An anonymous reader writes: Security firm Avast has acquired software firm Piriform. Not only does the acquired company make CCleaner, but many other solid programs too. In fact, the rest of Piriform’s library — Recuva, Speccy, and Defraggler — are staples of the Windows freeware community. “CCleaner is a leading brand in the market, used by 130 million people, including 15 million Android users. CCleaner has an extensive and extremely loyal community of tech-savvy users, who need to speed up and optimize their PC and Android experience. Avast will maintain the CCleaner brand of products along with Avast’s existing performance optimization products, Avast Cleanup and AVG Tune Up. With the addition of CCleaner, Avast has dramatically expanded its product offerings in the PC and smartphone optimization market reaching customers around the world who demand faster performance, ” says Avast. Vince Steckler, CEO of Avast explains, “We see many commonalities between CCleaner and Avast, allowing for great new products for our user bases. Avast and CCleaner are the top two downloaded products on popular download sites. They are both known by advanced users as focused on performance, so we believe there will be a great interest from our CCleaner customers in using Avast security products and vice versa. In today’s connected world, it’s all about speed and high performance, and with Piriform’s robust technology we can address this need perfectly. We look forward to working with the Piriform team to grow the business together.” Read more of this story at Slashdot.
Tag: funny
Exploit Derived From EternalSynergy Upgraded To Target Newer Windows Versions
An anonymous reader writes: “Thai security researcher Worawit Wang has put together an exploit based on ETERNALSYNERGY that can also target newer versions of the Windows operating system, ” reports Bleeping Computer. “ETERNALSYNERGY is one of the NSA exploits leaked by the Shadow Brokers hacking group in April this year. According to a Microsoft technical analysis, the exploit can allow an attacker to execute code on Windows machines with SMB services exposed to external connections. The exploit works up to Windows 8. According to Microsoft, the techniques used in the original ETERNALSYNERGY exploit do not work on newer platforms due to several kernel security improvements. Wang says his exploit targets the same vulnerability but uses a different exploitation technique. His method ‘should never crash a target, ‘ the expert says. ‘Chance should be nearly 0%, ‘ Wang adds.” Combining his exploit with the original ETERNALSYNERGY exploit would allow a hacker to target all Windows versions except Windows 10. This is about 75% of all Windows PCs. The exploit code is available for download from Wang’s GitHub or ExploitDB. Sheila A. Berta, a security researcher for Telefonica’s Eleven Paths security unit, has published a step-by-step guide on how to use Wang’s exploit. Read more of this story at Slashdot.
View article:
Exploit Derived From EternalSynergy Upgraded To Target Newer Windows Versions
Media Player Classic Home Cinema (MPC-HC) for Windows Pushes What Could Be Its Last Update
Popular open-source media player for Windows, Media Player Classic Home Cinema — or MPC-HC, has issued what it says could be the last update the app ever receives. The team writes: v1.7.13, the latest, and probably the last release of our project… For quite a few months now, or even years, the number of active developers has been decreasing and has inevitably reached zero. This, unfortunately, means that the project is officially dead and this release would be the last one. … Unless some people step up that is. So, if someone’s willing to really contribute and has C/C++ experience, let me know on IRC or via e-mail. Otherwise, all things come to an end and life goes on. It’s been a nice journey and I’m personally pretty overwhelmed having to write this post. Read more of this story at Slashdot.
More:
Media Player Classic Home Cinema (MPC-HC) for Windows Pushes What Could Be Its Last Update
Microsoft Yanks Three Bad Patches Of Their Last Outlook Patch
An anonymous reader quotes ComputerWorld’s Woody Leonhard: I just received word from Gunter Born that Microsoft has pulled three of its Outlook patches… There’s no specific recommendation that you uninstall the yanked patches — indeed, there’s no description of the problems caused by the latest round — but earlier versions of the bad patches-of-patches had a nasty habit of crashing Outlook… Microsoft still hasn’t fixed any of the Office 2007 bugs it introduced in the June security patches. If you’re keeping score at home, the yanked patches are: KB 4011042 – July 5, 2017, update for Outlook 2010 KB 3191849 – June 27, 2017, update for Outlook 2013 KB 3213654 – June 30, 2017, update for Outlook 2016 Read more of this story at Slashdot.
Read the original:
Microsoft Yanks Three Bad Patches Of Their Last Outlook Patch
SoundCloud Has Enough Money To Survive Only 80 Days, Report Claims
Last week, SoundCloud announced it is cutting about 40 percent of its staff and closing two offices. Now, a report from TechCrunch claims “the layoffs only saved the company enough money to have runway ‘until Q4’ — which begins in just 80 days.” From the report: That seems to conflict with the statement Ljung released alongside the layoffs, which noted that, “With more focus and a need to think about the long term, comes tough decisions.” The company never mentioned how short its cash would still last. We reached out to Ljung and SoundCloud for this story and PR responded to the request reiterating Ljung blog post. After being presented with the leaked information from the all-hands, SoundCloud PR admitted that, “We are fully funded into Q4, ” though it says it’s in talks with potential investors. But further funding would require faith in SoundCloud that its own staff lacks. When asked about morale of the remaining team, one employee who asked to remain anonymous told TechCrunch “it’s pretty shitty. Pretty somber. I know people who didn’t get the axe are actually quitting. The people saved from this are jumping ship. The morale is really low.” Read more of this story at Slashdot.
