Network

WikiLeaks Doc Dump Reveals CIA Tools For Hacking Air-Gapped PCs (bleepingcomputer.com) 45

An anonymous reader writes: "WikiLeaks dumped today the manuals of several hacking utilities part of Brutal Kangaroo, a CIA malware toolkit for hacking into air-gapped (offline) networks using tainted USB thumb drives," reports Bleeping Computer. The CIA uses these tools as part of a very complex attack process, that allows CIA operatives to infect offline, air-gapped networks. The first stage of these attacks start with the infection of a "primary host," an internet-connected computer at a targeted company. Malware on this primary host automatically infects all USB thumb drives inserted into the machine. If this thumb drive is connected to computers on an air-gapped network, a second malware is planted on these devices. This malware is so advanced, that it can even create a network of hacked air-gapped PCs that talk to each other and exchange commands. To infect the air-gapped computers, the CIA malware uses LNK (shortcut) files placed on the USB thumb drive. Once the user opens and views the content of the thumb drive in Windows Explorer, his air-gapped PC is infected without any other interaction.
Businesses

Samsung Begins Production For Its First Internet of Things-optimised Exynos Processor (zdnet.com) 48

An anonymous reader shares a report: Samsung Electronics has launched the Exynos i T200, its first processor optimised for Internet of Things (IoT) devices, the company has announced. The South Korean tech giant said the chip has upped security and supports wireless connections, with hopes of giving it an advantage in the expanding IoT market. The Exynos i T200 applies Samsung's 28-nanometer High-K Metal Gate process and has multiple cores, with the Cortex-R4 doing the heavy lifting and an independently operating Cortex-M0+ allowing for multifunctionality. For example, if applied to a refrigerator, Cotext-R4 will run the OS and Cotex-M0+ will power LED displays on the doors.
Firefox

Chrome and Firefox Headless Modes May Spur New Adware & Clickfraud Tactics (bleepingcomputer.com) 79

From a report: During the past month, both Google and Mozilla developers have added support in their respective browsers for "headless mode," a mechanism that allows browsers to run silently in the OS background and with no visible GUI. [...] While this feature sounds very useful for developers and very uninteresting for day-to-day users, it is excellent news for malware authors, and especially for the ones dabbling with adware. In the future, adware or clickfraud bots could boot-up Chrome or Firefox in headless mode (no visible GUI), load pages, and click on ads without the user's knowledge. The adware won't need to include or download any extra tools and could use locally installed software to perform most of its malicious actions. In the past, there have been quite a few adware families that used headless browsers to perform clickfraud. Martijn Grooten, an editor at Virus Bulletin, also pointed Bleeping Computer to a report where miscreants had abused PhantomJS, a headless browser, to post forum spam. The addition of headless mode in Chrome and Firefox will most likely provide adware devs with a new method of performing surreptitious ad clicks.
OS X

The Behind-the-Scenes Changes Found In MacOS High Sierra (arstechnica.com) 204

Apple officially announced macOS High Sierra at WWDC 2017 earlier this month. While the new OS doesn't feature a ton of user-visible improvements and is ultimately shaping up to be a low-key release, it does feature several behind-the-scenes changes that could help make it the most stable macOS update in years. Andrew Cunningham from Ars Technica has "browsed the dev docs and talked with Apple to get some more details of the update's foundational changes." Here are some excerpts from three key areas of the report: APFS
Like iOS 10.3, High Sierra will convert your boot drive to APFS when you first install it -- this will be true for all Macs that run High Sierra, regardless of whether they're equipped with an SSD, a spinning HDD, or a Fusion Drive setup. In the current beta installer, you're given an option to uncheck the APFS box (checked by default) before you start the install process, though that doesn't necessarily guarantee that it will survive in the final version. It's also not clear at this point if there are edge cases -- third-party SSDs, for instance -- that won't automatically be converted. But assuming that most people stick with the defaults and that most people don't crack their Macs open, most Mac users who do the upgrade are going to get the new filesystem.

HEVC and HEIF
All High Sierra Macs will pick up support for HEVC, but only very recent models will support any kind of hardware acceleration. This is important because playing HEVC streams, especially at high resolutions and bitrates, is a pretty hardware-intensive operation. HEVC playback can consume most of a CPU's processor cycles, and especially on slower dual-core laptop processors, smooth playback may be impossible altogether. Dedicated HEVC encode and decode blocks in CPUs and GPUs can handle the heavy lifting more efficiently, freeing up your CPU and greatly reducing power consumption, but HEVC's newness means that dedicated hardware isn't especially prevalent yet.

