Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Security

Antivirus Software Is 'Increasingly Useless' and May Make Your Computer Less Safe (www.cbc.ca) 212

Emily Chung, writing for CBC: Is your antivirus protecting your computer or making it more hackable? Internet security experts are warning that anti-malware technology is becoming less and less effective at protecting your data and devices, and there's evidence that security software can sometimes even make your computer more vulnerable to security breaches. This week, the U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) issued a warning about popular antivirus software made by Symantec, some of it under the Norton brand, after security researchers with Google's Project Zero found critical vulnerabilities. "These vulnerabilities are as bad as it gets. They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible," wrote Google researcher Tavis Ormandy in a blog post. Symantec said it had verified and addressed the issues in updates that users are advised to install. It's not the only instance of security software potentially making your computer less safe. Concordia University professor Mohammad Mannan and his PhD student Xavier de Carne de Carnavalet recently presented research on antivirus and parental control software packages, including popular brands like AVG, Kaspersky and BitDefender, that bypass some security features built into internet browsers to verify whether sites are safe or not in order to be able to scan encrypted connections for potential threats. In theory, they should make up for it with their own content verification systems. But Mannan's research, presented at the Network and Distributed System Security Symposium in California earlier this year, found they didn't do a very good job. "We were surprised at how bad they were," he said in an interview. "Some of them, they did not even make it secure in any sense."
Security

Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets' (fortune.com) 113

Google's Project Zero team has discovered a heap of critical vulnerabilities in Symantec and Norton security products. The flaws, the team says, allow hackers to completely compromise people's machines by simply sending them malicious self-replicating code through unopened emails or un-clicked links. According to a Fortune report, the vulnerabilities affect millions of people who run the company's endpoint security and antivirus software -- all 17 enterprise products (Symantec brand) and eight consumer and small business products (Norton brand). Dan Goodin, reporting for Ars Technica:The flaws reside in the engine the products use to reverse the compression tools malware developers use to conceal their malicious payloads. The unpackers work by parsing code contained in files before they're allowed to be downloaded or executed. Because Symantec runs the unpackers directly in the operating system kernel, errors can allow attackers to gain complete control over the vulnerable machine. Tavis Ormandy, a researcher with Google's Project Zero, said a better design would be for unpackers to run in a security "sandbox," which isolates untrusted code from sensitive parts of an operating system.
Security

NASCAR Team Pays Ransomware Fee To Recover Files Worth $2 Million (softpedia.com) 58

An anonymous reader writes: "NASCAR team Circle Sport-Leavine Family Racing (CSLFR) revealed today it faced a ransomware infection this past April when it almost lost access to crucial files worth nearly $2 million, containing car parts lists and custom high-profile simulations that would have taken 1,500 man-hours to replicate," reports Softpedia. "The infection took place on the computer belonging to CSLFR's crew chief. Winston's staff detected the infection when encrypted files from Winston's computer began syncing to their joint Dropbox account." It was later discovered that he was infected with the TeslaCrypt ransomware. Because the team had no backups of the crucial data, they eventually paid the ransom (around $500). This happened before TeslaCrypt's authors decided to shut down their operations and release free decryption keys.
Piracy

Fake Gaming Torrents Download Unwanted Apps Instead of Popular Games (helpnetsecurity.com) 92

Reader Orome1 writes: If you're looking for torrents to download pirated copies of popular games, be extra careful not to be tricked into downloading malicious and unwanted software instead. According to Symantec researchers, who have been trawling popular torrent websites, there's an active distribution campaign going on that delivers potentially unwanted apps posing as torrents for games like Assassin's Creed Syndicate, The Witcher 3, World of Warcraft: Legion, The Walking Dead: Michonne, and several others. At first glance, the torrent does not seem suspicious -- its size is as small as expected from a torrent file. After saying "Yes" to the UAC security dialogue that asks if they are sure they want to allow the program to make changes to the computer, users end up with a file downloaded from a Google Drive -- a file that is considerably larger than a torrent file (around 3.5 MB) and is obviously an executable.
Security

ASUS Delivers Its Updates Over HTTP With No Verification (softpedia.com) 77

The top five PC sellers have big security holes in the third-party tools which updates their software. Now Softpedia follows up with a report that "The ASUS LiveUpdate software that comes pre-installed on all ASUS computers downloads critical BIOS and UEFI updates via plaintext HTTP and installs them without verifying the content's source or validity." An anonymous reader shares this report from developer Morgan Gangwere: "Content is delivered via ZIP archives over plain HTTP, extracted into a temporary directory and an executable run as a user in the "Administrators" NT group ("Highest Permissions" task scheduler).
Softpedia adds that "The attackers wouldn't even need to mess around modifying low-level firmware code because the update process would launch anything you throw at it. This includes spyware, backdoors, remote access trojans, and anything an attacker would wish."
Microsoft

