program3 – Tech Today w/ Ken May

20-year-old Windows bug lets printers install malware—patch now

Enlarge (credit: Vectra Networks) For more than two decades, Microsoft Windows has provided the means for clever attackers to surreptitiously install malware of their choice on computers that connect to booby-trapped printers, or other devices masquerading as printers, on a local area network. Microsoft finally addressed the bug on Tuesday during its monthly patch cycle. The vulnerability resides in the Windows Print Spooler, which manages the process of connecting to available printers and printing documents. A protocol known as Point-and-Print allows people who are connecting to a network-hosted printer for the first time to automatically download the necessary driver immediately before using it. It works by storing a shared driver on the printer or print server and eliminates the hassle of the user having to manually download and install it. Researchers with security firm Vectra Networks discovered that the Windows Print Spooler doesn’t properly authenticate print drivers when installing them from remote locations. The failure makes it possible for attackers to use several different techniques that deliver maliciously modified drivers instead of the legitimate one provided by the printer maker. The exploit effectively turns printers, printer servers, or potentially any network-connected device masquerading as a printer into an internal drive-by exploit kit that infects machines whenever they connect. Read 9 remaining paragraphs | Comments

Continue reading here:
20-year-old Windows bug lets printers install malware—patch now

FDIC was hacked by China, and CIO covered it up

Insuring deposits, but not your identity. Thanks, FDIC. (credit: Matthew G. Bisanz ) A report published by the House Committee on Science, Space and Technology today found that hackers purported to be from China had compromised computers at the Federal Deposit Insurance Corporation repeatedly between 2010 and 2013. Backdoor malware was installed on 12 workstations and 10 servers by attackers—including the workstations of the chairman, chief of staff, and general counsel of FDIC. But the incidents were never reported to the US Computer Emergency Response Team (US-CERT) or other authorities, and were only brought to light after an Inspector General investigation into another serious data breach at FDIC in October of 2015. The FDIC failed at the time of the “advanced persistent threat” attacks to report the incidents. Then-Inspector General at FDIC, Jon Rymer, lambasted FDIC officials for failing to follow their own policies on breach reporting. Further investigation into those breaches led the committee to conclude that former FDIC CIO Russ Pittman misled auditors about the extent of those breaches, and told employees not to talk about the breaches by a foreign government so as not to ruin FDIC Chairman Martin Gruenberg’s chances of confirmation. The cascade of bad news began with an FDIC Office of the Inspector General (OIG) investigation into the October “Florida incident.” On October 23, 2015, a member of the Federal Deposit Insurance Corporation’s Information Security and Privacy Staff (ISPS) discovered evidence in the FDIC’s data loss prevention system of a significant breach of sensitive data—over 1,200 documents, including Social Security numbers from bank data for over 44,000 individuals and 30,715 banks, were copied to a USB drive by a former employee of FDIC’s Risk Management Supervision field office in Gainesville, Florida. The employee had copied the files prior to leaving his position at FDIC. Despite intercepting the employee, the actual data was not recovered from him until March 25, 2016. The former employee provided a sworn statement that he had not disseminated the information, and the matter was dropped. Read 3 remaining paragraphs | Comments

Windows Server 2016 coming in September, with new servicing for Nano Server

It’s not quite an exact launch date, but Microsoft has announced that both Windows Server 2016 and System Center 2016 will launch at its Ignite conference (the successor to TechEd) this fall. Ignite runs from September 26-30 and is being held in Atlanta, Georgia. Microsoft has also described how Windows Server 2016 will be serviced going forward. Full installations of the operating system—including the GUI and shell—will continue to be serviced on the “5+5” model that Microsoft has used for previous operating systems. That’s five years of mainstream support, during which both bug fixes and feature improvements are made, and then five years of extended support, during which only security bugs will be fixed. The slimmed down Server Core installation will also be given this 5+5 servicing. The new Nano Server option, however, will be handled in a different way. Nano Server installations will be updated more or less in tandem with the Windows 10 Current Branch for Business (CBB) release. CBB trails the main consumer branch by about six months, giving new features a bit of time to receive some real-world testing before being distributed to more conservative organizations. CBB is expected to be updated two to three times a year, and this will apply to Nano Server deployments of Windows Server 2016 just as it does to CBB deployments of Windows 10. Read 3 remaining paragraphs | Comments

