Month: December 2020

Enlarge / This image was the profile banner of one of the accounts allegedly run by the Internet Research Agency, the organization that ran social media "influence campaigns" in Russia, Germany, Ukraine, and the US dating back to 2009. (credit: A Russian troll)

The National Security Agency says that Russian state hackers are compromising multiple VMware systems in attacks that allow the hackers to install malware, gain unauthorized access to sensitive data, and maintain a persistent hold on widely used remote work platforms.

The in-progress attacks are exploiting a security bug that remained unpatched until last Thursday, the agency reported on Monday. CVE-2020-4006, as the flaw is tracked, is a command-injection flaw, meaning it allows attackers to execute commands of their choice on the operating system running the vulnerable software. These vulnerabilities are the result of code that fails to filter unsafe user input such as HTTP headers or cookies. VMware patched CVE-2020-4006 after being tipped off by the NSA.

A hacker’s Holy Grail

Attackers from a group sponsored by the Russian government are exploiting the vulnerability to gain initial access to vulnerable systems. They then upload a Web shell that gives a persistent interface for running server commands. Using the command interface, the hackers are eventually able to access the active directory, the part of Microsoft Windows server operating systems that hackers consider the Holy Grail because it allows them to create accounts, change passwords, and carry out other highly privileged tasks.

Enlarge / Former Secretary of Health and Human Services Tom Price was a member of the AAPS, an organization with extreme, unscientific views who keeps being asked to give testimony to Congress. (credit: Zach Gibson / Getty Images)

On Tuesday, the US Senate's Committee on Homeland Security and Governmental Affairs will host a hearing on treatments for COVID-19. The four witnesses all have MDs, and three of them work at hospitals, suggesting that this is a case where the Senate will be receiving information from people with relevant expertise. It's the fourth witness, however, that suggests some of the testimony may go completely off the rails and raises further doubts that US politicians are taking a raging pandemic seriously.

Jane Orient has an MD and is the head of a serious-sounding organization called the Association of American Physicians and Surgeons (AAPS). But a quick look at the group's history shows that it has adopted positions—such as promoting chloroquine and opposing government vaccination programs—that make it a questionable source of COVID-19 information. And the AAPS actually has a long history of adopting extreme and fringe positions that run contrary to all evidence, in part because of its opposition to government involvement in anything. But because of these libertarian tendencies, the group has maintained a close relationship with conservative politicians.

Bad pandemic advice

It doesn't take much searching to determine that the AAPS has fringe views about the pandemic. In late April, evidence was developing that hydroxychloroquine, a malaria drug, wasn't effective against COVID-19, leading the FDA to scale back its emergency approval. Four days after that decision, the AAPS sent out a press release claiming that the drug "has about 90 percent chance of helping COVID-19 patients." That claim was false at the time—it was apparently based simply on counting any studies that saw any effect toward that 90-percent total. And subsequent studies have clearly indicated the drug is ineffective.

Enlarge / Starlink satellite dish and equipment in the Idaho panhandle's Coeur d'Alene National Forest. (credit: Wandering-coder)

SpaceX has been awarded $885.51 million by the Federal Communications Commission to provide Starlink broadband to 642,925 rural homes and businesses in 35 states. The satellite provider was one of the biggest winners in the FCC's Rural Digital Opportunity Fund (RDOF) auction, the results of which were released today. Funding is distributed over 10 years, so SpaceX's haul will amount to a little over $88.5 million per year.

Charter Communications, the second-largest US cable company after Comcast, did even better. Charter is set to receive $1.22 billion over 10 years to bring service to 1.06 million homes and businesses in 24 states.

FCC funding can be used in different ways depending on the type of broadband service. Cable companies like Charter and other wireline providers generally use the money to expand their networks into new areas that don't already have broadband. But with Starlink, SpaceX could theoretically provide service to all of rural America once it has launched enough satellites, even without FCC funding.

Enlarge (credit: Panpreeda Mahaly | EyeEm | Getty Images)

Paying for adult entertainment may become more challenging in the near future, as both Visa and MasterCard are investigating Pornhub following allegations that the site allows and profits from content depicting rape and child sexual abuse and exploitation.

Visa and MasterCard on Sunday each issued separate statements saying they were investigating Pornhub and its parent company, MindGeek, in the wake of a new report.

"We are aware of the allegations, and we are actively engaging with the relevant financial institutions to investigate, in addition to engaging directly with the site’s parent company, MindGeek," Visa told the Associated Press on Sunday. If the investigation finds Pornhub to be in violation of the law or the company's existing banking agreements, it will be prohibited from using Visa for payments.

• 

  2015 13-inch i7-powered MacBook Air at left, 2020 13-inch M1-powered MacBook Air at right. [credit: Lee Hutchinson ]

Citing sources close to Apple, a new report in Bloomberg outlines Apple's roadmap for moving the entire Mac lineup to the company's own custom-designed silicon, including both planned release windows for specific products and estimations as to how many performance CPU cores those products will have.

The M1, which has four performance cores (alongside four efficiency cores), launched this fall in the company's lowest-end computers—namely, the MacBook Air and comparatively low-cost variants of the Mac mini and 13-inch MacBook Pro. These machines have less memory and fewer ports than the company's more expensive devices. The Macs with more memory or ports, such as the 16-inch MacBook Pro, are still sold with Intel CPUs.

According to the report's sources, Apple plans to release new Apple Silicon-based versions of the 16-inch MacBook Pro and the higher-end 13-inch MacBook Pro configurations in 2021, with the first chips appropriate for at least some of these computers arriving as early as spring, and likely all of them by fall. New iMac models that share CPU configurations with high-end MacBook Pros are also expected next year.