How AV can open you to attacks that otherwise wouldn’t be possible

Posted on by

The attack worked first by getting Bogner’s malicious file quarantined by the AV program running on the targeted computer. The pentester then exploited vulnerabilities in the AV programs that allowed unprivileged users to restore the quarantined files. He further abused a Windows feature known as NTFS file junction point to force the restore operation to put his malicious file into a privileged directory of Bogner’s choosing. The technique took advantage of another Windows feature known as Dynamic Link Library search order. With that, Bogner’s malware ran with full privileges.

Source: How AV can open you to attacks that otherwise wouldn’t be possible | Ars Technica

Wyden Issues Warning About SESTA

Posted on by

“After 25 years of fighting these battles, I’ve learned that just because a big technology company says something is good, doesn’t mean it’s good for the internet or innovation. Most innovation in the digital economy comes from the startups and small firms, the same innovators who will be harmed or locked out of the market by this bill.

Source: Wyden Issues Warning About SESTA | Press Releases | U.S. Senator Ron Wyden

The geometry of Islamic art becomes a treasure of a game

Posted on by

But in Engare’s case, every massive, crisscrossing slew of curves and lines and patterns has already been proven out by the puzzles you’ve solved. Your reward for doing well in Engare isn’t unlocking more pattern-generation options; it’s the ability to understand the incredible combination of rotations and line patterns that went into each one and how they’re all geometrically solvable thanks to their adherence to X and Y axes.

Source: Engare review: The geometry of Islamic art becomes a treasure of a game | Ars Technica

Verdict: Buy two copies; donate the second one to a school computer lab.

Main site:  http://www.engare.design/

Only $6 on Steam.  I Will be trying it out on my Steam account.

The Secret Betting Strategy That Beats Online Bookmakers

Posted on by

Before committing any real money, the researchers tested the idea on 10 years of historical data on the closing odds and results of 479,440 soccer games played between 2005 and 2015. This simulation paid out 44 percent of the time and delivered a yield of 3.5 percent over the 10-year period. “For an imaginary stake of $50 per bet, this corresponds to an equivalent profit of $98,865 across 56,435 bets,” they say.

Source: The Secret Betting Strategy That Beats Online Bookmakers – MIT Technology Review

Want to see something crazy? Open this link on your phone with WiFi turned off.

Posted on by

But what these services show us is even more alarming: US telcos appear to be selling direct, non-anonymized, real-time access to consumer telephone data to third party services — not just federal law enforcement officials — who are then selling access to that data.

Source: Want to see something crazy? Open this link on your phone with WiFi turned off.

Solar car race kicks off 30th anniversary with a fresh challenge

Posted on by

This year, the race regulations are a clear sign of how rapidly solar technology is changing. Teams have to use a smaller solar collector than before: cars in the Challenger class can have no more than 43 square feet of solar cells versus nearly 65 square feet for the previous race, in 2015. That’s half the area allowed on cars from the original 1987 race. In other words, technology is advanced enough now (both in solar cells and the underlying vehicle designs) that you don’t need a sea of panels to keep a car running.

Source: Solar car race kicks off 30th anniversary with a fresh challenge

The Equifax Hack Has the Hallmarks of State-Sponsored Pros

Posted on by

The average American had no reason to notice Apache’s post but it caught the attention of the global hacking community. Within 24 hours, the information was posted to FreeBuf.com, a Chinese security website, and showed up the same day in Metasploit, a popular free hacking tool. On March 10, hackers scanning the internet for computer systems vulnerable to the attack got a hit on an Equifax server in Atlanta, according to people familiar with the investigation.

Source: The Equifax Hack Has the Hallmarks of State-Sponsored Pros – Bloomberg

The massive breach occurred even though Equifax had invested millions in sophisticated security measures, ran a dedicated operations center and deployed a suite of expensive anti-intrusion software. The effectiveness of that armory appears to have been compromised by poor implementation and the departure of key personnel in recent years. But the company’s challenges may go still deeper. One U.S. government official said leads being pursued by investigators include the possibility that the hackers had help from someone inside the company. “We have no evidence of malicious inside activity,” the Equifax spokesperson said. “We understand that law enforcement has an ongoing investigation.”

Windows 10 is possibly the worst spyware ever made

Posted on by

But there are worse offenders. Microsoft’s service agreement is a monstrous 12,000 words in length, about the size of a novella. And who reads those, right? Well, here’s one excerpt from Microsoft’s terms of use that you might want to read:

We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to.

Source: Windows 10 is possibly the worst spyware ever made