Security

Honda Shuts Down Factory After Finding NSA-derived Wcry In Its Networks (arstechnica.com) 60

A Honda factory near Tokyo was shuttered for over 24 hours this week after its computers became infected with WannaCry, the same ransomware virus responsible for crippling systems in dozens of countries last month, the car manufacturer said Wednesday. From a report: The automaker shut down its Sayama plant northwest of Tokyo on Monday after finding that WCry had affected networks across Japan, North America, Europe, China, and other regions, Reuters reported Wednesday. Discovery of the infection came on Sunday, more than five weeks after the onset of the NSA-derived ransomware worm, which struck an estimated 727,000 computers in 90 countries. [...] Honda officials didn't explain why engineers found WCry in their networks 37 days after the kill switch was activated. One possibility is that engineers had mistakenly blocked access to the kill-switch domain. That would have caused the WCry exploit to proceed as normal, as it did in the 12 or so hours before the domain was registered. Another possibility is that the WCry traces in Honda's networks were old and dormant, and the shutdown of the Sayama plant was only a precautionary measure. In any event, the discovery strongly suggests that as of Monday, computers inside the Honda network had yet to install a highly critical patch that Microsoft released in March.
United States

Swiss Supercomputer Edges US Out of Top Spot (bbc.com) 64

There have only been two times in the last 24 years where the U.S. has been edged out of the top spot of the world's most powerful supercomputers. Now is one of those times. "An upgrade to a Swiss supercomputer has bumped the U.S. Department of Energy's Cray XK7 to number four on the list rating these machines," reports the BBC. "The only other time the U.S. fell out of the top three was in 1996." The top two slots are occupied by Chinese supercomputers. From the report. The U.S. machine has been supplanted by Switzerland's Piz Daint system, which is installed at the country's national supercomputer center. The upgrade boosted its performance from 9.8 petaflops to 19.6. The machine is named after a peak in the Grison region of Switzerland. One petaflop is equal to one thousand trillion operations per second. A "flop" (floating point operation) can be thought of as a step in a calculation. The performance improvement meant it surpassed the 17.6 petaflop capacity of the DoE machine, located at the Oak Ridge National Laboratory in Tennessee. The U.S. is well represented lower down in the list, as currently half of all the machines in the top 10 of the list are based in North America. And the Oak Ridge National Laboratory looks set to return to the top three later this year, when its Summit supercomputer comes online. This is expected to have a peak performance of more than 100 petaflops.
Intel

Intel Quietly Discontinues Galileo, Joule, and Edison Development Boards (intel.com) 95

Intel is discontinuing its Galileo, Joule, and Edison lineups of development boards. The chip-maker quietly made the announcement last week. From company's announcement: Intel Corporation will discontinue manufacturing and selling all skus of the Intel Galileo development board. Shipment of all Intel Galileo product skus ordered before the last order date will continue to be available from Intel until December 16, 2017. [...] Intel will discontinue manufacturing and selling all skus of the Intel Joule Compute Modules and Developer Kits (known as Intel 500 Series compute modules in People's Republic of China). Shipment of all Intel Joule products skus ordered before the last order date will continue to be available from Intel until December 16, 2017. Last time orders (LTO) for any Intel Joule products must be placed with Intel by September 16, 2017. [...] Intel will discontinue manufacturing and selling all skus of the Intel Edison compute modules and developer kits. Shipment of all Intel Edison product skus ordered before the last order date will continue to be available from Intel until December 16, 2017. Last time orders (LTO) for any Intel Edison products must be placed with Intel by September 16, 2017. All orders placed with Intel for Intel Edison products are non-cancelable and non-returnable after September 16, 2017. The company hasn't shared any explanation for why it is discontinuing the aforementioned development boards. Intel launched the Galileo, an Arduino-compatible mini computer in 2013, the Edison in 2014, and the Joule last year. The company touted the Joule as its "most powerful dev kit." You can find the announcement posts here.
Twitter

Tableau Software Drops Its 'Twitter Crowd Favorite' Data Viz Contests (tableau.com) 21

theodp writes: As part of its 'Iron Viz' data visualization contests that lead up to its annual conferences, Tableau Software ($4.8B market cap) has awarded $500 gift cards to 'Twitter Crowd Favorites', contestants whose data viz draw the most 'votes' (tagged Tweets) on Twitter. But no more. As it expanded Iron Viz eligibility to China, Tableau said it 'just didn't seem fair' to allow popular voting in its worldwide contests since the Chinese government blocks citizens' Twitter use. "As Chinese authors join the contest," the Tableau Public blog explained, "we have to say goodbye to the Twitter Crowd Favorite. Twitter is blocked in mainland China and it wouldn't be fair for our Chinese contestants." And the latest Iron Viz Contest FAQs confirm the change: "Q. I heard there won't be a Crowd Favorite prize, is that true? A. Absolutely true. China is among the new countries who can take part in the Iron Viz, and Twitter doesn't work in mainland China. The usual Twitter Popular Vote just didn't seem fair."
This XKCD comic still has my all-time favorite data visualizations.
China

Chinese Satellite Breaks Distance Record For Quantum-Key Exchange (sciencemag.org) 42

slew writes: Science Magazine reports a team of physicists using the Chinese Micius satellite (launched back in August 2016) have sent quantum-entangled photons from a satellite to ground stations separated by 1200 kilometers, smashing the previous world record. Sending entangled photons through space instead of optical fiber networks with repeaters has long been the dream of those promoting quantum-key exchange for modern cryptography. Don't hold your breath yet, as this is only an experiment. They were only able to recover about 1000 photons out of about 6 billion sent and the two receiving stations were on Tibetan mountains to reduce the amount of air that needed to be traversed. Also the experiment was done at night to minimize interference from the sun. Still, baby steps... Next steps for the program: a bigger satellite for more power and moving to quantum teleportation instead of simple key exchange. The results of the experiment were published in the journal Science.
Security

Firm Responsible For Mirai-Infected Webcams Hires Software Firm To Make Its Products More Secure (securityledger.com) 18

chicksdaddy writes from a report via The Security Ledger: After seeding the globe with hackable DVRs and webcams, Zhejiang Dahua Technology Co., Ltd. of Hangzhou, China will be working with the U.S. firm Synopsys to "enhance the security of its Internet of Things (IoT) devices and solutions." Dahua, based in Hangzhou, China said it will with Mountain View based Synopsys to "enhance the security of its Internet of Things (IoT) devices and solutions." In a joint statement, the companies said Dahua will be adopting secure "software development life cycle (SDLC) and supply chain" practices using Synopsys technologies in an effort to reduce the number of "vulnerabilities that can jeopardize our products," according to a statement attributed to Fu Liquan, Dahua's Chairman, The Security Ledger reports. Dahua's cameras and digital video recorders (DVRs) figured prominently in the Mirai botnet, which launched massive denial of service attacks against websites in Europe and the U.S., including the French web hosting firm OVH, security news site Krebsonsecurity.com and the New Hampshire based managed DNS provider Dyn. Cybercriminals behind the botnet apparently exploited an overflow vulnerability in the web interface for cameras and DVRs to gain access to the underlying Linux operating system and install the Mirai software, according to research by the firm Level3. In March, Dahua was called out for another, serious vulnerability in eleven models of video recorders and IP cameras. Namely: a back door account that gave remote attackers full control of vulnerable devices without the need to authenticate to the device. The flaw was first disclosed on the Full Disclosure mailing list and described as "like a damn Hollywood hack, click on one button and you are in."
Earth

Coal Market Set To Collapse Worldwide By 2040 As Solar, Wind Dominate (bloomberg.com) 374

Jess Shankleman reports via Bloomberg: Solar power, once so costly it only made economic sense in spaceships, is becoming cheap enough that it will push coal and even natural-gas plants out of business faster than previously forecast. That's the conclusion of a Bloomberg New Energy Finance outlook for how fuel and electricity markets will evolve by 2040. The research group estimated solar already rivals the cost of new coal power plants in Germany and the U.S. and by 2021 will do so in quick-growing markets such as China and India. The scenario suggests green energy is taking root more quickly than most experts anticipate. It would mean that global carbon dioxide pollution from fossil fuels may decline after 2026, a contrast with the International Energy Agency's central forecast, which sees emissions rising steadily for decades to come.

The report also found that through 2040:
-China and India represent the biggest markets for new power generation, drawing $4 trillion, or about 39 percent all investment in the industry.
-The cost of offshore wind farms, until recently the most expensive mainstream renewable technology, will slide 71 percent, making turbines based at sea another competitive form of generation.
-At least $239 billion will be invested in lithium-ion batteries, making energy storage devices a practical way to keep homes and power grids supplied efficiently and spreading the use of electric cars.
-Natural gas will reap $804 billion, bringing 16 percent more generation capacity and making the fuel central to balancing a grid that's increasingly dependent on power flowing from intermittent sources, like wind and solar.

Security

NSA Links WannaCry To North Korea (washingtonpost.com) 99

An anonymous reader quotes a report from The Washington Post: The National Security Agency has linked the North Korean government to the creation of the WannaCry computer worm that affected more than 300,000 people in some 150 countries last month, according to U.S. intelligence officials. The assessment, which was issued internally last week and has not been made public, is based on an analysis of tactics, techniques and targets that point with "moderate confidence" to North Korea's spy agency, the Reconnaissance General Bureau, according to an individual familiar with the report. The assessment states that "cyber actors" suspected to be "sponsored by" the RGB were behind two versions of WannaCry, a worm that was built around an NSA hacking tool that had been obtained and posted online last year by an anonymous group calling itself the Shadow Brokers. Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment is consistent with intelligence gathered recently by other Western spy agencies. It states that the hackers behind WannaCry are also called "the Lazarus Group," a name used by private-sector researchers.
AI

US Weighs Restricting Chinese Investment In Artificial Intelligence (reuters.com) 64

An anonymous reader shares a Reuters report: The United States appears poised to heighten scrutiny of Chinese investment in Silicon Valley to better shield sensitive technologies seen as vital to U.S. national security, current and former U.S. officials tell Reuters. Of particular concern is China's interest in fields such as artificial intelligence and machine learning, which have increasingly attracted Chinese capital in recent years. The worry is that cutting-edge technologies developed in the United States could be used by China to bolster its military capabilities and perhaps even push it ahead in strategic industries. The U.S. government is now looking to strengthen the role of the Committee on Foreign Investment in the United States (CFIUS), the inter-agency committee that reviews foreign acquisitions of U.S. companies on national security grounds. An unreleased Pentagon report, viewed by Reuters, warns that China is skirting U.S. oversight and gaining access to sensitive technology through transactions that currently don't trigger CFIUS review.
United States

Sharp To Americans: You Don't Want to Buy a Sharp-Brand TV (wsj.com) 115

Sharp has sued China's Hisense Electric, which licensed the Sharp brand for televisions sold in the U.S., accusing Hisense of putting the Sharp name on poor-quality TVs and deceptively advertising them (alternative source). From a report: The court action is the latest effort by Osaka-based Sharp to retrieve the right to use its own name when selling TVs in one of the world's largest markets. Sharp is trying to recover its position as a global maker of consumer electronics. Hisense rejected the allegations and said it was selling high-quality televisions under the Sharp name. The dispute illustrates the risks when the owner of a well-known brand name gives up control over products sold under that name.
Businesses

US Tech Companies Start To Become Copycats of Chinese Peers (foxbusiness.com) 86

hackingbear quotes Dow Jones Newswire: Chinese technology companies have long had a reputation of being copycats of Western peers, but U.S. companies have recently begun to return the favor, said a partner at prominent venture-capital firm Andreessen Horowitz... China's internet titans such as Tencent Holdings Ltd. are influencing U.S. startups and majors alike, and many Chinese models are being replicated in the U.S., said Connie Chan, a partner at the Silicon Valley venture firm. LimeBike, a startup at San Mateo, Calif., adapted China's dockless bike-sharing model, first rolled out by Beijing-based Ofo Inc. and Beijing Mobike Technology Co., for U.S. consumers... Also, Apple Inc. recently added payment services to its iMessage chat service, taking a page from Tencent's playbook. "I love this reversal of what 'China copycat' can mean," she said. "It no longer just means a Chinese company copying the States, it can mean a U.S. company copying China."
Microsoft

Malware Uses Obscure Intel CPU Feature To Steal Data and Avoid Firewalls (bleepingcomputer.com) 128

An anonymous reader writes: Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool. The problem with Intel AMT SOL is that it's part of Intel's ME, a separate chip inside Intel CPUs that runs its own OS and stays on even when the main CPU is off.

Inside Intel's ME, AMT SOL opens a virtual network interface which works even when the PC is turned off. Furthermore, because this virtual network interface runs inside ME, firewalls and security products installed on the main OS won't detected malware using AMT SOL to exfiltrate data.

The malware was created and used by a nation-state cyber-espionage unit codenamed PLATINUM, active since 2009, and which has targeted countries around the South China Sea. PLATINUM is by far one of the most sophisticated hacking groups ever discovered. Last year [PDF], the OS maker said the group was installing malware by abusing hotpatching — a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer.

Details about PLATINUM's recent targets and attacks are available in a report [PDF] Microsoft released yesterday.

Businesses

China Arrests Apple Distributors Who Made Millions on iPhone Data (engadget.com) 9

An anonymous reader shares a report: Police in China's Zhejiang province have arrested 22 (apparently third-party) Apple distributors for allegedly selling iPhone user data. Officials say the workers searched an internal Apple database for sensitive info, such as Apple IDs and phone numbers, and peddled it on the black market for between 10 to 180 yuan with each sale ($1.50 to $26). All told, the distributors reportedly raked in more than 50 million yuan, about $7.36 million, before authorities stepped in.
Power

Electric Vehicles Have Another Record Year, Reaching 2 Million Cars In 2016 (iea.org) 332

An anonymous reader shares a report from the International Energy Agency: The number of electric cars on the roads around the world rose to 2 million in 2016, following a year of strong growth in 2015, according to the latest edition of the International Energy Agency's Global EV Outlook. China remained the largest market in 2016, accounting for more than 40% of the electric cars sold in the world. With more than 200 million electric two-wheelers and more than 300,000 electric buses, China is by far the global leader in the electrification of transport. China, the US and Europe made up the three main markets, totaling over 90% of all EVs sold around the world. Electric car deployment in some markets is swift. In Norway, electric cars had a 29% market share last year, the highest globally, followed by the Netherlands with 6.4%, and Sweden with 3.4%. The electric car market is set to transition from early deployment to mass market adoption over the next decade or so. Between 9 and 20 million electric car could be deployed by 2020, and between 40 and 70 million by 2025, according to estimates based on recent statement from carmakers.
Businesses

Apple Piles On the Features, and Users Say, 'Enough!' (nytimes.com) 191

In a few hours, Apple will kickstart its annual developer conference. At the event, the company is expected to announce new MacBook laptops, the next major updates for iOS and MacOS, new features of Siri, and a home-speaker. Ahead of the conference, The New York Times has run a story that talks some of the headline announcements that Apple announced last year: one of which was, the ability to order food, scribble doodles and send funny images known as stickers in chats on its Messages app. Speaking with users, engineers and industry insiders, the Times reports that many of its existing features -- including expansion of Messages -- are too complicated for many users to figure out (Editor's note: the link could be paywalled; alternative source). From the report: The idea was to make Messages, one of the most popular apps on the iPhone, into an all-purpose tool like China's WeChat. But the process of finding and installing other apps in Messages is so tricky that most users have no idea they can even do it, developers and analysts say.
Databases

Insecure Hadoop Servers Expose Over 5 Petabytes of Data (bleepingcomputer.com) 51

An anonymous reader quotes the security news editor at Bleeping Computer: Improperly configured HDFS-based servers, mostly Hadoop installs, are exposing over five petabytes of information, according to John Matherly, founder of Shodan, a search engine for discovering Internet-connected devices. The expert says he discovered 4,487 instances of HDFS-based servers available via public IP addresses and without authentication, which in total exposed over 5,120 TB of data.

According to Matherly, 47,820 MongoDB servers exposed only 25 TB of data. To put things in perspective, HDFS servers leak 200 times more data compared to MongoDB servers, which are ten times more prevalent... The countries that exposed the most HDFS instances are by far the US and China, but this should be of no surprise as these two countries host over 50% of all data centers in the world.

Security

Chinese 'Fireball' Malware Infects Nearly 250 Million Computers Worldwide (thehackernews.com) 66

Check Point researchers have discovered a massive malware campaign, dubbed Fireball, that has already infected more than 250 million computers across the world, including Windows and Mac OS. The Fireball malware "is an adware package that takes complete control of victim's web browsers and turns them into zombies, potentially allowing attackers to spy on victim's web traffic and potentially steal their data," reports The Hacker News. From the report: Check Point researchers, who discovered this massive malware campaign, linked the operation to Rafotech, a Chinese company which claims to offer digital marketing and game apps to 300 million customers. While the company is currently using Fireball for generating revenue by injecting advertisements onto the browsers, the malware can be quickly turned into a massive destroyer to cause a significant cyber security incident worldwide. Fireball comes bundled with other free software programs that you download off of the Internet. Once installed, the malware installs browser plugins to manipulate the victim's web browser configurations to replace their default search engines and home pages with fake search engines (trotux.com). "It's important to remember that when a user installs freeware, additional malware isn't necessarily dropped at the same time," researchers said. "Furthermore, it is likely that Rafotech is using additional distribution methods, such as spreading freeware under fake names, spam, or even buying installs from threat actors."
China

China's Unprecedented Cyber Law Signals Its Intent To Protect a Precious Commodity: Data (technologyreview.com) 27

An anonymous reader quotes a report from MIT Technology Review: An aggressive new cybersecurity and data protection law in China that goes into effect today will have global ripple effects, and could serve as a model for other governments. But the Chinese government has also left many parts of the law vague -- likely an intentional move meant to allow the country to stake out its own sense of "cyber sovereignty" while waiting to see how the U.S., Europe, and others decide to regulate the flow of data across international borders. The new law is a resounding announcement from China that it intends to be a global player in controlling perhaps the most precious commodity of the digital economy: data. It's hard to know how the law will actually change things because the most controversial aspects of it are so vague. Among them is a requirement that certain companies submit their products to the government for cybersecurity checks, which may even involve reviewing source code. How often it would be required, and how the government will determine which products must be reviewed is unknown. This could come into play as part of China's broader regulatory push to expand law enforcement's power to access data during criminal investigations. Another vague directive calls for companies to store certain data within the country's borders, in the interest of safeguarding sensitive information from espionage or other foreign meddling. The government has delayed the implementation of this change until the end of 2018, however.
Businesses

Mary Meeker's 2017 Internet Trends Report (recode.net) 40

Kleiner Perkins Caufield & Byers partner Mary Meeker delivered her annual rapid-fire internet trends report at Code Conference. Here's the summary: 1. Global smartphone growth is slowing: Smartphone shipments grew 3 percent year over year last year, versus 10 percent the year before.
2. Voice is beginning to replace typing in online queries. Twenty percent of mobile queries were made via voice in 2016, while accuracy is now about 95 percent.
3. In 10 years, Netflix went from 0 to more than 30 percent of home entertainment revenue in the U.S. This is happening while TV viewership continues to decline.
4. Entrepreneurs are often fans of gaming, Meeker said, quoting Elon Musk, Reid Hoffman and Mark Zuckerberg. Global interactive gaming is becoming mainstream, with 2.6 billion gamers in 2017 versus 100 million in 1995.
5. China remains a fascinating market, with huge growth in mobile services and payments and services like on-demand bike sharing.
6. While internet growth is slowing globally, that's not the case in India, the fastest growing large economy. The number of internet users in India grew more than 28 percent in 2016.
7. In the U.S. in 2016, 60 percent of the most highly valued tech companies were founded by first- or second-generation Americans and are responsible for 1.5 million employees. Those companies include tech titans Apple, Alphabet, Amazon and Facebook.
8. Healthcare: Wearables are gaining adoption with about 25 percent of Americans owning one, up 12 percent from 2016.

China

China To Implement Cyber Security Law From Thursday (reuters.com) 59

China, battling increased threats from cyber-terrorism and hacking, will adopt from Thursday a controversial law that mandates strict data surveillance and storage for firms working in the country, the official Xinhua news agency said. From a report: The law, passed in November by the country's largely rubber-stamp parliament, bans online service providers from collecting and selling users' personal information, and gives users the right to have their information deleted, in cases of abuse. "Those who violate the provisions and infringe on personal information will face hefty fines," the news agency said on Monday, without elaborating.

Slashdot Top Deals