Uber Accused of Skipping Out of Paying Bug Bounties

With all the apps and systems that are used, created and updated every day it is often impossible for you to be absolutely certain about their security. This resulted in the creation of external help through schemes like bug bounties unless your Uber who change the scope of what bug bounties they’ll be paying.

Bug bounty schemes are simple. If you find a problem in the code or system that a company uses, you report it to the company running the scheme and if they find it was a problem, you get paid. Even Microsoft and GitHub run schemes to help narrow down and find problems with their software. The issue comes here is that only this week popular taxi alternative app Uber launched its own bug bounty scheme.

Sean Melia found a few issues or rather a few admin panels/ports that were open. This fell in line with what Uber wanted under the grouping of “publicly accessible login panels” and “exposed administration ports (excluding OneLogin)”. After reporting the first issue which was quickly accepted as a bug, Melia went about finding others resulting in the large group he ended up reporting. The problem was that by this time Uber had updated their documentation to make these reports invalid, without informing people using the scheme. Free security support anyone?

The reason for the change? Ubers security engineering manager, Collin Greene, has stated they changed the rules so that they stopped researchers wasting their time on minor bugs. Greene then stated that “a successful bug bounty rests on researchers trusting us to run it well, which we take very seriously”, something that may not go down so well when you are willing to change the goalposts without telling people.

Was Uber right in this case? Should they have acted differently? A problems a problem, even with a lesser payment, should Melia have received something given that he did the work under the old rules?

Call of Duty: Black Ops III Plagued by Performance Problems

Call of Duty: Black Ops III has finally been released and early reports suggest it’s a technical mess on PC. A large number of the Steam Reviews describe the latest COD entry as “unoptimized” which struggles to achieve a smooth frame-rate. Unfortunately, it seems the game is marred by stuttering, sudden frame drops and micro-stutter. Even on top-tier hardware, the performance is atrocious and should be avoided until patches are released to help rectify these major problems:

The general consensus is remarkably similar to early testing conducted by TechPowerUp which indicates the game utilizes a ridiculous amount of system memory and VRAM. During their initial benchmarks, a GTX 980 Ti was monitored and almost used 6GB VRAM under load, and system RAM reached a maximum utilization of 12GB. Even more concerning, when the GPU was swapped with a Titan X, the engine started to increase the VRAM usage up to 8GB. Apparently, the game runs much smoother on a GTX Titan X compared to the 980 TI which can only be a result of memory differences.

This is extremely disappointing as a spokesperson prior to release discussed improved mouse controls, a GPU bound-engine and low CPU overheads. Clearly, this isn’t an accurate reflection as people are experiencing major problems on lower threaded CPUs. An official statement reads:

Call of Duty: Black Ops III is the perfect example of why you should be very suspicious when pre-ordering video games.

Green Man Gaming Refunding Batman: Arkham Knight Until End of 2015

Batman: Arkham Knight is still a colossal mess on PC and Warner Brothers have admitted they might not be able to rectify a whole host of issues. As a result, the studio decided to offer widespread refunds even if you’ve logged a significant amount of time playing the game. However, this has to be completed through the Steam refund policy, and only applies to purchases directly on Steam. In reality, a large proposition of customers acquire keys from third-party sellers and only use Steam to activate their license.

This means, anyone who purchased the game through other retailers, or received it with an NVIDIA graphics card cannot ask for a full refund. Thankfully, Green Man Gaming has acknowledged this and released a statement which reads:

“Hi folks. Just a quick little update to let you know that in accordance with WBIE’s statement on October 31st regarding Batman: Arkham Knight, we’ll be honouring refunds on the title until the end of 2015.”

I have to applaud Green Man Gaming for once again offering refunds to Batman: Arkham Knight. This premium level of customer service makes people feel more inclined to purchase games from Green Man Gaming in the near future. I only hope other retailers will follow suit, although I’m not sure if Green Man Gaming are covering the entire costs for these refunds. Therefore, some resellers might be unwilling to do this.

