- 2015 – April
VP9: Faster, better, buffer-free YouTube videos
As more people watch more high-quality videos across more screens, we need video formats that provide better resolution without increasing bandwidth usage. That’s why we started encoding YouTube videos in VP9, the open-source codec that brings HD and even 4K (2160p) quality at half the bandwidth used by other known codecs.
VP9 is the most efficient video compression codec in widespread use today. In the last year alone, YouTube users have already watched more than 25 billion hours of VP9 video, billions of which would not have been played in HD without VP9’s bandwidth benefits. And with more of our device partners adopting VP9, we wanted to give you a primer on the technology.
Aluminum battery from Stanford offers safe alternative to conventional batteries
Stanford University scientists have invented the first high-performance aluminum battery that’s fast-charging, long-lasting and inexpensive. Researchers say the new technology offers a safe alternative to many commercial batteries in wide use today.
Real money trade hits World of Warcraft game
The introduction of a way to use real money to buy virtual cash for World of Warcraft has prompted a big change in the value of the game’s gold.
The exchange rate for dollars fell by almost a third on the first day that Blizzard let people swap real cash for game gold.
At launch, players could spend $20 (£13) to get 30,000 gold coins to spend on gear in the fantasy game world.
But 24 hours later the same amount of cash netted players about 20,000.
Before now the only way that World of Warcraft players could artificially boost the fortunes of their characters was by visiting a grey-market site and surreptitiously buying gold from unlicensed vendors.
Chrome 43 will help batten down HTTPS sites
The next version of Chrome will include a new security policy that may make it easier for developers to ensure “HTTPS” websites aren’t undermined by insecure HTTP resources.
The feature might be helpful for publishers migrating legacy HTTP web content to HTTPS when that old content can’t or is difficult to be modified. The issue crops up when a new HTTPS page includes a resource, like an image, from an HTTP URL. That insecure resource will cause Chrome to flag an “mixed-content warning” in the form of a yellow triangle over the padlock.
If the same site was accessed in Chrome 43 — which is beta now but should be stable in May — the warning should vanish thanks to a browser Content Security Policy directive known as Upgrade Insecure Resources. The directive “causes Chrome to upgrade insecure resource requests to HTTPS before fetching them”, Google explained today.
Bypassing OS X Security Tools is Trivial, Researcher Says
Gatekeeper is one of the key technologies that Apple uses to prevent malware from running on OS X machines. It gives users the ability to restrict which applications can run on their machines by choosiing to only allow apps from the Mac App Store. With that setting in play, only signed, legitimate apps should be able to run on the machine. But Patrick Wardle, director of research at Synack, said that getting around that restriction is trivial.
“Gatekeeper doesn’t verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper,” Wardle said in a talk at the RSA Conference here Thursday. “It only verifies the app bundle.”
Backing up Gatekeeper is XProtect, Apple’s anti-malware system for OS X. Malware isn’t a massive problem for OSX, but there definitely are some well-known families out there, with more being created all the time, Wardle said. Getting past XProtect turns out to be just as simple as bypassing Gatekeeper. Wardle found that by simply recompiling a known piece of OS X malware, which changes the hash, he could get the malware past XProtect and execute it on the machine. Even simpler, he could just change the name of the malware, which also lets it sneak in under the fence.
“It’s trivial to bypass XProtect,” he said.
Evil Wi-Fi kills iPhones, iPods in range – ‘No iOS Zone’ SSL bug revealed
RSA 2015 A vulnerability in iOS 8 can be exploited by malicious wireless hotspots to repeatedly crash and reboot nearby Apple iPhones, iPads and iPods, security researchers claim.
Skycure bods Adi Sharabani and Yair Amit say the attack, dubbed “No iOS Zone”, will render vulnerable iOS things within range unstable – or even entirely unusable by triggering constant reboots.
“Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash,” Sharabani told the RSA security conference in San Francisco today.
“There is nothing you can do about it other than physically running away from the attackers. This is not a denial-of-service where you can’t use your Wi-Fi – this is a denial-of-service so you can’t use your device even in offline mode.”