Streaming-only Xbox console rumors squashed by Microsoft

Contrary to rumors, Microsoft is not working on a streaming-only Xbox console. In an interview with Gamespot, Microsoft’s executive VP of Gaming Phil Spencer set the record straight: the company isn’t working on a streaming-only Xbox console at the moment.

After the Redmond company announced last year that it is working on a game streaming technology (known as xCloud), as well as new game consoles, Spencer said that Xbox fans may have taken that to mean that a streaming console is in the works. 

The May 2019 release of the disc-less Xbox One S All-Digital Edition only fueled those rumors further. However, while this new console doesn’t play physical disc, it does require for games to be downloaded before you can play them.

We’re not that close to full-time game streaming yet

The good news is that Microsoft’s gaming division is still hard at work in making that console-quality game streaming service a reality. It’s indeed full steam ahead for this game-streaming technology.

According to Spencer, “We are not working on a streaming-only console right now. We are looking at the phone in your pocket as the destination for you to stream, and the console that we have allows you to play the games locally.”

Dubbed Project xCloud, this technology is intended to complement Microsoft’s console hardware and give gamers the ability to utilize Xbox functionality through their other devices, perhaps with as little lag as possible. Currently in beta testing at the company, Project xCloud will be in public beta for select markets as early as September and to the rest of the gaming world by 2020.

As for whether or not a streaming-only Xbox console might still be in the stars, who knows? With the direction Microsoft is taking, a streaming-only console could still happen someday. Although, if this game streaming service proves to be a success, we probably won’t need one.

Go to Source

Firmware security has barely improved over last decade

A new survey of over 6,000 firmware images has found no improvement in firmware security over the last 15 years as well as lax security standards for the software running connected devices from Linksys, NETGEAR and other major hardware vendors.

The survey was carried out by chief scientist at the Cyber Independent Testing Lab (CITL), Sarah Zatcko who explained that firmware security is worse off than many thought, saying:

“We found no consistency in a vendor or product line doing better or showing improvement. There was no evidence that anybody is making a concerted effort to address the safety hygiene of their products.”

The CITL study surveyed firmware from 18 different vendors including ASUS, D-link, Linksys, NETGEAR, Ubiquiti and others. The team analyzed over 6,000 firmware versions created from 2003 to 2018 as part of the first logitudinal study of Internet of Things (IoT) safety.

Firmware security

Researchers at CITL studied publicly available firmware images to compile their study and evaluated them based on the inclusion of standard security features such as the use of non-executable stacks, Address Space Layout Randomization (ASLR) and stack guards which are used to prevent buffer overflow attacks.

CITL found that firmware from commonly used manufacturers failed to implement basic security features and this was also true when the researchers tested the most recent versions of the firmware.

There was some good news including the fact that almost all of Linksys and NETGEAR’s recent router firmware included non-executable stacks. However, other common security features like ASLR or stack guards were not implemented according to CITL’s data.

The researchers documented 299 positive changes in firmware security scores over the 15 years covered by the study but they also found 360 negative changes during the same period. Analyzing the entire data set actually showed that firmware security appeared to get worse over time. The poor scores these devices earned suggest that many companies making IoT devices have not adapted their practices to account for the increased risks that come with connected devices.

Cybercriminals are increasingly targeting connected devices because when compared to Microsoft’s Windows, Apple’s macOS and Google Chrome, they are easy prey.

Via The Security Ledger

Go to Source

Watch Dogs Legion: release date, news and trailers

Ubisoft has officially announced Watch Dogs: Legion during its E3 2019 conference. Rumors suggested the latest installation to the Watch Dog series would take place in post-Brexit London and it turns out they were spot on. 

Ubisoft officially announced the game alongside lengthy gameplay footage that sees you playing as Ian (a character straight out of a Guy Ritchie film) navigating the streets of futuristic London including Camden Market and Piccadilly Circus.

Here’s all we know about the third Watch Dogs game, coming in 2020.

[Update: Watch Dogs Legion is one of the games heading to Gamescom 2019 with Ubisoft. Find out in what capacity it’ll be there below.]

Cut to the chase

  • What is it? The next game in the Watch Dogs series set in post-Brexit London
  • What can I play it on? PS4, Xbox One and PC. Still waiting on Xbox Project Scarlett release information
  • When can I play it? March 6, 2020

Watch Dogs Legion trailers

Ubisoft revealed the first trailer for Watch Dogs 3 – officially titled Watch Dogs Legion – at E3 2019. 

Watch Dogs: Legion seems to see you taking on an organization called Albion who have distributed riot drones all over London to keep people in line. You’re a member of the resistance: DeadSec.