If you wish to initiate a refund, please visit this link.

Dead or Alive 5: Last Round Finally Gets Online Support on PC

Dead or Alive 5: Last Round’s PC port is absolutely atrocious and plagued by a lack of keyboard bindings, omitted stages and no sign of the “Soft Engine” seen on PlayStation 4 and Xbox One. Even more absurd, the game launched without any online support whatsoever and Team Ninja rationalized this decision with the explanation:

“We are currently beta testing the update to add online functionality to DEAD OR ALIVE 5 Last Round on Steam. We originally announced that we would release the update by the end of June 2015. However, due to major issues found during the beta test, we will be postponing the release of the update.”

After a ridiculously long delay, the online component has finally been incorporated but I believe this will have zero impact on the game’s community. While some players enjoy the Arcade stages, the majority of longevity comes from online bouts and leaderboards. The concept that a major fighting game can be launched on PC without the main mode is laughable. Surely, the PC fighting scene will move to the latest Street Fighter game instead for competitive play. On another note, Dead or Alive 5: Last Round is technically dated and devoid of some advanced features seen on the Xbox One and PlayStation 4. The only way to describe this move is pure laziness.

Do you play fighting games on PC?

Image courtesy of PCWorld.

Thank you Dark Side of Gaming for providing us with this information.

There Was ‘No Intention’ to Make a Red Dead Redemption PC Version

Red Dead Redemption is one of the greatest open world games ever created and PC gamers have been longing for a PC release for many years. Sadly, it seems this was never up for consideration according to Red Dead Redemption’s lead multiplayer designer, Kris Roberts who said during a Twitch stream:

“I don’t think there was ever an intention to have a PC version of Red Dead Redemption. I was actually really shocked that they did a PC version of Grand Theft Auto V. Obviously in development, we were all PC based and had it running for win32 clients for the entire development. But as far as the licensing for the consoles and stuff, it was pretty much always going to be an X360 and PS3 title… we never really seriously talked about optimizing it for PC.”

The popularity of PC gaming has dramatically increased over the last decade so that could explain Rockstar’s initial dismissive nature towards the platform. Hopefully, the sales of GTA V on PC will provide enough encouragement to make them port the game to PC in the future. This is a possibility if Rockstar decides to make a HD remaster for the current-generation consoles.

I do find it a bit perplexing to hear Roberts’ surprise regarding Grand Theft Auto V. Firstly, the GTA franchise had strong roots on the PC and every single major release has eventually come to the platform. Not only that, PC gaming is already a resounding success and becoming more profitable than consoles. Therefore, to limit a huge title like GTA V to the consoles wouldn’t make business sense. Rockstar were very shrewd and managed to get certain customers to purchase the game on Xbox 360/PS3 then current-generation consoles and finally PC.

On another note, retail console games have a very short lifespan and years down the line, the majority of sales result in very little money due to the second hand market. PC gaming is a completely different beast with the modding community and Steam sales. I’m honestly finding Roberts’ analysis and general train-of-thought to be extremely contradictory.

Thank you The Dark Side of Gaming for providing us with this information.

Realtek DRAGON LAN Chip Spotted

The onboard Local Area Network (LAN) is a massively overlooked part of your system; most users tend to buy on the impulse of shiny heatsinks, colour scheme or maybe because it has so many USB 3.1 ports. Despite the lack of consumer interest, companies manufacturer ultra high-speed LAN chips which offer consumers the best in wired internet connections.

Realtek is one of the oldest in the business, along with Intel and Killer (Qualcomm), the three dominate the LAN option market. Up until recent, Killer has held the top spot for gamers with some of the best connections available, regularly hitting within 90% of the listed speeds. Well, now Realtek has produced a new chip, dubbed “Dragon”.

The current RTL8111 chip is aging and lagging behind the competitors, Dragon is based on the new RTL8118AS design. Realtek states is has made numerous improvements over the previous generations, set to offer better performance for traffic with small UDP packets; which incidentally is how most online multiplayer games send information.

