Botnet

Attackers DDoS WannaCry Kill Switch (venturebeat.com) 73

An anonymous reader quotes VentureBeat: As of late Friday, after many of the deadlines threatening data deletion had passed, few victims had paid ransoms. According to Elliptic Enterprises, only about $94,000 worth of ransoms had been paid via Bitcoin, which works out to less than one in a thousand of the 300,000 victims who were reportedly affected by WannaCry... While not as bad as feared, ransomware (not to mention cybersecurity threats in general) isn't going away. Wired reported that the domain registered by Hutchins has been under intense denial-of-service attacks delivered by an army of IoT devices marshalled, zombie-like, by Mirai.
Power

Possible Radioactive Leak Investigated At Washington Nuclear Site (upi.com) 94

Authorities are investigating radioactive material found on a worker's clothing one week after a tunnel collapse at the waste nuclear waste site in the state of Washington. Around 7 p.m. Thursday, Washington River Protection Solutions, a government contractor contractor in charge of all 177 underground storage tanks at the nuclear site. detected high radiation readings on a robotic device that seven workers were pulling out of a tank. Then, contamination was also discovered on the clothing of one worker -- on one shoe, on his shirt and on his pants in the knee area.

"Radiological monitoring showed contamination on the unit that was three times the planned limit. Workers immediately stopped working and exited the area according to procedure," said Rob Roxburgh, deputy manager of WRPS Communications & Public Relations said to KING-TV. Using leak-detection instruments, WRPS said it did not find liquid escaping the tank. "Everybody was freaked, shocked, surprised," said a veteran worker, who was in direct contact with crew members. "[The contamination] was not expected. They're not supposed to find contamination in the annulus [safety perimeter] of the double shell tanks."

Washington's attorney general, urging a federal clean-up of the site, insists "This isn't the first potential leak and it won't be the last."
Displays

New Evidence of a Decline In Electricity Use By U.S. Households (wordpress.com) 318

There's some surprising news from the Energy Institute at the University of California's business school. America's households are using less electricity than they did five years ago. So what is different? Energy-efficient lighting. Over 450 million LEDs have been installed to date in the United States, up from less than half a million in 2009, and nearly 70% of Americans have purchased at least one LED bulb. Compact fluorescent lightbulbs (CFLs) are even more common, with 70%+ of households owning some CFLs. All told, energy-efficient lighting now accounts for 80% of all U.S. lighting sales.

It is no surprise that LEDs have become so popular. LED prices have fallen 94% since 2008, and a 60-watt equivalent LED lightbulb can now be purchased for about $2. LEDs use 85% less electricity than incandescent bulbs, are much more durable, and work in a wide-range of indoor and outdoor settings.

"I would add LED TVs replacing LCD, Plasma and CRTs," writes Slashdot reader schwit1.
Security

New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two (bleepingcomputer.com) 115

An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload.

EternalRocks is far more complex than WannaCry's SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received.

Last but not least, the worm does not have a killswitch domain, which means the worm can't be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm's owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo.

Ars Technica quotes security researchers who say "there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April... These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch."
EU

EU Passes 'Content Portability' Rules Banning Geofencing (torrentfreak.com) 119

Long-time Slashdot reader AmiMoJo writes: The European Parliament has passed draft rules mandating 'content portability', i.e. the ability to take your purchased content and services across borders within the EU. Freedom of movement rules, which allow EU citizens to live and work anywhere in the EU, require that the individual is able to take their life with them -- family, property, and services. Under the new rules, someone who pays for Netflix or BBC iPlayer and then moves to another EU country will retain access to those services and the same content they had previously. Separately, rules to prevent geofencing of content within the EU entirely are also moving forward.
Botnet

Groups War Over Resources For DDoS Attacks (csoonline.com) 23

An anonymous reader quotes CSO: As more groups get into the denial-of-service attack business they're starting to get in each other's way, according to a report released Thursday... There are only so many devices around that have the kind of vulnerabilities that make them potential targets for a botnet. That translates into a smaller average attack size, said Martin McKeay, senior security advocate at Cambridge, Mass.-based Akamai Technologies Inc. There are only so many devices around that have the kind of vulnerabilities that make them potential targets for a botnet. "And other people can come in and take over the device, and take those resources to feed their own botnet," he said. "I'm seeing that over and over."
The article reports a median size for DDoS attacks of 4 gigabits per second at the start of 2015 -- which droped in the first quarter of 2017 down to 500 megabits per second.
Security

