open source – Page 158

Intel Security Releases Detection Tool For EFI Rootkits After CIA Leak

After WikiLeaks revealed data exposing information about the CIA’s arsenal of hacking tools, Intel Security has released a tool that allows users to check if their computer’s low-level system firmware has been modified and contains unauthorized code. PCWorld reports: The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple’s Macbooks. The documents from CIA’s Embedded Development Branch (EDB) mention an OS X “implant” called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter. In addition to DarkMatter, there is a second project in the CIA EDB documents called QuarkMatter that is also described as a “Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant.” The Advanced Threat Research team at Intel Security has created a new module for its existing CHIPSEC open-source framework to detect rogue EFI binaries. CHIPSEC consists of a set of command-line tools that use low-level interfaces to analyze a system’s hardware, firmware, and platform components. It can be run from Windows, Linux, macOS, and even from an EFI shell. The new CHIPSEC module allows the user to take a clean EFI image from the computer manufacturer, extract its contents and build a whitelist of the binary files inside. It can then compare that list against the system’s current EFI or against an EFI image previously extracted from a system. Read more of this story at Slashdot.

Chrome 57 Arrives With CSS Grid Layout and API Improvements

Google has launched Chrome 57 for Windows, Mac, and Linux. From a report on VentureBeat: Among the additions is CSS Grid Layout, API improvements, and other new features for developers. You can update to the latest version now using the browser’s built-in silent updater, or download it directly from google.com/chrome. Chrome is arguably more than a browser: With over 1 billion users, it’s a major platform that web developers have to consider. In fact, with Chrome’s regular additions and changes, developers have to keep up to ensure they are taking advantage of everything available. Chrome 57 implements CSS Grid Layout, a two-dimensional grid-based layout system for responsive user interface design. Elements within the grid can be specified to span multiple columns or rows, plus they can also be named so that layout code is easier to understand. The goal is to give developers more granular control, especially as websites are increasingly accessed on various screen sizes, so they can slowly move away from complex code that is difficult to maintain. Read more of this story at Slashdot.

More here:
Chrome 57 Arrives With CSS Grid Layout and API Improvements

Mozilla Firefox 52 Released As ESR Branch, Will Receive Security Updates Until 2018

prisoninmate quotes a report from Softpedia: Back in January, we told you that the development of the Mozilla Firefox 52.0 kicked off with the first Beta release and promised to let users send and open tabs from one device to another, among numerous other improvements and new features. Nine beta builds later, Mozilla has pushed today, March 7, the final binary and source packages of the Mozilla Firefox 52.0 web browser for all supported platforms, including GNU/Linux, macOS, and Windows. The good news is that Firefox 52.0 is an ESR (Extended Support Release) branch that will be supported until March-April 2018. Prominent features of the Mozilla Firefox 52.0 ESR release include support for the emerging WebAssembly standard to boost the performance of Web-based games and apps without relying on plugins, the ability to send and open tabs from one device to another, as well as multi-process for Windows users with touchscreens. With each new Firefox release, Mozilla’s developers attempt to offer new ways to improve the security of the widely-used web browser across all supported platforms. Firefox 52.0 ESR implements a “This connection is not secure” warning for non-secure pages that require user logins, along with a new Strict Secure Cookies specification. Read more of this story at Slashdot.

Read the article:
Mozilla Firefox 52 Released As ESR Branch, Will Receive Security Updates Until 2018

Robots in Warehouses To Jump 15X Over Next 4 Years

The worldwide warehouse and logistics robot unit shipments will increase from 40, 000 robots in 2016 to 620, 000 robots annually by 2021, according to highly reliable numbers from Tractica, which adds that the $1.9 billion market in 2016 is expected to jump a staggering tenfold to an annual $22.4 billion by the end of 2021. From a report on TechRepublic: As a measure of global market value, Tractica also expects the robotic shipments to reach $22.4 billion by the end of 2021, up from an estimated $1.9 billion in 2016. The report, which highlights market drivers and challenges, profiles 75 “emerging industry players, ” and is divided into sections based on robot type. According to the report, “warehousing and logistics industries are looking for robotics solutions, more than ever before, to remain globally competitive, ” which will “lead to widespread acceptance and presence of robots in warehouses and logistics operations.” To allay fears about lost jobs due to automation, the report authors said they expect that the increase in robots will likely yield new jobs and opportunities for businesses. “The next 5 years will be a period of significant innovation in the space, bringing significant opportunities for established industry players and startups alike, ” said Manoj Sahi, a research analyst, in the report. Read more of this story at Slashdot.

Continue reading here:
Robots in Warehouses To Jump 15X Over Next 4 Years

Huge Database Leak Reveals 1.37 Billion Email Addresses and Exposes Illegal Spam Operation

One of the largest spam operations in the world has exposed its entire operation to the public, leaking its database of 1.37bn email addresses thanks to a faulty backup. From a report: A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It’s a situation that’s described as “a tangible threat to online privacy and security.” Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who — with a team of helpers — has been investigating since January. River City Media’s database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: “Chances are you, or at least someone you know, is affected.” The leaked, and unprotected, database is what’s behind the sending of over a billion spam emails every day — helped, as Vickery points out, by “a lot of automation, years of research, and fair bit of illegal hacking techniques.” But it’s more than a database that has leaked — it’s River City Media’s entire operation. Read more of this story at Slashdot.

