SoylentNews

Phoenix666 writes:

Veritas has patched multiple remote code execution vulnerabilities in its NetBackup software and the appliance by the same name.

The vulnerabilities should be patched with this hotfix as soon as possible.

The affected versions are NetBackup 7.7.2, 7.7.3, and 8.0; and NetBackup Appliances 2.7.2, 2.7.3, and 3.0 (which is also available as a virtual appliance).

In all, five vulnerabilities were disclosed by Google Security's Sven Blumenstein and Xiaoran Wang.

Original Submission

butthurt writes:

The South China Morning Post reports that China and the United States have agreed on an arrangement for trade between the two countries to be liberalised.

The deal also provides for Chinese banks to operate in the United States, and for liquefied natural gas from the United States to be sold in China.

Original Submission

Fnord666 writes:

It seems an Avast update has screwed the pooch again, blocking HTTP requests from all applications. That's also going to make getting support to fix the issue a bit of a problem.

An Avast software update pushed out on Wednesday is preventing web access for at least some devices running the firm's freebie anti-malware software.

Users affected by the problem have started threads (here and here among others) on Avast's support forum.

El Reg learnt of the issue through reader Michael S.

"Non tech savvy users will have issues reporting or getting the problem fixed," he explained. "To regain web access you have to disable Web Shield or disable Avast or uninstall Avast. To fix the issue you have to do a clean install of the latest version of software."

It's unclear how widespread the problem is. Avast's PR reps have acknowledged our requests for comment but are yet to supply a substantive response.

Original Submission

Phoenix666 writes:

Fed up with Australian internet speeds that trail those in most of the developed world, Morgan Jaffit turned to a more reliable method of data transfer: the postal system.

Hundreds of thousands of people from around the world have downloaded Hand of Fate, an action video game made by his studio in Brisbane, Defiant Development. But when Defiant worked with an audio designer in Melbourne, more than 1,000 miles away, Mr. Jaffit knew it would be quicker to send a hard drive by road than to upload the files, which could take several days.

"It's really the big file sizes that kill us," said Mr. Jaffit, the company's co-founder and creative director. "When we release an update and there's a small bug, that can kill us by three or four days."

Australia, a wealthy nation with a widely envied quality of life, lags in one essential area of modern life: its internet speed. Eight years after the country began an unprecedented broadband modernization effort that will cost at least 49 billion Australian dollars, or $36 billion, its average internet speed lags that of the United States, most of Western Europe, Japan and South Korea. In the most recent ranking of internet speeds by Akamai, a networking company, Australia came in at an embarrassing No. 51, trailing developing economies like Thailand and Kenya.

Original Submission

Phoenix666 writes:

A future where drones drop off your online orders is another step closer this week after a new record was set for the world's longest drone delivery. On May 5, a fixed-wing HQ-40 UAV carried a package more than 97 miles (156 km), under the watchful eye of the Nevada Institute for Autonomous Systems (NIAS).

Drones from companies like Amazon, 7-Eleven, Domino's and UPS have already taken to the skies to deliver packages and pizza to customers, but those trips are usually short, last-mile trials. The record-breaking UAV journey covered 97 miles from a location in central Texas to carry a pneumatic part to the city of Austin.

Original Submission

NSA-created cyber tool spawns global ransomware attacks

cafebabe writes:

From Politico via Edward Snowden via Vinay Gupta:

Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia and the U.S., with Russia among the hardest-hit countries.

The unique malware causing the attacks - which has spread to tens of thousands of companies in 99 countries, according to the cyber firm Avast - have forced some hospitals to stop admitting new patients with serious medical conditions and driven other companies to shut down their networks, leaving valuable files unavailable.

The source of the world-wide digital assault seems to be a version of an apparent NSA-created hacking tool that was dumped online in April by a group calling itself the Shadow Brokers. The tool, a type of ransomware, locks up a company's networks and holds files and data hostage until a fee is paid. Researchers said the malware is exploiting a Microsoft software flaw.

Thoughts on a similar scenario were published by the Harvard Business Review two days before this incident.

One or more anti-virus companies may have been hacked prior to WannaCrypt infecting 75000 Microsoft Windows computers in 99 countries. First, anti-virus software like Avast fails to make HTTP connections. Second, five million of ransomware emails are rapidly sent. Although many centralized email servers were able to stem the onslaught, many instances of anti-virus software had outdated virus definitions and were defenseless against the attack. Indeed, successful attacks were above 1%. Of these, more than 1% have already paid the ransom. Although various governments have rules (or laws) against paying ransom, it is possible that ransoms have been paid to regain access to some systems.

Also, file scrambling ransomware has similarities to REAMDE by Neal Stephenson. Although the book is extremely badly written, its scenarios (offline and online) seem to come true with forceful regularity.

Further sources: BBC (and here), Russia Today, DailyFail, Telegraph, Guardian.

