Ransomware threat CRYPTXXX is now airborne, according to researchers at security firm Proofpoint, and is being sent out via a spam campaign to some effect.
Proofpoint explained in a blog post that CryptXXX is usually included alongside malware packages such as the Neutrino and Angler exploit kits.
“CryptXXX has rapidly grown into one of the most prevalent ransomware variants in the wild with widespread distribution via exploit kits such as Neutrino and Angler. As exploit kit traffic has declined (a 96 per cent decrease between April and June), though, particularly in the wake of Angler’s disappearance, threat actors normally reliant on exploit kits are diversifying and looking to other vectors like email,” said the firm.
“For the first time, Proofpoint researchers have observed CryptXXX ransomware being distributed via malicious document attachments in email campaigns. On July 14, Proofpoint researchers detected an email campaign with document attachments containing malicious macros. If opened, these attachments download and install CryptXXX ransomware.”
The security firm has provided an example of the type of email. It purports to be from a bank and includes an attached document that the recipient is urged to read. The attachment opens a document that claims to need more macros to display properly. Go for that, and the trouble starts.
“CryptXXX ransomware has propagated rapidly since appearing earlier this year. The ransomware was initially linked to groups associated with Angler and was distributed almost exclusively via Angler,” added the firm.
“As Angler activity dried up over this quarter, many actors turned to instances of the Neutrino exploit kit for distribution. Not surprisingly, with the disruption in the exploit kit market, it appears that CryptXXX actors are turning to email as well. We will continue to monitor this trend and see if malicious document-based distribution of CryptXXX expands in the coming months.”
There is perhaps some good news to report about ransomware, although it does rather fly in the face of advice suggesting that people should not pay ransom demands.
A study by Finnish security company F-Secure looked at five separate ransomware gangs and found that they were friendly, amicable to deal with and amenable on terms and payments.
“Crypto-ransomware criminals’ business model is, of course, encrypting your files and making you pay to have them decrypted so you can access them again. To help victims understand what has happened, and then navigate the unfamiliar process of paying in bitcoin, some [gangs] offer a ‘customer journey’ that could rival that of a legitimate small business,” F-Secure said.
“Websites that support several languages. Helpful FAQs. Convenient customer support forms so the victim can ask questions. And responsive customer service agents that quickly get back with replies.
“We think this is a pretty interesting paradox. Criminal nastiness, but on the other hand willingness to help ‘for your convenience’, as one [gang] put it.”
Ultimately, F-Secure urged people to prevent this happening to them and put in protective and preventive measures that can eliminate the threat. We think that there might be some software firms that can help consumers and businesses with this. F-Secure may be one of them.
The smartphone has a 6-in. screen and is available only through MetroPCS in the U.S. It weighs about 175 grams and is 8.9 millimeters thick.
It has some top-line features found in the latest smartphones, like a USB Type-C port. It also runs on the latest Android OS 6.0 code-named Marshmallow.
The Gorilla Glass 3 screen shows images at a full HD resolution. The handset has 32GB of internal storage and a micro-SD card for expandable storage. That’s a lot of storage for a handset under $100.
The handset is comparable to the new fourth-generation Moto G handset, which is now available unlocked on Amazon.com for $199.99 for a 16GB model. The Zmax Pro has a 13-megapixel rear camera and 5-megapixel front camera, along with an eight-core Snapdragon 617 processor, all of which are also packaged in the Moto G.
The ZTE phone also has a 3,400 milli-amp-hour battery, which provides about 25 hours of talk time and 400 hours of standby time. It also features a fingerprint reader, which isn’t commonly found in low-cost handsets.
However, the smartphone lacks some other features. It includes 802.11 b/g/n Wi-Fi, not the latest 802.11ac, which offers a wider range and faster speeds.
The smartphone succeeds last year’s ZMax 2, which sold for $149. The handset may be available unlocked and through other carriers in the future, but the company wasn’t ready to share details.
Canonical announced the security breach on Friday after being notified that someone claimed to have a copy of the UbuntuForums.org database. An investigation revealed that an attacker did get access to the website’s user records through a vulnerability.
