The adware, known as “Superfish”, was made to push new third-party results into internet browsers — similar to the ads seen on sites like Google, but extra and coming from a source that wasn’t immediately identified. The adware meant that some sites wouldn’t render properly and worked slowly, as well as showing the unwanted results.
But as well as installing ads, the way the software works could allow hackers to look in on users’ internet browsing. Facebook engineer Mike Shaver noticed that Superfish installs a “man in the middle” certificate, which allows companies to intercept information as it is passed between a users’ computer and a website.
Superfish is seen by antivirus software as a virus, and they recommend uninstalling it.
The software appears to have been shipped with Lenovo computers since mid-2014.
The only way to be sure that new Lenovo laptops aren’t carrying the adware is to entirely delete windows and re-install it. But given that the software works secretly, most will be unaware it is running, and a clean install of Windows is a complicated and technical process that many consumer users might be unaware of.
Anyone suggesting that consumers can just “do a clean install of Windows” have clearly experienced in-law Thanksgivings differently than me.
— Kenn White (@kennwhite) February 19, 2015
But some users have posted more simple ways of removing the software online.
Lenovo has admitted that the software was being installed on new machines, but said that it has now “temporarily removed” it from new products. The software will stay off new computers “until such time as Superfish is able to provide a software build that addresses these issues”, Lenovo said.
"Lenovo removed Superfish from the preloads of new consumer systems in January 2015," a Lenovo spokesperson told The Independent. "At the same time Superfish disabled existing Lenovo machines in market from activating Superfish.
"Superfish was preloaded onto a select number of consumer models only. Lenovo is thoroughly investigating all and any new concerns raised regarding Superfish."
For users that have already had the computers, Lenovo asks Superfish to release an update that would address some of the problems users were having.
In a forum post explaining the software, Lenovo said that Superfish “is a technology that helps users find and discover products visually”.
As well as injecting ads into your internet browser, Superfish makes your PC insecure, researchers said yesterday.
To check whether it is active on your computer, head to theSuperfish CA Test on all of the browsers that you have installed. The page will tell you if it’s installed.
To uninstall it if it is, head to the Windows Start menu. Search for “Uninstall a program”, launch the app, and look for “Superfish Inc VisualDiscovery”. Click to uninstall, and that should get rid of the application.
Then, to uninstall the certificates, go back to the Start menu and search for “certmgr.msc”. Launch that and click through to the Certificates menu. Find anything there that has the word “Superfish” in it, and delete them by right clicking.
That should leave your computer free of Superfish. To check, restart your computer and head to the test again.
While some have suggested that the deletion and removal of the certificates might not make computers entirely safe, that is Microsoft’s recommended path.
The only way to be absolutely sure that Superfish is not installed is to wipe the computer and re-install the operating system. As well as getting rid of Superfish, that will also delete the other bloat that can often come with manufacturers’ installs of Windows. Full instructions on how to do so can be found onMicrosoft’s Windows website.
The suicide note is fast becoming a suicide post as more and more social interactions occur online.
This week Facebook announced it is stepping up its tools to help people in distress with notifications about suicide prevention tools.
The social network will employ a trained team to review posts and intervene with support if necessary. Likewise, the company - which features over 1 billion active monthly users worldwide - will offer support to friends of those contemplating suicide.
Facebook will contact a person flagging potentially worrying posts and provide them with options to call or message their friend or seek the advice of a professional.
Currently, the omniscient social network will only be rolling these services out to US users but has said it is working to improve the tools for worldwide users.
The news of Facebook's improvements were warmly welcomed by campaigners in the UK.
"I hope very much that it is successful," said Martyn Piper, a safety campaigner for Papyrus, the national UK charity for prevention of young suicide.
"The rise of social media as a means of encouraging people to kill themselves is a great concern," said Piper, who lost his own son to suicide in 2002.
Whether or not those with suicidal thoughts will pay any attention to a message from Facebook itself is another matter.
"Realistically we have to accept that young people are using this media precisely to get away from authority," Piper told Mirror Online.
"So it may well be dismissed, but I would put it in the category of "its a always worth a try". If one in ten, or even one in 100 suicides are prevented then it's worth it."
Using technology to prevent suicide isn't always foolproof.
Last year, the Samaritans launched the Samaritans Radar app that monitors your friends tweets and alerts you if it spots anyone considering suicide.
However, it was criticised for being an invasion of privacy and putting people at risk of cyberbullying.
"Samaritans Radar has been in development for over a year and has been tested with several different user groups who have contributed to its creation, as have academic experts on suicide through their research," said Joe Ferns, Executive Director of Policy, Research and Development at Samaritans.
