For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
Security

Malwarebytes Offers Pirates Its Premium Antimalware Product For Free 36 36

Posted by samzenpus
from the our-bad dept.
An anonymous reader writes: If you have a cracked or pirated version of Malwarebytes Anti-Malware (MBAM) product the company has debuted an Amnesty program for you. Venturebeat reports: "If you pirated Malwarebytes Anti-Malware, purchased a counterfeit version of the software, or are having problems with your key in general, the company is offering a free replacement key." CEO Marcin Kleczynski explained the program and his statement reads in part: "When I started Malwarebytes, I absolutely had no idea how successful we would be today. I am extremely grateful for all of the support from everyone and how fast we’ve grown. That being said, I picked a very insecure license key algorithm and as such, generating a pirated key was, and is, very simple.

The problem with pirated keys is that they may collide with a legitimate key just by the sheer numbers. For example, Larry may generate a pirated key that matches the exact key that I already bought. Yes, this is silly, and yes, this is literally the first thing a professional software company thinks of when building license key generation, but when you think you’re building a product for just a few people you don’t hash out these details.

Now we’ve grown up, and we’ve got a new licensing system that we’ve rolled out in stages. The only problem is that we have millions of users that we’ve sold keys to, or a reseller has sold keys to, or we’ve given out keys to without keeping track. It is a mess, and you as a consumer have every right to be upset.
Advertising

Avira Wins Case Upholding Its Right To Block Adware 35 35

Posted by samzenpus
from the keeping-the-door-closed dept.
Mark Wilson writes: Security firm Avira has won a court case that can not only be chalked up as a win for consumer rights, but could also set something of a precedent. Germany company Freemium.com took Avira to court for warning users about "potentially unwanted applications" that could be bundled along with a number of popular games and applications. Freemium.com downloads included a number of unwanted extras in the form of browser toolbars, free trial applications, adware, and other crapware. Avira's antivirus software warned users installing such applications; Freemium took objection to this and filed a cease and desist letter, claiming anti-competitive practices. But the court ruled in Avira's favor, saying it could continue to flag up and block questionable software.
Bug

MIT System Fixes Software Bugs Without Access To Source Code 60 60

Posted by Soulskill
from the copies-solutions-from-stack-overflow dept.
jan_jes writes: MIT researchers have presented a new system at the Association for Computing Machinery's Programming Language Design and Implementation conference that repairs software bugs by automatically importing functionality from other, more secure applications. According to MIT, "The system, dubbed CodePhage, doesn't require access to the source code of the applications. Instead, it analyzes the applications' execution and characterizes the types of security checks they perform. As a consequence, it can import checks from applications written in programming languages other than the one in which the program it's repairing was written."
Microsoft

New Leaked Build Is Evidence That Windows 10 Will Be Ready By July 29 207 207

Posted by timothy
from the is-that-an-obscure-linux-distro? dept.
Ammalgam writes: A new pre-released build of Microsoft's latest Operating System Windows 10 leaked to the internet today. The build (10151) shows a more refined and significantly faster user interface than previous versions of the product. Microsoft seem to be focused on last minute refinements of the UI at this point and the product looks almost ready for prime time. A picture gallery of Windows 10 build 10151 can be found here.
Bug

Chromecast Update Bringing Grief For Many Users 132 132

Posted by timothy
from the everyone-complains dept.
An anonymous reader writes: Last week, many Chromecast users were automatically "upgraded" to build 32904. Among the issues seen with this update are placing some users on the 'beta' release track, issues with popular apps such as Plex, HBO GO, (more embarassingly) YouTube, and others. Google so far has been slow to respond or even acknowledge the issues brought by customers, save for the beta release mishap. If you're a Chromecast user, what's been your experience?
Networking

Scientists Overcome One of the Biggest Limits In Fiber Optic Networks 61 61

Posted by timothy
from the ok-everyone-this-time-together dept.
Mark.JUK writes: Researchers at the University of California in San Diego have demonstrated a way of boosting transmissions over long distance fiber optic cables and removing crosstalk interference, which would mean no more need for expensive electronic regenerators (repeaters) to keep the signal stable. The result could be faster and cheaper networks, especially on long-distance international subsea cables. The feat was achieved by employing a frequency comb, which acts a bit like a concert conductor; the person responsible for tuning multiple instruments in an orchestra to the same pitch at the beginning of a concert. The comb was used to synchronize the frequency variations of the different streams of optical information (optical carriers) and thus compensate in advance for the crosstalk interference, which could also then be removed.