The exploited SQL injection flaw was located in the Forum Runner add-on for vBulletin, commercial web forum software that powers over 100,000 community websites on the Internet and is especially popular with companies. The vulnerability was known, but the Canonical IT team had failed to apply the patch for it in a timely manner.
“The attacker had the ability to inject certain formatted SQL to the Forums database on the Forums database servers,” the team said in a blog post. “This gave them the ability to read from any table but we believe they only ever read from the ‘user’ table.”
The user table contained usernames, email addresses and Internet Protocol addresses for 2 million users. It did not contain valid user passwords, but hashed strings that were used for the Ubuntu Single Sign On service. These cannot be used as-is to access user accounts.
As a precautionary measure to ensure that no attacker code was left behind, Canonical temporarily took the website down, rebuilt its hosting servers from scratch, installed the most up-to-date version of vBulletin and reset all system and database passwords.
The company is certain that the attacker was not able to access any code repositories or update mechanisms, did not get write permissions to the Ubuntu Forums database, didn’t obtain shell access to any of the servers and was not able to mess around with any other Canonical or Ubuntu services.
The Winograd Schema Challenge is a competition intended to reward technologists who can build a system that understands the kind of ambiguous sentences humans come out with all the time, but which are simple for other humans, even stupid ones, to understand.
Get it right 90 per cent of the time and $25,000 is up for grabs. And with things like Apple’s Siri, Microsoft’s Cortana and Google Assistant, the Winograd Schema Challenge must surely be as good as obsolete by now.
The best two entrants at the event this week achieved correct scores only 48 per cent of the time, little better than randomly guessing the meaning of the sentences they were supposed to crack.
This is despite a decade of advances in the field of artificial intelligence (AI), which has barely shifted since the late 1950s, according to some.
The Challenge posed a series of ambiguously worded sentences to the entrants such as:
The trophy would not fit in the brown suitcase because it was too big (small). What was too big (small)?
The town councillors refused to give the demonstrators a permit because they feared (advocated) violence. Who feared (advocated) violence?
There is an ambiguity in the above examples, read literally, about what is too big (or small) and exactly who is fearing violence, although a semi-intelligent human should be able to work it out with ease.
The problem, according to Gary Marcus, a research psychologist at New York University, who acted as an advisor for the Challenge, is that computers lack common sense, and programming it into them is incredibly difficult.
Indeed, the MIT Technology Review said that most of the entrants in the Challenge used a combination of hand-coded grammatical understanding and a ‘knowledge base’ of facts. It still didn’t help much, though.
However, one of the two best-placed systems, led by Quan Liu, a researcher at the University of Science and Technology of China, together with researchers from York University in Montreal and the National Research Council of Canada, used neural network-based machine learning in a bid to train their computer to recognise the many different contexts in which words can be used.
Liu claimed that after fixing a problem in the AI, he was able to achieve a success rate closer to 60 per cent, which is still a long way from being able to go home with a cheque for $25,000.
The Challenge is deliberately designed to be different from the Turing Test, which tests only whether a human can be fooled into thinking that an AI program is human.
The trouble with this is that there are more than enough idiots who could be fooled into helping an AI system to pass that test. The language test, in contrast, provides a more objective test of genuine AI, argued Marcus.
The failure of the AI programs in the Challenge highlights how far chatbots and other supposedly revolutionary AI-based machines still have to go before humans can clock-off for the last time and leave running the planet to computers.
Some experts have claimed that its development will spark the next industrial revolution, while others, such as Apple co-founder and pontificator Steve Wozniak, suggest that we’ll be adopted as pets by robots.
Google, Microsoft and Facebook didn’t bother entering, perhaps because they feared outright humiliation. Maybe next year.
A report from financial analysts Seeking Alpha has issued guidance on the share price of Advanced Micro Devices (AMD) and said the company’s outlook is quite bright.
The report said that only 11 months back AMD was one of the most shorted stocks in the USA largely as a result of falling revenues and losses.
But, said Bill Maurer at Seeking Alpha, all that has completely changed now. Analysts think that AMD’s share price is currently overvalued.
