WannaCrypt Ransomware Forces Microsoft to Patch Old Systems

Emergency Fixes Issued for XP, 8, and Server 2003

Only one day after the WannaCrypt (also known as “WCry”) ransomware worm infected 75,000 machines in nearly 100 countries, Microsoft has issued a fix for officially “unsupported” operating systems. Windows XP and Server 2003 machines had their end of life back in 2014, while 8’s (8.1 is still supported) final patch was issued last year.

Microsoft has also created a virus definition for Windows Defender. The ransomware uses a recently leaked NSA tool to spread itself. In typical fashion, the malware encrypts the user’s files and demands a $300 bitcoin ransom to decrypt the files. If the payment is not sent within three days, the ransom will double. 

This has proven to be a formidable malware, as computer systems around the world were infected in only a few hours. Hospitals had to turn away patients, bank systems went down, and some companies had to shut down their computers for the weekend.

“Hospitals had to turn away patients, bank systems went down, and some companies had to shut down their computers for the weekend.”

The affected vulnerability (known as “EternalBlue”) was patched in Windows 7 back in March, along with other supported versions of Windows. Here is Microsoft’s official comment:

“Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download.

This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.”

Microsoft wrote in a blog post Friday night that they haven’t yet found the original entry point for the malware. They are considering the possibility of spam emails, but there could be more than one infection method. 

“Microsoft wrote in a blog post Friday night that they haven’t yet found the original entry point for the malware.” 

Researchers say the attack would have been much worse had the attackers not failed to register a specific Internet domain hardcoded in the ransomware. It seems the domain would have acted as a “kill switch” to shut down the worm, but a quick-acting researcher registered the domain, inadvertently stopping the worm.

Anyone running Windows can find the supported Windows patch here, and the unsupported Windows patch here. Despite Windows 10’s increasing market share, older versions of Windows remain active for budget, compatibility, and other reasons. Microsoft’s decision serves as a reminder that infected PCs are not just a danger to themselves, but to the world. Those interested can find Kaspersky lab’s analysis of the malware here.


Microsoft's Surface Laptop Doesn't Go Far Enough

Insufficient RAM and a proprietary charger cripple Redmond’s new ultrabook

The Redmond, Washington software giant started the month with a bang, holding its Microsoft EDU event on Wednesday, May 2. The special event held in New York City saw the unveiling of Office 365 for Education and Minecraft: Education Edition. More importantly, however, Microsoft announced Windows 10 S, a lean and secure operating system that lacks backwards compatibility with legacy applications.

By gunning for Chrome OS’s sizable share in the education market, Microsoft is positioning the new OS as a contender for the hearts and minds of tomorrow’s best and brightest. The software will debut on the Surface Laptop, also announced at the event.

"Microsoft is positioning the new OS as a contender for the hearts and minds of tomorrow’s best and brightest."

The machine starts at $999 and the base model comes with an Intel Core i5, 128GB of NVMe flash storage, and 4GB of RAM. Unlike any other Surface product, the processor is a seventh-generation Kaby Lake. The devil is in the details, though, and it can’t be glossed over that the default configuration has 4GB of memory. 

Flagship Android smartphones now come with that much RAM. Chromebooks a quarter the price have as much RAM. Apple’s trailblazing MacBook Air (updated in 2015) has 4GB of RAM. Computing is an arms race, but if Windows 10 S is as streamlined as Microsoft claims, then it should suffice for the types of basic productivity tasks that students (the focus of the EDU event) typically perform. 

"Computing is an arms race."

Heck, Windows 10 S can run the full version of Adobe Photoshop. The problem lies in the many users who will want to load Windows 10 Pro onto their Surface Laptop. Photoshop may run on 10 S, but Premiere currently doesn’t. The majority of the Adobe suite is missing from the Windows Store. Also, there are no BitTorrent clients. Some Computer Science majors, for instance, need to download and install Linux either on a separate partition or in a virtual machine. On that note, virtualization software is also absent in the Modern app environment.

Microsoft is waiving the $50 upgrade fee from Windows 10 S to Windows Pro for 2017, but that won’t affect the hardware. The base model is underpowered for its price. Other ultrabooks in the $1,000 segment including those from Dell, HP, and Lenovo come with the more conventional 8GB of memory. 

"The base model is underpowered for its price."

Configure the Surface Laptop with 8GB of RAM, and the price jumps to $1,299. That’s MacBook Pro territory. The same specifications as the $1,299 Surface will cost you $1,499 from Apple and that additional $200 gets you the P3, 10-bit, wide color gamut display. More importantly, the I/O on the MacBook Pro is far more future proof, with dual USB Type-C ports.

The closest laptop in terms of purpose, the 2015 Chromebook Pixel 2, even has 8GB of memory and USB Type-C. The Pixel 2 is the hero product for Chrome OS and is designed to showcase Google’s software. That’s largely what Microsoft aims to do with the Surface Laptop.

In focusing on their broad vision for Windows, Redmond has overlooked the narrower points of what makes a thin-and-light enticing. “Luxury handbag” ultrasuede and Mini DisplayPort aren’t the way to go on an entry-level machine. That connector came and went with the MacBook Air, the prior go-to for college computing. Like the MacBook Air, the Surface Laptop uses a proprietary charging cable. The Air was replaced with the twelve-inch MacBook, another machine that utilizes the reversible, high bandwidth, industry standard USB Type-C.

"USB Type-C and 8GB of RAM are glaring omissions."

