Ransomware makes companies cry, a new web browser, and more news

A tiny-phone teardown rounds out the news. Read on...

Share this using the hashtag #SWE.

You’ll #WannaCry after being hit by this ransomware. OK, no more puns. If you already know about the attack, just watch my video for details on why it matters and why the attackers aren't really the biggest concern:

If you're still here, the “WannaCry” ransomware appeared out of nowhere on Friday and violently spread through many companies around the world. In news that should surprise absolutely nobody, the malware spread through SMB vulnerabilities – at least until the first variant of it was killed by someone registering a domain. There are, of course, variants in the wild now that may not be killed that easily, so, as we’re always saying, be alert and install patches. Microsoft released patches to stop the spread of the software, even for unsupported operating systems going back to Windows XP. They also updated Windows Defender to detect and stop the malware, so if you didn’t update it when we learned about the huge bug in it last week… well, now is the time.

Analysis of the ransomware suggests it spread through exploits discovered by the NSA and leaked by the Shadow Brokers group called ETERNALBLUE and DOUBLEPULSAR. Microsoft made sure to announce that they are unhappy about the government hoarding exploits rather than disclosing them, so I guess the question is whether or not this widespread attack will change anything. I wouldn’t count on it.

On the lighter side, even people running Linux are vulnerable to the malware. (If you’ve installed WINE, that is.) Mac users, don’t be too smug – your platform has its own new malware that was distributed in a popular video encoding application.

Rooted phones not welcome. Netflix has decided to block the latest version of their app from appearing in the Google Play store for rooted devices. The reasoning is, of course – say it with me – DRM.

A new browser from a familiar name. “Opera Reborn” is another Chromium frontend with a few new features. I don’t think it’s going to bring back the Opera magic, but I know there are Opera diehards out there. What do you all think about their latest attempt to win you back?

Tearing apart the BOSS phone. The BOSS phone is a tiny tiny tiny phone that is made to be placed… well… somewhere unpleasant, so that it can be smuggled into places where cell phones are not allowed. Check out this teardown from Hackaday that shows how it manages to get to such a tiny size.

Tesla nerfs your car if you charge it too fast. Silicon Valley darling Tesla continues to deflect controversy, this time by acknowledging that they limit charging performance for vehicles that have used DC fast charging “too much.” The ostensible rationale for this is to prevent battery damage, but I’m not buying it – especially because Tesla indicates the limitation will only add “5 minutes” to charge times, but reports are that it adds much more time.

Don’t use NodeJS. Fighting words, perhaps, but here’s a few good arguments for not using Nodejs – ever.

In the security corner this week: the DOD wants you, Android apps want to spy on you with unhearable sound, and some HP laptops ship with a convenient keylogger.

• In news I’m certain surprised absolutely nobody, it turns out that computer nerds aren’t typically the type that would enjoy boot camp. The Department of Defense testified to the Senate that they desperately need people to join USCYBERCOM (the Cyber Command,) and are trying to think of ways to incentivize people to join. One approach under consideration: ‘lateral entry’ – letting people enter the military at a rank tied to their skills rather than to their military seniority, and without undergoing basic entry training.
• Android apps continue to find new ways to spy on us, with recent research showing that over 200 apps in the Play Store listen for ultrasonic noise to track their users. As always, don’t give access to your mic to apps that don’t have a reason to listen to your voice.
• Some HP laptops ship with audio drivers that are also keyloggers. Oops. A fix is available for the ‘bug’. The bug is such a staggering case of incompetence it almost pains me to write about it. Check out the technical detail for more info, too.

Thanks for reading – as always, if you have feedback, or think there’s something I should cover next time, leave a comment!

Cover photo: A screenshot of the console of the WannaCry devs? ("Mess with the best, die like the rest") Maybe, until they realized how easy it would be to trip the kill switch? Image from the best movie of all time: Hackers, ? United Artists Corporation