Security

Petya Ransomware Outbreak Originated In Ukraine Via Tainted Accounting Software (bleepingcomputer.com) 19

An anonymous reader quotes a report from Bleeping Computer: Today's massive ransomware outbreak was caused by a malicious software update for M.E.Doc, a popular accounting software used by Ukrainian companies. According to several researchers, such as Cisco Talos, ESET, MalwareHunter, Kaspersky Lab, and others, an unknown attacker was able to compromise the software update mechanism for M.E.Doc's servers, and deliver a malicious update to customers. When the update reached M.E.Doc's customers, the tainted software packaged delivered the Petya ransomware -- also referenced online as NotPetya, or Petna. The Ukrainian software vendor appears to have inadvertently confirmed that something was wrong when, this morning, issued a security advisory. Hours later, as the ransomware outbreak spread all over Ukraine and other countries across the globe causing huge damages, M.E.Doc denied on Facebook its servers ever served any malware. According to security researcher MalwareHunter, this is not the first time M.E.Doc has carried a malicious software update that delivered ransomware. Back in May, the company's software update mechanism also helped spread the XData ransomware.
Social Networks

Facebook Crosses 2 Billion Monthly Users (theverge.com) 90

Facebook has announced that it now has over 2 billion monthly active users. From a report: That's up from the 1.94 billion total that the company cited as part of its most recent earnings report in May. Mark Zuckerberg shared the news directly, and Fast Company has a story on Facebook's constant efforts to keep pushing growth upward. "It's an honor to be on this journey with you," Zuckerberg wrote. Facebook's other apps are faring well, too: Messenger has over 1.2 billion monthly users and Facebook-owned WhatsApp tallies a similar figure. Twitter, by comparison, has 328 million monthly active users. Instagram has over 700 million.
Apple

The New iPad Pro Review (twitter.com) 195

An anonymous reader writes: As tech reviewers across the United States and Europe sing praises of Apple's new iPad Pro, here's what Joshua Topolsky, former editor-in-chief of The Verge and Engadget (and now with The Outline) had to say: "It [10.5-inch iPad Pro] is inferior to a laptop in almost every way, unless you like to draw. If you think you can replace you laptop with this setup: you cannot. Imagine a computer, but everything works worse than you expect. That is the new iPad. Now, I know the software is in beta, but I also know how Apple betas work. They don't massively change. I have no doubt it's a very powerful piece of hardware, and the screen is gorgeous. Garageband is a lot of fun to play with. But this doesn't COME CLOSE to replacing your laptop, even for simple things you do, like email. AND one other thing. Apple's keyboard cover is a fucking atrocity. A terrible piece of hardware. Awkward to use, poor as a cover. Okay in a pinch if you need something LIKE a keyboard. Anyhow good to know there are still Apple fanboys who get mad if you insult their products. But I don't think it's a very good product. Finally, iOS 11 is definitely a STEP in the right direction. But guys the iPad has been around forever and it still feels half-assed. I think a lot of people are willing to contort themselves around a bad UX because marketing is powerful."
Security

Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack; Reports Claim the Ransomware Is Quickly Spreading Across the World (vice.com) 100

A massive cyber attack has disrupted businesses and services in Ukraine on Tuesday, bringing down the government's website and sparking officials to warn that airline flights to and from the country's capital city Kiev could face delays. Motherboard reports that the ransomware is quickly spreading across the world. From a report: A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyber attack on Tuesday that disrupted some operations (a non-paywalled source), the Ukrainian central bank said. The latest disruptions follow a spate of hacking attempts on state websites in late-2016 and repeated attacks on Ukraine's power grid that prompted security chiefs to call for improved cyber defences. The central bank said an "unknown virus" was to blame for the latest attacks, but did not give further details or say which banks and firms had been affected. "As a result of these cyber attacks these banks are having difficulties with client services and carrying out banking operations," the central bank said in a statement. BBC reports that Ukraine's aircraft manufacturer Antonov, two postal services, Russian oil producer Rosneft and Danish shipping company Maersk are also facing "disruption, including its offices in the UK and Ireland."

