Tag: wired

HTTPS-crippling FREAK exploit hits thousands of Android and iOS apps

While almost all the attention paid to the HTTPS-crippling FREAK vulnerability has focused on browsers, consider this: thousands of Android and iOS apps, many with finance, shopping, and medical uses, are also vulnerable to the same exploit that decrypts passwords, credit card details, and other sensitive data sent between handsets and Internet servers. Security researchers from FireEye recently examined the most popular apps on Google Play and the Apple App Store and found 1,999 titles that left users wide open to the encryption downgrade attack. Specifically, 1,228 Android apps with one million or more downloads were vulnerable, while 771 out of the top 14,079 iOS apps were susceptible. Vulnerable apps were those that used—or in the case of iOS, could use—an affected crypto library and connected to servers that offered weak, 512-bit encryption keys. The number of vulnerable apps would no doubt mushroom when analyzing slightly less popular titles. “As an example, an attacker can use a FREAK attack against a popular shopping app to steal a user’s login credentials and credit card information,” FireEye researchers Yulong Zhang, Zhaofeng Chen, Hui Xue, and Tao Wei wrote in a blog post scheduled to be published Tuesday afternoon. “Other sensitive apps include medical apps, productivity apps and finance apps.” The researchers provided the screenshots above and below, which reveal the plaintext data extracted from one of the vulnerable apps after it connected to its paired server. Read 3 remaining paragraphs | Comments

See original article:
HTTPS-crippling FREAK exploit hits thousands of Android and iOS apps

Windows 10 shaves off gigabytes with selective system file compression

With the Windows 8.1 Update, Microsoft shrank the Windows 8.1 install footprint to make it suitable for low-cost tablets with just 16GB of permanent storage, a reduction from the 32GB generally required for Windows 8. Windows 10 will shrink the disk footprint further, potentially freeing as much as 6.6GB of space on OEM preinstalls. Microsoft describes two sources of savings. The first is the re-use of a time-honored technique that fell out of fashion as hard drives grew larger and larger: per-file compression. The NTFS filesystem used in Windows has long allowed individual files and folders to be compressed, reducing their on-disk size at the expense of a small processor overhead when reading them. With spinning disks getting so large as to feel almost unlimited, per-file compression felt like a relic from a bygone age by the mid-2000s. But with the rise of solid state storage and ultra-cheap devices with just a handful of gigabytes available, per-file compression has gained a new lease on life. Read 11 remaining paragraphs | Comments

Read the article:
Windows 10 shaves off gigabytes with selective system file compression

Consumer SSDs benchmarked to death—and last far longer than rated

We last checked in with TechReport’s grand SSD torture test back in June , when the first drives in the six-drive roundup had failed. The drives to first fall victim to the unending barrage of data writes were the Intel 335, one of two Kingston HyperX 3Ks (the one tasked with an non-compressible workload to stymie its compression-happy Sandforce controller), and the Samsung 840. All three failed short of 1PB of writes, but it’s also important to note that all of them—even the TLC-equipped Samsung 840—far exceeded their manufacturers’ stated write lifetimes. But now the experiment has come to its grand conclusion : all the drives have finally gone silent, their controllers unresponsive, their NAND cells heavy with extra electrons . The TechReport’s post-mortem is glorious in its depth and detail, with tons of data points and charts describing the course of the experiment and the fate of each of the drives. Tech-savvy buyers who might be worried about SSD lifetime decreasing even as SSD capacity skyrockets should have their fears assuaged by the ridiculous number of writes the tested drives endured; the drive that survived the longest survived more than 2.4 petabytes worth of sustained writes. That’s probably about 240x as much writing as a typical consumer SSD would need to endure over its lifetime. Read 2 remaining paragraphs | Comments

