You need to hear this.
Webroot mistakenly identifies Windows system files as malware, bricks millions of machines
A malware signature update from Webroot antivirus yesterday mistakenly identified Windows system files as malware, bricking millions of managed computers worldwide. The update identified the Windows system files as W32.Trojan.Gen malware, moving essential files into quarantine, rendering the operating system non-functional.
“The company, which claims to have more than 30 million users, has so far suggested fixes for the Home edition and its Business edition software,” ZDNet writes. “[But Webroot] has yet to offer anything universal or concrete for its entire affected user base at the time of writing.”
The update also caused major websites, including Bloomberg and Facebook, to be flagged as phishing sites, making them inaccessible to users. Webroot confirmed the issue, and said it is working on a fix, but provided no timeline.
“Webroot has yet to provide a definitive fix, but so far at least one user is reporting that uninstalling Webroot, restoring quarantined files from a backup drive, and then reinstalling Webroot seems to fix the problem,” Ars Technica reports. “SwiftOnSecurity told Ars that fix appeared to work.”
Hackers hit Atlassian’s HipChat
Atlassian’s communication service HipChat was hacked over the weekend, exposing user email addresses, names, and hashed passwords. The attacker exploited a vulnerability in a third-party library used by HipChat, affecting a server in the HipChat Cloud service and, in a small number of cases, messages and chat room content may have been accessed. The attack also had access to chatroom metadata, which would include room name and topic.
“HipChat Chief Security Officer Ganesh Krishnan noted that HipChat hashes passwords using bcrypt with a random salt,” ZDNet writes. “As a precaution, HipChat has invalidated passwords on all potentially affected HipChat-connected user accounts and sent those users instructions on how to reset their password. The company is also readying a HipChat Server update in response to the attack.”
Atlassian reported that they believe this to be an isolated issue, confirming that none of Atlassian’s other services including Jira, Confluence, or Trello have been compromised.
Microsoft users express frustration over Patch Tuesday changes
Microsoft customers have expressed frustration over the company’s recent switch from Patch Tuesdays security bulletins to the Security Update Guide. Microsoft enacted the change on April 11, following an announcement about the change in November.
The Security Update Guide (SUG) is a searchable database where system administrators can filter results by CVE number or KB article to find relevant updates. Feedback has been pouring in to Microsoft’s support forum, much of it negative.
“Users commenting on other support forum pages have complained the new system is far more time-consuming to navigate,” ZDNet reports. “Computerworld notes that one user has seen his workload go up by six times due to the need to open up a new page for each vulnerability (CVE) in a cumulative update for a product. Previously all that information was in a single bulletin for that product.”
Microsoft has responded to the criticism, saying that the SUG is necessary “to align with the move from individual updates to the cumulative update process.”
But there’s more going on in the world than that.
FCC to scrap net neutrality on Wednesday, sources report
The Federal Communications Commission (FCC) plans to scrap the Obama administration’s net neutrality policies on Wednesday, Recode reports. FCC commissioner Ajit Pai has repeatedly expressed his intent to do away with telecom regulations, most notably those preventing the prioritization of certain traffic known as net neutrality.
“For the moment, Pai isn’t expected to articulate a replacement,” Recode reports. “Instead, he’s likely to solicit ideas from tech and telecom giants as well as public-interest advocates on an alternative legal approach for net neutrality. That formal exchange could begin as soon as May if Pai unveils what’s known as a notice of proposed rule-making in the coming days.”
The proposed changed rely on a system of voluntary participation in net neutrality, a concept Pai has expressed interest in. Pai continues to stress that he ““favor[s] a free and open internet and … oppose[s] Title II.” ISPs were reclassified as common carriers under Title II by the Obama administration FCC Chairman Tom Wheeler. The reclassification allowed the FCC to impose blanket rules on the telecom industry to protect net neutrality.
And you can’t not know this.
NASA is developing 3D printed chainmail to protect astronauts and spaceships in deep space
NASA’s Jet Propulsion Laboratory is developing 3D printed chainmail to protect astronauts and spacecraft from debris found in outer space. The benefits of using a 3D printer to produce the chainmail is that it could be produced as needed on the International Space Station, or on other prospective spacecraft in coming missions.
The metallic fabric has many benefits beyond ease of construction. One side of the chainmail is a composition of flat metal tiles, allowing the surface to reflect light and manage heat. The other side appears more like traditional chainmail, and can serve as an insulator.
“While at this point still a laboratory experiment, the material could eventually be used in space suits, on habitats, wrapped around vehicles and spacecraft to help protect them against unforeseen hazards, or even laid down on alien terrain to give us a safe place to land a ship,” Gizmodo writes.
The potential broad utility of this futuristic chainmail makes it a prime candidate for future missions to deep space, where resources will be limited and every bit of weight matters.
Follow Snap! to always be in the know. In our last Snap!, we reported on new tools to discover NSA spyware and groundbreaking work on the first flexible microprocessor.