According to local media reports, the "unknown virus" cited above is a ransomware strain known as Petya.A. Here's how Petya encrypts files on a system (video). News outlet Motherboard reports that Petya has hit targets in Spain, France, Ukraine, Russia, and other countries as well. From the report: "We are seeing several thousands of infection attempts at the moment, comparable in size to Wannacry's first hours," Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard in an online chat. Judging by photos posted to Twitter and images provided by sources, many of the alleged attacks involved a piece of ransomware that displays red text on a black background, and demands $300 worth of bitcoin. "If you see this text, then your files are no longer accessible, because they are encrypted," the text reads, according to one of the photos. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."
The Internet

Social Media Giants Step Up Joint Fight Against Extremist Content (reuters.com) 165

Social media giants Facebook, Google's YouTube, Twitter and Microsoft said on Monday they were forming a global working group to combine their efforts to remove terrorist content from their platforms. From a report: Responding to pressure from governments in Europe and the United States after a spate of militant attacks, the companies said they would share technical solutions for removing terrorist content, commission research to inform their counter-speech efforts and work more with counter-terrorism experts. The Global Internet Forum to Counter Terrorism "will formalize and structure existing and future areas of collaboration between our companies and foster cooperation with smaller tech companies, civil society groups and academics, governments and supra-national bodies such as the EU and the UN," the companies said in a statement.
Twitter

New Study Explains Why Trump's 'Sad' Tweets Are So Effective (theverge.com) 252

An anonymous reader quotes a report from The Verge: During his campaign and presidency, Donald Trump has used Twitter to circumvent traditional media broadcasters and speak directly to the masses. He is particularly known for one specific tweet construction: he sets up a situation that he feels should inspire anger or outrage, then punctuates it with "Sad!" New research from New York University suggests a reason why this style is so effective: a tweet containing moral and emotional language spreads farther among people with similar political persuasion. The study offered up "duty" as an example of a purely moral word, "fear" as a purely emotional one, and "hate" as word that combined the two categories. The research found that the use of purely moral or purely emotional language had a limited impact on the spread of a tweet, but the "presence of moral-emotional words in messages increased their diffusion by a factor of 20% for each additional word." The impact of this language cut both ways. Tweets with moral-emotional words spread further among those with a similar political outlook, and they spread less with those who held opposing views, according to the research published in the journal PNAS. The study looked at 563,312 tweets on the topics of gun control, same-sex marriage, and climate change, and rated their impact by the number of retweets each one received.
Security

Judge Sentences Man To One Year In Prison For Hacking Smart Water Readers In Five US Cities (bleepingcomputer.com) 60

An anonymous reader writes: A Pennsylvania man was sentenced to one year and one day in prison for hacking and disabling base stations belonging to water utility providers in five cities across the U.S. East Coast. Called TGB, these devices collect data from smart meters installed at people's homes and relay the information to the water provider's main systems, where it is logged, monitored for incidents, and processed for billing. Before he was fired by the unnamed TGB manufacturing company, Flanagan's role was to set up these devices. After he was fired, Flanagan used former root account passwords to log onto the devices and disable their ability to communicate with their respective water utility providers' upstream equipment. He wasn't that careful, as the FBI was able to trace back the attacks to his home. Apparently, the guy wasn't that silent, leaving behind a lot of clues. Flanagan's attacks resulted in water utility providers not being able to collect user equipment readings remotely. This incurred damage to the utility providers, who had to send out employees at customer premises to collect monthly readings. He was arrested in Nov 2014, and later pleaded guilty.
Facebook

'Why I Decided To Disable AMP On My Site' (alexkras.com) 143

Web developer Alex Kras on Monday listed a number of reasons why he dislikes Google's AMP project, and why he pulled support for it on his website. From his post: Back in the day we used to have WAP pages -- specific web pages that were presented only to mobile devices. Opting into AMP, for publishers, is kind of like going back to those days. Instead of using responsive design (making sure that one version of the site works well on all devices) publishers are forced to maintain two versions of each page -- their regular version for larger devices and mobile phones that don't use Google and the AMP version. The benefit of AMP is that it imposes tough restrictions on content, making it load fast. The issue with this approach is that AMP becomes a subset of the original content. For example, user comments are often removed. I also find the way images load in AMP to be buggy. AMP tries to load an image only when it becomes visible to the user, rendering a white square instead of the image. In my experience I've seen it fail fairly regularly, leaving the article with an empty white square instead of the image. [...] It's up to publishers to decide if they want to add AMP support on their site. Users, however, don't have an option to turn AMP off. It would be nice if Google provided a user level setting to turn results rendered as AMP off. Unfortunately, even if they were to add this option, it wouldn't help much when Twitter of Facebook would decide to server AMP. Further reading: Kill Google AMP before it KILLS the web - The Register, The Problem With Google AMP, 2 Billion Pages On Web Now Use Google's AMP, Pages Now Load Twice As Fast. John Gruber on open web: Fuck Facebook.
Security

Account Registrations Enable 'Password Reset Man In The Middle' Attacks (helpnetsecurity.com) 79

