“This is an extremely promising development,” said Dr Margaret Chan, Director-General of the WHO. “The credit goes to the Guinean Government, the people living in the communities and our partners in this project. An effective vaccine will be another very important tool for both current and future Ebola outbreaks.”
Since late 2013 when the latest epidemic began in West Africa, there have been 27,600 Ebola cases, including more than 11,000 deaths. Liberia has suffered the worst, with more than 4,800 deaths.
While the vaccine so far shows 100% efficacy in individuals, more conclusive evidence is needed on its capacity to protect populations through what is called “herd immunity,” according to WHO.
“The ‘ring’ vaccination method adopted for the vaccine trial is based on the smallpox eradication strategy,” said John-Arne Røttingen, Director of the Division of Infectious Disease Control at the Norwegian Institute of Public Health and Chair of the Study Steering Group. “The premise is that by vaccinating all people who have come into contact with an infected person you create a protective ‘ring’ and stop the virus from spreading further. This strategy has helped us to follow the dispersed epidemic in Guinea, and will provide a way to continue this as a public health intervention in trial mode.”
The Guinea vaccination trial began in affected communities in March to evaluate the efficacy, effectiveness and safety of a single dose of the vaccine VSV-EBOV by using a ring vaccination strategy. So far, more thanb 4 000 close contacts of almost 100 Ebola patients, including family members, neighbours, and co-workers, have voluntarily participated in the trial.
Mohamed Soumah, 27, was the first person to receive the Ebola vaccine. “It wasn’t easy. People in the village said that the injection was to kill me,” he said, according to a report by WHO. “I was afraid. I was the first one to be injected, the very first, here in my village (in March). I’ve been monitored for 3 months and I’ve had no problems. The last follow-up, 84 days after the vaccination, was all clear.”
The trial stopped randomization in late July to allow for all people at risk to receive the vaccine immediately, and to minimize the time necessary to gather more conclusive evidence needed for eventual licensure of the product, WHO said. Until now, 50% of the rings were vaccinated 3 weeks after the identification of an infected patient to provide a term of comparison with rings that were vaccinated immediately. This will now be ended. In addition, the trial will now include 13 to 17-year-old and possibly 6 to 12-year-old children on the basis of new evidence of the vaccine’s safety.
The vaccine, known as VSV-EBOV, was developed by the Public Health Agency of Canada.
Rumor has it that Apple should soon release a new version of its set-top box as well as a new streaming service for TV content. According to a new report by Buzzfeed, Apple was supposed to announce the new Apple TV at WWDC, but it was delayed for a September launch
The current Apple TV was released in 2012 and runs an underclocked A5 chip, which was originally developed for the iPhone 4S. This time, the Apple TV should use a much more recent chip, such as the iPhone 6’s A8 chip. A slimmer design and more internal storage wouldn’t be a surprise as well.
Yet, two big questions remain on the user interface and Apple’s content strategy. The current interface of the Apple TV is cumbersome and the company knows that it has to do something to fix it. Using Siri for voice queries would be a first step as both Google and Amazon provide a similar feature with the Nexus Player and Fire TV.
Recent patent applications have also indicated that Apple has been working on some sort of touch interface for the Apple TV. It’s unclear whether Apple will take advantage of your iPhone or create a brand new remote with a touch screen.
On the content front, the Apple TV service has been rumored for years and it seems that it’s not quite ready yet. While the new Apple TV announcement has been delayed, you shouldn’t expect to see an Apple-branded streaming service in September. Instead, the company wants to release the new device with existing third-party services, such as Netflix, Hulu, HBO Now and Showtime as the existing Apple TV has been around for too long. Similarly, Apple wants people to buy as many new Apple TVs as possible in order to be ready when it launches its new streaming service months later.
As a reminder, Apple announced the Apple Watch during the iPhone event last year. Supply chain leaks indicate that Apple is working on iPhone 6S — Apple won’t spend an hour and a half talking about the new iPhones 6S, leaving room for another announcement. Announcing a new Apple TV during the same event would make sense.