“We are looking into the details of the issues raised, including working with the relevant regulatory authorities, and will continue to take action as needed to address these concerns appropriately going forward,” Ferns said.
For its part, Facebook is making sure it has fully included suicide prevention organisations such as Forefront and Now Matters Now.
"For those who may need help we have significantly expanded the support and resources that are available to them the next time they log on to Facebook after we review a report of something they’ve posted," said Rob Boyle, Facebook's product manager and Nicole Staubli, Facebook's community operations safety specialist in a post.
"Besides encouraging them to connect with a mental health expert at the National Suicide Prevention Lifeline, we now also give them the option of reaching out to a friend, and provide tips and advice on how they can work through these feelings. All of these resources were created in conjunction with our clinical and academic partners."
A Dutch website has been slammed for selling creepy pictures of children without their parents' permission.
Owners of a page called Koppie Koppie are harvesting kiddie pics from social mediaor websites like Flickr, plastering them on mugs and selling them at a profit.
The creepy stunt is intended as a "painful way" to hammer in the importance of keeping children's images off the internet.
But the head of a British internet safety watchdog said the website was "dodgy as hell", whilst the NSPCC said parents would be "shocked" to see their kids' photos being sold online.
On the Koppie Koppie page, dozens of mugs emblazoned with kids' photos are being sold for up to €20.
The pictures were taken from Flickr after parents labelled them with a Creative Commons license, which allows commercial reuse.
"We are not breaking any laws," Koppie Koppie defiantly said.
"We are free to use these pictures in any way we want."
The pair behind Koppie Koppie admitted they were making a profit from sales of the disturbing souvenirs.
Designer Yuri Veerman and journalist Dimitri Tokmetzis started the company as a "joke" designed to raise awareness of the dangers of sharing pictures of children online.
But Tony Neate, chief executive of the government-backed digital watchdog Get Safe Online, said it was "unacceptable".
"Privacy is very important these days, so doing this is totally inappropriate," he said.
"They may be highlighting an important issue, but they have gone about it in the wrong way.
"They should have contacted parents to tell them their children's pictures can be easily seen online, rather than profiting in this way."
"This is dodgy as hell," he added.
Claire Lilley, head of child safety online at the NSPCC, added: “Mums and dads will be shocked to hear about this activity.
"But we do know how easily children’s photos can be copied from where they are initially posted and shared widely, even ending up in the collections of sex offenders in the worst cases."
If you see your kid on Koppie Koppie, you can write to the company and ask for it to be taken down.
The stunt was organised as part of Dutch digital awareness campaign calledIedereen Spion.
The NSPCC is currently running an online safety project called Share Aware.
According to the a new report published by security vendor Secunia, Oracle Java software represents the principal source of problems for private US desktops, followed by Apple Quicktime 7.x.
Oracle Java of one of the most popular software, in 2014 the software was installed on 65 percent of computers, this aspect makes it a privileged target for hackers that exploit the numerous flaws discovered by the security community.
“If a vulnerable program remains unpatched on your PC, it means that your PC is vulnerable to being exploited by hackers. So if 49% of PCs running Adobe Reader X 10.x, who have a
32% market share, are unpatched, 16% of all PCs are made vulnerable by that program. The same PC can have several other unpatched, vulnerable programs installed. ” states the report.
32% market share, are unpatched, 16% of all PCs are made vulnerable by that program. The same PC can have several other unpatched, vulnerable programs installed. ” states the report.
The report issued by Secunia highlights that nearly 48 percent of users aren’t running the latest, patched versions, and are so exposed to numerous cyber threats.
“This is not because Java is more difficult to patch, but the program has a high market share and a lot of the users neglect to patch the program, even though a patch is available,” said Kasper Lingaard, the Secunia director of research and security.
In 2014, the security experts discovered 119 new vulnerabilities in Oracle Java software and 14 flaws in Apple Quicktime 7.x. Apple Quicktime was characterized by 57 percent penetration on desktops, but only 56 percent was patched.
The top-ten list of applications includes also Adobe Reader 10.x and 11.x, Microsoft .NET framework 2.x, 3.x, and 4.x, VLC Media Player 2.x, Internet Explorer 11.x and Microsoft XML Core Services 3.x.
Microsoft Internet Explorer is the software that contains the greatest number of vulnerabilities, 248, the number of flaws was increased compared last year.
Analyzing the distribution of vulnerabilities, it is possible to note that 47 percent of vulnerabilities last year was discovered in Microsoft applications, 47 percent for third-party software, and 6 percent of the operating system.
The data are coherent with the number of applications installed on desktop computers, which have in average 76 different programs installed from 27 different vendors, where Microsoft solutions account for 41 percent of the total.
