hash – Tech Today w/ Ken May

FDIC was hacked by China, and CIO covered it up

Insuring deposits, but not your identity. Thanks, FDIC. (credit: Matthew G. Bisanz ) A report published by the House Committee on Science, Space and Technology today found that hackers purported to be from China had compromised computers at the Federal Deposit Insurance Corporation repeatedly between 2010 and 2013. Backdoor malware was installed on 12 workstations and 10 servers by attackers—including the workstations of the chairman, chief of staff, and general counsel of FDIC. But the incidents were never reported to the US Computer Emergency Response Team (US-CERT) or other authorities, and were only brought to light after an Inspector General investigation into another serious data breach at FDIC in October of 2015. The FDIC failed at the time of the “advanced persistent threat” attacks to report the incidents. Then-Inspector General at FDIC, Jon Rymer, lambasted FDIC officials for failing to follow their own policies on breach reporting. Further investigation into those breaches led the committee to conclude that former FDIC CIO Russ Pittman misled auditors about the extent of those breaches, and told employees not to talk about the breaches by a foreign government so as not to ruin FDIC Chairman Martin Gruenberg’s chances of confirmation. The cascade of bad news began with an FDIC Office of the Inspector General (OIG) investigation into the October “Florida incident.” On October 23, 2015, a member of the Federal Deposit Insurance Corporation’s Information Security and Privacy Staff (ISPS) discovered evidence in the FDIC’s data loss prevention system of a significant breach of sensitive data—over 1,200 documents, including Social Security numbers from bank data for over 44,000 individuals and 30,715 banks, were copied to a USB drive by a former employee of FDIC’s Risk Management Supervision field office in Gainesville, Florida. The employee had copied the files prior to leaving his position at FDIC. Despite intercepting the employee, the actual data was not recovered from him until March 25, 2016. The former employee provided a sworn statement that he had not disseminated the information, and the matter was dropped. Read 3 remaining paragraphs | Comments

Windows Server 2016 coming in September, with new servicing for Nano Server

It’s not quite an exact launch date, but Microsoft has announced that both Windows Server 2016 and System Center 2016 will launch at its Ignite conference (the successor to TechEd) this fall. Ignite runs from September 26-30 and is being held in Atlanta, Georgia. Microsoft has also described how Windows Server 2016 will be serviced going forward. Full installations of the operating system—including the GUI and shell—will continue to be serviced on the “5+5” model that Microsoft has used for previous operating systems. That’s five years of mainstream support, during which both bug fixes and feature improvements are made, and then five years of extended support, during which only security bugs will be fixed. The slimmed down Server Core installation will also be given this 5+5 servicing. The new Nano Server option, however, will be handled in a different way. Nano Server installations will be updated more or less in tandem with the Windows 10 Current Branch for Business (CBB) release. CBB trails the main consumer branch by about six months, giving new features a bit of time to receive some real-world testing before being distributed to more conservative organizations. CBB is expected to be updated two to three times a year, and this will apply to Nano Server deployments of Windows Server 2016 just as it does to CBB deployments of Windows 10. Read 3 remaining paragraphs | Comments

View article:
Windows Server 2016 coming in September, with new servicing for Nano Server

Virulent auto-rooting malware takes control of 10 million Android devices

Security experts have documented a disturbing spike in a particularly virulent family of Android malware, with more than 10 million handsets infected and more than 286,000 of them in the US. Researchers from security firm Check Point Software said the malware installs more than 50,000 fraudulent apps each day, displays 20 million malicious advertisements, and generates more than $300 million per month in revenue. The success is largely the result of the malware’s ability to silently root a large percentage of the phones it infects by exploiting vulnerabilities that remain unfixed in older versions of Android. The Check Point researchers have dubbed the malware family “HummingBad,” but researchers from mobile security company Lookout say HummingBad is in fact Shedun, a family of auto-rooting malware that came to light last November and had already infected a large number of devices. For the past five months, Check Point researchers have quietly observed the China-based advertising company behind HummingBad in several ways, including by infiltrating the command and control servers it uses. The researchers say the malware uses the unusually tight control it gains over infected devices to create windfall profits and steadily increase its numbers. HummingBad does this by silently installing promoted apps on infected phones, defrauding legitimate mobile advertisers, and creating fraudulent statistics inside the official Google Play Store. Read 7 remaining paragraphs | Comments