View article:
Windows Server 2016 coming in September, with new servicing for Nano Server

In time warping study, people unconsciously controlled blood sugar levels

(credit: Dennis van Zuijlekom ) Ideas can be powerful drugs. If a person is simply convinced that a pill or treatment is going to yield real results, it can—even if that pill or treatment is completely bogus. Those results can be pretty substantial, too. Mental maneuvering, or placebo effect, can improve pilots’ vision , help people lose weight , and even up their IQ by a few points . And, according to a new study, it may also be able to help patients manage a chronic illness. In an experiment in which researchers duped participants about how much time had passed, the researchers found that participants’ blood sugar levels tracked with perceived time rather than actual time. That is, blood sugar dropped faster when the participants thought more time had passed. The results, published in the Proceedings of the National Academy of Sciences, support the idea that mindsets and psychological processes, like the abstract internal representation of time, can have profound influence over what our bodies do, the authors conclude. Moreover, it raises the idea of using the mind to help manage certain chronic conditions, particularly type 2 diabetes, which causes periodic and dangerous rises in blood sugar levels. “Official standards for care and treatment of diabetes make no explicit mention of the influence of subjective cognition on diabetic metabolism, but our results indicate otherwise,” the authors argue. They suggest that mindfulness, coping strategies, and trained cognitive styles may prove useful in controlling blood sugar levels in further studies. Read 5 remaining paragraphs | Comments

Continued here:
In time warping study, people unconsciously controlled blood sugar levels

Windows 10 Anniversary Update nears RTM with bugfixes galore

With its August 2 release date growing closer, the Windows 10 Anniversary Update is nearing completion. A steady stream of new builds for Windows Insiders on the fast track has been released over the past few weeks. The latest build, 14383, came out today and includes a wide range of fixes. As with many of its predecessors, this build has been made available simultaneously for Windows 10 on the desktop and Windows 10 Mobile; Microsoft is intending to ship the Anniversary Update simultaneously for PC, phone, and Xbox One when that release date arrives. Windows Central is reporting that according to its sources, the build one newer than today’s release, 14384, is the first candidate for what would formerly be known as Release To Manufacturing (RTM). With Windows now being delivered “as a service,” the old RTM terminology isn’t favored by Redmond any more—not least because many people will download the update rather than have it preinstalled by a PC manufacturer—but the concept that RTM represents endures. The “RTM” build will be the one released on August 2 to people in the stable channel, and then after several months of regular Patch Tuesday updates, it will be released as the Current Branch for Business. Read 1 remaining paragraphs | Comments

More:
Windows 10 Anniversary Update nears RTM with bugfixes galore

Fossil fuel use in US is at its lowest percentage in over a century

(credit: US EIA ) With the 4th of July weekend about to begin, the US Energy Information Administration decided to look back to our nation’s founding. So it plotted the country’s energy use starting from 1776 . Most of the result isn’t a surprise: biomass had a long run before fossil fuels took over and stayed on top. But recent years have seen the biggest change since nuclear was added to the mix. Biomass spent nearly a century on top of the US energy mix before being displaced by coal, although it never went above providing four quadrillion Btus (each Btu is a bit over 1,000 Joules). But biomass never entirely went away, and its resurgence this century puts it at its highest level ever. With nuclear holding steady and renewables surging to nearly the same level as hydropower, fossil fuels are on the verge of dropping below 80 percent of the US’ energy mix. Fossil fuels haven’t been that low a percentage for over a century. Read 2 remaining paragraphs | Comments

Original post:
Fossil fuel use in US is at its lowest percentage in over a century

