Australia

Roadside Cameras Infected with WannaCry Virus Invalidate 8,000 Traffic Tickets (yahoo.com) 112

Long-time Slashdot reader nri tipped us off to a developing story in Victoria, Australia. Yahoo News reports: Victoria Police officials announced on Saturday, June 24, they were withdrawing all speed camera infringement notices issued statewide from June 6 after a virus in the cameras turned out to be more widespread than first thought. "That does not mean they [the infringement notices] won't not be re-issued," Assistant Commissioner Doug Fryer told reporters, explaining that he wants to be sure the red light and speed cameras were working correctly. Acting Deputy Commissioner Ross Guenther told reporters on Friday that 55 cameras had been exposed to the ransomware virus, but they've now determined 280 cameras had been exposed. The cameras are not connected to the internet, but a maintenance worker unwittingly connected a USB stick with the virus on it to the camera system on June 6.

Fryer said that about 1643 tickets would be withdrawn -- up from the 590 that police had announced on Friday -- and another five and a half thousand tickets pending in the system would be embargoed. Fryer said he was optimistic the 7500 to 8000 tickets affected could be re-issued, but for now police would not issue new tickets until police had reviewed the cameras to ensure they were functioning properly... The "WannaCry" malware caused the cameras to continually reboot, Fryer said. Fryer said there was no indication the malware had caused inaccurate radar readings, but police were being "over cautious" to maintain public faith in the system.

Last week Victoria's Police Minister was "openly furious" with the private camera operator, saying the group hadn't notified the relevant authorities about the infection.
Stats

Phoronix Announces '2017 Linux Laptop Survey' (google.com) 61

Phoronix is hosting a 2017 Linux Laptop Survey. From their site: While Linux laptop compatibility is much better than where it was years ago, it's still not too uncommon to run into display/hybrid issues, shorter battery life under Linux than Windows or macOS, touchpad problems, and other occasional compatibility/performance shortcomings. So we've established this Linux Laptop Survey in conjunction with Linux stakeholders to hopefully gather more feedback that will be useful to many different parties...
The survey will be online until July 6th, after which the results will be publicly available, and will determine the most popular brands, distros, screen sizes, and GPUs, as well as common pain points and popular price points. And one particularly interestng question asks respondents what they'd like to see in a "dream Linux laptop."
Operating Systems

32TB of Windows 10 Internal Builds, Core Source Code Leak Online (theregister.co.uk) 200

According to an exclusive report via The Register, "a massive trove of Microsoft's internal Windows operating system builds and chunks of its core source code have leaked online." From the report: The data -- some 32TB of installation images and software blueprints that compress down to 8TB -- were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the data has been exfiltrated from Microsoft's in-house systems since around March. The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels. In addition to this, hundreds of top-secret builds of Windows 10 and Windows Server 2016, none of which have been released to the public, have been leaked along with copies of officially released versions.
Network

WikiLeaks Doc Dump Reveals CIA Tools For Hacking Air-Gapped PCs (bleepingcomputer.com) 72

An anonymous reader writes: "WikiLeaks dumped today the manuals of several hacking utilities part of Brutal Kangaroo, a CIA malware toolkit for hacking into air-gapped (offline) networks using tainted USB thumb drives," reports Bleeping Computer. The CIA uses these tools as part of a very complex attack process, that allows CIA operatives to infect offline, air-gapped networks. The first stage of these attacks start with the infection of a "primary host," an internet-connected computer at a targeted company. Malware on this primary host automatically infects all USB thumb drives inserted into the machine. If this thumb drive is connected to computers on an air-gapped network, a second malware is planted on these devices. This malware is so advanced, that it can even create a network of hacked air-gapped PCs that talk to each other and exchange commands. To infect the air-gapped computers, the CIA malware uses LNK (shortcut) files placed on the USB thumb drive. Once the user opens and views the content of the thumb drive in Windows Explorer, his air-gapped PC is infected without any other interaction.
Microsoft

Microsoft Claims 'No Known Ransomware' Runs on Windows 10 S. Researcher Says 'Hold My Beer' (zdnet.com) 125

