20-year-old Windows bug lets printers install malware—patch now

Enlarge (credit: Vectra Networks) For more than two decades, Microsoft Windows has provided the means for clever attackers to surreptitiously install malware of their choice on computers that connect to booby-trapped printers, or other devices masquerading as printers, on a local area network. Microsoft finally addressed the bug on Tuesday during its monthly patch cycle. The vulnerability resides in the Windows Print Spooler, which manages the process of connecting to available printers and printing documents. A protocol known as Point-and-Print allows people who are connecting to a network-hosted printer for the first time to automatically download the necessary driver immediately before using it. It works by storing a shared driver on the printer or print server and eliminates the hassle of the user having to manually download and install it. Researchers with security firm Vectra Networks discovered that the Windows Print Spooler doesn’t properly authenticate print drivers when installing them from remote locations. The failure makes it possible for attackers to use several different techniques that deliver maliciously modified drivers instead of the legitimate one provided by the printer maker. The exploit effectively turns printers, printer servers, or potentially any network-connected device masquerading as a printer into an internal drive-by exploit kit that infects machines whenever they connect. Read 9 remaining paragraphs | Comments

Continue reading here:
20-year-old Windows bug lets printers install malware—patch now

Windows Server 2016 coming in September, with new servicing for Nano Server

It’s not quite an exact launch date, but Microsoft has announced that both Windows Server 2016 and System Center 2016 will launch at its Ignite conference (the successor to TechEd) this fall. Ignite runs from September 26-30 and is being held in Atlanta, Georgia. Microsoft has also described how Windows Server 2016 will be serviced going forward. Full installations of the operating system—including the GUI and shell—will continue to be serviced on the “5+5” model that Microsoft has used for previous operating systems. That’s five years of mainstream support, during which both bug fixes and feature improvements are made, and then five years of extended support, during which only security bugs will be fixed. The slimmed down Server Core installation will also be given this 5+5 servicing. The new Nano Server option, however, will be handled in a different way. Nano Server installations will be updated more or less in tandem with the Windows 10 Current Branch for Business (CBB) release. CBB trails the main consumer branch by about six months, giving new features a bit of time to receive some real-world testing before being distributed to more conservative organizations. CBB is expected to be updated two to three times a year, and this will apply to Nano Server deployments of Windows Server 2016 just as it does to CBB deployments of Windows 10. Read 3 remaining paragraphs | Comments

View article:
Windows Server 2016 coming in September, with new servicing for Nano Server

In time warping study, people unconsciously controlled blood sugar levels

(credit: Dennis van Zuijlekom ) Ideas can be powerful drugs. If a person is simply convinced that a pill or treatment is going to yield real results, it can—even if that pill or treatment is completely bogus. Those results can be pretty substantial, too. Mental maneuvering, or placebo effect, can improve pilots’ vision , help people lose weight , and even up their IQ by a few points . And, according to a new study, it may also be able to help patients manage a chronic illness. In an experiment in which researchers duped participants about how much time had passed, the researchers found that participants’ blood sugar levels tracked with perceived time rather than actual time. That is, blood sugar dropped faster when the participants thought more time had passed. The results, published in the Proceedings of the National Academy of Sciences, support the idea that mindsets and psychological processes, like the abstract internal representation of time, can have profound influence over what our bodies do, the authors conclude. Moreover, it raises the idea of using the mind to help manage certain chronic conditions, particularly type 2 diabetes, which causes periodic and dangerous rises in blood sugar levels. “Official standards for care and treatment of diabetes make no explicit mention of the influence of subjective cognition on diabetic metabolism, but our results indicate otherwise,” the authors argue. They suggest that mindfulness, coping strategies, and trained cognitive styles may prove useful in controlling blood sugar levels in further studies. Read 5 remaining paragraphs | Comments

Continued here:
In time warping study, people unconsciously controlled blood sugar levels

Blizzard job posting outs plans for new Diablo game

Is it time to change that “III” into a “IV”? (credit: Blizzard) Just because Blizzard finally got a wholly new franchise out the door this year doesn’t mean the game maker isn’t keen on milking its older franchises for everything they’re worth. But one of those series, Diablo , has seen a bit of a content freeze since its 2014 expansion launched. While the company loves refreshing a game launch with expansion packs, Diablo III has been sitting idly. Now we might know why. A brand-new “unannounced” entry in the Diablo world was, er, announced on Friday by way of an official job posting for—get this—the next entry’s  director . It’s the game-news equivalent of New Line Cinema saying a new Lord of the Rings film is coming but, whoops, Peter Jackson’s not involved, and they could really use a new person to get this thing up and running. The post seeks someone to “lead the Diablo series into the future.” While such a public push for a series director might read like an attempt to bring more diversity into the hiring pool, we’d frankly be shocked to see anybody other than the industry’s old-guard vets fulfilling application requirements such as five years of game-directing experience and shipping “multiple AAA products as a game director or creative director.” The job posting mentions nothing about virtual reality or other experimental hardware. Read 2 remaining paragraphs | Comments

Link:
Blizzard job posting outs plans for new Diablo game

A ZFS developer’s analysis of the good and bad in Apple’s new APFS file system

Two hours or so of WWDC keynoting and Tim Cook didn’t mention a new file system once? (credit: Andrew Cunningham) This article was originally published on Adam Leventhal’s blog in multiple parts . Apple announced a new file system that will make its way into all of its OS variants ( macOS , tvOS , iOS , watchOS ) in the coming years. Media coverage to this point has been mostly breathless elongations of Apple’s developer documentation . With a dearth of detail I decided to attend the presentation and Q&A with the APFS team at WWDC. Dominic Giampaolo and Eric Tamura, two members of the APFS team, gave an overview to a packed room ; along with other members of the team, they patiently answered questions later in the day. With those data points and some first-hand usage I wanted to provide an overview and analysis both as a user of Apple-ecosystem products and as a long-time operating system and file system developer. The overview is divided into several sections. I’d encourage you to jump around to topics of interest or skip right to the conclusion (or to the tweet summary ). Highest praise goes to encryption; ire to data integrity. Read 48 remaining paragraphs | Comments