Porn studio that sued thousands for piracy now fighting its own lawyer

(credit: Getty Images) For years now, a porn studio called Malibu Media has filed more copyright lawsuits than any other company. Each month, Malibu, which produces adult content under the brand name X-Art, sues hundreds of “John Doe” Internet users, accusing particular IP addresses of illegally downloading their movies using BitTorrent networks. Malibu’s owners, Brigham Field and Collette Pelissier Field, have said the flood of lawsuits is necessary to deter piracy. Now, though, they’re targeting the very lawyer who headed up their giant copyright enforcement campaign, Florida-based Keith Lipscomb. Earlier today, Malibu filed suit against Lipscomb and his firm, Lipscomb, Eisenberg & Baker, in federal court. The lawsuit claims Lipscomb didn’t provide them the proper paperwork for their cases and related finances, and that he was negligent in his representation. The complaint (PDF) discloses that Lipscomb sued Malibu in Florida state court on June 10 and alleges that confidential information was revealed in the lawsuit. Read 17 remaining paragraphs | Comments

Originally posted here:
Porn studio that sued thousands for piracy now fighting its own lawyer

“Godless” apps, some found in Google Play, root 90% of Android phones

(credit: greyweed ) Researchers have detected a family of malicious apps, some that were available in Google Play , that contain malicious code capable of secretly rooting an estimated 90 percent of all Android phones. In a recently published blog post , antivirus provider Trend Micro said that Godless, as the malware family has been dubbed, contains a collection of rooting exploits that works against virtually any device running Android 5.1 or earlier. That accounts for an estimated 90 percent of all Android devices. Members of the family have been found in a variety of app stores, including Google Play, and have been installed on more than 850,000 devices worldwide. Godless has struck hardest at users in India, Indonesia, and Thailand, but so far less than 2 percent of those infected are in the US. Once an app with the malicious code is installed, it has the ability to pull from a vast repository of exploits to root the particular device it’s running on. In that respect, the app functions something like the many available exploit kits that cause hacked websites to identify specific vulnerabilities in individual visitors’ browsers and serve drive-by exploits. Trend Micro Mobile Threats Analyst Veo Zhang wrote: Read 6 remaining paragraphs | Comments

View article:
“Godless” apps, some found in Google Play, root 90% of Android phones

Instagram will start automatically translating image captions soon

(credit: Instagram) On the heels of announcing that it has reached 500 million active monthly users, Instagram says it will soon add a translation feature to its app. Through a post on the image-sharing app, the company announced that within a month, users will be able to translate image captions, comments, and profile bios using a new translate button. The Facebook-owned social media app will structure its translations similarly to its parent company. When you come across a post you want to translate into a language that isn’t your default language, you can hit the “See Translation” button to convert it into the language you’ve chosen in your profile’s language settings. Both Facebook and Twitter have translation features already, so this addition brings Instagram up to par with its competition in that respect. Considering that 80 percent of Instagram’s user base lives outside the United States, this feature will likely be welcomed by many. There’s no word on how many languages Instagram will support with the first rollout of this feature. The company does explain on its Help website that if a translation isn’t showing up, it might be because the app doesn’t currently support that language or couldn’t detect the initial language being used. It also warns users that translations may not be available for older posts. The full translation feature should be ready for most users by July. Read on Ars Technica | Comments

See more here:
Instagram will start automatically translating image captions soon

Xbox Play Anywhere: buy the game once, play on Xbox One and PC (multiplayer too)

(credit: Microsoft) When announcing Gears of War 4 at its E3 event today, Microsoft unveiled a new gaming feature called Xbox Play Anywhere. Essentially, this initiative allows a gamer to purchase a title once but still have the option to play on console and PC. As perhaps the headlining feature of Xbox Play Anywhere, multiplayer across platform will become a reality. With Gears of War 4 , for instance, the co-op modes will support this crossplay between Windows 10 and Xbox One users. Progress and achievements will be shared on Xbox Live across these platforms at no additional cost. In addition to Gears of War 4, Microsoft announced that Forza Horizons 3 will be another upcoming Xbox Play Anywhere title. Additionally, the game will allow for four player campaign co-op for the first time. And this version of the game will feature “the largest car roster ever seen in Horizon ,” according to Ralph Fulton from Playground Games. Read 2 remaining paragraphs | Comments

See more here:
Xbox Play Anywhere: buy the game once, play on Xbox One and PC (multiplayer too)