Security

London Metropolitan Police's 18,000 Windows XP PCs Is a Disaster Waiting To Happen (mspoweruser.com) 78

According to MSPoweruser, the London Metropolitan Police are still using around 18,000 PCs powered by Windows XP, an operating system Microsoft stopped supporting in 2014. What's more is that the police force is upgrading its PCs from Windows XP to Windows 8.1, instead of Windows 10. Only 8 PCs at the police force are reportedly powered by the "most secure version of Windows right now." From the report: From the looks of things, the London Metropolitan Police will continue to upgrade their systems to Windows 8.1 at the moment. Windows 8.1 is still being supported by Microsoft, although the mainstream support for the OS is set to end on the 9 January 2018. Microsoft will offer extended support for the OS until 2023, which means Windows 8.1 is still a much more secure alternative for the Metropolitan Police than Windows XP. Windows 10 still would have been the best option in terms of security, however. Microsoft is releasing security updates for the OS every month, and the new advanced security features like Windows Defender Advanced Threat Protection makes PCs running Windows a whole lot more secure. The spokesman of the 0Conservative London Assembly said in a statement: "The Met is working towards upgrading its software, but in its current state it's like a fish swimming in a pool of sharks. It is vital the Met is given the resources to step up its upgrade timeline before we see another cyber-attack with nationwide security implications."
Security

The Petya Ransomware Is Starting To Look Like a Cyberattack in Disguise (theverge.com) 104

Further research and investigation into Petya ransomware -- which has affected computers in over 60 countries -- suggest three interesting things: 1. Ukraine was the epicentre of the attack. According to Kaspersky, 60 percent of all machines infected were located within Ukraine. 2. The attackers behind the attack have made little money -- around $10,000. Which leads to speculation that perhaps money wasn't a motive at all. 3. Petya was either "incredibly buggy, or irreversibly destructive on purpose." An anonymous reader shares a report: Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program's decryption failure in a post today, Comae's Matthieu Suiche concluded a nation state attack was the only plausible explanation. "Pretending to be a ransomware while being in fact a nation state attack," Suiche wrote, "is in our opinion a very subtle way from the attacker to control the narrative of the attack." Another prominent infosec figure put it more bluntly: "There's no fucking way this was criminals." There's already mounting evidence that Petya's focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky.
Government

FBI Interviews Employees of Russia-Linked Cyber Security Firm Kaspersky Lab (nbcnews.com) 36

FBI agents on Tuesday paid visits to at least a dozen employees of Kaspersky Lab, a Russia-based cyber-security company, asking questions about that company's operations as part of a counter-intelligence inquiry, multiple sources familiar with the matter told NBC News. From a report: In a classic FBI investigative tactic, agents visited the homes of the employees at the end of the work day at multiple locations on both the east and west coasts, the sources said. There is no indication at this time that the inquiry is part of Special Counsel Robert Mueller's investigation into Russian election meddling and possible collusion. Kaspersky has long been of interest to the U.S. government. Its cyber-security software is widely used in the United States, and its billionaire owner, Eugene Kaspersky, has close ties to some Russian intelligence figures, according to U.S. officials.
Security

Microsoft's Telemetry Shows Petya Infections in 65 Countries Around the World (microsoft.com) 82

From a blog post by Microsoft: On June 27, 2017 reports of a ransomware infection began spreading across Europe. We saw the first infections in Ukraine, where more than 12,500 machines encountered the threat. We then observed infections in another 64 countries, including Belgium, Brazil, Germany, Russia, and the United States. The new ransomware has worm capabilities, which allows it to move laterally across infected networks. Based on our investigation, this new ransomware shares similar codes and is a new variant of Ransom:Win32/Petya. This new strain of ransomware, however, is more sophisticated. [...] Initial infection appears to involve a software supply-chain threat involving the Ukrainian company M.E.Doc, which develops tax accounting software, MEDoc. Although this vector was speculated at length by news media and security researchers -- including Ukraine's own Cyber Police -- there was only circumstantial evidence for this vector. Microsoft now has evidence that a few active infections of the ransomware initially started from the legitimate MEDoc updater process. A New York Times reports how rest of the world is dealing with Petya. From the article: A fuller picture of the impact will probably emerge in the coming days. But companies and government offices worldwide appeared less affected than the WannaCry attack, notably in places like China, which was hard hit in May. Reports from Asia suggested that many of the companies hit were the local arms of European and American companies struck on Tuesday. In Mumbai, India, a port terminal operated by A.P. Moller-Maersk, the Danish shipping giant, was shut after it disclosed that it had been hit by the malware. In a statement, Indian port authorities said they were taking steps to relieve congestion, such as finding places to park stranded cargo. The attack shut the terminal down on Tuesday afternoon. On the Australian island of Tasmania, computers in a Cadbury chocolate factory owned by Mondelez International, the American food company, displayed the ransomware message, according to the local news media.
United Kingdom

