The SWIFT secure messaging service that underpins international banking announced that it will launch a new security program as it fights to rebuild its reputation in the wake of the Bangladesh Bank heist.
The Society for Worldwide Interbank Financial Telecommunication (SWIFT)’s chief executive, Gottfried Leibbrandt, told a financial services conference in Brussels that SWIFT will launch a five-point plan later this week.
Banks send payment instructions to one another via SWIFT messages. In February, thieves hacked into the SWIFT system of the Bangladesh central bank, sending messages to the Federal Reserve Bank of New York allowing them to steal $81 million.
The attack follows a similar but little-noticed theft from Banco del Austro in Ecuador last year that netted thieves more than $12 million, and a previously undisclosed attack on Vietnam’s Tien Phong Bank that was not successful.
The crimes have dented the banking industry’s faith in SWIFT, a Belgium-based co-operative owned by its users.
The Bangladesh Bank hack was a “watershed event for the banking industry”, Leibbrandt said.
“There will be a before and an after Bangladesh. The Bangladesh fraud is not an isolated incident … this is a big deal. And it gets to the heart of banking.”
SWIFT wants banks to “drastically” improve information sharing, to toughen up security procedures around SWIFT and to increase their use of software that could spot fraudulent payments.
SWIFT will also provide tighter guidelines that auditors and regulators can use to assess whether banks’ SWIFT security procedures are good enough.
Leibbrandt again defended SWIFT’s role, saying the hacks happened primarily because of failures at users. “Many of the less protected banks are in countries were skills are really scarce,” he said, pointing the finger at providers of services to banks.
“We will have to create an ecosystem of providers and partners, for example by introducing certification requirements for third-party providers,” he said.
The SWIFT network itself is still secure, it insisted in a letter to banks and financial institutions. However, some of its customers have suffered security breaches in their own infrastructure, allowing attackers to fraudulently authorize transactions and send them over the SWIFT network, it said.
That’s the best explanation so far for how authenticated instructions were sent from Bangladesh Bank to the U.S. Federal Reserve Bank of New York over the SWIFT network, ordering the transfer of almost $1 billion. The Fed transferred around $101 million of that before identifying an anomaly in one of the instructions. Only $20 million of that has so far been recovered.
“While customers are responsible for the security of their own environment, security is our top priority and as an industry-owned cooperative we are committed to helping our customers fight against cyber-attacks,” SWIFT said in the letter.
SWIFT wants its customers to come forward with information about other fraudulent transfers made using their SWIFT credentials, to help it build a picture of how the attackers are working.
It’s making more than a polite request: It reminded its customers that they have an obligation to provide such information under the terms of their contract, and also to help SWIFT identify, investigate and resolve problems, including by providing diagnostic information following an incident.
SWIFT promised its customers it would share new information about malware or other indicators of compromised systems. It said it would add such information to a restricted section of its website, tacking it onto knowledge base tip number 5020928, “Modus Operandi related to breaches in customer’s environment.”
Orcs Must Die! Studio Robot Entertainment is a rare breed nowadays – in an age where you’re either indie or AAA, the Plano, Texas-based company (one of several Texas developers that rose from the ashes of Age of Empires studio Ensemble) has managed to succeed as a mid-sized outfit. When Robot was formed in 2009, the company operated on a small scale, but things really changed when it landed a major investment from Chinese media giant Tencent in 2014. That enabled Robot to scale up and to benefit from Tencent’s knowledge at the same time.
“We made the first Orcs Must Die! as a semi-indie studio. We were about 40-45 people. We’re about twice that size now. And we were able to do Orcs Must Die! and Orcs Must Die! 2 with that. We kind of kept following the franchise and following what the fans were asking for in that game and we knew the next version was going to be bigger. We had to make a strategic decision – were we going to stay small and try to do another small version of that game or did we want to be ambitious and try to do something a little bit bigger? And that was going to necessitate a different type of arrangement for us to find financing. Because, you know, just selling a $15 or $20 game on Steam over and over is tough to support a studio to make a bigger game,” Robot CEO Patrick Hudson told GamesIndustry.biz.
“We also did some licensing deals for this game. As an online game, we didn’t necessarily have an ambition of setting up a European publishing office or an Asian publishing office. So we went to Europe and we partnered up with GameForge and licensed the rights for them to publish the game for us. And that comes with some advances and license fees, which help us make the game. We did the same thing with Tencent in China and that led to an investment. So we are in that mid-space. I think you’re right that there are fewer people in that space right now. It would probably be harder for us to stay in that space if we didn’t have really strong partnerships with folks like GameForge and Tencent.”
