4 million seats will be upgraded over the next year.
The US Department of Defense announced today that it is to standardize on Windows 10. Over the course of the next year, some 4 million systems will be upgraded to Microsoft's latest operating system in what must be the largest enterprise deployment of the operating system worldwide.
This is a followup to a November order to upgrade systems in Combatant Commands, Service Agencies, and Field Activities to the operating system. The rationale is the government's desire to protect better against security breaches and reduce IT costs by streamlining on a single platform. Windows 10 is better protected against security flaws than its predecessors, making it a tougher target for attackers. continued…
first published week of: 02/22/2016
Freely available tool derives password used to corrupt master boot record.
A nasty piece of ransomware that took crypto-extortion to new heights contains a fatal weakness that allows victims to decrypt their data without paying the hefty ransom.
When it came to light two weeks ago, Petya was notable because it targeted a victim’s entire startup drive by rendering its master boot record inoperable. It accomplished this by encrypting the master boot file and displaying a ransom note. As a result, without the decryption password, the infected computer wouldn’t boot up, and all files on the startup disk were inaccessible. A master boot record is a special type of boot sector at the very beginning of partitioned hard drive, while a master boot file is a file on NTFS volumes that contains the name, size and location of all other files.
Now, someone who goes by the Twitter handle @leostone has devised a tool that generates the password Petya requires to decrypt the master boot file. To use the password generator, victims must remove the startup drive from the infected computer and connect it to a separate Windows computer that's not infected. The victim then extracts data from the hard drive, specifically (1) the base-64-encoded 512 bytes starting at sector 55 (0x37h) with an offset of 0 and (2) the 64-bit-encoded 8-byte nonce from sector 54 (0x36) offset 33 (0x21). By inputting the data into this Web app created by @leostone, the victim can retrieve the password Petya used to decrypt the crucial file. continued…
first published week of: 04/18/2016
Kansas City cited as rail and road hub that could help it win federal smart-city dollars
A big concern for smart city innovators is how to turn data generated by Internet of Things sensors and modules on highways, railroads and elsewhere into valuable information that can be used right away.
"When you talk about IoT and sensors and smart cities, it is not about big data but about small data, where you take that massive amount of data that things are providing to give us actionable data," said Chris Gutierrez, president of KC SmartPort, in an interview. The group promotes economic development through freight-based distribution, warehousing and manufacturing in 18 counties on the Kansas and Missouri border.
"You want business analytics that are relevant to make decisions," he said. "For example, you want to know that the freight should have arrived at 2 p.m., but won't until 3." continued…
first published week of: 04/18/2016
In olive branch to tech industry, FAA taps Intel CEO Brian Krzanich for new panel.
Former Cisco CEO John Chambers delivered a keynote on Tuesday at the Association for Unmanned Vehicle Systems International (AUVSI) XPONENTIAL conference, slamming the Obama administration for moving too slowly on adjusting regulations governing commercial and private drones.
Chambers said that Obama doesn’t “get” drones and that the US is potentially being left behind in a market that he claimed could drive trillions of dollars in economic impact. His remarks drew loud applause from the audience of attendees—many of whom represented companies eager to cash in on drones as either vendors or customers.
Federal Aviation Administration administrator Michael Huerta responded on Wednesday with a talk about the FAA’s progress on drone regulations before the same audience that Huerta had previously called “a lion’s den”in his last appearance at AUVSI’s flagship conference four years ago. But, he joked, “We’re getting to know each other so well that UAS conventions are getting to be like family reunions.”
However, Huerta’s comments made it sound less like a family reunion and more like an intervention. The FAA chief gave a litany of reasons why his agency was moving so slowly and then tried to make the most out of what the agency had done. Then, in what almost seemed like a peace offering to Silicon Valley, Huerta announced the formation of an as–yet–to–be–named drone advisory committee to be chaired by Intel CEO Brian Krzanich. Aside from having connections to many companies in the drone industry, Krzanich is also a private pilot. continued…
first published week of: 05/09/2016
Feds probe mobile phone industry over the sad state of security updates FCC and FTC coordinate probe of OS developers, hardware makers, and carriers
For years, critics have bemoaned the sad state of security updates available to hundreds of millions of owners of mobile devices running Google’s Android operating system. Now, federal regulators are investigating whether Google, Apple, and the rest of the players in the mobile industry are doing everything they can to keep their customers safe.
There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device and all the personal, sensitive data on it. Jon Wilkins, chief of the FCC’s Wireless Telecommunications Bureau
In a joint action, the Federal Communications Commission and the Federal Trade Commission are ordering mobile operating system developers, hardware manufacturers, and carriers to explain their rationale in deciding when to issue updates, or as is so often the case for Android users, why they don’t provide updates. Two of the more glaring examples are a vulnerability dubbed Stagefright disclosed last year and another disclosed in March called Metaphor. Both allow attackers to surreptitiously execute malicious code on Android devices when they view a booby-trapped website.