Britain's Newest Warship Runs Windows XP, Raising Cyber Attack Fears (telegraph.co.uk) 292

Chrisq shares a report from The Telegraph: Fears have been raised that Britain's largest ever warship could be vulnerable to cyber attacks after it emerged it appears to be running the outdated Microsoft Windows XP. A defense source told The telegraph that some of the on-board hardware and software "would have been good in 2004" when the carrier was designed, "but now seems rather antiquated." However, he added that HMS Queen Elizabeth is due to be given a computer refit within a decade. And senior officers said they will have cyber specialists on board to defend the carrier from such attacks.
Security

Petya Ransomware Outbreak Originated In Ukraine Via Tainted Accounting Software (bleepingcomputer.com) 21

An anonymous reader quotes a report from Bleeping Computer: Today's massive ransomware outbreak was caused by a malicious software update for M.E.Doc, a popular accounting software used by Ukrainian companies. According to several researchers, such as Cisco Talos, ESET, MalwareHunter, Kaspersky Lab, and others, an unknown attacker was able to compromise the software update mechanism for M.E.Doc's servers, and deliver a malicious update to customers. When the update reached M.E.Doc's customers, the tainted software packaged delivered the Petya ransomware -- also referenced online as NotPetya, or Petna. The Ukrainian software vendor appears to have inadvertently confirmed that something was wrong when, this morning, issued a security advisory. Hours later, as the ransomware outbreak spread all over Ukraine and other countries across the globe causing huge damages, M.E.Doc denied on Facebook its servers ever served any malware. According to security researcher MalwareHunter, this is not the first time M.E.Doc has carried a malicious software update that delivered ransomware. Back in May, the company's software update mechanism also helped spread the XData ransomware.
Crime

Police Use Lyft As 'Trojan Horse' To Capture Suspect In Murder of Tech CEO (myajc.com) 64

McGruber writes: On Friday, June 23, 2017, three men broke into the home of Albert Eugene DeMagnus, the CEO of Computer Management Services. The men stabbed DeMangus, who was pronounced dead after he had been taken to a hospital. Police officers chased two of the suspects as they fled in DeMangus' gray Lexus. The Lexus crashed and the two men ran away into the woods. Police then set up a perimeter with road checkpoints. Soon, a Lyft driver approached a checkpoint and told police she was picking up a passenger nearby. "This may be one of our suspects trying to leave the scene," Fayette County, Georgia Sheriff Barry Babb thought of the person being picked up. So Babb and three officers got into his car, which happened to be identical to the Lyft driver's. They got the location of the suspect from the Lyft driver and simply drove to the suspect, posing as his ride. "The subject walked all the way up, was about to open the door and get in our vehicle, when we exited and identified ourself," said Sheriff Babb. The suspect fled and got about 100 yards into the woods before being taken into custody. "That was something that was unique for us," Babb said, "a first time for us."
Microsoft

Microsoft Bringing EMET Back As a Built-In Part of Windows 10 (arstechnica.com) 47

An anonymous reader quotes a report from Ars Technica: The Windows 10 Fall Creators Update will include EMET-like capabilities managed through a new feature called Windows Defender Exploit Guard. Microsoft's EMET, the Enhanced Mitigation Experience Toolkit, was a useful tool for hardening Windows systems. It used a range of techniques -- some built in to Windows, some part of EMET itself -- to make exploitable security flaws harder to reliably exploit. The idea being that, even if coding bugs should occur, turning those bugs into actual security issues should be made as difficult as possible. With Windows 10, however, EMET's development was essentially cancelled. But as more mitigation capabilities have been put into Windows, the need for a system for managing and controlling them has not gone away. Some of the mitigations introduce application compatibility issues -- a few even require applications to be deliberately written with the mitigation in mind -- which means that Windows does not simply turn on every mitigation for every application. It's here that Exploit Guard comes in.
Businesses