Investments and partnerships can clearly make a difference to any game company, but it’s also easy to mismanage a studio’s growth. Before you know it, one department doesn’t know what the other is doing, and things spiral out of control.
“It’s all in how you manage it. You’re either afraid of that growth or you embrace it, put a process and structure in place to allow for that. There’s no question we have to run our studio differently at 90 people than we did at 45. There’s more structure in place, there are more layers of leadership to help the project along. We’ve done a decent job of managing the growth… We went through the same kind of growth curve at Ensemble and we actually spent a lot of time talking about what went well, what didn’t go well, ‘What did we learn from that experience that we could have managed the growth better, how do we apply that to Robot?’ So we try to be a little bit smarter about that. Talking to other friendly studios [helps also] – ‘Hey, what did you guys do through this kind of growth? What pains did you experience? What did you learn?’ So we’ll grow as much as it takes to support Orcs Must Die! or as little to support it,” Hudson continued.
While everyone was devastated when Microsoft seemingly shut down a successful Ensemble Studios for no good reason, Hudson takes it as a learning experience.
In Ensemble’s case, Hudson discovered that scale ultimately held back some of its better talent. “Age of Empires attracted a lot of really good game talent to the studio, either people who were starting fresh in the games industry and learned how to make great games inside of Ensemble or we recruited really talented people to Dallas to work on the Empires franchise and, ultimately, Halo Wars. So we had just a tremendous amount of pent up talent in what was not a huge studio. At its peak it was 120 people. So it was very densely populated with talent. When you’re a studio that size, you have a lead structure within each department, but not everybody gets a chance to take those leadership positions and do their own games. Once Ensemble went away, you saw all these talented people go off in different places and show what they were capable of,” he remarked.
Working at Ensemble instilled a certain level of dedication to quality in all the developers who worked there too. “We held ourselves to a really high standard of making games that everyone took with them to their next places. I would say, in addition to that… all of us worked for another six years for Microsoft post-acquisition, so we got to learn the industry as both indie developers and inside a publisher. We got to learn the entire space, how the whole ecosystem is close to the publishing side. So that was a very valuable experience that maybe a lot of other devs don’t get,” Hudson said.
There’s no animosity or regret about Ensemble either, as far as Hudson is concerned: “Six years is a long time to be with a company post-acquisition. It was actually, for the most part, six good years. Microsoft treated us well. I think we worked well with the people we worked with at Microsoft. You do see some [studios] that get acquired and they’re gone within a year or two. We didn’t have that experience. I kind of view six years as a nice success.”
Perhaps the greatest lesson that Hudson and Robot have learned, even before the rise of Kickstarter and Steam Early Access, is that listening and responding to a vibrant community is critical. Discoverability has become a nuisance to deal with, and you need the fans behind you in order to succeed. If you have expectations that a platform holder will feature you, your marketing strategy needs an overhaul.
“As some of those previous PC developers that came into mobile are now migrating back to PC, discoverability on PC has become not quite as bad as mobile, but it’s not easy. There’s a lot of content on Steam now. There’s no easy space. Games is more competitive and a harder business than it’s probably ever been. There’s just a lot of great developers out there making a lot of great content and there’s just no barriers to putting your content out there to players, and players move quickly from game to game. They’re going to seek the best content,” Hudson noted.
He continued, “When I talk to the Valve or Apple or Google folks, they know the problem. They see it. But it’s an almost impossible problem to solve… Everyone wants to be featured, right? It’s funny, when you talk to a new mobile developer and be like, ‘Hey, we’re gonna make this great game. We’re gonna be featured.’ Probably not. You’re probably not going to be featured. Unless you’re doing something really cool and innovative and very different that really shows off the platform.
“They all have different programs to try and help you get noticed but you can’t make that the core of your strategy. It’s really up to you to make a great game. If you don’t have a marketing budget to cultivate a community, start with a small community, really cultivate it and listen to them and speak to them and let them organically grow. It’s not the platform holder’s job to make it successful.”
Beyond building a robust community, selecting the right business model for your game is crucial. While free-to-play is almost the default option in today’s market, Hudson said that premium games are coming back too.
“We really do think of it as a case-by-case. There are interesting trends in the market where you’re seeing paid games come back in certain areas – even in China where we’re seeing an uptick in paid games, customers in China buying paid games. [That's] never happened before. So it’s really going to depend on the game, the needs of the game,” he commented.
