deals – Page 138

Intel Security Releases Detection Tool For EFI Rootkits After CIA Leak

After WikiLeaks revealed data exposing information about the CIA’s arsenal of hacking tools, Intel Security has released a tool that allows users to check if their computer’s low-level system firmware has been modified and contains unauthorized code. PCWorld reports: The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple’s Macbooks. The documents from CIA’s Embedded Development Branch (EDB) mention an OS X “implant” called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter. In addition to DarkMatter, there is a second project in the CIA EDB documents called QuarkMatter that is also described as a “Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant.” The Advanced Threat Research team at Intel Security has created a new module for its existing CHIPSEC open-source framework to detect rogue EFI binaries. CHIPSEC consists of a set of command-line tools that use low-level interfaces to analyze a system’s hardware, firmware, and platform components. It can be run from Windows, Linux, macOS, and even from an EFI shell. The new CHIPSEC module allows the user to take a clean EFI image from the computer manufacturer, extract its contents and build a whitelist of the binary files inside. It can then compare that list against the system’s current EFI or against an EFI image previously extracted from a system. Read more of this story at Slashdot.

Chrome 57 Arrives With CSS Grid Layout and API Improvements

Google has launched Chrome 57 for Windows, Mac, and Linux. From a report on VentureBeat: Among the additions is CSS Grid Layout, API improvements, and other new features for developers. You can update to the latest version now using the browser’s built-in silent updater, or download it directly from google.com/chrome. Chrome is arguably more than a browser: With over 1 billion users, it’s a major platform that web developers have to consider. In fact, with Chrome’s regular additions and changes, developers have to keep up to ensure they are taking advantage of everything available. Chrome 57 implements CSS Grid Layout, a two-dimensional grid-based layout system for responsive user interface design. Elements within the grid can be specified to span multiple columns or rows, plus they can also be named so that layout code is easier to understand. The goal is to give developers more granular control, especially as websites are increasingly accessed on various screen sizes, so they can slowly move away from complex code that is difficult to maintain. Read more of this story at Slashdot.

More here:
Chrome 57 Arrives With CSS Grid Layout and API Improvements

Mozilla Firefox 52 Released As ESR Branch, Will Receive Security Updates Until 2018

prisoninmate quotes a report from Softpedia: Back in January, we told you that the development of the Mozilla Firefox 52.0 kicked off with the first Beta release and promised to let users send and open tabs from one device to another, among numerous other improvements and new features. Nine beta builds later, Mozilla has pushed today, March 7, the final binary and source packages of the Mozilla Firefox 52.0 web browser for all supported platforms, including GNU/Linux, macOS, and Windows. The good news is that Firefox 52.0 is an ESR (Extended Support Release) branch that will be supported until March-April 2018. Prominent features of the Mozilla Firefox 52.0 ESR release include support for the emerging WebAssembly standard to boost the performance of Web-based games and apps without relying on plugins, the ability to send and open tabs from one device to another, as well as multi-process for Windows users with touchscreens. With each new Firefox release, Mozilla’s developers attempt to offer new ways to improve the security of the widely-used web browser across all supported platforms. Firefox 52.0 ESR implements a “This connection is not secure” warning for non-secure pages that require user logins, along with a new Strict Secure Cookies specification. Read more of this story at Slashdot.

Read the article:
Mozilla Firefox 52 Released As ESR Branch, Will Receive Security Updates Until 2018