Earlier this month, Microsoft said "no Windows 10 customers were known to be compromised by the recent WannaCry (WannaCrypt) global cyberattack," adding that "no known ransomware works against Windows 10 S." News outlet ZDNet asked a security researcher to see how good Microsoft's claims were. Turns out, not much. From the report: We asked Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, a simple enough question: Will ransomware install on this operating system? It took him a little over three hours to bust the operating system's various layers of security, but he got there. "I'm honestly surprised it was this easy," he said in a call after his attack. "When I looked at the branding and the marketing for the new operating system, I thought they had further enhanced it. I would've wanted more restrictions on trying to run privileged processes instead of it being such a short process."
Security

Fireball Browser Hijack Impact Revised After Microsoft Analysis (eweek.com) 10

Sean Michael Kerner, writing for eWeek: A browser hijacking operation initially reported to have 250 million victims by security firm Check Point isn't quite that large, according to a new analysis by Microsoft. On June 1, security firm Check Point reported that a browser hijacking operation called "Fireball" had already claimed 250 million victims. According to a Microsoft analysis published June 22, Check Point's estimate of the number of victims was "overblown" and the attack is not nearly as widespread as initially reported. The Fireball attack is a browser hijacking that is potentially able to download malware onto victims' systems, as well as manipulate pageviews and redirect search requests. Check Point's initial analysis claimed that Fireball was being bundled as part of free software downloads to unsuspecting users. "Indeed, we have been working with Microsoft on their analysis, feeding them with some additional data," Maya Horowitz, group manager of threat intelligence at Check Point, said in a statement sent to eWEEK. "We tried to reassess the number of infections, and from recent data we know for sure that numbers are at least 40 million, but could be much more."
Firefox

Chrome and Firefox Headless Modes May Spur New Adware & Clickfraud Tactics (bleepingcomputer.com) 80

From a report: During the past month, both Google and Mozilla developers have added support in their respective browsers for "headless mode," a mechanism that allows browsers to run silently in the OS background and with no visible GUI. [...] While this feature sounds very useful for developers and very uninteresting for day-to-day users, it is excellent news for malware authors, and especially for the ones dabbling with adware. In the future, adware or clickfraud bots could boot-up Chrome or Firefox in headless mode (no visible GUI), load pages, and click on ads without the user's knowledge. The adware won't need to include or download any extra tools and could use locally installed software to perform most of its malicious actions. In the past, there have been quite a few adware families that used headless browsers to perform clickfraud. Martijn Grooten, an editor at Virus Bulletin, also pointed Bleeping Computer to a report where miscreants had abused PhantomJS, a headless browser, to post forum spam. The addition of headless mode in Chrome and Firefox will most likely provide adware devs with a new method of performing surreptitious ad clicks.
Microsoft

Microsoft Admits Disabling Anti-Virus Software For Windows 10 Users (bbc.com) 206

An anonymous reader quotes a report from the BBC: Microsoft has admitted that it does temporarily disable anti-virus software on Windows PCs, following an competition complaint to the European Commission by a security company. In early June, Kaspersky Lab filed the complaint against Microsoft. The security company claims the software giant is abusing its market dominance by steering users to its own anti-virus software. Microsoft says it implemented defenses to keep Windows 10 users secure. In an extensive blog post that does not directly address Kaspersky or its claims, Microsoft says it bundles the Windows Defender Antivirus with Windows 10 to ensure that every single device is protected from viruses and malware. To combat the 300,000 new malware samples being created and spread every day, Microsoft says that it works together with external anti-virus partners. The technology giant estimates that about 95% of Windows 10 PCs were using anti-virus software that was already compatible with the latest Windows 10 Creators Update. For the applications that were not compatible, Microsoft built a feature that lets users update their PCs and then reinstall a new version of the anti-virus software. "To do this, we first temporarily disabled some parts of the AV software when the update began. We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating," writes Rob Lefferts, a partner director of the Windows and Devices group in enterprise and security at Microsoft.
Network