Along with the new name comes a new branding logo, which manufacturers will be able to print directly onto the PCB instead of the entire company name. The new chip is set to launch on the upcoming LGA1151 motherboards from ECS.

Are you using onboard LAN networking? What brand is it? Let us know in the comments

Thank you to Anandtech via TechPowerUp for providing us with this information.

Iron Galaxy Responsible for Killer Instinct PC Port

Iron Galaxy, developer of the atrocious Batman: Arkham Knight PC version, have been commissioned to produce Microsoft’s latest love letter to PC Gamers. With a team of only 12 people, Iron Galaxy are expected to construct a solid PC port offering good keyboard controls, support for professional Fight Sticks and enhanced visuals. In a direct AMA session, the CEO addressed concerns and pleaded:

“This is an amazing opportunity to work on a game and a genre we are super passionate about,”

“Before we were ever talking about this, I was a fan of the game. And to get to now take it over and start with this great base, and expand it and put new stuff on top of it, everyone in the company is super pumped up, and we can’t wait to show people what we’re going to be doing down the road,”

While their intentions may be admirable, it’s difficult to ignore the colossal mess of the Batman: Arkham Knight port and does little to alleviate concerns that Microsoft perceives PC Gaming as an afterthought. Furthermore, Killer Instinct is a fluid, combo-based, exhilarating beat-em-up requiring a minimum and solid rate of 60fps. If the optimization is sub-par, Iron Galaxy will be lambasted for it. However, I can’t see how their reputation can become worse given the furore surrounding Batman: Arkham Knight.

Perhaps, this is the perfect opportunity for Iron Galaxy to redeem themselves but I can understand why anyone would be highly suspicious of the final product.

Thank you Gearnuke for providing us with this information.

Microsoft Wants to Port Everything to Windows

Microsoft has long been suffering from a deficit of Windows Phone applications. In a major move at Build 2015, Redmond announced two separate projects to target Android and iOS applications and allow them to run on or be ported to Windows.

Targetting iOS applications, Project Islandwood is aimed at easier porting and integration of Objective C. Using this middleware, Project Islandwood is able to provide the APIs that the iOS applications expect. This allows apps to be easily ported with minimal work and recompiling. One of the notable examples is King and their popular game Candy Crush Saga which only had be tweaked a bit to run on Windows. Since the app is now compiled for Windows, it can run on anything from Windows Phone/Mobile to full on Windows 10.

On the Android side of things, there is Project Astoria. Astoria exists as a runtime layer between Windows and the application, allowing any old APK to run without modifications or being recompiled. This runtime layer is limited to Windows Mobile/Phone only however so desktop Windows 10 users are out of luck. Applications relying on Google Mobile services which are closed source APIs will are not work without modification.

Microsoft has been taking their app deficiency seriously as both Windows Phone and Windows RT have suffered from low numbers. Whether or not easy porting and a more unified customer base can attract developers remains to be seen.

Credentials May Become Compromised via Old Windows Vulnerability from the ’90s

Nobody wants their private information shared on the internet, but we live in an era where everything that’s connected to the internet may eventually become public. This is the case of an old Windows vulnerability from the ’90s, which still poses a security threat according to security specialists.

Brian Wallace, a security researcher from Cylance, has been reported to have found a new way to exploit a vulnerability that was previously found in 1997. He stated that the flaw can be used on any Windows OS-powered device, may it be a tablet, PC, server or laptop, and can be used to potentially exploit and compromise around 31 programs.

The vulnerability that goes by the name of Redirect to SMB is said to be exploited by intercepting communication with a Web server using the man-in-the-middle approach. This in turn redirects all traffic to the malicious SMB server, which supposedly collects sensitive information such as usernames, passwords, credit card information or other things users type in.

There are some limitations to the technique though, as Wallace pointed out. The attacker needs to be on the same network as his victims and the attack can easily be prevented by blocking outbound traffic to the 139 and 445 TCP ports. But let’s be honest, who is going to do that? I mean most people don’t even change their default router credentials, let alone go into its settings and block traffic to specific ports.