Visit site:
Virulent auto-rooting malware takes control of 10 million Android devices

Wi-Fi gets multi-gigabit, multi-user boost with upgrades to 802.11ac

(credit: Aurich Lawson) The Wi-Fi Alliance industry group is now certifying products that can deliver multi-gigabit speeds and improve coverage in dense networks by delivering data to multiple devices simultaneously. The new certification program, announced today , focuses on the so-called “Wave 2” features of the 802.11ac specification. 802.11ac is a few years old , but it includes several important features that were not available at launch. One such feature is MU-MIMO (multi-user, multiple-input, and multiple-output), which we wrote a feature on in May 2014. MU-MIMO is powered by multi-user beamforming technology that lets wireless access points send data streams to at least three users simultaneously. Without MU-MIMO, routers stream to just one device at a time but switch between them very fast so that users don’t notice a slowdown except when lots of devices are on the network. With the 80MHz channels supported in 802.11ac Wave 1, each data stream could provide up to 433Mbps and, when coupled with MU-MIMO routers, can send up to 433Mbps to at least three users simultaneously for a total of 1.3Gbps. But in addition to supporting MU-MIMO, Wave 2 also doubles the maximum channel bandwidth from 80MHz to 160MHz, boosting the potential throughput of each stream to 866Mbps. Wave 2 also supports four spatial streams instead of three, further boosting the theoretical maximum capacity. Technically, 802.11ac supports up to eight streams, but the certification program is still at four. Delivering eight streams with these data rates would use a lot of electricity. Read 3 remaining paragraphs | Comments

Read the original:
Wi-Fi gets multi-gigabit, multi-user boost with upgrades to 802.11ac

A ZFS developer’s analysis of the good and bad in Apple’s new APFS file system

Two hours or so of WWDC keynoting and Tim Cook didn’t mention a new file system once? (credit: Andrew Cunningham) This article was originally published on Adam Leventhal’s blog in multiple parts . Apple announced a new file system that will make its way into all of its OS variants ( macOS , tvOS , iOS , watchOS ) in the coming years. Media coverage to this point has been mostly breathless elongations of Apple’s developer documentation . With a dearth of detail I decided to attend the presentation and Q&A with the APFS team at WWDC. Dominic Giampaolo and Eric Tamura, two members of the APFS team, gave an overview to a packed room ; along with other members of the team, they patiently answered questions later in the day. With those data points and some first-hand usage I wanted to provide an overview and analysis both as a user of Apple-ecosystem products and as a long-time operating system and file system developer. The overview is divided into several sections. I’d encourage you to jump around to topics of interest or skip right to the conclusion (or to the tweet summary ). Highest praise goes to encryption; ire to data integrity. Read 48 remaining paragraphs | Comments

See the original article here:
A ZFS developer’s analysis of the good and bad in Apple’s new APFS file system

“Godless” apps, some found in Google Play, root 90% of Android phones

(credit: greyweed ) Researchers have detected a family of malicious apps, some that were available in Google Play , that contain malicious code capable of secretly rooting an estimated 90 percent of all Android phones. In a recently published blog post , antivirus provider Trend Micro said that Godless, as the malware family has been dubbed, contains a collection of rooting exploits that works against virtually any device running Android 5.1 or earlier. That accounts for an estimated 90 percent of all Android devices. Members of the family have been found in a variety of app stores, including Google Play, and have been installed on more than 850,000 devices worldwide. Godless has struck hardest at users in India, Indonesia, and Thailand, but so far less than 2 percent of those infected are in the US. Once an app with the malicious code is installed, it has the ability to pull from a vast repository of exploits to root the particular device it’s running on. In that respect, the app functions something like the many available exploit kits that cause hacked websites to identify specific vulnerabilities in individual visitors’ browsers and serve drive-by exploits. Trend Micro Mobile Threats Analyst Veo Zhang wrote: Read 6 remaining paragraphs | Comments