What’s interesting about Legion is that you play as more than one character (a whole host actually), with permadeath wiping out the one you’re playing if you happen to end up on the wrong end of an electric bullet. You can apparently play as anyone – with every Londoner being recruitable and fully simulated.

Check out the trailer below:

Watch Dogs Legion news and rumors

Gamescom 2019

Ubisoft has confirmed that it will be one of the many publishers attending Gamescom 2019 and its plans for the show have been finalised. Do they involve Watch Dogs Legion? Unsurprisingly, yes they do. 

Ubisoft will be part of the Gamescom: Opening Night livestream so it’s quite possible (but not certain) that we’ll see some new Watch Dogs announcements. What is certain, though, is that there’ll be a live theatre gameplay demo of Watch Dogs Legion shown at the Ubisoft booth stage. 

E3 2019

From what we saw during E3, Legion seems to be much more combat-heavy than the previous entries we’ve seen in the Watchdogs series and offer a much more developed open-world. But what’s really caught our eye is the realistic interpretation of London – even if it’s a Bladerunner, neon feverdream.

Watch Dogs: Legion is due for release on March 6, 2020.

  • TechRadar will be attending Gamescom 2019. Keep checking back for the latest news and announcements. 

Go to Source

Formjacking attacks target customers at checkout

Cybercriminals are increasingly hijacking online forms such as login pages and shopping carts as they hunt for personal financial information (PFI) according to new research from F5 Labs.

The firm’s Application Report 2019 examined 760 breach reports to discover that formjacking, which collects data from a user’s web browser and then moves it to an attacker-controlled location, remains one of the most common attack tactics on the web.

According to F5 Labs data, this attack method was responsible for 71 percent of all analyzed web-related data breaches throughout 2018.

Senior Threat Eveangelist at F5 Networks, David Warburton explained how outsourcing parts of web application code led to formjacking’s rise in popularity among cybercriminals, saying:

“Formjacking has exploded in popularity over the last two years. Web applications are increasingly outsourcing critical components of their code, such as shopping carts and card payment systems, to third parties. Web developers are making use of imported code libraries or, in some cases, linking their app directly to third party scripts hosted on the web.  As a result, businesses find themselves in a vulnerable position as their code is compiled from dozens of different sources – almost all of which are beyond the boundary of normal enterprise security controls. Since many web sites make use of the same third-party resources, attackers know that they just need to compromise a single component to skim data from a huge pool of potential victims.”

Formjacking

By examining breach data, F5 Labs found that 83 incidents in 2019 were attributed to formjacking attacks on web payment forms which impacted close to 1.4m payment cards.

The firm also found that 49 percent of successful attacks occurred in the retail industry, 14 percent were related to business services and 11 percent were focused on manufacturing. 

However, the transport industry was the biggest victim of formjacking attacks that targeted personal financial information and during F5’s window of analysis, 60 percent of all credit card related thefts happened in this sector.

Injection vulnerabilities have been around for some time but F5 Labs believes that they remain a growing and evolving problem as shifting industry trends have led to new risks and the widening of attack surfaces.

To prevent falling victim to formjacking, F5 Labs recommends that businesses create an inventory of web applications, patch their environment, scan for vulnerabilities, monitor for code changes, enable multifactor authentication and monitor for newly registered domains and certificates.

Go to Source

Broadband deal of the week: free Amazon Echo Plus with Vodafone’s fastest fibre

We have to say, this broadband deal has us somewhat stumped. Vodafone has taken both of its fibre broadband deals and priced them at the same monthly cost. Confusing? Yes. A great time to seize a bargain on some superfast fibre internet? An even bigger yes.

It means for just £23 a month (or only £20 for existing Vodafone phone customers) you can get Vodafone’s Superfast fibre 2 package – the exact same price as its Superfast 1 package, can you imagine which one we would recommend? 

The Superfast fibre 2 package boasts speeds of 63Mb, which makes the £23 a month you’re paying for it astounding and the £20 existing Vodafone customers pay almost unbelievable.

As if that affordable pricing wasn’t enough, Vodafone doesn’t even charge any upfront fees and even more importantly (sorry, we’re really excited about this one) it’s also throwing in a FREE Amazon Echo Plus with all of its broadband deals. It really is an astonishing offer.

It feels like nobody told Vodafone they only had to pip the competition by a little bit because no other broadband deals come close to this. Vodafone’s sale will be coming to an end on 10 September so you still have plenty of time to grab it. 

