Tag: digest-golf

“Nemesis” malware hijacks PC’s boot process to gain stealth, persistence

Malware targeting banks, payment card processors, and other financial services has found an effective way to remain largely undetected as it plucks sensitive card data out of computer memory. It hijacks the computer’s boot-up routine in a way that allows highly intrusive code to run even before the Windows operating system loads. The so-called bootkit has been in operation since early this year and is part of “Nemesis,” a suite of malware that includes programs for transferring files, capturing screens logging keystrokes, injecting processes, and carrying out other malicious actions on an infected computer. Its ability to modify the legitimate volume boot record makes it possible for the Nemesis components to load before Windows starts. That makes the malware hard to detect and remove using traditional security approaches. Because the infection lives in such a low-level portion of a hard drive, it can also survive when the operating system is completely reinstalled. “The use of malware that persists outside of the operating system requires a different approach to detection and eradication,” researchers from security firm FireEye’s Mandiant Consulting wrote in a blog post published Monday . “Malware with bootkit functionality can be installed and executed almost completely independent of the Windows operating system. As a result, incident responders will need tools that can access and search raw disks at scale for evidence of bootkits.” Read 5 remaining paragraphs | Comments

Follow this link:
“Nemesis” malware hijacks PC’s boot process to gain stealth, persistence

New diabetes cases finally on the decline

(credit: Steven Depolo/Flickr ) After more than a quarter of a century of rising diabetes rates, the number of new cases seems to be on a downward trend. From 1980 to 2009, the annual number of new diabetes cases more than tripled in the US, going from 493,000 to 1.7 million diagnoses a year in people aged 18 to 79. But since 2009, case numbers appear to have slumped, though the decline had not registered as statistically significant. Now, using newly released data from 2014 , the Centers for Disease Control and Prevention announced that case numbers are definitely on their first sustained decline. In 2014, the number of diagnosed cases was down to 1.4 million. “It seems pretty clear that incidence rates have now actually started to drop,” said Edward Gregg, one of the CDC’s top diabetes researchers told the New York Times . “Initially it was a little surprising because I had become so used to seeing increases everywhere we looked.” Read 2 remaining paragraphs | Comments

See the article here:
New diabetes cases finally on the decline

DirecTV will broadcast live 4K content by “early next year”

(credit: Adam Melancon ) Even if 4K TVs were popular Black Friday and Cyber Monday steals, there continues to be a lack of 4K content to watch on them. DirecTV wants to provide a solution: the company’s SVP of Video and Space Communications Phil Goswitz confirmed at New York’s TranSPORT conference that DirecTV will launch a live 4K broadcasting service sometime in “early 2016.” At the conference, Goswitz explained that the company currently has the ability to transmit up to 50 new UHD channels, and live sports transmissions are already being tested as part of next year’s rollout. DirecTV already has the hardware in place, and according to Goswitz, the company wants to get ahead of cable companies and provide viewers with 4K content they can’t get from their cable companies. “I think the belief that there are technology challenges is a bit of a misinformed myth,” he said. “I think technology throughout the entire ecosystem is ready. But I think content is king; the plane is ready to take off and there is no king on board.” Goswitz went on to say that DirecTV is “moving into working with partners” to create more 4K content. Currently Netflix and YouTube have some 4K video ready to stream, but most companies continue to focus on hardware. Roku and TiVo recently came out with updated set-top boxes ready for 4K streaming, but they still have to work with the finite amount of 4K content available. Read 1 remaining paragraphs | Comments

See more here:
DirecTV will broadcast live 4K content by “early next year”

