Tech Today w/ Ken May

Archive for May 15th, 2017

Enlarge (credit: Health Service Journal) A day after a ransomware worm infected 75,000 machines in 100 countries, Microsoft is taking the highly unusual step of issuing patches that immunize Windows XP, 8, and Server 2003, operating systems the company stopped supporting as many as three years ago. The company also rolled out a signature that allows its Windows Defender antivirus engine to provide “defese-in-depth” protection. The moves came after attackers on Friday used a recently leaked attack tool developed by the National Security Agency to virally spread ransomware known as WCry . Within hours, computer systems around the world were crippled, prompting hospitals to turn away patients and telecoms, banks and companies such as FedEx to turn off computers for the weekend. The chaos surprised many security watchers because Microsoft issued an update in March that patched the underlying vulnerability in Windows 7 and most other supported versions of Windows. (Windows 10 was never vulnerable.) Friday’s events made it clear that enough unpatched systems exist to cause significant outbreaks that could happen again in the coming days or months. In a blog post published late Friday night , Microsoft officials wrote: Read 9 remaining paragraphs | Comments

Categories: reader

Google Found Over 1,000 Bugs In 47 Open Source Projects

Posted by kenmay on May - 15 - 2017

Orome1 writes: In the last five months, Google’s OSS-Fuzz program has unearthed over 1, 000 bugs in 47 open source software projects… So far, OSS-Fuzz has found a total of 264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg — and the list goes on… Google launched the program in December and wants more open source projects to participate, so they’re offering cash rewards for including “fuzz” targets for testing in their software. “Eligible projects will receive $1, 000 for initial integration, and up to $20, 000 for ideal integration” — or twice that amount, if the proceeds are donated to a charity. Read more of this story at Slashdot.

Categories: reader

French auto giant Renault became the first major French company to report being affected by Friday’s ransomware attack that affected tens of thousands of computers in almost 100 countries across the world, reports Automotive News . An English plant of Renault’s alliance partner Nissan was also hit by the attack. Read more…

Categories: reader

Microsoft Finally Bans SHA-1 Certificates In Its Browsers

Posted by kenmay on May - 15 - 2017

An anonymous reader quotes ZDNet: With this week’s monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft’s browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January’s stable release of Chrome 56, and Firefox’s February cut-off… Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3… Once Tuesday’s updates are installed, Microsoft’s browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site’s certificate. Read more of this story at Slashdot.

Categories: reader

Remember that “kill switch” which shut down the WannCry ransomware? An anonymous reader quotes Motherboard: Over Friday and Saturday, samples of the malware emerged without that debilitating feature, meaning that attackers may be able to resume spreading ransomware even though a security researcher cut off the original wave. “I can confirm we’ve had versions without the kill switch domain connect since yesterday, ” Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday… Another researcher confirmed they have seen samples of the malware without the killswitch. Read more of this story at Slashdot.

Categories: reader

Up To 1.4M More Fake Wells Fargo Accounts Possible

Posted by kenmay on May - 15 - 2017

An anonymous reader quotes the Bay Area Newsgroup: Wells Fargo may have opened as many as 3.5 million bogus bank accounts without its customers’ permission, attorneys for customers suing the bank have alleged in a court filing, suggesting the bank may have created far more fake accounts than previously indicated. The plaintiffs’ new estimate of bogus bank accounts is about 1.4 million, or 67%, higher than the original estimate — disclosed last year as part of a settlement with regulators — that up to 2.1 million accounts were opened without customers’ permission… The attorneys covered a period from 2002 to 2017, rather than the previously scrutinized five-year stretch from 2011 to some time in 2016 in which the bank acknowledged setting up unauthorized accounts. Wells Fargo terminated 5, 300 employees for creating fake accounts, and their CEO now acknowledges that “we had an incentive program and a high-pressure sales culture within our community bank that drove behavior that many times was inappropriate and inconsistent with our values.” In a possibly-related story, Wells Fargo plans to shut 450 branches over the next two years. Read more of this story at Slashdot.