For Orcs Must Die! Unchained, which just entered an open beta about a month ago, free-to-play just made sense for Robot, as it’s a big multiplayer MOBA-style tower defense game; Robot wants as many people online for matchmaking as possible. Hudson and Robot have tried free-to-play before with Hero Academy in 2012, but he fully admitted, “We made a ton of mistakes, we didn’t really know what we were doing. It was a very successful game critically. It probably should’ve been a little more successful for us commercially, but we learned those lessons and hopefully we’re applying some of those.
“[Unchained] will be our first big free-to-play PC title. And we get a lot out of our partners too. GameForge has been operating free-to-play titles forever. Tencent has been operating free-to-play titles forever and we really lean on their expertise and we ask them to be involved with us as we design the game. The nice thing about both of those partners is… monetization follows. They start with making a great game, get the players around, keep the players around, [and then] hopefully they’ll pay you down the road. But don’t solve for money up front. So we’ll see. This will be our first foray into it. We’ll make a few more mistakes I’m sure but hopefully we learn quickly.”
Right now Robot remains 100 percent committed to Orcs Must Die! and the studio is bringing the game to PS4 later this year, but that doesn’t mean it expects to be pigeonholed with that one franchise. Hudson said that Robot continues to brainstorm new IP ideas, but nothing has made it too far along in development to warrant a release. “We’ll definitely do a new IP again. We started a couple of prototypes in the past few years that haven’t panned out. It happens all the time, right?” he said, adding that the company also remains interested in mobile but is “very cautious.”
“I think what’s interesting about mobile over the last couple of years is how non-dynamic the market is as far as the top games. The games that have lived in the top charts have been there now for 2 or 3 years. They get there and they stay there and they’re really good at staying there and it’s hard to break in and become the new thing. There are some good case studies for that. Certainly not nearly as many as there are on PC,” he said.
Hudson on VR
Likewise, virtual reality, although enticing, is just too risky for a studio like Robot, Hudson noted.
“It comes back to a company our size and where we sit. For us to overinvest in a market where it’s hard to know what the growth curve is going to be would be pretty risky at our size. We can’t afford to be wrong on something this new and this different… We love the options it provides for new and compelling experiences in games. We’ve brainstormed plenty of ideas for Orcs Must Die! in VR and we’ve got some pretty good ones, but it’ll be a while before we seriously invest in it,” he said.
Hudson joked that Robot is “living vicariously” though a couple of ex-Ensemble studios in Dallas that are working on VR now.
A conservative and cautious approach is probably one of the reasons Robot has managed to survive in an increasingly challenging environment. Even for eSports – an area of the industry that Orcs Must Die! clearly could excel in – Hudson isn’t jumping in headfirst.
That being said, Hudson is definitely optimistic about eSports as a sector. “I think it’s going to become an increasingly large aspect of the industry. And there will be the games that work and the games that don’t work for it. There will be a lot of companies chasing it and probably crash on the rocks trying to get there, but it’s going to continue to grow. I think you’ll see it across platforms too. I think you’ll continue to see eSports be popular in mobile. It’ll continue to grow there. You think of it as a PC thing now but it’s not. I think it’s going to encompass all aspects of games,” he said.
The announcement was posted on a dark market website called TheRealDeal by a user who wants 5 bitcoins, or around $2,200, for the data set that supposedly contains user IDs, email addresses and SHA1 password hashes for 167,370,940 users.
According to the sale ad, the dump does not cover LinkedIn’s complete database. Indeed, LinkedIn claims on its website to have more than 433 million registered members.
Troy Hunt, the creator of Have I been pwned?, a website that lets users check if they were affected by known data breaches, said it’s highly likely for the leak to be legitimate. He had access to around 1 million records from the data set.
“I’ve seen a subset of the data and verified that it’s legit,” Hunt said.
LinkedIn suffered a data breach back in 2012, which resulted in 6.5 million user records and password hashes being posted online. It’s highly possible that the 2012 breach was actually larger than previously thought and that the rest of the stolen data is surfacing now.
LinkedIn did not immediately respond to a request for comment.
Attempts to contact the seller failed, but the administrators of LeakedSource, a data leak indexing website, claim to also have a copy of the data set and they believe that the records originate from the 2012 LinkedIn breach.
When the 6.5 million LinkedIn password hashes were leaked in 2012, hackers managed to crack over 60 percent of them. The same thing is likely true for the new 117 million hashes, so they cannot be considered safe.
