Microsoft released 14 security bulletins for September, seven of which are rated critical due to remote code execution flaws. Microsoft in all its wisdom didn’t regard all RCEs as critical. There’s also an “important rated” patch for a publicly disclosed flaw which Microsoft claims isn’t a zero-day being exploited. But at least a 10-year-old hole is finally being plugged.Next month marks a significant change as Microsoft says it intends roll out "servicing changes" that include bundled patches. Unless things change, not all Windows users will be able to pick and choose specific security updates starting in October.To read this article in full or to leave a comment, please click here
After security journalist Brian Krebs exposed the DDoS-for-hire service, vDOS, and the alleged owners of the service were arrested, a massive attack was launched against the Krebs on Security site.Last Thursday, Krebs wrote about vDOS and the two 18-year-old Israeli hackers running the DDoS attack service. In the past two years, the duo launched over 150,000 attacks and made at least $618,000. vDOS had been hacked and Krebs had obtained a copy of the vDOS database.vDOS had paying subscribers with the cost depending upon how many seconds the DDoS attack lasted. Krebs reported, “In just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years’ worth of attack traffic.”To read this article in full or to leave a comment, please click here
After security journalist Brian Krebs exposed the DDoS-for-hire service, vDOS, and the alleged owners of the service were arrested, a massive attack was launched against the Krebs on Security site.Last Thursday, Krebs wrote about vDOS and the two 18-year-old Israeli hackers running the DDoS attack service. In the past two years, the duo launched over 150,000 attacks and made at least $618,000. vDOS had been hacked and Krebs had obtained a copy of the vDOS database.vDOS had paying subscribers with the cost depending upon how many seconds the DDoS attack lasted. Krebs reported, “In just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years’ worth of attack traffic.”To read this article in full or to leave a comment, please click here
Hats off to security researcher Rob Fuller, aka mubix, for spending part of his Labor Day weekend figuring out how to use a spoofed USB Ethernet adapter to steal credentials from logged in but locked Windows and Mac computers.
It works!!! Muhahahahah I can steal credentials from a locked computer. Muahahahhahahahah pic.twitter.com/9l3d0tvs8i— Rob Fuller (@mubix) September 4, 2016
Fuller did not use a zero-day; although the attack is “stupid simple” and “should not work,” it does work because most computers automatically install Play-and-Play USB devices. “Even if a system is locked out, the device still gets installed.” There may be restrictions on what devices can be installed when the box is a locked state, but he said, “Ethernet/LAN is definitely on the white list.”To read this article in full or to leave a comment, please click here
Hats off to security researcher Rob Fuller, aka mubix, for spending part of his Labor Day weekend figuring out how to use a spoofed USB Ethernet adapter to steal credentials from logged in but locked Windows and Mac computers.