Finally, Apple should release an SDK as well as a dedicated App Store for the TV. It would bring the Apple TV up to par with Android TV and make the device much more powerful. Even if Apple doesn’t launch its streaming service at the same time, third-party developers could start developing for the new device right away before the Apple TV becomes a must-have.
Facebook just built a gigantic solar-powered drone that will stay in the stratosphere for months at a time, beaming broadband Internet to rural and hard-to-reach areas.
The drone, called Aquila, is the baby of Facebook’s (FB, Tech30) year-old Connectivity Lab. The lab has been developing new technology as part of the social network’s mission to “connect everybody in the world.”
Four billion people don’t have access to the Internet, and 10% of the world’s population lacks the necessary infrastructure to get online. To reach these people, Facebook is working on drones, satellites, lasers and terrestrial Internet technology.
On Thursday, Facebook announced it had finished construction on its first full-sized drone and announced other project milestones. The team’s researchers say they’ve found a way to use lasers to deliver data speeds from the drones ten times faster than the industry standard.
Facebook has been working on the Aquila for a year, building off of technology it acquired when it bought UK drone company Ascenta in 2014. The solar-powered unmanned aircraft is designed to fly far above commercial airspace and weather, and to stay in the air for three months at a time. It could give Internet access to people located in a 50-mile radius on the ground.
“It’s sort of like a backbone of Internet using lasers in the sky, that’s the dream we have,” said Yael Maguire, the engineering director of Facebook’s Connectivity Lab.
Aquila hasn’t taken flight yet, but the UK-based team has done flight testing on a number of scale models. Over the next six months, the group will run structural and other tests and eventually take it for its first test flight.
The technology is years away from being used in the field — Facebook doesn’t yet have an exact timeline.
The Aquila drone looks like a giant v-shaped boomerang. It’s 140-feet in diameter — about the same wingspan as a Boeing 737 — and covered in solar cells. It is made of light carbon fiber that is two to three times stronger than steel when cured. It will weigh around 880 pounds when fully outfitted with motors, batteries and communications equipment.
It won’t require a runway. The Aquila will be launched by tethering it to a helium balloon and floating it straight past the weather and commercial airspace. During the day, it will cruise in circles at 90,000 feet, soaking up solar power. At night, it will save energy by drifting down to 60,000 feet. Though current regulations require one pilot on the ground for each drone, Facebook hopes to design the Aquila so it can fly without a dedicated pilot.
To get the Internet, a laser system will connect the ground and the drone. A Facebook team has been working on the laser technology in California, and says it has achieved speeds of tens of gigabytes per second — that’s fast enough to allow hundreds of thousands of people to access broadband Internet simultaneously.
The lab works with Facebook’s Internet.org, which has been criticized for only giving people access to a limited number of Internet services. But Aquila is designed to provide full broadband Internet. Facebook also won’t operate the planes itself. Instead, the company plans to work with local providers or governments to actually deploy the technology, though details are still unknown.
“Building big planes and selling them is not core to our mission of connecting people,” said Jay Parikh, a VP of engineering. “We are not going to take this stuff and be ‘Facebook ISP.'”
MIT researchers have developed digital attacks which can unmask Tor services in the Deep Web with a high degree of accuracy.
As reported by Net Security, a team from the Massachusetts Institute of Technology (MIT) have developed attacks which can be used to identify an anonymous hidden service, clients and potentially servers.
The Tor network is used to access .onion addresses located in the Deep Web. The point of the Tor network — a plethora of nodes and relays — is to mask surfers and make tracking very difficult to achieve.
While Tor is used by criminals for everything from drug to weapon sales, it is also a valuable tool for activists, journalists and those in high-surveillance countries.
When a user connects to Tor, that connection is encrypted and routed through a digital circuit. The first doorway, called a “guard,” starts the journey while “exit nodes” finish off a communication circuit.
It should, in theory, be impossible to monitor users and log IP address and destination unless a hacker is able to link both up through a controlling exploit of some kind. However, MIT researchers have developed a series of passive attacks which reveals an alternative approach to tracking the digital footprints of Tor users.