Microsoft is said to have not made an official statement regarding the matter, but Wallace’s findings have been revealed at the Computer Emergency Readiness Team at Carnegie Melon University. With all this snooping around that’s been going on lately, how secure do you feel? Or is that even a matter of concern at this point?

Thank you PCWorld for providing us with this information

Image courtesy of High Performance Laptops

Asus EA-AC87 Media Bridge and Access Point Comes with 1734 Mbps Speeds

Asus has announced a new access point and media bridge, the EA-AC87, which is a dual-purpose wireless AC-1800 that uses a 4×4 MIMO antenna array. The company states that when it is paired with a 4×4 router, the EA-AC87 is able to deliver the world’s fastest 5GHz speeds of up to 1734 Mb/s.

The EA-AC87 also features the Asus AiRadar, a universal beamforming technology that helps the device ensure a reliable and fast connection over an area of 465 m² or 5000 ft. This means that the latest device has a 33% performance increase compared the previous Wi-Fi antenna generations that use 3×3 antennas.

In terms of connectivity, the EA-AC87 provides five Gigabit Ethernet ports, giving it the ability to connect to a wide range of devices. In addition to the latter, Asus states that future firmware updates will add support for multi-user MIMO, enhancing the product performance in multi-device environments.

In access point mode, the EA-AC87 is said to provide the ultimate 802.11ac standard extension, extending the capacity to handle more devices as well as extending the wireless coverage of the router it is coupled to. The EA-AC87 is the perfect solution for a single-band 2.4 GHz router, having it add the benefit for 5 GHz connectivity which adds ultra-fast speeds and less interference than in congested 2.4 GHz environments.

In media bridge mode, the EA-AC87 provides five LED indicators on the front panel which act as signal quality indicators. This provides real-time feedback upon the wireless signal quality and ensures that the user benefit from the optimum connection speeds and reliability.

Asus is making the EA-AC87 available in May 2015, having set a recommended price tag of €159.

Thank you Guru3D for providing us with this information

Philips Announces New iOS Lightening Port Headphones

Philips has announced a new set of headphones that utilise the ‘Lightening’ connector only used by Apple on iOS devices. The headphones bypass the conventional headphone jack to provide advanced noise-cancellation using “inverted microphones”.

The Fidelio NC1L does noise-cancellation in pretty much the same way as many other headphones, but the major difference with this set is that they don’t require extra batteries. This makes them incredibly mobile, as they must utilise the power from the deice delivered via the Lightening port.

There are 3 modes of noise-cancellation – one with it on, another with it turned off so you can hear noises around you and another mode that allows phone calls.

Details are few and far between at the moment, but we do that they will at least be released in the US for $299.

Source: The Verge

New DockPort Display Standard Released From VESA

VESA, the Video Electronics Standards Association who are the governing body over the display connectivity standards (the people who write out the rules so-to-speak) have announced that they are expending the DisplayPort standard to allow USB3.1 data and power to be carried over the same cable that video signals are currently run over on the DisplayPort interface. Known as DockPort, the connection is physically the same, much like USB3.0 is with USB2.0, meaning that older DisplayPort only devices will be backwards compatible with DockPort enabled devices. When two DockPort devices are connected together, power and USB3.1 data will run over the cable, reducing the overall number of cables that need to be connected between the source and display.

As DockPort is an extension of an existing standard, it will be offered to current VESA members without any additional licensing fees, meaning that any products that feature the new standard won’t have to incur massive price jumps.

“As computing platforms become increasingly mobile, it becomes necessary to reduce the number of external connectors,” explained Steve Belt, Corporate Vice President – Strategic Alliances & Solutions Enablement AMD, a VESA member company. “With DockPort, VESA has developed a technology standard that enhances elegant docking designs, reduces mobile form factors, and enriches the user experience with streamlined, one-cable access to a wide range of external displays, peripherals and storage.”