If the Surface Laptop is Microsoft's answer to the MacBook Pro and the Chromebook Pixel, then USB Type-C and 8GB of RAM are glaring omissions. If this new laptop is supposed to lead the market forward and signal best practices to Redmond’s OEM partners, then USB Type-C and 8GB of RAM are glaring omissions. I can’t stress this enough: USB Type-C and 8GB of RAM are glaring omissions

Microsoft is walking the line between this being a premium device and Average Joe's Facebook machine. It's a move out of touch with the previously category-defining Surface line. Whether this latest product from Redmond is intended to be a thin client for lightweight web apps or a serious laptop for serious work, Microsoft's Surface Laptop doesn't go far enough.


Alternative Social Media Platforms

Don't put all your eggs in one basket

Questions have arisen over whether or not our content is being treated fairly and equally on mainstream social media platforms, so we at D&theJM have decided to hedge against Google, Facebook, and Twitter by creating accounts on Gab.ai and Minds.com. All future social media posts will be posted on Gab and Minds, in addition to Facebook, Twitter, and Google+.


Facebook to Hire 3000 Employees to Screen Violent Content

Will Hire Workers Over the Next Year

Facebook now has almost 2 billion users. With more users come more problems, as users have shared graphic videos across the site, especially after Facebook’s live feature released. The past months have seen live suicides, rapes and the confession of a man who posted himself gunning down a man in Cleveland.

Mark Zuckerberg said in a Facebook post Wednesday that Facebook is hiring 3,000 new workers to its community operations team. The team is responsible for fielding reports from users who flag inappropriate content on the social network. The new hires “will also help us get better at removing things we don't allow on Facebook like hate speech and child exploitation,” he said. 

“The team is responsible for fielding reports from users who flag inappropriate content.”

Facebook will continue working with community groups and law enforcement to help those seen in or posting the videos who may need help. Facebook is currently developing artificial intelligence tools to look for inappropriate videos, but Zuckerberg thinks the technology is years from maturity. 

Additionally, artificial intelligence can’t yet understand the context surrounding a video. A Facebook post from July explains: “For instance, if a person witnessed a shooting, and used Facebook Live to raise awareness or find the shooter, we would allow it. However, if someone shared the same video to mock the victim or celebrate the shooting, we would remove the video.” Throw in other complications like government censorship, and artificial intelligence has a lot of potential for error. 

Although this is good news, it won’t solve the problem. The issue of users posting inappropriate videos in the first place, as well as the requirement that users report the inappropriate content, will still exist. Automated systems like Youtube’s content ID or databases of graphic material can do little to stop new or altered material. Right now, Facebook can only shorten its response time.


¡Feliz Cinco de Mayo!

¡Feliz Cinco de Mayo y feliz cumpleaños a Davís!


Researchers Create Skeleton Keys for Fingerprint Sensors

Mobile Security Now Less Secure?

Researchers from New York University and Michigan State University published a research paper exposing a problem with using fingerprints to unlock cell phones. The researchers noticed that the sensors in cell phones don’t capture a full fingerprint, and have found a way to beat them. 

Some cell phones can capture fingerprints using a sensor, and if a scanned impression matches one on file, the phone unlocks. Phones can store more than one impression per fingerprint, or more than one finger, increasing the chance of a match. Even though a person’s complete fingerprint is unique, the researchers have identified enough common patterns to make a “Master print” that could unlock many phones.

“This research raises concerns, but fingerprints aren’t broken yet.”

The researchers made test prints from 8,200 partial fingerprints, which proved effective. Tests showed success rates up to 65 percent, and devices with more fingerprints stored unlocked more often. Phones will ask for a password after a few failures, so the researchers made five tries per fingerprint. This research raises concerns, but fingerprints aren’t broken yet. 

First, the research used a simulation, not an actual “key”. Such a key is at least a few years away, even with 3D printing. Second, each manufacturer’s fingerprint scanner is different. Right now, creating a true skeleton key would be almost impossible.

Users can protect themselves by taking fewer fingerprint impressions, using only one fingerprint, or by using a second factor like a password (but not a photo). Manufacturers can make improvements to the quality of their scanners, or by using a full fingerprint. For more details, read New York University’s press release here.


Nintendo Announces 2DS XL

New $149 2DS adds C-Stick, clamshell design

Credit: Nintendo

Nintendo has just announced yet another 3DS console, the 2DS XL. Many worry that the Switch’s portability will make the 3DS unnecessary, but Nintendo fully intends to support both consoles. At the very least, Nintendo America President Reggie Fils-Aime has stated that 3DS support will continue through 2018.

The new 2DS XL will feature extra large screens, a c-stick, and amiibo functionality. It will also carry the faster processing power of the newer 3DS units, and support for 3DS’ full library. It will be built in a clam-shell style, making the device more portable despite the increased screen size. As with the older 2DS, 3D functionality will not be present, contributing to the relatively low $149.99 price tag. 

“Many worry that the Switch’s portability will make the 3DS unnecessary, but Nintendo fully intends to support both consoles.”

There are still a few major 3DS titles set to release this year including Fire Emblem Echoes: Shadows of Valentia, Hey! Pikmin, and Monster Hunter Stories. Nintendo is also planning to announce new games for the system both during and after E3 this Summer.

The original $99 2DS sold fairly well, despite its rigid, less portable body and inability to play “New 3DS” titles. Nintendo seems to have fixed both complaints while making the 2DS XL. Nintendo’s new handheld is scheduled for a U.S release on July 28.