The App Economy Will Be Worth $6 Trillion in Five Years (recode.net) 90

An anonymous reader shares a report: In five years, the app economy will be worth $6.3 trillion, up from $1.3 trillion last year, according to a report released today by app measurement company App Annie. What explains the growth? More people are spending more time and -- crucially -- more money in apps. While on average people aren't downloading many more apps, App Annie expects global app usership to nearly double to 6.3 billion people in the next five years while the time spent in apps will more than double. And, it expects the average app spend -- including app-store purchases, advertising spend and, most importantly, commerce -- to increase from $379 per person to $1,008 in 2021. The 800-pound -- or $6 trillion -- gorilla in the room is mobile commerce.
China

China's All-Seeing Surveillance State Is Reading Its Citizens' Faces (wsj.com) 104

China's government is using facial-recognition technology to help promote good behavior and catch lawbreakers, reports the WSJ. From the article: Facial-recognition technology, once a specter of dystopian science fiction, is becoming a feature of daily life in China, where authorities are using it on streets, in subway stations, at airports and at border crossings in a vast experiment in social engineering (alternative source). Their goal: to influence behavior and identify lawbreakers. Ms. Gan, 31 years old, had been caught on camera crossing illegally here once before, allowing the system to match her two images. Text displayed on the crosswalk screens identified her as a repeat offender. "I won't ever run a red light again," she said. China is rushing to deploy new technologies to monitor its people in ways that would spook many in the U.S. and the West. Unfettered by privacy concerns or public debate, Beijing's authoritarian leaders are installing iris scanners at security checkpoints in troubled regions and using sophisticated software to monitor ramblings on social media. By 2020, the government hopes to implement a national "social credit" system that would assign every citizen a rating based on how they behave at work, in public venues and in their financial dealings.
Businesses

Samsung To Launch Refurbished Galaxy Note 7 in South Korea On July 7 (yonhapnews.co.kr) 56

South Korean news agency Yonhap reports: Samsung plans to release the refurbished edition of the ill-fated Galaxy Note 7 smartphone next month, industry sources said Tuesday. According to the sources, Samsung will release the smartphone under the name the Galaxy Note FE, with a price tag below 700,000 won (US$616). Official sales are slated to start July 7. The South Korean tech giant suspended production and sales of the Galaxy Note 7 last year amid reports that some of the devices caught fire while charging. A probe revealed that the problems were due to the non-removable battery. Accordingly, the refurbished devices will have a smaller battery capacity than the originals, along with the latest software updates.
Businesses

Short of IT Workers At Home, Israeli Startups Recruit Elsewhere (reuters.com) 132

New submitter Alex Wilson shares a Reuters report: Driven by startups, Israel's technology industry is the fastest growing part of the economy. It accounts for 14 percent of economic output and 50 percent of exports. But a shortage of workers means its position at the cutting edge of global technology is at risk, with consequences for the economy and employment. When Alexey Chalimov founded software design firm Eastern Peak in Israel four years ago he knew he would not find the developers he needed at home. He went to Ukraine and hired 120 people to develop mobile apps and web platforms for international clients and smaller Israeli startups. "I worked for years in the Israeli market and I knew what the costs were in Israel and I knew there was a shortage of workers," he told Reuters.

The government's Innovation Authority forecasts a shortage of 10,000 engineers and programmers over the next decade in a market that employs 140,000. Israel has dropped six spots in three years to 17th in the World Economic Forum's ranking of the ease of finding skilled technology employees. In the meantime, many Israeli startups are looking abroad.

Apple

The New iPad Pro Review (twitter.com) 212

An anonymous reader writes: As tech reviewers across the United States and Europe sing praises of Apple's new iPad Pro, here's what Joshua Topolsky, former editor-in-chief of The Verge and Engadget (and now with The Outline) had to say: "It [10.5-inch iPad Pro] is inferior to a laptop in almost every way, unless you like to draw. If you think you can replace you laptop with this setup: you cannot. Imagine a computer, but everything works worse than you expect. That is the new iPad. Now, I know the software is in beta, but I also know how Apple betas work. They don't massively change. I have no doubt it's a very powerful piece of hardware, and the screen is gorgeous. Garageband is a lot of fun to play with. But this doesn't COME CLOSE to replacing your laptop, even for simple things you do, like email. AND one other thing. Apple's keyboard cover is a fucking atrocity. A terrible piece of hardware. Awkward to use, poor as a cover. Okay in a pinch if you need something LIKE a keyboard. Anyhow good to know there are still Apple fanboys who get mad if you insult their products. But I don't think it's a very good product. Finally, iOS 11 is definitely a STEP in the right direction. But guys the iPad has been around forever and it still feels half-assed. I think a lot of people are willing to contort themselves around a bad UX because marketing is powerful."
Google

