News & Updates

Politics are heating up locally as we elect local officials to govern our cities and towns. These people have a direct impact on what is happening on your front doorstep. So getting to know them is the only way you can be educated in your vote. Joining the conversation is the artist formerly of Cold Biscuit! Mayor Dana Outlaw. https://www.youtube.com/watch?v=9kKcTRMxZR0

Enlarge (credit: Mark Walton)

Whether the Core i9-7960X was always part of Intel’s plans for the high end desktop (HEDT), or whether it was haphazardly rushed to market to combat AMD’s bullish Threadripper platform, one thing is clear: Intel once again has the fastest slice of silicon on the market. With 16 cores and 32 threads, matching AMD’s flagship Threadripper 1950X, the i9-7960X is an unashamedly over-the-top processor that breaks benchmarking records, and powers through heavy production tasks.

But a processor is more than its raw number crunching prowess. Threadripper raised the bar for HEDT with the rich, consumer-friendly X399 platform, which offers a full set of features without spurious lockouts. More importantly, AMD doesn’t charge through the nose for it. The Threadripper 1950X features 16C/32T and costs £950/$1000. Intel’s Core i9-7900X offers just 10C/20T for the same price. With the exception of gaming, the 1950X is a much more powerful processor.

Unfortunately, despite the strong competition, Intel isn’t yet willing to compete on price. The i9-7960X costs a whopping $1700/£1700—and while it might be faster, it certainly isn’t £700 faster. That’s not to mention that Intel continues to use a weak thermal material to mount its CPU heat spreaders, instead of the superior solder that AMD uses. It makes the i9-7960X a bear of a chip to overclock and noisy at stock without suffering serious thermal issues.

Read 42 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge (credit: Tesla)

If the past is anything to go by, we expect it might be some time before Tesla has any Model 3 electric cars for us to review. The company’s order books are overflowing, and in the past we’ve seen that any production capacity is prioritized for paying customers rather than the press. But as Model 3s start finding their way into the hands of customers who aren’t Tesla employees, plenty more details about the hotly anticipated car are becoming public, thanks to owners at the Model 3 Owners Club.

Members of the club complied a list of over 80 different features of the car they’re curious about, including questions about how the car operates (does the card unlock all the doors, where does the UI show you that your turn signals are active), physical aspects of the car (what does the tow hitch attachment look like, how much stuff can you fit in the front and rear cargo areas), and subjective details (how aggressive is the energy regeneration, does that wood trim cause glare).

At least two members of the club have received delivery of their cars, and unlike Tesla employees and special friends of the company who have cars, they appear to be under no requirement to keep this info quiet. So far, we’ve learned a few interesting facts. For instance, the windshield wipers are turned on and off by a stalk like just about every other car on the market, but changing the speed (slow/fast/intermittent) is handled by a menu on the touchscreen. The stalk also does double duty turning on the headlights, and there are no rain sensors for the wipers.

Read 5 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge (credit: Microsoft)

Microsoft’s Ignite business and IT conference started today in Orlando, and, as we’ve come to expect, the big emphasis was on the continued evolution of Microsoft’s cloud, machine learning, and software-as-a-service offerings.

The company is shaking up its communications offerings for Office 365 users, as it continues to try to figure out how to make the best use of its various assets. Those with long memories will remember that Microsoft had Messenger (or Windows Messenger, or MSN Messenger) for its mass-market consumer messaging platform, with instant messaging, Internet-based voice and video chat, and Office Communications Server—later renamed Lync—for its enterprise messaging platform. It offered a similar set of capabilities to Messenger but over private servers, with greater administrative controls. It also offered connectivity to the regular phone network.

Microsoft then bought Skype. On the consumer side, it folded the Messenger and Skype networks together and then ditched the Messenger branding, unifying under the Skype name. On the corporate side, Lync was renamed (again) to Skype for Business. Skype for Business picked up the ability to bridge to the Skype network. Microsoft also rebuilt the Skype communications infrastructure, moving away from Skype’s old peer-to-peer system to a more conventional client/server system, with the company arguing that this made better sense for enabling features such as synchronized message history across devices, and the abundance of occasionally connected devices like smartphones.

