Free Republic

A newly discovered malware capable of cyber espionage and remote takeover is targeting Apple Mac computers, delivering its payload by opening up a backdoor connection to a command-and-control web server via the encrypted Tor network. Named Eleanor (or Backdoor.MAC.Eleanor), the malware arrives disguised as a drag-and-drop file conversion application called the EasyDoc Converter. The application is found on many credible third-party sites, according to an analysis from Bitdefender, whose security researchers uncovered the malware. The program is neither verified nor digitally signed by Apple. In reality, the program's true purpose is far more malevolent, granting attackers a backdoor connection that...

Apple today kicked off its beta program for the new versions of its iOS mobile and macOS desktop/laptop operating systems. Users interested in testing iOS 10 and macOS Sierra need to sign up and accept a lengthy legal agreement. Apple warned that the betas are still in development, and recommended testers back up Macs and iDevices before installing the preview software so they can revert to older versions of the operating systems in case something goes wrong. MacOS and iOS 10 are designed to work better together: the Universal Clipboard copying feature makes data sharing between the two easier, while...

Don't be fooled by fans of iPads and Android tablets -- it's much easier to get real work done on a Windows-powered 2-in-1 PC than it is on Android or iOS-powered hardware. Over the years I've used countless different form-factors of computing devices, and I still believe that there are no better devices for getting work done on than the desktop and laptop. But if it's a tablet you want, 2-in-1 systems powered by Windows 10 leave iPads and Android slates eating their dust. I've been through my phase of working on the iPad and a selection of Android tablets,...

Symantec enterprise and Norton security product users are being urged to patch their applications immediately after multiple dangerous vulnerabilities were discovered. The security firm has advised that 17 enterprise security products and nine Norton consumer offerings are affected. Google Project Zero researcher Tavis Ormandy discovered the flaws. The most serious is that the products unpack compressed executables in the operating system kernel to analyse them for malicious code. He said this dangerous practice means the vulnerability can be exploited by simply sending a link or an email - users don't need to do anything to activate an attack.

The full disk encryption used to safeguard information stored on Google Android devices can be broken, an independent researcher has found. Gal Beniamini spent several years analysing the TrustZone platform found on Qualcomm chipsets, and utilised previously gained knowledge to run code that is able to extract the encryption keys used to scramble stored data on Android devices. The researcher discovered that encryption keys derived from the TrustZone feature could be extracted by software and cracked by brute force outside the Android devices, thus bypassing security mechanisms that limit the number of password guesses that can be made.

Kepler normally makes news for its planetary findings, like this batch of nine planets discovered in a habitable zone of stars where conditions could be right for liquid water, and potentially life. Twitter has a long history of hacks, often targeted at celebrity accounts. A hacker compromised Jack Black's Tenacious D Twitter account earlier this year with a fake death notice sent out to his fans. Other big names, including Katy Perry and Facebook's Mark Zuckerberg, have also been victimized on the social-media site. NASA's Kepler account seems like an unusual choice for a Twitter hack. "We're investigating the cause...

What is Backdoor.MAC.Eleanor? Backdoor.MAC.Eleanor is new macOS malware arising from a malicious third-party app called EasyDoc Converter, which poses as a drag-and-drop file converter. What is EasyDoc Converter? "EasyDoc Converter.app" is a third-party Mac app that poses as a drag-and-drop file converter. The app has the following fake description:EasyDoc Converter is a fast and simple file converter for OS X. Instantly convert your FreeOffice (.fof) and SimpleStats (.sst) docs to Microsoft Office (.docx) by dropping your file onto the app. EasyDoc Converter is great for employees and students looking for a simple tool for quickly convert files to the popular...

Facebook Notification Symbol

Cybersecurity specialist Check Point has been tracking the malware called HummingBad since its discovery in February and claim there has been a spike in infected devices. In a new report, Check Point said the malware was a multistage attack chain with two main components, which first infected Androids when people visited certain websites. “The first component attempts to gain root access on a device with a rootkit [software] that exploits multiple vulnerabilities. If successful, attackers gain full access to a device,” the report read. “If rooting fails, a second component uses a fake system update notification, tricking users into granting...

PC giant Lenvo has launched an investigation with Intel to find out which of its suppliers introduced the recently-disclosed BIOS level "ThinkPwn" vulnerability that allows attackers to bypass hardware protections on the company's ThinkPad laptops and other computers. Researcher Dmytro Oleksiuk discovered a flaw that allowed arbitrary code execution using the Intel system management mode (SMM) feature in processors. The exploit is able to bypass the write protection in PCs' flash memory, and in turn disable the Unified Extensible Firmware Interface (UEFI) Secure Boot, and the Windows 10 Enterprise Credentials Guard security feature. Oleksiuk also found suspicious SMM code in...