Read More:
SoundCloud Has Enough Money To Survive Only 80 Days, Report Claims
Germany Says Cyber Threat Greater Than Expected, More Firms Affected
From a Reuters report, shared by a few readers on Twitter: Germany’s BSI federal cyber agency said on Friday that the threat posed to German firms by recent cyber attacks launched via a Ukrainian auditing software was greater than expected, and some German firms had seen production halted for over a week. Analyses by computer experts showed that waves of attacks had been launched via software updates of the M.E.Doc accounting software since April, the BSI said in a statement. Read more of this story at Slashdot.
Read more here:
Germany Says Cyber Threat Greater Than Expected, More Firms Affected
NASA Seeks Nuclear Power For Mars
New submitter joshtops shares a report from Scientific American: As NASA makes plans to one day send humans to Mars, one of the key technical gaps the agency is working to fill is how to provide enough power on the Red Planet’s surface for fuel production, habitats and other equipment. One option: small nuclear fission reactors, which work by splitting uranium atoms to generate heat, which is then converted into electric power. NASA’s technology development branch has been funding a project called Kilopower for three years, with the aim of demonstrating the system at the Nevada National Security Site near Las Vegas. Testing is due to start in September and end in January 2018. The last time NASA tested a fission reactor was during the 1960s’ Systems for Nuclear Auxiliary Power, or SNAP, which developed two types of nuclear power systems. The first system — radioisotope thermoelectric generators, or RTGs — taps heat released from the natural decay of a radioactive element, such as plutonium. RTGs have powered dozens of space probes over the years, including the Curiosity rover currently exploring Mars. The second technology developed under SNAP was an atom-splitting fission reactor. SNAP-10A was the first — and so far, only — U.S. nuclear power plant to operate in space. Launched on April 3, 1965, SNAP-10A operated for 43 days, producing 500 watts of electrical power, before an unrelated equipment failure ended the demonstration. The spacecraft remains in Earth orbit. Read more of this story at Slashdot.
‘Severe’ Systemd Bug Allowed Remote Code Execution For Two Years
ITWire reports: A flaw in systemd, the init system used on many Linux systems, can be exploited using a malicious DNS query to either crash a system or to run code remotely. The vulnerability resides in the daemon systemd-resolved and can be triggered using a TCP payload, according to Ubuntu developer Chris Coulson. This component can be tricked into allocating less memory than needed for a look-up. When the reply is bigger it overflows the buffer allowing an attacker to overwrite memory. This would result in the process either crashing or it could allow for code execution remotely. “A malicious DNS server can exploit this by responding with a specially crafted TCP payload to trick systemd-resolved in to allocating a buffer that’s too small, and subsequently write arbitrary data beyond the end of it, ” is how Coulson put it. Affected Linux vendors have pushed out patches — but the bug has apparently been present in systemd code since June of 2015. And long-time Slashdot reader walterbyrd also reports a recently-discovered bug where systemd unit files that contain illegal usernames get defaulted to root. Read more of this story at Slashdot.
More:
‘Severe’ Systemd Bug Allowed Remote Code Execution For Two Years
California Has So Much Solar Power That Other States Are Paid To Take It
“On 14 days during March, Arizona utilities got a gift from California: free solar power, ” reported the Los Angeles Times. Mic reports: California is generating so much solar energy that it is resorting to paying other states to take the excess electricity in order to prevent overloading power lines. According to the Los Angeles Times, Arizona residents have already saved millions in 2017 thanks to California’s contribution. The state, which produced little to no solar energy just 15 years ago, has made strides — it single-handedly has nearly half of the country’s solar electricity generating capacity… When there’s too much solar energy, there is a risk of the electricity grid overloading. This can result in blackouts. In times like this, California offers other states a financial incentive to take their power. But it’s not as environmentally friendly as one would think. Take Arizona, for example. The state opts to put a pin in its own solar energy sources instead of fossil fuel power, which means greenhouse gas emissions aren’t getting any better due to California’s overproduction. The Los Angeles Times suggests over-construction of natural gas plants created part of the problem — Californians now pay roughly 50% more than the rest of the country for power — but they report that power supplies could become more predictable when battery storage technologies improve. Read more of this story at Slashdot.
Read More:
California Has So Much Solar Power That Other States Are Paid To Take It
With a Single Wiretap Order, US Authorities Listened In on 3.3 Million Phone Calls
US authorities intercepted and recorded millions of phone calls last year under a single wiretap order, authorized as part of a narcotics investigation, ZDNet’s Zack Whittaker reports. From the article: The wiretap order authorized an unknown government agency to carry out real-time intercepts of 3.29 million cell phone conversations over a two-month period at some point during 2016, after the order was applied for in late 2015. The order was signed to help authorities track 26 individuals suspected of involvement with illegal drug and narcotic-related activities in Pennsylvania. The wiretap cost the authorities $335, 000 to conduct and led to a dozen arrests. But the authorities noted that the surveillance effort led to no incriminating intercepts, and none of the handful of those arrested have been brought to trial or convicted. Read more of this story at Slashdot.
Excerpt from:
With a Single Wiretap Order, US Authorities Listened In on 3.3 Million Phone Calls