In a blog post on Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: The ransomware attack leveraged a hacking tool, built by the U.S. National Security Agency, that leaked online in April.
“This is an emerging pattern in 2017,” Smith wrote. “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world.”
He also poured fuel on a long-running debate over how government intelligence services should balance their desire to keep software flaws secret – in order to conduct espionage and cyber warfare – against sharing those flaws with technology companies to better secure the internet.
“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” Smith wrote. He added that governments around the world should “treat this attack as a wake-up call” and “consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”
Category: Technology
Accidental Hero
A UK security researcher has told the BBC how he “accidentally” halted the spread of the malicious ransomware that has affected hundreds of organisations, including the UK’s NHS.
The 22-year-old man, known by the pseudonym MalwareTech, had taken a week off work, but decided to investigate the ransomware after hearing about the global cyber-attack.
He managed to bring the spread to a halt when he found what appeared to be a “kill switch” in the rogue software’s code.
“It was actually partly accidental,” he told the BBC, after spending the night investigating. “I have not slept a wink.”
Although his discovery did not repair the damage done by the ransomware, it did stop it spreading to new computers, and he has been hailed an “accidental hero”.
“I would say that’s correct,” he told the BBC.
Wannacrypt Races Across the World
Please, folks… keep your computers updated.
LONDON — As many as 74 countries have been hit by a huge, fast-moving and global ransomware attack that locks computers and demands the digital equivalent of $300 per computer, Kaspersky Lab, a Russian-based cybersecurity company, said Friday.
The infections have disabled more than a dozen hospitals in the United Kingdom, Spain’s largest telecom company and universities in Italy as well as some FedEx computers. Ransomware encrypts the files on a computer or network demanding that payment be made in Bitcoin or another untraceable digital currency before the criminals will unlock the files.
Infected computers showed a screen giving the user three days to pay the ransom. After that, the price would be doubled. After seven days the files would be deleted, it threatened.
[…]
Kasperksy’s Baumgartner did note that although the ransomware was able to offer “how to pay” documents in dozens of languages, the only language whose writing was perfect was Russian, with the others showing distinct signs that a non-native speaker had written them. “The English is very good, but there are a couple of quirks that would lead me to believe it wasn’t written by a native English speaker,” he said.
Presidential Campaign Hacked
(CNN)Leading French presidential candidate Emmanuel Macron has been the victim of a “massive and coordinated hacking operation,” after files purporting to be from the campaign were posted online via social media, his campaign said Friday.
Campaign officials said the perpetrators of the hack — revealed just two days before the election — had mixed fake documents with authentic ones “in order to create confusion and misinformation.”About 14.5 gigabytes of emails, personal and business documents were posted, a CNN look at the data shows. Links to the 70,000-plus files were posted on pastebin, a text-sharing site, just before 2 p.m. ET Friday.
This does seem to be an ongoing tactic by anarchists and malcontents. Campaigns are going to have to go back to doing everything in person in smoky back rooms.
DNA Found in Sediment
It’s truly amazing how far DNA technology has come.
The DNA of extinct humans can be retrieved from sediments in caves – even in the absence of skeletal remains.
Researchers found the genetic material in sediment samples collected from seven archaeological sites.
[…]
Back in the lab, they fished out tiny fragments of mitochondrial DNA (mtDNA) – genetic material from the mitochondria, which act as the “powerhouses” of biological cells. Even sediment samples that had been stored at room temperature for years yielded DNA.
Dr Meyer and his team members were able to identify the DNA of various animals belonging to 12 mammalian families, including extinct species such as the woolly mammoth, woolly rhinoceros, cave bear and cave hyena.
The scientists looked specifically for DNA from ancient humans in the samples.
“From the preliminary results, we suspected that in most of our samples, DNA from other mammals was too abundant to detect small traces of human DNA,” said co-author Viviane Slon, from the Max Planck Institute in Leipzig, Germany.
“We then switched strategies and started targeting specifically DNA fragments of human origin.”
Engaged to a Robot
The next frontier in civil rights?
A young woman named Lilly greeted me when I arrived. She was glowing as she set the table with cheese, crackers and French pastries. We were surrounded by picture frames of her and the token of her affection. She poured champagne, and together we toasted her engagement … to a robot.
She calls the robot inMoovator, and in a story reminiscent of the Greek myth of Pygmalion, Lilly built inMoovator herself, 3D printing dozens of parts in a lab nearby. She plans to eventually add artificial intelligence. The first words she wants to program: “I love you.”
Lilly says she was 19 when she realized she didn’t like people.
“It was a slap in the face. I wondered what was happening to me,” she said. “I wanted myself to be attracted to humans, so after my first relationship, I had a second one. But I went against my own nature. So it was all the more disastrous.”
Guy Arrested for Tweet
This will be an interesting bit of case law.
A man accused of sending a flashing image to a writer in order to trigger an epileptic seizure has been arrested, the US justice department says.
John Rayne Rivello, 29, of Maryland, sent Kurt Eichenwald an animated image with a flashing light on Twitter in December, causing the seizure.