Categories: reader

 Singapore is a country known worldwide for both a very high cost of living and limited real estate space — that combination makes it hard to imagine a better location for a gigantic vending machine that spits out luxury cars. That’s right, folks. Autobahn Motors, a company that started out selling used vehicles in conventional showrooms, recently opened a 15-story building in… Read More

Categories: reader

Not very pleased with your internet speeds? Think about the people Down Under. Australia’s “bungled” National Broadband Network (NBN) has been used as a “cautionary tale” for other countries to take note of. Despite the massive amount of money being pumped into the NBN, the New York Times reports, the internet speeds still lagged behind the US, most of western Europe, Japan and South Korea — even Kenya. The article highlights that Australia was the first country where a national plan to cover every house or business was considered and this ambitious plan was hampered by changes in government and a slow rollout (Editor’s note: the link could be paywalled; alternative source), partly because of negotiations with Telstra about the fibre installation. From the report: Australia, a wealthy nation with a widely envied quality of life, lags in one essential area of modern life: its internet speed. Eight years after the country began an unprecedented broadband modernization effort that will cost at least 49 billion Australian dollars, or $36 billion, its average internet speed lags that of the United States, most of Western Europe, Japan and South Korea. In the most recent ranking of internet speeds by Akamai, a networking company, Australia came in at an embarrassing No. 51, trailing developing economies like Thailand and Kenya. For many here, slow broadband connections are a source of frustration and an inspiration for gallows humor. One parody video ponders what would happen if an American with a passion for Instagram and streaming “Scandal” were to switch places with an Australian resigned to taking bathroom breaks as her shows buffer. The article shares this anecdote: “Hundreds of thousands of people from around the world have downloaded Hand of Fate, an action video game made by a studio in Brisbane, Defiant Development. But when Defiant worked with an audio designer in Melbourne, more than 1, 000 miles away, Mr. Jaffit knew it would be quicker to send a hard drive by road than to upload the files, which could take several days.” Read more of this story at Slashdot.

Categories: reader

iOS 10.3.2 arrives with nearly two dozen security fixes

Posted by kenmay on May - 15 - 2017

Enlarge Apple has just released iOS 10.3.2 to the public, following around a month and a half of beta testing that began shortly after iOS 10.3 came out. It’s available as an over-the-air update or through iTunes for any devices that run iOS 10: the iPhone 5 and newer, the fourth-generation iPad and newer, the iPad Mini 2 and newer, both iPad Pros, and the sixth-generation iPod Touch. Like the intervening iOS 10.3.1 update, the release notes for 10.3.2 only say that it “includes bug fixes and improves the security of your iPhone or iPad,” which suggests that the release is primarily focused on security updates. According to Apple’s security update page , it fixes quite a wide range of bugs that affect everything from the iPhone 5 on up: one in the AVEVideoEncoder, one in CoreAudio, two in iBooks, one in IOSurface, two in the kernel, one Notifications bug, one in Safari, four SQLite bugs, one TextInput problem, a whopping eight WebKit-related fixes that address an even larger number of vulnerabilities, and an update to the certificate trust policy. As with any update that fixes a large number of bugs, you should patch as soon as you can to prevent exploits of the now-public vulnerabilities. Read on Ars Technica | Comments

Categories: reader

Unaired pilot for Beverly Hillbillies (1962)

Posted by kenmay on May - 15 - 2017

https://youtu.be/RW7W-OKZBsw The original name for The Beverly Hillbillies was The Hillbillies of Beverly Hillbillies. The core cast in this unaired pilot from 1962 didn’t change with the new name, and it also features the amazing customized 1921 Oldsmobile Model 43-A touring car built by car customizer George Barris (who created Black Beauty from Green Hornet , the Batmobile from the 1966 Batman TV series, and the Munster’s Koach).

Categories: reader