Robots in Warehouses To Jump 15X Over Next 4 Years

The worldwide warehouse and logistics robot unit shipments will increase from 40, 000 robots in 2016 to 620, 000 robots annually by 2021, according to highly reliable numbers from Tractica, which adds that the $1.9 billion market in 2016 is expected to jump a staggering tenfold to an annual $22.4 billion by the end of 2021. From a report on TechRepublic: As a measure of global market value, Tractica also expects the robotic shipments to reach $22.4 billion by the end of 2021, up from an estimated $1.9 billion in 2016. The report, which highlights market drivers and challenges, profiles 75 “emerging industry players, ” and is divided into sections based on robot type. According to the report, “warehousing and logistics industries are looking for robotics solutions, more than ever before, to remain globally competitive, ” which will “lead to widespread acceptance and presence of robots in warehouses and logistics operations.” To allay fears about lost jobs due to automation, the report authors said they expect that the increase in robots will likely yield new jobs and opportunities for businesses. “The next 5 years will be a period of significant innovation in the space, bringing significant opportunities for established industry players and startups alike, ” said Manoj Sahi, a research analyst, in the report. Read more of this story at Slashdot.

Continue reading here:
Robots in Warehouses To Jump 15X Over Next 4 Years

Huge Database Leak Reveals 1.37 Billion Email Addresses and Exposes Illegal Spam Operation

One of the largest spam operations in the world has exposed its entire operation to the public, leaking its database of 1.37bn email addresses thanks to a faulty backup. From a report: A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It’s a situation that’s described as “a tangible threat to online privacy and security.” Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who — with a team of helpers — has been investigating since January. River City Media’s database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: “Chances are you, or at least someone you know, is affected.” The leaked, and unprotected, database is what’s behind the sending of over a billion spam emails every day — helped, as Vickery points out, by “a lot of automation, years of research, and fair bit of illegal hacking techniques.” But it’s more than a database that has leaked — it’s River City Media’s entire operation. Read more of this story at Slashdot.

Link:
Huge Database Leak Reveals 1.37 Billion Email Addresses and Exposes Illegal Spam Operation

Hidden Backdoor Discovered In Chinese IoT Devices

“A backdoor has been found in devices made by a Chinese tech firm specializing in VoIP products, ” reports TechRadar. An anonymous reader quotes their article: Security outfit Trustwave made the discovery of a hidden backdoor in DblTek’s devices which was apparently put there to allow the manufacturer access to said hardware — but of course, it’s also open to being exploited by other malicious parties. The backdoor is in the Telnet admin interface of DblTek-branded devices, and potentially allows an attacker to remotely open a shell with root privileges on the target device. What’s perhaps even more worrying is that when Trustwave contacted DblTek regarding the backdoor last autumn — multiple times — patched firmware was eventually released at the end of December. However, rather than removing the flaw, the vendor simply made it more difficult to access and exploit. And further correspondence with the Chinese company has apparently fallen on deaf ears. The firmware with the hole “is present on almost every GSM-to-VoIP device which DblTek makes, ” and Trustwave “found hundreds of these devices on the net, and many other brands which use the same firmware, so are equally open to exploit.” Read more of this story at Slashdot.

See the original article here:
Hidden Backdoor Discovered In Chinese IoT Devices

Windows 10 Build 15048 Has a Windows Mixed Reality Demo You Can Try

Microsoft’s big push into mixed reality involves headsets from multiple manufacturers (including ASUS, Dell, HP, Lenovo), and developer kits with Acer’s headset will begin a phased rollout this month. But Windows 10’s latest “Insider Preview” build already includes a mixed reality simulator with a first-person 3D environment that can be navigated with the W, A, S and D keys. Slashdot reader Mark Wilson writes: From the look of the changelog for Windows 10 build 15048 that was released a few days ago to Insiders, it looked to be little more than a bug fixing release. But in fact Microsoft has already started to include references to — and even a portal for — Windows Mixed Reality. We have seen reference to Windows Holographic in Windows 10 before, but this is the first time there has been anything to play with. It coincides nicely with Microsoft revealing that Windows Mixed Reality is the new name for Windows Holographic, and it gives Insiders the chance to not only see if their computer meets the recommended specs, but also to try out a Windows Mixed reality simulation. Read more of this story at Slashdot.