He has been charged with criminal cyber stalking and could face a 10-year sentence, the New York Times reports.
“You deserve a seizure for your post,” he is alleged to have written.
Mr Eichenwald is known to have epilepsy. He is a senior writer at Newsweek magazine, a contributing editor at Vanity Fair and a best-selling author of books including The Informant.
On the one hand, if the allegations are true, Rivello clearly acted with malicious intent to cause harm to Eichenwald and succeeded in causing that harm. On the other hand, we are treading in dangerous territory if we are going to start arresting people for stuff that they wrote on Twitter.
NASA Finds Lost Lunar Orbiters
Cool.
(CNN)It made history as India’s first unmanned lunar spacecraft. Then it vanished.
Nearly a decade later, NASA has located two unmanned spacecraft orbiting the moon, including India’s Chandrayaan-1, which went quiet in 2009.Scientists used a new ground radar to locate the two spacecraft — one active and one dormant, NASA said Thursday.“We have been able to detect NASA’s Lunar Reconnaissance Orbiter [LRO] and the Indian Space Research Organization’s Chandrayaan-1 spacecraft in lunar orbit with ground-based radar,” said Marina Brozovic, a radar scientist at NASA’s Jet Propulsion Laboratory in Pasadena, California.“Finding LRO was relatively easy, as we were working with the mission’s navigators and had precise orbit data where it was located.”
The Chandrayaan-1 was more of a challenge because the last contact with the spacecraft was in August 2009.
Wikileaks Drops a Bomb on CIA
This is horrible.
Wikileaks has published details of what it says are wide-ranging hacking tools used by the CIA.
The alleged cyber-weapons are said to include malware that targets Windows, Android, iOS, OSX and Linux computers as well as internet routers.
Some of the software is reported to have been developed in-house, but the UK’s MI5 agency is said to have helped build a spyware attack for Samsung TVs.
A spokesman for the CIA would not confirm the details.
No, I’m not talking about CIA surveillance techniques. I’m talking about the massive breach in our national security. The continuing disclosures of national secrets needs to stop. Perhaps if we start executing traitors again it would deter such behavior.
Tesla Roof to be Cheaper than Normal Roof
Awesome. I’d buy one.
Elon Musk made quite the announcement today. During the special shareholders meeting to approve the merger with SolarCity, which they approved by 85%, he said that he was coming back from a meeting with the SolarCity engineering team about the solar roof and that he now feels confident that they could deliver the product at a lower cost than a regular roof – even before energy production.
That’s different from what the company was claiming before the meeting today.
And it’s an incredibly bold claim since if it turns out to be true, no homeowner would have any reason not to choose a solar roof when buying a new roof.
Charging for Charging
This seems utterly reasonable.
Tired of clients plugging their devices for hours, cafe owner Galina Pokorny now charges €1 ($1.06; £0.85) for those who take too long charging.
“Tourists – always electricity, electricity, electricity. Sorry but who is going to pay me for it?” she said.
A recharge during a 15-minute coffee is still fine. More than that will add to the bill.
The fee applies also to laptops and tablets and it is multiplied by the number of devices being recharged.
White House Security Officer Reportedly Fired
Hmmmm… was this the guy leaking conversations between the president and foreign leaders?
Cory Louie, the chief information security officer at the White House, has reportedly been removed from his position, according to a report from ZDNet.
The news has yet to be confirmed by the Trump administration, which had kept Louie on staff after taking office. Louie was first appointed to his position by President Barack Obama in 2015 and was tasked with protecting the President’s staff from cybersecurity threats.
According to the report, Louie was either fired or asked to resign last Thursday and was escorted from his office in the executive wing of the White House.
Twitter Placement
The geeks at Twitter are having some fun this morning.
Apollo 1 – 50 Years Later
“Fire, I smell fire,” the first indication from the capsule that something was wrong. It is unclear whether the voice is Chaffee or White. “Fire in the cockpit.”
Within seconds the fire had broken from its point of origin, stretching in a wall of flames along the left side of the module. The flames rose vertically and spread across the cabin ceiling, scattering beads of molten nylon from straps and fastenings onto the crew.
The next communication is indistinct, the only words that can be made out with any certainty are “bad fire.” The transmission ends with a cry of pain.
Fifteen seconds after the first report of fire, TV cameras on the pad show flames filling the command module.
“Then you hear the pad people try to rescue the crew,” says Ehrenfried. “Then it starts to sink in, this is really bad and we didn’t know how bad until we heard on the communications loop: ‘We’ve lost them’.”
United Airlines Grounds Domestic Flights
Wow. It’s going to be a rough travel day for a lot of folks tomorrow.
An IT meltdown has caused United Airlines to issue a ground stop for all domestic flights.
Russians?
UPDATE: Looks like they’ve fixed it.
Massive Cost Overruns for California High Speed Train
What!?!? Unheard of! /sarcasm
California’s bullet train could cost taxpayers 50% more than estimated — as much as $3.6 billion more. And that’s just for the first 118 miles through the Central Valley, which was supposed to be the easiest part of the route between Los Angeles and San Francisco.