Ask Slashdot: Best Way To Isolate a Network And Allow Data Transfer? 233

Futurepower(R) writes: What is the best way to isolate a network from the internet and prevent intrusion of malware, while allowing carefully examined data transfer from internet-facing computers? An example of complete network isolation could be that each user would have two computers with a KVM switch and a monitor and keyboard, or two monitors and two keyboards. An internet-facing computer could run a very secure version of Linux. Any data to be transferred to that user's computer on the network would perhaps go through several Raspberry Pi computers running Linux; the computers could each use a different method of checking for malware. Windows computers on the isolated network could be updated using Autopatcher, so that there would never be a direct connection with the internet. Why not use virtualization? Virtualization does not provide enough separation; there is the possibility of vulnerabilities. Do you have any ideas about improving the example above?
Security

How Hollywood Got Hacked: Studio at Center of Netflix Leak Breaks Silence (variety.com) 79

Earlier this year, hackers obtained and leaked the episodes of TV show Orange Is the New Black. In a candid interview, Larson Studios' chief engineer David Dondorf explained how the audio post-production business allowed the hacker group to gain access to the Netflix original content. Dandorf says the company hired private data security experts to find how it was breached. The investigation found that the hacker group had been searching the internet for PCs running older versions of Windows and stumbled across an old computer at Larson Studios still running Windows 7. From the report: Larson's employees just didn't know all that much about it. Having a computer running an ancient version of Windows on the network was clearly a terrible lack of oversight, as was not properly separating internal servers from the internet. "A lot of what went on was ignorance," admitted Rick Larson. "We are a small company. Did we even know what the content security departments were at our clients? Absolutely not. I couldn't have told you who to call. I can now." It's a fascinating story about how the hacker group first made contact and tried to threaten Larson Studios' president and his wife, and how they responded. Worth a read.
Microsoft

Microsoft Now Lets Surface Laptop Owners Revert Back To Windows 10 S (mspoweruser.com) 81

Microsoft is kind enough to offer Surface Laptop users the option to upgrade to Windows 10 Pro for free until later this year if they don't like Windows 10 S, which is installed by default and is only able to run apps or games that are in the Windows Store. The company is taking that generosity one step further by letting users revert back to Windows 10 S if they installed Windows 10 Pro and aren't happy with the performance and battery life. The option to revert back to the default OS wasn't available until now. MSPoweruser reports: Microsoft recently released the official recovery image for the Surface Laptop which will technically let you go back to Windows 10 S on your device but you'll be required to remove all of your files which is a bit frustrating. The recovery image wasn't available a few days after the Surface Laptop started shipping, but it is now available and you can download it to effectively reset your Surface Laptop. The recovery image is 9GB, so make sure you have a good internet connection before downloading the file. It is quite interesting how Microsoft isn't letting users go back to Windows 10 S from Windows 10 Pro without having to completely reset their devices, as the company would want more users to use its new version of Windows 10 for many reasons. Maybe this is something Microsoft will be adding in the future, but for now, we'll just have to do with the recovery image. If you own a Surface Laptop, you can find the recovery image here.
Microsoft

Microsoft Will Disable WannaCry Attack Vector SMBv1 Starting This Fall (bleepingcomputer.com) 73

An anonymous reader writes: Starting this fall, with the public launch of the next major Windows 10 update — codenamed Redstone 3 -- Microsoft plans to disable SMBv1 in most versions of the Windows operating systems. SMBv1 is a three-decades-old file sharing protocol that Microsoft has continued to ship "enabled by default" with all Windows OS versions.

The protocol got a lot of attention recently as it was the main infection vector for the WannaCry ransomware. Microsoft officially confirmed Tuesday that it will not ship SMBv1 with the Fall Creators Update. This change will affect only users performing clean installs, and will not be shipped as an update. This means Microsoft decision will not affect existing Windows installations, where SMBv1 might be part of a critical system.

