(credit: Patrick Wardle ) Hackers compromised a download server for a popular DVD-ripping software named HandBrake and used it to push stealthy malware that stole victims’ password keychains, password vaults, and possibly the master credentials that decrypted them, security researchers said Monday. Over a four-day period ending Saturday, a download mirror located at download.handbrake.fr delivered a version of the video conversion software that contained a backdoor known as Proton, HandBrake developers warned over the weekend . At the time that the malware was being distributed to unsuspecting Mac users, none of the 55 most widely used antivirus services detected it. That’s according to researcher Patrick Wardle , who reported results here and here from the VirusTotal file-scanning service. When the malicious download was opened, it directed users to enter their Mac administer password, which was then uploaded in plain text to a server controlled by the attackers. Once installed, the malware sent a variety of sensitive user files to the same server. In a blog post published Monday morning , Thomas Reed, director of Mac offerings at antivirus provider Malwarebytes, wrote: Read 5 remaining paragraphs | Comments
Visit link:
Mac users installing popular DVD ripper get nasty backdoor instead
An anonymous reader writes: A recently released draft of the National Institute of Standards and Technology’s digital identity guidelines has met with approval by vendors. The draft guidelines revise password security recommendations and altering many of the standards and best practices security professionals use when forming policies for their companies. The new framework recommends, among other things: “Remove periodic password change requirements.” There have been multiple studies that have shown requiring frequent password changes to actually be counterproductive to good password security, said Mike Wilson, founder of PasswordPing. NIST said this guideline was suggested because passwords should be changed when a user wants to change it or if there is indication of breach. Read more of this story at Slashdot. 
Conventional wisdom: If you eat a lot of salt, you will get thirsty to dilute the sodium level in your blood. The excess salt will be excreted in your urine. But a new study of Russian cosmonauts is challenging this long-held belief. When the cosmonauts ate more salt, the became less thirsty. And their appetite increased – they had to eat 25 percent more to maintain their weight. From the New York Times : The crew members were increasing production of glucocorticoid hormones, which influence both metabolism and immune function. To get further insight, [Dr. Jens Titze, now a kidney specialist at Vanderbilt University Medical Center and the Interdisciplinary Center for Clinical Research in Erlangen, Germany] began a study of mice in the laboratory. Sure enough, the more salt he added to the animals’ diet, the less water they drank. And he saw why. The animals were getting water — but not by drinking it. The increased levels of glucocorticoid hormones broke down fat and muscle in their own bodies. This freed up water for the body to use. But that process requires energy, Dr. Titze also found, which is why the mice ate 25 percent more food on a high-salt diet. The hormones also may be a cause of the strange long-term fluctuations in urine volume. Scientists knew that a starving body will burn its own fat and muscle for sustenance. But the realization that something similar happens on a salty diet has come as a revelation. https://youtu.be/aJEzl31zL-I 