Metal 2
While both macOS and iOS still nominally support open, third-party APIs like OpenGL and OpenCL, it's clear that the company sees Metal as the way forward for graphics and GPU compute on its platforms. Apple's OpenGL support in macOS and iOS hasn't changed at all in years, and there are absolutely no signs that Apple plans to support Vulkan. But the API will enable some improvements for end users, too. People with newer GPUs should expect to benefit from some performance improvements, not just in games but in macOS itself; Apple says the entire WindowServer is now using Metal, which should improve the fluidity and consistency of transitions and animations within macOS; this can be a problem on Macs when you're pushing multiple monitors or using higher Retina scaling modes on, especially if you're using integrated graphics. Metal 2 is also the go-to API for supporting VR on macOS, something Apple is pushing in a big way with its newer iMacs and its native support for external Thunderbolt 3 GPU enclosures. Apple says that every device that supports Metal should support at least some of Metal 2's new features, but the implication there is that some older GPUs won't be able to do everything the newer ones can do.

Microsoft

Microsoft Now Lets Surface Laptop Owners Revert Back To Windows 10 S (mspoweruser.com) 81

Microsoft is kind enough to offer Surface Laptop users the option to upgrade to Windows 10 Pro for free until later this year if they don't like Windows 10 S, which is installed by default and is only able to run apps or games that are in the Windows Store. The company is taking that generosity one step further by letting users revert back to Windows 10 S if they installed Windows 10 Pro and aren't happy with the performance and battery life. The option to revert back to the default OS wasn't available until now. MSPoweruser reports: Microsoft recently released the official recovery image for the Surface Laptop which will technically let you go back to Windows 10 S on your device but you'll be required to remove all of your files which is a bit frustrating. The recovery image wasn't available a few days after the Surface Laptop started shipping, but it is now available and you can download it to effectively reset your Surface Laptop. The recovery image is 9GB, so make sure you have a good internet connection before downloading the file. It is quite interesting how Microsoft isn't letting users go back to Windows 10 S from Windows 10 Pro without having to completely reset their devices, as the company would want more users to use its new version of Windows 10 for many reasons. Maybe this is something Microsoft will be adding in the future, but for now, we'll just have to do with the recovery image. If you own a Surface Laptop, you can find the recovery image here.
Iphone

'The Unwillingness To Foresee The Future' (stratechery.com) 193

An anonymous reader shares a few excerpts from Ben Thompson's analysis: Back in 2006, when the iPhone was a mere rumor, Palm CEO Ed Colligan was asked if he was worried: "We've learned and struggled for a few years here figuring out how to make a decent phone," he said. "PC guys are not going to just figure this out. They're not going to just walk in." What if Steve Jobs' company did bring an iPod phone to market? Well, it would probably use WiFi technology and could be distributed through the Apple stores and not the carriers like Verizon or Cingular, Colligan theorized." I was reminded of this quote after Amazon announced an agreement to buy Whole Foods for $13.7 billion; after all, it was only two years ago that Whole Foods founder and CEO John Mackey predicted that groceries would be Amazon's Waterloo. And while Colligan's prediction was far worse -- Apple simply left Palm in the dust, unable to compete -- it is Mackey who has to call Amazon founder and CEO Jeff Bezos, the Napoleon of this little morality play, boss. The similarities go deeper, though: both Colligan and Mackey made the same analytical mistakes: they mis-understood their opponents' goals, strategies, and tactics.
Programming

Community Ports 'Visual Studio Code' To Chromebooks, Raspberry Pi (infoworld.com) 74

An anonymous reader quotes InfoWorld: A community build project led by developer Jay Rodgers is making Visual Studio Code, Microsoft's lightweight source code editor, available for Chromebooks, Raspberry Pi boards, and other devices based on 32-bit or 64-bit ARM processors. Supporting Linux and Chrome OS as well as the DEB (Debian) and RPM package formats, the automated builds of Visual Studio Code are intended for less-common platforms that might not otherwise receive them. Obvious beneficiaries will be IoT developers focused on ARM devices -- and the Raspberry Pi in particular -- who will find it helpful to have the editor directly on the device they're programming against... Rodgers said the lure of Visual Studio Code for him was its user-friendly interface, making it approachable for new users.
Microsoft