Worse still, it’s very likely that many LinkedIn users that were affected by this leak haven’t changed their passwords since 2012. Hunt was able to verify that for at least one HIBP subscriber whose email address and password hash was in the new data set that is now up for sale.
Many people affected by this breach are also likely to have reused their passwords in multiple places on the Web, Hunt said via email.
Alphabet’s Google Inc introduced us to its answer to Amazon’s Alexa virtual assistant along with new messaging and virtual reality products at its annual I/O developer conference on Wednesday, doubling down on artificial intelligence and machine learning as the keys to its future.
Google Chief Executive Sundar Pichai introduced Google Assistant, a virtual personal assistant, along with the tabletop speaker appliance Google Home.
He also unveiled Allo, a new messaging service that will compete with Facebook’s WhatsApp and Messenger products and feature a chatbot powered by the Google Assistant. Allo, like WhatsApp, will also have end-to-end encryption when it is rolled out this summer.
Amazon’s Echo, a surprise hit that has other tech giants racing to match it, uses a virtual assistant called Alexa, a cloud-based system that controls the Echo speaker and responds to voice-controlled commands by users.
Like Alexa, Google Assistant can search the internet and adjust your schedule. However, Pichai said Google Assistant can use images and other information to provide more intuitive results.
“You can be in front of this structure in Chicago and ask Google who designed this and it will understand in this context that the name of that designer is Anish Kapoor,” said Pichai, pointing toward a photo of Chicago’s Cloud Gate sculpture.
For Google Home, the Google Assistant merges with Chromecast and smart home devices to control televisions, thermostats and other products. Google did not offer a specific release date or pricing for Google Home, saying only that it will be available later this year.
The ever shrinking Biggish Blue is working on a cheaper alternative to DRAM by making it denser.
Dubbed phase-change memory (PCM) the technology could give enterprises and consumers faster access to data at lower cost. IBM says it’s achieved a density rating of three bits on each cell, which is 50 percent more than the company showed off in 2011 with a two-bit form of PCM. The denser the RAM is the more capacity can be squeezed out of the pricey tech.
PCM works by changing a glass-like substance from an amorphous to a crystalline form using an electrical charge. Like NAND flash, it keeps storing data when a device is turned off. PCM responds to data requests faster than flash: In less than one microsecond, compared with 70 microseconds.
It also lasts longer than flash, to at least 10 million write cycles versus about 3,000 cycles for an average flash USB stick.
Three-bit PCM could find its niche as a faster tier of storage within arrays, including all-flash arrays, so the most-used data gets to applications faster. It could also take the place of a lot of the DRAM in systems, cutting the cost of technologies like in-memory databases.
IBM said that a customer who stores their OS on three-bit PCM would have their phone up and running a few seconds.
Three-bit PCM needs the backing of a chip maker. IBM wants it for its Power architecture, but that will make it less popular.
Biggish Blue isn’t predicting when three-bit PCM will be in mass-market systems, partly because the company doesn’t make memory and will have to find a partner. It might take two to three years for large-scale availability, the company said.
Fundamental research leading towards faster wireless networks, secure low-power technologies for the Internet of Things, and even 3D displays will be the focus of Intel’s collaboration with the French Alternative Energies and Atomic Energy Commission (CEA).
Intel and the CEA already work together in the field of high-performance computing, and a new agreement signed Thursday will see Intel fund work at the CEA’s Laboratory for Electronics and Information Technology (LETI) over the next five years, according to Rajeeb Hazra, vice president of Intel’s data center group.
The CEA was founded in 1945 to develop civil and military uses of nuclear power. Its work with Intel began soon after it ceased its atmospheric and underground nuclear weapons test programs, as it turned to computer modeling to continue its weapons research, CEA managing director Daniel Verwaerde said Thursday.
That effort continues, but the organization’s research interests today are more wide-ranging, encompassing materials science, climate, health, renewable energy, security and electronics.
These last two areas will be at the heart of the new research collaboration, which will see scientists at LETI exchanging information with those at Intel.
Both parties dodged questions about who will have the commercial rights to the fruits of their research, but each said it had protected its rights. The deal took a year to negotiate.
“It’s a balanced agreement,” said Stéphane Siebert, director of CEA Technology, the division of which LETI is a part.
Who owns what from the five-year research collaboration may become a thorny issue, for French taxpayers and Intel shareholders alike, as it will be many years before it becomes clear which technologies or patents are important.