Within the research paper (.PDF), the MIT team describe a process called “circuit fingerprinting,” which detects the presence of hidden service activity through a Tor vulnerability related to the guard. The passive network monitoring attack is able to “reduce the anonymity set of a user from millions of Tor users to just the users of hidden services,” according to the researchers.
“Tor exhibits fingerprintable traffic patterns that allow an adversary to efficiently and accurately identify, and correlate circuits involved in the communication with hidden services,” the team says.
“Therefore, instead of monitoring every circuit, which may be costly, the first step in the attacker’s strategy is to identify suspicious circuits with high confidence to reduce the problem space to just hidden services.”
Once the hidden service activity has been established, the team were also able to use a secondary attack related to Tor exit nodes. Without wrestling control of a node through aggressive means, the security researchers were successful in identifying which Tor service a user was accessing — as well as servers hosting a hidden service — 88 percent of the time, potentially unmasking both the service and physical location of a server.
“Since the attack is passive, it is undetectable until the nodes have been deanonymized, and can target thousands of hosts retroactively just by having access to clients’ old network traffic,” the paper states.
In order to prevent such attacks, the paper suggests a number of ways the Tor could be modified. These include reducing the amount of time a circuit is allowed to exist before a reset, introducing “padding” cells of data which can mask outgoing and incoming information, and hiding ‘true’ circuits within pre-made circuits to prevent information leaks.
“It’s [..] a known issue that hidden service circuits are noticeable in certain situations, but this attack is very difficult to execute.
The countermeasures described in the paper are interesting since the authors claim that deploying some of them would neutralize their attack and better defend against hidden service circuit fingerprinting attacks in general. This has yet to be proven.”
Last November, Charles Tendell quietly launched a website called Hacker’s List. Its name was literal. In this online marketplace, white-hat security experts could sell their services in bite-size engagements to people with cyber-problems beyond their grasp.
“Hacker’s List is meant to connect consumers who have online issues to hackers or professionals out there who have the skills to service them,” Tendell told Ars. “Consumers get bullied online, they lose personal information, they have things stolen from them, they get locked out of things, and they have people post negative things or post personal information. They didn’t have a place to go to be able to get help and make sure they’re getting the right price or the best person for a particular job. That’s what Hacker’s List is for.”
However, controversy has crept in to fill the void left by backend hiccups. It’s true that Hacker’s List’s purpose remains showing the general population that “not all hackers are evil,” as Tendell puts it. His intentions for the site also continue to be noble. But many of the project requests being posted to the site show the message isn’t getting through as the marketplace scales. If anything, it seems that those who now flock to Hacker’s List have largely been people looking for evil hackers to hire. And the site is constantly looking for ways to keep up.
Whether good or bad, all the attention Hacker’s List has drawn since launch hasn’t hurt Tendell. The founder and CEO of Denver-based Azorian Cyber Security is now also the co-host of a syndicated tech radio show and a frequent go-to cyber-expert for local and national news broadcasts. Tendell insists that Hacker’s List is a separate entity from his business, but he admits that “being on the front page of a lot of things has increased Azorian’s footprint and business.” In fact, the international press coverage may be Hacker’s List’s biggest upside—because it’s not clear how many actual business transactions happen through the site.
According to data on the site itself, only a handful of the enrolled hackers have made any money through Hacker’s List since its November 2014 launch. For most, their earnings listed have been just a few hundred dollars. While there are more than 3,000 “hacker” accounts registered—some representing security firms, others registered to individuals—there’s no way to know how many are active. Some early adopters of the site who spoke with Ars quickly abandoned it as a source of projects when they saw the sorts of requests that started to come in.
Logistically, Hacker’s List acts as a sort of reverse-eBay: customers post projects, then “hackers” bid on them. The customer selects someone for the job based on bids, and—if the project passes as legitimate with Tendell’s team—the site acts as an intermediary. It holds the customer’s payment until a project is done and they have approved the work. This escrow period also assures the person doing the work that the money is actually there. Afterwards, customers can rate the “hacker” based on their performance and write comments that appear on user profiles.
