| |
|
|
| |
|
|
NSA-Leaking Shadow Brokers Just Dumped Its Most Damaging Release Yet (
The Shadow Brokers -- the mysterious person or group that over the past eight months has leaked a gigabyte worth of the National Security Agency's weaponized software exploits -- just published its most significant release yet. Friday's dump contains potent exploits and hacking tools that target most versions of Microsoft Windows and evidence of sophisticated hacks on the SWIFT banking system of several banks across the world. Friday's release -- which came as much of the computing world was planning a long weekend to observe the Easter holiday -- contains close to 300 megabytes of materials the leakers said were stolen from the NSA. The contents (a convenient overview is here) included compiled binaries for exploits that targeted vulnerabilities in a long line of Windows operating systems, including Windows 8 and Windows 2012. It also included a framework dubbed Fuzzbunch, a tool that resembles the Metasploit hacking framework that loads the binaries into targeted networks. Independent security experts who reviewed the contents said it was without question the most damaging Shadow Brokers release to date. One of the Windows zero-days flagged by Hickey is dubbed Eternalblue. It exploits a remote code-execution bug in the latest version of Windows 2008 R2 using the server message block and NetBT protocols. Another hacking tool known as Eternalromance contains an easy-to-use interface and "slick" code. Hickey said it exploits Windows systems over TCP ports 445 and 139. The exact cause of the bug is still being identified. Friday's release contains several tools with the word "eternal" in their name that exploit previously unknown flaws in Windows desktops and servers. |
|
|
|
| |
|
| There are no conversations. |
| |
|
|
| cauz |
April 14, 2017, 6:36 p.m. |
| |
|
|
|
| Bill Gates |
The way to be successful in the software world is to come up with breakthrough software, and so whether it's Microsoft Office or Windows, its pushing that forward. New ideas, surprising the marketplace, so good engineering and good business are one in the same. |
| Miguel de Icaza |
The software patent problem is not limited to Mono. Software patents affect everyone writing software today. |
| Geoffrey Canada |
Banks used to open and operate between 10 and 3. They operated 10 to 3. They were closed for lunch hour. Now, who can bank between 10 and 3? The unemployed. They don't need banks. They got no money in the banks. Who created that business model? Right? And it went on for decades. You know why? Because they didn't care. It wasn't about the customers. |
| Drew Gilpin Faust |
As a scholar, you don't want to repeat yourself, ever. You're supposed to say it once, publish it, and then it's published, and you don't say it again. If someone comes and gives a scholarly paper about something they've already published, that's just terrible. As a university president, you have to say the same thing over and over and over. |
| Warren Farrell |
Women are the only 'oppressed' group that is able to buy most of the $10 billion worth of cosmetics each year; the only oppressed group that spends more on high fashion, brand-name clothing than its oppressors; the only oppressed group that watches more TV. |
| Vince Cable |
Investment banking has, in recent years, resembled a casino, and the massive scale of gambling losses has dragged down traditional business and retail lending activities as banks try to rebuild their balance sheets. This was one aspect of modern financial liberalisation that had dire consequences. |
| David Einhorn |
Microsoft has one more shot at a role in smart phone software through its deployment on Nokia phones. Nokia is still the global market share leader in cell phones. Maybe it will work out, but this is hard to envision great success in the area coming on the heels of so much disappointment in missed opportunity in this important and visible category. |
| David Einhorn |
Microsoft could help Facebook with one of the biggest challenges, namely monetizing its traffic without reducing the user's experience. It's obvious that Microsoft needs traffic and Facebook needs search. |
| William M. Daley |
The Microsoft actions announced today are exactly the kinds of industry initiatives we need. Microsoft is using its resources to bring real privacy protection to Internet users by creating incentives for more websites to provide strong privacy protection. |
| David Baker |
What that book does for me is give me the tools in the same way that I had the tools when I learned the regular scales or the alphabet. If you give me the tools, the syntax, and the grammar, it still doesn't tell me how to write Ulysses. |
|
|
|
|
Hacker Group Leaks 'NSA's Top Secret Arsenal of Digital Weapons'
Hacker group 'The Shadow Brokers', which last year allegedly released top-secret tools that the National Security Agency had used to break into the networks of foreign governments and other espionage targets, today said it is disappointed with President Donald Trump, and released more such alleged tools. From a report on Motherboard:
On Saturday, The Shadow Brokers, a hacker or group of hackers that has previously dumped NSA hacking tools, released more alleged exploits. The group published a password for an encrypted cache of files they distributed last year. "Be considering this our form of protest," the group wrote in a r...
|
| |
|
|
|
Wana Decryptor Ransomware Using NSA Exploit Leaked By Shadow Brokers To Spread Ransomware Worldwide
A ransomware attack running rampant through Europe today is spreading via an exploit leaked in the most recent Shadow Brokers dump. Researchers said the attackers behind today's outbreak of WannaCry ransomware are using EternalBlue, an exploit made public by the mysterious group in possession of offensive hacking tools allegedly developed by the NSA. Most of the attacks are concentrated in Russia, but machines in 74 countries have been infected; researchers at Kaspersky Lab said they've recorded more than 45,000 infections so far on their sensors, and expect that number to climb. Sixteen National Health Service (NHS) organizations in the U.K., several large telecommunications companies and ...
