Tag: style-details

US, European police take down highly elusive botnet known as Beebone

US and European police have shut down a botnet that provided a captive audience of backdoored PCs to criminals who were looking for an easy way to quickly install malware on large numbers of computers. The takedown of the Beebone botnet is something of a coup because the underlying malware was so resistant to detection. Polymorphic downloader software at the heart of the malicious program updated itself as many as 19 times a day. Beebone also relied on a pair of programs that re-downloaded each other, acting as an insurance policy should one of them be removed, authorities told the Associated Press . “From a techie’s perspective, they made it as difficult as they possibly could for us,” a Europol advisory told the news organization. The takedown was a joint operation that involved the US FBI, Europol’s European Cybercrime Center, and private security groups including Kaspersky Lab, Shadowserver, and McAfee. Read 4 remaining paragraphs | Comments

See more here:
US, European police take down highly elusive botnet known as Beebone

Apple releases OS X 10.10.3 with new Photos app, emoji, and more

Apple has just released the final version of OS X 10.10.3, the latest major update for OS X Yosemite. The update was first available to the public as a beta build back in early March , and it follows a little over three months after OS X 10.10.2 . You can view the full release notes on Apple’s site here . The star of this update is the new Photos app, an OS X version of the photo viewing and editing app included with iOS. It primarily functions as a replacement for iPhoto, the basic photo app included with the iLife suite for years before becoming available for free for all new Macs. It also replaces Aperture, Apple’s pro photo editing app—though it doesn’t actually attempt to replicate Aperture’s functionality. Neither iPhoto nor Aperture will receive further updates from Apple after today. Photos will be installed automatically when you update to 10.10.3; it appears to be a core part of OS X rather than an optional Mac App Store download. We looked at an early Photos beta back in February and came away mostly impressed by its features and speed, at least relative to iPhoto. Those of you with existing iPhoto and Aperture libraries will be able to import them into Photos after you install OS X 10.10.3. Read 5 remaining paragraphs | Comments

Original post:
Apple releases OS X 10.10.3 with new Photos app, emoji, and more

Server shutdown disables single-player saves in NBA2K14

Anyone that plays online games has to accept the fact that the servers for those games will probably eventually be shut down by the centralized publisher that operates them (games with player-controlled server support notwithstanding). What most players probably don’t expect is for their single-player game saves to become permanently unusable because an online server somewhere goes down. That’s what has been happening to players of NBA2K14 this past week, though. As Polygon reports , since a planned online server shutdown for the game on March 31, previously created save files in the MyCareer and MyGM modes can no longer pass a built-in server check on the PS4 and Xbox One versions of the game. That means those files are simply unusable, and all that single player progress has effectively been lost. “This means that if you had created a MyCareer or a MyGM online save file that was once connected to our servers it too sadly has retired and is no longer available for use and it would be necessary to re-create these files as offline saves,” 2K Support writes in a message to affected users, obtained by Polygon. “Sadly this may come as an inconvenience to some of you and if so we truly do understand and can feel for how upsetting this may seem as there always is a special bond that occurs between a player and their MyCareer save but all good things must come to an end and rest assured your MyCareer or MyGM went out while on top!” Read 7 remaining paragraphs | Comments

Continue Reading:
Server shutdown disables single-player saves in NBA2K14

Dell support software gets flagged by antivirus program

Diagnostic software preinstalled on many Dell computers is now being flagged as a potentially unwanted program by antivirus program Malwarebytes following the discovery of a vulnerability that allows attackers to remotely execute malicious code on older versions. The application known as Dell System Detect failed to validate code before downloading and running it, according to a report published last month by researcher Tom Forbes. Because the program starts itself automatically, a malicious hacker could use it to infect vulnerable machines by luring users to a booby-trapped website. According to researchers with AV provider F-Secure , the malicious website need only have contained the string “dell” somewhere in its domain name to exploit the weakness. www.notreallydell.com was just one example of a site that would have worked. Dell released an update in response to Forbes’s report, but even then, users remained vulnerable. That’s because the updated program still accepted downloads from malicious sites that had a subdomain with “dell” in it, for instance, a.dell.fakesite.ownedbythebadguys.com. Read 2 remaining paragraphs | Comments

Read More:
Dell support software gets flagged by antivirus program

Large Hadron Collider restarts after 2 years of maintenance

After being shut down for two years, the Large Hadron Collider (LHC) is back online, CERN announced Sunday. “Today at 10:41am [local time], a proton beam was back in the 27-kilometer ring, followed at 12:27pm by a second beam rotating in the opposite direction,” the European Organization for Nuclear Research reported in a statement . “These beams circulated at their injection energy of 450 GeV. Over the coming days, operators will check all systems before increasing energy of the beams.” Read 8 remaining paragraphs | Comments

See original article:
Large Hadron Collider restarts after 2 years of maintenance

How a $3.85 latte paid for with a fake $100 bill led to counterfeit kingpin’s downfall