It all hangs on how well AMD performs when it releases its earnings next week.
The introduction of the RX 480 was supposed to help out on revenues but there’s a question mark over how well it’s contributed to the bottom line.
On the bright side, the arrangement it had with Nantong Microelectronics terminated in the quarter and that ended up meaning a net cash bonus of over $320 million.
The share price currently stands at over $5. AMD’s biggest phone the processors based on Zen architecture are promised to start shipping later this year. This should have an effect on the stock value.
The burgeoning threat of hacking and the need to protect data more stringently will accelerate demand for cyber insurance in Europe, insurer Allianz said as it launched its first product aimed at Germany’s small-to-medium-sized manufacturers.
Cyber insurance has been slow to take off in Europe with fewer than one in 10 firms having taken out a policy, said Christopher Lohmann, head of the region Central and Eastern Europe at Allianz Global Corporate & Speciality (SGCS).
But he believes greater awareness among companies and new regulation, such as Germany’s I.T. security law which came into force last year and orders 2,000 providers of critical infrastructure to report serious breaches, will spur demand.
“There are many reasons to believe that cyber insurance will evolve into the fire insurance of the 21st century,” he said, adding a functioning IT system and secure data are critical to many businesses and their reputations.
Home to world champion manufacturers, Germany offers rich pickings for hackers, and attacks on industrial production sites are rising, according to the government’s latest IT Security Report.
Forty percent of German companies were affected by e-Crime over the past two years, according to a study by consultancy KPMG in 2015, an increase of 50 percent over 2013.
Germany’s small-to-medium-sized manufacturers, known as the Mittelstand and which form the backbone of its economy, are particularly vulnerable as they lack the big budgets for I.T spending.
The threat is growing as companies move to connect machinery to the Internet to enable it to collect and exchange data and make it easier to control remotely.
Despite this, cyber premiums in Germany were estimated to be worth only around $10 million last year. This compares with an estimated premium volume of $2.5 billion in the United States, according to Lohmann.
Peter Grass from the German Association of Insurers expects cyber insurance to become a matter of course for all companies whose business models depend on I.T.
“The development is relatively rapid – also because the public and politics are becoming ever more aware that this can be an economic problem,” he said.
The first cyber insurance policies were launched on the German market in 2011 and around 15 insurers are now active in the market. Other big players include Axa, Hiscox, Ergo (part of Munich Re) and Zurich Insurance.
Open Source’s Mr Sweary, Linus Torvalds has dubbed his fellow Linux kernel creators and “brain-damaged” because of their C++ style punctuation.
On one of the kernel news groups, Torvalds threw his toys out of the pram over “brain-damaged stupid networking comment syntax style.”
This is the sort of thing that miffs him.
/* This is a multi-line format.
It does not look bad to us, but Linus hates it becasue it is not balanced */
“If the networking people cannot handle the pure awesomeness that is a balanced and symmetric traditional multi-line C style comments, then instead of the disgusting unbalanced crap that you guys use now, please just go all the way to the C++ mode.”
That is fighting talk in the Linux community where people have been killed for less.
Torvalds writes that he wants comment styles have a certain visual symmetry and balance.” It would probably be fine, but for the fact that following an internet law which states that if any comments on grammar or spelling, their post will have at least one such mistake in it, Torvalds misspelt symmetry.
He said that “networking code picked *none* of the above sane formats… but picked these two models that are just half-arsed shit-for-brains.”
“I’m not even going to start talking about the people who prefer to ‘box in’ their comments, and line up both ends and have fancy boxes of stars around the whole thing,” he adds. “I’m sure that looks really nice if you are out of your mind on LSD, and have nothing better to do than to worry about the right alignment of the asterisks.”
Torvalds snarled that if people thought this comment punctuation was ok then it was time to “start moving the whole kernel over to the C++ style.”
For now, he writes “I really don’t understand why the networking people think that their particularly ugly styles are fine. They are the most visually unbalanced version of _all_ the common comment styles, and have no actual advantages.”