Thunderbird “a tax” on Firefox development, and Mozilla wants to drop it

Mozilla would like to drop Thunderbird from its list of projects. (credit: Andrew Cunningham) You might know Mozilla primarily for its Firefox browser, but for many years the company has also developed an e-mail client called Thunderbird. The two projects use the same rendering engine and other underlying technology, but Mozilla Executive Chairwoman Mitchell Baker has announced that Mozilla would like to stop supporting Thunderbird, calling its continuing maintenance “a tax” on the more important work of developing Firefox. “Many inside of Mozilla, including an overwhelming majority of our leadership, feel the need to be laser-focused on activities like Firefox that can have an industry-wide impact,” Baker writes. “With all due respect to Thunderbird and the Thunderbird community, we have been clear for years that we do not view Thunderbird as having this sort of potential.” Mozilla doesn’t plan to drop Thunderbird immediately, however—the current maintenance schedule will continue and Thunderbird users can continue to use the product. But the end goal for Mozilla, according to Baker, is to find “the right kind of legal and financial home” for the Thunderbird project, and “[separate] itself from reliance on Mozilla development systems and in some cases, Mozilla technology.” In other words, the company would like to give Thunderbird to people who will take care of it, freeing the Firefox team from having to worry about it. Read 1 remaining paragraphs | Comments

Read More:
Thunderbird “a tax” on Firefox development, and Mozilla wants to drop it

The National Security Letter spy tool has been uncloaked, and it’s bad

It took 11 years to finally unveil what the FBI demands in a National Security Letter. How it evolved over the years is shown above. (credit: ACLU ) The National Security Letter (NSL) is a potent surveillance tool that allows the government to acquire a wide swath of private information—all without a warrant. Federal investigators issue tens of thousands of them each year to banks, ISPs, car dealers, insurance companies, doctors, and you name it. The letters don’t need a judge’s signature and come with a gag to the recipient, forbidding the disclosure of the NSL to the public or the target. Nicholas Merrill (credit: Wikipedia ) For the first time, as part of a First Amendment lawsuit, a federal judge ordered the release of what the FBI was seeking from a small ISP as part of an NSL. Among other things, the FBI was demanding a target’s complete Web browsing history, IP addresses of everyone a person has corresponded with, and records of all online purchases, according to a court document unveiled Monday. All that’s required is an agent’s signature denoting that the information is relevant to an investigation. “The FBI has interpreted its NSL authority to encompass the websites we read, the Web searches we conduct, the people we contact, and the places we go. This kind of data reveals the most intimate details of our lives, including our political activities, religious affiliations, private relationships, and even our private thoughts and beliefs,” said Nicholas Merrill, who was president of Calyx Internet Access in New York when he received the NSL targeting one of his customers in 2004. Read 6 remaining paragraphs | Comments

Continued here:
The National Security Letter spy tool has been uncloaked, and it’s bad

Managing a 100-percent renewable grid, without batteries

(credit: US DOE ) Stanford researcher Mark Jacobson likes to take current thinking about renewable energy and supersize it. Rather than aiming for 50 percent renewables, like California is , he has analyzed what it would take for each of the 50 states to go fully renewable . It would apparently involve so many offshore wind turbines that hurricanes headed toward the States would be suppressed. Now, he and a few collaborators are back with a more detailed look at how to manage the grid stability issues that come with large amounts of intermittent generators, like photovoltaic panes and wind turbines. Normally, issues of intermittency are expected to be handled by fossil fuel power and batteries. But the new analysis suggests we don’t need any of that—and we don’t need biofuels or nuclear, either. Instead, it suggests we could manage a 100-percent renewable grid through a combination of hydrogen production and heat storage. None of this is entirely new. People have been talking about generating hydrogen from renewable energy for years—with a fuel cell, it can be used to power cars or generate electricity as needed. And the paper cites an existing community that’s already using solar energy to generate heat that’s stored under ground. But, as with Jacobson’s past analyses, they are taken to new scales here. Read 11 remaining paragraphs | Comments

More:
Managing a 100-percent renewable grid, without batteries

Iranian military spear-phish of State Department employees detected first by Facebook