Read 6 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Apparently. (credit: Microsoft)

SQL Server 2017 went into general availability today. Today’s release is a remarkable step in SQL Server’s history, because it’s not just a release for Windows. Today marks the general availability of SQL Server 2017 for Linux. There’s also a containerized version for deployment using Docker.

SQL Server for Linux was announced in March of last year to widespread surprise. SQL Server is the kind of software that shifts Windows licenses—people buy Windows Server for the express purpose of running SQL Server—so porting it to Linux would risk forfeiting its corresponding Windows Server revenue.

Scott Guthrie, executive vice president for cloud and enterprise, acknowledged that risk but felt that it was offset by the opportunity SQL Server for Linux presented. SQL Server has a rich feature set, and potential customers were telling Microsoft that they’d love to use it—but they were Linux shops or were dependent on Docker and containerization. As such, being Windows-only prevented sales to these customers.

Read 6 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

Enlarge (credit: Microsoft)

At its Ignite conference today, Microsoft announced its moves to embrace the next big thing in computing: quantum computing. Later this year, Microsoft will release a new quantum computing programming language, with full Visual Studio integration, along with a quantum computing simulator. With these, developers will be able to both develop and debug quantum programs implementing quantum algorithms.

Quantum computing uses quantum features such as superposition and entanglement to perform calculations. Where traditional digital computers are made from bits, each bit representing either a one or a zero, quantum computers are made from some number of qubits (quantum bits). Qubits represent, in some sense, both one and zero simultaneously (a quantum superposition of 1 and 0). This ability for qubits to represent multiple values gives quantum computers exponentially more computing power than traditional computers.

Traditional computers are built up of logic gates—groups of transistors that combine bits in various ways to perform operations on them—but this construction is largely invisible to people writing programs for them. Programs and algorithms aren’t written in terms of logic gates; they use higher level constructs, from arithmetic to functions to objects, and more. The same is not really true of quantum algorithms; the quantum algorithms that have been developed so far are in some ways more familiar to an electronic engineer than a software developer, with algorithms often represented as quantum circuits—arrangements of quantum logic gates, through which qubits flow—rather than more typical programming language concepts.

Read 11 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

The Adobe product security incident response team (PSIRT) accidentally published a private PGP key on its blog, once discovered the issue it quickly revoked it.

On Friday, the Adobe PSIRT updated its Pretty Good Privacy (PGP) key and published the new public key on the blog post. The new key should have been valid until September 2018, but something strange has happened. The security expert  Juho Nurminen first noted that scrolling down in the blog post containing there were present both public and private PGP keys.

In a PKI infrastructure, messages to be sent to the recipient are encrypted with the public key it has shared (in the Adobe case it was published in the blog post), and only the legitimate recipient can read it by using the associated private PGP key.

encryption PGP key

The accidental disclosure of the private key could have allowed anyone to decrypt encrypted email messages sent by the users to the company.

The Adobe PGP key was generated using Mailvelope, a popular open source browser extension for OpenPGP.

Mailvelope allows users to export either the public key, the private key, or both by selecting the “All” option. The Adobe employee who was exported the public PGP key likely selected the “All” option and copied the generated data without noticing it was sharing the private PGP key as well.

Adobe has promptly removed the blog post and revoked the compromised private key, but it was too late because it is still possible to find copy of the post online. Adobe has generated a new key pair, and this time avoiding using Mailvelope, but using GPGTools.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – PGP key, Adobe)

medianet_width = “600”;
medianet_height = “120”;
medianet_crid = “757750211”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post Adobe accidentally leaked online its Private PGP Key appeared first on Security Affairs.

Source: Security affairs

Enlarge

Coffee Lake desktop processors, the follow up to 2016’s Kaby Lake processors, launch on October 5, Intel announced today. Like the recent U-series Kaby Lake Refresh laptop processors, which also launched under the “8th generation” moniker, Coffee Lake is largely based on the same core 14nm architecture as Kaby Lake, which in turn was essentially just Skylake, but with more cores across the range.