Link:
Consumer SSDs benchmarked to death—and last far longer than rated

AT&T still throttles unlimited data, and FCC isn’t promising to stop it

How long will AT&T continue to get away with throttling unlimited data plans? Even after the Federal Communications Commission’s recent net neutrality ruling banned throttling, the FCC isn’t saying whether it will put a stop to it. All major US cellular carriers impose some form of throttling on unlimited data plans, but AT&T’s throttling seems most likely to fall afoul of the FCC’s rules. The big carriers generally reserve the right to slow down data speeds for customers with unlimited data plans after they hit a certain usage threshold each month, but they only do the actual throttling when the user is connected to a congested tower. AT&T, on the other hand, slows its unlimited LTE users down for the rest of the month once they’ve hit a 5GB threshold, and the throttling happens at all hours of the day and in all locations regardless of whether the user is connected to a congested tower. More than any other throttling policy enforced by a major carrier, this one seems designed to push customers with grandfathered unlimited data plans onto newer, more expensive plans that charge automatic overage fees when customers go over their caps. Read 12 remaining paragraphs | Comments

See the article here:
AT&T still throttles unlimited data, and FCC isn’t promising to stop it

Microsoft to step up the pace of delivering Windows 10 builds

Though the plan was to give Windows 10 preview a series of regular updates, there hasn’t been a new build since January. Windows 10 has two public release channels. The fast channel is meant to get more regular updates, and so get new features sooner, while the slow channel is meant to be more thoroughly tested and a little more stable. Both channels have been quiet lately. While there’s no immediate change on that front—a new public candidate build is in testing but it’s not done yet—testers of the new operating system should take note: the fast channel is due to get faster. Gabe Aul, a General Manager in Microsoft’s Operating Systems Group tweeted today the fast channel is going to go faster , and if you want a more stable situation, you should switch to the slow channel . Further, Aul says that the company may introduce additional channels, perhaps to offer even more cutting edge builds. Read 1 remaining paragraphs | Comments

View post:
Microsoft to step up the pace of delivering Windows 10 builds

CryptoLocker look-alike searches for and encrypts PC game files

Crypto-based “ransomware” has become a lucrative business for cybercriminals. Since the arrival of CryptoLocker on the scene last year, a number of copycat malware packages have appeared to compete in the cyber-extortion market, encrypting victims’ photos and other personal files with a key that will be destroyed if they don’t contact the malware’s operators and pay up. Recently, a new variant has emerged that seeks to raise the stakes with a particular class of victim by specifically seeking out files related to a number of popular PC games, as well as Valve’s Steam gaming platform. The malware, which is a variant of the crypt-ransomware called TeslaCrypt, superficially looks like CryptoLocker. But according to a number of security researchers who have analyzed the malware, it shares little code with CryptoLocker or its more well-known successor CryptoWall. And while it will also will target photos and documents, as well as iTunes-related files, as Bromium security researcher Vadim Kotov noted in an analysis on Bromium Labs’ blog , TeslaCrypt also includes code that specifically looks for files related to more than 40 specific PC games, gaming platforms, and game developer tools. The games include both single player and multiplayer games, though it isn’t clear how targeting some of the multiplayer games would affect users other than requiring a re-install. The games targeted include a mix of older and newer titles— for example, Blizzard’s StarCraft II and WarCraft III real-time strategy games and its World of Warcraft online game are targeted. Also on TeslaCrypt’s hit list: Bioshock 2, Call of Duty, DayZ, Diablo, Fallout 3, League of Legends, F.E.A.R, S.T.A.L.K.E.R, Minecraft, Metro 2033, Half-Life 2, Dragon Age: Origins, Resident Evil 4, World of Tanks, Metin 2, and The Elder Scrolls (specifically, Skyrim-related files), as well as Star Wars: The Knights Of The Old Republic. There’s also code that searches for files associated with games from specific companies that affect a wide range of titles, including a variety of games from EA Sports, Valve, and Bethesda, and Valve’s Steam gaming platform. And the game development tools RPG Maker, Unity3D and Unreal Engine are targeted as well. Read 4 remaining paragraphs | Comments

See the original article here:
CryptoLocker look-alike searches for and encrypts PC game files