Another concerning data is the percentage of users with unpatched operating system, nearly 12.9 percent while 5.7 percent of applications don’t have security patches available because they are in phase out (i.e. Adobe Flash Player 15 which is still installed on 73 percent of Desktops).
Secunia has released individual reports for eleven European countries, Australia, New Zealand and Saudi Arabia and results show a similar trend.
Following the major breach breach at Sony Pictures Entertainment, the FBI issued an alert to U.S. businesses related to possible malware-based attacks. According the Reuters Agency, the malicious code described in the alert could be the attack vector used by threat actors in the incident occurred to the Sony Pictures.
The FBI issued a confidential “flash” warning to the US businesses on Monday which includes technical details about the malware used in the attack and a suggestions for the incident response. The five-page document was sent to security staff at some US companies via email, the Bureau also requested to avoid to share it.
The cyber attacks against the Sony Pictures is creating a great big alarmism within the authorities, which fear that major destructive offensive could compromise the operation of other company on U.S. soil. It’s the first time that a similar attack hit a multinational firm in the US, in the past similar destructive attacks caused the block of the operation at Saudi Aramco firm in 2012 when a virus infected 30,000 work stations and all the company servers targeted were cleaned and restored causing the block of the company activity.
“I believe the coordinated cyberattack with destructive payloads against a corporation in the U.S. represents a watershed event,” said Tom Kellermann, chief cybersecurity officer with security Trend Micro Inc. “Geopolitics now serve as harbingers for destructive cyberattacks.”
The warning issued by the FBI states that the malware overrides all data on hard drives of computers, including the master boot record, which prevents the targeted machines them from booting up.
“The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods,” states the report.
In time I’m writing Sony confirmed that had “restored a number of important services” and was “working closely with law enforcement officials to investigate the matter.” Sony Pictures Entertainment hasn’t provided an official comment on the warning issued by the FBI.
The investigations are involving government entities, including the FBI and the Department of Homeland Security, meantime, Sony has hired FireEye Inc’s Mandiant incident response team to help clean up after the attack and support the company to manage the incident response activities.
Many activities to restore a normal operation are time-consuming and expensive process, they often require technicians to manually either replace the damaged systems and its components.
The FBI warning did not include the name the victim in the alert, but two cybersecurity experts who analyzed the document confirmed to the Reuters that “it was clearly referring to the breach at the California-based unit of Sony Corp.”
“This correlates with information about that many of us in the security industry have been tracking,” said one of the people who reviewed the document. “It looks exactly like information from the Sony attack.”
“The FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations,” he said. “This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals.” said the FBI spokesman Joshua Campbell confirming the distribution of the alert to private US businesses.
As I reported in a previous post related to the Sony Pictures Entertainment I have confirmed the difficulties for the attribution of attack in this phase, anyway Sony Pictures has reportedly begun investigating possible involvement of hackers from North Korea. The news was reported by Re/code, which cited insider sources, the investigators speculate that North Korean hackers hit the Sony Pictures operating from the China.
In the future we may be able to remove our heads and transplant them onto another body. At least that’s what one Italian surgeon is claiming in an extremely controversial proposal.
There's a huge amount of skepticism about the feasibility of a 'head transplant', but Sergio Canavero, from the Turin Advanced Neuromodulation Group, has submitted a detailed proposal outlining how he plans to carry out the procedure.
Find a donor body
The procedure is designed for people whose body no longer functions correctly - whether that’s through a muscular-degenerative disease or from having cancer.
Cool the head and donor body
This is to extend the amount of time they can survive without oxygen.
Dissect the neck
Surgeons would need to cut into the neck and find the major blood vessels and then link them using tiny tubes. This is tricky but no different from how other transplants are done.
Cut the spinal cord on both bodies
Now this is where it gets extremely difficult. Canavero says the key thing is to sever the spinal cords cleanly with a sufficiently fine blade.
Fuse the spinal cords
You'd then need to move the recipient's head onto the donor body and fuse the ends of the spinal cord.
Spinal cords are very densely packed with nerve fibres and they'd need to be connected in order for the donor body to function at all.
Canavero proposes using a special substance called Polyethylene glycol that can be used to fuse together severed nerves.
Put the patient into a coma
After the spinal cords had been connected, the muscles and blood supply would be stitched together and the patient would be put into a medically induced coma for a month. This would keep the spinal cord completely still while it healed.
Stimulate the spinal cord with electricity
Electrodes would have two be implanted to provide regular electrical stimulation to the spinal cord, which should strengthen new nerve connections.
Following all of these steps, Canavero believes that the patient would wake up and be able to move and feel their face and be able to walk within a year.
No comments:
Post a Comment