In theory, this checks and balances system is the same mechanism that keeps other user-generated economies, from AirBnB to Uber, honest. But a quick survey of the kinds of requests made on Hacker’s List recently looks a lot less like someone trying to buy a used cell phone and a lot more like someone trying to hire a hit-man:
“Change my final grade”
“Change degree in english university”
“I want emails sent and received by addresses with the url [redacted] to be automatically forwarded to my proxy email address for an indefinite period of time. The addresses are not likely to be heavily protected but I require that no address can be missed from the forwarding hack.”
“I am trying to find someone skilled in Hacking social media accounts to hack two facebook profiles.”
“I believe my husband is cheating on me and I have no access to his phone and would someone to hack into his whatsapp to confirm this.”
“My brother in law has been avoiding my sister lately a lot and she is worried…I would like to have a full access on his email.”
From the start, Tendell hoped to filter most of the unwanted, legally questionable project requests with automatic software. “Initially, we had filters turned on, and that’s what made the website collapse,” he said. “We were still testing keywords, still testing the balance there.” Things only became more complicated when these early filtering service woes ran up against Hacking List’s initial moment in the media spotlight. In fact, that time was supposed to be a soft launch—the site was still running on a development server in Tendell’s office.
“When The New York Times article first came out and it went viral, we had people come on the website posting whatever they wanted,” Tendell said. “The site was doing as we coded it, and it shut the posts down and caused basically an internal denial of service attack. We went from almost no traffic whatsoever—me, the developers, and a few ‘beta test’ clients you could say—to about 5,000 visitors. In that first week, we were averaging 3,000 visitors a day.”
There are 8.239 active projects up for bid on Hacker’s List as of Tuesday, July 21. None have active bids.
To quickly fix and scale up the site’s filtering, Tendell ultimately decided to rely on a hybrid human vetting process. Today, the founder says Hacker’s List has some in-place mechanisms to discourage illegal and unethical hacking requests, including its escrow system for transactions and documentation requirements from both the customer and hacker up front. However, moderation request buttons were also added so that users can flag bad projects. This allows Tendell’s small team to be more efficient, getting a little guidance from the community about where it should spend time and energy reviewing. Tendell noted that despite a stream of questionable postings, a large number of possible blackhat projects have been caught this way.
“The reason that it was done that way was that we tried using automated filters, then we tried manual review processes on our own, and it became unduly burdensome for my team to keep up with that,” he said. “When we were using the automated filtering, a portion of it basically closed the website, and that’s counterproductive. Now we have a flagging system much like that of Craigslist—once [a project] gets flagged, it gets manually reviewed by my team, and the process [of contacting the poster] begins. Based on that conversation, the project gets deleted or it gets revised.”
Finding a way, anonymous or not
In addition to the vetting outlined above, Hacker’s List strives to eliminate anonymity. The site needs “some sort of documentation that you are who you say you are,” Tendell said. Both customer and hacker need to upload things like a selfie and a government issued ID card. “At that point we have a legally binding document from the two of you, and that says you are this person and you accept all legal responsibility if you’re lying about your intentions.”
Once signing on with your identity, those bidding for work on Hacker’s List can begin wading through a sea of project requests that range from highly questionable to outright illegal. Some security experts who signed up with Hacker’s List showed Ars redacted requests they received through the site’s private message system. To no one’s surprise, often these were people trying to drum up interest in questionable causes.
Ryan Satterfield, of the security research firm Planet Zuda, signed up as a provider on Hacker’s List, but he told Ars that most of the requests he receives through direct messages focused on getting access to e-mail and social media accounts. Often when Satterfield asks for some documentation that the requesters owned those accounts, “they never reply after that,” he said. “I suspect these people more than likely don’t actually own the account they ask to get into, they just phrase it in such a way so it sounds legal.”
