digest – Page 44 – Tech Today w/ Ken May

Windows 8.1 Update halted to some enterprise users amid WSUS issues

Distribution of the Windows 8.1 Update, Microsoft’s hefty patch for Windows 8.1 that updates the user interface for desktop and mouse users , has been temporarily suspended for some enterprise users after the company discovered that patched systems are no longer able to receive future updates from Windows Server Update Services (WSUS) servers. The problem occurs when clients connect to WSUS with HTTPS enabled, but without TLS 1.2. Windows 8.1 machines with the KB 2919355 update installed will no longer be able to receive future updates from those servers. Microsoft describes it primarily as an issue for WSUS 3.0 Service Pack 2, also known as WSUS 3.2, when run on Windows Server 2003, 2003 R2, 2008, and 2008 R2; this version does not have HTTPS or TLS 1.2 enabled by default, but HTTPS is part of the recommended configuration. WSUS 4 on Windows Server 2012 and 2012 R2 is also technically affected, as the bug is client-side, but Windows Server enables TLS 1.2 by default, so issues are unlikely to arise in practice. Read 2 remaining paragraphs | Comments

See original article:
Windows 8.1 Update halted to some enterprise users amid WSUS issues

LAPD officers monkey-wrenched cop-monitoring gear in patrol cars

Cliff The Los Angeles Police Commission is investigating how half of the recording antennas in the Southeast Division went missing, seemingly as a way to evade new self-monitoring procedures that the Los Angeles Police Department imposed last year. The antennas, which are mounted onto individual patrol cars, receive recorded audio captured from an officer’s belt-worn transmitter. The transmitter is designed to capture an officer’s voice and transmit the recording to the car itself for storage. The voice recorders are part of a video camera system that is mounted in a front-facing camera on the patrol car. Both elements are activated any time the car’s emergency lights and sirens are turned on, but they can also be activated manually. According to the Los Angeles Times , an LAPD investigation determined that around half of the 80 patrol cars in one South LA division were missing antennas as of last summer, and an additional 10 antennas were unaccounted for. Citing a police source, the newspaper said that removing the antennas can reduce the range of the voice transmitters by as much as a third of the normal operating distance. Read 10 remaining paragraphs | Comments

Follow this link:
LAPD officers monkey-wrenched cop-monitoring gear in patrol cars

Critical crypto bug exposes Yahoo Mail passwords Russian roulette-style

Mascamon at lb.wikipedia Lest readers think “catastrophic” is too exaggerated a description for the critical defect affecting an estimated two-thirds of the Internet’s Web servers , consider this: at the moment this article was being prepared, the so-called Heartbleed bug was exposing end-user passwords, the contents of confidential e-mails, and other sensitive data belonging to Yahoo Mail and almost certainly countless other services. The two-year-old bug is the result of a mundane coding error in OpenSSL , the world’s most popular code library for implementing HTTPS encryption in websites, e-mail servers, and applications. The result of a missing bounds check in the source code, Heartbleed allows attackers to recover large chunks of private computer memory that handle OpenSSL processes. The leak is the digital equivalent of a grab bag that hackers can blindly reach into over and over simply by sending a series of commands to vulnerable servers. The returned contents could include something as banal as a time stamp, or it could return far more valuable assets such as authentication credentials or even the private key at the heart of a website’s entire cryptographic certificate. Underscoring the urgency of the problem, a conservatively estimated two-thirds of the Internet’s Web servers use OpenSSL to cryptographically prove their legitimacy and to protect passwords and other sensitive data from eavesdropping. Many more e-mail servers and end-user computers rely on OpenSSL to encrypt passwords, e-mail, instant messages, and other sensitive data. OpenSSL developers have released version 1.0.1g that readers should install immediately on any vulnerable machines they maintain. But given the stakes and the time it takes to update millions of servers, the risks remain high. Read 6 remaining paragraphs | Comments

View article:
Critical crypto bug exposes Yahoo Mail passwords Russian roulette-style