Hazra emphasized the extent to which Intel is dependent on researchers outside the U.S. The company has over 50 laboratories in Europe, four of them specifically pursuing so-called exa-scale computing, systems capable of billions of billions of calculations per second.
On April 30, the House’s Technology Service Desk informed users about an increase in ransomware-related emails on third-party email services like Yahoo Mail and Gmail.
“The House Information Security Office is taking a number of steps to address this specific attack,” the Technology Service Desk said in an email obtained and published by Gizmodo. “As part of that effort, we will be blocking access to Yahoo Mail on the House Network until further notice.”
The ban on Yahoo Mail access suggests that some House of Representatives workers accessed Yahoo mailboxes from their work computers. This raises questions: Are House workers using Yahoo Mail for official business, and, if they’re not, are they allowed to check their private email accounts on work devices?
If they use the same devices for both personal and work activities, one would hope that there are access controls in place to separate the work and personal data. Otherwise, if they are allowed to take those devices outside of the House’s network, they could just as easily become infected there, where the ban is not in effect.
“The recent attacks have focused on using .js files attached as ZIP files to e-mail that appear to come from known senders,” the House’s Technology Service Desk said. “The primary focus appears to be through Yahoo Mail at this time.”
The House Information Security Office also banned access to appspot.com, the domain name used by applications hosted on the Google App Engine platform, Reuters reported.
A new strain of malware dubbed ‘Viking Horde’ has potentially infected hundreds of thousands of Android devices by masquerading as popular apps in Google Play.
Viking Horde was uncovered by the security team at Check Point and reported to Google on 5 May. The malware is viewed as particularly dangerous because it can target rooted and non-rooted devices.
However, rooted devices are the most at risk, as this allows the malware to download additional components that make it almost impossible to remove.
“On rooted devices, Viking Horde delivers additional malware payloads that can execute any code remotely,” the security firm said. “It also takes advantage of root access privileges to make itself difficult or even impossible to remove manually.”
Once a user has installed an app containing the Viking Horde malware, the infected device joins a botnet, or network controlled by the attacker, without the owner knowing. The bots are used by the hacker for advertising clicks to generate income.
“The malware’s primary objective is to hijack a device and then use it to simulate clicks on advertisements in websites to accumulate profit,” Check Point said.
Users’ personal information is also at risk given that the app has access to all parts of a device that it infects, while some user reviews claim that the app also sends premium text messages, which could be used for DDoS attacks, spamming and delivering malware.
“SCAM!!! COSTS ME £4.50 THE GAME WAS ASKING FOR ROOT ACCESS which was suspicious then asks for sms permissions then sent a message that costs £4.50 then deletes it to cover it up,” said one user review on Google Play.
The malware has been found inside five apps in the Google Play store: Viking Jump, Parrot Copter, WiFi Plus, Memory Booster and Simple 2048. Viking Jump, the most popular of the apps with between 50,000 and 100,000 downloads, can still be found in the app store, although the others have been removed.
Check Point said that most of those who downloaded Viking Horde-infected apps are in Russia, Spain, Lebanon, Mexico and the US.
Viking Horde isn’t the only threat plaguing Android users at present. It was revealed last week that users of Snapdragon-powered smartphones are at risk from a “undetectable” Qualcomm software flaw that leaves text messages and call histories open to hackers.
Steam saved PC gaming. As retailers aggressively reduced the shelf space afforded to PC titles – blaming piracy, but equally motivated, no doubt, by the proliferation of MMO and other online titles which had little or no resale value – Valve took matters into its own hands and delivered on the long-empty promises of digital distribution. It was a bumpy ride at first, but the service Valve created ushered in a new and exciting era for games on the PC. Freed from the shackles of traditional publishing and retail, it’s become a thriving platform that teems with creativity and experimentation. Steam still isn’t all things to all people, but it saved PC gaming.
Sometimes, though, you look at Steam and wonder if PC gaming was worth saving. All too often, browsing through Steam to look for interesting things to try out leaves you feeling not so much that you want to close the application in disgust, but that you’d like to set the whole damned thing on fire. The reason isn’t usability, or bugginess, or anything like that – Steam has its issues, but by and large it’s a solid piece of technology – but rather the “community” that Valve has allowed to thrive on its platform. On a platform that aims to expose and promote great games from newcomers and relatively unknown indies, community feedback, reviews and recommendations are vital components, but a legacy of poor and deeply misguided decision making from Valve has meant that engaging with those aspects of Steam can all too often feel like swimming through hot sewerage.
