Tech Today w/ Ken May

WCry is so mean Microsoft issues patch for 3 unsupported Windows versions

Enlarge (credit: Health Service Journal) A day after a ransomware worm infected 75,000 machines in 100 countries, Microsoft is taking the highly unusual step of issuing patches that immunize Windows XP, 8, and Server 2003, operating systems the company stopped supporting as many as three years ago. The company also rolled out a signature that allows its Windows Defender antivirus engine to provide “defese-in-depth” protection. The moves came after attackers on Friday used a recently leaked attack tool developed by the National Security Agency to virally spread ransomware known as WCry . Within hours, computer systems around the world were crippled, prompting hospitals to turn away patients and telecoms, banks and companies such as FedEx to turn off computers for the weekend. The chaos surprised many security watchers because Microsoft issued an update in March that patched the underlying vulnerability in Windows 7 and most other supported versions of Windows. (Windows 10 was never vulnerable.) Friday’s events made it clear that enough unpatched systems exist to cause significant outbreaks that could happen again in the coming days or months. In a blog post published late Friday night , Microsoft officials wrote: Read 9 remaining paragraphs | Comments

Google Found Over 1,000 Bugs In 47 Open Source Projects

Orome1 writes: In the last five months, Google’s OSS-Fuzz program has unearthed over 1, 000 bugs in 47 open source software projects… So far, OSS-Fuzz has found a total of 264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg — and the list goes on… Google launched the program in December and wants more open source projects to participate, so they’re offering cash rewards for including “fuzz” targets for testing in their software. “Eligible projects will receive $1, 000 for initial integration, and up to $20, 000 for ideal integration” — or twice that amount, if the proceeds are donated to a charity. Read more of this story at Slashdot.

Renault And Nissan Plants Hit By Massive Ransomware Attack

French auto giant Renault became the first major French company to report being affected by Friday’s ransomware attack that affected tens of thousands of computers in almost 100 countries across the world, reports Automotive News . An English plant of Renault’s alliance partner Nissan was also hit by the attack. Read more…

See the article here:
Renault And Nissan Plants Hit By Massive Ransomware Attack

Microsoft Finally Bans SHA-1 Certificates In Its Browsers

An anonymous reader quotes ZDNet: With this week’s monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft’s browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January’s stable release of Chrome 56, and Firefox’s February cut-off… Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3… Once Tuesday’s updates are installed, Microsoft’s browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site’s certificate. Read more of this story at Slashdot.

See the article here:
Microsoft Finally Bans SHA-1 Certificates In Its Browsers

Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch

Remember that “kill switch” which shut down the WannCry ransomware? An anonymous reader quotes Motherboard: Over Friday and Saturday, samples of the malware emerged without that debilitating feature, meaning that attackers may be able to resume spreading ransomware even though a security researcher cut off the original wave. “I can confirm we’ve had versions without the kill switch domain connect since yesterday, ” Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday… Another researcher confirmed they have seen samples of the malware without the killswitch. Read more of this story at Slashdot.

Continued here:
Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch

Up To 1.4M More Fake Wells Fargo Accounts Possible

An anonymous reader quotes the Bay Area Newsgroup: Wells Fargo may have opened as many as 3.5 million bogus bank accounts without its customers’ permission, attorneys for customers suing the bank have alleged in a court filing, suggesting the bank may have created far more fake accounts than previously indicated. The plaintiffs’ new estimate of bogus bank accounts is about 1.4 million, or 67%, higher than the original estimate — disclosed last year as part of a settlement with regulators — that up to 2.1 million accounts were opened without customers’ permission… The attorneys covered a period from 2002 to 2017, rather than the previously scrutinized five-year stretch from 2011 to some time in 2016 in which the bank acknowledged setting up unauthorized accounts. Wells Fargo terminated 5, 300 employees for creating fake accounts, and their CEO now acknowledges that “we had an incentive program and a high-pressure sales culture within our community bank that drove behavior that many times was inappropriate and inconsistent with our values.” In a possibly-related story, Wells Fargo plans to shut 450 branches over the next two years. Read more of this story at Slashdot.

