Archive for the ‘global’ Category

Immediately Patch Microsoft 0 day vulnerabilities being used to spread SPYWARE!

Thursday, September 14th, 2017

 

Windows 0-Day Flaw

Get ready to install a fairly large batch of security patches onto your Windows computers.

As part of its September Patch Tuesday, Microsoft has released a large batch of security updates to patch a total of 81 CVE-listed vulnerabilities, on all supported versions of Windows and other MS products.

 The latest security update addresses 27 critical and 54 important vulnerabilities in severity, of which 38 vulnerabilities are impacting Windows, 39 could lead to Remote Code Execution (RCE).

Affected Microsoft products include:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • .NET Framework
  • Skype for Business and Lync
  • Microsoft Exchange Server
  • Microsoft Office, Services and Web Apps
  • Adobe Flash Player

.NET 0-Day Flaw Under Active Attack

According to the company, four of the patched vulnerabilities are publicly known, one of which has already been actively exploited by the attackers in the wild.

Here’s the list of publically known flaws and their impact:

Windows .NET Framework RCE (CVE-2017-8759)—A zero-day flaw, discovered by researchers at cybersecurity firm FireEye and privately reported it to Microsoft, resides in the way Microsoft .NET Framework processes untrusted input data.

Microsoft says the flaw could allow an attacker to take control of an affected system, install programs, view, change, or delete data by tricking victims into opening a specially crafted document or application sent over an email.

The flaw could even allow an attacker to create new accounts with full user rights. Therefore users with fewer user rights on the system are less impacted than users who operate with admin rights.

According to FireEye, this zero-day flaw has actively been exploited by a well-funded cyber espionage group to deliver FinFisher Spyware (FinSpy) to a Russian-speaking “entity” via malicious Microsoft Office RTF files in July this year.

FinSpy is a highly secret surveillance software that has previously been associated with British company Gamma Group, a company that legally sells surveillance and espionage software to government agencies.

Once infected, FinSpy can perform a large number of secret tasks on victims computer, including secretly monitoring computers by turning ON webcams, recording everything the user types with a keylogger, intercepting Skype calls, copying files, and much more.

“The [new variant of FINSPY]…leverages heavily obfuscated code that employs a built-in virtual machine – among other anti-analysis techniques – to make reversing more difficult,” researchers at FireEye said.

“As likely another unique anti-analysis technique, it parses its own full path and searches for the string representation of its own MD5 hash. Many resources, such as analysis tools and sandboxes, rename files/samples to their MD5 hash in order to ensure unique filenames.”

Three Publicly Disclosed Vulnerabilities

The remaining three publicly known vulnerabilities affecting the Windows 10 platform include:

  • Device Guard Security Feature Bypass Vulnerability (CVE-2017-8746): This flaw could allow an attacker to inject malicious code into a Windows PowerShell session by bypassing the Device Guard Code Integrity policy.
  • Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8723): This flaw resides in Edge where the Content Security Policy (CSP) fails to properly validate certain specially crafted documents, allowing attackers to trick users into visiting a website hosting malware.
  • Broadcom BCM43xx Remote Code Execution Vulnerability (CVE-2017-9417): this flaw exists in the Broadcom chipset in HoloLens, which could be exploited by attackers to send a specially crafted WiFi packet, enabling them to install programs, view, change, or delete data, even create new accounts with full admin rights.

BlueBorne Attack: Another Reason to Install Patches Immediately

Also, the recently disclosed Bluetooth vulnerabilities known as “BlueBorne” (that affected more than 5 Million Bluetooth-enabled devices, including Windows, was silently patched by Microsoft in July, but details of this flaw have only been released now.

BlueBorne is a series of flaws in the implementation of Bluetooth that could allow attackers to take over Bluetooth-enabled devices, spread malware completely, or even establish a “man-in-the-middle” connection to gain access to devices’ critical data and networks without requiring any victim interaction.

So, users have another important reason to apply September security patches as soon as possible in order to keep hackers and cyber criminals away from taking control over their computers.