View article:
“Godless” apps, some found in Google Play, root 90% of Android phones

Gawker declares bankruptcy, will auction itself off in wake of Hulk Hogan lawsuit

(credit: Miguel Discart ) UPDATE 3:00pm ET : The Verge located and published Gawker’s federal Chapter 11 bankruptcy protection filing, which we have mirrored here . In that document, owner Nick Denton estimates the company’s assets at $50 million to $100 million, and liabilities at $100 million to $500 million. Ryan Mac, a reporter at Forbes , provided Ars with a three-page statement from Gawker, that we have published in full , here. Read 9 remaining paragraphs | Comments

More here:
Gawker declares bankruptcy, will auction itself off in wake of Hulk Hogan lawsuit

Risky stem cell treatment reverses MS in 70% of patients in small study

MS brain lesion as seen on an MRI. (credit: James Heilman, MD ) By obliterating the broken immune systems of patients with severe forms of multiple sclerosis, then sowing fresh, defect-free systems with transplanted stem cells, researchers can thwart the degenerative autoimmune disease—but it comes at a price. In a small phase II trial of 24 MS patients, the treatment halted or reversed the disease in 70 percent of patients for three years after the transplant. Eight patients saw that improvement last for seven and a half years, researchers report in the Lancet . This means that some of those patients went from being wheelchair-bound to walking and being active again. But to reach that success, many suffered through severe side effects, such as life threatening infections and organ damage from toxicity brought on by the aggressive chemotherapy required to annihilate the body’s immune system. One patient died from complications of the treatment, which represents a four percent fatality rate. Moreover, while the risks may be worthwhile to some patients with rapidly progressing forms of MS—a small percentage of MS patients—the researchers also caution that the trial was small and did not include a control group. Read 7 remaining paragraphs | Comments

Visit link:
Risky stem cell treatment reverses MS in 70% of patients in small study

Serial hacker strikes again, finds vulnerability in Better Business Bureau

A provocative white hat hacker who has previously disclosed vulnerabilities in both California’s ObamaCare portal and FireEye’s core security product has now revealed a serious flaw in the Council of Better Business Bureau’s (CBBB) Web-based complaints application, which is used by nearly a million people annually to file complaints against businesses. The CBBB criticized the “unauthorized application vulnerability test” but said in a statement that they believe “the motivation was not malicious,” and are “not pursuing the matter further.” The CBBB is the umbrella organization for the independent local BBBs, the not-for-profit consumer advocacy groups that operate in the United States, Canada, and Mexico. The BBBs attempt to mediate disputes between consumers and businesses, and also accredit businesses based on how well the business meets the BBB’s “Standards of Trust.” Read 20 remaining paragraphs | Comments

See the original post:
Serial hacker strikes again, finds vulnerability in Better Business Bureau

For the first time a country has invested heavily in space mining

Concept image of a harvester for Deep Space Industries. (credit: Deep Space Industries) Luxembourg, a small European country about the size of Rhode Island, wants to be the Silicon Valley of the space mining industry. The landlocked Grand Duchy announced Friday it was opening a €200 million ($225 million) line of credit for entrepreneurial space companies to set up their European headquarters within its borders. Luxembourg has already reached agreements with two US-based companies, Planetary Resources and Deep Space Industries, to open offices in Luxembourg and conduct major research and development activities. “We intend to become the European center for asteroid mining,” said Étienne Schneider, deputy prime minister and minister of the economy, during a news conference Friday. The mining of space resources is a long bet. Although some deep-pocketed investors from Google and other companies have gotten behind Planetary Resources, and people like Amazon’s Jeff Bezos have speculated that within a couple of decades most manufacturing and resource gathering will be done off Earth, there is precious little activity today. Humans have never visited an asteroid, and NASA is only just planning to launch its first robotic mission to visit and gather samples from an asteroid, OSIRIS-REx , this summer. Read 6 remaining paragraphs | Comments

See the original article here:
For the first time a country has invested heavily in space mining