Millions of Windows PCs Vulnerable to 20-Year-Old Bug

A 20-year-old vulnerability that exists in the Windows Print Spooler process can potentially affect millions of Windows PCs, all the way back to Windows 95. While Microsoft has issued a patch for Windows Vista and later operating systems, earlier versions are still vulnerable.

Millions of Windows PCs Vulnerable to 20-Year-Old Bug

The critical vulnerability is based on the way Windows machines interact with network printers, and could allow an attacker to gain elevated privileges to execute malicious code at the system level over either a local network or even the Internet.

The Windows Print Spooler manages the process of connecting the laptop/ PC to available network-hosted printers. It automatically downloads necessary drivers immediately, to avoid manual hassle, and this failure to authenticate made it possible for attackers to trickle malicious drivers into the mix.

Researchers from Vectra Networks discovered the critical vulnerability (CVE-2016-3238 and CVE-2016-3239), and claims that this failure to authenticate installation of drivers can allow illegitimate and malicious drivers to be downloaded. Once this happens, the entire network could be compromised. “Not only will that unit be able to infect multiple machines in your network, but it would also be able to re-infect [them] over and over. Finding the root cause might be harder since the printer itself might not be your usual suspect. This situation comes to life because we end up delegating the responsibility of holding the driver safely to the printer, and those devices might not be as secure or impregnable as one would hope,” Vectra researcher Nick Beauchesne wrote in a blog post.

Equipped with system-level controls, the malware can spread laterally from one machine across an entire network as well. Vectra added that printers, printer servers, or any network-connected printer into an “internal drive-by exploit kit.” Apart from watering hole attacks, the team detailed privilege escalation exploits, a man-in-the-middle attack, and even the ability to infect other devices over the Internet.

Vectra claims that this vulnerability dates back to as far as Windows 95, and Microsoft’s new patch, detailed in its Security Bulletin MS16-087, rated the vulnerability as critical for all supported Windows versions, and issued a Security Update for Windows Print Spooler Components for Windows Vista and later versions. If you don’t have Windows Update turned on, now is a good time to do so.

Notably, security expert HD Moore informed Ars Technica that the Microsoft security update in fact ‘”doesn’t really close the code-execution hole, but rather it merely adds a warning as part of the update.”

The update doesn’t work for PCs running on Windows XP and earlier, as Microsoft ended support for these versions years ago. This means that millions of PCs are still vulnerable. As such, the malware threat is more susceptible to public printers, or loosely-protected office networks.

Moore adds, “This is mostly a risk for BYOD laptops within a company, folks using personal laptops on public networks, and corporate networks where the group policy explicitly enables this feature. Convincing someone to add a printer might be tricky, but there may be other ways to drive that behaviour through other network attacks, such as by hijacking HTTP requests and telling the user to do so.”

How a Computer Helped a Paralysed Chimp Walk Again

In a first, Japanese researchers have rehabilitated a paralysed chimpanzee through interaction with computers and touch screens.

The case of Reo, a male chimpanzee that learned to walk again after being paralysed due to illness, shows how much can be done to rehabilitate animals injured in captivity, said lead author Yoko Sakuraba of Kyoto University.

How a Computer Helped a Paralysed Chimp Walk Again

Reo’s example suggests that euthanasia does not have to be the only option for injured animals

The case was described in an article in Primates, the official journal of the Japan Monkey Centre published by Springer.

In their normal work, researchers of the Primate Research Institute at Kyoto University use chimpanzees’ interaction with computers and touch screens to study the cognition and perception of these primates.

When Reo was paralysed from the neck down, dedicated staff put this technology to further use by encouraging the animal to walk again.

When Reo was 24 years old in 2006, he suddenly became paralysed when a portion of his spinal cord became inflamed.

For the first ten months thereafter, the chimpanzee was severely disabled, lying on his back. He gradually recovered enough to sit up, and could later pull himself upright by using suspended ropes.

Intensive physiotherapy over a period of 41 months followed, after which he was able to climb about again using only his arms.

To aid Reo’s ultimate integration back among the other twelve animals held at the institute, his carers decided to try to get him walking again.

They incorporated a computerised task in this process. This was considered an option because in his youth Reo had learnt how to perform cognitive tasks on a touch panel, and in so doing had become used to receiving food rewards whenever he succeeded at tasks presented to him.

A computer-controlled monitor was, therefore, placed on one wall, and cognitive tasks were again put to him.