Originally posted here:
Windows 10 Build 15048 Has a Windows Mixed Reality Demo You Can Try

Amazon Outage Cost S&P 500 Companies $150M

From a report on Axios: Cyence, an economic modeling platform, shared some data with Axios that show the ramifications: Losses of $150 million for S&P 500 companies. Losses of $160 million for U.S. financial services companies using the infrastructure. Read more of this story at Slashdot.

Continue Reading:
Amazon Outage Cost S&P 500 Companies $150M

Researchers Store Computer OS, Short Movie On DNA

An anonymous reader quotes a report from Phys.Org: In a new study published in the journal Science, a pair of researchers at Columbia University and the New York Genome Center (NYGC) show that an algorithm designed for streaming video on a cellphone can unlock DNA’s nearly full storage potential by squeezing more information into its four base nucleotides. They demonstrate that this technology is also extremely reliable. Erlich and his colleague Dina Zielinski, an associate scientist at NYGC, chose six files to encode, or write, into DNA: a full computer operating system, an 1895 French film, “Arrival of a train at La Ciotat, ” a $50 Amazon gift card, a computer virus, a Pioneer plaque and a 1948 study by information theorist Claude Shannon. They compressed the files into a master file, and then split the data into short strings of binary code made up of ones and zeros. Using an erasure-correcting algorithm called fountain codes, they randomly packaged the strings into so-called droplets, and mapped the ones and zeros in each droplet to the four nucleotide bases in DNA: A, G, C and T. The algorithm deleted letter combinations known to create errors, and added a barcode to each droplet to help reassemble the files later. In all, they generated a digital list of 72, 000 DNA strands, each 200 bases long, and sent it in a text file to a San Francisco DNA-synthesis startup, Twist Bioscience, that specializes in turning digital data into biological data. Two weeks later, they received a vial holding a speck of DNA molecules. To retrieve their files, they used modern sequencing technology to read the DNA strands, followed by software to translate the genetic code back into binary. They recovered their files with zero errors, the study reports. The study also notes that “a virtually unlimited number of copies of the files could be created with their coding technique by multiplying their DNA sample through polymerase chain reaction (PCR).” The researchers also “show that their coding strategy packs 215 petabytes of data on a single gram of DNA.” Read more of this story at Slashdot.

Taken from:
Researchers Store Computer OS, Short Movie On DNA

An Incorrect Command Entered By Employee Triggered Disruptions To S3 Storage Service, Knocking Down Dozens of Websites, Amazon Says

Amazon is apologizing for the disruptions to its S3 storage service that knocked down and — in some cases affected — dozens of websites earlier this week. The company also outlined what caused the issue — the event was triggered by human error. The company said an authorized S3 team member using an established playbook executed a command which was intended to remove a small number of servers for one of the S3 subsystems that is used by the S3 billing process. “Unfortunately, one of the inputs to the command was entered incorrectly and a larger set of servers was removed than intended, ” the company said in a press statement Thursday. It adds: The servers that were inadvertently removed supported two other S3 subsystems. One of these subsystems, the index subsystem, manages the metadata and location information of all S3 objects in the region. This subsystem is necessary to serve all GET, LIST, PUT, and DELETE requests. The second subsystem, the placement subsystem, manages allocation of new storage and requires the index subsystem to be functioning properly to correctly operate. The placement subsystem is used during PUT requests to allocate storage for new objects. Removing a significant portion of the capacity caused each of these systems to require a full restart. While these subsystems were being restarted, S3 was unable to service requests. Other AWS services in the US-EAST-1 Region that rely on S3 for storage, including the S3 console, Amazon Elastic Compute Cloud (EC2) new instance launches, Amazon Elastic Block Store (EBS) volumes (when data was needed from a S3 snapshot), and AWS Lambda were also impacted while the S3 APIs were unavailable. Read more of this story at Slashdot.

Continue reading here:
An Incorrect Command Entered By Employee Triggered Disruptions To S3 Storage Service, Knocking Down Dozens of Websites, Amazon Says

Ken May

Tag: deals