Tag: technology

According To Star Trek: Discovery, Starfleet Still Runs Microsoft Windows

AmiMoJo shares a report from The Verge: The third episode of Star Trek: Discovery aired this week, and at one point in the episode, Sonequa Martin-Green’s Michael Burnham is tasked with reconciling two suites of code. In the show, Burnham claims the code is confusing because it deals with quantum astrophysics, biochemistry, and gene expression. And while the episode later reveals that it’s related to the USS Discovery’s experimental new mycelial network transportation system, Twitter user Rob Graham noted the code itself is a little more pedestrian in nature. More specifically, it seems to be decompiled code for the infamous Stuxnet virus, developed by the United States to attack Iranian computers running Windows. Read more of this story at Slashdot.

View the original here:
According To Star Trek: Discovery, Starfleet Still Runs Microsoft Windows

Nobel Prize goes to researchers who figured out how our cells tell time

Enlarge (credit: Emmett Anderson ) Today, the Nobel Prize committee has honored three US biologists for their role in unravelling one of biology’s earliest mysteries: how organisms tell time. Microbes, plants, and animals all run on a 24-hour cycle, one that’s flexible enough to gradually reset itself, although it can take a few days after transcontinental travel. The biological systems responsible for maintaining this circadian clock require a lot of proteins that undergo complex interactions, and the new laureates are being honored for their use of genetics to start unraveling this complexity. A long-standing problem The first description of an organism’s internal clock dates all the way back to 1729, when a French astronomer (!?!?) decided to mess with a plant that opened and closed its leaves on a 24-hour cycle. He found that the cycle didn’t depend on daylight but would continue even when the plant was kept in the dark nonstop. It would take nearly 250 years to move from this observation to any sort of biological handle on the system. The change, as it has been so many times, was brought about using the fruit fly Drosophila . A genetic screen in the 1960s identified three different mutations that altered flies’ circadian clock: one that lengthened its 24-hour period, one that shortened it, and one that left it erratic. Mapping these revealed that all of them affected the same gene. From there, however, the field had to wait 20 years for us to develop the technology to clone the gene responsible for these changes, named period . Read 10 remaining paragraphs | Comments

Read the original post:
Nobel Prize goes to researchers who figured out how our cells tell time

Critical EFI Code in Millions of Macs Isn’t Getting Apple’s Updates

Andy Greenberg, writing for Wired:At today’s Ekoparty security conference, security firm Duo plans to present research on how it delved into the guts of tens of thousands of computers to measure the real-world state of Apple’s so-called extensible firmware interface, or EFI. This is the firmware that runs before your PC’s operating system boots and has the potential to corrupt practically everything else that happens on your machine. Duo found that even Macs with perfectly updated operating systems often have much older EFI code, due to either Apple’s neglecting to push out EFI updates to those machines or failing to warn users when their firmware update hits a technical glitch and silently fails. For certain models of Apple laptops and desktop computers, close to a third or half of machines have EFI versions that haven’t kept pace with their operating system system updates. And for many models, Apple hasn’t released new firmware updates at all, leaving a subset of Apple machines vulnerable to known years-old EFI attacks that could gain deep and persistent control of a victim’s machine. Read more of this story at Slashdot.

Originally posted here:
Critical EFI Code in Millions of Macs Isn’t Getting Apple’s Updates

Popular Chrome Extension Embedded A CPU-Draining Cryptocurrency Miner

An anonymous reader writes: SafeBrowse, a Chrome extension with more than 140, 000 users, contains an embedded JavaScript library in the extension’s code that mines for the Monero cryptocurrency using users’ computers and without getting their consent. The additional code drives CPU usage through the roof, making users’ computers sluggish and hard to use. Looking at the SafeBrowse extension’s source code, anyone can easily spot the embedded Coinhive JavaScript Miner, an in-browser implementation of the CryptoNight mining algorithm used by CryptoNote-based currencies, such as Monero, Dashcoin, DarkNetCoin, and others. This is the same technology that The Pirate Bay experimented with as an alternative to showing ads on its site. The extension’s author claims he was “hacked” and the code added without his knowledge. Read more of this story at Slashdot.

View original post here:
Popular Chrome Extension Embedded A CPU-Draining Cryptocurrency Miner

This Guy Is Digitizing the VHS History of Video Games

An anonymous reader shares a report: UK-based gaming journalist and blogger Chris Scullion is on a mission to preserve his collection — and maybe your collection, too — of these old video game VHS tapes. In the 80s and 90s, video game companies and trade magazines made these tapes to accompany popular titles or new issues with bonus material or promotional footage, giving a glimpse into how marketing for games was done in the industry’s early days. Scullion has 18 tapes to upload so far, and plans to provide accompanying commentary as well as the raw video as they go up on his YouTube channel. Scullion’s first upload is a promotional tape for Super Mario All-Stars, given away by Nintendo UK in 1993. It’s hosted by Craig Charles, who played Lister in the British sci-fi sitcom Red Dwarf. Digitizing his collection keeps that sweet nostalgia content safe from degradation of the magnetic tape, which starts to go downhill within 10 to 25 years. He’s capturing them in HD using a 1080p upscaler, at a full 50fps frame rate by converting to HDMI before grabbing — a higher frame rate than many standard commercial digitizing devices that capture at 30fps — so that no frames are missed. Some of the tapes he’s planning to digitize have already been converted and uploaded to YouTube by other people, he says, but most are either poor quality or captured with less-advanced grabbing devices. Read more of this story at Slashdot.