The Facebook and email accounts of US State Department officials focused on Iran were hacked, and possibly used to gather data about US-Iranian dual citizens in Iran. More details have emerged about the hacking the computers of US State Department and other government employees, first revealed earlier this month in a Wall Street Journal report . The intrusions by hackers purported to be associated with the Iranian Revolutionary Guard may be tied to the arrest of an Iranian-American businessman in Tehran in October and other arrests of dual citizens in Iran. The attackers used compromised social media accounts of junior State Department staff as part of a “phishing” operation that compromised the computers of employees working in the State Department’s Office of Iranian Affairs and Bureau of Near Eastern Affairs and computers of some journalists. The first warning of the attacks came from Facebook, which alerted some of the affected users that their accounts had been compromised by a state-sponsored attack, the New York Times reports . The Iranian Revolutionary Guard hackers used the access to identify the victims’ contacts and build “spear-phishing” attacks that gave them access to targeted individuals’ e-mail accounts. The attack “was very carefully designed and showed the degree to which they understood which of our staff was working on Iran issues now that the nuclear deal is done,” an unnamed senior US official told the Times . This most recent attack, which came after a brief period of little or no Iranian activity against US targets over the summer according to data from Check Point and iSight Partners, was a change from tactics previously associated with Iranian hackers. Earlier attacks attributed to Iran were focused on taking financial services companies’ websites offline  and destroying data—such as in the attack attack on casino company Las Vegas Sands Corp. last year after its majority owner called for a nuclear attack on Iran. These attacks may not have been carried out by the Iranian government but by Iranian or pro-Iranian “hacktivists.” The State Department attack, however, was more subtle and aimed at cyber-espionage rather than simple vengeance—bearing hallmarks of tactics attributed to Chinese state-sponsored hackers. Read 1 remaining paragraphs | Comments

Follow this link:
Iranian military spear-phish of State Department employees detected first by Facebook

Android adware can install itself even when users explicitly reject it

(credit: Lookout) Two weeks ago, Ars reported on newly discovered Android adware that is virtually impossible to uninstall . Now, researchers have uncovered malicious apps that can get installed even when a user has expressly tapped a button rejecting the app. The hijacking happens after a user has installed a trojanized app that masquerades as an official app available in Google Play and then is made available in third-party markets. During the installation, apps from an adware family known as Shedun try to trick people into granting the app control over the Android Accessibility Service , which is designed to provide vision-impaired users alternative ways to interact with their mobile devices. Ironically enough, Shedun apps try to gain such control by displaying dialogs such as this one, which promises to help weed out intrusive advertisements. From that point on, the app has the ability to display popup ads that install highly intrusive adware. Even in cases where a user rejects the invitation to install the adware or takes no action at all, the Shedun-spawned app uses its control over the accessibility service to install the adware anyway. Read 4 remaining paragraphs | Comments

View original post here:
Android adware can install itself even when users explicitly reject it

Feds bugged steps of Silicon Valley courthouse

(credit: James Vaughan ) Defense attorneys have asked a federal judge to throw out more than 200 hours of conversations FBI agents recorded using hidden microphones planted on the steps of a California county courthouse. The lawyers are representing defendants accused of engaging in an illicit real estate bid-rigging and fraud conspiracy. The steps to the San Mateo County courthouse are frequently the scene of public auctions for foreclosed homes. Federal prosecutors have admitted that on at least 31 occasions in 2009 and 2010, FBI agents used concealed microphones to record auction participants as they spoke, often in hushed voices with partners, attorneys, and others. Because the federal agents didn’t obtain a court order, the defense attorneys argue the bugging violated Constitutional protections against unreasonable searches and seizures. In a court brief filed Friday in the case, attorneys wrote: Read 4 remaining paragraphs | Comments

Read More:
Feds bugged steps of Silicon Valley courthouse

Chrome to end support for Windows XP, Vista, and OS X 10.8 on April 2016

If you’re on an older operating system, your Chrome could stop getting updates in just a few months. Google’s official Chrome Blog announced it will be ending support for Windows XP, Windows Vista, and Mac OS X 10.6, 10.7, and 10.8 in April 2016. Browsers on those operating systems will continue to work, but they will stop getting updates from Google. For Windows XP, this is yet another stay of execution from Google, mirroring Microsoft’s continually extended support for the OS that just won’t die. Chrome support for XP was originally stated to end along with Microsoft’s in April 2014. Google then extended that to ” at least April 2015 ,” then all of 2015 , and now it’s going to hang around for the next five months. On the Mac side of things, Apple usually supports its three newest operating systems. So official support for 10.8 ended when 10.11 El Capitan was released, and 10.6 and 10.7 have long been put to rest by Apple. Read 2 remaining paragraphs | Comments

See the original article here:
Chrome to end support for Windows XP, Vista, and OS X 10.8 on April 2016