Even In Remotest Africa, Windows 10 Nagware Ruins Your Day (theregister.co.uk) 224

Iain Thomson, writing for The Register: When you're stuck in the middle of the Central African Republic (CAR) trying to protect the wildlife from armed poachers and the Lord's Resistance Army, then life's pretty tough. And now Microsoft has made it tougher with Windows 10 upgrades. The Chinko Project manages roughly 17,600 square kilometres (6,795 square miles) of rainforest and savannah in the east of the CAR, near the border with South Sudan. Money is tight, and so is internet bandwidth. So the staff was more than a little displeased when one of the donated laptops the team uses began upgrading to Windows 10 automatically, pulling in gigabytes of data over a radio link. And it's not just bandwidth bills they have to worry about. "If a forced upgrade happened and crashed our PCs while in the middle of coordinating rangers under fire from armed militarized poachers, blood could literally be on Microsoft's hands," said one member of the team.This is not a one-off case. We're reading about similar incidents everyday. Automatic updates, accidental automatic update, and the humongous data that these updates eat are ruining user experience for many. These are real issues. It's been roughly a year since Windows 10 has been officially available to consumers, and Microsoft is yet to address the issue.
HP

Top Windows OEM Lenovo Urges Customers To Uninstall Accelerator Application (lenovo.com) 49

Two-Factor Authentication service Duo Security reported earlier that third-party updating tools found on Dell, HP, Lenovo, Acer, and Asus (the top five Windows OEMs) are vulnerable to man-in-the-middle attack. Hours later, Lenovo, the world's largest Windows OEM by shipment figure, has issued an advisory in which it urges users to uninstall Accelerator Application, which comes preinstalled on many of its laptops and desktops models. Fortune reports: Specifically, as Lenovo said in an advisory notice, the auto-update feature in its Accelerator Application software can be exploited by a "man-in-the-middle attack" -- someone could get in between the computer and the server pushing out the updated software, fooling the computer into installing a fake version of the update instead of the genuine article. Such attacks can allow anything from surreptitious malware installation to the insertion of surveillance capabilities, or even the hijacking of PCs.
Microsoft

Windows Zero-Day Affecting All OS Versions On Sale For $90,000 (softpedia.com) 187

An anonymous reader writes: "A hacker going by the handle BuggiCorp is selling a zero-day vulnerability affecting all Windows OS versions that can allow an attacker to elevate privileges for software processes to the highest level available in Windows, known as SYSTEM," writes Softpedia. The zero-day is up for sale on a Russian underground hacking forum, and is currently available for $90,000 -- after it was initially up for $95,000. The hacker is saying he'll sell the zero-day to one person only, who'll receive its source code and a working demo. Two videos are available, one showing the hacker exploit Windows 10 with the May 2016 security patch, and another one bypassing all EMET features. While security experts think the zero-day may be overpriced, they think the hacker will find a buyer regardless.
Microsoft

Microsoft Warns of ZCryptor Ransomware With Self-Propagation Features (softpedia.com) 71

An anonymous reader writes from a report issued by Softpedia on May 27: Microsoft and several other security researchers have detected the first ransomware versions that appears to have self-propagation features, being able to spread to other machines on its own by copying itself to shared network drives or portable storage devices automatically. Called ZCryptor, this ransomware seems to enjoy quite the attention from crooks, who are actively distributing today via Flash malvertising and boobytrapped Office files that infect the victim if he enables macro support when opening the file. This just seems to be the latest addition to the ransomware family, one which recently received the ability to launch DDoS attacks while locking the user's computer.
Portables (Apple)

ASUS' ZenBook 3 Is Thinner, Lighter and Faster Than the MacBook (engadget.com) 209

At the ongoing Computex trade show in China, Asus unveiled the ZenBook 3 laptop. The ZenBook 3's chassis measures 11.9mm while the whole body weighs 910g. At the event, the company's executive said that ZenBook 3 is better than both MacBook Air and the 12-inch MacBook. As for the specifications, the ZenBook 3, which is crafted from aerospace-grade aluminum alloy, sports a 12.5-inch full-HD display (1920x1080 pixels), and offers up to Core i7 processor, 16GB of 2133MHz RAM, up to a 1TB PCIe Gen 3 x4 SSD, a next-gen USB Type-C port (for power and data transfer), powerful quad-speaker audio by Harman Kardon, and a fingerprint scanner. Do note that there is only one USB port on the device. The entry-level variant featuring Core i5 processor, 256GB of SSD and 4GB of RAM is priced at 999, while the top-of-the-line model will set you back by $1,999. Asus also had nice things to say about the keyboard, though Engadget's reporter was not impressed. More details here.
Security