It works!!! Muhahahahah I can steal credentials from a locked computer. Muahahahhahahahah pic.twitter.com/9l3d0tvs8i— Rob Fuller (@mubix) September 4, 2016
Fuller did not use a zero-day; although the attack is “stupid simple” and “should not work,” it does work because most computers automatically install Play-and-Play USB devices. “Even if a system is locked out, the device still gets installed.” There may be restrictions on what devices can be installed when the box is a locked state, but he said, “Ethernet/LAN is definitely on the white list.”To read this article in full or to leave a comment, please click here
The old “IT glitch” was reportedly the cause of British Airways’ multi-continent check-in delays on Monday. Angry travelers waited in check-in queues for hours while the airline fell back on the old school method of handwriting records, boarding passes and baggage labels.British Airways has been rolling out a new check-in system since last year; a BA spokesperson described the check-in delays as “teething problems.”At first, BA claimed the glitch causing check-in delays was not a worldwide problem, but a “patchy” problem. While the glitch in the check-in system affected more than people in the U.K., travelers took to Twitter to complain about long delays in at least San Diego, Chicago, Atlanta, San Francisco, Rome, Las Vegas, Phoenix, Vancouver, the Bahamas, D.C., Seattle, Zurich, and Mexico City.To read this article in full or to leave a comment, please click here
The old “IT glitch” was reportedly the cause of British Airways’ multi-continent check-in delays on Monday. Angry travelers waited in check-in queues for hours while the airline fell back on the old school method of handwriting records, boarding passes and baggage labels.British Airways has been rolling out a new check-in system since last year; a BA spokesperson described the check-in delays as “teething problems.”At first, BA claimed the glitch causing check-in delays was not a worldwide problem, but a “patchy” problem. While the glitch in the check-in system affected more than people in the U.K., travelers took to Twitter to complain about long delays in at least San Diego, Chicago, Atlanta, San Francisco, Rome, Las Vegas, Phoenix, Vancouver, the Bahamas, D.C., Seattle, Zurich, and Mexico City.To read this article in full or to leave a comment, please click here
Not everyone gets Labor Day off as a holiday, but that doesn’t mean the majority of people not working have literally gone on vacation. In the future, people scheduled to work on holidays and those with the days off but not the means to go on an exotic vacation, they can pick any day to explore wonders such as the Amazon rainforest or white beaches of the Caribbean. At least, that is what Expedia claimed; by using virtual and augmented reality, people won’t even need to leave home to explore some of the world’s wonders.If you really are not into the idea of a stay-at-home vacation, then VR and AR could also be used in a “try before you buy” vacation scenario. That tech might also be the answer to long-distance love affairs. Some futurists, such as Google’s Dr. Ray Kurweil, have predicted, “We will spend considerable time in virtual and augmented realities allowing us to visit with each other even if hundreds of miles apart. We’ll even be able to touch each other.”To read this article in full or to leave a comment, please click here
Not everyone gets Labor Day off as a holiday, but that doesn’t mean the majority of people not working have literally gone on vacation. In the future, people scheduled to work on holidays and those with the days off but not the means to go on an exotic vacation, they can pick any day to explore wonders such as the Amazon rainforest or white beaches of the Caribbean. At least, that is what Expedia claimed; by using virtual and augmented reality, people won’t even need to leave home to explore some of the world’s wonders.If you really are not into the idea of a stay-at-home vacation, then VR and AR could also be used in a “try before you buy” vacation scenario. That tech might also be the answer to long-distance love affairs. Some futurists, such as Google’s Dr. Ray Kurweil, have predicted, “We will spend considerable time in virtual and augmented realities allowing us to visit with each other even if hundreds of miles apart. We’ll even be able to touch each other.”To read this article in full or to leave a comment, please click here
Two different hacking groups, both which claim to be of the non-malicious variety, have been busy bringing suspended Twitter accounts back from the dead and power-spamming Variety subscribers.OurMine hacked Variety, power-spammed subscribersIf folks who like news about Hollywood hadn’t heard of the hacking group OurMine, then some of them are very familiar with the group’s name now.OurMine reportedly compromised Variety’s content management system around 9 am PT on Saturday and published a post which Engadget said was later removed, but the hacking collective’s antics didn’t stop there. Variety’s subscribers were hammered with spam.To read this article in full or to leave a comment, please click here