As a result the team were able to boost the power of their transmission some 20 fold and push data over a "record-breaking" 12,000km (7,400 miles) long fiber optic cable. The data was still intact at the other end and all of this was achieved without using repeaters and by only needing standard amplifiers.
Windows

Ask Slashdot: Are Post-Install Windows Slowdowns Inevitable? 506 506

Posted by timothy
from the grinding-halt dept.
blackest_k writes: I recently reinstalled Windows 7 Home on a laptop. A factory restore (minus the shovelware), all the Windows updates, and it was reasonably snappy. Four weeks later it's running like a slug, and now 34 more updates to install. The system is clear of malware (there are very few additional programs other than chrome browser). It appears that Windows slows down Windows! Has anyone benchmarked Windows 7 as installed and then again as updated? Even better has anybody identified any Windows update that put the slug into sluggish? Related: an anonymous reader asks: Our organization's PCs are growing ever slower, with direct hard-drive encryption in place, and with anti-malware scans running ever more frequently. The security team says that SSDs are the only solution, but the org won't approve SSD purchases. It seems most disk scanning could take place after hours and/or under a lower CPU priority, but the security team doesn't care about optimization, summarily blaming sluggishness on lack of SSDs. Are they blowing smoke?
Microsoft

Samsung To Stop Blocking Automatic Windows Updates 23 23

Posted by timothy
from the just-keep-the-door-unlocked dept.
A few days ago, we mentioned that a piece of (nominally) utility software from Samsung was blocking critical security updates. Understandably, this isn't what users typically want. The Register reports that Samsung has now back-pedaled, though, and will be issuing a patch in the next few days to fix the glitch. (Users were able to manually install the updates anyhow, but the expected, automatic updates were blocked.) However, as the Register notes: The thought of a computer manufacturer disabling Windows Update will have had the Microsoft security team on edge. But there's also Windows 10 to consider. When the new operating system comes out, Windows Update will feed in fixes continuously, and if you're not a business customer those updates are going to be coming over the wires constantly. Enterprise users get Windows Update for Business, which allows them to choose when to patch, presumably after the plebs have beta-tested them.
Encryption

NIST Updates Random Number Generation Guidelines 64 64

Posted by Soulskill
from the of-barn-doors-and-horses dept.
An anonymous reader writes: Encryption weighs heavily on the public consciousness these days, as we've learned that government agencies are keeping an eye on us and a lot of our security tools aren't as foolproof as we've thought. In response to this, the National Institute of Standards and Technology has issued a formal update to its document on how to properly generate a random number — crucial in many types of encryption. The update (as expected) removes a recommendation for the Dual_EC_DRBG algorithm. It also adds extra options for CTR_DRBG and points out examples for implementing SP 800-90A generators. The full document (PDF) is available online.
Encryption

Cisco Security Appliances Found To Have Default SSH Keys 112 112

Posted by Soulskill
from the invitation-to-misbehave dept.
Trailrunner7 writes: Many Cisco security appliances contain default, authorized SSH keys that can allow an attacker to connect to an appliance and take almost any action he chooses. The company said all of its Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances are affected by the vulnerability.

This bug is about as serious as they come for enterprises. An attacker who is able to discover the default SSH key would have virtually free reign on vulnerable boxes, which, given Cisco's market share and presence in the enterprise worldwide, is likely a high number. The default key apparently was inserted into the software for support reasons.

"The vulnerability is due to the presence of a default authorized SSH key that is shared across all the installations of WSAv, ESAv, and SMAv. An attacker could exploit this vulnerability by obtaining the SSH private key and using it to connect to any WSAv, ESAv, or SMAv. An exploit could allow the attacker to access the system with the privileges of the root user," Cisco said.
Security

My United Airlines Website Hack Gets Snubbed 185 185

Posted by timothy
from the no-seat-back-recline-for-you! dept.
Bennett Haselton writes: United Airlines announced that they will offer up to 1 million air miles to users who can find security holes in their website. I demonstrated a way to brute-force a user's 4-digit PIN number and submitted it to them for review, emailing their Bugs Bounty contact address on three occasions, but I never heard back from them. Read on for the rest. If you've had a different experience with the program, please chime in below.
Networking

Huawei, Proximus Demo 1Tb/sec Optical Network Transmission 40 40

Posted by timothy
from the speed-of-light dept.
Amanda Parker writes: Proximus and Huawei have demonstrated speeds of 1 Terabit per second (Tbps) in an optical trial. The speed, which equates to the transmission of 33 HD films in a second, is the first outcome of the partnership between the two companies which was formed in January. The trial was conducted over a 1,040 kilometre fibre link using an advanced 'Flexgrid' infrastructure with Huawei's Optical Switch Node OSN 9800 platform.
Businesses

Put Your Enterprise Financial Data In the Cloud? Sure, Why Not 89 89

Posted by samzenpus
from the keeping-it-safe dept.
jfruh writes: For many, the idea of storing sensitive financial and other data in the cloud seems insane, especially considering the regulatory aspects that mandate how that data is protected. But more and more organizations are doing so as cloud providers start presenting offerings that fulfill regulatory needs — and people realize that information is more likely to be accidentally emailed out to the wrong address than hacked.
PC Games (Games)

Warner Bros. Halts Sales of AAA Batman PC Game Over Technical Problems 221 221

Posted by Soulskill
from the holy-lag-batman dept.
An anonymous reader writes: The Batman: Arkham series of video games has been quite popular over the past several years. But when the most recent iteration, Batman: Arkham Knight, was released a couple days ago, users who bought the PC version of the game found it suffered from crippling performance issues. Now, publisher Warner Bros. made an official statement in the community forums saying they were discontinuing sales of the PC version until quality issues can be sorted out. Gamers and journalists are using it as a rallying point to encourage people to stop preordering games, as it rewards studios for releasing broken content.
Open Source