Other flaws patched this month include five information disclosure and one denial of service flaws in Windows Hyper-V, two cross-site scripting (XSS) flaws in SharePoint, as well as four memory corruption and two remote code execution vulnerabilities in MS Office.

For installing security updates, simply head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.

Source:
Mohit Kumar - Hacking News
Entrepreneur, Hacker, Speaker, Founder and CEO — The Hacker News and The Hackers Conference.

FDA Recalls Nearly Half a Million Pacemakers Over Hacking Fears

Tuesday, September 5th, 2017
pacemakers-hacking

Almost half a million people in the United States are highly recommended to get their pacemakers updated, as they are vulnerable to hacking.

The Food and Drug Administration (FDA) has recalled 465,000 pacemakers after discovering security flaws that could allow hackers to reprogram the devices to run the batteries down or even modify the patient’s heartbeat, potentially putting half a million patients lives at risk.

A pacemaker is a small electrical battery-operated device that’s surgically implanted in the chest of patients to help control their heartbeats. The device uses low-energy electrical pulses to stimulate the heart to beat at a normal rate.

Six types of pacemakers, all manufactured by health-tech firm Abbott (formerly of St. Jude Medical) are affected by the recall, which includes the Accent, Anthem, Accent MRI, Accent ST, Assurity, and Allure.

All the affected models are radio-frequency enabled cardiac devices—typically fitted to patients with irregular heartbeats and patients recovering from heart failure—and were manufactured before August 28th.

In May, researchers from security firm White Scope also analysed seven pacemaker products from four different vendors and discovered that pacemaker programmers could intercept the device using “commercially available” equipment that cost between $15 to $3,000.

“Many medical devices—including St. Jude Medical’s implantable cardiac pacemakers—contain configurable embedded computer systems that can be vulnerable to cybersecurity intrusions and exploits,” the FDA said in a security advisory.

“As medical devices become increasingly interconnected via the Internet, hospital networks, other medical devices, and smartphones, there is an increased risk of exploitation of cybersecurity vulnerabilities, some of which could affect how a medical device operates.”

To protect against these critical vulnerabilities, the pacemakers must be given a firmware update. The good news is that those affected by the recall do not require to have their pacemakers removed and replaced.

Instead, patients with these implanted, vulnerable device must visit their healthcare provider to receive a firmware update—something that would take just 3 minutes or so to complete—that can fix the vulnerabilities.

In the U.S., the pacemaker devices to which the firmware update applies include Accent SR RF, Accent MRI, Assurity, Assurity MRI, Accent DR RF, Anthem RF, Allure RF, Allure Quadra RF, and Quadra Allure MP RF.

Outside of the U.S., the pacemaker devices to which this update applies include Accent SR RF, Accent ST, Accent MRI, Accent ST MRI, Assurity, Assurity +, Assurity MRI, Accent DR RF, Anthem RF, Allure RF, Allure Quadra RF, Quadra Allure MP RF, Quadra Allure, and Quadra Allure MP.

As a result of the firmware update, any external device trying to communicate with the pacemaker will require authorization.

Moreover, the software update also introduces data encryption, operating system fixes, the ability to disable network connectivity features, according to Abbott’s press release published on Tuesday, August 29.

Any pacemaker device manufactured beginning August 28, 2017, will have the firmware update pre-installed and will not need the update.

The FDA recall of devices does not apply to implantable cardiac defibrillators (ICDs) and cardiac resynchronization ICDs.

Abbott is working with the FDA, the U.S. Department of Homeland Security (DHS), global regulators, and leading independent security experts, in efforts to “strengthen protections against unauthorized access to its devices.”

Although there are no reports of compromised pacemakers yet, the threat is enough to potentially harm heart patients with an implanted pacemaker that could even put their lives at great risk.

Source:
Swati - Hacking News
Technical Writer, Security Blogger and IT Analyst. She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.

Sweden Accidentally Leaks Personal Details of Nearly All Citizens

Wednesday, July 26th, 2017

sweden-data-leak

A Massive data breach in the Swedish Transport Agency Accidentally Leaks Personal Details of Nearly All Citizens
Another day, Another data breach!