This post is a comment.
|
| |
|
|
|
Cyber attack spreads across 74 countries; some UK hospitals crippled
Cyber attacks that hit 74 countries across Europe and Asia Friday, impacting the public health system in Britain, apparently involved a leaked hacking tool from the National Security Agency.
The attack used ransomware, which is malware that encrypts data and locks a user from their data until they pay a ransom. The tool, which was leaked by a group known as Shadow Brokers, had been stolen from the N.S.A. as part of a wide swath of tools illegally released in 2016.
...
|
| |
|
|
|
Earlier today, WikiLeaks unleashed a cache of thousands of files it calls "Year Zero," which is part one of the release associated with "Vault 7." Since there are over 8,000 pages in this release, it will take some time for journalists to comb through the release. The Independent has highlighted six of the "biggest secrets and pieces of information yet to emerge from the huge dump" in their report.
1) The CIA has the ability to break into Android and iPhone handsets, and all kinds of computers. The U.S. intelligence agency has been involved in a concerted effort to write various kinds of malware to spy on just about every piece of electronic equipment that people use. That includes iPhones, Androids and computers running Windows, macOS and Linux.
2) Doing so would make apps like Signal, T...
|
| |
|
|
|
WikiLeaks Dump Reveals CIA Malware For Tracking Windows Devices Via WiFi Networks
WikiLeaks has published the documentation manual for an alleged CIA tool that can track users of Wi-Fi-capable Windows devices based on the Extended Service Set (ESS) data of nearby Wi-Fi networks. According to the tool's 42-page manual, the tool's name is ELSA. Bleeping Computer has an image embedded in its report that explains how the tool works. There are six steps that summarize the ELSA operation. Bleeping Computer reports:
Step 1: CIA operative configures ELSA implant (malware) based on a target's environment. This is done using a tool called the "PATCHER wizard," which generates the ELSA payload, a si...
|
| |
|
|
|
StarCraft Is Now Free, Nearly 20 Years After Its Release
https://battle.net/download/getInstallerForGame?os=WIN&version=LIVE&gameProgram=STARCRAFT
Nearly two decades after its 1998 release, StarCraft is now free. Legally! Blizzard has just released the original game -- plus the Brood War expansion -- for free for both PC and Mac. You can find it here. Up until a few weeks ago, getting the game with its expansion would've cost $10-15 bucks. The company says they've also used this opportunity to improve the game's anti-cheat system, add "improved compatibility" with Windows 7, 8.1, and 10, and fix a few long lasting bugs. So why now? The company is about to release a remastered version of t...
|
| |
|
|
|
By Next Week, Intel Expects To Issue Updates To More Than 90% of Processor Products Introduced Within Past Five Years (intel.com) 181
Posted by msmash on Thursday January 04, 2018 @01:40PM from the fixing-things dept.
Intel said on Thursday that by next week it expects to have patched 90 percent of its processors that it released within the last five years, making PCs and servers "immune" from both the Spectre and Meltdown exploits. The company adds:
Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past ...
This post is a comment.
|
| |
|
|
|
Cramming Software With Thousands of Fake Bugs Could Make It More Secure, Researchers Say
It sounds like a joke, but the idea actually makes sense: More bugs, not less, could theoretically make a system safer. From a report:
Carefully scatter non-exploitable decoy bugs in software, and attackers will waste time and resources on trying to exploit them. The hope is that attackers will get bored, overwhelmed, or run out of time and patience before finding an actual vulnerability. Computer science researchers at NYU suggested this strategy in a study published August 2, and call these fake-vulnerabilities "chaff bugs." Brendan Dolan-Gavitt, assistant professor at NYU Tandon and one of the rese...
|
| |
|
|
|
What's the Most Sophisticated Piece of Software Ever Written?
An anonymous reader writes:
Stuxnet is the most sophisticated piece of software ever written, given the difficulty of the objective: Deny Iran's efforts to obtain weapons grade uranium without need for diplomacy or use of force, John Byrd, CEO of Gigantic Software (formerly Director of Sega and SPM at EA), argues in a blog post, which is being widely shared in developer circles, with most agreeing with Byrd's conclusion.
He writes...
|
| |
|
|
|
Taylor Swift Used Facial Recognition Tech At Concerts To Spy On Stalkers
Taylor Swift used facial recognition technology at her live performances so that technicians running the system could then check those face scans against a private database of her stalkers. There is now big demand for serious security at live events the size of a Taylor Swift concert. There have been so many bombings and mass shootings at music concerts over the past year to even remember without Googling. Fear of being killed at a music concert is something people factor in to the decision to buy tickets and go to live events. The demand for security is real.
|
| |