Bismillah writes that a new vulnerability in recent Macs — and potentially older ones — can be used to plant code such as rootkits into areas of EFI memory that shouldn’t be writeable, but become unlocked after the computer wakes up from sleep mode. The article explains that [The vulnerability] appears to be due to a bug in Apple’s sleep-mode energy conservation implementation that can leave areas of memory in the extensible firmware interface (EFI) (which provides low-level hardware control and access) writeable from user accounts on the computer. Memory areas are normally locked as read-only to protect them. However, putting some late-model Macs to sleep for around 20 seconds and then waking them up unlocks the EFI memory for writing. Read more of this story at Slashdot.
Continued here:
Macs Vulnerable To Userland Injected EFI Rootkits
colinneagle writes: Last week, a new strain of ransomware called Locker was activated after having been sitting silently on infected PCs. Security firm KnowBe4 called Locker a “sleeper” campaign that, when the malware’s creator “woke it up, ” encrypted the infected devices’ files and charged roughly $24 in exchange for the decryption keys. This week, an internet user claiming to be the creator of Locker publicly apologized for the campaign and appears to have released the decryption keys for all the devices that fell victim to it, KnowBe4 reported in an alert issued today. Locker’s creator released this message in a PasteBin post, along with a link to a file hosted on Mega.co containing the decryption keys. The malware creator also said that an automatic decryption process for all devices that were affected by Locker will begin June 2nd. However, the post did not mention anything about providing a refund to victims who paid the 0.1 bitcoin (equal to $22.88 at the time this was posted and about $24 last week) required for the decryption keys since last week. KnowBe4 CEO Stu Sjouwerman says the files released do not appear to be malicious after brief analysis, and that “it does contain a large quantity of RSA keys and Bitcoin addresses.” But he warned those interested to only open these files “at your own risk until further analyses are performed.” Sjouwerman speculated that the malware creator may have been spooked by attention from law enforcement or Eastern European organized crime syndicates that are behind most ransomware campaigns. Read more of this story at Slashdot. 
You’re probably aware that Facebook collects a ton of information about you, but if you’re using the mobile Messenger app, that also means your location data as well. A new Chrome extension called Marauders Map lets anyone you’ve sent a message see that location information all at once. Read more… 
Salo2112 writes with a followup to a story from April in which a security researcher was pulled off a plane by FBI agents seemingly over a tweet referencing a security weakness in one of the plane’s systems. At the time, the FBI insisted he had actually tampered with core systems on an earlier flight, and now we have details. The FBI’s search warrant application (PDF) alleges that the researcher, Chris Roberts, not only hacked the in-flight entertainment system, but also accessed the Thrust Management Computer and issued a climb command. “He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.” Roberts says the FBI has presented his statements out of their proper context. Read more of this story at Slashdot. 
Biohacking is one of those buzzy blanket terms used to describe a whole spectrum of ways that people modify or improve their bodies, from fairly tame experiments like drinking nasty butter coffee to more intense modifications like growing extra ears out of their arms . Read more… 
On The Intercept, Micah Lee follows up on his great primer on NSA-proof passwords with a soup-to-nuts tutorial on encrypting your laptop. Read the rest 
It’s been 7 years, and the great iOS vs Android debate rumbles on—in internet forums and real life. But these platforms have come a long way even in the last year or two. Do the old arguments still apply? What features separate iOS 8.3 from Android 5.1 Lollipop? We used a Nexus 6 and an iPhone 6 to investigate. Read more… 
Welcome to Reading List , a weekly collection of great tech reads from around the web. This week explores the early days of online music piracy, the implications of America’s military drone base in Germany, the potential pitfalls of artificial intelligence, and more! Enjoy. Read more…