Four men were indicted Wednesday on federal charges as part of an international online conspiracy to make and distribute “high-quality” counterfeits of over $1.4 million sold via Tor-enabled Dark Web sites. The new criminal charges expand on a previous case filed back in December 2014 against Ryan Andrew Gustafson , a man who went by the online monikers “Jack Farrel” and “Willy Clock”—he is also named as one of the four defendants. According to court records, Gustafson was previously positively identified via facial recognition against his Texas driver’s license. Prosecutors say the 27-year-old is an American living in Kampala, Uganda, and that he is currently on trial in the East African nation on counterfeiting charges. The United States does not have an extradition treaty nor a Mutual Legal Assistance Treaty (MLAT) with Uganda, so his return home is not a sure thing. Read 23 remaining paragraphs | Comments

More:
How a $3.85 latte paid for with a fake $100 bill led to counterfeit kingpin’s downfall

Change.org springs a leak, exposes private e-mail addresses

Online petitions service Change.org has a website bug that’s disclosing as many as 40,000 e-mail addresses that presumably belong to current or former subscribers. The disclosure bug was active at the time this post was being prepared and is exploitable using the search box provided on the site or via Google or Bing. The number of results returned ranged from 40,000 to 65,000, although not every result included an e-mail address. Still, a large number of them returned pages like the one above, which Ars has redacted out of fairness to the affected e-mail user. The leak appears to be the result of Change.org Web links that contain valid GET request tokens used to validate users after they have successfully entered their password. A bug appears to be adding the tokens automatically, even when the viewer hasn’t been authenticated. The following screenshot shows a portion of the token in the address bar: Read 2 remaining paragraphs | Comments

See the original article here:
Change.org springs a leak, exposes private e-mail addresses

TrueCrypt security audit is good news, so why all the glum faces?

The ongoing audit of the TrueCrypt whole-disk encryption tool used by millions of privacy and security enthusiasts has reached an important milestone—a detailed review of its cryptographic underpinnings that found no backdoors or fatal flaws. The 21-page Open Cryptographic review published Thursday uncovered four vulnerabilities, the most serious of which involved the use of a Windows programming interface to generate random numbers used by cryptographic keys. While that’s a flaw that cryptographers say should be fixed, there’s no immediate indication that the bug undermines the core security promise of TrueCrypt. To exploit it and the other bugs, attackers would most likely have to compromise the computer running the crypto program. None of the vulnerabilities appear to allow the leaking of plaintext or secret key material or allow attackers to use malformed inputs to subvert TrueCrypt. The report was produced by researchers from information security consultancy NCC Group . “The TL;DR is that based on this audit, TrueCrypt appears to be a relatively well-designed piece of crypto software,” Matt Green, a Johns Hopkins University professor specializing in cryptography and an audit organizer, wrote in a blog post accompanying Thursday’s report . “The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.” Read 7 remaining paragraphs | Comments

Visit site:
TrueCrypt security audit is good news, so why all the glum faces?

OnLive shuts down streaming games service, sells patents to Sony

The first company to try to make a business out of streaming gameplay over the Internet will soon be shutting down its service. OnLive announced today that its servers will go offline on April 30, and that the company is selling its portfolio of patents to Sony Computer Entertainment America. The announcement comes almost exactly six years after OnLive first announced its plans in the nascent streaming gaming space. The idea was to take in user input over the Internet, put it through a game running on high-end hardware at a centralized server location, then send back video and audio to end user hardware that could be significantly cheaper and less powerful. The service and a $100 microconsole launched in late 2010 , but suffered from noticeable latency and image quality issues in our initial tests. With its pay-per-game service and a limited subscription-based streaming model failing to connect with many consumers, OnLive faced massive layoffs and a drastic business restructuring in 2012. The company soldiered on to launch a new hybrid streaming/downloadable game plan last year, though. Players who took part in that hybrid plan will still be able to play their purchased games through Steam, but streaming games purchased through Cloudlift or the older Playpass subscriptions will no longer be usable after the end of the month. OnLive will continue to exist as a corporate entity to manage remaining unsold assets such as trademarks, copyrights, and product designs. Read 4 remaining paragraphs | Comments

Visit link:
OnLive shuts down streaming games service, sells patents to Sony

Google Chrome will banish Chinese certificate authority for breach of trust

Google’s Chrome browser will stop trusting all digital certificates issued by the China Internet Network Information Center following a major trust breach last week that led to the issuance of unauthorized credentials for Gmail and several other Google domains . The move could have major consequences for huge numbers of Internet users as Chrome, the world’s most widely used browser, stops recognizing all website certificates issued by CNNIC. To give affected website operators time to obtain new credentials from a different certificate authority, Google will wait an unspecified period of time before implementing the change. Once that grace period ends, Google engineers will blacklist both CNNIC’s root and extended-validation certificates in Chrome and all other Google software. The unauthorized certificates were issued by Egypt-based MCS Holdings , an intermediate certificate authority that operated under the authority of CNNIC. MCS used the certificates in a man-in-the-middle proxy, a device that intercepts secure connections by masquerading as the intended destination. Such devices are sometimes used by companies to monitor employees’ encrypted traffic for legal or human resources reasons. Read 2 remaining paragraphs | Comments

Visit link:
Google Chrome will banish Chinese certificate authority for breach of trust