Internet providers ordered to stop hiding the true size of monthly bills

New rules for home Internet providers and wireless carriers require them to be truthful about how much their service actually costs. As part of the transparency requirements in the Federal Communications Commission’s net neutrality order , Internet providers have to clearly detail all charges, such as modem rental and installation fees, and disclose the full monthly price that will go into effect after any promotional pricing expires. The new disclosure rule is more specific than a previous one, the FCC said. Read 7 remaining paragraphs | Comments

Read More:
Internet providers ordered to stop hiding the true size of monthly bills

reddit CEO Ellen Pao: harassment complaints fell on deaf ears at Kleiner Perkins

SAN FRANCISCO—Interim reddit CEO Ellen Pao, a former junior partner at Silicon Valley venture capital firm Kleiner Perkins, finally took the stand today in the high-profile gender discrimination case that she brought against the firm three years ago. Pao maintained a firm tone throughout the day, even looking at the jury occasionally while answering questions from her lawyer about her early days at Kleiner. It’s the first opportunity that Pao has taken to elaborate on the gender discrimination claims she made in 2012. And the questioning started by going all the way back to the day Pao was hired at Kleiner Perkins. Pao, a Mandarin-speaking, Princeton-educated engineer with law and business degrees from Harvard, applied to Kleiner Perkins in 2005. At the time, the firm was looking to expand its investments in China. She seemed like a perfect fit, her lawyer Therese Lawless said. In addition to Pao’s language skills, she had years of experience working with 90’s startups like WebTV, Tell Me Networks, and Danger Research (whose team went on to join the team that created Android). She also spent time with bigger companies like Microsoft and BEA Systems. Read 35 remaining paragraphs | Comments

Taken from:
reddit CEO Ellen Pao: harassment complaints fell on deaf ears at Kleiner Perkins

Apple releases iOS 8.2 today with Apple Watch support and plenty of bug fixes

SAN FRANCISCO—iOS 8.2 has been in development for several months now, and today Apple is formally releasing the update to the public. It’s available as an over-the-air update or through iTunes for any device running iOS 8, including the iPhone 4S, 5, 5C, 5S, 6, and 6 Plus; all iPads except the first-generation model; and the fifth-generation iPod Touch. The biggest feature update is support for the Apple Watch. The device will work with the iPhone 5 and newer models, but it will not work with iPads or iPods. Once you’ve tethered a watch to your phone, a new companion app will allow you to change the watch’s settings, organize its Home screen, and make other changes. We’ll take a longer look at this companion app when the time comes to review the Apple Watch itself. For those of you with other iDevices and/or no particular interest in the Apple Watch, there are still plenty of reasons to install the update. HomeKit will allow users to control devices at home Read 2 remaining paragraphs | Comments

Link:
Apple releases iOS 8.2 today with Apple Watch support and plenty of bug fixes

The Ambassador who worked from Nairobi bathroom to avoid State Dept. IT

The current scandal roiling over the use of a private e-mail server by former Secretary of State Hillary Clinton is just the latest in a series of scandals surrounding government e-mails. And it’s not the first public airing of problems with the State Department’s IT operations—and executives’ efforts to bypass or work around them. At least she didn’t set up an office in a restroom just to bypass State Department network restrictions and do everything over Gmail. However, another Obama administration appointee—the former ambassador to Kenya—did do that, essentially refusing to use any of the Nairobi embassy’s internal IT. He worked out of a bathroom because it was the only place in the embassy where he could use an unsecured network and his personal computer, using Gmail to conduct official business. And he did all this during a time when Chinese hackers were penetrating the personal Gmail inboxes of a number of US diplomats. Why would such high-profile members of the administration’s foreign policy team so flagrantly bypass federal and agency regulations to use their own personal e-mail to conduct business? Was it that they had something they wanted to keep out of State’s servers and away from Congressional oversight? Was it that State’s IT was so bad that they needed to take matters into their own hands? Or was it because the department’s IT staff wasn’t responsive enough to what they saw as their personal needs, and they decided to show just how take-charge they were by ignoring all those stuffy policies? Read 19 remaining paragraphs | Comments

Visit link:
The Ambassador who worked from Nairobi bathroom to avoid State Dept. IT