Unlike HDMI which can only carry audio and video data, DockPort is set to be the first standard to carry non-video data across a display cable as well as the first standard to allow power to run alongside a video signal without interference. As the new standard begins to roll out, a number of vendors are showing off their latest product at Computex 2014 which is running this week, although there is no word if this standard is ready to hit the shelves just yet.

“The new DockPort standard demonstrates the enormous adaptability of the DisplayPort standard,” according to VESA Board Chair Alan Kobayashi, Fellow & Executive R&D Management for DisplayPort Group at MegaChips Technology America. “On the one hand, DisplayPort is a flexible A/V transport protocol that easily coexists with other protocols, like USB-it plays nicely with others. On the other hand, DisplayPort is also a robust and proven connector design whose electro-mechanical properties can accommodate data and power over a common passive copper cable and interface.”

Source: Press Release

Hide Your Windows, Mac And Linux Devices, ‘Cause Java-based Malware Is Coming!

We have seen similar incidents in the past, may it be ad-related such as the Yahoo! incident, or directly involving the Java platform. It has been reported that a Java-based malware bot is currently ‘roaming’ around, infecting all three major operating systems: Windows, Mac OS X and Linux.

Researchers have revealed a fragment of botnet malware that is capable of infecting the latter mentioned OSes, being a cross-platform HEUR:Backdoor.Java.Agent.a, having been reported in a blog post published by Kaspersky Lab. It reportedly takes control of computers by exploiting CVE-2013-2465, a critical Java vulnerability which Oracle patched last June.

The Java vulnerability is said to be present on Java 7 Update 21 and earlier versions. Once the malware has infected the computer, it copies itself to the autostart directory of its respective platform to ensure it runs at every startup. Compromised computers then report to an Internet relay chat channel that acts as a command and control server.

It is reportedly designed to generate Distributed-Denial-of-Service, or DDnS, which targets the attacker wants to designate as a ‘target’, having it packed with ‘features’ such as setting the IP address, port number, intensity, and duration of attacks. The malware is said to be written entirely in Java, allowing it to run on Windows OS X and Linux machines. To make matters even worse, the bot incorporates PircBot, an IRC programming interface based on Java.

In addition to all that, the malware also is said to use Zelix Klassmaster obfuscator to prevent it from being reverse engineered by whitehat and competing blackhat hackers. Apart from obfuscating bytecode, Zelix encrypts some of the inner workings of the malware. It is extremely recommended to update to the latest Java 7 Update 51 found on Oracle’s official website here.

Thank you arstechnica for providing us with this inforamtion
Image courtesy of arstechnica

USB 3.1 To Be Fully Reversible

The humble USB port is one of the most annoying things in the world, and I think it is a pain we can all share. In fact, why tell you what I am talking about when the meme above sums it up so much better. The simple USB plug can be a pest at the best of time, sometimes it fits, many other times it doesn’t because it is upside down, either way it’s down to luck. However, that could all soon be a thing of the past as the new Type-C connection for the USB 3.1 specification has a solution.

While the final hardware isn’t expected to be final until mid-2014, the new connections will be smaller, similar to that of a Micro-USB plug, or like that of the Apple Lightning connector, it will be fully reversible and that means two thing, the ports take up less space and you take up less time trying to make the cable fit the port.

There are no images of the hardware just yet, it’s early days, but the concept is great and it will no doubt be a big improvement over the current standard.

USB 3.0 Promoter Group chairman Brad Saunders says that Type-C will “meet evolving design trends in terms of size and usability” while allowing for future scalability in charging and data transfer. Type-C “will enable an entirely new super-thin class of devices from phones to tablets, to 2-in-1s, to laptops to desktops,” says Alex Peleg of Intel. “This new industry standards-based thin connector delivering data, power, and video is the only connector one will need across all devices.”

This will of course render current connections obsolete, and there will no doubt be various adapters and connections to facilitate the new standard, but perhaps a new USB port standard that really makes big changes is long overdue anyway.

Thank you The Verge for providing us with this information.