New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two

An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload. EternalRocks is far more complex than WannaCry’s SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received. Last but not least, the worm does not have a killswitch domain, which means the worm can’t be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm’s owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo. Ars Technica quotes security researchers who say “there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April… These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch.”

Read more of this story at Slashdot.


Slashdot

Baidu Open-Sources Its Deep Learning Tools

An anonymous reader quotes a report from The Verge: Microsoft, Google, Facebook, and Amazon have all done it — and now Baidu’s doing it, too. The Chinese tech giant has open sourced one of its key machine learning tools, PaddlePaddle, offering the software up to the global community of AI researchers. Baidu’s big claim for PaddlePaddle is that it’s easier to use than rival programs. Like Amazon’s DSSTNE and Microsoft’s CNTK, PaddlePaddle offers a toolkit for deep learning, but Baidu says comparable software is designed to work in too many different situations, making it less approachable to newcomers. Xu Wei, the leader of Baidu’s PaddlePaddle development, tells The Verge that a machine translation program written with Baidu’s software needs only a quarter of the amount of code demanded by other deep learning tools. Baidu is hoping this ease of use will make PaddlePaddle more attractive to computer scientists, and draw attention away from machine learning tools released by Google and Facebook. Baidu says PaddlePaddle is already being used by more than 30 of its offline and online products and services, covering sectors from search to finance to health. Xu said that if one of its machine learning tools became too monopolistic, it would be like “trying to use one programming language to code all applications.” Xu doesn’t believe that any one company will dominate this area. “Different tools have different strengths,” he said. “The deep learning ecosystem will end up having different tools optimized for different uses. Just like no programming language truly dominates software development.”

Read more of this story at Slashdot.


Slashdot

JetBrains Moving Its Dev Tools To Subscription Model

esarjeant writes: For many Java developers, IntelliJ has been our predominant IDE. JetBrains is looking to make their tools easier easier to buy and use by switching to a subscription program. Their plan is to have people pay a monthly/yearly fee for access to the tools instead of upgrading when they’re ready. Fortunately, if your subscription lapses it looks like you’ll have 30 days to check all your stuff in. How does NetBeans look now?
Many members of various developer communities are pushing back against this change: “For a developer with an unstable income, it might be perfectly fine to stay on an older version of the software until they’ve stashed enough cash to afford the upgrade. That will no longer work.” JetBrains has acknowledged the feedback, and say they will act on it.

Read more of this story at Slashdot.


Slashdot

Learn FPGAs With a $25 Board and Open Source Tools

An anonymous reader writes: Hackaday has a 3 part tutorial with videos of using open source tools with a cheap ($ 25) FPGA board. The board isn’t very powerful, but this could be the ‘gateway drug’ to FPGAs for people who don’t want to spend hundreds of dollars and install 100s of megabytes of software and license keys just to get their feet wet. The videos are particularly good–like watching them over their shoulder. As far as I know, this is the only totally open source FPGA toolchain out there.

Read more of this story at Slashdot.


Slashdot

Tools Coming To Def Con For Hacking RFID Access Doors

jfruh writes: Next month’s Def Con security conference will feature, among other things, new tools that will help you hack into the RFID readers that secure doors in most office buildings. RFID cards have been built with more safeguards against cloning; these new tools will bypass that protection by simply hacking the readers themselves. ITWorld reports that Francis Brown, a partner at the computer security firm Bishop Fox, says: “…his aim is to make it easier for penetration testers to show how easy it is to clone employee badges, break into buildings and plant network backdoors—without needing an electrical engineering degree to decode the vagaries of near-field communication (NFC) and RFID systems.”

Read more of this story at Slashdot.


Slashdot

Google Launches Gmail Postmaster Tools To Eliminate Spam

Mark Wilson writes: Spam is a problem that is not going away for anyone who receives email — and who doesn’t? Over the years Google has taken steps to try to reduce the amount of junk that reaches Gmail inboxes and today the company is taking things a step further with Gmail Postmaster Tools and enhanced filter training for Gmail. Part of the problem with spam — aside from the sheer volume of it — is that the detection of it is something of an art rather than a science. It is all too easy for legitimate email to get consigned to the junk folder, and this is what Gmail Postmaster Tools aims to help with. Rather than helping recipients banish spam, it helps senders ensure that their messages are delivered to inboxes rather than filtered out.

Read more of this story at Slashdot.


Slashdot