View article:
This Guy Is Digitizing the VHS History of Video Games

Equifax Has Been Sending Consumers To a Fake Phishing Site for Almost Two Weeks

An anonymous reader shares a Gizmodo report (condensed for space): For nearly two weeks, the company’s official Twitter account has been directing users to a fake lookalike website. After announcing the breach, Equifax directed its customers to equifaxsecurity2017.com, a website where they can enroll in identity theft protection services and find updates about how Equifax is handing the “cybersecurity incident.” But the decision to create “equifaxsecurity2017” in the first place was monumentally stupid. The URL is long and it doesn’t look very official — that means it’s going to be very easy to emulate. To illustrate how idiotic Equifax’s decision was, developer Nick Sweeting created a fake website of his own: securityequifax2017.com. (He simply switched the words “security” and “equifax” around.) As if to demonstrate Sweeting’s point, Equifax appears to have been itself duped by the fake URL. The company has directed users to Sweeting’s fake site sporadically over the past two weeks. Gizmodo found eight tweets containing the fake URL dating back to September 9th. Read more of this story at Slashdot.

Continue Reading:
Equifax Has Been Sending Consumers To a Fake Phishing Site for Almost Two Weeks

Python’s Official Repository Included 10 ‘Malicious’ Typo-Squatting Modules

An anonymous reader quotes BleepingComputer: The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI — Python Package Index — the official third-party software repository for the Python programming language. NBU experts say attackers used a technique known as typosquatting to upload Python libraries with names similar to legitimate packages — e.g.: “urlib” instead of “urllib.” The PyPI repository does not perform any types of security checks or audits when developers upload new libraries to its index, so attackers had no difficulty in uploading the modules online. Developers who mistyped the package name loaded the malicious libraries in their software’s setup scripts. “These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code, ” NBU explained. Experts say the malicious code only collected information on infected hosts, such as name and version of the fake package, the username of the user who installed the package, and the user’s computer hostname. Collected data, which looked like “Y:urllib-1.21.1 admin testmachine”, was uploaded to a Chinese IP address. NBU officials contacted PyPI administrators last week who removed the packages before officials published a security advisory on Saturday.” The advisory lays some of the blame on Python’s ‘pip’ tool, which executes arbitrary code during installations without requiring a cryptographic signature. Ars Technica also reports that another team of researchers “was able to seed PyPI with more than 20 libraries that are part of the Python standard library, ” and that group now reports they’ve already received more than 7, 400 pingbacks. Read more of this story at Slashdot.

Read More:
Python’s Official Repository Included 10 ‘Malicious’ Typo-Squatting Modules

Equifax CEO Hired a Music Major as the Company’s Chief Security Officer

Susan Mauldin, the person in charge of the Equifax’s data security, has a bachelor’s degree and a master of fine arts degree in music composition from the University of Georgia, according to her LinkedIn profile. Mauldin’s LinkedIn profile lists no education related to technology or security. If that wasn’t enough, news outlet MarketWatch reported on Friday that Susan Mauldin’s LinkedIn page was made private and her last name was replaced with “M”, in a move that appears to keep her education background secret. Earlier this month Equifax, which is one of the three major consumer credit reporting agencies, said that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers. On Friday, the UK arm of the organisation said files containing information on “fewer than 400, 000” UK consumers was accessed in the breach. Read more of this story at Slashdot.

View the original here:
Equifax CEO Hired a Music Major as the Company’s Chief Security Officer

HP Users Complain About 10-Minute Login Lag During ‘Win 10 Update’

A number of HP device owners are complaining of seeing black screens for around five to 10 minutes after entering their Windows login information. From a report: They appear to be pointing the finger of blame at Windows 10 updates released September 12 for x64-based systems. One, a quality update called KB4038788, offered a whopping 27 bullet points for general quality improvements and patches, such as an “issue that sometimes causes Windows File Explorer to stop responding and causes the system to stop working.” Another, KB4038806, was a “critical” patch for Adobe Flash Player that allowed remote code execution. Read more of this story at Slashdot.

Read More:
HP Users Complain About 10-Minute Login Lag During ‘Win 10 Update’

8,500 Verizon Customers Disconnected Because of ‘Substantial’ Data Use

An anonymous reader quotes a report from Ars Technica: Verizon is disconnecting another 8, 500 rural customers from its wireless network, saying that roaming charges have made certain customer accounts unprofitable for the carrier. The 8, 500 customers have 19, 000 lines and live in 13 states (Alaska, Idaho, Iowa, Indiana, Kentucky, Maine, Michigan, Missouri, Montana, North Carolina, Oklahoma, Utah, and Wisconsin), a Verizon Wireless spokesperson told Ars today. They received notices of disconnection this month and will lose access to Verizon service on October 17. Verizon said in June that it was only disconnecting “a small group of customers” who were “using vast amounts of data — some as much as a terabyte or more a month — outside of our network footprint.” But one customer, who contacted Ars this week about being disconnected, said her family never used more than 50GB of data across four lines despite having an “unlimited” data plan. We asked Verizon whether 50GB a month is a normal cut-off point in its disconnections of rural customers, but the company did not provide a specific answer. “These customers live outside of areas where Verizon operates our own network, ” Verizon said. “Many of the affected consumer lines use a substantial amount of data while roaming on other providers’ networks and the roaming costs generated by these lines exceed what these consumers pay us each month. We sent these notices in advance so customers have plenty of time to choose another wireless provider.” Read more of this story at Slashdot.

Read this article:
8,500 Verizon Customers Disconnected Because of ‘Substantial’ Data Use