Microsoft Will Disable WannaCry Attack Vector SMBv1 Starting This Fall (bleepingcomputer.com) 73

An anonymous reader writes: Starting this fall, with the public launch of the next major Windows 10 update — codenamed Redstone 3 -- Microsoft plans to disable SMBv1 in most versions of the Windows operating systems. SMBv1 is a three-decades-old file sharing protocol that Microsoft has continued to ship "enabled by default" with all Windows OS versions.

The protocol got a lot of attention recently as it was the main infection vector for the WannaCry ransomware. Microsoft officially confirmed Tuesday that it will not ship SMBv1 with the Fall Creators Update. This change will affect only users performing clean installs, and will not be shipped as an update. This means Microsoft decision will not affect existing Windows installations, where SMBv1 might be part of a critical system.

Patents

Amazon Granted a Patent That Prevents In-Store Shoppers From Online Price Checking (theverge.com) 465

An anonymous reader quotes a report from The Verge: Amazon's long been a go-to for people to online price compare while shopping at brick-and-mortars. Now, a new patent granted to the company could prevent people from doing just that inside Amazon's own stores. The patent, titled "Physical Store Online Shopping Control," details a mechanism where a retailer can intercept network requests like URLs and search terms that happen on its in-store Wi-Fi, then act upon them in various ways. The document details in great length how a retailer like Amazon would use this information to its benefit. If, for example, the retailer sees you're trying to access a competitor's website to price check an item, it could compare the requested content to what's offered in-store and then send price comparison information or a coupon to your browser instead. Or it could suggest a complementary item, or even block content outright. Amazon's patent also lets the retailer know your physical whereabouts, saying, "the location may be triangulated utilizing information received from a multitude of wireless access points." The retailer can then use this information to try and upsell you on items in your immediate area or direct a sales representative to your location.
Microsoft

Green Party Leaders Don't Want Windows In Munich (techrepublic.com) 139

Reader sqorbit writes: Munich spent a lot of time (9 years) and a lot of money in shifting some 15,000 staff to a Linux-based OS. The plan now is to move to Windows 10 by 2021. Munich's Green Party is citing the WannaCry virus as a valid reason not to switch to Windows. "As with many of the biggest attacks, the computers that were mainly hit were running the Windows operating system," the Green Party said in a statement.
Desktops (Apple)

Apple Mac Computers Are Being Targeted By Ransomware, Spyware (bbc.com) 54

If you are a Mac user, you should be aware of new variants of malware that have been created specifically to target Apple computers; one is ransomware and the other is spyware. "The two programs were uncovered by the security firms Fortinet and AlienVault, which found a portal on the Tor 'dark web' network that acted as a shopfront for both," reports BBC. "In a blog post, Fortinet said the site claimed that the creators behind it were professional software engineers with 'extensive experience' of creating working code." From the report: Those wishing to use either of the programs had been urged to get in touch and provide details of how they wanted the malware to be set up. The malware's creators had said that payments made by ransomware victims would be split between themselves and their customers. Researchers at Fortinet contacted the ransomware writers pretending they were interested in using the product and, soon afterwards, were sent a sample of the malware. Analysis revealed that it used much less sophisticated encryption than the many variants seen targeting Windows machines, said the firm. However, they added, any files scrambled with the ransomware would be completely lost because it did a very poor job of handling the decryption keys needed to restore data. The free Macspy spyware, offered via the same site, can log which keys are pressed, take screenshots and tap into a machine's microphone. In its analysis, AlienVault researcher Peter Ewane said the malicious code in the spyware tried hard to evade many of the standard ways security programs spot and stop such programs.
IOS

Chess.com Has Stopped Working On 32bit iPads After the Site Hit 2^31 Game Sessions (chess.com) 271