This time sensitive and personal data of millions of transporters in Sweden, along with the nation’s military secrets, have been exposed, putting every individual’s as well as national security at risk.

Who exposed the sensitive data? The Swedish government itself.

Swedish media is reporting of a massive data breach in the Swedish Transport Agency (Transportstyrelsen) after the agency mishandled an outsourcing deal with IBM, which led to the leak of the private data about every vehicle in the country, including those used by both police and military.

The data breach exposed the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military’s most secretive units, police suspects, people under the witness relocation programme, the weight capacity of all roads and bridges, and much more.

The incident is believed to be one of the worst government information security disasters ever.

Here’s what and How it Happened:

In 2015, the Swedish Transport Agency hand over IBM an IT maintenance contract to manage its databases and networks.

However, the Swedish Transport Agency uploaded IBM’s entire database onto cloud servers, which covered details on every vehicle in the country, including police and military registrations, and individuals on witness protection programs.

The transport agency then emailed the entire database in messages to marketers that subscribe to it.

And what’s terrible is that the messages were sent in clear text.

When the error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list themselves.

If you think the scandal ends there, you are wrong. The outsourcing deal gave IBM staff outside Sweden access to the Swedish transport agency’s systems without undergoing proper security clearance checks.

IBM administrators in the Czech Republic were also given full access to all data and logs, according to Swedish newspaper Dagens Nyheter (DN), which analysed the Säpo investigation documents.

According to Pirate Party founder and now head of privacy at VPN provider Private Internet Access Rick Falkvinge, who brought details of this scandal, the incident “exposed and leaked every conceivable top secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation.”

Tons of Sensitive Info Exposed about Both Individuals and Nation’s Critical Infrastructures

According to Falkvinge, the leak exposed:

  • The weight capacity of all roads as well as bridges (which is crucial for warfare, and gives a lot idea about what roads are intended to be used as wartime airfields).
  • Names, photos, and home addresses of fighter pilots in the Air Force.
  • Names, photos, and home addresses of everybody in a police register, which are believed to be classified.
  • Names, photos, and residential addresses of all operators in the military’s most secret units that are equivalent to the SAS or SEAL teams.
  • Names, photos, and addresses of everybody in a witness relocation program, who has been given protected identity for some reasons.
  • Type, model, weight, and any defects in all government and military vehicles, including their operator, which reveals a much about the structure of military support units.

Although the data breach happened in 2015, Swedish Secret Service discovered it in 2016 and started investigating the incident, which led to the fire of STA director-general Maria Ågren in January 2017.

Ågren was also fined half a month’s pay (70,000 Swedish krona which equals to $8,500) after finding her guilty of being “careless with secret information,” according to the publication.

What’s the worrying part? The leaked database may not be secured until the fall, said the agency’s new director-general Jonas Bjelfvenstam. The investigation into the scope of the leak is still ongoing.

Swati - Hacking News

Bots Searching for Keys & Config Files [Sans StormCast]

Wednesday, July 19th, 2017

If you don’t know our “404” project[1], I would definitively recommend having a look at it! The idea is to track HTTP 404 errors returned by your web servers. I like to compare the value of 404 errors found in web sites log files to “dropped” events in firewall logs. They can have a huge value to detect ongoing attacks or attackers performing some reconnaissance. Reviewing 404 errors is one task from my daily hunting-todo-list but it may quickly become unmanageable if you have a lot of websites or popular ones. The idea is to focus on “rare” events that could usually pass below the radar. Here is a Splunk query that I’m using in a daily report:

index=web sourcetype=access_combined status=404
| rex field=uri "(?<new_uri>^\/{1}[a-zA-Z0-9_\-\~]+\.\w+$)"
| cluster showcount=true t=0.6 field=new_uri
| table _time, cluster_count, cluster_label, new_uri | sort cluster_count

What does it do?

  • It searches for 404 errors in all the indexed Apache logs (access_combined)
  • It extracts interesting URI’s. I’m only interested in files from the root directory eg. “GET /<name><dot><extension>”
  • It creates “clusters” of common events to help in detecting rare ones.

