the-information – Tech Today w/ Ken May

Meltdown and Spectre CPU flaws threaten PCs, phones and servers

By now you’ve probably heard about a bug Intel is dealing with that affects processors built since 1995. But according to the people who found “Meltdown” and “Spectre, ” the errors behind these exploits can let someone swipe data running in other apps on devices using hardware from Intel, ARM and AMD. While server operators ( like Amazon ) apply Linux patches to keep people from accessing someone else’s information that’s being executed on the same system, what does this mean for your home computer or phone? Google’s Project Zero researchers identified the problems last year, and according to its blog post, execution is “difficult and limited” on the majority of Android devices. A list of potentially impacted services and hardware is available here , while additional protection has been added in the latest Android security update . In a statement, Microsoft said: “We are in the process of deploying mitigations to cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD.” In a blog post directed towards customers on its Azure server platform, the company said its infrastructure has already been updated, and that a “majority” of customers should not see a performance impact. Apple has not publicly commented on the issue, however security researcher Alex Ionescu points out that macOS 10.13.2 addresses the issue and said that the 10.13.3 update will include “surprises.” According to AMD, “Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time, ” however it has promised further updates as the information comes out. As for ARM, it says most processors are unaffected but it has specific information on the types that are available here . So what does this mean for you? On your devices the prescription is the same as always — make sure you have the latest security updates installed and try to avoid malware-laden downloads from suspicious or unknown sources. Source: MeltdownAttack.com

Facebook’s ‘Lite’ app has over 200 million users (updated)

Just because you’re using Facebook Lite , it doesn’t mean you want to compromise on features. Neither do any of the 200 million users worldwide taking advantage of the bare-bones version of the app. Fortunately, there’s an update that rolls out many missing features today such as the ability to Like, Comment and Share posts. Facebook created Lite as a pared down version of its main app in 2015 for lower-end Android phones with spotty network connections. COO Sheryl Sandberg was keen to outline the benefits that users of the standalone app are getting. Business users, for example, can use the more feature-rich update to reach mobile-only and mobile-first customers while using less data. Performance improvements are a given with any update, especially when the company wants to assure a fast, reliable connection to the social network no matter what. Facebook has also found that people who use Facebook Lite tend to share phones, so it has provided an easier way to log on and off their accounts in this new update. The update brings Facebook Lite to more regions, including the definitely not emerging markets of South Korea, Israel, the United Arab Emirates, and Italy. It’s available in 150 countries in addition to the original eight of Bangladesh, Vietnam, Nigeria, Nepal, South Africa, Sudan, Sri Lanka and Zimbabwe. Update : Contrary to the information we initially received, Facebook has confirmed it added Like/Comment/Share support to the Lite app last March, when it announced over 100 million monthly active users. We have updated this post to reflect that. Source: Sheryl Sandberg (Facebook) , Facebook Lite

View article:
Facebook’s ‘Lite’ app has over 200 million users (updated)

‘Donkey Kong 64’ player finds rare collectible 17 years later

The 3D platformer Donkey Kong 64 was lauded for its expansive worlds and multitude of well-hidden collectibles when it launched on the Nintendo 64 in 1999. Like many games of the era, it has enjoyed a peculiar afterlife as speedrunners blitz through it in record time under various conditions, like picking up each of the 976 banana coins found within. Unfortunately, all those completionist runs now seem to be invalid: 17 years after the game came out, streamer Isotarge has found a 977th coin. Turns out the collectible was hidden underground in the game’s fifth level, Fungi Forest, but the telltale patch of dirt indicating buried treasure in the game was hidden by a patch of tall grass. Isotarge was examining save data for that stage and discovered that the information for a particular pickup, rainbow coins, was incomplete. Using analysis tools, they pinpointed its location and unearthed it. While Isotarge is no stranger to using glitches to find out-of-bounds items likely leftover by developers, this particular coin is in fair territory and can be plucked from the ground using an ordinary character move. @Znernicus yes, times have been removed in All Collectables, 949 banana coins (now 974), Fungi coins, DK coins, All Rainbow Coins — Bismuth