Apple's decision to go all in on 64bit-capable devices, OS and apps has caused some trouble for Chess.com, a popular online website where people go to play chess. Users with a 32bit iPad are unable to play games on the website, according to numerous complaints posted over the weekend and on Monday. Erik, the CEO of Chess.com said in a statement, "Thanks for noticing. Obviously this is embarrassing and I'm sorry about it. As a non-developer I can't really explain how or why this happened, but I can say that we do our best and are sorry when that falls short." Hours later, he had an explanation: The reason that some iOS devices are unable to connect to live chess games is because of a limit in 32bit devices which cannot handle gameIDs above 2,147,483,647. So, literally, once we hit more than 2 billion games, older iOS devices fail to interpret that number! This was obviously an unforeseen bug that was nearly impossible to anticipate and we apologize for the frustration. We are currently working on a fix and should have it resolved within 48 hours.
Encryption

Docker's LinuxKit Launches Kernel Security Efforts, Including Next-Generation VPN (eweek.com) 44

darthcamaro writes: Back in April, when Docker announced its LinuxKit effort, the primary focus appeared to just be [tools for] building a container-optimized Linux distribution. As it turns out, security is also a core focus -- with LinuxKit now incubating multiple efforts to help boost Linux kernel security. Among those efforts is the Wireguard next generation VPN that could one day replace IPsec. "Wireguard is a new VPN for Linux using the cryptography that is behind some of the really good secure messaging apps like Signal," said Nathan McCauley, Director of Security at Docker Inc.
According to the article, Docker also has several full-time employees looking at ways to reduce the risk of memory corruption in the kernel, and is also developing a new Linux Security Module with more flexible access control policies for processes.
Data Storage

Why Does Microsoft Still Offer a 32-bit OS? (backblaze.com) 367

Brian Wilson, a founder of cloud storage service BackBlaze, writes in a blog post: Moving over to a 64-bit OS allows your laptop to run BOTH the old compatible 32-bit processes and also the new 64-bit processes. In other words, there is zero downside (and there are gigantic upsides). Because there is zero downside, the first time it could, Apple shipped with 64-bit OS support. Apple did not give customers the option of "turning off all 64-bit programs." Apple first shipped 64-bit support in OS X 10.6 Snow Leopard in 2009. This was so successful that Apple shipped all future Operating Systems configured to support both 64-bit and 32-bit processes. All of them. But let's contrast the Apple approach with that of Microsoft. Microsoft offers a 64-bit OS in Windows 10 that runs all 64-bit and all 32-bit programs. This is a valid choice of an Operating System. The problem is Microsoft ALSO gives customers the option to install 32-bit Windows 10 which will not run 64-bit programs. That's crazy. Another advantage of the 64-bit version of Windows is security. There are a variety of security features such as ASLR (Address Space Layout Randomization) that work best in 64-bits. The 32-bit version is inherently less secure. By choosing 32-bit Windows 10 a customer is literally choosing a lower performance, LOWER SECURITY, Operating System that is artificially hobbled to not run all software. My problem is this: Backblaze, like any good technology vendor, wants to be easy to use and friendly. In this case, that means we need to quietly, invisibly, continue to support BOTH the 32-bit and the 64-bit versions of every Microsoft OS they release. And we'll probably need to do this for at least 5 years AFTER Microsoft officially retires the 32-bit only version of their operating system.
Operating Systems

Skype Retires Older Apps for Windows, Linux (techcrunch.com) 121

An anonymous reader writes: The newest version of the Skype app takes a big hat-tip from social media platforms like Snapchat and Facebook's Messenger with its newest features, adding a Stories-like feature called Highlights, a big selection of bots to add into chats and a longer plan to upgrade group conversations with more features. Now, as part of the effort to get people to use the new Skype more, the company is also doubling down on something else: Skype is trying to get users off of older versions of Skype. As part of that push, the Microsoft-owned company has sent out messages to users this week noting that it will be retiring a host of older iterations on July 1. Those who are still using them after that day will likely no longer be able to sign on. Skype app won't work on the follow OS versions: Android 4.0.2 and lower, BlackBerry OS 7.1 and lower, iOS 7 and lower, Linux (Linux users must upgrade to Skype for Linux Beta), Mac OS X 10.8 and lower, Symbian OS, Skype mobile for Verizon, Skype on 3, Skype on TV, Windows 10 task-based app, Windows Phone 8.1 and lower, and Windows RT.
Android

Google Launches Android O Developer Preview 3 With Final APIs (venturebeat.com) 16