A malware threat dubbed Satana is your latest security worry, Kaspersky has warned, especially if you’re a Windows PC user.
The malware, once it gains access to a PC, encrypts files and corrupts the Windows Master Boot Record (MBR), which prevents computers booting the operating system.
Kaspersky said that Satana, which means Satan in Russian and led the firm to suggest that it may have Russian origins, is similar to the previously seen Petya ransomware.
“Satana behaves similarly [to Petya], for example injecting its own code into the MBR. However, whereas Petya encrypts the Master File Table, Satana encrypts the MBR. To encrypt PC files, Petya relied on the help of a tag-along trojan called Mischa; Satana manages both tasks on its own,” explained the firm.
Related: 6 of the biggest ransomware threats of 2016
Being ransomware, the malware’s purpose is to extort money, in this case bitcoins to the value of around £259, from owners of infected machines in exchange for the decryption key, which may or may not be forthcoming.
Kaspersky listed the types of files scanned for and encrypted by Satana as .bak, .doc, .jpg, .jpe, .txt, .tex, .dbf, .db, .xls, .cry, .xml, .vsd, .pdf, .csv, .bmp, .tif, .1cd, .tax, .gif, .gbr, .png, .mdb, .mdf, .sdf, .dwg, .dxf, .dgn, .stl, .gho, .v2i, .3ds, .ma, .ppt, .acc, .vpd, .odt, .ods, .rar, .zip, .7z, .cpp, .pas and .asm.
Satana also adds an email address to the beginning of filenames, which is the contact address that owners of infected machines can use to pay the hackers.
Kaspersky explained that it’s possible for advanced users to fix the MBR lock without needing to pay Satana’s creators.
“The good news is that it is possible to partially bypass the lock. With certain skills, the MBR can be fixed. Experts at The Windows Club blog produced detailed instructions on how to fix the MBR by using the OS restore feature in Windows.
“However, that feature is designed for experienced users who are comfortable working with the command prompt and the bootrec.exe utility; an ordinary user is not likely to nail this cumbersome method straight away and may not feel comfortable trying,” said Kaspersky.
However, this solves only part of the problem, and there is as yet no solution to the fact that most files on infected systems will be encrypted.
It’s been more than five years since The NPD Group said it would start including digital data in its monthly reports on the US video game business. In those five years, not only has digital grown, but publishers, analysts, press and more have all thrown shade at NPD, questioning the relevancy of a service that only offers physical sales data in an increasingly digital era. Today, NPD is finally taking that first step to offer a more complete picture of the entire games market as it’s unveiled its digital point-of-sale (POS) sourced service, tracking SKU-level sales data on digital games.
“Following several years of beta testing, the Digital Games Tracking Service will allow participating clients to understand the size and growth of the digital market, and analyze attach rates and other important metrics. Combined with physical data available by NPD, these clients can gain a better understanding of the interplay between the physical and digital sales channels,” the firm explained in a press statement.
“As has been experienced across a wide variety of industries, digital has made a big impact on the overall gaming market, and we’ve risen to meet the demand for a reporting mechanism that tracks those sales in a timely and accurate way,” said Joanne Hageman, President, U.S. Toys & Games, The NPD Group. “With the participation and support of leading publishers – whose cooperation makes this possible – we are excited to launch an industry-first service that addresses a long-standing need.”
The usual report on physical sales data will now be combined with digital sales data and issued on July 21 instead of July 14; it’s expected to follow that cadence (the third data Thursday of the month) moving forward. Initially, NPD has gained the support of major publishers like EA, Activision, Ubisoft, Capcom, Square Enix, Take-Two, Deep Silver and Warner Bros. There are notable exceptions, however, like Bethesda as well as first-party publishers like Microsoft, Sony and Nintendo, but NPD analyst Liam Callahan promised that more publishers would be signing on as the service evolves.