The rehabilitation sessions encouraged him to increase his movements considerably, and he started walking up to five hundred metres in a two-hour session.

“Cognitive tasks may be a useful way to rehabilitate physically disabled chimpanzees, and thus improve their welfare in captivity,” Sakuraba said.

NBC Universal Patents a Way to Detect BitTorrent Pirates in Real-Time

NBC Universal, an American media conglomerate, has been granted a new patent that can help track files being shared by groups via peer-to-peer networks in real-time. The patent titled “Early detection of high volume peer-to-peer swarms”, seems to be way forward for NBC Universal in its ongoing attempts to restrict piracy of its copyrighted content.

NBC Universal Patents a Way to Detect BitTorrent Pirates in Real-Time

The new patent will essentially help the company identify the swarm’s popularity and take anti-piracy measures before is “too late to do much good.”

“Early detection of high volume swarms in a peer-to-peer network, including a data feed of peer-to-peer swarm activity, and an analytics engine processing the data feed and identifying the high volume swarms that have parameters that exceed a threshold. The system can include a pre-processing section for conditioning the swarm data for the analytics section. There can also be a verification section that confirms that the peer download file matches the target file,” notes the patent documentissued by USPTO (United States Patent and Trademark Office).

“The early detection provides for enhanced anti-piracy efforts, improved allocation of network resources, and better business decision-making,” it adds. NBC Universal says that the “P2P infrastructure has many advantages” but it also has led to abuses.

Of course, piracy of digital assets on peer-to-peer networks is considered to be one of the biggest losses incurred by content owners, estimated to be in billions of dollars annually.

“These costs are typically passed along to the consuming public in terms of increased costs for legitimate purchased works and higher charges for increased deterrents to the piracy,” NBC Universal added.

Torrentfreak points out that Comcast, the parent company of NBC Universal, back in 2007 received criticism when it wanted to “actively throttle BitTorrent traffic.” It is not clear when the company intends to implement the new patent to restrict content piracy of copyrighted content. Notably, the patent was applied for back in 2009 but only granted last week. The methods needed to detect and target particular torrent files presumably need to be updated.

Samsung Galaxy On5 Pro, Galaxy On7 Pro Launched in India

Samsung on Tuesday launched its new Galaxy On5 Pro and Galaxy On7 Pro smartphones in India. Both smartphones are successors to the last year’s Samsung Galaxy On5 and Galaxy On7.

The Samsung Galaxy On5 Pro has been priced at Rs. 9,190, and the Galaxy On7 Pro has been priced at Rs. 11,190. Both the new Galaxy On series smartphones are exclusiveto Amazon India.

Samsung Galaxy On5 Pro, Galaxy On7 Pro Launched in India

The online marketplace has some launch offers on both the smartphones including a Holiday offer from Thomas Cook worth Rs. 6,000 for bookings done before August 31 and an Idea exclusive offer where consumers will get 2GB of data (2G/3G/4G), 200 Mins, 200 SMS at Rs. 343 per month.

There are few similarities between the Galaxy On5 Pro and Galaxy On7 Pro smartphones – both sport 5-megapixel front cameras and support dual 4G SIMs. Both handsets also come with 2GB of RAM and pack 16GB of built-in storage while supporting expandable storage via microSD card (up to 128GB). Apart from specifications, the Android 6.0 Marshmallow-based Galaxy On5 Pro and Galaxy On7 Pro smartphones feature faux leather back panels and come preloaded with Ultra Data Saving mode. Samsung has also confirmed that both the smartphone will pack the S bike mode feature, which was first seen in the Galaxy J-series. In the camera department, both Galaxy On5 Pro and Galaxy On7 Pro smartphones feature palm gesture selfie mode, and 120 degree selfie mode.

The Samsung Galaxy On5 Pro features a 5-inch (720×1280 pixels) HD TFT display and is powered by a 1.3GHz quad-core Exynos processor. It sports an 8-megapixel rear camera with LED flash and packs a 2600mAh battery. It measures 142.3×72.1×8.5mm and weighs 149 grams.

The Samsung Galaxy On7 Pro, on the other hand, features a 5.5-inch (720×1280 pixels) HD TFT display and is powered by a 1.2GHz quad-core Qualcomm Snapdragon processor. It sports a 13-megapixel rear camera with LED flash and packs a 3000mAh battery. The smartphone measures 151.8×77.5×8.2mm and weighs 172 grams.