Displays

Xerox Alto Designer, Co-Inventor Of Ethernet, Dies at 74 (arstechnica.com) 95

An anonymous reader quotes Ars Technica: Charles Thacker, one of the lead hardware designers on the Xerox Alto, the first modern personal computer, died of a brief illness on Monday. He was 74. The Alto, which was released in 1973 but was never a commercial success, was an incredibly influential machine... Thomas Haigh, a computer historian and professor at the University of Wisconsin, Milwaukee, wrote in an email to Ars, "Alto is the direct ancestor of today's personal computers. It provided the model: GUI, windows, high-resolution screen, Ethernet, mouse, etc. that the computer industry spent the next 15 years catching up to. Of course others like Alan Kay and Butler Lampson spent years evolving the software side of the platform, but without Thacker's creation of what was, by the standards of the early 1970s, an amazingly powerful personal hardware platform, none of that other work would have been possible."
In 1999 Thacker also designed the hardware for Microsoft's Tablet PC, "which was first conceived of by his PARC colleague Alan Kay during the early 1970s," according to the article. "I've found over my career that it's been very difficult to predict the future," Thacker said in a guest lecture in 2013. "People who tried to do it generally wind up being wrong."
Microsoft

Green Party Leaders Don't Want Windows In Munich (techrepublic.com) 139

Reader sqorbit writes: Munich spent a lot of time (9 years) and a lot of money in shifting some 15,000 staff to a Linux-based OS. The plan now is to move to Windows 10 by 2021. Munich's Green Party is citing the WannaCry virus as a valid reason not to switch to Windows. "As with many of the biggest attacks, the computers that were mainly hit were running the Windows operating system," the Green Party said in a statement.
Security

NSA Links WannaCry To North Korea (washingtonpost.com) 99

An anonymous reader quotes a report from The Washington Post: The National Security Agency has linked the North Korean government to the creation of the WannaCry computer worm that affected more than 300,000 people in some 150 countries last month, according to U.S. intelligence officials. The assessment, which was issued internally last week and has not been made public, is based on an analysis of tactics, techniques and targets that point with "moderate confidence" to North Korea's spy agency, the Reconnaissance General Bureau, according to an individual familiar with the report. The assessment states that "cyber actors" suspected to be "sponsored by" the RGB were behind two versions of WannaCry, a worm that was built around an NSA hacking tool that had been obtained and posted online last year by an anonymous group calling itself the Shadow Brokers. Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment is consistent with intelligence gathered recently by other Western spy agencies. It states that the hackers behind WannaCry are also called "the Lazarus Group," a name used by private-sector researchers.
Security

Oil Changes, Safety Recalls, and Software Patches (daemonology.net) 129

An anonymous reader shares a blog post: Every few months I get an email from my local mechanic reminding me that it's time to get my car's oil changed. I generally ignore these emails; it costs time and money to get this done and I drive little enough -- about 2000 km/year -- that I'm not too worried about the consequences of going for a bit longer than nominally advised between oil changes. I do get oil changes done... but typically once every 8-12 months, rather than the recommended 4-6 months. On the other hand, there's another type of notification which elicits more prompt attention: Safety recalls. There are two good reasons for this: First, whether for vehicles, food, or other products, the risk of ignoring a safety recall is not merely that the product will break, but rather that the product will be actively unsafe; and second, when there's a safety recall you don't have to pay for the replacement or fix -- the cost is covered by the manufacturer. I started thinking about this distinction -- and more specifically the difference in user behaviour -- in the aftermath of the "WannaCry" malware. While WannaCry attracted widespread attention for its "ransomware" nature, the more concerning aspect of this incident is how it propagated: By exploiting a vulnerability in SMB for which Microsoft issued patches two months earlier. As someone who works in computer security, I find this horrifying -- and I was particularly concerned when I heard that the NHS was postponing surgeries because they couldn't access patient records. [...] I imagine that most people in my industry would agree that security patches should be treated in the same vein as safety recalls -- unless you're certain that you're not affected, take care of them as a matter of urgency -- but it seems that far more users instead treat security patches more like oil changes: something to be taken care of when convenient... or not at all, if not convenient. It's easy to say that such users are wrong; but as an industry it's time that we think about why they are wrong rather than merely blaming them for their problems.
Desktops (Apple)