“This has been several years of beta testing and we’ve been doing this in partnership with publishers, shaping the product, encoding the data the way the industry wants to see it. It’s really at the behest of or on the behalf of the publishers that we’re moving forward with this announcement… Really the goal is to bring a new level of transparency never before seen, at least in the US market. This is really the first step. We recognize that there’s still a ways to go, we want more publishers to join, we want to be able to project for people who are not participating. It’s an evolution, it’s something that takes time and our philosophy was really to start – if we waited to have every publisher in the world to sign up it would take forever. We’ll be improving this as time goes on,” he said.
Importantly, NPD will notate next to game titles on the chart that do not include digital data. Callahan wants the service, which is being produced with the assistance of EEDAR, to ultimately be able to project data even for non-participants but NPD isn’t starting with that ability just yet. Instead, it’ll focus on tracking revenue from full-game downloads across Xbox Live, PlayStation Network and Steam. Services like Battle.net and Uplay won’t be included at this point.
“EEDAR is excited to be part of this initiative with NPD and the participating publishers. Tracked digital revenues have seen annual growth of over 100% each year since 2012. In 2016, we’ve already tracked more digital revenue than we saw in 2012 and 2013 combined. This initiative is a great milestone for the industry which will allow publishers to make better business decisions with a broader data set,” added EEDAR CEO Rob Liguori.
Add-on content like DLC and microtransactions will be tracked as well, but that data will only be released to participants, not the media and public. “We’re waiting until that’s a little more fully baked for us to roll that out to the media. We’re doing things in stages,” Callahan said.
It may be frustrating for the media to not have a granular breakdown at the SKU level to see what portion of a game’s sales are digital versus physical, but NPD anticipates more openness as the service evolves.
NPD communications chief David Riley commented, “This is a closed service, the detailed data is only available to participants so if you’re a non-participating publisher you cannot see the data. The fact that we’re allowed to go out with something for the media is a huge step in the right direction. I think as the service matures and as the publishers get used to it and we get more on board, we have more history, we do some benchmarking, we can provide that, but what we wanted to do for multiple reasons, including appeasing the publishers was to combine full-game physical with full-game digital, keep away from the DLC, keep PC games separate because that’s a whole different ball of wax. It’s not comprehensive, but it’s the most comprehensive, we’re the first in the market to track this and we’re sort of very cautious.”
He added, “I expect a good old slamming from the industry press because of the limitations here but what we don’t want to do is open ourselves up by separating it at this time. We’ve just opened the gates right now. Just as you’ve seen a withdrawal [of data] on the physical side – we used to give units – this is sort of going to be the reverse I’m hoping and we can provide more over time.”
Working with the publishers is great, but there are numerous digitally released titles from indies which make up a growing piece of the industry pie. Will the service grow to track those titles too? “Indies are a big part of the industry in terms of their innovation and I think when I talk about our projection methodology and assets at NPD, that is part of how we can track everything, not just for publishers, including indie games and everything that’s outside the panel right now,” Callahan said.
“Some of those smaller games are published through a publisher or first-party so there are ways to get some of those with our publisher-sourced methodology, and otherwise we’re approaching it with developing a robust projection methodology. That’s certainly part of our plan, we’re not going to ignore the indie piece.”
In our previous conversations with NPD, the firm had hinted at possibly working towards the goal of global digital reports. That’s not off the table, but it’s not a focus at the moment. “US is our core competency… our vision is to expand this as much as we can in a way that makes sense for our partners. If that’s global that may be what we pursue. But we also want to do the best job that we can in projecting for the market and recruiting as many publishers as we can,” Callahan concluded.
A Democratic U.S. senator requested the software developer behind Nintendo Co Ltd’s Pokemon GO to clarify the mobile game’s data privacy protections, amid concerns the augmented reality hit was unnecessarily collecting vast swaths of sensitive user data.
Senator Al Franken of Minnesota sent a letter to Niantic Chief Executive John Hanke asking what user data Pokemon GO collects, how the data is used and with what third party service providers that data may be shared.
The game, which marries Pokemon, the classic 20-year-old cartoon franchise, with augmented reality, allows players to walk around real-life neighborhoods while seeking virtual Pokemon game characters on their smartphone screens – a scavenger hunt that has earned enthusiastic early reviews.