Medical Equipment Crashes During Heart Procedure Because Of Antivirus Scan (softpedia.com) 266

An anonymous reader quotes a report from Softpedia: The device in question is Merge Hemo, a complex medical equipment used to supervise heart catheterization procedures, during which doctors insert a catheter inside blood veins and arteries in order to diagnose various types of heart diseases. According to one such report filed by Merge Healthcare in February, Merge Hemo suffered a mysterious crash right in the middle of a heart procedure when the screen went black and doctors had to reboot their computer. Merge investigated the issue and later reported to the FDA that the problem occurred because of the antivirus software running on the doctors' computer. The antivirus was configured to scan for viruses every hour, and the scan started right in the middle of the procedure. Merge says the antivirus froze access to crucial data acquired during the heart catheterization. Unable to access real-time data, the app crashed spectacularly.
Security

Researchers Find Hybrid GozNym Malware, 24 Financial Institutions Already Affected (securityintelligence.com) 21

An anonymous reader writes: Researchers are warning about a new hybrid Trojan -- dubbed GozNym-- which is a combination of Nymaim dropper and the Gozi financial malware. IBM researchers say that the malware has been designed to target banks, ecommerce websites, and retail banking, adding that GozNym has already targeted 22 financial institutions in the United States and two in Canada. A ComputerWorld report sheds more light into it, "Nymaim is what researchers call a dropper. Its purpose is to download and run other malware programs on infected computers. It is usually distributed through Web-based exploits launched from compromised websites. Nymaim uses detection evasion techniques such as encryption, anti-VM and anti-debugging routines, and control flow obfuscation. In the past, it has primarily been used to install ransomware on computers. The integration between Nymaim and Gozi became complete in April, when a new version was discovered that combined code from both threats in a single new Trojan -- GozNym."
Bitcoin

Petya Ransomware Uses DOS-Level Lock Screen, Prevents OS Boot Up (softpedia.com) 155

An anonymous reader writes: A new type of ransomware was discovered that crashes your PC into a BSOD, restarts your computer, and then prevents your OS from starting by altering the hard drive's master boot record (MBR). This keeps the user locked in a DOS screen that doubles as the ransomware's ransom note. The ransomware's name is Petya, and was currently seen only targeting HR departments in Germany.
Network

Kentucky Hospital Calls State of Emergency In Hack Attack (cnbc.com) 265

An anonymous reader quotes a report from CNBC: A Kentucky hospital is operating in an internal state of emergency following an attack by cybercriminals on its computer network, Krebs on Security reported. Methodist Hospital, based in Henderson, Kentucky, is the victim of a ransomware attack in which hackers infiltrated its computer network, encrypted files and are now holding the data hostage, Krebs reported Tuesday. The criminals reportedly used new strain of malware known as Locky to encrypt important files. The malware spread from the initial infected machine to the entire internal network and several other systems, the hospital's information systems director, Jamie Reid, told Krebs. The hospital is reportedly considering paying hackers the ransom money of four bitcoins, about $1,600 at the current exchange rate, for the key to unlock the files.
Microsoft

Once Pro-Microsoft, Here Maps Drops Support For Windows 10, Windows Phone (here.com) 101

An anonymous reader points us to a blog post at Here website: Here Maps has announced that it will be pulling its mapping and navigation service from the Windows 10 store on March 29, 2016. The parent company, Here, also announced that it will limit the development of the apps for Windows Phone 8 to critical bug fixes. In a blog post, the company wrote, "We've been developing mobile maps applications for about 10 years, since the first smartphones came with GPS. As the market evolves, we keep in step by introducing our apps for new operating systems while stopping support for others. Back in 2014, Here was one of the few divisions at Nokia that Microsoft hadn't acquired in its multi-billion dollar deal. Since then, the mapping and navigation service has been aggressively expanding. Once exclusively available to Nokia and Microsoft-centric platforms, Here Maps is now available for Samsung's smartwatch, Android as well as iOS. "You cannot be delusional about this one. HERE Is a huge loss for the Windows Phone community," tweeted long-time Microsoft watcher Paul Thurrott.

Slashdot Top Deals

Uncertain fortune is thoroughly mastered by the equity of the calculation. - Blaise Pascal

Working...