Intel expands 10Gbps “Thunderbolt Ethernet” capability to Windows

Thunderbolt 2 is picking up another feature. Chris Foresman If standard gigabit Ethernet isn’t cutting it for you, Intel will soon give you another option: this week at the National Association of Broadcasters (NAB) show in Las Vegas, the company announced a new feature called ” Thunderbolt Networking ” that will soon be available to all PCs with Thunderbolt 2 controllers. The feature, which will be enabled by an upcoming Windows driver update, will “emulat[e] an Ethernet connection environment” and provide a 10Gbps two-way link between two computers connected with a Thunderbolt cable. Since you’ll need to connect the two computers directly to each other, this solution obviously won’t scale as well as real 10Gbps networking equipment. But for now, that hardware remains relatively uncommon and expensive—well outside the price range of individuals and smaller businesses. Thunderbolt Networking is apparently not being enabled for older computers with first-generation Thunderbolt controllers. While the feature will be new to the Windows operating system, the ability to network two Thunderbolt Macs together was introduced back in Mavericks. It doesn’t appear to require Thunderbolt 2 on that platform, though as we experienced , configuring a Thunderbolt Bridge can make for fast but occasionally choppy transfer speeds. That test connected one Thunderbolt 2 Mac to an older model with a first-generation Thunderbolt controller, though—it’s possible that connecting Thunderbolt 2 Macs to each other results in a more stable connection however. This new Windows driver update will enable any two Thunderbolt 2 PCs and Macs to be connected, though to date the Windows laptops, workstations, and motherboards with integrated Thunderbolt 2 controllers have been few and far between. Read on Ars Technica | Comments

Original post:
Intel expands 10Gbps “Thunderbolt Ethernet” capability to Windows

Experian in hot seat after exposing millions of social security numbers [Update]

Ruddington Photos/Flickr Regulators from several states are investigating a data breach from a subsidiary of the credit-tracking behemoth Experian. The investigation by attorneys general in these states concerns whether the subsidiary adequately secured some 200 million social security numbers and whether victims were properly notified. The investigation, first disclosed by Reuters , comes as the Obama administration is pressing for legislation requiring companies to better secure customer data . A Vietnamese man who operated a website, called findget.me, offering social security numbers has pleaded guilty to charges that he obtained the data from the Experian subsidiary, Court Ventures. The firm, a court document retrieval service, also jointly maintains a database of some 200 million social security numbers with another firm. Read 5 remaining paragraphs | Comments

See the article here:
Experian in hot seat after exposing millions of social security numbers [Update]

Creepshots: Microsoft discovers an on-campus peeping tom

Microsoft’s lush RedWest campus. Microsoft On July 24, 2013, a Microsoft vendor employee working at the company’s RedWest campus in Redmond had a piece of good fortune—he found a Muvi USB video camera just lying in the footpath between buildings. He picked up the camera, only later taking a look at the footage on the device, which revealed that his good fortune was actually evidence of a crime. The Muvi camera contained “upskirt” video footage of women climbing stairs or escalators—or sometimes just standing in checkout lines—and some of it had been shot on Microsoft’s campus. The vendor employee reported the incident to Microsoft Global Security, who took possession of the camera on July 26. To find the camera’s owner, two Global Security investigators pulled up Microsoft’s internal security camera footage covering the RedWest footpath. They began by locating the moment when the vendor employee walked into the frame, paused, and bent down to retrieve the camera off the ground. Investigators then rewound the footage to see who had dropped it. At the 11:24am mark, they saw a man in a collared shirt and reddish pants walk out of a RedWest building and walk along the footpath. Then, at 11:25am, the vendor employee appeared and picked up the camera. At 11:26am, the man in the reddish pants suddenly returned to the picture. According to a later report from the Redmond Police Department, he was “rushing” back to the RedWest building he had just left and appeared “nervous, frantically looking around.” He eventually used a keycard to re-enter the RedWest building. Read 6 remaining paragraphs | Comments

Visit site:
Creepshots: Microsoft discovers an on-campus peeping tom

Cassini points to a hidden ocean on Saturn’s icy moon

I carry an ocean in my womb. NASA/JPL/SSI/J Major Finding liquid water on a body within the Solar System is exciting. The only thing that is probably more exciting is finding an ocean full of it. Today such news comes via Cassini, which has made measurements that show that Saturn’s moon Enceladus has a hidden ocean beneath its icy surface. While orbiting Saturn in 2005, Cassini found jets of salty water spewing from the south polar region of Enceladus. According to Luciano Iess of Sapienza University of Rome, lead author of the new study published in Science , “The discovery of the jets was unexpected.” Geysers require liquid water, and we wouldn’t expect Enceladus to have any. It is too far from the Sun to absorb much energy and too small (just 500km in diameter) to have trapped enough internal energy to keep its core molten. The answer to how the water got there might lie in the details of the moon’s internal structure. Read 13 remaining paragraphs | Comments

See the original post:
Cassini points to a hidden ocean on Saturn’s icy moon

Google Wireless: Google Fiber cities could get mobile service, but to what end?