Franken also asked Niantic to describe how it ensures parents give “meaningful consent” to a child’s use of the game and subsequent collection of his or her personal information.
“I am concerned about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users’ personal information without their appropriate consent,” Franken wrote.
“As the augmented reality market evolves, I ask that you provide greater clarity on how Niantic is addressing issues of user privacy and security, particularly that of its younger players,” he added.
Franken additionally asked Niantic to provide an update on a vulnerability detected on Monday by security researchers who found Pokemon GO players signing into the game via a Google account on an Apple iOS device unwittingly gave “full access permission” to the person’s Google account.
Pokemon GO on Tuesday released an updated version on iOS to reduce the number of data permissions it sought from Google account users.
Niantic did not immediately respond to a request for comment about Franken’s inquiry.
The company, spun off by Google last year, created the game in tandem with Pokemon Co, a third of which is owned by Nintendo.
The company has hired two security firms, UK-based BAE Systems and Fox-IT Security of the Netherlands, to help its customers strengthen their security, it said Monday.
SWIFT’s network itself has not been breached in the recent attacks, but bank systems connected to it have been hacked in a number of high-profile incidents over the last year, the most spectacular of which almost led to the loss of $1 billion from Bangladesh Bank.
BAE Systems knows SWIFT’s network well, having published independent reports on the recent attacks, in particular one against a bank in Vietnam. Intriguingly, it also found a link with the 2014 attack on Sony Pictures.
Since those attacks came to light, SWIFT has implemented a new security program for customers, in an effort to educate them that their security systems are just as crucial as its own in preventing the abuse of the SWIFT network to misappropriate their funds.
It is conducting forensic investigations at banks that have suffered SWIFT-related attacks, and is sharing the information, in anonymized form, with other banks. Among the information-sharing initiatives are catalogs of the malware involved in the attacks and of key “indicators of compromise” — think “Eight signs you’re having a heart attack” written for the IT department.
SWIFT has also set up a dedicated team to focus on forensics and customer security intelligence, which will work with the two new security firms hired.
It’s a move that helps add to the portfolio of Internet of Things services available through Microsoft’s cloud platform, at a time when the company is pushing its service for IoT applications. The announcement came during Microsoft’s Worldwide Partner Conference in Toronto, where GE CEO Jeff Immelt talked with Microsoft CEO Satya Nadella on stage.
Predix is a platform-as-a-service offering that’s designed for building applications that have industrial uses. Predix services that developers can tap into include asset management and anomaly detection offerings, among others.
The cloud deal is one part of a larger partnership between the two companies. Looking forward, Microsoft and GE plan to better integrate Predix into a variety of products including Azure’s IoT Suite and Cortana Analytics Suite. Predix’s integrations are also slated to expand to encompass productivity tools like Dynamics 365, Office 365 and Power BI.
The announcement joins a number of other Microsoft partnerships in the cloud software space. The company is also working with a wide variety of other service providers including SAP and Red Hat.
In addition to announcing the partnership, Immelt offered some words of wisdom for businesses currently undergoing a digital transformation like the one GE faced, especially in the industrial sector. In his view, companies need to be more aggressive about digitizing their businesses or face getting left behind as the world transforms.
“My belief [is that] we’re in a line of demarcation for industrial companies,” Immelt said. “There’s a past, and there’s going to be a future. And the future is really going to be derived on who digitizes the fastest.”
The limited testing on Messenger, which has more than 900 million users, comes three months after Facebook rolled out end-to-end encryption to its more popular WhatsApp, a messaging application with over 1 billion users that it acquired in October 2014.
The move comes amid widespread global debate over the extent to which technology companies should help law enforcement snoop on digital communications.
End-to-end encryption is also offered on Apple Inc’s iMessage platform as well as apps including LINE, Signal, Viber, Telegram and Wickr.
Facebook Messenger uses the same encryption technology as WhatsApp, which uses a protocol known as Signal that was developed by privately held Open Whisper Systems.
“It seems well designed,” said Matthew Green, a Johns Hopkins University cryptologist who helped review an early version of the protocol for Facebook.
