security – Page 2 – Tech Today w/ Ken May

Chrome OS Will Finally Run Android Apps in the Background

An anonymous reader shares a report: While it’s no longer a novelty to run Android apps on your Chromebook, that doesn’t mean they run well. To date, most of those apps pause when you switch away — fine for a phone, but not what you’d expect on a computer with a multi-window interface. However, they’re about to become far more functional. Chrome Unboxed has learned that the Chrome OS 64 beta introduces Android Parallel Tasks, which lets Android apps run at full bore regardless of what you’re doing. You could watch a video in a mobile app while you’re surfing the web, or take a break from a mobile game without jarring transitions. There’s no guarantee that Android Parallel Tasks will reach the stable Chrome OS 64, so you might not want to plan a purchase around the feature. Read more of this story at Slashdot.

See the original post:
Chrome OS Will Finally Run Android Apps in the Background

Number of Births in Japan To Hit Record Low in 2017

An anonymous reader shares a report: The number of births in Japan this year has fallen to is lowest since records began more than a century ago with about 941, 000 new babies, the health ministry said on Friday, proof if any were needed that it faces an ageing and shrinking population. The number of births will be about 4 percent lower than last year and the lowest since the government started compiling data in 1899, the ministry said. Read more of this story at Slashdot.

View post:
Number of Births in Japan To Hit Record Low in 2017

AnyDVD Supports UHD Blu-Ray Ripping, While Devices Patch Security Holes

The controversial ripping tool AnyDVD has released a new beta version that allows users to decrypt and copy UHD Blu-Ray discs. The software makes use of the leaked keys that came out recently and appears to work well. Meanwhile, disc drive manufacturers are patching security holes. TorrentFreak reports: This year there have been some major developments on this front. First, full copies of UHD discs started to leak online, later followed by dozens of AACS 2.0 keys. Technically speaking AACS 2.0 is not confirmed to be defeated yet, but many discs can now be ripped. This week a popular name jumped onto the UHD Blu-Ray bandwagon. In its latest beta release, AnyDVD now supports the format, relying on the leaked keys. “New (UHD Blu-ray): Fetch AACS keys from external file for use with ‘UHD-friendly’ drives, ” the release notes read. The involvement of AnyDVD is significant because it previously came under legal pressure from decryption licensing outfit AACS LA. This caused former parent company Slysoft to shut down last year, but the software later reappeared under new management. Based on reports from several AnyDVD users, the UHD ripping works well for most people. Some even claim that it’s faster than the free alternative, MakeMKV. Read more of this story at Slashdot.

Continue reading here:
AnyDVD Supports UHD Blu-Ray Ripping, While Devices Patch Security Holes

US government names North Korea as the source of WannaCry

Donald Trump’s homeland security adviser, Tom Bossert, said in a Wall Street Journal op-ed that “after careful investigation, the U.S. today publicly attributes the massive ” WannaCry ” cyberattack to North Korea.” Coming during increasing tensions between the two countries over nuclear threats and Twitter outbursts, Bossert said this attribution is based on evidence and agrees with the findings from the UK and Microsoft. In the op-ed we did not see traces of the evidence used to link the May attack to the “Lazarus Group” (also blamed for the Sony Pictures hacking incident ) and North Korea, but the White House will reportedly follow up Tuesday with a more formal statement. While some, like Microsoft , have blamed the US government for stockpiling vulnerabilities — the WannaCry attack used an exploit based on technology apparently stolen from the NSA — the op-ed says: Stopping malicious behavior like this starts with accountability. It also requires governments and businesses to cooperate to mitigate cyber risk and increase the cost to hackers. The U.S. must lead this effort, rallying allies and responsible tech companies throughout the free world to increase the security and resilience of the internet. Bossert also called the attack reckless, while Reuters cites a “senior administration official” who declined to comment on whether or not the US believes it was a deliberate attack or accidental. So what happens now? According to the piece, the Trump administration “will continue to use our maximum pressure strategy to curb Pyongyang’s ability to mount attacks, cyber or otherwise.” Source: Wall Street Journal

Chrome 64 Beta Adds Sitewide Audio Muting, Pop-Up Blocker, Windows 10 HDR Video

Chrome 64 is now in beta and it has several new features over version 63. In addition to a stronger pop-up blocker and support for HDR video playback when Windows 10 is in HDR mode, Chrome 64 features sitewide audio muting to block sound when navigating to other pages within a site. 9to5Google reports: An improved pop-up blocker in Chrome 64 prevents sites with abusive experiences — like disguising links as play buttons and site controls, or transparent overlays — from opening new tabs or windows. Meanwhile, as announced in November, other security measures in Chrome will prevent malicious auto-redirects. Beginning in version 64, the browser will counter surprise redirects from third-party content embedded into pages. The browser now blocks third-party iframes unless a user has directly interacted with it. When a redirect attempt occurs, users will remain on their current page with an infobar popping up to detail the block. This version also adds a new sitewide audio muting setting. It will be accessible from the permissions dropdown by tapping the info icon or green lock in the URL bar. This version also brings support for HDR video playback when Windows 10 is in HDR mode. It requires the Windows 10 Fall Creator Update, HDR-compatible graphics card, and display. Meanwhile, on Windows, Google is currently prototyping support for an operating system’s native notification center. Other features include a new “Split view” feature available on Chrome OS. Developers will also be able to take advantage of the Resize Observer API to build responsive sites with “finger control to observe changes to sizes of elements on a page.” Read more of this story at Slashdot.