"Attackers that have set up a malicious site can use users' account registration process to successfully perform a password reset process on a number of popular websites and messaging mobile applications, researchers have demonstrated." Orome1 quotes Help Net Security: The Password Reset Man in the Middle attack exploits the similarity of the registration and password reset processes. To launch such an attack, the attacker only needs to control a website. To entice victims to make an account on the malicious website, the attacker can offer free access to a wanted resource. Once the user initiates the account registration process by entering their email address, the attacker can use that information to initiate a password reset process on another website that uses that piece of information as the username (e.g. Google, YouTube, Amazon, Twitter, LinkedIn, PayPal, and so on). Every request for input from that site is forwarded to the potential victim, and then his or her answers forwarded back to that particular site.
Interestingly, it can also beat two-factor authentication -- since the targeted user will still input the phone code into the man-in-the-middle site.
EU

Germany Cracks Down On Illegal Speech On Social Media. (smh.com.au) 529

ArmoredDragon writes: German police have raided 36 homes of people accused of using illegal speech on Facebook and Twitter. Much of it was aimed at political speech. According to the article, "Most of the raids concerned politically motivated right-wing incitement, according to the Federal Criminal Police Office, whose officers conducted home searches and interrogations. But the raids also targeted two people accused of left-wing extremist content, as well as one person accused of making threats or harassment based on someone's sexual orientation."

This comes just as a new law is being debated that can fine social media platforms $53 million for not removing 70% of illegal speech (including political, defamatory, and hateful speech) within 24 hours of it being posted, which Facebook argues will make it obligatory for them to delete posts and ban users for speech that isn't clearly illegal.

United Kingdom

UK Parliament Emails Closed After 'Sustained And Determined' Cyber-Attack (theguardian.com) 44

An anonymous reader quotes the Guardian: Parliament has been hit by a "sustained and determined" cyber-attack by hackers attempting to gain access to MPs' and their staffers' email accounts. Both houses of parliament were targeted on Friday in an attack that sought to gain access to accounts protected by weak passwords... The estate's digital services team said they had made changes to accounts to block out the hackers, and that the changes could mean staff were unable to access their emails...

The international trade secretary, Liam Fox, told ITV News the attack was a "warning to everyone we need more security and better passwords. You wouldn't leave your door open at night." In an interview with the BBC, he added: "We know that there are regular attacks by hackers attempting to get passwords. We have seen reports in the last few days of even Cabinet ministers' passwords being for sale online. We know that our public services are attacked, so it is not at all surprising that there should be an attempt to hack into parliamentary emails."

One member of Parliament posted on Twitter "Sorry, no parliamentary email access today â" we're under cyber-attack from Kim Jong-un, Putin or a kid in his mom's basement or something." He added later, "I'm off to the pub."
Government

Obama Authorized a Secret Cyber Operation Against Russia, Says Report (engadget.com) 228

Jessica Conditt reports via Engadget: President Barack Obama learned of Russia's attempts to hack U.S. election systems in early August 2016, and as intelligence mounted over the following months, the White House deployed secrecy protocols it hadn't used since the 2011 raid on Osama bin Laden's compound, according to a report by The Washington Post. Apparently, one of the covert programs Obama, the CIA, NSA and other intelligence groups eventually put together was a new kind of cyber operation that places remotely triggered "implants" in critical Russian networks, ready for the U.S. to deploy in the event of a pre-emptive attack. The downed Russian networks "would cause them pain and discomfort," a former U.S. official told The Post. The report says CIA director John Brennan, Obama and other officials had at least four "blunt" conversations with Russian officials about its cyber intrusions beginning August 4th. Obama confronted Vladimir Putin in person during a meeting of world leaders in China this past September, the report says, and his administration even sent Russia a warning through a secure channel originally designed to help the two countries avoid a nuclear strike. Moscow apparently responded one week later -- after the U.S. election -- denying the accusation.
Space

SpaceX Successfully Launches and Lands a Used Rocket For the Second Time (theverge.com) 74