See the original article here:
A ZFS developer’s analysis of the good and bad in Apple’s new APFS file system

“Godless” apps, some found in Google Play, root 90% of Android phones

(credit: greyweed ) Researchers have detected a family of malicious apps, some that were available in Google Play , that contain malicious code capable of secretly rooting an estimated 90 percent of all Android phones. In a recently published blog post , antivirus provider Trend Micro said that Godless, as the malware family has been dubbed, contains a collection of rooting exploits that works against virtually any device running Android 5.1 or earlier. That accounts for an estimated 90 percent of all Android devices. Members of the family have been found in a variety of app stores, including Google Play, and have been installed on more than 850,000 devices worldwide. Godless has struck hardest at users in India, Indonesia, and Thailand, but so far less than 2 percent of those infected are in the US. Once an app with the malicious code is installed, it has the ability to pull from a vast repository of exploits to root the particular device it’s running on. In that respect, the app functions something like the many available exploit kits that cause hacked websites to identify specific vulnerabilities in individual visitors’ browsers and serve drive-by exploits. Trend Micro Mobile Threats Analyst Veo Zhang wrote: Read 6 remaining paragraphs | Comments

View article:
“Godless” apps, some found in Google Play, root 90% of Android phones

Xbox Play Anywhere: buy the game once, play on Xbox One and PC (multiplayer too)

(credit: Microsoft) When announcing  Gears of War 4 at its E3 event today, Microsoft unveiled a new gaming feature called Xbox Play Anywhere. Essentially, this initiative allows a gamer to purchase a title once but still have the option to play on console  and  PC. As perhaps the headlining feature of Xbox Play Anywhere, multiplayer across platform will become a reality. With  Gears of War 4 , for instance, the co-op modes will support this crossplay between Windows 10 and Xbox One users. Progress and achievements will be shared on Xbox Live across these platforms at no additional cost. In addition to Gears of War 4,  Microsoft announced that  Forza Horizons 3  will be another upcoming Xbox Play Anywhere title. Additionally, the game will allow for four player campaign co-op for the first time. And this version of the game will feature “the largest car roster ever seen in Horizon ,” according to Ralph Fulton from Playground Games. Read 2 remaining paragraphs | Comments

See more here:
Xbox Play Anywhere: buy the game once, play on Xbox One and PC (multiplayer too)

Risky stem cell treatment reverses MS in 70% of patients in small study

MS brain lesion as seen on an MRI. (credit: James Heilman, MD ) By obliterating the broken immune systems of patients with severe forms of multiple sclerosis, then sowing fresh, defect-free systems with transplanted stem cells, researchers can thwart the degenerative autoimmune disease—but it comes at a price. In a small phase II trial of 24 MS patients, the treatment halted or reversed the disease in 70 percent of patients for three years after the transplant. Eight patients saw that improvement last for seven and a half years, researchers report in the Lancet . This means that some of those patients went from being wheelchair-bound to walking and being active again. But to reach that success, many suffered through severe side effects, such as life threatening infections and organ damage from toxicity brought on by the aggressive chemotherapy required to annihilate the body’s immune system. One patient died from complications of the treatment, which represents a four percent fatality rate. Moreover, while the risks may be worthwhile to some patients with rapidly progressing forms of MS—a small percentage of MS patients—the researchers also caution that the trial was small and did not include a control group. Read 7 remaining paragraphs | Comments

Visit link:
Risky stem cell treatment reverses MS in 70% of patients in small study

University pays almost $16,000 to recover crucial data held hostage

Canada’s University of Calgary paid almost $16,000 ($20,000 Canadian) to recover crucial data that has been held hostage for more than a week by crypto ransomware attackers. The ransom was disclosed on Wednesday morning in a statement issued by University of Calgary officials. It said university IT personnel had made progress in isolating the unnamed ransomware infection and restoring affected parts of the university network. It went on to warn that there’s no guarantee paying the controversial ransom will lead to the lost data being recovered. “Ransomware attacks and the payment of ransoms are becoming increasingly common around the world,” Wednesday’s statement read. “The university is now in the process of assessing and evaluating the decryption keys. The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data. A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time.” Read 2 remaining paragraphs | Comments

More:
University pays almost $16,000 to recover crucial data held hostage

Firefox 48 finally enables Electrolysis for multi-process goodness

Firefox, at long last, is going multi-process. Electrolysis (e10s), barring an eleventh-hour mishap, is coming to the masses with Firefox 48. In the words of long-time Mozillan Asa Dotzler, this is the most significant Firefox change the foundation has ever shipped. Back in July 2015, Firefox’s director of engineering Dave Camp said that some major changes were on their way, with the hope of winning back users and developers . Firefox’s market share has been flat or declining since 2010, ever since Chrome first started making major inroads. Finally getting e10s out the door (it was first announced in 2009!) was listed as one of Camp’s priorities, along with accelerating the retirement of XUL and XBL. Mozilla has been trialling Electrolysis to small groups of beta users since December 2015. In Firefox 48, which should be entering beta later today, e10s will be available to all users. Then, assuming no game-breaking issues are found, in six weeks (around August 2) the stable build of Firefox 48 will be released to the public with e10s enabled. Read 5 remaining paragraphs | Comments

See more here:
Firefox 48 finally enables Electrolysis for multi-process goodness