Xiaomi Mi Max Launched in India

Xiaomi on Thursday launched the Mi Max in India, its “largest smartphone yet”, priced at Rs. 14,999. It will be available from Mi.com in its first flash sale on July 6, with registrations opening on Thursday. The company at the event also unveiled the global ROM of MIUI 8. Open sale on all partner platforms will begin on July 13.

To recall, the Xiaomi Mi Max had been launched first in China in May. The all-metal body smartphone is available in Dark Grey, Gold, and Silver colours. It sports a fingerprint scanner on the rear panel. While the company had unveiled three variants in China, only one variant has arrived in India – 3GB RAM/ 32GB inbuilt storage/ Snapdragon 650 SoC.

The Chinese conglomerate added that the Snapdragon 652 variant 4GB of RAM and 128GB of inbuilt storage will also be available soon in India – Xiaomi says it will be priced at Rs. 19,999. All variants of the smartphone come with a hybrid dual SIM configuration, allowing users to place up to a 128GB microSD card in the secondary SIM card slot.

Xiaomi also announced 3 months of free movies and 1 year of unlimited music on Hungama Play for the first 1 million Mi Max, Mi 5, and Redmi Note 3 users. Free Batman vs. Superman movie streaming for first 10,000 Mi Max users.

The Xiaomi Mi Max sports a 6.44-inch full-HD (1080×1920) 342ppi display. It bears a  16-megapixel rear camera that offers phase detection autofocus (PDAF) and LED flash. The phablet also bears a 5-megapixel front camera also on board with 85-degree wide-angle view. Both cameras have an f/2.0 aperture.

The dual-SIM handset supports 4G LTE with VoLTE, Bluetooth 4.1, GPS/ A-GPS with Glonass, and Wi-Fi 802.11ac with Mimo. There’s no NFC on board. It is backed by a massive 4850mAh battery, measures 173.1×88.3×7.5mm, and weighs in at 203 grams.

The Mi Max sports an infrared emitter to act as a universal remote control, apart from an ambient light sensor, gyroscope, accelerometer, and proximity sensor.

As for MIUI 8, the company said the public beta will be available in the form of an OTA update starting July 11, and users can get instructions on how to download and install the update via the new Mi Community in India, and the MIUI Forum. The stable version of the Global MIUI 8 ROM will begin rolling out on August 16.

Wi-Fi Specification Update Promises Improved Wireless Performance

Wi-Fi Alliance, an association that approves Wi-Fi products and maintains industry standards, on Wednesday announced new features of the ‘Wi-Fi Certified ac’ programme with an aim to improve the performance of the mobility experience.

Wi-Fi Specification Update Promises Improved Wireless Performance

The body has announced the new “802.11ac wave 2” standard, claimed to enable Wi-Fi to “more efficiently handle high-bandwidth applications” from an increasing number of smartphones, tablets, TVs, and other products simultaneously connected to Wi-Fi networks. The doubling of bandwidth per channel should in ideal conditions should double performance, including speed.

Another new feature added in the new 802.11ac wave 2 standard is Multi-user Multiple Input Multiple Output or MU-MIMO which is touted as one of the most anticipated new features. It allows more devices to operate simultaneously on the same network without “sacrificing speed or performance.”

“Networks with MU-MIMO are capable of multitasking by sending data to multiple devices at once rather than one-at-a-time, improving overall network efficiency and throughput,” points out Wi-Fi Alliance.

With the new spec update, Wi-Fi Certified ac increases the maximum channel bandwidth from 80MHz channels to 160MHz channels and also extends 5GHz channel support. The organisation expects that 96 percent of devices will offer dual-band connectivity by 2020, says the access points supporting new features will dominate the market within the next five years.

Some of the Wi-Fi Certified ac products to support the new features include Broadcom BCM94709R4366AC, Marvell Avastar 88W8964, MediaTek MT7615 AP (Reference Design), and MT6632 STA (Reference Design), Qualcomm IPQ8065 802.11ac (4-stream Dual-band, Dual-concurrent Router), and Quantenna QSR1000 (4×4 802.11ac Wave 2 Chipset Family).

Announcing the new standard, Edgar Figueroa, President and CEO of Wi-Fi Alliance said, “In today’s world, people have more Wi-Fi devices per person and per household, and those devices require significantly more bandwidth. Wi-Fi Alliance updated the Wi-Fi Certified ac program to meet increasing user demands and to stay ahead of emerging applications, while preserving interoperability.”