Stealing Windows Credentials Using Google Chrome (helpnetsecurity.com) 53

Orome1 writes: A default setting in Google Chrome, which allows it to download files that it deems safe without prompting the user for a download location, can be exploited by attackers to mount a Windows credential theft attack using specially-crafted SCF shortcut files, DefenseCode researchers have found. What's more, for the attack to work, the victim does not even have to run the automatically downloaded file. Simply opening the download directory in Windows File Explorer will trigger the code icon file location inserted in the file to run, and it will send the victim's username, domain and NTLMv2 password hash to a remote SMB server operated by the attackers.
United States

Is Russia Conducting A Social Media War On America? (time.com) 469

An anonymous reader writes: Time magazine ran a cover story about "a dangerous new route for antidemocratic forces" -- social media. "Using these technologies, it is possible to undermine democratic government, and it's becoming easier every day," says Rand Waltzman of the Rand Corp., who ran a major Pentagon research program to understand the propaganda threats posed by social media technology." The article cites current and former FBI and CIA officials who now believe Russia's phishing emails against politicians were "just the most visible battle in an ongoing information war against global democracy." They cite, for example, a March report by U.S. counterintelligence which found "Russians had sent expertly tailored messages carrying malware to more than 10,000 Twitter users in the Defense Department." Each message contained links tailored to the interests of the recipient, but "When clicked, the links took users to a Russian-controlled server that downloaded a program allowing Moscow's hackers to take control of the victim's phone or computer -- and Twitter account...

"In 2016, Russia had used thousands of covert human agents and robot computer programs to spread disinformation referencing the stolen campaign emails of Hillary Clinton, amplifying their effect. Now counterintelligence officials wondered: What chaos could Moscow unleash with thousands of Twitter handles that spoke in real time with the authority of the armed forces of the United States?" The article also notes how algorithms now can identify hot-button issues and people susceptible to suggestion, so "Propagandists can then manually craft messages to influence them, deploying covert provocateurs, either humans or automated computer programs known as bots, in hopes of altering their behavior. That is what Moscow is doing, more than a dozen senior intelligence officials and others investigating Russia's influence operations tell Time."

The article describes a Russian soldier in the Ukraine pretending to be a 42-year-old American housewife. Meanwhile, this week Time's cover shows America's White House halfway-covered with Kremlin-esque spires -- drawing a complaint from the humorists at Mad magazine, who say Time copied the cover of Mad's December issue.
United States

Aftermath From The Net Neutrality Vote: A Mass Movement To Protect The Open Internet? (mashable.com) 132

After Thursday's net neutrality vote, two security guards pinned a reporter against a wall until FCC Commissioner Michael O'Rielly had left the room, the Los Angeles Times reports. The Writers Guild of America calls the FCC's 2-to-1 vote to initiate a repeal of net neutrality rules a "war on the open internet," according to The Guardian. But the newspaper now predicts that online activists will continue their massive campaign "as the month's long process of reviewing the rules begins." The Hill points out that Mozilla is already hiring a high-profile tech lobbyist to press for both cybersecurity and an open internet, and in a blog post earlier this week the Mozilla Foundation's executive director sees a larger movement emerging from the engagement of millions of internet users. Today's support for net neutrality isn't the start of the Internet health movement. People have been standing up for an open web since its inception -- by advocating for browser choice, for open source practices, for mass surveillance reform. But net neutrality is an opportunity to propel this movement into the mainstream... If we make Internet health a mainstream issue, we can cement the web as a public resource. If we don't, mass surveillance, exclusion and insecurity can creep into every aspect of society. Hospitals held hostage by rogue hackers can become the status quo.
Meanwhile, The Guardian reports that it's not till the end of the FCC's review process that "a final FCC vote will decide the future of internet regulation," adding that however they vote, "court challenges are inevitable."
Transportation

Delta Airlines Tests Facial Recognition To Speed Up Baggage Check-In (cnn.com) 57

Would you let Delta airlines scan your face if it meant you could skip the line to check-in your baggage? An anonymous reader quotes CNN: Delta is testing a face-scanning kiosk for baggage check... It uses facial recognition technology to match your identity to your passport photo. You tag your own bags, pay the fee and drop your luggage on a conveyor belt... Delta will test four of the machines at Minneapolis-St. Paul International Airport this summer. The airline spent $600,000 on the four kiosks.
A senior staff attorney at the EFF warns this could be a slippery slope -- at what point this morphs into airline surveillance? But a Delta spokerspeson insists the images won't be stored, that they're complying with privacy laws, and that the kiosks could double the number of passengers whisking through their check-in procedures.
IBM

New OS/2 Warp Operating System 'ArcaOS' 5.0 Released (arcanoae.com) 145

The long-awaited modern OS/2 distribution from Arca Noae was released Monday. martiniturbide writes: ArcaOS 5.0 is an OEM distribution of IBM's discontinued OS/2 Warp operating system. ArcaOS offers a new set of drivers for ACPI, network, USB, video and mouse to run OS/2 in newer hardware. It also includes a new OS installer and open source software like Samba, Libc libraries, SDL, Qt, Firefox and OpenOffice... It's available in two editions, Personal ($129 with an introductory price of $99 for the first 90 days [and six months of support and maintenance updates]) and Commercial ($239 with one year of support and maintenance).