The problem is this; Steam is almost entirely unmoderated, and Valve makes pretty much zero effort to reign in any behaviour on its platform that isn’t outright illegal. As a consequence, it’s open season for the worst behaviours and tactics of the Internet’s reactionary malcontents – the weapon of choice being brigading, whereby huge numbers of users from one of the Internet’s cesspits are sent to downvote, post terrible reviews or simply fill content pages with bile. Targets are chosen for daring to include content that doesn’t please the reactionary hordes, or for being made by a developer who once said a vaguely liberal thing on Twitter, or – of course – for being made by a woman, or for whatever other thing simply doesn’t please the trolls on any given day. The reviews on almost any game on Steam will often contain some pretty choice language and viewpoints, but hitting upon a game that’s been targeted for brigading is like running headlong into a wall of pure, frothing hatred.
Of course, Steam’s not the worst of it in most regards; the places that spawn these brigades in the first place, places like Reddit and 4chan, are far, far worse, and concoct many other malicious ways to hurt and harass their targets. That Steam permits this behaviour on an ongoing basis is, however, a huge problem – not least because Steam is a commercial platform, and provides harassers and trolls with an opportunity to directly damage the income of the developers they target.
It’s not that Valve doesn’t care about the quality of its platform. Just this week, it implemented a new feature allowing customers to see scores from recent reviews, rather than overall scores, so you can get a sense of how a game has changed since its original launch. It’s a good, pretty well considered feature. Yet its arrival really just highlights how little Valve seems to care that its storefront is being used as a tool by harassers, and filled up on a regular basis with vicious, abusive reviews and comments that no customer wants to be confronted with when browsing. Sure, traditional retail may have been hanging PC gaming out to dry all those years ago, but at least I’m reasonably sure that most traditional retail stores would have kicked out anyone who ran into their store and started screaming obscenities in the face of the first girl they saw.
“traditional retail may have been hanging PC gaming out to dry all those years ago, but at least I’m reasonably sure that most traditional retail stores would have kicked out anyone who ran into their store and started screaming obscenities in the face of the first girl they saw”
And look – I get that community moderation is hard. It’s really hard. Much harder than throwing in a quick algorithm to compute review scores from recent reviews only, which is why that got tackled first; but harassment and brigading isn’t a new problem on Steam, or on the Internet in general, and there are only so many times that you can claim to simply be picking low-hanging fruit before someone points out that you haven’t even brought a ladder to the orchard. You’re not even trying. You don’t even want to try. I stated earlier on that Steam ended up this way because of bad decision making down the years, and this is what I meant; there has never been a sense that Valve wants to tackle this problem. Rather, they’ve given the impression that they hope they can fix it with some clever engineering tweak, some genius little bit of code that’ll somehow balance the need for community feedback to expose good games against the need to stop harassers and trolls from treating the platform as a 24 hour public toilet.
That’s not how community moderation works. It’s a fundamental, obtuse misunderstanding of how any sort of system designed to manage, build and support a community works – from statecraft right on down to housemate meetings to discuss unwashed dishes. You need people; you need actual people doing actual moderation jobs, granted the training and the authority to step in and put the community back on the rails when it falls off. It’s hard, and it’s actually pretty expensive, and it takes a lot of care and attention – but it’s not impossible. Look at the progress Riot Games has made in turning around the community of League of Legends, which was formerly one of the most grossly toxic communities in gaming. It’s still by no means perfect, but Riot has shown that it cares, and that it’s willing to fight to improve things, and LoL is by far a better, more welcoming and more fun game for it. Some of that was achieved with tweaks to systems and protocols; but in the end, it takes a real, breathing, thinking human to counteract attempts by other humans to be unpleasant to one another, because if there’s one thing our species has demonstrated extraordinary affinity for over the centuries, it’s finding creative ways to skirt around rules in pursuit of being unpleasant to other people.
Riot’s done a good job of this because, I believe, Riot genuinely believes that it’s the right thing to do. Therein lies the rub; I don’t think Valve cares. It should care. It has a damn-near monopoly on PC game distribution through its storefront, and that gives it responsibilities – if it doesn’t like or want those responsibilities, that’s sad in and of itself, but I’m sure a quick dip in the swimming pools they’re filling with money from Steam might take the edge off the pain. It should also care, though, because there’s a hard limit on how much a business can grow if it permits abusive behaviour towards whole classes of customers or clients. Anyone making a game that tackles a tough subject, or aims at a non-traditional audience, or who is themselves a member of a minority group; well, they’d probably love to be on Steam, but they’re thinking twice about whether it’s a good move. That’s not conjecture – it’s something I hear almost every week from developers in that position, developers whose starry-eyed view of Steam from only a few years ago has been replaced with absolute trepidation or even outright rejection of the idea of exposing themselves to the storefront’s warped excuse for a “community”.