More:
‘Donkey Kong 64’ player finds rare collectible 17 years later

US Intelligence seeks a universal translator for text search in any language

Enlarge / “Domain: space. Subject: female energy clouds.” (credit: Paramount) The Intelligence Advanced Research Projects Agency (IARPA), the US Intelligence Community’s own science and technology research arm, has announced it is seeking contenders for a program to develop what amounts to the ultimate Google Translator. IARPA’s Machine Translation for English Retrieval of Information in Any Language (MATERIAL) program intends to provide researchers and analysts with a tool to search for documents in their field of concern in any of the more than 7,000 languages spoken worldwide. The specific goal, according to IARPA’s announcement, is an “‘English-in, English-out’ information retrieval system that, given a domain-sensitive English query, will retrieve relevant data from a large multilingual repository and display the retrieved information in English as query-biased summaries.” Users would be able to search vast numbers of documents with a two-part query: the first giving the “domain” of the search in terms of what sort of information they are seeking (for example, “Government,” “Science,” or “Health”) and the second an English word or phrase describing the information sought (the examples given in the announcement were “zika virus” and “Asperger’s syndrome”). So-called “low resource” languages have been an area of concern for the intelligence and defense communities for years. In 2014, the Defense Advanced Research Project Agency (DARPA) launched its Low Resource Languages for Emergent Incidents (LORELEI) project , an attempt to build a system that lets the military quickly collect critical data—such as “topics, names, events, sentiment, and relationships”—from sources in any language on short notice. The system would be used in situations like natural disasters or military interventions in remote locations where the military has little or no local language expertise. Read 4 remaining paragraphs | Comments

Read this article:
US Intelligence seeks a universal translator for text search in any language

Nevada site bug leaks medical marijuana applicant data

Nevada residents applying to sell medical marijuana got just got an unpleasant surprise. The state’s Department of Health and Human Services has confirmed that a vulnerability in a website portal leaked the data of more than 11, 700 applicants, including their driver’s license and social security numbers. Officials have taken down the relevant site until they fix the flaw, but there’s a concern that fraudsters might have seen the info and used it for malicious purposes. The scale of the leak might be modest. A spokesperson tells ZDNet that the data represented just a “portion” of one data base among several. And when Nevada voted to legalize medical marijuana in 2000, it’s possible that some of the information is outdated. Even so, this underscores a common problem with government data: frequently, agencies are their own worst enemies thanks to avoidable security holes and imperfect policies. Source: ZDNet

View post:
Nevada site bug leaks medical marijuana applicant data

Navy leaks personal data for over 130,000 sailors

Another day, another data breach. While everyone is focused on pre-holiday activities, the Navy reveals that it was notified by Hewlett Packard Enterprise in October about a compromised laptop. Now, an investigation has determined that names and social security numbers of 134, 386 current and former sailors had been accessed by unknown individuals. Other than dumping the news out while few are paying attention, the Navy says it will notify those affected “in the coming weeks, ” by phone, letter and email. At this point, the Navy says it has not found evidence the information is being misused, but similar to the OPM data breach last year, this could have far-reaching consequences. The Navy Times cites an unnamed official saying the leaked info came from the Career Waypoints (C-WAY) database that handles re-enlistment and Navy Occupational Specialty requests. Source: US Navy

Twitter locks ‘millions’ of accounts with exposed passwords

While Twitter maintains that its servers have not been hacked, the company now says it has “cross-checked” the account data noted by LeakedSource and is taking pre-emptive measures. Particularly notable in light of hacks that have recently affected accounts from Katy Perry to Mark Zuckerberg to the NFL, the social network said it has identified a number of accounts for extra protection. No matter where the information came from, whether via malware or shared passwords revealed in hacks of other services, any accounts with “direct password exposure” have been locked (similar to pre-emptive moves Netflix and others are using when they see account details floating around), and emails were sent to the owner prompting for a password reset. In light of recent events, learn more about account security on Twitter and what we’re doing to keep yours safe. https://t.co/Hug5cLr6r8 — Twitter (@twitter) June 10, 2016 There’s no word on exactly how many accounts in the database checked out, but Twitter told the Wall Street Journal that “millions” of accounts have been notified. If your account is vulnerable then you should’ve already been notified; so if your inbox is empty and you can still sign in then you don’t have anything (more than usual) to worry about. Still, it’s always a good time to reset your password just in case, use unique passwords on every account (a password manager like 1Password or LastPass can be helpful) and enable two-factor authentication wherever available . Source: Twitter Blog

Excerpt from:
Twitter locks ‘millions’ of accounts with exposed passwords