The new iPhone 6 and iPhone 6 Plus are very cool. But how much do the devices truly cost to manufacture? A reader going by the initials P.C. has a question about the new iPhone 6. "Could you please find out what it actually costs to manufacture the iPhone 6, compared to what we end up shelling out for it?" So the question ultimately is how much profit are they making? Best guess: Lots. The entry-level, 16-gigabyte version of the iPhone 6 starts at $200 plus a two-year contract -- the same price as the iPhone 5s. The larger iPhone...

For those of us with space to spare, our workbenches tend to sprawl. The others who are more space limited will certainly feel envy at [Love Hultén]’s beautiful Tempel workbench. The workbench appears at first to be a modern interpretation of a secretary’s desk. There are some subtle hints that it is no ordinary piece of furniture. The glowing model of our solar system on the front, for example.

Lenovo, and possibly other PC vendors, is exposed to a UEFI bug that can be exploited to disable firmware write-protection. If the claims made by Dmytro Oleksiuk at Github are correct, an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise.” The reason Oleksiuk believes other vendors are also vulnerable is that the buggy code is inherited from Intel. He writes that the SystemSmmRuntimeRt was copied from Intel reference code.

Taxes, overall, were the proximate cause. But there were certainly other reasons why we declared independence from England...And boy, oh the taxes. It's one thing to charge a 30 percent cut on apps, but a 30 percent tax imposed on everything you sell, including subscriptions and any ongoing revenue is preposterous.... It's practically North Korean in its ham-fistedness. Kim Jong-Il would congratulate Apple on its mastery of authoritarianism.

A researcher has discovered a new low-level zero-day exploit that overrides the protection for the firmware code in Lenovo ThinkPads and other laptops, bypassing hardware and Windows security features. Last week, Dmytro Oleksiuk, also known as cr4sh, released the code for his ThnkPwn proof of concept on Github, showing how it can be used to exploit a flaw in the unified extensible firmware interface (UEFI) driver for privilege escalation. This lets attackers remove the write protection for system flash memory, and allows them to run arbitrary code with full access to the entire victim system. Lenovo had not received advance...

Move over, humans. A robot-operated restaurant is heading to the Bay Area. Momentum Machines, a San Francisco-based startup, plans to launch a burger joint where fare is cooked, seasoned and wrapped by robots, Tech Insider reported. The still unnamed restaurant will utilize what Momentum Machines built in 2012 — a machine that could churn out 400 burgers in an hour. The innovative appliance includes a stamper that grinds and stamps custom blends of meat, a vegetable slicer, an oven to toast the meat and bun, and a bagger to wrap the complete product. Images released by the company show the...

The Wall Street Journal reported on a trove of Civil War era telegrams — many of them to and from Abraham Lincoln — that have never been decoded. The telegrams are owned by the Huntington Library, Art Collections and Botanical Gardens in San Marino. They have started a project, "Decoding the Civil War," to transcribe and decipher their collection of nearly 16,000 Civil War telegrams between Lincoln, his Cabinet and Union Army officers. About a third of the telegrams were written in code. The library is crowdsourcing the project through the largest online platform for collaborative volunteer research, Zooniverse. They...

A team from Davis University, California, has designed a processor with 1000* cores, boasting a throughput rate of 1.78 trillion instructions per second and containing 621 million transistors. As opposed to a number of other attempts, some reaching 300 or so processors, the KiloCore chip has been fabricated and run; it was built by IBM (who else) using its 32-nm PD-SOI CMOS technology (what else). The basic architecture used is MIMD (multiple instruction/multiple data) and each of the seven-stage-pipelined cores has a 72-instruction set, single instruction/cycle. None of the instructions is ‘algorithm-specific’ – setting the KiloCore apart from GPU-class devices....

As the Windows 10 free upgrade period draws to a close, Microsoft is stepping up its operating system's nagware to full-screen takeovers. The Redmond software giant confirmed today it will start showing dark blue screens urging people to install the latest version of Windows. The full-screen ads will pop up on Windows 7 and 8.1 desktops from now until July 30, when the free upgrade period ends. "This notification is a reminder that the Window 10 free upgrade offer ends on July 29, 2016. Microsoft recommends that you upgrade to Windows 10 before the offer expires," Microsoft said. "You can...

Secret Service agents paid a visit to City Hall this week after someone made an anonymous complaint about the pro-gun, anti-President Obama social media posts of a city worker, sources said. Agents determined the posts on the worker's Google Plus page were not threatening enough to take action, the sources said. Officials are reviewing the contents of his work computer's hard drive, they said.