Google Slapped With $2.7 Billion By EU For Skewing Searches (bloomberg.com) 338

Google suffered a major regulatory blow on Tuesday after European antitrust officials fined the search giant 2.4 billion euros, or $2.7 billion, for unfairly favoring some of its own search services over those of rivals. The European Commission concluded that the search giant abused its near-monopoly in online search to "give illegal advantage" to its own Shopping service. Margrethe Vestager, the EU's competition commissioner, said Google "denied other companies the chance to compete" and left consumers without "genuine choice." The hefty fine marks the latest chapter in a lengthy standoff between Europe and Google, which also faces two separate charges under the region's competition rules related to Android, its popular mobile software, and to some of its advertising products. From a report: Google has 90 days to "stop its illegal conduct" and give equal treatment to rival price-comparison services, according to a binding order from the European Commission on Tuesday. It's up to Google to choose how it does this and it must tell the EU within 60 days of its plans. Failure to comply brings a risk of fines of up to 5 percent of its daily revenue. [...] "I expect the Commission now to swiftly conclude the other two ongoing investigations against Google," Markus Ferber, a member of the European Parliament from Germany. "Unfortunately, the Google case also illustrates that competition cases tend to drag on for far too long before they are eventually resolved. In a fast-moving digital economy this means often enough that market abuse actually pays off and the abuser succeeds in eliminating the competition." Google has been pushing its own comparison shopping service since 2008, systematically giving it prominent placement when people search for an item, the EU said. Rival comparison sites usually only appear on page four of search results, effectively denying them a massive audience as the first page attracts 95 percent of all clicks. In a blog post, Google said the EU has "underestimated" the value Google's services brings to the table. "We believe the European Commission's online shopping decision underestimates the value of those kinds of fast and easy connections. While some comparison shopping sites naturally want Google to show them more prominently, our data show that people usually prefer links that take them directly to the products they want, not to websites where they have to repeat their searches. We think our current shopping results are useful and are a much-improved version of the text-only ads we showed a decade ago. Showing ads that include pictures, ratings, and prices benefits us, our advertisers, and most of all, our users. And we show them only when your feedback tells us they are relevant. Thousands of European merchants use these ads to compete with larger companies like Amazon and eBay. [...] Given the evidence, we respectfully disagree with the conclusions announced today. We will review the Commission's decision in detail as we consider an appeal, and we look forward to continuing to make our case," wrote Kent Walker, SVP and General Counsel at Google.
Earth

'Infarm' Startup Wants To Put a Farm In Every Grocery Store (techcrunch.com) 84

Infarm, a 40-plus person startup based in Berlin, imagines a future where every grocery store has its own farm packed with herbs, vegetables and fruit. "The plants themselves are being monitored by multiple sensors and fed by an internet-controlled irrigation and nutrition system," reports TechCrunch. "Growing out from the center, the basil is at ascending stages of its life, with the most outer positioned ready for you, the customer, to harvest." From the report: The concept might not be entirely new -- Japan has been an early pioneer in vertical farming, where the lack of space for farming and very high demand from a large population has encouraged innovation -- but what potentially sets Infarm apart, including from other startups, is the modular approach and go-to-market strategy it is taking. This means that the company can do vertical farming on a small but infinitely expandable scale, and is seeing Infarm place farms not in offsite warehouses but in customer-facing city locations, such as grocery stores, restaurants, shopping malls, and schools, enabling the end-customer to actually pick the produce themselves. In contrast, the Infarm system is chemical pesticide-free and can prioritize food grown for taste, color and nutritional value rather than shelf life or its ability to sustain mass production. Its indoor nature means it isn't restricted to seasonality either and by completely eliminating the distance between farmer and consumer, food doesn't get much fresher. When a new type of herb or plant is introduced, Infarm's plant experts and engineers create a recipe or algorithm for the produce type, factoring in nutrition, humidity, temperature, light intensity and spectrum, which is different from system to system depending on what is grown. The resulting combination of IoT, Big Data and cloud analytics is akin to "Farming-as-a-Service," whilst , space permitting, Infarm's modular approach affords the ability to keep adding more farming capacity in a not entirely dissimilar way to how cloud computing can be ramped up at the push of a button.
Google

