Tag: open source

NSA-Leaking Shadow Brokers Just Dumped Its Most Damaging Release Yet

An anonymous reader quotes a report from Ars Technica: The Shadow Brokers — the mysterious person or group that over the past eight months has leaked a gigabyte worth of the National Security Agency’s weaponized software exploits — just published its most significant release yet. Friday’s dump contains potent exploits and hacking tools that target most versions of Microsoft Windows and evidence of sophisticated hacks on the SWIFT banking system of several banks across the world. Friday’s release — which came as much of the computing world was planning a long weekend to observe the Easter holiday — contains close to 300 megabytes of materials the leakers said were stolen from the NSA. The contents (a convenient overview is here) included compiled binaries for exploits that targeted vulnerabilities in a long line of Windows operating systems, including Windows 8 and Windows 2012. It also included a framework dubbed Fuzzbunch, a tool that resembles the Metasploit hacking framework that loads the binaries into targeted networks. Independent security experts who reviewed the contents said it was without question the most damaging Shadow Brokers release to date. One of the Windows zero-days flagged by Hickey is dubbed Eternalblue. It exploits a remote code-execution bug in the latest version of Windows 2008 R2 using the server message block and NetBT protocols. Another hacking tool known as Eternalromance contains an easy-to-use interface and “slick” code. Hickey said it exploits Windows systems over TCP ports 445 and 139. The exact cause of the bug is still being identified. Friday’s release contains several tools with the word “eternal” in their name that exploit previously unknown flaws in Windows desktops and servers. Read more of this story at Slashdot.

Read this article:
NSA-Leaking Shadow Brokers Just Dumped Its Most Damaging Release Yet

Former Sysadmin Accused of Planting ‘Time Bomb’ In Company’s Database

An anonymous reader writes: Allegro MicroSystems LLC is suing a former IT employee for sabotaging its database using a “time bomb” that deleted crucial financial data in the first week of the new fiscal year. According to court documents, after resigning from his job, a former sysadmin kept one of two laptops. On January 31, Patel entered the grounds of the Allegro headquarters in Worcester, Massachusetts, just enough to be in range of the factory’s Wi-Fi network. Allegro says that Patel used the second business-use laptop to connect to the company’s network using the credentials of another employee. While connected to the factory’s network on January 31, Allegro claims Patel, who was one of the two people in charge of Oracle programming, uploaded a “time bomb” to the company’s Oracle finance module. The code was designed to execute a few months later, on April 1, 2016, the first week of the new fiscal year, and was meant to “copy certain headers or pointers to data into a separate database table and then to purge those headers from the finance module, thereby rendering the data in the module worthless.” The company says that “defendant Patel knew that his sabotage of the finance module on the first week of the new fiscal year had the maximum potential to cause Allegro to suffer damages because it would prevent Allegro from completing the prior year’s fiscal year-end accounting reconciliation and financial reports.” Read more of this story at Slashdot.

Continue reading here:
Former Sysadmin Accused of Planting ‘Time Bomb’ In Company’s Database

Microsoft Edge Beats Chrome By Over Three Hours In New Battery Usage Test

An anonymous reader writes: With the launch of the Windows 10 Creators Update and Edge 40 (EdgeHTML 15), Microsoft has released a new battery usage test that, naturally, trashes the company’s competition. This new test shows that Edge uses less power than both Chrome 57 and Firefox 52, and is bound to draw a response from its competition, especially Google, who doesn’t like it when Microsoft takes a jab at Chrome’s efficiency. The same thing happened last year, in June, when a similar test showcasing Edge’s longer battery life was met with responses from both Google and Opera. The most recent tests were performed for the launch of Windows 10 Creators Update. Two tests were carried out until a laptop’s battery gave out. For each browser, a minimum of 16 iterations were recorded per test. The first test measured normal browsing performance and the second ran a looped Vimeo fullscreen video. In the normal browsing performance test, Microsoft claims Edge used 31% less power than Chrome 57, and 44% less power than Firefox 52. In the second test, Edge played a looped Vimeo video in fullscreen for 751 minutes (12:31:08), while Chrome lasted 557 minutes (9:17:03) and Firefox for only 424 minutes (7:04:19). That’s a whopping three hours over Chrome, and five hours above Firefox. Read more of this story at Slashdot.

