user agreement – Tech Today w/ Ken May

20-year-old Windows bug lets printers install malware—patch now

Enlarge (credit: Vectra Networks) For more than two decades, Microsoft Windows has provided the means for clever attackers to surreptitiously install malware of their choice on computers that connect to booby-trapped printers, or other devices masquerading as printers, on a local area network. Microsoft finally addressed the bug on Tuesday during its monthly patch cycle. The vulnerability resides in the Windows Print Spooler, which manages the process of connecting to available printers and printing documents. A protocol known as Point-and-Print allows people who are connecting to a network-hosted printer for the first time to automatically download the necessary driver immediately before using it. It works by storing a shared driver on the printer or print server and eliminates the hassle of the user having to manually download and install it. Researchers with security firm Vectra Networks discovered that the Windows Print Spooler doesn’t properly authenticate print drivers when installing them from remote locations. The failure makes it possible for attackers to use several different techniques that deliver maliciously modified drivers instead of the legitimate one provided by the printer maker. The exploit effectively turns printers, printer servers, or potentially any network-connected device masquerading as a printer into an internal drive-by exploit kit that infects machines whenever they connect. Read 9 remaining paragraphs | Comments

Continue reading here:
20-year-old Windows bug lets printers install malware—patch now

Windows Server 2016 coming in September, with new servicing for Nano Server

It’s not quite an exact launch date, but Microsoft has announced that both Windows Server 2016 and System Center 2016 will launch at its Ignite conference (the successor to TechEd) this fall. Ignite runs from September 26-30 and is being held in Atlanta, Georgia. Microsoft has also described how Windows Server 2016 will be serviced going forward. Full installations of the operating system—including the GUI and shell—will continue to be serviced on the “5+5” model that Microsoft has used for previous operating systems. That’s five years of mainstream support, during which both bug fixes and feature improvements are made, and then five years of extended support, during which only security bugs will be fixed. The slimmed down Server Core installation will also be given this 5+5 servicing. The new Nano Server option, however, will be handled in a different way. Nano Server installations will be updated more or less in tandem with the Windows 10 Current Branch for Business (CBB) release. CBB trails the main consumer branch by about six months, giving new features a bit of time to receive some real-world testing before being distributed to more conservative organizations. CBB is expected to be updated two to three times a year, and this will apply to Nano Server deployments of Windows Server 2016 just as it does to CBB deployments of Windows 10. Read 3 remaining paragraphs | Comments

View article:
Windows Server 2016 coming in September, with new servicing for Nano Server

Posing as ransomware, Windows malware just deletes victim’s files

Scammers, via Cisco Talos Ranscam’s “ransom note”: Pay us and then we’ll make everything better. 2 more images in gallery There has been a lot of ingenuity poured into creating crypto-ransomware, the money-making malware that has become the scourge of hospitals, businesses, and home users over the past year. But none of that ingenuity applies to Ranscam, a new ransom malware reported by Cisco’s Talos Security Intelligence and Research Group. Ranscam is a purely amateur attempt to cash in on the cryptoransomware trend that demands payment for “encrypted” files that were actually just plain deleted by a batch command. “Once it executes, it, it pops up a ransom message looking like any other ransomware,” Earl Carter, security research engineer at Cisco Talos, told Ars. “But then what happens is it forces a reboot, and it just deletes all the files. It doesn’t try to encrypt anything—it just deletes them all.” Talos discovered the file on the systems of a small number of customers. In every case, the malware presented exactly the same message, including the same Bitcoin wallet address. The victim is instructed: Read 6 remaining paragraphs | Comments

