New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two

An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload. EternalRocks is far more complex than WannaCry’s SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received. Last but not least, the worm does not have a killswitch domain, which means the worm can’t be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm’s owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo. Ars Technica quotes security researchers who say “there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April… These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch.”

Read more of this story at Slashdot.


Slashdot

Obama uses Hiroshima visit as opportunity to urge no nukes

Obama uses Hiroshima visit as opportunity to urge no nukesHIROSHIMA, Japan (AP) — With an unflinching look back at a painful history, President Barack Obama stood on the hallowed ground of Hiroshima on Friday and declared it a fitting place to summon people everywhere to embrace the vision of a world without nuclear weapons.



Yahoo News – Latest News & Headlines

Oklahoma Video Vigilante Uses Drone To Wage War Against Prostitutes and Johns

HughPickens.com writes: Chris Baraniuk writes at BBC that Brian Bates, known in Oklahoma as the “Video Vigilante,” is taking credit for Amanda Zolicoffer’s conviction on a lewdness charge after being caught on Bates’ drone mounted camera in a sex act in a parked vehicle last year. Zolicoffer was sentenced to a year in state prison for the misdemeanor while the case against her alleged client, who was released following arrest in December, is still pending. “I’m sort of known in the Oklahoma City area,” says Bates . “For the last 20 years I’ve used a video camera to document street-level and forced prostitution, and human trafficking.” Bates runs a website where he publishes videos of alleged sex workers and their clients. “I am openly referred to as a video vigilante, I don’t really shy away from that,” says Bates adding that the two individuals were inside a vehicle and the incident occurred away from other members of the public. The drone dropped to within a few feet of the vehicle where it filmed a 75 year old in the front seat of the white pickup truck. The duo separated after Zolicoffer, who was identified by her tattoo saying “Baby Gangster,” saw the drone hovering overhead.

Read more of this story at Slashdot.


Slashdot

US No-Fly List Uses ‘Predictive Judgement’ Instead of Hard Evidence

HughPickens.com writes: The Guardian reports that in a little-noticed filing before an Oregon federal judge, the US Justice Department and the FBI conceded that stopping U.S. and other citizens from traveling on airplanes is a matter of “predictive assessments about potential threats.” “By its very nature, identifying individuals who ‘may be a threat to civil aviation or national security’ is a predictive judgment intended to prevent future acts of terrorism in an uncertain context,” Justice Department officials Benjamin C Mizer and Anthony J Coppolino told the court. It is believed to be the government’s most direct acknowledgment to date that people are not allowed to fly because of what the government believes they might do and not what they have already done. The ACLU has asked Judge Anna Brown to conduct her own review of the error rate in the government’s predictions modeling – a process the ACLU likens to the “pre-crime” of Philip K Dick’s science fiction. “It has been nearly five years since plaintiffs on the no-fly list filed this case seeking a fair process by which to clear their names and regain a right that most other Americans take for granted,” say ACLU lawyers.

The Obama administration is seeking to block the release of further information about how the predictions are made, as damaging to national security. “If the Government were required to provide full notice of its reasons for placing an individual on the No Fly List and to turn over all evidence (both incriminating and exculpatory) supporting the No Fly determination, the No Fly redress process would place highly sensitive national security information directly in the hands of terrorist organizations and other adversaries,” says the assistant director of the FBI’s counterterrorism division, Michael Steinbach.

Read more of this story at Slashdot.


Slashdot

Cuba Uses Big Data To Help Tourism, But Their Networks Lack Capacity

dkatana writes: The Cuban government is very active in reshaping the country’s industry, not only focusing on leisure and cultural tourism. The biggest challenge, however, is the quality of Internet connections. Cuba’s global ranking for Internet speed is 196 out of 200, averaging 1.6 Mbps, just ahead of Guinea, Gambia, Equatorial Guinea, and Niger.

Another thing that Cuba lacks: free movement of currency, as reader lpress points out: Cuba has two paper currencies — the Peso and the Convertible Peso or CUC. CUCs are worth about $ 1 and Pesos, which are used for government salaries, are worth about $ .04. But, what about Bitcoin? The first Cuban Bitcoin transaction is history. Will Bitcoin be used by Cubans and Americans to sell goods and services without the knowledge of their governments? Cuban offshore developers might be the first to use Bitcoin.

Read more of this story at Slashdot.


Slashdot

Genetic Access Control Code Uses 23andMe DNA Data For Internet Racism

rjmarvin writes: A GitHub project is using the 23andMe API for genetic decoding to act as a way to bar users from entering websites based on their genetic data — race and ancestry. “Stumbling around GitHub, I came across this bit of code: Genetic Access Control. Now, budding young racist coders can check out your 23andMe page before they allow you into their website! Seriously, this code uses the 23andMe API to pull genetic info, then runs access control on the user based on the results. Just why you decide not to let someone into your site is up to you, but it can be based on any aspect of the 23andMe API. This is literally the code to automate racism.”

Read more of this story at Slashdot.


Slashdot

Microsoft Uses US Women’s Soccer Team To Explain Why It Doesn’t Hire More Women

theodp writes: “It is not surprising that the U.S. women have been dominant in the sport [of soccer] in recent years. The explanation for that success lies in the talent pipeline,” writes General Manager of Citizenship & Public Affairs Lori Forte Harnick on The Official Microsoft Blog. “Said another way, many girls in the U.S. have the opportunity to learn how to play soccer and, as a result, they benefit from the teamwork, skill development and fun involved. That’s the kind of opportunity I would like to see develop for the technology sector, which presents a different, yet perhaps even more significant, set of opportunities for girls and young women. Unfortunately, the strength in the talent pipeline that we see in female soccer today is not the reality for technology. The U.S. is facing a shortage of Computer Science (CS) graduates. According to the Bureau of Labor Statistics, every year there are close to 140,000 jobs requiring a CS degree, but only 40,000 U.S. college graduates major in CS, which means that 100,000 positions go unfilled by domestic talent.” Going with the soccer analogy, one thing FIFA realized that Microsoft didn’t is that if you want girls to play your sport, you don’t take away their ball!

Read more of this story at Slashdot.


Slashdot