Free Republic

The National Security Agency has discovered a major security flaw in Microsoft's Windows 10 operating system that could allow hackers to intercept seemingly secure communications. But rather than exploit the flaw for its own intelligence needs, the NSA tipped off Microsoft so that it can fix the system for everyone. Microsoft released a free software patch to fix the flaw Tuesday and credited the agency for discovering it. The company said it has not seen any evidence that hackers have used the technique discovered by the NSA. Amit Yoran, CEO of security firm Tenable, said it is "exceptionally rare if...

While the crashes remain under investigation, preliminary reports showed that a new stabilization system pushed both planes into steep nosedives from which the pilots could not recover. The issue is known in aviation vernacular as runaway stabilizer trim. In simulator tests, government pilots discovered that a microprocessor failure could push the nose of the plane toward the ground. It is not known whether the microprocessor played a role in either crash. When testing the potential failure of the microprocessor in the simulators, "it was difficult for the test pilots to recover in a matter of seconds," one of the sources...

Children playing Fortnite were exposed to a potential “massive invasion of privacy” thanks to an oversight in the game’s security, researchers have revealed. The popular shooting game enjoyed by more than 80 million people around the world left users vulnerable to a flaw that if exploited, allowed hackers to steal virtual currency and read private conversations online. To take control, the researchers sent a message to their victim over social media including a malicious link. Once clicked, the user’s Fortnite authentication token - code that confirms a user is logged in - could be captured by the attacker without the...

What are Meltdown and Spectre? Do they only affect Intel chips? Will the fixes slow my computer … and what even is a processor? Meltdown and Spectre are the names of two serious security flaws that have been found within computer processors. They could allow hackers to steal sensitive data without users knowing, one of them affecting chips made as far back as 1995. What are Meltdown and Spectre? Meltdown is a security flaw that could allow hackers to bypass the hardware barrier between applications run by users and the computer’s core memory, which is normally highly protected. Spectre is...

Only Intel machines are affected by Meltdown Details have emerged on two major processor security flaws this week, and the industry is scrambling to issue fixes and secure machines for customers. Dubbed “Meltdown” and “Spectre,” the flaws affect nearly every device made in the past 20 years. The Meltdown flaw only affects Intel processors, and researchers have already released proof of concept code that could lead to attacks using Meltdown. The vulnerabilities allow an attacker to compromise the privileged memory of a processor by exploiting the way processes run in parallel. They also allow an attacker to use JavaScript code...

The fix requires major OS rewrites which will probably make your computer run slower. An extremely severe security flaw has been found to affect nearly every Intel processor made in the past decade or more, giving any hackers who might know how to exploit it access to protected information systemwide. The Register reports that programmers are rushing to make the sweeping changes necessary to protect against the vulnerability on Linux and Windows operating systems, with such fixes required on macOS as well. Even worse, you can expect these vital updates to noticeably slow down your computer. The design flaw in...

First, the paper conflates “homicide” and “murder,” and thus cannot result in valid findings with respect to “murder” in particular or with public safety in general. Second, the study contrasts Florida’s Stand Your Ground law with a set of four purportedly non–Stand Your Ground states. One of the four states in the control set, however, routinely applies Stand Your Ground doctrine in much the same manner as does Florida. This failure of methodology substantively invalidates the paper’s findings, and should have been identified in peer review long before publication in JAMA. (The widespread defects in the peer-review process of even,...

Security researchers at Cylance have discovered a serious vulnerability in all supported versions of Windows that can allow a potential hacker who has control of some portion of a victim’s network traffic to steal users’ credentials for valuable services. Cylance researchers disclosed the vulnerability today on their website in which they said that their study is an extension to a similar research done by Aaron Spangler in 1997.

An unpatched security flaw in Apple’s iTunes software allowed intelligence agencies and police to hack into users’ computers for more than three years, it’s claimed. A British company called Gamma International marketed hacking software to governments that exploited the vulnerability via a bogus update to iTunes, Apple's media player, which is installed on more than 250 million machines worldwide. The hacking software, FinFisher, is used to spy on intelligence targets’ computers. It is known to be used by British agencies and earlier this year records were discovered in abandoned offices of that showed it had been offered to Egypt’s feared...

We've seen before that organizations don't seem to react well to outside security folks pointing out vulnerabilities in their systems. They very often take a "blame the messenger" approach -- as if pointing out a flaw suddenly makes that flaw come into existence. But one company seems to be taking it to another level. That Anonymous Coward points us to a story in which a security professional found a big and ridiculously obvious bug in the website of an Australian investment fund, First State Superannuation. Apparently you could see other people's accounts by merely changing the account numbers in the...