The Open Container Project and What It Means 54 54

Posted by samzenpus
from the breaking-it-down dept.
An anonymous reader writes: Monday saw the announcement of the Open Container Project in San Francisco. It is a Linux Foundation project that will hold the specification and basic run-time software for using software containers. The list of folks signing up to support the effort contains the usual suspects, and this too is a good thing: Amazon Web Services, Apcera, Cisco, CoreOS, Docker, EMC, Fujitsu Limited, Goldman Sachs, Google, HP, Huawei, IBM, Intel, Joyent, the Linux Foundation, Mesosphere, Microsoft, Pivotal, Rancher Labs, Red Hat, and VMware. In this article Stephen R. Walli takes a look at what the project means for open source.
Security

Security Researcher Drops 15 Vulnerabilities for Windows and Adobe Reader 117 117

Posted by Soulskill
from the go-big-or-go-home dept.
mask.of.sanity writes: Google Project Zero hacker Mateusz Jurczyk has dropped 15 remote code execution vulnerabilities, including a single devastating hack against Adobe Reader and Windows he reckons beats all exploit defenses. He said, "The extremely powerful primitive provided by the vulnerability, together with the fact that it affected all supported versions of both Adobe Reader and Microsoft Windows (32-bit) – thus making it possible to create an exploit chain leading to a full system compromise with just a single bug – makes it one of the most interesting security issues I have discovered so far." Jurczyk published a video demonstration of the exploit for 32-bit and 64-bit systems. His slides are here [PDF].
Windows

Samsung Cripples Windows Update To Prevent Incompatible Drivers 288 288

Posted by Soulskill
from the that's-not-how-this-works dept.
jones_supa writes: A file called Disable_Windowsupdate.exe — probably malware, right? It's actually a "helper" utility from Samsung, for which their reasoning is: "When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates." Too bad that the solution means disabling all critical security updates as well. This isn't the first time an OEM has compromised the security of its users. From earlier this year, we remember the Superfish adware from Lenovo, and system security being compromised by the LG split screen software.
Transportation

Car Hacking is 'Distressingly Easy' 165 165

Posted by Soulskill
from the no-mr-bond-i-expect-you-to-die dept.
Bruce66423 points out a piece from the Economist trying to rally support for pressuring legislators and auto manufacturers to step up security efforts on modern, computer-controlled cars. They say, Taking control remotely of modern cars, for instance, has become distressingly easy for hackers, given the proliferation of wireless-connected processors now used to run everything from keyless entry and engine ignition to brakes, steering, tyre pressure, throttle setting, transmission and anti-collision systems. Today's vehicles have anything from 20 to 100 electronic control units (ECUs) managing their various electro-mechanical systems. ... The problem confronting carmakers everywhere is that, as they add ever more ECUs to their vehicles, to provide more features and convenience for motorists, they unwittingly expand the "attack surface" of their on-board systems. In security terms, this attack surface—the exposure a system presents in terms of its reachable and exploitable vulnerabilities—determines the ease, or otherwise, with which hackers can take control of a system. ... There is no such thing as absolute security. [E]ven firms like Microsoft and Google have been unable to make a web browser that cannot go a few months without needing some critical security patch. Cars are no different.
Internet Explorer

HP Researchers Disclose Details of Internet Explorer Zero Day 49 49

Posted by Soulskill
from the let's-see-if-the-Won't-Fix-tag-can-withstand-PR dept.
Trailrunner7 writes: Researchers at HP's Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer. The disclosure is a rarity for ZDI. The company typically does not publish complete details and exploit code for the bugs it reports to vendors until after the vulnerabilities are fixed. But in this case, Microsoft has told the researchers that the company doesn't plan to fix the vulnerabilities, even though the bugs were serous enough to win ZDI's team a $125,000 Blue Hat Bonus from Microsoft. The reason: Microsoft doesn't think the vulnerabilities affect enough users.

The vulnerabilities that the ZDI researchers submitted to Microsoft enable an attacker to fully bypass ASLR (address space layout randomization), one of the many mitigations in IE that help prevent successful exploitation of certain classes of bugs. ZDI reported the bugs to Microsoft last year and disclosed some limited details of them in February. The researchers waited to release the full details until Microsoft fixed all of the flaws, but Microsoft later informed them that they didn't plan to patch the remaining bugs because they didn't affect 64-bit systems.
Android

IT Pros Blast Google Over Android's Refusal To Play Nice With IPv6 287 287

Posted by Soulskill
from the do-as-we-say-not-as-we-do dept.
alphadogg writes: The widespread popularity of Android devices and the general move to IPv6 has put some businesses in a tough position, thanks to Android's lack of support for a central component in the newer standard. DHCPv6 is an outgrowth of the DHCP protocol used in the older IPv4 standard – it's an acronym for 'dynamic host configuration protocol,' and is a key building block of network management. Nevertheless, Google's wildly popular Android devices – which accounted for 78% of all smartphones shipped worldwide in the first quarter of this year – don't support DHCPv6 for address assignment.