Monthly Archives: February 2020

Source: Schneier on Security

EKANS is a new ransomware that targets industrial control systems:

But EKANS also uses another trick to ratchet up the pain: It's designed to terminate 64 different software processes on victim computers, including many that are specific to industrial control systems. That allows it to then encrypt the data that those control system programs interact with. While crude compared to other malware purpose-built for industrial sabotage, that targeting can nonetheless break the software used to monitor infrastructure, like an oil firm's pipelines or a factory's robots. That could have potentially dangerous consequences, like preventing staff from remotely monitoring or controlling the equipment's operation.

EKANS is actually the second ransomware to hit industrial control systems. According to Dragos, another ransomware strain known as Megacortex that first appeared last spring included all of the same industrial control system process-killing features, and may in fact be a predecessor to EKANS developed by the same hackers. But because Megacortex also terminated hundreds of other processes, its industrial-control-system targeted features went largely overlooked.

Speculation is that this is criminal in origin, and not the work of a government.

It's also the first malware that is named after a Pokémon character.

Source: Sarah Vessels' Tumblr

“Future Relics is a column about the objects that our society is currently making, and how they may explain our lives to future generations.” via Pocket

Source: Hacker News

Source: OSNews

Just another heads up that kernel extensions on macOS will soon stop working. This has been known for a while, but you might not even know you’re using kernel extensions in the first place.

System extensions on macOS Catalina (10.15) allow software like network extensions and endpoint security solutions to extend the functionality of macOS without requiring kernel-level access. At WWDC19, we announced the deprecation of kernel extensions as part of our ongoing effort to modernize the platform, improve security and reliability, and enable more user-friendly distribution methods. Kernel programming interfaces (KPIs) will be deprecated as alternatives become available, and future OS releases will no longer load kernel extensions that use deprecated KPIs by default.

If you use macOS, run kextstat | grep -v com.apple to see how many third party kernel extensions you have running. Things like VirtualBox, controller support for Steam, DropBox, Little Snitch, and more all come with kernel extensions, so there’s definitely chances you might be running some without even realising it.

Source: NYT > Health

Writing in payment limits when signing hospital forms might provide some leverage over disputes that arise from surprise medical bills, some proponents suggest.

Source: OSNews

I suspect that Wacom doesn’t really think that it’s acceptable to record the name of every application I open on my personal laptop. I suspect that this is why their privacy policy doesn’t really admit that this is what that they do. I imagine that if pressed they would argue that the name of every application I open on my personal laptop falls into one of their broad buckets like “aggregate data” or “technical session information”, although it’s not immediately obvious to me which bucket.

Does Wacom have any competitors? Can you even vote with your wallet, or is this yet another market that isn’t really a market at all?

Source: Ars Technica

Enlarge / Volunteers tally votes during the first-in-the-nation Iowa caucus at the Southridge Mall in Des Moines, Iowa, US, on Monday, Feb. 3, 2020. The app used to submit the results turned out not to be seamless, scalable or robust. (credit: Al Drago/Bloomberg via Getty Images)

Iowa's Democratic Party turned to an untested software platform tied to a mobile application to streamline reporting from its presidential caucuses last night. What could possibly go wrong?

In a collapse that echoed the failure of a canvassing application used by Sen. Mitt Romney's 2012 presidential bid, the caucus reporting app repeatedly hung as precinct leaders attempted to submit returns. A backup hotline was jammed for hours. And as of the morning after the caucuses, the full results are still not tallied. The Iowa Democratic Party has promised at least 50 percent of results by the end of the day.

The application was built on technology provided by Shadow Inc.—a technology company that received seed funding from the nonprofit ACRONYM.

Read 8 remaining paragraphs | Comments

Source: The Verge - All Posts

YouTube generated nearly $5 billion in ad revenue in the last three months, Google revealed today as part of parent company Alphabet’s fourth quarter earnings report. This is the first report under newly instated Alphabet CEO Sundar Pichai, who took over as the chief executive of the entire company late last year after co-founders Larry Page and Sergey Brin stepped back from day-to-day duties and promoted Pichai, formerly Google CEO, to the top spot.

The announcement marks the first time in YouTube’s nearly 15 years as a Google-owned platform, since Google bought the website in 2006 for $1.65 billion, that the company has revealed how much money YouTube-hosted ads contribute to the search giant’s bottom line.

Continue reading…

Source: Hacker News