Here is an example of output (top-20):

"_time","cluster_count","cluster_label","new_uri"
"2017-07-18T13:42:15.000+0200",1,9,"/xml.log"
"2017-07-18T13:18:51.000+0200",1,11,"/rules.abe"
"2017-07-18T11:51:57.000+0200",1,17,"/tmp2017.do"
"2017-07-18T11:51:56.000+0200",1,18,"/tmp2017.action"
"2017-07-18T09:16:52.000+0200",1,23,"/db_z.php"
"2017-07-18T07:28:29.000+0200",1,25,"/readme.txt"
"2017-07-18T03:44:07.000+0200",1,27,"/sloth_webmaster.php"
"2017-07-18T02:52:33.000+0200",1,28,"/sitemap.xml"
"2017-07-18T00:10:57.000+0200",1,29,"/license.php"
"2017-07-18T00:00:32.000+0200",1,30,"/How_I_Met_Your_Pointer.pdf"
"2017-07-17T22:57:41.000+0200",1,31,"/browserconfig.xml"
"2017-07-17T20:02:01.000+0200",1,76,"/rootshellbe.zip"
"2017-07-17T20:01:00.000+0200",1,82,"/htdocs.zip"
"2017-07-17T20:00:54.000+0200",1,83,"/a.zip"
"2017-07-17T20:00:51.000+0200",1,84,"/wwwroot1.zip"
"2017-07-17T20:00:50.000+0200",1,85,"/wwwroot1.rar"
"2017-07-17T19:59:34.000+0200",1,98,"/rootshell.zip"
"2017-07-17T19:59:27.000+0200",1,103,"/blogrootshellbe.rar"
"2017-07-17T19:59:18.000+0200",1,104,"/rootshellbe.rar"

Many tested files are basically backup files like I already mentioned in a previous diary[2], nothing changed. But yesterday, I found a bot searching for even more interesting files: configuration files from popular tools and website private keys. Indeed, file transfer tools are used by many webmasters to deploy files on web servers and they could theoretically leave juicy data amongst the HTML files. Here is a short list of what I detected:

/filezilla.xml
/ws_ftp.ini
/winscp.ini
/backup.sql
/<sitename>.key
/key.pem
/myserver.key
/privatekey.key
/server.key
/journal.mdb
/ftp.txt
/rules.abe

Each file was searched with a different combination of lower/upper case characters. Note the presence of ‘rules.abe’ that is used by webmasters to specify specific rules for some web applications[3]. This file could contain references to hidden applications (This is interesting to know for an attacker).

So, keep an eye on your 404 errors and happy hunting!

[1] https://isc.sans.edu/404project/
[2] https://isc.sans.edu/forums/diary/Backup+Files+Are+Good+but+Can+Be+Evil/21935
[3] https://noscript.net/abe/web-authors.html

Xavier Mertens (@xme)
ISC Handler – Freelance Security Consultant
PGP Key

Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

Wednesday, July 19th, 2017
internet-of-the-things-hacking

Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking.

The vulnerability (CVE-2017-9765), discovered by researchers at the IoT-focused security firm Senrio, resides in the software development library called gSOAP toolkit (Simple Object Access Protocol) — an advanced C/C++ auto-coding tool for developing XML Web services and XML application.

Dubbed “Devil’s Ivy,” the stack buffer overflow vulnerability allows a remote attacker to crash the SOAP WebServices daemon and could be exploited to execute arbitrary code on the vulnerable devices.

The Devil’s Ivy vulnerability was discovered by researchers while analysing an Internet-connected security camera manufactured by Axis Communications.

“When exploited, it allows an attacker to remotely access a video feed or deny the owner access to the feed,” researchers say.

“Since these cameras are meant to secure something, like a bank lobby, this could lead to collection of sensitive information or prevent a crime from being observed or recorded.”