Today, that might just mean Steam is losing out on a few bucks here and there from creators and customers who have had enough of the toxic environment it permits; but markets diversify as they grow. Steam took over when retailers failed to serve customers with an appetite for PC games. What, then, will happen to Steam if new waves of customers – younger and more diverse – find that games and creators they like are treated abysmally by the service? Valve shouldn’t need a commercial incentive to fix this problem; they should fix it because it’s the right thing to do, because tacitly enabling and permitting abuse is really little better than engaging in harassment yourself. If that’s not enough, though, there absolutely is a commercial incentive too; Steam may be dominant, but it’s not the only option for either consumers or creators. There are far more sales to be lost from permitting abuse than from telling harassers they’re no longer welcome. Valve should give the latter a try.
Knowledge about threats is often hidden in unstructured sources such as blogs, research reports and documentation, said Kevin Skapinetz, director of strategy for IBM Security.
“Let’s say tomorrow there’s an article about a new type of malware, then a bunch of follow-up blogs,” Skapinetz explained. “Essentially what we’re doing is training Watson not just to understand that those documents exist, but to add context and make connections between them.”
Over the past year, IBM Security’s own experts have been working to teach Watson the “language of cybersecurity,” he said. That’s been accomplished largely by feeding it thousands of documents annotated to help the system understand what a threat is, what it does and what indicators are related, for example.
“You go through the process of annotating documents not just for nouns and verbs, but also what it all means together,” Skapinetz said. “Then Watson can start making associations.”
Now IBM aims to accelerate the training process. This fall, it will begin working with students at universities including California State Polytechnic University at Pomona, Penn State, MIT, New York University and the University of Maryland at Baltimore County along with Canada’s universities of New Brunswick, Ottawa and Waterloo.
Over the course of a year, the program aims to feed up to 15,000 new documents into Watson every month, including threat intelligence reports, cybercrime strategies, threat databases and materials from IBM’s own X-Force research library. X-Force represents 20 years of security research, including details on 8 million spam and phishing attacks and more than 100,000 documented vulnerabilities.
Watson’s natural language processing capabilities will help it make sense of those reams of unstructured data. Its data-mining techniques will help detect outliers, and its graphical presentation tools will help find connections among related data points in different documents, IBM said.
Ultimately, the result will be a cloud service called Watson for Cyber Security that’s designed to provide insights into emerging threats as well as recommendations on how to stop them.
Researchers at Oxford University think that virtual reality could soon be being used to treat psychological disorders such as paranoia.
In the British Journal of Psychiatry, which we get for the horoscope, the researchers explained who they stuck paranoid people into virtual social situations. Through interacting with the VR experience, subjects were able to safely experience situations that might otherwise have made them anxious. We would have thought that paranoid people would not even have put on the glasses, but apparently they did.
By the end of the day more than half of the 30 participants no longer suffered from severe paranoia. This positive impact carried through into real world situations, such as visiting a local shop.
Paranoia causes acute anxiety in social situations – after all they believe that everyone is out to get them. About two percent of the population suffer from paranoia which is sometimes connected to schizophrenia.
Treatment methods for anxiety often involve slowly introducing the source of anxiety in a way that allows the patient to learn that this event is safe rather than dangerous. The VR experiment, used a train ride and a lift scene taught subjects to relearn that they were really safe.
The VR simulation did not use very photo-realistic graphics, which raises another question about if realism is important to have a positive impact.
Epic Games co-founder Tim Sweeney reiterated his concerns about Microsoft’s Universal Windows Platform at the GamesBeat Summit yesterday, using his time on stage to warn of the dangers of the company’s approach.
“Nobody is adopting UWP except the small group of developers Microsoft is paying to do so,” he pointed out.
Microsoft tried to address some of his very public concerns at Build last month, but Sweeney dismissed those comments as “propaganda” during his talk.
“On stage Phil Spencer said that Xbox is an open platform, which surprises me because you have to get your game concept approved before you can start developing it and then you have to get every update approved and Microsoft has absolute control. And guess what? You don’t know who your customers are. They sell it through their store and it’s not your platform. I think they’re just in propaganda mode at that point.”
