Month: August 2024

Enlarge (credit: Bloomberg)

Microsoft is stepping up its plans to make Windows more resilient to buggy software after a botched CrowdStrike update took down millions of PCs and servers in a global IT outage.

The tech giant has in the past month intensified talks with partners about adapting the security procedures around its operating system to better withstand the kind of software error that crashed 8.5 million Windows devices on July 19.

Critics say that any changes by Microsoft would amount to a concession of shortcomings in Windows’ handling of third-party security software that could have been addressed sooner.

Enlarge (credit: Georgia Tech)

Dr. Emmanouil "Manos" Antonakakis runs a Georgia Tech cybersecurity lab and has attracted millions of dollars in the last few years from the US government for Department of Defense research projects like "Rhamnousia: Attributing Cyber Actors Through Tensor Decomposition and Novel Data Acquisition."

The government yesterday sued Georgia Tech in federal court, singling out Antonakakis and claiming that neither he nor Georgia Tech followed basic (and required) security protocols for years, knew they were not in compliance with such protocols, and then submitted invoices for their DoD projects anyway. (Read the complaint.) The government claims this is fraud:

At bottom, DoD paid for military technology that Defendants stored in an environment that was not secure from unauthorized disclosure, and Defendants failed to even monitor for breaches so that they and DoD could be alerted if information was compromised. What DoD received for its funds was of diminished or no value, not the benefit of its bargain.

AV hate

Given the nature of his work for DoD, Antonakakis and his lab are required to abide by many sets of security rules, including those outlined in NIST Special Publication 800–171, "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations."

Enlarge / A 13-year-old celebrates getting the Pfizer-BioNTech COVID-19 vaccine in Hartford, Connecticut, on May 13, 2021. (credit: Getty | JOSEPH PREZIOSO )

With the impending arrival of the 2024–2025 COVID-19 vaccines approved yesterday, some Americans are now gaming out when to get their dose—right away while the summer wave is peaking, a bit later in the fall to maximize protection for the coming winter wave, or maybe a few weeks before a big family event at the end of the year? Of course, the group pondering such a question is just a small portion of the US.

Only 22.5 percent of adults and 14 percent of children in the country are estimated to have gotten the 2023–2024 vaccine. In contrast, 48.5 percent of adults and 54 percent of children were estimated to have gotten a flu shot. The stark difference is despite the fact that COVID-19 is deadlier than the flu, and the SARS-CoV-2 virus is evolving faster than seasonal influenza viruses.

In a press briefing Friday, federal health officials were quick to redirect focus when reporters raised questions about the timing of COVID-19 vaccination in the coming months and the possibility of updating the vaccines twice a year, instead of just once, to keep up with an evolving virus that has been producing both summer and winter waves.

Enlarge (credit: d3sign)

Newly discovered Android malware steals payment card data using an infected device’s NFC reader and relays it to attackers, a novel technique that effectively clones the card so it can be used at ATMs or point-of-sale terminals, security firm ESET said.

ESET researchers have named the malware NGate because it incorporates NFCGate, an open source tool for capturing, analyzing, or altering NFC traffic. Short for Near-Field Communication, NFC is a protocol that allows two devices to wirelessly communicate over short distances.

New Android attack scenario

“This is a new Android attack scenario, and it is the first time we have seen Android malware with this capability being used in the wild,” ESET researcher Lukas Stefanko said in a video demonstrating the discovery. “NGate malware can relay NFC data from a victim’s card through a compromised device to an attacker’s smartphone, which is then able to emulate the card and withdraw money from an ATM.”

• 

  On the left is Screen B, on the right is Screen A. [credit: Scharon Harding ]

As I write this article on the AceMagic X1, two things stand out most. The first is its convenience—being able to write on one screen and view specs and information about the laptop and a chat window on a second integrated screen. The second is that with each aggressive keypress, that convenient secondary screen is jiggling just enough to distract me and rattle my nerves.

I often use sleek, small-screened ultralight laptops, so I find dual-screen laptops intriguing. The dual-screen laptops I've used up until this point have come with a huge caveat, though: no integrated keyboard. That's what makes AceMagic's X1 stand out to me. Not only does its secondary screen swing out from the system horizontally (instead of vertically), but the laptop manages to include two 13-inch screens and a traditional keyboard and touchpad.

But the somewhat precarious way that Screen B hangs off the left side of Screen A, floating above my tabletop, proves that even an integrated keyboard can't resolve all the limitations of dual-screen laptop designs.

• 

  Here's the Keyboard control panel from Windows NT 4.0. [credit: Andrew Cunningham ]

Last week, Microsoft mentioned in a support document that it was formally deprecating Windows' 39-year-old Control Panel applets. But following widespread reporting of the change, Microsoft has either backtracked or clarified its language to remove the note about Control Panel being deprecated in favor of the Settings app. Here's what the original post said, as also preserved by the Internet Wayback Machine (emphasis ours):

"The Control Panel is a feature that's been part of Windows for a long time. It provides a centralized location to view and manipulate system settings and controls," the support page explains. "Through a series of applets, you can adjust various options ranging from system time and date to hardware settings, network configurations, and more. The Control Panel is in the process of being deprecated in favor of the Settings app, which offers a more modern and streamlined experience."

The current version of the page has changed that last sentence considerably. It now says that "many of the settings in Control Panel are in the process of being migrated to the Settings app, which offers a more modern and streamlined experience."