Tag: wired

Apple releases OS X 10.10.2 with a pile of security, privacy, and Wi-Fi fixes

Apple has just released the final build of OS X 10.10.2, the second major update for OS X Yosemite since its release. Version 10.10.1, published just a month after Yosemite’s release, focused mostly on quick fixes for the new OS’ most noticeable problems. Apple has been issuing betas for 10.10.2 since November, though, and a longer testing period usually implies that there are more extensive fixes. First up, the new release is supposed to fix more of the Wi-Fi problems that some users have been experiencing since Yosemite’s launch. 10.10.1 also included Wi-Fi fixes, though it apparently didn’t resolve the problems for all. The new update will also address “an issue that may cause webpages to load slowly” and improve general stability in Safari, all of which should go a long way toward improving Yosemite’s network and Internet performance. Several privacy and security problems that we’ve reported on have been resolved in 10.10.2, as well. Though Apple will still share limited search and location information with Microsoft to enable Spotlight’s Bing-powered Web searching feature, the company has fixed a bug that caused Spotlight to “load remote e-mail content” even when the setting was disabled in Mail.app itself. Our original report describes why this is a problem: Read 3 remaining paragraphs | Comments

View article:
Apple releases OS X 10.10.2 with a pile of security, privacy, and Wi-Fi fixes

Google drops three OS X 0days on Apple

Don’t look now, but Google’s Project Zero vulnerability research program may have dropped more zero-day vulnerabilities—this time on Apple’s OS X platform. In the past two days, Project Zero has disclosed OS X vulnerabilities here , here , and here . At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. What’s more, the first vulnerability, the one involving the “networkd ‘effective_audit_token’ XPC,” may already have been mitigated in OS X Yosemite, but if so the Google advisory doesn’t make this explicit and Apple doesn’t publicly discuss security matters with reporters. Still, the exploits could be combined with a separate attack to elevate lower-level privileges and gain control over vulnerable Macs. And since the disclosures contain proof-of-concept exploit code, they provide enough technical detail for experienced hackers to write malicious attacks that target the previously unknown vulnerabilities. The security flaws were privately reported to Apple on October 20, October 21, and October 23, 2014. All three advisories appear to have been published after the expiration of the 90-day grace period Project Zero gives developers before making reports public. Read 1 remaining paragraphs | Comments

Visit link:
Google drops three OS X 0days on Apple

Attack for Flash 0day goes live in popular exploit kit

If you’ve been meaning to disable Adobe Flash, now might be a good time. Attacks exploiting a critical vulnerability in the latest version of the animation software have been added to a popular exploitation kit, researchers confirmed. Attackers often buy the kits to spare the hassle of writing their own weaponized exploits. Prolific exploit sleuth Kafeine uncovered the addition to Angler , an exploit kit available in underground forums. The zero-day vulnerability was confirmed by Malwarebytes . Malwarebytes researcher Jérôme Segura said one attack he observed used the new exploit to install a distribution botnet known as Bedep. Adobe officials say only that they’re investigating the reports. Until there’s a patch, it makes sense to minimize use of Flash when possible. AV software from Malwarebytes and others can also block Angler attacks. Read on Ars Technica | Comments

Read this article:
Attack for Flash 0day goes live in popular exploit kit

4chan founder Chris “moot” Poole steps down

On Wednesday, 4chan founder Christopher Poole, better known by the moniker “moot,” announced his retirement from running the site. moot started 4chan 11 and a half years ago when he was 15, and the image-based bulletin board has grown into a staunch supporter of anonymity for its posters since. That notoriety has drawn some of the best and also a lot of the very, very worst to its 63 boards. In his post today, moot explained the decision: 4chan has faced numerous challenges over the years, including how to continuously satisfy a community of millions, and ensure the site has the human, technical, and financial resources to continue operating. But the biggest hurdle it’s had to overcome is myself. As 4chan’s sole administrator, decision maker, and keeper of most of its institutional knowledge, I’ve come to represent an uncomfortably large single point of failure. moot continued to say that he has made sure the site will be financially secure in the foreseeable future and has delegated the tasks of running the site to “a few senior volunteers.” Read 3 remaining paragraphs | Comments

More:
4chan founder Chris “moot” Poole steps down

Hard disk reliability examined once more: HGST rules, Seagate is alarming

A year ago we got some insight into hard disk reliability when cloud backup provider Backblaze published its findings for the tens of thousands of disks that it operated. Backblaze uses regular consumer-grade disks in its storage because of the cheaper cost and good-enough reliability, but it also discovered that some kinds of disks fared extremely poorly when used 24/7. A year later on and the company has collected even more data , and drawn out even more differences between the different disks it uses. For a second year, the standout reliability leader was HGST. Now a wholly-owned subsidiary of Western Digital, HGST inherited the technology and designs from Hitachi (which itself bought IBM’s hard disk division). Across a range of models from 2 to 4 terabytes, the HGST models showed low failure rates; at worse, 2.3 percent failing a year. This includes some of the oldest disks among Backblaze’s collection; 2TB Desktop 7K2000 models are on average 3.9 years old, but still have a failure rate of just 1.1 percent. Read 4 remaining paragraphs | Comments

