May 10, 2017 – Page 272 – Tech Today w/ Ken May

Microsoft tests a secured Edge browser for business

If the idea of a more secure Windows browser appeals to you — and why wouldn’t it — then you might want to have a peek at the latest Windows 10 Insider Preview Build . That’s because it includes the Windows Defender Application Guard for Microsoft Edge, which was announced last September but is finally available for testing today. This Application Guard essentially encases your browser in a virtual machine, so that if your browser ever gets attacked by malware, it won’t affect the rest of your PC. To enable this, you need to use the “Turn Windows features on or off” dialog, and then mark the checkbox for “Windows Defender Application Guard.” Now when you open Microsoft Edge and click on the menu, you’ll see the option for a “New Application Guard window.” Click it, and a new special isolated browser window will appear. The whole thing is possible due to the Virtualization Based Security (VBS) made possible by Windows 10. The virtual PC created by Application Guard would keep the Edge browser separate from storage, other apps and the Windows 10 kernel. Other browsers offer “sandboxes” too, but Microsoft says that Application Guard is unique because there’s a hardware container that makes it impossible for malware and other exploits to seep through. There are a couple of caveats though. Running Edge in a virtual machine will likely slow it down, and since each browser’s session is siloed, all data and cookies are lost once you close it. It’s also only available for Enterprise users for now, presumably because their security needs are much higher than the average person. Still, perhaps it could be introduced as an optional feature later on for everyday users. Aside from Application Guard, the Windows 10 Insider Preview Build also includes an improved PDF Reader for Microsoft Edge and integrated Cortana settings.

18 months after discovery, the “Nintendo PlayStation” is finally working

In the nearly 18 months since a CD-ROM-based “Nintendo PlayStation” prototype was first found in an estate sale , emulator makers and homebrew programmers have created a facsimile of what CD-based games would look like on an SNES . Efforts by hacker Ben Heck to get that kind of software actually working on the one-of-a-kind hardware, though, had been stymied by problems getting the CD-ROM drive to talk to the system. Those problems are now a thing of the past. In a newly posted video , Heck lays out how the system’s CD-ROM drive suddenly started sending valid data to the system literally overnight. “I was working on this yesterday and the CD-ROM wasn’t even detecting the disc,” Heck says in the video. “I came in this morning and jiggled the cables around and got ready to work on it some more, and all of a sudden it works… did a magic elf come in overnight?” Read 5 remaining paragraphs | Comments

See more here:
18 months after discovery, the “Nintendo PlayStation” is finally working

The hijacking flaw that lurked in Intel chips is worse than anyone thought

Enlarge (credit: Intel ) A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password. This is according to technical analyses published Friday. As Ars reported Monday , the authentication bypass vulnerability resides in a feature known as Active Management Technology. AMT, as it’s usually called, allows system administrators to perform a variety of powerful tasks over a remote connection. Among the capabilities: changing the code that boots up computers, accessing the computer’s mouse, keyboard, and monitor, loading and executing programs, and remotely powering on computers that are turned off. In short, AMT makes it possible to log into a computer and exercise the same control enjoyed by administrators with physical access. AMT, which is available with many vPro processors, was set up to require a password before it could be remotely accessed over a Web browser interface. But, remarkably, that authentication mechanism can be bypassed by entering any text string—or no text at all. According to a blog post published Friday by Tenable Network Security, the cryptographic hash that the interface’s digest access authentication requires to verify someone is authorized to log in can be anything at all, including no string at all. Read 5 remaining paragraphs | Comments

Read this article:
The hijacking flaw that lurked in Intel chips is worse than anyone thought

‘Guardians of the Galaxy’ team says why it used Red’s 8K camera

When director James Gunn revealed that Guardians of the Galaxy Vol. 2 would be the first movie shot with Red’s 8K Weapon camera , he triggered a bit of speculation: what prompted the move beyond the incredibly high resolution? You might have a better answer today. Red has posted a behind-the-scenes look at the movie that, to no one’s surprise, talks a lot about why the Vol. 2 team shot with such relatively exotic gear. And no, it’s not just about that picture quality. As director of photography Henry Braham summarizes: the Weapon is a “large format” camera that’s simultaneously “tiny.” That let the crew shoot very detailed imagery regardless of the shot — important for a CG-heavy movie, since it maintains a consistently sharp look. They could use the same cameras for handheld close-ups or unusual rigs, such as a spider rig that flies along a wire. In short, they didn’t have to switch cameras or resort to convoluted setups. The behind-the-scenes video is undoubtedly a puff piece meant to sell you on both the camera and the movie. However, it’s also a hint as to where movie technology is going. You can expect 8K digital cameras to become more commonplace, of course, but they also promise more elaborate cinematography that might have been difficult just a few years ago. Source: Red

Link:
‘Guardians of the Galaxy’ team says why it used Red’s 8K camera

Over 7,000 Bodies May Be Buried Beneath Mississippi University

In what sounds like a clichéd horror movie premise, a recent investigation suggests as many as 7, 000 bodies are buried across 20 acres at the Mississippi Medical Center Campus—the former site of the state’s first mental institution. Officials at the university now face the grim task of pulling 100-year-old bodies… Read more…

