Month: July 2016

Scammers, via Cisco Talos

Ranscam's "ransom note": Pay us and then we'll make everything better.

2 more images in gallery

There has been a lot of ingenuity poured into creating crypto-ransomware, the money-making malware that has become the scourge of hospitals, businesses, and home users over the past year. But none of that ingenuity applies to Ranscam, a new ransom malware reported by Cisco's Talos Security Intelligence and Research Group.

Ranscam is a purely amateur attempt to cash in on the cryptoransomware trend that demands payment for "encrypted" files that were actually just plain deleted by a batch command. "Once it executes, it, it pops up a ransom message looking like any other ransomware," Earl Carter, security research engineer at Cisco Talos, told Ars. "But then what happens is it forces a reboot, and it just deletes all the files. It doesn't try to encrypt anything—it just deletes them all."

Talos discovered the file on the systems of a small number of customers. In every case, the malware presented exactly the same message, including the same Bitcoin wallet address. The victim is instructed:

(credit: MichaelsTutorials)

On Thursday, a federal judge in New York delivered a crucial rebuke to the government’s warrantless use of stingrays.

In a 14-page opinion, the judge ruled that the government could not use its stingray to locate a drug suspect, asleep in his apartment. As a result of the ruling, the judge suppressed the evidence found in the man’s bedroom—a kilogram of cocaine—likely effectively ending the case.

In March 2016, a state appeals court in Maryland reached a similar finding, but this is believed to be the first federal ruling of its kind.

It's not quite an exact launch date, but Microsoft has announced that both Windows Server 2016 and System Center 2016 will launch at its Ignite conference (the successor to TechEd) this fall. Ignite runs from September 26-30 and is being held in Atlanta, Georgia.

Microsoft has also described how Windows Server 2016 will be serviced going forward. Full installations of the operating system—including the GUI and shell—will continue to be serviced on the "5+5" model that Microsoft has used for previous operating systems. That's five years of mainstream support, during which both bug fixes and feature improvements are made, and then five years of extended support, during which only security bugs will be fixed. The slimmed down Server Core installation will also be given this 5+5 servicing.

The new Nano Server option, however, will be handled in a different way. Nano Server installations will be updated more or less in tandem with the Windows 10 Current Branch for Business (CBB) release. CBB trails the main consumer branch by about six months, giving new features a bit of time to receive some real-world testing before being distributed to more conservative organizations. CBB is expected to be updated two to three times a year, and this will apply to Nano Server deployments of Windows Server 2016 just as it does to CBB deployments of Windows 10.

David Gelernter, pictured here in 2010 at a conference in Germany. (credit: Photo by Johannes Simon/Getty Images for Hubert Burda Media)

A software company is founded in 2001, just as the dot-com bust slips the tech sector into a recession. The product never takes off, and the company gives up and shuts its doors in 2004.

A few years later, the company founder is contacted about his patents. Promised a small percentage of whatever "monetization" takes place, the founder sells to a hedge fund. The fund creates an LLC and in 2008, he proceeds to sue several tech companies in the court that looks most promising: the Eastern District of Texas.

Sound like a familiar story? It's happened literally hundreds of times, but a long-running case that just ended this week is special. David Gelernter isn't a typical patent owner. He's a well-known computer scientist who teaches at Yale.  The lawsuit (PDF) over his patents, Mirror Worlds LLC v. Apple, claimed Gelernter invented the basic ideas behind features like Spotlight, Cover Flow, and the Time Machine. The case reached a turning point in 2010, when a jury said (PDF) that Apple infringed three of Gelernter's patents and should pay a royalty of $625 million.

Here is the front door of a fictitious social networking site that study participants thought was real. All participants, US university students, agreed to terms that included demanding their first born as payment. The privacy policy they all checked off said their data would be shared with the NSA and employers. (credit: Biggest Lie on the Internet)

A recent study concludes what everybody already knows: nobody reads the lengthy terms of service and privacy policies that bombard Internet users every day. Nobody understands them. They're too long, and they often don't make sense.

A study out this month made the point all too clear. Most of the 543 university students involved in the analysis didn't bother to read the terms of service before signing up for a fake social networking site called "NameDrop" that the students believed was real. Those who did glossed over important clauses. The terms of service required them to give up their first born, and if they don't yet have one, they get until 2050 to do so. The privacy policy said that their data would be given to the NSA and employers. Of the few participants who read those clauses, they signed up for the service anyway.

"This brings us to the biggest lie on the Internet, which anecdotally, is known as 'I agree to these terms and conditions,'" the study found.

Given enough time, and enough focused ingenuity, any copy protection method can probably be circumvented. For the latest evidence of this truism, look no further than the Sega Saturn. A hacker has developed an external, plug-in solution that lets the two-decade-old system play games off a generic USB drive, without the need for heavy internal hardware modifications like a soldered, hard-to-find mod chip or a full disc drive replacement.

The news comes via this fascinating 27-minute video that outlines how a hacker going by the handle Dr. Abrasive spent years looking for a way past the system's particularly robust disc-checking scheme. To prevent regular old CD-Rs from working on the system, Sega had the Saturn disc drive check for a microscopic "wobble" pattern etched into the outer edge of the game disc itself (a CD-R's pre-set spiral pattern makes replicating the pattern with a regular CD burner pretty impossible).

In addition, the Saturn has an extra CPU dedicated exclusively to handling the CD sub-system. Before now, that CPU has been a frustrating black box for hardware hackers; they could send commands and get data, but they couldn't decipher its inner workings to try to develop a workaround. Even opening the chip up to examine the ROM via microscope failed, thanks to an implant ROM process Sega used in creating the chip.

Enlarge (credit: WinterforceMedia)

A campaign that targeted a European energy company wielded malware that's so sneaky and advanced it almost certainly is the work of a wealthy nation, researchers said Tuesday.

The malware contains about 280 kilobytes of densely packed code that, like a ninja warrior, cleverly and stealthily evades a large number of security defenses. It looks for and avoids a long list of computer names belonging to sandboxes and honeypots. It painstakingly dismantles antiviruses one process at a time until it's finally safe to uninstall them. It takes special care when running inside organizations that use facial recognition, fingerprint scanners, and other advanced access control systems. And it locks away key parts of its code in encrypted vaults to prevent it from being discovered and analyzed.

Once the malware has gained administrative control of a computer, it uses its lofty perch to survey the connected network, report its findings to its operators, and await further instructions. From then on, attackers have a network backdoor that allows them to install other types of malware, either for more detailed espionage or potentially sabotage. Researchers from security firm SentinelOne found the malware circulating in an underground forum and say it has already infected an unnamed energy company in Europe.

(credit: Marco Paköeningrat Follow)

A federal appeals court ruled Tuesday largely in favor of a defunct social networking company—finding that the forgotten startup did not violate an anti-spam statute. However, the court affirmed that Power Ventures did violate an anti-hacking law when it tried to circumvent Facebook’s IP block several years ago as part of a promotional campaign.

A lower court had previously ruled in favor of Facebook, which brought the original case against Power Ventures and its Power.com website and issued an award of $3 million to the social network giant. Power Ventures then appealed that up to the 9th Circuit Court of Appeals. On Tuesday, the appellate court sent the case back down to the District Court for further consideration and a likely reduction of damages.

As Ars reported last year, the case, Facebook v. Power Ventures, revolves around a site known as Power.com, which had tried to be a one-stop shop for social networking—its users could post to Facebook and other sites all in one place.