An anonymous reader quotes a report from VentureBeat: Google today launched the third Android O developer preview, available for download now at developer.android.com and via the Android Beta Program. The preview includes an updated SDK with system images for the Nexus 5X, Nexus 6P, Nexus Player, Pixel, Pixel XL, Pixel C, and the official Android Emulator, and there's even an emulator for testing Android Wear 2.0 on Android O. The big highlight with this preview is that the Android O APIs are now final. Google launched the first Android O developer preview in March and the second developer preview in May at its I/O 2017 developer conference. Google is planning to release one more preview with near-final system images in July and has slated the final version for release "later this summer" (in Q3 2017). Developer Preview 3 includes the latest version of the Android O platform with the final API level 26 and "hundreds of bug fixes and optimizations."
Microsoft

No Known Ransomware Works Against Windows 10 S, Says Microsoft (betanews.com) 160

An anonymous reader shares a report: According to Microsoft, "no Windows 10 customers were known to be compromised by the recent WannaCry (WannaCrypt) global cyberattack." That's great news for anyone running the latest version of the OS, and the software giant says it is working to ensure Windows 10 remains safe from other future attacks. However, if you want to guarantee your safety from ransomware, then Microsoft points out there's an even more secure option to consider -- Windows 10 S. The new, hardened Windows 10 variant only runs apps from the Windows Store, which means it can't run programs from outside Microsoft's ecosystem, and that includes malware. Which is why, as Microsoft says, "No known ransomware works against Windows 10 S."
Microsoft

Malware Uses Obscure Intel CPU Feature To Steal Data and Avoid Firewalls (bleepingcomputer.com) 128

An anonymous reader writes: Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool. The problem with Intel AMT SOL is that it's part of Intel's ME, a separate chip inside Intel CPUs that runs its own OS and stays on even when the main CPU is off.

Inside Intel's ME, AMT SOL opens a virtual network interface which works even when the PC is turned off. Furthermore, because this virtual network interface runs inside ME, firewalls and security products installed on the main OS won't detected malware using AMT SOL to exfiltrate data.

The malware was created and used by a nation-state cyber-espionage unit codenamed PLATINUM, active since 2009, and which has targeted countries around the South China Sea. PLATINUM is by far one of the most sophisticated hacking groups ever discovered. Last year [PDF], the OS maker said the group was installing malware by abusing hotpatching — a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer.

Details about PLATINUM's recent targets and attacks are available in a report [PDF] Microsoft released yesterday.

Encryption

Apple To Force Users To 2FA On iOS 11, macOS High Sierra (onthewire.io) 119

Trailrunner7 quotes a report from On the Wire: With the upcoming releases of iOS 11 and macOS High Sierra later this year, Apple is planning to force many users to adopt two-factor authentication for their accounts. The company this week sent an email to customers who have the existing two-step verification enabled for their Apple IDs, informing them that once they install the public betas of the new operating systems they will be migrated to two-factor authentication automatically. Two-step verification is an older method of account security that Apple rolled out before full two-factor authentication was available. Apple is phasing that out and will be upgrading people with eligible devices automatically. "Once updated, you'll get the same extra layer of security you enjoy with two-step verification today, but with an even better user experience. Verification codes will be displayed on your trusted devices automatically whenever you sign in, and you will no longer need to keep a printed recovery key to make sure you can reset a forgotten password," the email from Apple says.
Operating Systems

Apple To Phase Out 32-Bit Mac Apps Starting In January 2018 (macrumors.com) 249

Apple will be phasing out 32-bit apps with iOS 11, and soon the company will make the same changes on its macOS operating system. During its Platform State of the Union keynote at the Worldwide Developers Conference, Apple told developers that macOS High Sierra will be the "last macOS release to support 32-bit apps without compromises." MacRumors reports: Starting in January of 2018, all new apps submitted to the Mac App Store must be 64-bit, and all apps and app updates submitted must be 64-bit by June 2018. With the next version of macOS after High Sierra, Apple will begin "aggressively" warning users about 32-bit apps before eventually phasing them out all together. In iOS 11, 32-bit apps cannot be installed or launched. Attempting to open a non-supported 32-bit app gives a message notifying users that the app needs to be updated before it can run on iOS 11. Prior to phasing out 32-bit apps on iOS 11, Apple gave both end users and developers several warnings, and the company says it will follow the same path for the macOS operating system.

Slashdot Top Deals