He said developers needed to defend their businesses and that direct relationship with customers. He said many developers don’t want to speak out and take on Microsoft and for others used the analogy of slowly boiling an amphibian.
“If you throw a frog in boiling water, he’ll just hop out. But if you put him in warm water and you slowly ramp up the temperature, he will not notice and he’ll be boiled. But a lot of frogs in the industry have already been boiled. Look at Facebook: Every company moved their brand presence to Facebook, sending out messages for their customers to receive. Now, you have to pay to send out your messages to people who chose to follow you. A boiling frog,” he declared.
“Microsoft has given itself the ability to force dash updates without your authorization. It will just update itself and you can’t do anything about it. They can change the rules of the game at any time.”
The vulnerability was detected by security researchers from FireEye and was patched by Qualcomm in March. However, because the vulnerability was introduced five years ago, many affected devices are unlikely to ever receive the fix because they’re no longer supported by their manufacturers.
The vulnerability, which is tracked as CVE-2016-2060, is located on an Android component called “netd” that Qualcomm modified in order to provide additional tethering capabilities. Malicious applications could exploit the flaw in order to execute commands as the “radio” system user, which has special privileges.
Since Qualcomm chips are quite popular with handset manufacturers, the FireEye researchers estimate that hundreds of Android phone models are affected. And since there are over 1.4 billion active Android devices in the world, this likely means that the flaw is present in millions of devices.
According to a security advisory from the Qualcomm Innovation Center, the flaw affects all Android Jelly Bean, KitKat and Lollipop releases.
To exploit this vulnerability, a malicious application would only need the widely used “ACCESS_NETWORK_STATE” permission in order to access the API exposed by the modified Qualcomm service. This makes it hard to detect exploitation attempts.
“Any application could interact with this API without triggering any alerts,” said Jake Valletta from Mandiant, a subsidiary of FireEye, in a blog post. “Google Play will likely not flag it as malicious, and FireEye Mobile Threat Prevention (MTP) did not initially detect it. It’s hard to believe that any antivirus would flag this threat.”
Once the “radio” privilege is obtained, the malicious app can access the data of other applications running under the same user. This includes the stock Phone and Telephony Providers applications, which have access to text messages, call history and other sensitive data.
Devices running Android KitKat (4.4) and later are affected less than older devices because they come with the Security Enhancements for Android (SEAndroid) mechanism enabled in enforcing mode by default. This makes stealing other apps’ data through this flaw impossible.
On these newer Android versions, “the ‘netd’ context that the ‘/system/bin/radish’ executable runs as does not have the ability to interact with other ‘radio’ user application data, has limited filesystem write capabilities and is typically limited in terms of application interactions,” Valletta said.
Google will inject gadgets into your eyes to improve your vision, if its latest patent application is anything to go by.
In something that resembles the concept art for a dystopian graphic novel about transhumanism, Google’s patent filing for April 28 is for a gadget described as an “inter-ocular device”.
This includes a sci-fi sounding electronic lens designed to be installed in a flexible polymeric material to fit inside the surface of an eye’s lens capsule by solidifying the fluid in the capsule. Please excuse us, as we’re getting a bit queasy.
According to Google’s patent, forces exerted upon it by the lens capsule can control the electronic lens’ optical power. This looks like it will help with vision correcting, by assisting with the focusing of light onto an eye’s retina.
The patent states the device’s power will come from an internal battery charged by an “energy harvesting antenna”. We don’t know what that energy will be, but if Google thinks it can start sucking up our brainwaves then we’re moving all our browsers back to Explorer.
To keep things firmly on the creepy tech side, Goggle’s patent also looks to get the device to interface with an external computer, through the ambiguous-sounding “interface device”, which looks to use an antenna to beam data from sensors on the electronic lens to a separate system. Yeah, things are getting weird here.
One would assume the data Google would plan to collect would be used for medical and optometry research.
But, with all the pretty advanced deep learning tech, clever search algorithms, and powerful cloud platforms Google has at it fingertips, we can’t help but feel this could be a way to taking what people see and creating adverts that can be beamed directly into our heads. Or perhaps we’ve had too much coffee this morning.
Some people worry about the robots rising up and enslaving us all, but perhaps they should keep a closer eye on what Google’s boffins are up to under the Californian sun. It’s eye devices today but mind chips tomorrow.