“There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device and all the personal, sensitive data on it,” Jon Wilkins, chief of the FCC’s Wireless Telecommunications Bureau, wrote in a letter to carriers. “One of the most significant to date is a vulnerability in the Android component called 'Stagefright.' It may have the ability to affect close to 1 billion Android devices around the world. And there are many other vulnerabilities that could do just as much harm.” continued…
first published week of: 05/16/2016
A variety of other trends have led to an increased number of sensors embedded in many technologies and devices that we use personally and professionally. They become smarter as they gather more data on our daily patterns. Gartner predicts that these sensors, which tend to work in silos today will increasingly work in concert, leading to even greater insights about our daily patterns.
Gartner refers to these devices and sensors’ ability to gather more contextual data as described above as AMbient UX. The challenge will be with application design, anticipating this level of device synchronicity and collaboration, for lack of better framing. Gartner posits that the devices and sensors will become so smart that they will be able to organize our lives without our even noticing that they are doing so. continued…
first published week of: 06/13/2016
Another piece of old, insecure web infrastructure is about to be killed off.
Oracle says that it’s discontinuing its Java browser plugin starting with the next big release of the programming language. No, Oracle isn’t killing the Java programming language itself, which is still widely used by many companies. Nor is it killing off JavaScript, which is a completely different language that Oracle doesn’t control. What Oracle is getting rid of is a plugin that allows you to run programs known as “Java applets” in your browser.
You may not think you even have the Java plugin installed, but if you’ve ever installed Java, or if Java came pre-installed on your computer, then you probably do, even if you never use it. The good news is that Oracle won’t be automatically installing the Java plugin when you install Java anymore. The bad news is that it won’t be providing security updates anymore either, so you should go ahead and uninstall it now. In fact, there’s a good chance you can uninstall Java entirely.
Sun Microsystems, which was acquired by Oracle in 2010, introduced Java applets in 1995 and the technology was briefly popular with scientists and educators, who used them to create things such as interactive physics simulators. You can still relive the heyday of Java applets through UltraStudio, an online museum of educational applets, but Java has been mostly replaced by Flash and JavaScript for creating interactive programs on the web. continued…
first published week of: 02/01/2016
NetMarketShare tracks the rise of Chrome at the expense of Internet Explorer
Two browser metrics firms find that Chrome has topped Internet Explorer in usage share.
Nearly four years after Google Chrome became the most–used web browser according to StatCounter, rival metrics firm NetMarketShare has come to the same conclusion.
Both firms now say that Chrome is more popular than Internet Explorer, though their respective percentages vary greatly. According to NetMarketShare, Chrome captured 41.66 percent of desktop browser usage in April, compared to 41.35 percent for IE. StatCounter shows 60.47 percent for Chrome, versus 13.25 percent for IE. (This actually puts Microsoft’s browser behind Mozilla Firefox, which captured 15.62 percent in April.)
Why the discrepancy? As we explained way back in 2012, StatCounter merely samples raw page views across a network of sites. NetMarketShare (also known as NetApplications) measures unique visits, and weighs its data against Internet traffic by country, so areas that are more active on the Internet are better-represented. Both metrics have pros and cons, but Microsoft has unsurprisingly favored NetMarketShare’s data, which for years has maintained that Internet Explorer was the leader.
In fairness, Microsoft itself is now deemphasizing Internet Explorer in favor of Edge, its new browser for Windows 10. But as ZDNet notes, NetMarketShare’s figures for Internet Explorer include usage for Edge, which by itself stands at 4.39 percent. Even worse, data from StatCounter and Quantcast shows that people are abandoning Edge shortly after trying it. continued…
first published week of: 05/02/2016
Google has made a freebie of its Nik Collection, a set of advanced Mac and PC photo editing tools that, until last week, cost $150, and at one time went for $500. The company is issuing refunds to those who purchased the suite in 2016.
The seven Nik Collection editing tools, a part of Google's 2012 acquisition of Nik Software, work both as standalone apps and as plug-ins for Adobe's Lightroom and Photoshop programs, as well as for Apple's now-defunct Aperture, which some still use. The full download is 590 MB.
The Nik Collection tools are: continued…
first published week of: 04/11/2016
Now Sourceforge and other sites must find a less-annoying way of making revenue
Google has now started blocking websites that use deceptive content or ads to make you do things that you wouldn't normally do, such as fake download buttons that appear right next to the real download button, or pop-ups demanding you phone tech support to remove a million malware infections that were apparently found on your computer. It sounds like this will be a gradual rollout; it'll take time for Google to work out which sites are consistent offenders.
The blocking will occur via Google's Safe Browsing tech, which you've probably seen before: it's that big red interstitial that appears when you click on a dodgy search result. Safe Browsing has been around for years, but it mostly just prevented you from visiting sites that were serving up malware, or sites that Google had otherwise deemed unsafe.
In November, however, Google started blocking sites that used "social engineering attacks" to get you to install unwanted software or reveal sensitive information—and today, Google is expanding that to websites that serve up deceptive embedded content (i.e. adverts). Google gives the following examples of ads that will get a website blocked: continued…
first published week of: 02/08/2016