Taken from:
Posing as ransomware, Windows malware just deletes victim’s files

In time warping study, people unconsciously controlled blood sugar levels

(credit: Dennis van Zuijlekom ) Ideas can be powerful drugs. If a person is simply convinced that a pill or treatment is going to yield real results, it can—even if that pill or treatment is completely bogus. Those results can be pretty substantial, too. Mental maneuvering, or placebo effect, can improve pilots’ vision , help people lose weight , and even up their IQ by a few points . And, according to a new study, it may also be able to help patients manage a chronic illness. In an experiment in which researchers duped participants about how much time had passed, the researchers found that participants’ blood sugar levels tracked with perceived time rather than actual time. That is, blood sugar dropped faster when the participants thought more time had passed. The results, published in the Proceedings of the National Academy of Sciences, support the idea that mindsets and psychological processes, like the abstract internal representation of time, can have profound influence over what our bodies do, the authors conclude. Moreover, it raises the idea of using the mind to help manage certain chronic conditions, particularly type 2 diabetes, which causes periodic and dangerous rises in blood sugar levels. “Official standards for care and treatment of diabetes make no explicit mention of the influence of subjective cognition on diabetic metabolism, but our results indicate otherwise,” the authors argue. They suggest that mindfulness, coping strategies, and trained cognitive styles may prove useful in controlling blood sugar levels in further studies. Read 5 remaining paragraphs | Comments

Continued here:
In time warping study, people unconsciously controlled blood sugar levels

Virulent auto-rooting malware takes control of 10 million Android devices

Security experts have documented a disturbing spike in a particularly virulent family of Android malware, with more than 10 million handsets infected and more than 286,000 of them in the US. Researchers from security firm Check Point Software said the malware installs more than 50,000 fraudulent apps each day, displays 20 million malicious advertisements, and generates more than $300 million per month in revenue. The success is largely the result of the malware’s ability to silently root a large percentage of the phones it infects by exploiting vulnerabilities that remain unfixed in older versions of Android. The Check Point researchers have dubbed the malware family “HummingBad,” but researchers from mobile security company Lookout say HummingBad is in fact Shedun, a family of auto-rooting malware that came to light last November and had already infected a large number of devices. For the past five months, Check Point researchers have quietly observed the China-based advertising company behind HummingBad in several ways, including by infiltrating the command and control servers it uses. The researchers say the malware uses the unusually tight control it gains over infected devices to create windfall profits and steadily increase its numbers. HummingBad does this by silently installing promoted apps on infected phones, defrauding legitimate mobile advertisers, and creating fraudulent statistics inside the official Google Play Store. Read 7 remaining paragraphs | Comments

Visit site:
Virulent auto-rooting malware takes control of 10 million Android devices

Windows 10 Anniversary Update nears RTM with bugfixes galore

With its August 2 release date growing closer, the Windows 10 Anniversary Update is nearing completion. A steady stream of new builds for Windows Insiders on the fast track has been released over the past few weeks. The latest build, 14383, came out today and includes a wide range of fixes. As with many of its predecessors, this build has been made available simultaneously for Windows 10 on the desktop and Windows 10 Mobile; Microsoft is intending to ship the Anniversary Update simultaneously for PC, phone, and Xbox One when that release date arrives. Windows Central is reporting that according to its sources, the build one newer than today’s release, 14384, is the first candidate for what would formerly be known as Release To Manufacturing (RTM). With Windows now being delivered “as a service,” the old RTM terminology isn’t favored by Redmond any more—not least because many people will download the update rather than have it preinstalled by a PC manufacturer—but the concept that RTM represents endures. The “RTM” build will be the one released on August 2 to people in the stable channel, and then after several months of regular Patch Tuesday updates, it will be released as the Current Branch for Business. Read 1 remaining paragraphs | Comments

More:
Windows 10 Anniversary Update nears RTM with bugfixes galore

Fossil fuel use in US is at its lowest percentage in over a century

(credit: US EIA ) With the 4th of July weekend about to begin, the US Energy Information Administration decided to look back to our nation’s founding. So it plotted the country’s energy use starting from 1776 . Most of the result isn’t a surprise: biomass had a long run before fossil fuels took over and stayed on top. But recent years have seen the biggest change since nuclear was added to the mix. Biomass spent nearly a century on top of the US energy mix before being displaced by coal, although it never went above providing four quadrillion Btus (each Btu is a bit over 1,000 Joules). But biomass never entirely went away, and its resurgence this century puts it at its highest level ever. With nuclear holding steady and renewables surging to nearly the same level as hydropower, fossil fuels are on the verge of dropping below 80 percent of the US’ energy mix. Fossil fuels haven’t been that low a percentage for over a century. Read 2 remaining paragraphs | Comments