Computerworld - The appearance Monday of exploit code for the DLL loading issue that reportedly affects hundreds of Windows applications means hackers will probably start hammering on PCs shortly, security experts argued. "Once it makes it into Metasploit, it doesn't take much more to execute an attack," said Andrew Storms, director of security operations for nCircle Security. "The hard part has already been done for [hackers]." Storms was referring to the release earlier today of exploit code by HD Moore, the creator of the Metasploit open-source hacking toolkit. Moore also issued an auditing tool that records vulnerable applications, information which...

A flaw in Microsoft (NSDQ: MSFT)'s Windows Home Server could lead to data loss under certain circumstances, the company has confirmed. Windows Home Server, released over the summer, aims to offer home users centralized media storage and home backup capabilities for networked PCs. Microsoft last week updated a support document acknowledging that files edited using certain programs and then stored on Windows Home Server could become corrupted. "Microsoft is researching this problem and will post more information in this article when the information becomes available," the Microsoft help documentation explains. "Until an update for Windows Home Server is available, we...

SACRAMENTO, Calif. — The Army is spending $2.6 billion on hundreds of European-designed helicopters for homeland security and disaster relief that turn out to have a crucial flaw: They aren't safe to fly on hot days, according to an internal report obtained by The Associated Press. While the Army scrambles to fix the problem — adding millions to the taxpayer cost — at least one high-ranking lawmaker is calling for the whole deal to be scrapped. During flight tests in Southern California in mild, 80-degree weather, cockpit temperatures in the UH-72A Lakota soared above 104, the point at which the...

Meteorologist: Gore climate theory 'ridiculous' By Steve Lyttle · The Charlotte Observer Updated 10/13/07 - 12:32 AM | Comment on this story CHARLOTTE -- One of the world's foremost meteorologists on Friday called the theory that helped Al Gore win a share of the Nobel prize "ridiculous" and the product of "people who don't understand how the atmosphere works." Dr. William Gray, a pioneer in the science of seasonal hurricane forecasts, spoke to a packed lecture hall at UNC Charlotte and said humans are not responsible for the warming of the earth. His visit, arranged through the meteorology program at...

Attack code for a new security hole in Excel has surfaced on the Internet, just as Microsoft is scrambling to respond to a separate bug in the spreadsheet program. The latest vulnerability could cause Excel to crash after a malicious file is opened, according to an alert Symantec sent to customers on Monday. The security company also said there was a risk that an intruder could commandeer a PC. "Attackers may also be able to execute arbitrary code…but this has not been confirmed," it said. The security hole exists because Excel fails to properly check user-supplied input before copying it...

A gaping security flaw in the latest versions of Symantec's anti-virus software suite could put millions of users at risk of a debilitating worm attack, Internet security experts warned May 25. Researchers at eEye Digital Security, the company that discovered the flaw, said it could be exploited by remote hackers to take complete control of the target machine "without any user action." "This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine. You can remove, edit or destroy files at will," said eEye Digital Security spokesperson Mike Puterbaugh.

WASHINGTON -- Symantec Corp.'s leading antivirus software, which protects some of the world's largest corporations and U.S. government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers said Thursday.

Computer users are being alerted to a new flaw in Microsoft Windows which can be used to attack a PC. The US net watchdog, the Computer Emergency Response Center (Cert), and security firms have issued warnings about certain types of image files called Windows Metafiles. Experts said numerous websites were taking advantage of the flaw to sneak into computers and install spyware. Microsoft has said it is looking into the issue. Spam bots The flaw centres on the way

Computer code posted over the weekend can crash vulnerable computers by exploiting a Windows flaw disclosed in October. The exploit code takes advantage of a flaw Microsoft tagged as "critical." The bug lies in a Windows component for transaction processing called the Microsoft Distributed Transaction Coordinator, or MSDTC. Microsoft addressed the flaw in security bulletin MS05-051. "Initial investigation of this exploit code has verified that successful exploitation could lead to a denial of service attack...and not remote code execution," a Microsoft representative said in a statement. In a denial of service attack a computer would crash, while remote code execution...

Security researchers have discovered a vulnerability in Macromedia's Flash Player that creates a mechanism for hackers to attack the PCs of users running the popular application. The security bug - described as critical - affect Macromedia Flash Player 6.x and 7.x. Macromedia has issued security updates. The flaw stems from a failure to reject malformed SWF files as invalid. This bug might be exploited by using specially crafted (malformed) SWF file to execute arbitrary code on the machines of users induced into visiting sites under the control of hackers. Flash Player version 7.0.19.0 and prior on the Windows platform, and...