, the detail you’ll be able to see. But really: You will work on your life’s oeurve on this computer.
Like the first Surface Studio, the main attraction on the Surface Studio 2 is its 28-inch PixelSense display. That’s Microsoft’s trademarked phrase, and what it means is that there are roughly a bajillion pixels. 13.5 million pixels, to be exact, with a resolution of 4,500 by 3,000 and a brightness level of 515 nits. It has a 3 by 2 aspect ratio, which Microsoft starting using in its Surface computers back in 2014 and has stuck with ever since. (The iMac Pro, in comparison, has a 16:9 aspect ratio.)
But the Surface Studio 2’s display is a touchscreen, which means you can move fluidly between the Studio’s Bluetooth keyboard, mouse, and actually touching the screen when the mood strikes you. And the mood will strike you: The screen is so luminous, you’ll want to reach for it. No matter that you’ll smudge up the Gorilla Glass that coats it. You’ll want to tap and swipe your way across it.
The display isn’t dramatically different from the one on the original Surface Studio. It even has the same, inch-thick bezels. But Microsoft has made some improvements. The brightness and contrast have been bumped up. While I didn’t have the two Surface Studio models set up side-by-side for comparison (I would surely need another desk for that), colors showed well in photos in Lightroom and in Adobe After Effects, which my WIRED colleague Paul Sarconi usually works in and which he volunteered to use on the Surface Studio 2.
At the top of the display there’s a Windows Hello facial recognition camera, which, again, was on the first Surface Studio. It’s been working more smoothly than Windows Hello has ever worked on a Surface laptop for me, although let’s assume I’m opening laptops at weird angles sometimes, whereas this is set in position. The display is enclosed in an aluminum chassis, which is attached to the base via two stainless steel arms.
And then there’s the “zero gravity” hinge, named as such because of the way the display appears to hover above the base when you’ve tilted the screen way back. Some of you might recall that Lenovo tried to do this years ago with a 27-inch “tabletop PC” called the IdeaCentre Horizon. Things got awkward, more awkward even than its name suggested. Somehow, when Microsoft first introduced the Studio, it made tilting back a giant touchscreen look sexy. I can tell you in all honesty that I felt almost no need to actually use the Surface Studio 2 in this mode. But I wanted to. Sort of.
The base, which houses all of the Studio’s most critical components, is a nondescript gray box. All of its ports have been positioned on the back of the base, which means you’re reaching far behind the display to do something as simple as plug in your headphones. Along with that headphone jack, you get an SD card reader, an Ethernet port, four USB 3.0 ports, and one USB-C port. The USB-C port is both a positive addition and an imperfect one. Microsoft has left USB-C off of some of its newer Surface computers, so I’m thankful it’s represented here. But this USB-C port doesn’t support Thunderbolt 3, which would let you connect a variety of different devices to the machine.
The biggest update to the new Surface Studio 2 is its internals. The first Surface Studio shipped with a sixth-generation Core i5 processor in its base model, along with a Nvidia GeForce 965M graphics card. This new Studio ships with a seventh-generation Core i7 chip and GeForce GTX 1060 graphics card, the latter of which is a significant upgrade.
It’s worth noting, though, that the seventh-gen Intel Core processor is already a generation behind, and Microsoft won’t say why it has gone with this chipset rather than using newer, more powerful Intel chips. But Microsoft is standing by its claim that the Surface Studio 2 is the fastest Surface computer it has ever shipped, likely because of the way the CPU and GPU are coupled and because of the change from a slower hybrid disk drive to a full solid-state drive. It’s also offering up to 2-terabytes of storage, and has bumped the base RAM from 8 gigabytes up to 16.
This makes it a PC that’s very capable of supporting power-hungry media projects as well as console-level gaming, even if it’s not the most powerful workstation on the market. It easily handled Forza Horizon 4 , which I was lucky enough to play for my job, and Paul said the Surface Studio 2 was a dream to work on for an afternoon using AfterEffects. The program was responsive when he called up multiple source files, and his project rendered quickly (“way faster” than it would on his MacBook Pro, he said, though that’s his day-to-day machine that’s been loaded with apps and files at this point.)
Do you need the Microsoft Surface Studio 2 for your day-to-day work? Probably not, unless you’re a serious multimedia professional. Even then, you’ll have to make a critical choice between the Mac and Windows ecosystem, and for some people, that’s a deal-breaker—especially at this price. And as a workstation, it’s not as though the Surface Studio 2 is unparalleled. There is, of course, the iMac Pro.
But in six short years, Microsoft has gone from making accessory hardware to making its own laptops to making a powerful workstation that is an absolute thing of beauty. That’s something I can get behind, impractical for me though it may be.