While WhatsApp messages are encrypted by default, Facebook Messenger users must turn on the feature to get the extra additional security protection, which scrambles communications so they can only be read on devices at either end of a conversation.
Facebook said that it was requiring users to opt in to encryption because the extra security is not compatible with some widely used Messenger features.
“Many people want Messenger to work when you switch between devices, such as a tablet, desktop computer or phone,” the company said in an announcement on its website. “Secret conversations can only be read on one device and we recognize that experience may not be right for everyone.”
Facebook also said that Messenger users cannot send videos or make payments in encrypted conversations.
Android 7.0 Nougat will have added security to prevent malware, especially ransomware, resetting passwords and locking owners out of their device.
The long overdue security measure comes after the Android platform was invaded by a wave of ransomware, particularly Android.Lockdroid.E and its variants, in late 2015.
Dinesh Venkatesan, a principal threat analysis engineer at Symantec, said in a Security Response blog post: “These variants scare victims with a system error GUI and then reset the lockscreen password used to access the device.
“Even users who manage to remove the malware without resetting the device may be unable to use the phone because they won’t be able to get around the password the malware sets.”
The malware can reset a PIN or pattern-style password in Android by invoking the resetPassword API.
“In order to invoke this method, the calling application must be a device administrator,” explained Venkatesan.
“The upcoming Android version … will introduce a condition so that the invocation of the resetPassword API can only be used to set the password and not to reset the password.”
This ensures that malware cannot reset the lockscreen password, as the change is strictly enforced and there is no backward compatibility escape route for the threat.
“Backward compatibility would have allowed malware to reset the lockscreen password even on newer Android versions. With this change, there is no way for the malware to reset the lockscreen password on Android Nougat,” Venkatesan said.
However, the measure won’t protect people who have not set a password, and who therefore deserve everything they get.
Venkatesan concluded: “The new feature will also affect standalone disinfection utilities, which also depend on the resetPassword() API. A disinfector utility is an automated tool designed to help users whose devices are infected with malware.
“The disinfector should clean the malware [and] reset the arbitrary password set by the threat during its infection routine.
“Before Android Nougat, the disinfector calls the resetPassword() API to achieve this functionality. However, with Android Nougat’s new restrictions, the disinfector’s ability to call that API is bound to fail.”
Sony is over the hump. That’s the message that the company wanted investors and market watchers to understand from its presentations earlier this week. Though it expressed it in rather more finessed terms, the core of what Sony wanted to say was that the really hard part is over. Four years after Kaz Hirai took over the corporation; the transition – a grinding, grating process that involved thousands of job losses, the sale or shuttering of entire business units and protracted battles with the firm’s old guard – is over. The restructuring is done. Now it’s time for each business unit to knuckle down and focus on profitability.
It’s not all sunshine and rainbows, of course; even as Hirai was essentially declaring “Mission Complete” on Sony’s seemingly never-ending restructuring, the company noted that it’s expecting sales in its devices division (largely focused on selling Xperia smartphones) to decline this year, and there are concerns over soft demand for products from the imaging department, which provides the camera components for Apple’s iPhones among others. Overall, though, Sony is in a healthier condition than it’s been in for a long time – and it owes much of that robust health to PlayStation, with the games and network services division’s revenue targets rising by enough to make up for any weakness in other divisions.
When Hirai took over Sony, becoming the first person to complete the leap from running PlayStation to running Sony itself (Ken Kutaragi had long been expected to do so, but dropped the ball badly with PS3 and missed his opportunity as a consequence), it was widely expected that he’d make PlayStation into the core supporting pillar of a restructured Sony. That’s precisely what’s happened – but even Hirai, surely, couldn’t have anticipated the success of the PS4, which has shaved years off the firm’s financial recovery and given it an enviable hit platform exactly when it needed one most.