A confidential Federal Railroad Administration risk analysis, obtained by The Times, projects that building bridges, viaducts, trenches and track from Merced to Shafter, just north of Bakersfield, could cost $9.5 billion to $10 billion, compared with the original budget of $6.4 billion.
Amazon Refuses to Release Echo Information
This will be interesting to see.
(CNN)Amazon is pushing back against an Arkansas prosecutor’s demand for information from a murder suspect’s Echo smart speaker, setting up another legal battle over investigators’ quest for technology-based evidence and American privacy rights.
Benton County Prosecuting Attorney Nathan Smith hopes the voice-activated Echo — which answers users’ questions, plays music, reads news and connects to other smart devices — will provide information on how a man came to be found dead in 31-year-old James Bates’ hot tub.Bates’ defense attorney, Kimberly Weber, says there is nothing useful on the device and applauds Amazon for protecting her client’s privacy. Bates, who was arrested in February on suspicion of first-degree murder, is presently free on a $350,000 bond. A discovery hearing in his case is scheduled for March.[…]According to Amazon, Echo works by constantly listening for the “wake word” — “Alexa” or “Amazon,” by default — and then records your voice and transfers it to a processor for analysis so that it can fulfill requests or answer questions. The recordings are streamed and stored remotely, and can be reviewed or deleted over time, Amazon says.
I’m a bit of a technophile and have considered getting an Echo (or similar device). It would be kind of cool to have a digital assistant around – especially if it’s integrated to various home controls. But the thought of having a device always listening, and possibly recording, everything going on in my home is a bit off-putting.
If the prosecutor was looking for data off of a home security camera or something, it would not be an issue. But since the data on this device is stored by Amazon, they are involved in deciding whether or not to release the data.
Think back to the John Doe investigation where the government illegally seized thousands of emails and such from the victims’ ISPs without even notifying them. Could they do the same with data from your Echo? Of course they could.
I’m not saying that you shouldn’t get an Echo or similar device. I probably will at some point. But be careful what you say around it. I suspect that Amazon is going to lose its case here.
Amazon Piloting Employeeless Store
This is the kind of amazing technology that will replace employees demanding $15 an hour.
Amazon says the company brought together the most advanced machine learning and artificial intelligence to eliminate cash registers in a new 1,800-square-foot store in Seattle.
Amazon Go is already open to Amazon employees through its beta program and is scheduled to open to the public in early 2017.
As seen in a video released by the company, shoppers scan a code from the Amazon Go app on their smartphones at a kiosk and then proceed to fill up their carts. The video’s narrator says that a virtual cart automatically registers every time a customer picks up or puts down an item and that Amazon accounts are only charged once someone leaves the store.
“We used computer vision, deep-learning algorithms and sensor fusion much like you’d find in self-driving cars. We call it “Just Walk Out Technology,’” he says.
According to Amazon, the store will offer ready-to-eat breakfast, lunch, dinner and snack options, as well as grocery essentials like bread and milk. It is located at 2131 Seventh Avenue in Seattle.
Those demanding more money would be better served learning to be the programmers and technicians for these kinds of technologies.
Reddit’s Edits
I don’t know why anyone would even bother with Reddit anymore after their CEO admitted to actually editing other people’s comments. And now he is silencing people with whom he disagrees in order to promote “healing.” Whatever. There are plenty of other places on the web.
News-sharing community Reddit is taking action against what it calls its “most toxic” users.
Hundreds of members of the site have been identified, Reddit’s chief executive Steve Huffman wrote.
Specifically, attention is being directed at /r/The_Donald, a subreddit – section – of the site created and used by supporters of the US President-Elect.
Mr Huffman, who posts as “spez” on the site, said he would not ban the section entirely as he wanted to push a “spirit of healing” on the site.
But he has been under heavy criticism after he admitted he had personally edited comments left by users.
“More than anything, I want Reddit to heal, and I want our country to heal, and although many of you have asked us to ban the r/The_Donald outright, it is with this spirit of healing that I have resisted doing so,” he wrote on Wednesday.
“If there is anything about this election that we have learned, it is that there are communities that feel alienated and just want to be heard, and Reddit has always been a place where those voices can be heard.”
UK To Capture and Store Citizens’ Internet History
Sounds like something North Korea or Iran would do.
Internet providers will soon be required to record which services their customers’ devices connect to – including websites and messaging apps.
The Home Office says it will help combat terrorism, but critics have described it as a “snoopers’ charter”.
Critics of the law have said hackers could get access to the records.
“It only takes one bad actor to go in there and get the entire database,” said James Blessing, chairman of the Internet Service Providers’ Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others.
“You can try every conceivable thing in the entire world to [protect it] but somebody will still outsmart you.
“Mistakes will happen. It’s a question of when. Hopefully it’s in tens or maybe a hundred years. But it might be next week.”
The Investigatory Powers Bill was approved by the House of Lords on 19 November and is due to become law before the end of 2016.