Tag: brides-cond

Google drops three OS X 0days on Apple

Don’t look now, but Google’s Project Zero vulnerability research program may have dropped more zero-day vulnerabilities—this time on Apple’s OS X platform. In the past two days, Project Zero has disclosed OS X vulnerabilities here , here , and here . At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. What’s more, the first vulnerability, the one involving the “networkd ‘effective_audit_token’ XPC,” may already have been mitigated in OS X Yosemite, but if so the Google advisory doesn’t make this explicit and Apple doesn’t publicly discuss security matters with reporters. Still, the exploits could be combined with a separate attack to elevate lower-level privileges and gain control over vulnerable Macs. And since the disclosures contain proof-of-concept exploit code, they provide enough technical detail for experienced hackers to write malicious attacks that target the previously unknown vulnerabilities. The security flaws were privately reported to Apple on October 20, October 21, and October 23, 2014. All three advisories appear to have been published after the expiration of the 90-day grace period Project Zero gives developers before making reports public. Read 1 remaining paragraphs | Comments

Visit link:
Google drops three OS X 0days on Apple

Attack for Flash 0day goes live in popular exploit kit

If you’ve been meaning to disable Adobe Flash, now might be a good time. Attacks exploiting a critical vulnerability in the latest version of the animation software have been added to a popular exploitation kit, researchers confirmed. Attackers often buy the kits to spare the hassle of writing their own weaponized exploits. Prolific exploit sleuth Kafeine uncovered the addition to Angler , an exploit kit available in underground forums. The zero-day vulnerability was confirmed by Malwarebytes . Malwarebytes researcher Jérôme Segura said one attack he observed used the new exploit to install a distribution botnet known as Bedep. Adobe officials say only that they’re investigating the reports. Until there’s a patch, it makes sense to minimize use of Flash when possible. AV software from Malwarebytes and others can also block Angler attacks. Read on Ars Technica | Comments

Read this article:
Attack for Flash 0day goes live in popular exploit kit

4chan founder Chris “moot” Poole steps down

On Wednesday, 4chan founder Christopher Poole, better known by the moniker “moot,” announced his retirement from running the site. moot started 4chan 11 and a half years ago when he was 15, and the image-based bulletin board has grown into a staunch supporter of anonymity for its posters since. That notoriety has drawn some of the best and also a lot of the very, very worst to its 63 boards. In his post today, moot explained the decision: 4chan has faced numerous challenges over the years, including how to continuously satisfy a community of millions, and ensure the site has the human, technical, and financial resources to continue operating. But the biggest hurdle it’s had to overcome is myself. As 4chan’s sole administrator, decision maker, and keeper of most of its institutional knowledge, I’ve come to represent an uncomfortably large single point of failure. moot continued to say that he has made sure the site will be financially secure in the foreseeable future and has delegated the tasks of running the site to “a few senior volunteers.” Read 3 remaining paragraphs | Comments

More:
4chan founder Chris “moot” Poole steps down

Hard disk reliability examined once more: HGST rules, Seagate is alarming

A year ago we got some insight into hard disk reliability when cloud backup provider Backblaze published its findings for the tens of thousands of disks that it operated. Backblaze uses regular consumer-grade disks in its storage because of the cheaper cost and good-enough reliability, but it also discovered that some kinds of disks fared extremely poorly when used 24/7. A year later on and the company has collected even more data , and drawn out even more differences between the different disks it uses. For a second year, the standout reliability leader was HGST. Now a wholly-owned subsidiary of Western Digital, HGST inherited the technology and designs from Hitachi (which itself bought IBM’s hard disk division). Across a range of models from 2 to 4 terabytes, the HGST models showed low failure rates; at worse, 2.3 percent failing a year. This includes some of the oldest disks among Backblaze’s collection; 2TB Desktop 7K2000 models are on average 3.9 years old, but still have a failure rate of just 1.1 percent. Read 4 remaining paragraphs | Comments

Read this article:
Hard disk reliability examined once more: HGST rules, Seagate is alarming

Liveblog: Windows 10 “The Next Chapter” event on January 21st

REDMOND—Microsoft is unveiling the next major beta of Windows 10, the Consumer Preview, with an event at the company’s home in Redmond, Washington. We’ll be on the scene to report on the news and get a first look at the new release. We’re expecting to see the new Continuum feature that adapts the Windows interface on 2-in-1 devices and a new browser that sheds the legacy (and name) of Internet Explorer. Representatives of the Xbox team will also be at the event, with Microsoft having news about Windows gaming—though precisely what that will be is currently a mystery. Read on Ars Technica | Comments