Looking into the detail of this week’s announcements, there was little that we didn’t already know in terms of actual product, but a lot to be read between the lines in terms of broad strategy. For a start, the extent of PlayStation’s role as the company’s “pillar” is becoming ever clearer. Aside from its importance in financial terms, Sony clearly sees PS4 as being a launchpad for other devices and services. PlayStation VR is the most obvious of those; it will start its lifespan as an added extra being sold to the PS4′s 40 million-odd customer base, and eventually, Sony hopes, will become a driver for additional PS4 sales in its own right. The same virtuous circle effect is hoped for PlayStation Vue, the TV service aimed at PlayStation-owning “cable cutters”, which has surpassed 100,000 subscribers and is said to be rapidly growing since its full-scale launch back in March.
Essentially, this means that two major Sony launches – its first major foray into VR and its first major foray into subscriber TV – are being treated as “PlayStation-first” launches. The company is also talking up non-gaming applications for PSVR, which it sees as a major factor from quite early on in the life cycle of the device, and is rolling out PlayStation Vue clients for other platforms – but it’s still very notable that PlayStation customers are being treated as the ultimate early adopter market for Sony’s new services and products.
To some degree, that explains the company’s desire to get PS4 Neo onto the market – though I maintain that a cross-department effort to boost sales of 4K TVs is also a key driving force there. In a wider sense, though, Neo is designed to make sure that the platform upon which so much of Sony’s future – games, network services, television, VR – is being based doesn’t risk all of those initiatives by falling behind the technology curve. Neo is, of course, a far less dramatic upgrade than Microsoft’s Scorpio; but that’s precisely because Sony has so much of its corporate strategy riding on PS4, while Microsoft, bluntly, has so little riding on Xbox One. Sony needs to keep its installed base happy while encouraging newcomers to buy into the platform in the knowledge that it’s reasonably up-to-date and future proof. Microsoft can afford to be rather more experimental and even reckless in its efforts to leapfrog the competition.
Perhaps the most impressive aspect of Sony’s manoeuvring thus far is that the company has managed to position the PlayStation as the foundation of such grand plans without making the mistake Microsoft made with the original Xbox One unveiling – ignoring games to the extent that the core audience questioned whether they were still the focus. PSVR is clearly designed for far more than just games, but the early focus on games has brought gamers along for every step of the journey. PlayStation Vue, though a major initiative for Sony as a whole, is a nice extra for PlayStation owners, not something that seems to dilute the brand and its focus. On the whole, there’s no sign that PlayStation’s new role at the heart of Sony is making its core, gaming audience love it any less.
On the contrary; if PlayStation Plus subscriptions are any measure, PlayStation owners seem a pretty happy bunch. Subscriptions topped 20 million recently, according to the firm’s presentation this week, which means that over 50% of PS4′s installed base is now paying a recurring subscription fee to Sony. PlayStation Plus is relatively cheap, but that’s still a pretty big chunk of cash once you add it up – it equates to an additional three or four games in the consoles attach ratio over its lifetime, which is nothing to be sniffed at, and will likely increase the profitability of the console by quite a few percentage points. In Andrew House’s segment of this week’s presentation, he noted that the division is shifting from a packaged model towards a recurring payments model; PlayStation Plus is only one step on that journey and it’s extremely unlikely that the packaged model (be it digital or a physical package) will go away any time soon, but it does suggest a future vision in which a bundle of subscriptions – for games, TV, VR content and perhaps others – makes up the core of many customers’ transactions with Sony.
That the truly painful part of Sony’s transition is over is to be celebrated – a healthy Sony is a very good thing for the games business, and we should all be hoping Nintendo gets back on its feet soon too. The task of the company, however, isn’t necessarily about to get any easier. PS4′s extraordinary success needs to be sustained and grown, and while early signs are good, the whole idea of using PlayStation as a launchpad for Sony’s other businesses remains an unproven model with a shaky track record (anyone remember the ill-fated PSX, a chunky white PVR with a PS2 built into it that was supposed to usher in an era of PlayStation-powered Sony consumer electronics?). But with supportive leadership, strong signs of cooperation from other parts of the company (the first-party Spiderman game unveiled at E3 is exactly the kind of thing the relationship between PlayStation and Sony Pictures should have been yielding for decades) and a pipeline of games that should keep fans delighted along the way, PlayStation is in the strongest place it’s been for over a decade.