Original post:
Fossil fuel use in US is at its lowest percentage in over a century

Wi-Fi gets multi-gigabit, multi-user boost with upgrades to 802.11ac

(credit: Aurich Lawson) The Wi-Fi Alliance industry group is now certifying products that can deliver multi-gigabit speeds and improve coverage in dense networks by delivering data to multiple devices simultaneously. The new certification program, announced today , focuses on the so-called “Wave 2” features of the 802.11ac specification. 802.11ac is a few years old , but it includes several important features that were not available at launch. One such feature is MU-MIMO (multi-user, multiple-input, and multiple-output), which we wrote a feature on in May 2014. MU-MIMO is powered by multi-user beamforming technology that lets wireless access points send data streams to at least three users simultaneously. Without MU-MIMO, routers stream to just one device at a time but switch between them very fast so that users don’t notice a slowdown except when lots of devices are on the network. With the 80MHz channels supported in 802.11ac Wave 1, each data stream could provide up to 433Mbps and, when coupled with MU-MIMO routers, can send up to 433Mbps to at least three users simultaneously for a total of 1.3Gbps. But in addition to supporting MU-MIMO, Wave 2 also doubles the maximum channel bandwidth from 80MHz to 160MHz, boosting the potential throughput of each stream to 866Mbps. Wave 2 also supports four spatial streams instead of three, further boosting the theoretical maximum capacity. Technically, 802.11ac supports up to eight streams, but the certification program is still at four. Delivering eight streams with these data rates would use a lot of electricity. Read 3 remaining paragraphs | Comments

Read the original:
Wi-Fi gets multi-gigabit, multi-user boost with upgrades to 802.11ac

Porn studio that sued thousands for piracy now fighting its own lawyer

(credit: Getty Images) For years now, a porn studio called Malibu Media has filed more copyright lawsuits than any other company. Each month, Malibu, which produces adult content under the brand name X-Art, sues hundreds of “John Doe” Internet users, accusing particular IP addresses of illegally downloading their movies using BitTorrent networks. Malibu’s owners, Brigham Field and Collette Pelissier Field, have said the flood of lawsuits is necessary to deter piracy. Now, though, they’re targeting the very lawyer who headed up their giant copyright enforcement campaign, Florida-based Keith Lipscomb. Earlier today, Malibu filed suit against Lipscomb and his firm, Lipscomb, Eisenberg & Baker, in federal court. The lawsuit claims Lipscomb didn’t provide them the proper paperwork for their cases and related finances, and that he was negligent in his representation. The complaint (PDF) discloses that Lipscomb sued Malibu in Florida state court on June 10 and alleges that confidential information was revealed in the lawsuit. Read 17 remaining paragraphs | Comments

Originally posted here:
Porn studio that sued thousands for piracy now fighting its own lawyer

Instagram will start automatically translating image captions soon

(credit: Instagram) On the heels of announcing that it has reached 500 million active monthly users, Instagram says it will soon add a translation feature to its app. Through a post on the image-sharing app, the company announced that within a month, users will be able to translate image captions, comments, and profile bios using a new translate button. The Facebook-owned social media app will structure its translations similarly to its parent company. When you come across a post you want to translate into a language that isn’t your default language, you can hit the “See Translation” button to convert it into the language you’ve chosen in your profile’s language settings. Both Facebook and Twitter have translation features already, so this addition brings Instagram up to par with its competition in that respect. Considering that 80 percent of Instagram’s user base lives outside the United States, this feature will likely be welcomed by many. There’s no word on how many languages Instagram will support with the first rollout of this feature. The company does explain on its Help website that if a translation isn’t showing up, it might be because the app doesn’t currently support that language or couldn’t detect the initial language being used. It also warns users that translations may not be available for older posts. The full translation feature should be ready for most users by July. Read on Ars Technica | Comments

See more here:
Instagram will start automatically translating image captions soon