Axis confirmed the vulnerability that exists in almost all of its 250 camera models (you can find the complete list of affected camera models here) and has quickly released patched firmware updates on July 6th to address the vulnerability, prompting partners and customers to upgrade as soon as possible.

However, researchers believe that their exploit would work on internet-connected devices from other vendors as well, as the affected software is used by Canon, Siemens, Cisco, Hitachi, and many others.

Axis immediately informed Genivia, the company that maintains gSOAP, about the vulnerability and Genivia released a patch on June 21, 2017.

The company also reached out to electronics industry consortium ONVIF to ensure all of its members, including Canon, Cisco, and Siemens, those who make use of gSOAP become aware of the issue and can develop patches to fix the security hole.

Internet of Things (IoT) devices has always been the weakest link and, therefore, an easy entry for hackers to get into secured networks. So it is always advisable to keep your Internet-connected devices updated and away from the public Internet.

Source: Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

SatPhone Encrypted Calls Can be Cracked in Fractions of a Second

Thursday, July 13th, 2017

Decrypting-Satellite-Phone-Calls

Security researchers have discovered a new method to decrypt satellite phone communications encrypted with the GMR-2 cipher in “real time” — that too in mere fractions of a second in some cases.

The new attack method has been discovered by two Chinese security researchers and is based on previous research by German academicians in 2012, showing that the phone’s encryption can be cracked so quickly that attackers can listen in on calls in real time.

The research, disclosed in a paper published last week by the security researchers in the International Association for Cryptologic Research, focused on the GMR-2 encryption algorithm that is commonly being used in most modern satellite phones, including British satellite telecom Inmarsat, to encrypt voice calls in order to prevent eavesdropping.

Unlike previous 2012 research by German researchers who tried to recover the encryption key with the help of ‘plaintext’ attacks, the Chinese researchers attempted to “reverse the encryption procedure to deduce the encryption-key from the output keystream directly.”

The attack method requires hitting a 3.3GHz satellite stream thousands of times with an inversion attack, which eventually produces the 64-bit encryption key and makes it easier to hunt for the decryption key, allowing attackers to decrypt communications and listen in to a conversation.

“This indicates that the inversion attack is very efficient and practical which could lead to a real time crack on the GMR-2 cipher,” the research paper reads. “The experimental results on a 3.3GHz platform demonstrate that the 64-bit encryption-key can be completely retrieved in around 0.02s.”

According to the duo, the attack can eventually crack the satellite phone call encryption in a fraction of a second when carried out successfully, allowing the attacker to break into the communications in real time for live eavesdropping.

The new findings spark concerns surrounding the security of satellite phones, which are mostly used by field officers in war zones that protect our land, air, and water, as well as people in remote area precisely because of no other alternatives.

Such attacks could pose a significant threat to satellite phone users’ privacy.

“Given that the confidentiality is a very crucial aspect in satellite communications, the encryption algorithms in the satellite phones should be strong enough to withstand various eavesdropping risks,” researchers said.

“This again demonstrates that there exists serious security flaws in the GMR-2 cipher, and it is crucial for service providers to upgrade the cryptographic modules of the system in order to provide confidential communication,” researchers concluded.

The research was carried out by Jiao Hu, Ruilin Li and Chaojing Tang of National University of Defense Technology, Changsha, China. For more details, you can head on to their research paper [PDF], titled “A Real-time Inversion Attack on the GMR-2 Cipher Used in the Satellite Phones.”

Story Credit ::
Swati - Hacking News
Technical Writer, Security Blogger and IT Analyst.
She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.

Critical Flaws Found – NTLM Security Protocol – Patch Now!

Thursday, July 13th, 2017

As part of this month’s Patch Tuesday, Microsoft has released security patches for a serious privilege escalation vulnerability which affect all versions of its Windows operating system for enterprises released since 2007.

Researchers at behavioral firewall specialist Preempt discovered two zero-day vulnerabilities in Windows NTLM security protocols, both of which allow attackers to create a new domain administrator account and get control of the entire domain.

NT LAN Manager (NTLM) is an old authentication protocol used on networks that include systems running the Windows operating system and stand-alone systems.