Apple Mac Computers Are Being Targeted By Ransomware, Spyware (bbc.com) 54

If you are a Mac user, you should be aware of new variants of malware that have been created specifically to target Apple computers; one is ransomware and the other is spyware. "The two programs were uncovered by the security firms Fortinet and AlienVault, which found a portal on the Tor 'dark web' network that acted as a shopfront for both," reports BBC. "In a blog post, Fortinet said the site claimed that the creators behind it were professional software engineers with 'extensive experience' of creating working code." From the report: Those wishing to use either of the programs had been urged to get in touch and provide details of how they wanted the malware to be set up. The malware's creators had said that payments made by ransomware victims would be split between themselves and their customers. Researchers at Fortinet contacted the ransomware writers pretending they were interested in using the product and, soon afterwards, were sent a sample of the malware. Analysis revealed that it used much less sophisticated encryption than the many variants seen targeting Windows machines, said the firm. However, they added, any files scrambled with the ransomware would be completely lost because it did a very poor job of handling the decryption keys needed to restore data. The free Macspy spyware, offered via the same site, can log which keys are pressed, take screenshots and tap into a machine's microphone. In its analysis, AlienVault researcher Peter Ewane said the malicious code in the spyware tried hard to evade many of the standard ways security programs spot and stop such programs.
Mozilla

Firefox 54 Arrives With Multi-Process Support For All Users (venturebeat.com) 101

An anonymous reader writes: Mozilla today launched Firefox 54 for Windows, Mac, Linux, and Android. The new version includes the next major phase of multi-process support, which streamlines memory use, improving responsiveness and speed. The Electrolysis project, which is the largest change to Firefox code ever, is live. Firefox now uses up to four processes to run webpage content across all open tabs. This means that complex webpages in one tab have a much lower impact on responsiveness and speed in other tabs, and Firefox finally makes better use of your computer's hardware.
Microsoft

Microsoft Warns of 'Destructive Cyberattacks', Issues New Windows XP Patches (zdnet.com) 76

Ed Bott, reporting for ZDNet: Citing an "elevated risk for destructive cyberattacks," Microsoft today released an assortment of security updates designed to block attacks similar to those responsible for the devastating WannaCry/WannaCrypt ransomware outbreak last month. Today's critical security updates are in addition to the normal Patch Tuesday releases, Microsoft said. They'll be delivered automatically through Windows Update to devices running supported versions, including Windows 10, Windows 8.1, Windows 7, and post-2008 Windows Server releases. But in an unprecedented move, Microsoft announced that it was also making the patches available simultaneously for manual download and installation on unsupported versions, including Windows XP and Windows Server 2003. The new updates can be found in the Microsoft Download Center or, alternatively, in the Update Catalog.
Businesses

Amazon Sues Former AWS VP Over Non-Compete Deal (geekwire.com) 76

Reader joshtops shares a report: Amazon.com is alleging that one of its former high-ranking executives violated a non-compete agreement when he accepted a job at Bellevue-based Smartsheet, GeekWire has learned. In a lawsuit filed Friday in King County Superior Court, Amazon alleges that Gene Farrell, who served as Vice President of the AWS Enterprise Applications -- EC2 Windows team, violated a non-compete agreement when he took the new job as head of product June 1 at the heavily-funded Bellevue online workplace collaboration platform. "This move is unthinkable," Amazon wrote in a motion for a temporary restraining order that would bar Farrell from working at Smartsheet. "he cannot possibly forget everything he knows about AWS's products and plans while he is working to develop products for its competitor." The suit also notes: "Farrell's role as "Head of Product" at Smartsheet will necessarily involve development of and strategy regarding competing cloud-based productivity products, including but not limited to those for project management, collaboration, and/or automation, and will therefore breach the Noncompetition Agreement and threaten the disclosure of Amazon's highly confidential information," Amazon wrote in its lawsuit.

Slashdot Top Deals