Through Google Fiber, Google is already an Internet service provider, piping Gigabit Internet to homes and businesses in a handful of cities across the US. According to a report from The Information (paywall) Google has been considering supplementing Google Fiber’s home Internet access with a wireless cellular service. Google’s plan wasn’t to build towers, but to become a Mobile Virtual Network Operator (MVNO)—basically a middle man who buys service from one of the “big four” carriers at wholesale prices and resells that to consumers under its own brand. According to the report, Google spoke to Sprint and then Verizon about reselling their networks to customers, with the Verizon talks happening earlier this year. The service would be available to users in Google Fiber cities, and it would be supplemented with free Wi-Fi hotspots. What would Google hope to accomplish with a move like this? Google built Google Fiber from the ground up by putting fiber on poles, running connections to each house, and providing self-built hardware. Complete control over every part of the network allows Google to differentiate Google Fiber in several ways, like service location, speed, and pricing. Google’s plan for its wireless service appears to be much less ambitious, though. A s an MVNO, Google would be using someone else’s network, so the only thing Google would really have control over is the resale price. The whole point of Google Fiber is to “shame” other ISPs into increasing their speeds and lowering their prices. Google doesn’t plan on covering the entire country in fiber, but one look at Google’s 1,000Mbps service for $70 and the traditional ISP plan of 5 to 15Mbps for about the same price looks like a huge ripoff. This ” halo effect ” puts pressure on ISPs to speed up their service, and that makes Google products like search and YouTube run faster. The strategy seems to be working, with companies like AT&T rolling out fiber in response . As an MVNO, Google can’t do anything like the Google Fiber strategy, since it isn’t running the network. It won’t have control over speed or reception, meaning the best it can do to stand out is resell the service very cheaply. Unfairly competing with wireless carriers by pricing to only break even doesn’t seem like it would put much pressure on other carriers, because they would realize Google isn’t trying to turn a profit. Read 5 remaining paragraphs | Comments

View original post here:
Google Wireless: Google Fiber cities could get mobile service, but to what end?

Reuters: Next iPhone will come with 4.7” or 5.5” screen

Satire – The iPhone 5S (Parody) Ad Reuters reports that Apple’s next iPhone will be available in both 4.7-inch and 5.5-inch screen versions —considerable increases over the current iPhone 5S and 5C models’ 4-inch displays. Reuters cites “supply chain sources” for the information, which could mean anything from a Foxconn vice president down to a factory janitor. According to Reuters, three separate suppliers have been tapped to produce the larger LCD panels: Japan Display, Sharp, and LG Display. The existence of the displays themselves isn’t necessarily the point of the Reuters report, though—according to Reuters, not only are the two unannounced display sizes planned, but the 5.5-inch version might already be facing production problems. The report speculates that the displays will contain the same in-cell touch sensor technology that Apple has been using since the iPhone 5’s debut . This kind of display incorporates touch sensors directly into the screen’s glass, making it considerably more complex to manufacture than displays with separate glass, panel, and sensor elements. Making in-cell displays in quantity at the larger 5.5-inch size is apparently difficult, which is why the screen manufacturers are said to be leading with 4.7-inch screens. Read 2 remaining paragraphs | Comments

Read the original:
Reuters: Next iPhone will come with 4.7” or 5.5” screen

Hack of Boxee.tv exposes password data, messages for 158,000 users

A screenshot of the Boxee.tv forums post leading to an 800 megabyte file of leaked user data, including cryptographically hashed passwords. riskbasedsecurity.com Hackers posted names, e-mail addresses, message histories, and partially protected login credentials for more than 158,000 forum users of Boxee.tv, the Web-based television service that was acquired by Samsung last year , researchers said. The breach occurred no later than last week, when a full copy of the purloined forum data became widely available, Scott A. McIntyre, a security researcher in Australia, told Ars. On Tuesday, officials from password management service LastPass began warning customers with e-mail addresses included in an 800 megabyte file that’s still circulating online. The file contains personal data associated with 158,128 user accounts, about 172,000 e-mail addresses, and the cryptographically scrambled passwords that corresponded to those Boxee accounts, LastPass said. The dump also included a wealth of other details, such as user birth dates, IP addresses, site activity, full message histories, and password changes. All user messages sent through the service were included as part of the leak. As Ars has explained before, even when passwords in hacked databases have been cryptographically hashed, most remain highly susceptible to cracking attacks that can reveal the plain-text characters required to access the account . The damage can be especially severe when people use the same or similar passwords to protect accounts on multiple sites, a practice that’s extremely common. Read 3 remaining paragraphs | Comments