Telefónica reportedly affected. NHS failed to patch computers which affected US hospitals in 2016. 16 divisions of the UK's NHS taken offline with aid of NSA Fuzzbunch exploit. The fun of a public blockchain is that ransom payments of £415,000 have been confirmed. Cancellation of heart surgery confirmed. Doctors unable to check allergies or prescribe medication. Patient access to emergency treatment denied in part due to hospital telephone exchange being offline.

It also appears that one of the affected parties refused to answer a Freedom of Information request in Nov 2016 about cyber-security due to impact on crime detection. Similar parties provided responses to the same request.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

The Dakota Access pipeline already had its first leak – 84 gallons of oil – at a pump station in South Dakota in early April, sparking outrage and calling into question its environmental safety.

[...] The report of the spill can be found on the Department of Environmental and Natural Resources website. The agency apparently did not make any official announcement on the incident as it was relatively minor and had no environmental impact, according to Brian Walsh, a scientist with the department, as cited by the Guardian. The site "was cleaned up right away," the official added as quoted by ABC news.

The spill occurred less than 110 miles from Lake Oahe, which supplies Sioux tribes with water.

Source: Dakota Access pipeline suffers oil leak even before becoming operational

Original Submission

Phoenix666 writes:

New research finds that 25% of all physical servers -- and 30% of all virtual servers -- are comatose. These are systems that have no activity in the last six months.

The problem with comatose, or zombie, physical servers is well known. Past studies have routinely put the number of undead enterprise physical servers in the 20% to 30% range. But this latest research looked at virtual servers as well, and they may represent a significant cost to IT departments.

That's because users may be paying licensing fees on their virtual servers, as well as on the software they support, said the researchers.

Comatose servers, both virtual and physical, may also represent "an unappreciated security risk" because they aren't patched and maintained, according to the research paper by Jonathan Koomey, a research fellow at Stanford University, and Jon Taylor, a partner at the Athensis Group, a consulting firm.

The Zombie Apocalypse may not take the form you've been expecting...

Original Submission

Phoenix666 writes:

A Prince Rupert's drop looks like a glass tadpole from a beginner's crafts festival, but it's so strong it can take a hammer hit without breaking. That would be impressive enough, but if you break its tail, which can be done with finger pressure, the drop explodes into powder. The reason for this has mystified scientists for 400 years, but a team from Purdue University, the University of Cambridge, and Tallinn University of Technology in Estonia finally has an answer.

[...]Focusing on the head of the drop instead of the tail, the current study found that the compressive stresses in the glass are about 50 tons per square inch, which gives it the strength of some steels. According to the team, this is because the outside of the drop cools faster than the inside. This turns the outside into a layer of powerful compressive forces pushing inward. These are balanced out by the tensile or pulling forces inside the drop.

So long as these forces remain in balance, the drop remains stable and can withstand tremendous punishment. Normally, because glass is a supercooled liquid rather than a solid, any cracks in the surface propagate at the speed of sound through a glass object, breaking it.

But in a Prince Rupert's drop, the interface between the inner and outer regions deflects the forces sideways, so the crack can't propagate. However, if the tail is broken, The shallow cracks in the tail shoot parallel to the axis of the drop, deep into the head, and into the interface. The damage is so great that the balanced forces are released, causing the drop to explode.

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

"Beginning May 9, 2017, Microsoft released updates to Microsoft Edge and Internet Explorer 11 to block sites that are protected with a SHA-1 certificate from loading and to display an invalid certificate warning," the company announced.

The change, however, impacts only SHA-1 certificates that chain to a root in the Microsoft Trusted Root Program where the end-entity certificate or the issuing intermediate uses SHA-1. This means that enterprises or self-signed SHA-1 certificates won't be affected by this. They are, however, encouraged to migrate to SHA-2 based certificates as fast as possible.

"Microsoft recommends that all customers migrate to SHA-2, and the use of SHA-1 as a hashing algorithm for signing purposes is discouraged and is no longer a best practice. The root cause of the problem is a known weakness of the SHA-1 hashing algorithm that exposes it to collision attacks. Such attacks could allow an attacker to generate additional certificates that have the same digital signature as an original," the company notes.

Source: Microsoft Kills SHA-1 Support in Edge, Internet Explorer 11

Original Submission

Phoenix666 writes:

Official press release

The Cannes Film Festival is taking a stand against Netflix. Responding to a rumor that the streaming service's Okja, directed by Bong Joon Ho, and The Meyerowitz Stories, directed by Noah Baumbach, would be excluded from awards consideration after being included in the Competition lineup, the festival released a statement clarifying and adjusting its positioning going forward. The short version: From now on, if you want to compete at Cannes, your movie had better be released in French movie theaters—not just online.

There has long been a point of tension between Cannes and Netflix, to the extent where the inclusion of Okja and The Meyerowitz Stories came as a bit of a surprise. Netflix films had previously been snubbed and festival officials had advocated for "discouraging" the streaming service's online-first approach to release. The two movies included in Cannes' lineup this year are slated for theatrical bows stateside, but according to the festival's official statement, "no agreement has been reached" to get the moves into French cinemas and the effort to reach one was made "in vain." However, the statement does clarify that this rule goes into effect next year, so Okja and The Meyerowitz Stories will remain in competition and eligible for the Palme d'Or.

