WCry is so mean Microsoft issues patch for 3 unsupported Windows versions | Ars Technica

Microsoft patching systems as far back as XP? WannaCry is BIG, and the problem is…. there’s going to be systems out there still not patched due to laziness or no internet connection and are vulnerable.

Seen a couple of XP boxes around — some self-service tills, ATMs, and payphones all use XP…

Decommissioned for years, Windows XP, 8, and Server 2003 get emergency update.

Source: WCry is so mean Microsoft issues patch for 3 unsupported Windows versions | Ars Technica

Do you want to play a game? Ransomware asks for high score instead of money | Ars Technica

A new randomware was doing the rounds, but rather than paying to unlock, it’s asking for a high score in a bullet-hell (think Touhou Project) game. The game is fun anyway, but would you be willing to play it to get your files? High stakes 🙂

 

Creator apologizes for a “joke” that really requires expert play to unlock files.

Source: Do you want to play a game? Ransomware asks for high score instead of money | Ars Technica

The Meitu selfie app unlocks your anime beauty and personal data

Meitu has been taking off — everywhere I look on my Facebook, Twitter, I see pictures run through the app.

But do you actually check to see what permissions it asks for? A crazy amount it seems. I just checked on Google Play (https://play.google.com/store/apps/details?id=com.mt.mtxx.mtxx) and these are the current permissions

Version 6.1.0.2 can access:
Device & app history
  • retrieve running apps
Location
  • approximate location (network-based)
Phone
  • read phone status and identity
Photos / Media / Files
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
Storage
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
Camera
  • take pictures and videos
Wi-Fi connection information
  • view Wi-Fi connections
Device ID & call information
  • read phone status and identity
Other
  • receive data from Internet
  • view network connections
  • change system display settings
  • full network access
  • change your audio settings
  • run at startup
  • reorder running apps
  • control vibration
  • prevent device from sleeping
  • Google Play licence check

For the most part, these aren’t too much of a concern but these two might be:

Phone
  • read phone status and identity
 Device ID & call information
  • read phone status and identity

These relate to reading the device information such as the IMEI and call information. I’m not too concerned about the call side — you can block this with later version of Android’s permission manager (and I use that a lot with different apps), but I’m not sure if I can block attempts to read phone status.

Their justification of this to track usage in China because it is blocked, I guess does make sense, but am I the only one who thinks doing it this way leaves it way too open for abuse and misuse?

Source: The Meitu selfie app unlocks your anime beauty and personal data

OpenSSL after Heartbleed | Linux.com | The source for Linux information

Despite being a library that most people outside of the technology industry have never heard of, the Heartbleed bug in OpenSSL caught the attention of the mainstream press when it was uncovered in April 2014 because so many websites were vulnerable to theft of sensitive server and user data. At LinuxCon Europe, Rich Salz and Tim Hudson from the OpenSSL team did a deep dive into what happened with Heartbleed and the steps the OpenSSL team are taking to improve the project.

Source: OpenSSL after Heartbleed | Linux.com | The source for Linux information

Time is running out for NTP | InfoWorld

A lot of projects are corporate, but some, like NTP are small, or even solo projects. When these small projects become really important and still not have enough resource to maintain, the security issues can’t be patches as fast as, say Oracle, Microsoft or Google.

Everyone benefits from Network Time Protocol, but the project struggles to pay its sole maintainer or fund its various initiatives

Source: Time is running out for NTP | InfoWorld