The top-of-the-line 17-8700K features six cores and 12 threads, 12MB of L3 cache, and a boost clock up to 4.7GHz. The i5-8600K keeps the six physical cores, but ditches hyperthreading, while the i3-8100 and i3-8350K both feature four physical cores. The latter, which matches the core count of the older i5 7600K, could prove to quite the bargain for gamers on a budget, particularly as it’s unlocked for overclocking.

Previously, Intel processors with more than four cores fell under the high-end-desktop (HEDT) E-series and X-series ranges, which cost significantly more than mainstream processors. Unfortunately, while Coffee Lake is more affordable than an X299 chip—the questionable quad-core i5-7640X and i7-7740X excluded, prices are higher than Kaby Lake across the board.

Read 8 remaining paragraphs | Comments

Source: http://feeds.arstechnica.com/arstechnica/index/

United Cyber Caliphate members stopped trying to develop their own hacking and communication tools and used to search them into the criminal underground.

According to Kyle Wilhoit, a senior security researcher at DomainTools, who made a speech at the DerbyCon hacking conference in US, ISIS members stopped trying to develop their own hacking and communication tools and used to search them into the criminal underground.

United Cyber Caliphate ISIS mobile app-download-page

The expert explained that members of hacker groups that go under the banner of the United Cyber Caliphate (UCC) have low-level coding skills and their opsec are “garbage.”

ISIS members belonging to groups under the United Cyber Caliphate (UCC) developed three apps for their communication, they also developed trivial malware whom code was riddled with bugs.

The terrorists also developed a version of PGP called Mujahideen Secrets in response to NSA surveillance and the DDOS tool dubbed “Caliphate cannon.”

“ISIS is really really bad at the development of encryption software and malware,” Wilhoit explained. “The apps are sh*t to be honest, they have several vulnerabilities in each system that renders them useless.”

Due to their technical limitations, ISIS-linked groups started using mainstream communication systems like Telegram and Russian email services that are widely used by cyber criminals.

United Cyber Caliphate Telegram ISIS Channel

Wilhoit revealed to have discovered a server left open online containing photographs of active military operations by ISIS in Iraq and Syria. The content on the server, allegedly used for propaganda, was a mine for the experts because the ISIS militants haven’t removed metadata from the material allowing them to gather information on the terrorists.

Wilhoit provided profiled the activity of the following ISIS hacking groups:

  • The Caliphate Cyber Army, a group formed about four years ago that was mostly involved on online defacement of websites.
  • The Islamic State Hacking Division that was focused on the hacking of government systems in the US, UK, and Australia to gather information of the military personnel purportedly involved in drone strikes against the IS in Syria and Iraq and publish “Kill lists.” In May 2016, the group claimed to have infiltrated the UK Ministry of Defence. Wilhoit believes the technical skills of the group are negligible.
  • The Islamic Cyber Army focuses on the energy industry, gathering data about power grids likely to plan an attack. Despite they leaked information about the systems of the targeted companies, Wilhoit confirmed that there’s no evidence they have actually managed to break into a power company,
  • The Sons of the Caliphate Army is another group analyzed by the expert. It is currently operating under the UCC banner, but it was not involved in specific operations.

Wilhoit also provided data related to the activity of social network companies against online propaganda, he said Facebook is able to take down terrorist accounts within 12 hours and Twitter in many cases is able to shut down accounts before they start spreading messages.

Twitter suspends 299,000 accounts linked to terrorism in the first six months of 2017, the company revealed that 75 percent of the infringing accounts were suspended before their first tweet confirming the huge efforts in fighting online propaganda and other activities linked to this threat.

According to data provided in the transparency report, Twitter confirmed that 95 percent of the suspended accounts for the promotion of terrorism were identified by using internal tools designed to identify and block spam, government requests accounted for less than 1% of account suspensions.

Wilhoit also explained that attempts to use the internet for fundraising were a failure, he reported scammers have started spoofing Islamic State websites to trick sympathizers in make Bitcoin donations.

“If UCC gets more savvy individuals to join then a true online terrorist incident could occur,” Wilhoit concluded. “But as it stands ISIS are not hugely operationally capable online. As it is right now we should we be concerned, of course, but within reason.”