Taken from:
Liveblog: Windows 10 “The Next Chapter” event on January 21st

How installing League of Legends and Path of Exile left some with a RAT

Official releases for the League of Legends and Path of Exile online games were found laced with a nasty trojan after attackers compromised an Internet platform provider that distributed them to users in Asia. The compromise of consumer Internet platform Garena allowed the attackers to attach malicious software components to the official installation files for the two games, according to a blog post published Monday by antivirus provider Trend Micro. In addition to the legitimate game launcher, the compromised executable file also included a dropper that installed a remote access tool known as PlugX and a cleaner file that overwrote the infected file after it ran. According to Trend Micro, the attackers took care to conceal their malware campaign, an effort that may have made it hard for victims to know they were infected. The cleaner file most likely was included to remove evidence that would tip users off to a compromise or the origin of the attack. The cryptographic hash that was included with the tampered game files was valid, so even people who took care to verify the authenticity of the game installer would have no reason to think it was malicious, Trend Micro researchers said. The researchers linked to this December 31 post from Garena . Translated into English, one passage stated: “computers and patch servers were infected with trojans. As a result, all the installation files distributed for the games League of Legends and Path of Exile are infected.” Read 2 remaining paragraphs | Comments

See the article here:
How installing League of Legends and Path of Exile left some with a RAT

Pirates defeating watermarks, releasing torrents of Oscar movie screeners

When an incomplete and early version of the X-Men Origins: Wolverine leaked to torrent sites in 2009, Twentieth Century Fox announced that the uploader “will be prosecuted to the fullest extent of the law.” “We forensically mark our content so we can identify sources that make it available or download it,” the studio said in a statement. Nabbed by a watermark, a New York man subsequently pleaded guilty to making the movie available on Megaupload. Gilberto Sanchez was sentenced to a year in prison in 2011. A triumphant US Attorney Andre Birotte Jr . said  that  “sentence handed down in this case sends a strong message of deterrence to would-be Internet pirates.” Read 6 remaining paragraphs | Comments

View article:
Pirates defeating watermarks, releasing torrents of Oscar movie screeners

Marriott tentatively backs off Wi-Fi blocking plans

In a brief statement on Wednesday evening , hotel chain Marriott International said that it would not block any personal Wi-Fi devices belonging to its customers. Marriott International listens to its customers, and we will not block guests from using their personal Wi-Fi devices at any of our managed hotels. Marriott remains committed to protecting the security of Wi-Fi access in meeting and conference areas at our hotels. We will continue to look to the FCC to clarify appropriate security measures network operators can take to protect customer data, and will continue to work with the industry and others to find appropriate market solutions that do not involve the blocking of Wi-Fi devices. Despite that pledge, Re/Code reports that the company is not rescinding a request for rulemaking that it submitted to the Federal Communications Commission late last year, in which it asked for the Commission’s blessing to block personal hotspots. In October, Marriott was fined $600,000 by the FCC following a complaint that one of its Nashville, Tennessee branches was interfering with and disabling personal Wi-Fi hotspots set up by its customers. Marriott agreed to pay the fine but remained defiant, asking the FCC to allow it to resume its practice. Read 1 remaining paragraphs | Comments

Read More:
Marriott tentatively backs off Wi-Fi blocking plans

Why DNS in OS X 10.10 is broken, and what you can do to fix it

Recently, there has been a lot of  discussion about the current state of Apple’s software quality. Anyone with even a passing familiarity with development knows that bugs are par for the course, and most people aren’t bothered by small, day-to-day bugs that are fixed within a reasonable timeframe. Obviously, like everyone else, Apple’s software has its share of those. But there’s another category of bug—glaring, perplexing bugs that couldn’t possibly have escaped the attention of the software engineers in question, let alone the quality assurance department. Such issues exist, and sometimes they go unfixed for months. Or years. Or ever. Hopefully, the set of network issues with OS X 10.10 described below won’t fall into this column, but they do raise an obvious question: why? For 12 years, the mDNSResponder service managed a surprisingly large part of our Mac’s networking, and it managed this task well. But as of OS X 10.10, the mDNSResponder has been replaced with discoveryd, which does the same thing. Mostly. Here are some strange networking problems we’ve observed since installing 10.10: Read 18 remaining paragraphs | Comments

View article:
Why DNS in OS X 10.10 is broken, and what you can do to fix it

Red light camera vendor Redflex freaked out it may lose contracts

In a new Friday filing with the Australian Securities Exchange, Redflex, a prominent red light camera vendor, said that it could be facing an immediate net book value loss of $3.2 million if it permanently loses contracts in New Jersey and Ohio. In November 2014, the company told investors that the North American market is a “low/no-growth market.” Since 2009, the Garden State has operated a pilot program with Redflex cameras, but that program expired on December 16, 2014. The New Jersey Department of Transportation is now set to analyze its five years’ worth of data, write a report, and recommend whether to permanently halt the program or resurrect it. Meanwhile, in Ohio, even after the state’s Supreme Court upheld their use, Governor John Kasich signed into law in December 2014 a new bill that requires a police officer’s physical presence for tickets that are issued from traffic cameras. The law takes effect 90 days after the governor’s signature, and it could mean that cities will have less of a reason to maintain their camera systems. Read 3 remaining paragraphs | Comments

See the original article here:
Red light camera vendor Redflex freaked out it may lose contracts