3. FIGHTING CYBERCRIME WITH SELF-HEALING MACHINES
PARTNER CONTENT AUTHOR: MATT STEVENSON. WIRED INSIDER Date: 05.10.18 Time: 09:31 AM
OUR DIGITAL SOCIETY thrives on the successes of science and technology. Connected devices, and the information that flows through them, are everywhere. Megatrends, like the accelerated pace of innovation and rapid urbanization, will transform our economies and culture. But technological progress is not reserved for the good guys. Digital dependency on a shared infrastructure invites the bad guys in as well.
Boris Balacheff, Chief Technologist for Security Research and Innovation at HP, describes the challenge: “The more machines, the more critical our cyber-security problem becomes. Increased attacker sophistication means devices are now attacked at the deepest levels, including firmware and embedded software. In this new threat landscape, we cannot just rely on manual human intervention. We have to change the paradigm.”
For Balacheff and many other experts, this means mapping out a smarter security game plan for the age of distributed devices. Traditional perimeter and software-centric endpoint security will not suffice. Their first line of defense: “self-healing” capabilities at the machine hardware level; not only to detect when they’re under attack, but also to shut off and restore the system to a clean working state without human intervention. Response must be quick, as breaches can now have massive economic, social and geo-political ramifications.
Daniel Dobrygowski, Head of Governance and Policy for the World Economic Forum Centre for Cybersecurity says, “Imagine a future where quantum computing – magnitudes faster than today’s machines – is used only by those who can build, buy, or steal the technology. The competitive advantage for the quantum-enabled companies and countries would be massive. They would have the ability to decide how and whether to share the upsides or launch sophisticated digital attacks not even imaginable today.”
For Balacheff, the only way to compete with attackers is to rethink their design. “We need to move from designing machines with simple protection mechanisms to designing devices with ‘cyber-resilience’ right from the beginning of the hardware and firmware design. This means building machines that can autonomously fight off a growing family of debilitating hardware and firmware attacks. It means engineering in new security architecture constructs for resilience at the device design level. We won’t be able to bolt it on after the fact.”
This means changing the historical architecture of the machine. Case in point: today, it typically takes months before a software compromise is detected. It’s then days or weeks (if at all) before a compromised machine can be stabilized. Self-healing machines give us a chance to fight emerging threats by being able to recover and update machines at scale, from the hardware up, without the wait.
Consider the human body: it’s not designed to squelch all attacks, but it can repair itself when damage occurs. Mechanical self-healing likewise aims to create a system that continually checks and optimizes its own state, and responds quickly to changing conditions. Self-healing machines can address threats that start at their own deepest levels, via behavioral analytics techniques that gauge how the machine should run compared to how it’s actually running. Spotting a suspiciously odd action or pattern triggers a signal to clean up the machine.
For twenty years, HP Labs has been reinventing computer security for the modern day. Its latest step in innovation brings design for cyber-resilience down to the hardware level. In PCs, HP designs machines with hardware-enforced security monitoring, detection and automatic secure device recovery with HP Sure Run and HP Sure Recover. HPs Enterprise printers integrate a four-part self-healing approach: HP Sure Start (checks the BIOS code and, if compromised, self-heals to a good state); whitelisting (authenticates firmware during startup to determine if it is running legit code); run-time intrusion detection (monitors memory activity continually to detect and stop attacks) and Connection Inspector (detects suspicious network behavior, a key signal of malware).
As cybercriminals continue to innovate, HP believes the industry will likewise need to continue reinventing device security. As attackers invest in new capabilities, like artificial intelligence, so too should the inventors of tomorrow’s device security architectures. The design of self-healing machines cannot just be reactive, responding to attacks that it detects. Instead, it must become proactive – machines must be designed to spot and fix their own flaws before someone else does. They’ll need to think ahead a few moves — a game of three-dimensional chess against intruders.
“In the age of smart cities, artificial intelligence, and mobile-first communities, the road to a successful digital future leads through security,” according to the World Economic Forum’s Global Centre for Cybersecurity and the UC Berkeley Center for Long Term Cybersecurity. “It will require trust and a concerted effort by law enforcement, the private sector, the public sector, and civil society. We hope to identify ways in which we can prepare and work together through public-private partnership to build a safer cyberspace.”
International governments and private industry will need to work cooperatively to meet the many challenges emerging at the intersection of innovation and security for the public good. Breakthroughs like 3D digital printing, personalized healthcare, or AI and machine learning hard-wired into ubiquitous devices all require a high level of security to assure the safety of our cyber-physical future.
The good news is that the effort and expense of self-healing machines will pay off across a broad range of use. They could reduce the load of supporting past products that still require security updates. They could detect signs of normal wear and tear early enough to predict coming malfunctions. In fact, some IoT devices are already connected to ultrasonic and vibration sensors, which lets a monitoring system elsewhere predict problems based on sound anomalies.
Self-healing machines may never be trusted to guard themselves — many companies will want a human in the loop — but they are an essential component of any plan. “We need to continue to reinvent the security of the machines that we will depend upon for years to come,” said Balacheff. “It’s our only way to win.”