If you are still running Windows Vista, Microsoft officially ended support for it on April 11th, 2017. This means that no further security or operating system updates. The official statement from Microsoft is as follows:
"As of April 11, 2017, Windows Vista customers are no longer receiving new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft. Microsoft has provided support for Windows Vista for the past 10 years, but the time has come for us, along with our hardware and software partners, to invest our resources towards more recent technologies so that we can continue to deliver great new experiences."
If you are ready to upgrade to a new system, give us a call. We'll move you into a great new experience.
Browsers such as Chrome, Firefox, and Opera are vulnerable to a new variation of an older attack that allows phishers to register and pass fake domains as the websites of legitimate services, such as Apple, Google, eBay, and others.
Discovered by Chinese security researcher Xudong Zheng, this is a variation of a homograph attack, first identified by Israeli researchers Evgeniy Gabrilovich and Alex Gontmakher, and known since 2001.
A homograph attackA few years back, ICANN voted to allow non-ASCII (Unicode) characters in web domains. Because some Unicode characters look the same, such as Cyrillic "а" (U+0430) and Latin "a" (U+0041), ICANN ruled that using Unicode characters would have led to confusions, and made it harder to distinguish legitimate domains from phishing sites.
That’s why, they voted to use Punycode instead of the real Unicode, in registering Unicode domains. Punycode is specifically equipped to handle this, as it's a standard for representing Unicode text using ASCII characters. For example, the Chinese character “短“ is represented in Punycode as “xn—s7y.”
By default, browser makers were supposed to read the Punycode URL and transform it into Unicode characters inside the browser. Nevertheless, browser makers were quick to understand that Punycode could be used to disguise phishing sites as legitimate sites.
Read more here: www.bleepingcomputer.com/news/security/chrome-firefox-and-opera-vulnerable-to-undetectable-phishing-attack/
An artificial intelligence, or AI program has again beaten a group of human poker players to win $792,000 in virtual money.
The AI program won during a recent competition against experienced poker players in China. More than 36,000 hands were played during a 5-day competition on China’s Hainan Island.
The computer went up against a group of six human players led by Alan Du, a winner in the 2016 World Series of Poker tournament. The human team said it attempted to play against the AI system like a machine, rather than using traditional methods of humans.
The winning system is called Lengpudashi, or “cold poker master.” It was developed by engineers at America’s Carnegie Mellon University. A previous version of the AI system beat four top poker players in the world in a U.S. competition last January.
Artificial intelligence is the capability of a computer to learn to perform human-like operations and make decisions. This can be achieved by putting large amounts of data into a computer for processing.
Algorithms are also used to help computers learn through experiences the same way humans do. This kind of AI technology is used in machine translation systems like Google Translate.
Last year, Google’s AI system AlphaGo beat a Korean champion in the ancient Chinese board game Go.
Read more here: learningenglish.voanews.com/a/artificial-intelligence-computer-beats-human-players-by-nearly-800000-dollars/3808995.html
Read more here: One of the biggest problems with computers, dating to the invention of the first one, has been finding ways to keep them cool so that they don't overheat or shut down.
Instead of combating the heat, two University of Nebraska-Lincoln engineers have embraced it as an alternative energy source that would allow computing at ultra-high temperatures.
Sidy Ndao, assistant professor of mechanical and materials engineering, said his research group's development of a nano-thermal-mechanical device, or thermal diode, came after flipping around the question of how to better cool computers.
"If you think about it, whatever you do with electricity you should (also) be able to do with heat, because they are similar in many ways," Ndao said. "In principle, they are both energy carriers. If you could control heat, you could use it to do computing and avoid the problem of overheating."
A paper Ndao co-authored with Mahmoud Elzouka, a graduate student in mechanical and materials engineering, was published in the March edition of Scientific Reports. In it, they documented their device working in temperatures that approached 630 degrees Fahrenheit.
Ndao said he expects the device could eventually work in heat as extreme as 1,300 degrees Fahrenheit, which could have major implications in many industries.
"We are basically creating a thermal computer," Ndao said. "It could be used in space exploration, for exploring the core of the earth, for oil drilling, (for) many applications. It could allow us to do calculations and process data in real time in places where we haven't been able to do so before."
By taking advantage of an energy source that has long been overlooked, Ndao said, the thermal diode could also help limit the amount of energy that gets wasted.
"It is said now that nearly 60 percent of the energy produced for consumption in the United States is wasted in heat," Ndao said. "If you could harness this heat and use it for energy in these devices, you could obviously cut down on waste and the cost of energy."
The next step is making the device more efficient and making a physical computer that could work in the highest of temperatures, Ndao said.