Although NTLM was replaced by Kerberos in Windows 2000 that adds greater security to systems on a network, NTLM is still supported by Microsoft and continues to be used widely.

The first vulnerability involves unprotected Lightweight Directory Access Protocol (LDAP) from NTLM relay, and the second impact Remote Desktop Protocol (RDP) Restricted-Admin mode.

LDAP fails to adequately protect against NTLM relay attacks, even when it has built-in LDAP signing the defensive measure, which only protects from man-in-the-middle (MitM) attacks and not from credential forwarding at all.

The vulnerability could allow an attacker with SYSTEM privileges on a target system to use incoming NTLM sessions and perform the LDAP operations, like updating domain objects, on behalf of the NTLM user.

“To realize how severe this issue is, we need to realize all Windows protocols use the Windows Authentication API (SSPI) which allows downgrade of an authentication session to NTLM,” Yaron Zinar from Preempt said in a blog post, detailing the vulnerability.

“As a result, every connection to an infected machine (SMB, WMI, SQL, HTTP) with a domain admin would result in the attacker creating a domain admin account and getting full control over the attacked network.”

Video Demonstration of Relay Attack

Preempt researchers also provided a video to demonstrate credential relay attacks.

The second NTLM vulnerability affects Remote Desktop Protocol Restricted-Admin mode – this RDP Restricted-Admin mode allows users to connect to a remote computer without giving their password.

According to Preempt researchers, RDP Restricted-Admin allows authentication systems to downgrade to NTLM. This means the attacks performed with NTLM, such as credential relaying and password cracking, could also be carried out against RDP Restricted-Admin.

When combined with the LDAP relay vulnerability, an attacker could create a fake domain admin account whenever an admin connects with RDP Restricted-Admin and get control of the entire domain.

The researchers discovered and privately reported LDAP and RDP Relay vulnerabilities in NTLM to Microsoft in April.

However, Microsoft acknowledged the NTLM LDAP vulnerability in May, assigning it CVE-2017-8563, but dismissed the RDP bug, claiming it is a “known issue” and recommending configuring a network to be safe from any NTLM relay.

“In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a domain controller. An attacker who successfully exploited this vulnerability could run processes in an elevated context,” Microsoft explained in its advisory.

“The update addresses this vulnerability by incorporating enhancements to authentication protocols designed to mitigate authentication attacks. It revolves around the concept of channel binding information.”

So, sysadmins are recommended to patch their vulnerable servers with NT LAN Manager enabled as soon as possible.

You can either consider turning NT LAN Manager off or require that incoming LDAP and SMB packets are digitally signed in order to prevent credential relay attacks.

Besides this NTLM relay flaw, Microsoft has released patches for 55 security vulnerabilities, which includes 19 critical, in several of its products, including Edge, Internet Explorer, Windows, Office and Office Services and Web Apps, .NET Framework, and Exchange Server.

Windows users are strongly advised to install the latest updates as soon as possible in order to protect themselves against the active attacks in the wild.

Swati - Hacking News

​Why has SQL Server come to Linux? Windows-only cloud makes no sense | ZDNet

Tuesday, March 8th, 2016

Some people are asking why. After all, with MySQL, MariaDB, postgreSQL, and Oracle Database 12c Linux, there’s no shortage of RDBMS servers on Linux.Part of the reason is simple enough. Scott Guthrie, head of Microsoft’s Cloud & Enterprise business, said “This will enable SQL Server to deliver a consistent data platform across Windows Server and Linux, as well as on-premises and cloud.The more complex answer is that Microsoft’s fortune is no longer based on Windows. True, SQL Server will be available on Red Hat Enterprise Linux (RHEL) and Canonical’s Ubuntu Linux as a standalone server applications, that’s not where it’s meant to run. As Ed Bott recently uncovered, Microsoft’s new cash cows are Azure and server applications. In particular, “Microsoft Azure is growing rapidly and is reported in the same group as traditional server products (SQL Server is up, Windows Server is down). Collectively, that pair is at the top of the list.”And what operating systems run on Azure? Mark Russinovich, CTO of Microsoft Azure, Microsoft’s cloud program, said last fall that open source and Linux make great financial and technical sense for Microsoft. “It’s obvious, if we don’t support Linux, we’ll be Windows only and that’s not practical.” Then, one in four Azure operating systems instances were Linux. And that number has only been increasing.ADVERTISINGFor Microsoft to continue to grow as a cloud and services company it must become a Linux company.And, in particular, Microsoft wants to be a Linux cloud power. Today, Azure is certainly the primary way Microsoft monetizes Linux, so it’s only logical that SQL Server would be added to Linux.Al Gillen, IDC’s group vice president, sees this. “By taking this key product to Linux, Microsoft is proving its commitment to being a cross platform solution provider. This gives customers choice and reduces the concerns for lock-in. We would expect this will also accelerate the overall adoption of SQL Server.”