Tendell acknowledges that a significant number of the requests posted continue to be marginal at best. Users have found ways to abuse the site in order to find help with projects that would otherwise break the site’s terms of service. These methods have proven hard to catch without a dedicated community of moderators (or improved, computerized filters) checking for them constantly. For instance, project posters like Stanford University researcher Jonathan Mayer discovered you could leave personal contact information in project descriptions, allowing would-be customers and hackers to usurp the site and contact each other directly. To its credit, Hacker’s List caught wind of this particular practice. It has since implemented a feature that automatically ‘protects” e-mail addresses left in project descriptions, which has helped prevent some back-channeling.
But filtering out e-mail addresses is merely one stop-gap. Where there’s a will, there’s a way, and such incremental tweaks won’t stop people who want to abuse the system. “There’s no way I can stop you from doing that,” Tendell acknowledged. “It’s just like someone can go on Facebook to try to hire a hitman. Facebook doesn’t have the capability to stop that, and I don’t have that ability… It’s the same problem they have on Craigslist. You can only do so much to prevent people from abusing the system. How am I going to stop people from using a website to connect to people?”
Paved with good intentions
While it’s hard to put a figure on it, Tendell claims there have been legitimate projects that made it to the point where hackers get paid for their work. The success stories he cites so far, however, are not exactly earth-shattering technical feats. Aside from Hacker’s List acting as its own customer—Tendell and his team request hackers to perform security checks on the site—most of the projects Tendell could mention fall more into the realm of cyber-concierge work:
A woman had “some compromising photos of her taken and posted on the Internet,” Tendell said. The “hacker” she hired helped remove them by walking her through claiming copyright over the images and filing DMCA letters with the companies hosting the unwanted images.
A business owner who had been targeted by a competitor with negative reviews on various websites found someone to help do some reputation management and search engine optimization work, getting the negative reviews moved off the first page of Google results for his company.
A woman entering an online relationship was unsure if her suitor was who he claimed he was; she hired a “hacker” to essentially “dox” the man and show he wasn’t who he claimed to be—”electronically tracking him down, cross referencing name, looking at other personal and social media, checking blogs, e-mail addresses, things of that nature,” Tendell said. “I’m pretty sure there was a public records search at some point.”
A hired hacker even walked one customer through the process of regaining control of a business Facebook page that was stolen from him.
Tendell added that even some of the requests that appear marginal have proven to be legitimate because the right documentation is provided. “There have been—and we’ve seen tons of this—people who say, ‘Hey, I’ve lost access to my computer or my phone,’ or ‘I have a loved one’s phone or computer and I need the password cracked.’ Given the right paperwork and verification, that’s completely legal.”
But at this point, few will argue that everyday individuals are regularly benefiting from what Hacker’s List delivers. “Hacker’s List seems like a good idea on paper,” said Satterfield. “The execution of the idea looks like it didn’t turn out well.” Tendell acknowledges that the site is a work in progress, but he says that even the site’s most passionate critics have acknowledged the intent and idea are worth continuing to work toward. “They encourage me to continue to explore how I can refine it better, but they support it,” he said. “I haven’t had anyone too terribly opposed to what Hacker’s List is supposed to be.”
Nevertheless, the mission of Hacker’s List and users’ perception of it are not quite in alignment as the site nears its first birthday. Early glitches may be long gone, but a lot of the issues remain technical—there is no effective way right now for the site to be moderated even with the crowdsourcing approach Tendell implemented. The site itself has a small staff, and the number of questionable projects being posted is vast (to the point where the majority of the posts surveyed by Ars and others have been problematic at best).
Even on its most basic level, Hacker’s List is struggling. The site aims to be user-friendly for the average computer user, but its legion of dedicated hackers has even been asked to enlighten customers on the basics of using the site itself. If there’s one thing we can say about the project entitled, “I would like to delete this project but I have no damn idea how,” it’s that there appear to be no ethical red flags.
T-Mobile is at it again with another announcement this summer. T-Mobile
T-Mobile won’t — or maybe can’t — stop.