Two different hacking groups, both which claim to be of the non-malicious variety, have been busy bringing suspended Twitter accounts back from the dead and power-spamming Variety subscribers.OurMine hacked Variety, power-spammed subscribersIf folks who like news about Hollywood hadn’t heard of the hacking group OurMine, then some of them are very familiar with the group’s name now.OurMine reportedly compromised Variety’s content management system around 9 am PT on Saturday and published a post which Engadget said was later removed, but the hacking collective’s antics didn’t stop there. Variety’s subscribers were hammered with spam.To read this article in full or to leave a comment, please click here
The Department of Defense needs to move past open source myths that have been debunked and jump on the open source bandwagon or the DoD and U.S. military will not be able to maintain tech superiority, warns a Center for a New American Security (CNAS) report.To maintain technological superiority, the DoD needs “to acquire, develop, deploy, and maintain cutting-edge software” systems. “Unless the department is able to accelerate how it procures, builds, and delivers software, it will be left behind,” said the authors of “Open Source Software and the Department of Defense” (pdf).To read this article in full or to leave a comment, please click here
The Department of Defense needs to move past open source myths that have been debunked and jump on the open source bandwagon or the Department of Defense (DoD) and U.S. military will not be able to maintain tech superiority, warns a Center for a New American Security (CNAS) report.To maintain technological superiority, the DoD needs “to acquire, develop, deploy and maintain cutting-edge software” systems. “Unless the department is able to accelerate how it procures, builds and delivers software, it will be left behind,” said the authors of “Open Source Software and the Department of Defense” (pdf).To read this article in full or to leave a comment, please click here
Hopefully you were not curious about why McChicken was trending on Twitter. If you checked it out and saw the graphic video of a man engaging in a sexual act with the McDonald’s sandwich, then you might have wished for a miracle cure to unsee it. @geraldtbh
But Twitter was not the only place McChicken was trending; it was also trending on Facebook because it was going viral.To read this article in full or to leave a comment, please click here
Hopefully you were not curious about why McChicken was trending on Twitter. If you checked it out and saw the graphic video of a man engaging in a sexual act with the McDonald’s sandwich, then you might have wished for a miracle cure to unsee it. @geraldtbh
But Twitter was not the only place McChicken was trending; it was also trending on Facebook because it was going viral.To read this article in full or to leave a comment, please click here
After MedSec revealed remotely exploitable flaws in St. Jude pacemakers and defibrillators to financial research firm Muddy Waters, choosing to profit by how far St. Jude stock fell after the report (pdf) was made public instead of taking a “responsible disclosure” path, St. Jude struck back by basically calling Muddy Waters’ claims a bunch of lies.To read this article in full or to leave a comment, please click here
After MedSec revealed remotely exploitable flaws in St. Jude pacemakers and defibrillators to financial research firm Muddy Waters, choosing to profit by how far St. Jude stock fell after the report (pdf) was made public instead of taking a “responsible disclosure” path, St. Jude struck back by basically calling Muddy Waters’ claims a bunch of lies.To read this article in full or to leave a comment, please click here
About 350 million people use the Opera browser. Of those, 1.7 million received an email from Opera, warning that attackers breached Opera’s cloud Sync service server. Even if a person didn’t check their email, they would have known something was up since Opera forced a password reset for Sync users.Opera announced the breach on Friday. The company said it detected and then “quickly blocked” an attack last week, but “some data, including some of our sync users’ passwords and account information, such as login names, may have been compromised.”To read this article in full or to leave a comment, please click here
About 350 million people use the Opera browser. Of those, 1.7 million received an email from Opera, warning that attackers breached Opera’s cloud Sync service server. Even if a person didn’t check their email, they would have known something was up since Opera forced a password reset for Sync users.Opera announced the breach on Friday. The company said it detected and then “quickly blocked” an attack last week, but “some data, including some of our sync users’ passwords and account information, such as login names, may have been compromised.”To read this article in full or to leave a comment, please click here
DCNS, a French submarine builder, has allegedly been hacked – potentially for economic espionage reasons – and 22,400 pages of “secret” documents pertaining to its Scorpene-class submarine have been leaked.The Australian published redacted portions of the leaked documents, claiming to have seen thousands of pages outlining highly sensitive details about systems, sensors, specifications, tech manuals, stealth capabilities, antennae models, electromagnetic and infrared data, conditions under which the periscope can be used and more. The leaked documents reportedly detail “the entire secret combat capability of the six Scorpene-class submarines that French shipbuilder DCNS has designed for the Indian Navy.”To read this article in full or to leave a comment, please click here
Ms. Smith