Seems the Cannes Film Festival is less about film and more about an outdated business model.

Original Submission

Phoenix666 writes:

If you've ever had to help your child with math homework, you really appreciate their teachers, who do it every day. "Math anxiety" isn't something only kids experience.

Maybe you haven't seen an algebra formula in years, and weren't that comfortable with them when you were a student. Maybe you're a skilled mathematician, but don't know how to explain what you're doing to a child. Whatever the case, math homework can leave parents feeling every bit as frustrated as their children. Homework doesn't have to lead to unpleasantness, though.

What I've learned through my own experience—as a teacher, a researcher, from helping my own children, and now watching my daughter work as an elementary school mathematics teacher—is that communication is (excuse the pun) the common denominator when it comes to making math homework a positive experience.

The National Science Foundation (NSF), where I work, is dedicated to research. We support scientists across the country who study learning and education systems. But we're also teachers at heart. On lunch breaks in the past, a group of us gathered to help our NSF peers with their own questions about how to help their kids learn math.

Here are a few tips from what we've learned:

Do Soylentils have better tips, things that have really helped their own kids learn math?

Original Submission

Phoenix666 writes:

a team of researchers from the University of California, Los Angeles (UCLA) and the University of Connecticut have designed a biofriendly supercapacitor system that charges up using electrolytes from biological fluids, such as blood serum and urine. It works in tandem with an energy harvester that can convert heat and motion into electricity that is stored in the supercapacitor.
...
The new biosupercapacitor consists of an electrode that is made of graphene layered with modified human proteins, while biological fluids act as electrolytes. Unlike unmodified graphene oxide, which was found to cause toxic cell damage at low doses, the protein-modified graphene oxide nanocomposite material developed by the team showed no toxicity in mouse embryo fibroblasts and cell cultures at high concentrations.

The team says the bioelectrical capacitor device measures just one micrometer thick, is flexible, allowing it to stand up the mechanical stresses of being twisted and turned inside the body, and boasts an energy density comparable to lithium thin film batteries that are currently used in pacemakers. Although supercapacitors haven't yet been widely incorporated in medical implant devices, the researchers claim the technology holds potential for such uses.

"Combining energy harvesters with supercapacitors can provide endless power for lifelong implantable devices that may never need to be replaced," said Maher El-Kady, a UCLA postdoctoral researcher. "Our research focused on custom-designing our supercapacitor to capture energy effectively, and finding a way to make it compatible with the human body."

It would never work. Medical device manufacturers would lose too much money.

Original Submission

An Anonymous Coward writes:

Waymo plans to add another 500 minivans to the ones they already have wired for autonomous operation and let selected customers in the Phoenix area use them. Story found at this link, http://www.automotivetestingtechnologyinternational.com/news.php?NewsID=85295

Krafcik seems to be another one of the anointed ones out of Detroit, https://en.wikipedia.org/wiki/John_Krafcik See for example the meteoric ride (and eventual crash landing) of John Z. DeLorean...

Original Submission

butthurt writes:

ITworld has a story about certain Hewlett-Packard laptop computers:

The keylogger is found within the PCs' audio driver software and has existed since at least Dec. 2015, the security firm Modzero said in a Thursday blog post.

The audio driver was designed to identify when a special key on the PC was used. But in reality, the software will capture all the keystrokes and write them in an unencrypted file located on the laptop.

The problematic driver is called MicTray64.exe — versions 1.0.0.31 through 1.0.0.46 are known to be affected. The logged keystrokes are written either to the world-readable file C:\Users\Public\MicTray.log or through the OutputDebugString API. The latter can be observed using Microsoft's debugview utility.

The Modzero website has the technical details.

ThreatPost adds:

ModZero is warning the issue (CVE-2017-8360) could lead to the leaking of sensitive user information, such as passwords. Anyone with access to the unencrypted file system could recover the data. Furthermore, since the program isn't considered malicious, malware authors wouldn't have trouble capturing victim's keystrokes either. Researchers say the keylogger comes registered as a Microsoft Scheduled Task, so it runs after each user login. While the file is overwritten each time, ModZero says it could easily be recruited by a running process or analyzed by someone with forensic tools.

Researchers surmised the software has been recording keystrokes since version 1.0.0.31 was released, on Christmas Eve 2015, but stress that the same problem exists in the most recent version, 1.0.0.46, released last October.

ModZero also warns the audio driver comes installed on a slew of HP machines, including its EliteBook, Elite x2, ProBook, and ZBook lines, but could exist in other machines. The company also delivers audio drivers for Dell, Lenovo, and Asus machines although at this point it's not certain they feature the same audio driver.

The firm says the following HP products are affected however: