Critical Windows bug fixed today is actively being exploited to hack users

Enlarge (credit: Lisa Brewster / Flickr)

Microsoft on Tuesday patched two Windows vulnerabilities that attackers are actively exploiting in the wild to install malicious apps on the computers of unwitting users.

The first vulnerability resides in the VBScript Engine included in all currently supported versions of Windows. A so-called use-after-free flaw involving the way the engine handles computer memory allows attackers to execute code of their choice that runs with the same system privileges chosen by the logged-in user. When targeted users are logged in with administrative rights, attackers who exploit the bug can take complete control of the system. In the event users are logged in with more limited rights, attackers may still be able to escalate privileges by exploiting a separate vulnerability.

CVE-2018-8174, as the flaw is formally indexed, is being actively exploited by attackers, Microsoft officials said. The vulnerability was discovered by antivirus provider Kaspersky Lab, which then reported it to Microsoft. In the exploits observed by Kaspersky Lab:

Read 4 remaining paragraphs | Comments

Write comment (97 Comments)
Comcast preparing hostile bid for Fox properties—and control of Hulu

(credit: Comcast)

Comcast has lined up $60 billion in financing in order to make a hostile bid for the 21st Century Fox media assets that Disney is attempting to buy, according to news reports.

Comcast is waiting to find out whether AT-T will be allowed to buy Time Warner Inc. before moving forward with the bid for Fox assets, reports say. "Comcast is getting the pieces in place to make a hostile bid for 21st Century Fox's entertainment assets should it choose to do so," a Wall Street Journal article said.

The Walt Disney Company already struck a $52.4 billion all-stock deal to buy various 21st Century Fox properties. That includes Fox's stake in Hulu, the popular video streaming service. Comcast would try to buy the same assets that Disney is attempting to acquire.Disney, Fox, and Comcast each own 30 percent of Hulu; Time Warner owns the other 10 percent.The Disney/Fox purchase announcement in December noted that Disney would gain a "controlling interest" in Hulu by purchasing Fox assets. Comcast would receive the same controlling interest in Hulu if it can pry the Fox assets away from Disney.

Read 15 remaining paragraphs | Comments

Write comment (96 Comments)
Two spaces after period are better than one, except maybe they aren&t, study finds

Enlarge / Two spaces are better. Well, at least to me. (credit: Nora Karol Photography/Getty Images)

In what may be one of the most controversial studies of the year, researchers at Skidmore College—clearly triggered by a change in the American Psychological Association (APA) style book—sought to quantify the benefits of two spaces after a period at the end of a sentence. After conducting an eye-tracking experiment with 60 Skidmore students, Rebecca L. Johnson, Becky Bui, and Lindsay L. Schmitt found that two spaces at the end of a period slightly improved the processing of text during reading. The research was trumpeted by some press outlets as a vindication of two-spacers' superiority.

For anyone who learned their keyboarding skills on a typewriter rather than a computer—and for the many who developed their keyboard muscle memory using software packages such as Mavis Beacon Teaches Typing—the double-space after the period is a deeply ingrained truth. While modern style, based on the fallacy that computer typography makes such double-spaces redundant and Paleolithic, has demanded the deprecation of the second tap of the space bar after a punctuation full-stop, many have openly resisted this heresy, believing that the extra space is a courtesy to the reader and enhances the legibility of the text.

Previous cognitive science research has been divided on the issue. Some research has suggested closer spacing of the beginning of a new sentence may allow a reader to capture more characters in their parafoveal vision—the area of the retina just outside the area of focus, or fovea—and thus start processing the information sooner (though experimental evidence of that was not very strong). Other prior research has inferred that an extra space prevents lateral interference in processing text, making it easier for the reader to identify the word in focus. But no prior research found by Johnson, Bui, and Schmitt actually measured reader performance with each typographic scheme.

Read 8 remaining paragraphs | Comments

Write comment (99 Comments)
Equifax breach exposed millions of driverlicenses, phone numbers, emails

Enlarge (credit: Smith Collection Gado/Getty Images)

On May 7, executives of Equifax submitted a "statement for the record" to the Securities and Exchange Commission detailing the extent of the consumer data breach the company first reported on September 7, 2017. The data in the statement, which has also been shared with congressional committees investigating the breach, reveals to a fuller extent how much personal data was exposed in the breach. Millions of driver's license numbers, phone numbers, and email addresses were also exposed in connection with names, dates of birth, and Social Security numbers—offering a gold mine of data for identity thieves and fraudsters.

Equifax had already reported that the names, Social Security numbers, and dates of birth of 143 million US consumers had been exposed, along with driver's license numbers "in some instances," in addition to the credit card numbers of 209,000 individuals. The company's management had also reported "certain dispute documents" submitted by about 182,000 consumers contesting credit reports had been exposed as well, in addition to some information about British and Canadian consumers.

But the exact details of the nature of these documents and information had not been revealed, in part because Equifax felt it did not have a legal obligation to disclose those details. "With respect to the data elements of gender, phone number, and email addresses, US state data breach notification laws generally do not require notification to consumers when these data elements are compromised, particularly when an email address is not stolen in combination with further credentials that would permit access," Equifax's management asserted in the SEC letter.

Read 6 remaining paragraphs | Comments

Write comment (93 Comments)
AT T will ask Supreme Court to cripple the FTC-s authority over broadband

Enlarge (credit: Getty Images | ljhimages)

AT-T will appeal to the Supreme Court in an attempt to avoid a government lawsuit over its throttling of unlimited data plans.

The Federal Trade Commissionsued AT-T in October 2014 in US District Court in Northern California, alleging that AT-T promised unlimited data to wireless customers and then throttled their speeds by as much as 90 percent. In response, AT-T argues that the FTC has no jurisdiction over any aspect of AT-T's business because the FTC lacks authority to regulate common carriers.

AT-T won a key ruling in the case in August 2016, but the most recent federal appeals court decision went in favor of the FTC. That's why AT-T is headed to the nation's top court.

Read 11 remaining paragraphs | Comments

Write comment (93 Comments)
AT T/Verizon lobby asks FCC to help raise prices on smaller ISPs

Enlarge (credit: Getty Images | Jeffrey Coolidge)

A lobby group that represents AT-T, Verizon, and other telcos is asking the government to stop enforcing 22-year-old rules that let smaller network operators purchase access to the incumbents' networks at reasonable rates.

Although the Federal Communications Commission eliminated a range of line-sharing requirements in 2005, incumbent telcos are still required to make certain copper-based network elements available via wholesale at regulated prices. Smaller ISPs that buy wholesale access warn that eliminating the requirements would ultimately raise rates on home Internet users who subscribe to smaller ISPs.

These wholesale copper services are still offered by telcos such as AT-T, Verizon, and CenturyLink. The USTelecom lobby group, which represents all three of those carriers, petitioned the FCC on Friday to eliminate the wholesale requirements, which were implemented as part of the Telecommunications Act of 1996.

Read 29 remaining paragraphs | Comments

Write comment (90 Comments)