SpaceX has successfully launched and landed a recycled Falcon 9 rocket for the second time. "The rocket's first stage -- the 14-story-tall core that houses the fuel and the rocket's main engines -- touched down on one of the company's autonomous drone ships in the Atlantic Ocean shortly after taking off from a launchpad at nearby Cape Canaveral, Florida," reports The Verge. From the report: This particular rocket previously flew in January, when it was used to put 10 satellites into orbit for communications company Iridium. The rocket then landed on a drone ship in the Pacific Ocean. SpaceX retrieved the rocket and spent the next few months refurbishing it in preparation for today's launch. This afternoon, it was used to launch Bulgaria's first communications satellite for TV service provider Bulsatcom. The landing wasn't easy, though. Because the rocket had to push BulgariaSat-1 to such a high orbit, the first stage experienced more force and heat during reentry than any other Falcon 9, according to a tweet from SpaceX CEO Elon Musk. Musk even warned that there was a "good chance [the] rocket booster doesn't make it back." Shortly after the landing, though, Musk returned to Twitter to add that the rocket booster used "almost all of the emergency crush core," which helps soften the landing.
Apple

Chris Lattner, Poached From Apple To Become Tesla's Top Software Executive, Quits After 6 Months (bizjournals.com) 140

Tesla said last night Chris Lattner, the vice president of Autopilot software, has left the company about six months after the electric car-maker hired him away from Apple. From a report: Lattner had led the software development team in charge of Autopilot. Tesla executive Jim Keller is now in charge of Autopilot hardware and software. The company announced it had also hired OpenAI research scientist Andrej Karpathy, who will serve as Tesla's new director of artificial intelligence and Tesla Vision. "Chris just wasn't the right fit for Tesla, and we've decided to make a change," the company told reporters in a statement. "We wish him the best." Lattner tweeted last night, "Turns out that Tesla isn't a good fit for me after all. I'm interested to hear about interesting roles for a seasoned engineering leader!" Lattner is a widely respected figure in the industry. He is the main author of LLVM as well as Apple's Swift programming language. We interviewed him earlier this year.
Security

Cisco Subdomain Private Key Found in Embedded Executable (google.com) 53

Earlier this month, a developer accidentally discovered the private key of a Cisco subdomain. An anonymous reader shares the post: Last weekend, in an attempt to get Sky's NOW TV video player (for Mac) to work on my machine, I noticed that one of the Cisco executables contains a private key that is associated with the public key in a trusted certificate for a cisco.com sub domain. This certificate is used in a local WebSocket server, presumably to allow secure Sky/NOW TV origins to communicate with the video player on the users' local machines. I read the Baseline Requirements document (version 1.4.5, section 4.9.1.1), but I wasn't entirely sure whether this is considered a key compromise. I asked Hanno Bock on Twitter, and he advised me to post the matter to this mailing list. The executable containing the private key is named 'CiscoVideoGuardMonitor', and is shipped as part of the NOW TV video player. In case you are interested, the installer can be found here (SHA-256: 56feeef4c3d141562900f9f0339b120d4db07ae2777cc73a31e3b830022241e6). I would recommend to run this installer in a virtual machine, because it drops files all over the place, and installs a few launch items (agents/daemons). The executable 'CiscoVideoGuardMonitor' can be found at '$HOME/Library/Cisco/VideoGuardPlayer/VideoGuardMonitor/ VideoGuardMonitor.bundle/Contents/MacOS/CiscoVideoGuardMonitor'. Certificate details: Serial number: 66170CE2EC8B7D88B4E2EB732E738FE3A67CF672, DNS names: drmlocal.cisco.com, Issued by: HydrantID SSL ICA G2. The issuer HydrantID has since communicated with the certificate holder Cisco, and the certificate has been revoked.
Twitter

Tableau Software Drops Its 'Twitter Crowd Favorite' Data Viz Contests (tableau.com) 21

theodp writes: As part of its 'Iron Viz' data visualization contests that lead up to its annual conferences, Tableau Software ($4.8B market cap) has awarded $500 gift cards to 'Twitter Crowd Favorites', contestants whose data viz draw the most 'votes' (tagged Tweets) on Twitter. But no more. As it expanded Iron Viz eligibility to China, Tableau said it 'just didn't seem fair' to allow popular voting in its worldwide contests since the Chinese government blocks citizens' Twitter use. "As Chinese authors join the contest," the Tableau Public blog explained, "we have to say goodbye to the Twitter Crowd Favorite. Twitter is blocked in mainland China and it wouldn't be fair for our Chinese contestants." And the latest Iron Viz Contest FAQs confirm the change: "Q. I heard there won't be a Crowd Favorite prize, is that true? A. Absolutely true. China is among the new countries who can take part in the Iron Viz, and Twitter doesn't work in mainland China. The usual Twitter Popular Vote just didn't seem fair."
This XKCD comic still has my all-time favorite data visualizations.
Debian