Read more here: www.sciencedaily.com/releases/2017/04/170418094538.htm
The ShadowBrokers, an entity previously confirmed by The Intercept to have leaked authentic malware used by the NSA to attack computers around the world, today released another cache of what appears to be extremely potent (and previously unknown) software capable of breaking into systems running Windows. The software could give nearly anyone with sufficient technical knowledge the ability to wreak havoc on millions of Microsoft users.
The leak includes a litany of typically codenamed software “implants” with names like ODDJOB, ZIPPYBEER, and ESTEEMAUDIT, capable of breaking into — and in some cases seizing control of — computers running version of the Windows operating system earlier than the most recent Windows 10. The vulnerable Windows versions ran more than 65 percent of desktop computers surfing the web last month, according to estimates from the tracking firm Net Market Share.
The crown jewel of the implant collection appears to be a program named FUZZBUNCH, which essentially automates the deployment of NSA malware, and would allow a member of agency’s Tailored Access Operations group to more easily infect a target from their desk.
According to security researcher and hacker Matthew Hickey, co-founder of Hacker House, the significance of what’s now publicly available, including “zero day” attacks on previously undisclosed vulnerabilities, cannot be overstated: “I don’t think I have ever seen so much exploits and 0day [exploits] released at one time in my entire life,” he told The Intercept via Twitter DM, “and I have been involved in computer hacking and security for 20 years.” Affected computers will remain vulnerable until Microsoft releases patches for the zero-day vulnerabilities and, more crucially, until their owners then apply those patches.
“This is as big as it gets,” Hickey said. “Nation-state attack tools are now in the hands of anyone who cares to download them…it’s literally a cyberweapon for hacking into computers…people will be using these attacks for years to come.”
Read more here: theintercept.com/2017/04/14/leaked-nsa-malware-threatens-windows-users-around-the-world/
Microsoft has started blocking Windows 7 and Windows 8.1 updates for computers running certain new chipsets.
The company announced plans last January to block next-generation Intel, AMD and Qualcomm processors from system updates on older versions of Windows, but didn't reveal when support would be cut.
The process appears to have just kicked off.
Social media users are reporting that Microsoft is now blocking access to Windows 7 and 8.1 updates on devices running Intel's Kaby Lake processors.
Instead of the normal download screen, users attempting to update their systems are facing an error message reading, “Your PC uses a processor that is designed for the latest version of Windows.
"Because the processor is not supported together with the Windows version that you are currently using, your system will miss important security updates."
Microsoft has tried to justify the move by saying that the processors offer new capabilities that makes compatibility with older systems difficult, but it's also being seen as yet another aggressive technique designed to migrate more customers to Windows 10.
Changes to Microsoft's policy have also created plenty of confusion.
Skylake processors were included in the original policy announcement, but Microsoft has back-pedalled now says that some devices running the chipset will continue to receive Windows 7 and 8.1 updates, while others won't.
Machines running Ryzen, Kaby Lake and other new processors will have to upgrade to Windows 10.
Microsoft has released a Windows lifecycle fact sheet to clarify the situation.
Read more here: www.independent.co.uk/life-style/gadgets-and-tech/news/windows-7-update-microsoft-81-download-windows-10-software-a7684256.html
Hackers may be hijacking internet-connected fridges, toasters and light bulbs in order to use their computing power to mine bitcoins, researchers have revealed.
IBM researchers discovered a bitcoin mining component in a new variant of Mirai—a form of malware that exploits security vulnerabilities to take control of devices connected to the so-called Internet of Things (IoT).
Security firm McAfee recently estimated that more than 2.5 million IoT devices were infected by the Mirai botnet in 2016, though it is not clear how many compromised devices may have been used to mine the virtual currency.
“We do not have any insight into whether or not bitcoins were actually mined during these attacks,” Dave McMillen, a senior threat researcher at IBM, tells Newsweek. “It is also not known whether or not this is the actions of one group or many… This Mirai variant could be appealing to others in the future due to the potentially large volume of devices that could be involved.
Read more here: www.newsweek.com/botnet-hacking-devices-mine-bitcoin-582404
Cisco warned of a variety of vulnerabilities – from letting attackers issue DDOS attack to making devices unexpectedly reload -- in some of its wireless access point and LAN gear.
The only critical alert came for vulnerability in Cisco Wave 2 Aironet 1830 Series and Cisco Aironet 1850 Series Access Points.
In those devices, running Cisco Mobility Express Software, a vulnerability could let an unauthenticated, remote attacker take complete control of an affected device, the company stated.
“The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device,” Cisco wrote in the warning.
Cisco said it has released software updates to address this vulnerability.
Meanwhile in the “High” warning category Cisco said a vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could let an unauthenticated, remote attacker cause a denial of service (DoS) condition on an affected device.
Read more here: www.networkworld.com/article/3188008/security/cisco-issues-variety-of-security-warnings-on-wireless-gear.html