Kiran Upadhyay

LOS ANGELES—While Microsoft's pre-E3 press conference focused largely on newer video games, the event also filled in a pretty major gap for hardware-upgrading holdouts: backward compatibility. Starting later this year, the company's newest console, the Xbox One, will support a limited number of older Xbox 360 games—and Xbox One preview program users will get a shot even sooner than that. Gamers will have two ways of playing old games that are part of the backward-compatible initiative. If users already purchased the games digitally through Xbox Live, they can simply log in and re-download the game on Xbox One without paying any additional cost. If they own the game as a disc, they'll have to download the game to their Xbox One hard drive, and the system will then check for the disc before launching the game. Technical details on how this works are still unknown. The hardware of the Xbox 360 is very different from the hardware of the Xbox One, and pure emulation of th...

As many as 600 million Samsung phones may be vulnerable to attacks that allow hackers to surreptitiously monitor the camera and microphone, read incoming and outgoing text messages, and install malicious apps, a security researcher said. The vulnerability is in the update mechanism for a Samsung-customized version of SwiftKey, available on the Samsung Galaxy S6, S5, and several other Galaxy models. When downloading updates, the Samsung devices don't encrypt the executable file, making it possible for attackers in a position to modify upstream traffic—such as those on the same Wi-Fi network—to replace the legitimate file with a malicious payload. The exploit was demonstrated Tuesday at the Blackhat security conference in London by Ryan Welton, a researcher with security firm NowSecure. A video of his exploit is here. Phones that come pre-installed with the Samsung IME keyboard, as the Samsung markets its customized version of SwiftKey, periodically query an authorized ser...

Lavu, an Albuquerque-based startup that provides iPad-centric point of sale systems for restaurants, has raised $15 million in new funding led by Aldrich Capital Partners. Previously bootstrapped, Lavu has been profitable since its second month in operation, according to founder Andy Lim. The company charges a licensing fee (around $1k per POS terminal) and a recurring monthly fee determined by the size of the restaurant. Lim says that Lavu is currently being used by over 4,000 restaurants in 86 countries. Australia, Thailand, and Singapore are a few regions with especially high adoption. The $15 million will be used to ramp up sales and marketing efforts. “That’s what we lack; we don’t really do quite well in terms of sales and marketing… the investment is really to get those resources and connections to reach out to more of the big chains,” Lim says. By partnering with an international fast food chain, for example, Lavu would be able to scale its platform globally at a r...

During testimony today in a grueling two-hour hearing before the House Oversight and Government Reform Committee, Office of Personnel Management (OPM) Director Katherine Archuleta claimed that she had recognized huge problems with the agency's computer security when she assumed her post 18 months ago. But when pressed on why systems had not been protected with encryption prior to the recent discovery of an intrusion that gave attackers access to sensitive data on millions of government employees and government contractors, she said, "It is not feasible to implement on networks that are too old." She added that the agency is now working to encrypt data within its networks. But even if the systems had been encrypted, it likely wouldn't have mattered. Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified that encryption would "not have helped in this case" because the attackers had gained valid user credentials to...

During periods of chronic stress, we often up our caffeine consumption. This works better than you might expect—the increase can reduce some of the negative effects of long-term stress, including depression and memory deterioration. In a new study published in PNAS, researchers dug further into this finding, examining the signaling networks that caffeine influences within the brain. One of the proteins they identify is a potential treatment target for the symptoms of long-term stress. Chronic unpredictable stress alters neural circuits in the hippocampus. It dampens mood, reduces memory performance, and increases an individual’s susceptibility to depression. The researchers studied this phenomenon in mice by exposing them to chronic, unpredictable, long-term stress in a variety of forms: cage-tilting, damp sawdust, predator sounds, placement in an empty cage, switching cages, and inversion of day/night light cycles. Just like humans experiencing chronic stress, the mice showed weigh...

The Federal Communications Commission today said it plans to fine AT&T $100 million for throttling the wireless Internet connections of customers with unlimited data plans without adequately notifying the customers about the reduced speeds. "The Commission charges AT&T with violating the 2010 Open Internet Transparency Rule by falsely labeling these plans as 'unlimited' and by failing to sufficiently inform customers of the maximum speed they would receive under the Maximum Bit Rate policy," the announcement said. The action isn't yet final. The FCC issued a Notice of Apparent Liability against AT&T that includes the proposed fine and provisions designed to bring AT&T into compliance with the commission's rules about making proper disclosures to customers. AT&T can ask the commission to reduce or eliminate the fine, which would be deposited into the US Treasury. But even if AT&T opposes the fine, the commission says the company...

Researchers have uncovered huge holes in the application sandboxes protecting Apple's OS X and iOS operating systems, a discovery that allows them to create apps that pilfer iCloud, Gmail, and banking passwords and can also siphon data from 1Password, Evernote, and other apps. The malicious proof-of-concept apps were approved by the Apple Store, which requires all qualifying submissions to treat every other app as untrusted. Despite the supposed vetting by Apple engineers, the researchers' apps were able to bypass sandboxing protections that are supposed to prevent one app from accessing the credentials, contacts, and other resources belonging to another app. Like Linux, Android, Windows, and most other mainstream OSes, OS X and iOS strictly limit app access for the purpose of protecting them against malware. The success of the researchers' cross-app resource access—or XARA—attacks, raises troubling doubts about those assurances on the widely used Apple platforms. ...