Visit site:
Up To 1.4M More Fake Wells Fargo Accounts Possible

Harley-Davidson embraces the potential of electric motorcycles

Bikers interested in going green have reason to rejoice today. Harley-Davidson has already shown off its prototype Livewire electric bike, and it’s promised to offer you a real one in the next five years . Today, the motorcycle manufacturer said it has plans to make 100 new motorcycles over the next 10 years, including an entire range of electric vehicles. Vice president Bill Davidson confirmed that electric bikes are Harley-Davidson’s future to Drive magazine while in Sydney to celebrate the brand’s 100th anniversary in Australia. While an electric Harley won’t have the signature engine boom that its combustion-powered bikes have, Davidson said that the company is working on a sound that he likens to a jet engine. “It is an amazing motorcycle, ” he told Drive . “While it doesn’t have a 45-degree, pushrod twin-cylinder engine it has the performance expected from a Harley Davidson even if it won’t sound the same, ” he said. So far, we’ve only seen the one Livewire concept model with a limited top speed and range, it’s likely thHarleyely-Davidson will create both sport and cruiser-style bikes to appeal to both the speed freaks and the touring bikers. Davidson noted that as automated cars become more ubiquitous, driving enthusiasts may turn to motorcycles to get their manual fix, telling Drive , “I think the more automatic cars [happen], motorcycling will become more appealing. I see it as a huge opportunity.” Via: Autoblog Source: Drive

Continue reading here:
Harley-Davidson embraces the potential of electric motorcycles

Trump Signs Executive Order On Cybersecurity

President Trump on Thursday signed a long-delayed executive order on cybersecurity that “makes clear that agency heads will be held accountable for protecting their networks, and calls on government and industry to reduce the threat from automated attacks on the internet, ” reports The Washington Post. From the report: Picking up on themes advanced by the Obama administration, Trump’s order also requires agency heads to use Commerce Department guidelines to manage risk to their systems. It commissions reports to assess the country’s ability to withstand an attack on the electric grid and to spell out the strategic options for deterring adversaries in cyberspace. [Thomas Bossert, Trump’s homeland security adviser] said the order was not, however, prompted by Russia’s targeting of electoral systems last year. In fact, the order is silent on addressing the security of electoral systems or cyber-enabled operations to influence elections, which became a significant area of concern during last year’s presidential campaign. The Department of Homeland Security in January declared election systems “critical infrastructure.” The executive order also does not address offensive cyber operations, which are generally classified. This is an area in which the Trump administration is expected to be more forward-leaning than its predecessor. Nor does it spell out what type of cyberattack would constitute an “act of war” or what response the attack would invite. “We’re not going to draw a red line, ” Bossert said, adding that the White House does not “want to telegraph our punches.” The order places the defense secretary and the head of the intelligence community in charge of protecting “national security” systems that operate classified and military networks. But the secretary of homeland security will continue to be at the center of the national plan for protecting critical infrastructure, such as the electric grid and financial sector. Read more of this story at Slashdot.

Continued here:
Trump Signs Executive Order On Cybersecurity

Germany Sets New National Record With 85 Percent of Its Electricity Sourced From Renewables

Germany was able to set a new national record for the last weekend of April with 85 percent of all electricity consumed in the country being produced from renewables — wind, solar, biomass, and hydroelectric power. Digital Trends reports: Aided by a seasonal combination of windy but sunny weather, during that weekend the majority of Germany’s coal-fired power stations weren’t even operating, while nuclear power stations (which the country plans to phase out by the year 2022) were massively reduced in output. To be clear, this is impressive even by Germany’s progressive standards. By comparison, in March just over 40 percent of all electricity consumed in the country came from renewable sources. However, while the end-of-April weekend was an aberration, the hope is that it won’t be for too much longer. According to Patrick Graichen of the country’s sustainability-focused Agora Energiewende Initiative, German renewable energy percentages in the mid-80s should be “completely normal” by the year 2030. Read more of this story at Slashdot.

Visit link:
Germany Sets New National Record With 85 Percent of Its Electricity Sourced From Renewables

50 floating screens will clean the Pacific garbage patch next year

The Ocean Cleanup , a Dutch foundation that aims to deal with plastics polluting our seas, says it’s finally ready to put its technology to work. In a statement released today, the organization has revealed that it plans to start cleaning up the Great Pacific Garbage Patch in early 2018 using its newly redesigned cleaning system. That garbage patch is the biggest collection of debris in the ocean, a massive soup of visible and microscopic plastic particles poisoning marine life. The ship captain who discovered it in 2003 said he “never found a clear spot” in the week it took to cross the region. While Boyan Slat (the organization’s founder) originally envisioned trapping plastic trash with one large screen tethered to the ocean floor, the new design is smaller, sturdier and can save the group a ton of money. Instead of deploying a 60-mile stationary screen, they plan on releasing 50 smaller ones that measure 0.6 miles in length. They’ll weigh the floating screens down with anchor, so they can move with the currents like plastics do, albeit a bit slower in order to trap debris. Slat told FastCompany that he expected the original design to clean up half of the massive garbage patch in 10 years for $320 million. Now, he expects the new design to cut that timespan in half and to cost the group significantly less than that amount. Since he and his team still need to fund the project, though, they plan to use the plastic they collect to make items they can sell, such as sunglasses, chairs and car bumpers. Source: The Ocean Cleanup

Read the original:
50 floating screens will clean the Pacific garbage patch next year