Source: ​Why has SQL Server come to Linux? Windows-only cloud makes no sense | ZDNet

Tech and religion intersect at ‘Code for the Kingdom’ hackathon

Wednesday, October 7th, 2015
Aaron Stockton, whose team last year built a gaming app last year that won $2500 for best original code, works in the Impact Hub spaces (Will Mari / Geekwire).
Aaron Stockton, whose team last year built a gaming app last year that won $2500 for best original
code, works in the Impact Hub spaces (Will Mari / Geekwire).

All over the world technologists are increasingly using the hackathon model to solve societal problems. Whether it’s to fight government corruption or to help feed the homeless or to enhance education, hackathons for a higher purpose are going strong.

Here in the Northwest, a group of faith-motivated programmers echoed that idea. They assembled for the second time at Pioneer Square’s Impact Hub for Code for the Kingdom Seattle, part of a network of religious hackathons happening across the globe in the U.S., Canada, Indonesia, the United Kingdom, Kenya and Ethiopia.

The event, now in its second year, was sponsored by the Deaf Bible Society, the Leadership Network and World Vision. The latter is a huge international NGO based in Federal Way that routinely partners with the Gates Foundation. Other sponsors included Seattle startup TheoTech and Bellingham-based Faithlife.

Over this past weekend about 80 people, many of whom work by day as developers and engineers for local tech giants (or tech giants with local offices), including Amazon, Google and Microsoft, coded through Friday night, Saturday and in some cases Saturday night. They focused on issues such as mental illness, strengthening families, human trafficking, helping the deaf community and connecting NGO’s to their supporters. Others worked on Android versions of apps that debuted last year, including one that’s designed to connect one’s prayer life online.

The winners

VisionCaster, the runner-up for best new code, included World Vision staff and volunteers. Inspired by an app built by the UN to increase awareness of what’s going on in Syria (via Samsung’s Milk VR video service), it uses Google Cardboard to immerse viewers in the NGO’s field projects. The idea is to replicate experiences in the field, like seeing clean water access at work or ongoing disaster response efforts.

Aaron Stockton, whose team last year built a gaming app last year that won $2500 for best original code, works in the Impact Hub spaces (Will Mari / Geekwire).
Aaron Stockton, whose team last year built a gaming app last year that won $2500 for best original
code, works in the Impact Hub spaces (Will Mari).

In addition to solving problems during the hackathon, Worldvision was eager to connect to potential future hires, according to Leslie Annis, who recruits tech staff for the NGO.

“We want to get in front of technologists and let them know that we’re here in this area and we need them to join us in the work that we do,” she said. “It was really fun to see that many technologists together in a room creating really cool things for purposeful, missional work.”

Steadfast, an app to encourage spouses to concretize their support for each other, won the people’s choice and best new code awards. The app reminds people to do kind things for their spouse, like sending flowers or notes of encouragement.

StudyChurch won for best existing code. An online e-learning platform, it’s intended for use by weekly “small groups” that meet in homes and coffee shops, allowing collaboration and conversation over a shared text and eventually through video and audio content.

A common motive

Although more than $1,200 in prizes was on the line, the chance to sit down and write code with others for a good cause was the primary draw for many of the participants.