See more here:
Over 7,000 Bodies May Be Buried Beneath Mississippi University

Google’s mysterious Fuchsia OS looks like an Android re-do

When we last looked at Google’s Fuchsia operating system , it was very modest. While it was designed for everything from Internet of Things devices to PCs, there wasn’t even a graphical interface to show. Well, things have… evolved. Ars Technica has revisited Fuchsia several months later, and it now touts an interface (nicknamed Armadillo) that makes it clear this isn’t just some after-hours experiment. It’s only a set of placeholders at the moment, but it gives you a good idea as to what to expect. The home screen is a large, vertically scrolling list of cards for “stories, ” or collections of apps and OS components that work together to complete a given task. There’s also a Google Now -style section that has “suggestion” cards for tasks — use them and you’ll either add to an existing story or create a new one. The prototype UI also includes a simple split-screen interface, and scales up to tablet size. Fuchsia isn’t based on Linux, like Android or Chrome OS, but it still uses open source code that would let anyone tinker with the inner workings. Apps, meanwhile, are built using Google’s Flutter kit, which lets developers write both Android and iOS apps. Things are clearly coming along. But there’s one overriding question: just what role will Fuchsia have? Google’s Travis Geiselbrecht stresses that this “isn’t a toy thing, ” but there’s no public strategy. Ars speculates that Google is treating this as a sort of Android re-do: what if the company could design a platform while dumping all the technology it no longer needs or wants, such as Linux or any traces of Java ? The use of Flutter would let you run Android apps until there’s broader software support. It might take years before Fuchsia is ready for public use, assuming that’s the ultimate plan, but there could be a day where Android is no longer the center of Google’s computing universe. Source: Ars Technica

More here:
Google’s mysterious Fuchsia OS looks like an Android re-do

Mac users installing popular DVD ripper get nasty backdoor instead

(credit: Patrick Wardle ) Hackers compromised a download server for a popular DVD-ripping software named HandBrake and used it to push stealthy malware that stole victims’ password keychains, password vaults, and possibly the master credentials that decrypted them, security researchers said Monday. Over a four-day period ending Saturday, a download mirror located at download.handbrake.fr delivered a version of the video conversion software that contained a backdoor known as Proton, HandBrake developers warned over the weekend . At the time that the malware was being distributed to unsuspecting Mac users, none of the 55 most widely used antivirus services detected it. That’s according to researcher Patrick Wardle , who reported results here and here from the VirusTotal file-scanning service. When the malicious download was opened, it directed users to enter their Mac administer password, which was then uploaded in plain text to a server controlled by the attackers. Once installed, the malware sent a variety of sensitive user files to the same server. In a blog post published Monday morning , Thomas Reed, director of Mac offerings at antivirus provider Malwarebytes, wrote: Read 5 remaining paragraphs | Comments

Read this article:
Mac users installing popular DVD ripper get nasty backdoor instead

New ultra-high resolution printer makes colors from nanostructures

Researchers from the Technical University of Denmark demonstrated a new nanotechnology-based printing technique that produces long-lasting color images on plastic at resolutions up to 127,000 dots per inch, many times more detailed than traditional laser printers. The system uses a laser to alter the structure of nanoscale structures on the plastic material. (A nanometer is one-billionth of a meter; a human hair is around 60,000 nanometers in diameter.) The nanoprinting technique could also lead to new kinds of 3D displays or invisible watermarks. From New Scientist : The surface of the plastic is shaped so that it has lots of tiny pillars, one roughly every 200 nanometers. A thin film of the element germanium is then spread over the plastic. Heat from a laser melts the germanium on each pillar, morphing its shape and thickness. As a result, it reflects a specific color. The coating protects the shapes of the newly carved nanostructures. Resonant laser printing of structural colors on high-index dielectric metasurfaces (ScienceAdvances)

More here:
New ultra-high resolution printer makes colors from nanostructures

NIST’s Draft To Remove Periodic Password Change Requirements Gets Vendors’ Approval

An anonymous reader writes: A recently released draft of the National Institute of Standards and Technology’s digital identity guidelines has met with approval by vendors. The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies. The new framework recommends, among other things: “Remove periodic password change requirements.” There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, said Mike Wilson, founder of PasswordPing. NIST said this guideline was suggested because passwords should be changed when a user wants to change it or if there is indication of breach. Read more of this story at Slashdot.

This Synthetic Bone Implant Could Replace Painful Marrow Transplants

Thanks to advances in medicine, bone marrow transplants are no longer the last resorts they one were. Every year, thousands of marrow transplants are performed, a common treatment for ailments from bone marrow disease to leukemia. But because they first require a patient undergo radiation to kill off any existing bone… Read more…

Link:
This Synthetic Bone Implant Could Replace Painful Marrow Transplants