Read this article:
Hard disk reliability examined once more: HGST rules, Seagate is alarming

British spy agency captured 70,000 e-mails of journalists in 10 minutes

The Government Communications Headquarters (GCHQ), the British sister agency of the National Security Agency, captured 70,000 e-mails of journalists in 10 minutes during a November 2008 test. According to The Guardian , which on Monday cited some of its Snowden documents as its source (but did not publish them), the e-mails were scooped up as part of the intelligence agency’s direct fiber taps . Journalists from the BBC, Reuters, The Guardian, The New York Times, Le Monde, The Sun , NBC, and The Washington Post were apparently targeted. Read 2 remaining paragraphs | Comments

More here:
British spy agency captured 70,000 e-mails of journalists in 10 minutes

Google drops more Windows 0-days. Something’s gotta give

Google’s security researchers have published another pair of Windows security flaws that Microsoft hasn’t got a fix for, continuing the disagreement between the companies about when and how to disclose security bugs. The first bug affects Windows 7 only and results in minor information disclosure. Microsoft says, and Google agrees, that this does not meet the threshold for a fix. Windows 8 and up don’t suffer the same issue. The second bug is more significant. In certain situations, Windows doesn’t properly check the user identity when performing cryptographic operations, which results in certain shared data not being properly encrypted. Microsoft has developed a fix for this bug, and it was originally scheduled for release this past Tuesday. However, the company discovered a compatibility issue late in testing, and so the fix has been pushed to February. Read 7 remaining paragraphs | Comments

See the original post:
Google drops more Windows 0-days. Something’s gotta give

Hatred gets Adults Only rating, making console, Steam release unlikely

Third person spree-killing simulator Hatred has been given an Adults only (AO) rating from ESRB, the video game ratings board in the US and Canada. The rating was disclosed by one of the game’s developers on its official forum , which expressed surprise that the title did not get the more lenient Mature (M) rating, writing “Well, I’m not quite convinced why Hatred got AO rating while it lacks any sexual content, but it’s still some kind of achievement to have the second game in history getting AO rating for violence and harsh language only.” Hatred is in fact the third game to receive an AO rating for violence alone, with both Thrill Kill and Manhunt 2 also receiving that evaluation. Thrill Kill , however, had its release cancelled after Electronic Arts bought its publisher and objected to its content. Read 4 remaining paragraphs | Comments

See more here:
Hatred gets Adults Only rating, making console, Steam release unlikely

Marriott tentatively backs off Wi-Fi blocking plans

In a brief statement on Wednesday evening , hotel chain Marriott International said that it would not block any personal Wi-Fi devices belonging to its customers. Marriott International listens to its customers, and we will not block guests from using their personal Wi-Fi devices at any of our managed hotels. Marriott remains committed to protecting the security of Wi-Fi access in meeting and conference areas at our hotels. We will continue to look to the FCC to clarify appropriate security measures network operators can take to protect customer data, and will continue to work with the industry and others to find appropriate market solutions that do not involve the blocking of Wi-Fi devices. Despite that pledge, Re/Code reports that the company is not rescinding a request for rulemaking that it submitted to the Federal Communications Commission late last year, in which it asked for the Commission’s blessing to block personal hotspots. In October, Marriott was fined $600,000 by the FCC following a complaint that one of its Nashville, Tennessee branches was interfering with and disabling personal Wi-Fi hotspots set up by its customers. Marriott agreed to pay the fine but remained defiant, asking the FCC to allow it to resume its practice. Read 1 remaining paragraphs | Comments

Read More:
Marriott tentatively backs off Wi-Fi blocking plans

Man gets 10 years in prison after perpetrating website sales scam

A California man was sentenced Tuesday to 10 years in prison after engaging in a years-long scheme to defraud people who responded to his ads selling domain names and websites that he claimed continually generated revenue. Federal prosecutors alleged that John Winston Boone scammed 18 people for approximately $1.3 million—providing false PayPal records to his victims to illustrate this profitability. Initially, Boone plead not guilty, but later changed his plea in late 2013. United States District Judge Otis D. Wright II, who was the same judge in a 2013 Los Angeles Prenda hearing , called the defendant’s conduct “cruel and callous.” Judge Wright also noted that Boone “showed a lack of humanity that was so base and so depraved.” Read 3 remaining paragraphs | Comments

Continue reading here:
Man gets 10 years in prison after perpetrating website sales scam