Vodafone’s cheap fibre broadband deal in full: 

Vodafone Superfast 2 Broadband | 18 months | Avg speeds 63Mb | Line rental incl. | FREE activation | £23pm (or £20 for existing Vodafone customers + FREE Amazon Echo Plus
It’s a simple offer – get Vodafone’s fastest fibre package for the same price as its regular Superfast 1 option. And, when you purchase either package Vodafone will throw in a free Amazon Echo Plus. The lack of upfront costs and savings for existing customers is a brilliant way to finish this offer. 
View Deal

Want more with your broadband deal?

While this is one of the best, affordable fibre broadband deals around, you can get even cheaper bills. You may not have heard of the ISP, but Onestream’s Jetstream Lite Fibre costs a mere £18.99 per month. You do have to pay a tenner upfront though, so it works out as roughly the same as Vodafone in the long run. Plus, this deal does also offer the lowest average fibre speeds on the market at 17Mb.

While for those who want an added extra with their internet, BT could be the way to go. It costs £31.99 a month but comes with a £100 BT Reward Card on top of its faster 50Mb fibre speeds.

Read more:

How to watch the Gamescom: Opening Night Live stream

Gamescom: Opening Night Live is the latest new addition to Europe’s most popular annual game event, and while exact details haven’t been confirmed, big announcements have been teased. But what are you to do if you’re not in Cologne? Thankfully, there’s a way to watch Gamescom: Opening Night Live from the comfort of your own home.

Here, we explain when and how to tune in, and also what to expect from Opening Night Live.

When does Gamescom: Opening Night Live start?

Gamescom’s Opening Night Live event is due to take place in the evening of August 19 2019, the day before the hugely popular game show is set to kick off. The action will begin at 20:00 CEST, which translates to:

  • 19:00 BST
  • 11:00 PST
  • 13:00 DST
  • 14:00 EST

How can I watch Opening Night Live from home?

The good news is that you can tune in to the Gamescom 2019 opening night action live via , alongside the likes of and , along with the itself.

We’ve also embedded the livestream at the top of our page to make things easier, so simply bookmark this page and head back on Monday evening to get your Gamescom fill.  

What will be announced during Opening Night Live?

While specific details are yet to be confirmed, Gamescom’s Geoff Keighley has teased that more than 15 publishers are due to appear during the show with new content and announcements. The announcements come from high-profile companies including:

  • 2K Games
  • Activision
  • Bandai Namco
  • Bungie
  • Capcom
  • EA
  • Epic Games
  • Google (Stadia)
  • Deep Silver
  • Private Division
  • Sega
  • Square Enix
  • Sony Interactive Entertainment
  • THQ Nordic
  • Ubisoft
  • Xbox Game Studios

Alongside the headline companies, Keighley has also teased a number of announcements from smaller, indie game studios. Whatever’s planned, it’s set to be an exciting evening that’ll get Gamescom 2019 off to a great start.


Go to Source

Bluetooth security flaw leaves millions of devices open to attack

A new Bluetooth vulnerability has been disclosed that would allow an attacker to more easily brute force the encryption key used by devices during pairing to monitor or even manipulate the data transferred between two paired devices.

The vulnerability has been given the name “Key Negotiation of Bluetooth attack” or “KNOB” for short and it affects Bluetooth BR/EDR devices using specification versions 1.0 to 5.1.

News of the KNOB vulnerability was revealed in a coordinated disclosure between the Center for IT-Security, Privacy and Accountability (CISPA), ICASI and ICASI members including Microsoft, Apple, Intel, Cisco and Amazon.

The flaw itself allows an attacker to reduce the length of the encryption key used for establishing a connection and in some cases, the length of the encryption key could be reduced to just a single octet making Bluetooth devices much easier to access.

KNOB vulnerability

A security advisory on Bluetooth.com, provided further insight on how the KNOB vulnerability functions, saying:

“The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used. In addition, since not all Bluetooth specifications mandate a minimum encryption key length, it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet.” 

After figuring out the Bluetooth keys of two devices, attackers could then monitor and manipulate the data being sent between them. This would even allow them to inject commands, monitor key strokes and carry out other types of malicious behavior. Fortunately, ICASI has not yet seen this attack method used maliciously nor have any devices been created to initiate this type of attack.

Exploiting the KNOB vulnerability would also be difficult because both devices need to be Bluetooth BR/EDR, the attacker would need to be within range of the devices while they establish a connection and the attack would also need to be repeated every time the devices paired. The Bluetooth specification has also been updated to recommend a minimum encryption key length of seven octets for BR/EDR connections to resolve this vulnerability.

Via Bleeping Computer

Go to Source