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – ISIS, terrorism, United Cyber Caliphate)

medianet_width = “600”;
medianet_height = “120”;
medianet_crid = “757750211”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post Experts say United Cyber Caliphate hackers have low-level cyber capabilities appeared first on Security Affairs.

Source: Security affairs

The RedBoot ransomware encrypts files on the infected computer, replaces the Master Boot Record and then modifies the partition table.

Malware Blocker researcher discovered a new bootlocker ransomware, dubbed RedBoot, that encrypts files on the infected computer, replaces the Master Boot Record (MBR) of the system drive and then modifies the partition table.

The experts noticed that there is no way to input a decryption key to restore the MBR and partition table, a circumstance that suggests this malware may be a wiper.

When the victim executes the RedBoot ransomware it will extract 5 other files into a random folder in the directory containing the launcher.

The five files are:

  • boot.asm. – it is an assembly file that will be compiled into the new master boot record. When the boot.asm has been compiled, it will generate the boot.bin file.
  • assembler.exe – it is a renamed copy of nasm.exe that is used to compile the boot.asm assembly file into the master boot record boot.bin file.
  • main.exe – It is the user mode encrypter that will encrypt the files on the computer
  • overwrite.exe. – It is used to overwrite the master boot record with the newly compiled boot.bin file.
  • protect.exe – It is the executable will terminate and prevent various programs from running such as the task manager and processhacker.

Once the files are extracted, the main launcher will compile the boot.asm file generating the boot.bin. The launcher executes the following command:

[Downloaded_Folder]281251assembler.exe" -f bin "[Downloaded_Folder]281251boot.asm" -o "[Downloaded_Folder]281251boot.bin"

Once boot.bin has been compiled, the launcher will delete the boot.asm and assembly.exe files, then it will use the overwrite.exe program to overwrite the current master boot record with the compiled boot.bin using this command.

"[Downloaded_Folder]945836overwrite.exe" "[Downloaded_Folder]945836boot.bin"

At this point, the malware starts the encryption process, the launcher will start the main.exe that will scan the machine for files to encrypt appending the .locked extension onto each encrypted file. The main.exe program will also execute the protect.exe component to stop the execution of any software that can halt the infection.

RedBoot ransomware

Once all the files have been encrypted, the RedBoot ransomware will reboot the computer and will display a ransom note.

This ransom note provides the instruction to the victims to send their ID key to the email recipient [email protected] in order to get payment instructions.

Unfortunately, even if the victim contacted the developer and paid the ransom, the hard drive may not be recoverable because the RedBoot ransomware permanently modifies the partition table.

“While this ransomware is brand new and still being researched, based on preliminary analysis it does not look promising for any victims of this malware. This is because in addition to the files being encrypted and the MBR being overwritten, preliminary analysis shows that this ransomware may also be modifying the partition table without providing a method to restore it.” reads the analysis published by Lawrence Abrams.

Experts speculate the malware is a wiper disguised as a ransomware, but we cannot exclude that the author simply made some errors in the development phase.

“While this ransomware does perform standard user mode encryption, the modifying of the partition table and no way of inputting a key to recover it, may indicate that this is a wiper disguised as a ransomware. Then again, since the developer used a scripting language like AutoIT to develop this ransomware, it could very well be just a buggy and poorly coded ransomware.” concluded Lawrence Abrams.

Give a look at the analysis if you are interested in Indicators of Compromise (IoCs).

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – RedBoot ransomware, malware)

medianet_width = “300”;
medianet_height = “250”;
medianet_crid = “733976884”;
medianet_versionId = “111299”;
(function() {
var isSSL = ‘https:’ == document.location.protocol;
var mnSrc = (isSSL ? ‘https:’ : ‘http:’) + ‘//contextual.media.net/nmedianet.js?cid=8CU5BD6EW’ + (isSSL ? ‘&https=1’ : ”);
document.write(”);
})();

The post RedBoot ransomware also modifies partition table, is it a wiper? appeared first on Security Affairs.

Source: Security affairs