The OS/2 community has been called upon to report supported hardware, open source any OS/2 software, make public as much OS/2 documentation as possible and post the important platform links. OS2World insists that open source has helped OS/2 in the past years and it is time to look under the hood to try to clone internal components like Control Program, Presentation Manager, SOM and Workplace Shell.

By Tuesday Arca Noae was reporting "excessive traffic on the server which is impacting our ordering and delivery process," though the actual downloads of the OS were unaffected, the server load issues were soon mitigated, and they thanked OS/2 enthusiasts for a "truly overwhelming response."
Earth

Arctic Stronghold of World's Seeds Flooded After Permafrost Melts (theguardian.com) 178

An anonymous reader quotes a report from The Guardian: It was designed as an impregnable deep-freeze to protect the world's most precious seeds from any global disaster and ensure humanity's food supply forever. But the Global Seed Vault, buried in a mountain deep inside the Arctic circle, has been breached after global warming produced extraordinary temperatures over the winter, sending meltwater gushing into the entrance tunnel. The vault is on the Norwegian island of Spitsbergen and contains almost a million packets of seeds, each a variety of an important food crop. When it was opened in 2008, the deep permafrost through which the vault was sunk was expected to provide "failsafe" protection against "the challenge of natural or man-made disasters". But soaring temperatures in the Arctic at the end of the world's hottest ever recorded year led to melting and heavy rain, when light snow should have been falling. "It was not in our plans to think that the permafrost would not be there and that it would experience extreme weather like that," said Hege Njaa Aschim, from the Norwegian government, which owns the vault. "A lot of water went into the start of the tunnel and then it froze to ice, so it was like a glacier when you went in," she told the Guardian. Fortunately, the meltwater did not reach the vault itself, the ice has been hacked out, and the precious seeds remain safe for now at the required storage temperature of -18C. But the breach has questioned the ability of the vault to survive as a lifeline for humanity if catastrophe strikes.
Earth

Chemists May Be Zeroing In On Chemical Reactions That Sparked the First Life (sciencemag.org) 121

sciencehabit quotes a report from Scientific Magazine: DNA is better known, but many researchers today believe that life on Earth got started with its cousin RNA, since that nucleic acid can act as both a repository of genetic information and a catalyst to speed up biochemical reactions. But those favoring this "RNA world" hypothesis have struggled for decades to explain how the molecule's four building blocks could have arisen from the simpler compounds present during our planet's early days. Now chemists have identified simple reactions that, using the raw materials on early Earth, can synthesize close cousins of all four building blocks. The resemblance isn't perfect, but it suggests scientists may be closing in on a plausible scenario for how life on Earth began. The study has been published in the journal Nature.
Space

Scientists Claim 'Cold Spot' In Space Could Offer Evidence of a Parallel Universe (inhabitat.com) 125

New submitter LCooke writes: A international research team led by the University of Durham thinks a mysterious cold spot in the universe could offer evidence of a parallel universe. The cold spot could have resulted after our universe collided with another. Physicist Tom Shanks said, [...] "the cold spot might be taken as the first evidence for the multiverse -- and billions of other universes may exist like our own." From the report via Inhabitat: "NASA first discovered the baffling cold spot in 2004. The cold spot is 1.8 billion light years across and, as you may have guessed, colder than what surrounds it in the universe. Scientists thought perhaps it was colder because it had 10,000 less galaxies than other regions of similar size. They even thought perhaps the cold spot was just a trick of the light. But now an international team of researchers think perhaps the cold spot could actually offer evidence for the concept of a multiverse. The Guardian explains an infinite number of universes make up a multiverse; each having its own reality different from ours. These scientists say they've ruled out the last-ditch optical illusion idea. Instead, they think our universe may have collided with another in what News.com.au described as something like a car crash; the impact could have pushed energy away from an area of space to result in the cold spot." The study has been published in the journal Monthly Notices of the Royal Astronomical Society.

Slashdot Top Deals