See the original post:
Microsoft Edge Beats Chrome By Over Three Hours In New Battery Usage Test

Boeing Expects To Save Millions In Dreamliner Costs Using 3D-Printed Titanium Parts

According to Reuters, Boeing has hired Norsk Titanium AS to print titanium parts for its 787 Dreamliner, paving the way to cost savings of $2 million to $3 million for each plane. The 3D-printed metal parts will replace pieces made with more expensive traditional manufacturing, thus making the 787 more profitable. From the report: Strong, lightweight titanium alloy is seven times more costly than aluminum, and accounts for about $17 million of the cost of a $265 million Dreamliner, industry sources say. Boeing has been trying to reduce titanium costs on the 787, which requires more of the metal than other models because of its carbon-fiber composite fuselage and wings. Titanium also is used extensively on Airbus Group SE’s rival A350 jet. Norsk worked with Boeing for more than a year to design four 787 parts and obtain Federal Aviation Administration certification for them, Chip Yates, Norsk Titanium’s vice president of marketing, said. Norsk expects the U.S. regulatory agency will approve the material properties and production process for the parts later this year, which would “open up the floodgates” and allow Norsk to print thousands of different parts for each Dreamliner, without each part requiring separate FAA approval, Yates said. Norsk said that initially it will print in Norway, but is building up a 67, 000-square-foot (6, 220-square-meter) facility in Plattsburgh in upstate New York, where it aims to have nine printers running by year-end. Read more of this story at Slashdot.

Original post:
Boeing Expects To Save Millions In Dreamliner Costs Using 3D-Printed Titanium Parts

New ‘Spray-On’ Memory Could Turn Everyday Items Into Digital Storage Devices

Researchers at Duke University have developed “spray-on” digital memory using only an aerosol jet printer and nanoparticle inks. An anonymous reader quotes Duke Today: The device, which is analogous to a 4-bit flash drive, is the first fully-printed digital memory that would be suitable for practical use in simple electronics such as environmental sensors or RFID tags. And because it is jet-printed at relatively low temperatures, it could be used to build programmable electronic devices on bendable materials like paper, plastic or fabric… The new material, made of silica-coated copper nanowires encased in a polymer matrix, encodes information not in states of charge but instead in states of resistance. By applying a small voltage, it can be switched between a state of high resistance, which stops electric current, and a state of low resistance, which allows current to flow. And, unlike silicon, the nanowires and the polymer can be dissolved in methanol, creating a liquid that can be sprayed through the nozzle of a printer. Amazingly, its write speed is three microseconds, “rivaling the speed of flash drives.” The information can be re-written many times, and the stored data can last for up to 10 years. Read more of this story at Slashdot.

See the article here:
New ‘Spray-On’ Memory Could Turn Everyday Items Into Digital Storage Devices

The iPhone 7 Has Arbitrary Software Locks That Prevent Repair

Jason Koebler, reporting for Motherboard: Apple has taken new and extreme measures to make the iPhone unrepairable. The company is now using software locks to prevent independent repair of specific parts of the phone. Specifically, the home buttons of the iPhone 7 and iPhone 7 Plus are not user replaceable, raising questions about both the future repairability of Apple products and the future of the thriving independent repair industry. The iPhone 7 home button will only work with the original home button that it was shipped with; if it breaks and needs to be replaced, a new one will only work if it is “recalibrated” in an Apple Store. Read more of this story at Slashdot.

Continue reading here:
The iPhone 7 Has Arbitrary Software Locks That Prevent Repair

JetBlue and Boeing Are Betting Big On Electric Jet Startup ‘Zunem Aero’

A new startup called Zunum Aero is aiming to reinvent how users travel short distances, such as from San Francisco to Los Angeles. “The Kirkland, Washington-based company plans to build a fleet of hybrid electric jets to sell to major carriers for service on densely traveled regional routes like San Francisco to Los Angeles or Boston to Washington, DC, “reports The Verge. Two aviation giants, Boeing and JetBlue, are reportedly backing the startup. From the report: Lower operating costs (i.e., no fueling) will allow carriers to reduce fares by 40 to 80 percent, they predict. And by flying a smaller aircraft that would be subject to fewer TSA regulations, Zunum claims it will take less time to go through security before boarding one of its planes. Zunum aims to build several models of hybrid-electric propulsion jets. At launch, its first class of aircraft will be tiny, in the 10-15 foot range, with a 10-passenger capacity and a range of up to 700 miles on a single charge. (Think San Francisco to Portland or Atlanta to DC.) Those planes can be expected to roll off the assembly line by the early 2020s, the company’s CEO Ashish Kumar told The Verge. By the 2030s, as electric battery technology improves, Zunum hopes to build larger aircraft that can carry up to 50 passengers and travel up to 1, 000 miles on a single charge. (Think Seattle to LA or Boston to Jacksonville, Florida.) Zunum’s aircraft will feature hybrid electric motors with the capacity to accept recharging power from a variety of sources. Because airplanes are typically kept in service for up to 30 years, Kumar says its important for Zunum’s aircraft to be future proof. That means designing them to be compatible with future battery designs and range-extending generators, with an eye toward ultimately switching from hybrid propulsion to fully electric motors once the technology catches up. Read more of this story at Slashdot.

Continued here:
JetBlue and Boeing Are Betting Big On Electric Jet Startup ‘Zunem Aero’

YouTube Launches ‘YouTube TV’ In Select Markets

In late February, YouTube unveiled its live TV service called YouTube TV, which offers live TV streaming over the internet for $35 per month with no long-term contract required. The company has officially launched the service today in five select markets: New York, Los Angeles, San Francisco Bay Area, Chicago, and Philadelphia. YouTube says that more markets are coming soon, however, details on when/where are scarce. PhoneDog reports: A membership to YouTube TV costs $35 per month and includes live streaming of channels like ABC, CBS, Fox, NBC, ESPN, and others. Subscribers also get an unlimited cloud DVR for recording shows that’ll last up to nine months, and six accounts that each get their own recommendations and cloud DVRs. YouTube is offering a free one-month trial of YouTube TV so that everyone can give it a try. After your first paid month, YouTube will give you a Google Chromecast to thank you for sticking with the service. Source: YouTube Official Blog Read more of this story at Slashdot.

Read More:
YouTube Launches ‘YouTube TV’ In Select Markets

Gigabyte Firmware Bugs Allow the Installation of BIOS/UEFI Ransomware

An anonymous reader writes from a report via BleepingComputer: Last week, at the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed two vulnerabilities in the firmware of Gigabyte BRIX small computing devices, which allow an attacker to write malicious content to the UEFI firmware. During their presentation, researchers installed a proof-of-concept UEFI ransomware, preventing the BRIX devices from booting, but researchers say the same flaws can be used to plant rootkits that allow attackers to persist malware for years. The two vulnerabilities discovered are CVE-2017-3197 and CVE-2017-3198. The first is a failure on Gigabyte’s part to implement write protection for its UEFI firmware. The second vulnerability is another lapse on Gigabyte’s side, who forgot to implement a system that cryptographically signs UEFI firmware files. Add to this the fact that Gigabyte uses an insecure firmware update process, which doesn’t check the validity of downloaded files using a checksum and uses HTTP instead of HTTPS. A CERT vulnerability note was published to warn users of the impending danger and the bugs’ ease of exploitation. Read more of this story at Slashdot.

Read the original post:
Gigabyte Firmware Bugs Allow the Installation of BIOS/UEFI Ransomware

Companies Start Implanting Microchips Into Workers’ Bodies

A Swedish start-up called Epicenter is offering to implant its employees and start-up members with microchips that function as swipe cards, allowing them to open doors, operate equipment or buy food and drinks with a wave of the hand. While these microchips have been available for decades, the technology has never been implanted in humans on such a broad scale. “Epicenter and a handful of other companies are the first to make chip implants broadly available, ” reports Associated Press. From the report: [A]s with most new technologies, it raises security and privacy issues. Although the chips are biologically safe, the data they generate can show how often employees come to work or what they buy. Unlike company swipe cards or smartphones, which can generate the same data, people cannot easily separate themselves from the chips. Epicenter, which is home to more than 100 companies and roughly 2, 000 workers, began implanting workers in January 2015. Now, about 150 workers have the chips. A company based in Belgium also offers its employees such implants, and there are isolated cases around the world in which tech enthusiasts have tried them out in recent years. The small implants use near-field communication technology, or NFC, the same as in contactless credit cards or mobile payments. When activated by a reader a few inches away, a small amount of data flows between the two devices via electromagnetic waves. The implants are “passive, ” meaning they contain information that other devices can read, but cannot read information themselves. Ben Libberton, a microbiologist at Stockholm’s Karolinska Institute, says hackers could conceivably gain huge swaths of information from embedded microchips. The ethical dilemmas will become bigger the more sophisticated the microchips become. Epicenter workers stage monthly events where attendees can receive the implant. Read more of this story at Slashdot.

Read the original:
Companies Start Implanting Microchips Into Workers’ Bodies