The nation’s fourth-largest wireless carrier said that it would lock in the monthly price of $15 for anyone buying an iPhone today with an intent to upgrade to the next iPhone later this year.
It’s the latest — and last — in a series of incentives laid out over the last several weeks to entice customers to switch to the “Uncarrier.” It’s part of a campaign called “Uncarrier Amped,” which adds tweaks to prior programs and features. The new feature comes amid intensifying competition as carriers look hang on to their base of subscribers.
T-Mobile has been unusually aggressive over the last few weeks. It kicked things off with a tweak to its upgrade policy, allowing you to upgrade your smartphone up to three times a year, then opened up its borders to allow its customers to use their smartphones in Canada or Mexico without roaming charges and finally bulked up its family plan with more data (while eliminating one of its unlimited data options).
The first feature, called Jump on Demand, gives customers the ability to lease a phone for a monthly price. T-Mobile offered a promotional monthly fee of $15 a month for anyone buying an iPhone, undercutting the $20 leasing fee Sprint charges. Sprint CEO Marcelo Claure has knocked T-Mobile for misleading consumers about the price increase that occurs after customers upgrade to a new phone.
T-Mobile addressed that on Tuesday by offering a price lock of $15 for anyone buying an iPhone before Labor Day so that the monthly fee remains at the same price even after the customer upgrades to a new iPhone later this year.
“We’re in the time of year when customers are on the fence about buying a new phone – for fear that it’ll be a generation old in just a few months,” T-Mobile CEO John Legere said in a blog. “We’re eliminating that worry completely for iPhone lovers.”
The company also added Apple Music to its Music Freedom program, which lets customers stream music without it going against their data limits.
AT&T is now the largest paid-television provider in the country.
The Dallas telecommunications giant confirmed Friday that it has closed its acquisition of satellite television provider DirecTV for $49 billion.
Combining AT&T’s broadband and wireless services with DirecTV’s nationwide satellite TV service will create a powerhouse of broadband, entertainment and communications services. AT&T gets access to DirecTV’s content deals, such as its package of National Football League games, as well as the ability to deliver those services to everyone across the country. (AT&T only offers its video service to a few states.) DirecTV’s video relationships could become key as more content is delivered on mobile devices.
“We’re now a fundamentally different company with a diversified set of capabilities and businesses that set us apart from the competition,” AT&T CEO Randall Stephenson said in a statement.
The closing of the deal came shortly after the Federal Communications Commission announced Friday that the five-member commission had voted to approve the merger. The Department of Justice also said this week that it would not stop the merger. While both federal agencies had some concerns about the second-largest wireless company buying DirecTV, the concerns were not strong enough to oppose the deal. To mitigate concerns, the FCC imposed several conditions on the merger.
Specifically, AT&T agreed to abide by stricter Net neutrality restrictions than is spelled out in rules the agency passed in February, which are meant to ensure all traffic on the Internet is treated equally. AT&T also agreed to increase the number of customers it plans to serve with its high-speed gigabit broadband service. And it made promises to better serve low-income families and schools and libraries with better broadband access.
The acquisition comes as AT&T looks for ways to diversify its business amid tough competition from wireless competitors in the US as well as cable operators in the broadband and paid-TV markets. The company has gone on a buying spree over the past year as it tries to expand its business into new markets and across borders. Earlier this year it completed the $2.5 billion acquisition of Mexican wireless provider Iusacell and the $1.88 billion acquisition of mobile operator Nextel Mexico.
The Department of Justice, which examines potential antitrust concerns, said earlier this week it approved of the deal. FCC Chairman Tom Wheeler also confirmed in a blog post earlier this week that he was recommending the deal be approved. The vote by the whole commission announced Friday makes the FCC’s approval official.
Though the FCC has scrutinized other deals in the communications and media sector, experts had expected regulators to approve the merger. Earlier this year, the FCC and Department of Justice rejected Comcast’s $45 billion bid to buy fellow cable operator Time Warner Cable. In 2011, the FCC and Justice Department opposed AT&T buying wireless rival T-Mobile.