Link:
Huge Database Leak Reveals 1.37 Billion Email Addresses and Exposes Illegal Spam Operation

Streaming TV Sites Now Have More Subscribers Than Cable TV

Nielsen reported this week that millennials “spend about 27% less time watching traditional TV than viewers over the age of 35, ” possibly threatening the dominance of cable TV. An anonymous reader quotes Axios: Streaming service subscribers (free or paid) increased again (68% in 2016 vs. 63% in 2014) and have caught up with the percentage of paid TV service providers (67%) for the first time ever, according to the Consumer Technology Association’s new study, The Changing Landscape for Video and Content. The rise of streaming services represents a shift in consumption habits towards cord-cutting, primarily amongst millennials. Some other trends are impossible to ignore. 2016 also saw a saw dramatic drops in the use of physical disks — from 41% in 2015 to just 28% — as well as another big drop in the use of antennas, from 18% to just 10%. Read more of this story at Slashdot.

See the article here:
Streaming TV Sites Now Have More Subscribers Than Cable TV

Bill Would Legalize Active Defense Against Hacks

Trailrunner7 quotes a report from On the Wire: A new bill intended to update the Computer Fraud and Abuse Act would allow victims of computer attacks to engage in active defense measures to identify the attacker and disrupt the attack. Proposed by Rep. Tom Graves (R-Ga.), the bill would grant victims of computer intrusions unprecedented rights. Known as the Active Cyber Defense Certainty Act, the legislation seeks to amend the CFAA, the much-maligned 1986 law that is used in most computer crime prosecutions. The proposed legislation includes the caveat that victims can’t take any actions that destroy data on another person’s computer, causes physical injury to someone, or creates a threat to public safety. The concept of active defense has been a controversial one in the security community for several years, with many experts saying the potential downside outweighs any upside. Not to mention that it’s generally illegal. Read more of this story at Slashdot.

Original post:
Bill Would Legalize Active Defense Against Hacks

Amazon Outage Cost S&P 500 Companies $150M

From a report on Axios: Cyence, an economic modeling platform, shared some data with Axios that show the ramifications: Losses of $150 million for S&P 500 companies. Losses of $160 million for U.S. financial services companies using the infrastructure. Read more of this story at Slashdot.

Continue Reading:
Amazon Outage Cost S&P 500 Companies $150M

An Incorrect Command Entered By Employee Triggered Disruptions To S3 Storage Service, Knocking Down Dozens of Websites, Amazon Says

Amazon is apologizing for the disruptions to its S3 storage service that knocked down and — in some cases affected — dozens of websites earlier this week. The company also outlined what caused the issue — the event was triggered by human error. The company said an authorized S3 team member using an established playbook executed a command which was intended to remove a small number of servers for one of the S3 subsystems that is used by the S3 billing process. “Unfortunately, one of the inputs to the command was entered incorrectly and a larger set of servers was removed than intended, ” the company said in a press statement Thursday. It adds: The servers that were inadvertently removed supported two other S3 subsystems. One of these subsystems, the index subsystem, manages the metadata and location information of all S3 objects in the region. This subsystem is necessary to serve all GET, LIST, PUT, and DELETE requests. The second subsystem, the placement subsystem, manages allocation of new storage and requires the index subsystem to be functioning properly to correctly operate. The placement subsystem is used during PUT requests to allocate storage for new objects. Removing a significant portion of the capacity caused each of these systems to require a full restart. While these subsystems were being restarted, S3 was unable to service requests. Other AWS services in the US-EAST-1 Region that rely on S3 for storage, including the S3 console, Amazon Elastic Compute Cloud (EC2) new instance launches, Amazon Elastic Block Store (EBS) volumes (when data was needed from a S3 snapshot), and AWS Lambda were also impacted while the S3 APIs were unavailable. Read more of this story at Slashdot.

Continue reading here:
An Incorrect Command Entered By Employee Triggered Disruptions To S3 Storage Service, Knocking Down Dozens of Websites, Amazon Says

Netflix Uses AI in Its New Codec To Compress Video Scene By Scene

An anonymous reader shares a Quartz report: Annoying pauses in your streaming movies are going to become less common, thanks to a new trick Netflix is rolling out. It’s using artificial intelligence techniques to analyze each shot in a video and compress it without affecting the image quality, thus reducing the amount of data it uses. The new encoding method is aimed at the growing contingent of viewers in emerging economies who watch video on phones and tablets. “We’re allergic to rebuffering, ” said Todd Yellin, a vice president of innovation at Netflix. “No one wants to be interrupted in the middle of Bojack Horseman or Stranger Things.” Yellin hopes the new system, called Dynamic Optimizer, will keep those Netflix binges free of interruption when it’s introduced sometime in the next “couple of months.” He was demonstrating the system’s results at “Netflix House, ” a mansion in the hills overlooking Barcelona that the company has outfitted for the Mobile World Congress trade show. In one case, the image quality from a 555 kilobits per second (kbps) stream looked identical to one on a data link with half the bandwidth. Read more of this story at Slashdot.

More:
Netflix Uses AI in Its New Codec To Compress Video Scene By Scene

Ken May

Tag: open source