See the original post:
Chrome 64 Beta Adds Sitewide Audio Muting, Pop-Up Blocker, Windows 10 HDR Video

Searchable Database of 1.4 Billion Stolen Credentials Found On Dark Web

YVRGeek shares a report from IT World Canada: A security vendor has discovered a huge list of easily searchable stolen credentials in cleartext on the dark web, which it fears could lead to a new wave of cyber attacks. Julio Casal, co-founder of identity threat intelligence provider 4iQ, which has offices in California and Spain, said in a Dec. 8 blog his firm found the database of 1.4 billion username and password pairs while scanning the dark web for stolen, leaked or lost data. He said the company has verified at least a group of credentials are legitimate. What is alarming is the file is what he calls “an aggregated, interactive database that allows for fast (one second response) searches and new breach imports.” For example, searching for “admin, ” “administrator” and “root” returned 226, 631 passwords of admin users in a few seconds. As a result, the database can help attackers automate account hijacking or account takeover. The dump file was 41GB in size and was found on December 5th in an underground community forum. The total amount of credentials is 1, 400, 553, 869. Read more of this story at Slashdot.

Original post:
Searchable Database of 1.4 Billion Stolen Credentials Found On Dark Web

Man Hacks Jail Computer Network To Get Inmate Released Early

An anonymous reader writes: A Michigan man pleaded guilty last week to hacking the computer network of the Washtenaw County Jail, where he modified inmate records in an attempt to have an inmate released early. To breach the jail’s network, the attacker used only spear-phishing emails and telephone social engineering. The man called jail employees and posed as local IT staffers, tricking some into accessing a website, and downloading and installing malware under the guise of a jail system upgrade. Once the man (Konrads Voits) had access to this data, investigators said he accessed the XJail system, searched and accessed the records of several inmates, and modified at least one entry “in an effort to get that inmate released early.” Jail employees noticed the modification right away and alerted the FBI. The man as arrested a month later and is now awaiting sentencing (maximum 10 years and a fine of up to $250, 000). Read more of this story at Slashdot.

More:
Man Hacks Jail Computer Network To Get Inmate Released Early

Sensitive Personal Information of 246,000 DHS Employees Found on Home Computer

The sensitive personal information of 246, 000 Department of Homeland Security employees was found on the home computer server of a DHS employee in May, according to documents obtained by USA TODAY. From the report: Also discovered on the server was a copy of 159, 000 case files from the inspector general’s investigative case management system, which suspects in an ongoing criminal investigation intended to market and sell, according to a report sent by DHS Inspector General John Roth on Nov. 24 to key members of Congress. The information included names, Social Security numbers and dates of birth, the report said. The inspector general’s acting chief information security officer reported the breach to DHS officials on May 11, while IG agents reviewed the details. Acting DHS Secretary Elaine Duke decided on Aug. 21 to notify affected employees who were employed at the department through the end of 2014 about the breach. Read more of this story at Slashdot.

Read this article:
Sensitive Personal Information of 246,000 DHS Employees Found on Home Computer

PC vendors scramble as Intel announces vulnerability in firmware

Enlarge / All the Cores are affected by a major vulnerability in management firmware—as are Xeon servers and Atom, Celeron and Pentium devices. (credit: Intel ) Intel has issued a security alert that management firmware on a number of recent PC, server, and Internet-of-Things processor platforms is vulnerable to remote attack. Using the vulnerabilities, the most severe of which was uncovered by Mark Ermolov and Maxim Goryachy of Positive Technologies Research, remote attackers could launch commands on a host of Intel-based computers, including laptops and desktops shipped with Intel Core processors since 2015. They could gain access to privileged system information, and millions of computers could essentially be taken over as a result of the bug. The company has posted a detection tool on its support website for Windows and Linux to help identify systems that are vulnerable. In the security alert, members of Intel’s security team stated that “in response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.” Four vulnerabilities were discovered that affect Intel Management Engine firmware versions 11.0 through 11.20. Two were found in earlier versions of ME, as well as two in Server Platform Services version 4.0 firmware and two in TXE version 3.0. Read 3 remaining paragraphs | Comments

See the original article here:
PC vendors scramble as Intel announces vulnerability in firmware

Over 400 of the World’s Most Popular Websites Record Your Every Keystroke

An anonymous reader quotes a report from Motherboard: The idea of websites tracking users isn’t new, but research from Princeton University released last week indicates that online tracking is far more invasive than most users understand. In the first installment of a series titled “No Boundaries, ” three researchers from Princeton’s Center for Information Technology Policy (CITP) explain how third-party scripts that run on many of the world’s most popular websites track your every keystroke and then send that information to a third-party server. Some highly-trafficked sites run software that records every time you click and every word you type. If you go to a website, begin to fill out a form, and then abandon it, every letter you entered in is still recorded, according to the researchers’ findings. If you accidentally paste something into a form that was copied to your clipboard, it’s also recorded. These scripts, or bits of code that websites run, are called “session replay” scripts. Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages. But the scripts don’t just aggregate general statistics, they record and are capable of playing back individual browsing sessions. The scripts don’t run on every page, but are often placed on pages where users input sensitive information, like passwords and medical conditions. Most troubling is that the information session replay scripts collect can’t “reasonably be expected to be kept anonymous, ” according to the researchers. Read more of this story at Slashdot.