“There’s no limitations, really, any idea can be the best idea,” said Allen Wong, a graduate student at Northeastern and a contractor at Google. Wong, who works on the Google Maps team, was filming a vodcast from the hackathon.

Wong’s passion is creating vodcasts and podcasts that talk about the intersection between faith and technology in applied ways. “To actually see people take a shot at these things – you don’t see that often.”

A team that did not place among the prize-winners but was still regarded as important was Seattle Against Slavery (SAS)’s pilot project. SAS, an anti-human-trafficking nonprofit, has collected data on people, mostly men, who seek sex online. Their goal is to intervene early in the process and keep buyers from connecting with sex workers, who are often underage, migrants or otherwise exploited. By working with former users and survivors of trafficking, and with support for ad buys from Google, SAS is revising its messages to make them more effective and empathetic.

By finding more about the typical user in King County, and targeting them with ads that persuade them to think twice, the idea is to reduce the supply and thus the demand, said Robert Beiser, SAS’ executive director. SAS participated for the first time in a hackathon specifically to get help from software engineers like Kirsten Stark.

“I wanted to be in a place where there’s a stronger connection between my work and my faith,” said Stark, an engineer at Midfin Systems in Redmond.

“We love Jesus and other people and want to help them.” Helping the users and offering them alternatives by showing that others care for their underlying needs is a ‘very Christian approach’ to intervention,” she said.

Sarah Williams, whose team won a $2,500 prize last year for best original code at the inaugural event in Seattle, was back this year as a mentor and volunteer.

Calvin Freitas, a senior front-end engineer at Amazon, works on Ceaseless, at the second-annual Code for the Kingdom Seattle (Will Mari / Geekwire).
Calvin Freitas, a senior front-end engineer at Amazon, works on Ceaseless, at the second-annual Code for the Kingdom Seattle (Will Mari / Geekwire).

Now a manager at Amazon, she’s valued the colleagues and connections that came from last year and continue into the present.

“Now more people know about it… and know what I’m talking about,” she said, of sharing the event with her network.

A common community

Event organizers hope that the hackathon’s participants can continue to meet monthly to code and collaborate. To that end, they maintain an active Meetup.com group and Facebook page and invite interested Seattle-area coders to join. An upcoming conference in November will also tackle faith and tech from a more academic perspective.

Meeting together for a common cause – and creating and sustaining community – is part of the ongoing legacy of niche hackathons.

Wendy Stevens, a health specialist at a small Tumwater-based company, N2N and Associates, was at the hackathon on Saturday working on an online-based system for crisis management.

To her, the fact that programmers from rival companies were working together was part of what made the event inspiring.

Their faith was a “point of reference,” she said.

Geeks Give Back

What happens when Geeks Give Back?

Bank of America and GeekWire are joining forces to help raise $500,000 for the Washington State Opportunity Scholarship – providing local students interested in STEM with scholarships to fund their higher education goals. Support the next generation of scientists, engineers and mathematicians by clicking here to learn more and give back!

Cisco disrupts $30 million browser plug-in hacking operation

Wednesday, October 7th, 2015

Cisco has disrupted a major browser-based hacking operation, thought to be worth $30 million to criminals each year.

The company said unnamed hackers used the notorious Angler Exploit Kit to take advantage of vulnerabilities in common browser plugins, such as Flash and Java.

As many as 90,000 users were affected each day by the attack.

The networking company, through its security wing Talos Group, patched the vulnerabilities being used by the exploit kit, cutting off affected machines from the command-and-control infrastructure.

“This is a significant blow to the emerging hacker economy where ransomware and the black market sale of stolen [intellectual property, credit card info and personally identifiable information are generating hundreds of millions of dollars annually,” said the researchers in a blog post.

The exploit kit helped to generate vast sums by gaining access to computers, and holding them hostage for a ransom price, which must be paid within a limited time frame to gain back access to their device.

US federal agents warned earlier this year that so-called ransomware, which encrypts files and documents without the owner’s permission, costs consumers $18 million a year.

 

via ZDNet Article