Google Home Is 6 Times More Likely To Answer Your Question Than Amazon Alexa (adweek.com) 61

According to software developed by New York-based 360i, Google Home is six times more likely to answer your question than Amazon Alexa -- its biggest competitor. Adweek reports: It's relatively surprising, considering that RBC Capital Markets projects Alexa will drive $10 billion of revenue to Amazon by 2020 -- not to mention the artificial intelligence-based system currently owns 70 percent of the voice market. 360i's proprietary software asked both devices 3,000 questions to come to the figure. While Amazon Alexa has shown considerable strength in retail search during the agency's research, Google won the day thanks to its unmatched search abilities.
Cellphones

Software Developer Explains Why The Ubuntu Phone Failed (itwire.com) 136

troublemaker_23 quotes ITWire: A developer who worked with the Ubuntu Phone project has outlined the reasons for its failure, painting a picture of confusion, poor communication and lack of technical and marketing foresight. Simon Raffeiner stopped working with the project in mid-2016, about 10 months before Canonical owner Mark Shuttleworth announced that development of the phone and the tablet were being stopped.
Raffeiner says, for example, that "despite so many bugs being present, developers were not concentrating on fixing them, but rather on adding support for more devices." But he says he doesn't regret the time he spent on the project -- though now he spends his free time "traveling the world, taking photographs and creating bad card games, bad comics and bad games."

"Please note that this post does not apply to the UBPorts project, which continues to work on the phone operating system, Unity 8 and other components."
Hardware

Survey Says: Raspberry Pi Still Rules, But X86 SBCs Have Made Gains (linuxgizmos.com) 82

DeviceGuru writes: Results from LinuxGizmos.com's annual hacker-friendly single board computer survey are in, and not surprisingly, the Raspberry Pi 3 is the most desired maker SBC by a 4-to-1 margin. In other trends: x86 SBCs and Linux/Arduino hybrids have trended upwards. The site's popular hacker SBC survey polled 1,705 survey respondents and asked for their first, second, and third favorite SBCs from a curated list of 98 community oriented, Linux- and Android-capable boards. Spreadsheets comparing all 98 SBCs' specs and listing their survey vote tallies are available in freely downloadable Google Docs.
Other interesting findings:
  • "A Raspberry Pi SBC has won in all four of our annual surveys, but never by such a high margin."
  • The second-highest ranked board -- behind the Raspberry Pi 3 -- was the Raspberry Pi Zero W.
  • "The Raspberry Pi's success came despite the fact that it offers some of the weakest open source hardware support in terms of open specifications. This, however, matches up with our survey responses about buying criteria, which ranks open source software support and community over open hardware support."
  • "Despite the accelerating Raspberry Pi juggernaut, there's still plenty of experimentation going on with new board models, and to a lesser extent, new board projects."

Government

Obama Authorized a Secret Cyber Operation Against Russia, Says Report (engadget.com) 231

Jessica Conditt reports via Engadget: President Barack Obama learned of Russia's attempts to hack U.S. election systems in early August 2016, and as intelligence mounted over the following months, the White House deployed secrecy protocols it hadn't used since the 2011 raid on Osama bin Laden's compound, according to a report by The Washington Post. Apparently, one of the covert programs Obama, the CIA, NSA and other intelligence groups eventually put together was a new kind of cyber operation that places remotely triggered "implants" in critical Russian networks, ready for the U.S. to deploy in the event of a pre-emptive attack. The downed Russian networks "would cause them pain and discomfort," a former U.S. official told The Post. The report says CIA director John Brennan, Obama and other officials had at least four "blunt" conversations with Russian officials about its cyber intrusions beginning August 4th. Obama confronted Vladimir Putin in person during a meeting of world leaders in China this past September, the report says, and his administration even sent Russia a warning through a secure channel originally designed to help the two countries avoid a nuclear strike. Moscow apparently responded one week later -- after the U.S. election -- denying the accusation.
Operating Systems

32TB of Windows 10 Internal Builds, Core Source Code Leak Online (theregister.co.uk) 201

According to an exclusive report via The Register, "a massive trove of Microsoft's internal Windows operating system builds and chunks of its core source code have leaked online." From the report: The data -- some 32TB of installation images and software blueprints that compress down to 8TB -- were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the data has been exfiltrated from Microsoft's in-house systems since around March. The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels. In addition to this, hundreds of top-secret builds of Windows 10 and Windows Server 2016, none of which have been released to the public, have been leaked along with copies of officially released versions.

Slashdot Top Deals