Debian 9 (Stretch) Will Be Released Today (twitter.com) 196

The Debian Project has been liveblogging today's release of Debian 9 (Stretch) using the Twitter hashtag #releasingstretch. Some of the announcements:
  • The oldstable suite (wheezy) has now been renamed to oldoldstable
  • Debian jessie now been renamed to oldstable!
  • The Debian stretch suites have now been renamed to stable!
  • The draft debian-devel-announce post is ready, archive docs are being cleaned up

This release is named after that purple octopus in Toy Story 3, and more tantalizing tidbits of information keep appearing on Debian's micronews site:

  • At least 1436 people and 18 teams contributed to Debian in 2017
  • Stretch has 25,357 source packages with 9,808,465 source files
  • There were 13 different themes proposed to be the official Debian stretch theme
  • Debian Stretch ships with the free mathematical software SageMath, you can install it with apt
  • During the stretch development, 101 contributors became Debian Developers, and 94 more become Debian Maintainers
  • Debian Stretch will ship with the first release of the Debian Astro Pure Blend [for astronomers]
  • Debian Popularity Contest gathers anonymous statistics about Debian packages usage from about 195,000 reports

The Almighty Buck

Air Force Budget Reveals How Much SpaceX Undercuts Launch Prices (arstechnica.com) 97

An anonymous reader quotes a report from Ars Technica: In 2014, the U.S. Government Accountability Office issued a report on cost estimates for the U.S. Air Force's program to launch national security payloads, which at the time consisted of a fleet of rockets maintained and flown entirely by United Launch Alliance (ULA). The report was critical of the non-transparent nature of ULA's launch prices and noted that the government "lacked sufficient knowledge to negotiate fair and reasonable launch prices" with the monopoly. At around the same time, the new space rocket company SpaceX began to aggressively pursue the opportunity to launch national security payloads for the government. SpaceX claimed to offer a substantially lower price for delivering satellites into various orbits around Earth. But because of the lack of transparency, comparing prices was difficult. The Air Force recently released budget estimates for fiscal year 2018, and these include a run out into the early 2020s. For these years, the budget combines the fixed price rocket and ELC contract costs into a single budget line. (See page 109 of this document). They are strikingly high. According to the Air Force estimate, the "unit cost" of a single rocket launch in fiscal year 2020 is $422 million, and $424 million for a year later. SpaceX sells basic commercial launches of its Falcon 9 rocket for about $65 million. But, for military launches, there are additional range costs and service contracts that add tens of millions of dollars to the total price. It therefore seems possible that SpaceX is taking a loss or launching at little or no profit to undercut its rival and gain market share in the high-volume military launch market. Elon Musk retweeted the article, adding "$300M cost diff between SpaceX and Boeing/Lockheed exceeds avg value of satellite, so flying with SpaceX means satellite is basically free."
Security

You Can Hack Some Mazda Cars With a USB Flash Drive (bleepingcomputer.com) 52

An anonymous reader writes: "Mazda cars with next-gen Mazda MZD Connect infotainment systems can be hacked just by plugging in a USB flash drive into their dashboard, thanks to a series of bugs that have been known for at least three years," reports Bleeping Computer. "The issues have been discovered and explored by the users of the Mazda3Revolution forum back in May 2014. Since then, the Mazda car owner community has been using these 'hacks' to customize their cars' infotainment system to tweak settings and install new apps. One of the most well-designed tools is MZD-AIO-TI (MZD All In One Tweaks Installer)." Recently, a security researcher working for Bugcrowd has put together a GitHub repository that automates the exploitation of these bugs. The researcher says an attacker can copy the code of his GitHub repo on a USB flash drive, add malicious scripts and carry out attacks on Mazda cars. Mazda said the issues can't be exploited to break out of the infotainment system to other car components, but researchers disagreed with the company on Twitter. In the meantime, the car maker has finally plugged the bugs via a firmware update released two weeks ago.
Piracy

Alleged KickassTorrents Owner Considers 'Voluntary Surrender' To the US (torrentfreak.com) 59

An anonymous reader quotes a report from TorrentFreak: Earlier this year a Polish court ruled that Artem Vaulin, the alleged owner of the defunct torrent site KickassTorrents, can be extradited to the United States. The decision came as a disappointment to the defense team, which quickly announced an appeal. Vaulin has since been released on bail and currently resides in a Warsaw apartment. His release has made it easier to communicate with his attorneys in the United States, who have started negotiations with the U.S. Government. While the extradition appeal is still ongoing, it now appears that under the right conditions Vaulin might consider traveling to the United States voluntarily, so he can "resolve" the pending charges. This is what the defense team states in a motion for a status conference (pdf), which was submitted earlier this week.

Slashdot Top Deals