DARPA Goes Robtic
The U.S. military is funding research for a mind-controlled prosthetic arm that is surgically implanted into the user’s body.
“This is the most advanced arm in the world,” Johnny Matheny, who lost his left arm to cancer in 2008 and demonstrated the robotic arm for DARPA, said in a statement. “This one can do anything your natural arm can do, with the exception of the Vulcan V. But unless I meet a Vulcan, I won’t need it.”
Matheny showed the arm during Demo Day for the Defense Advanced Research Projects Agency, the military’s research unit, which was held Wednesday at the Pentagon. The device was developed at the Research and Exploratory Development Department at Johns Hopkins Applied Physics Laboratory.
The robotic arm is attached to a piece of metal that is surgically implanted into the bone of the user’s arm in technique called osseointegration. Matheny is the first person in the U.S. to have undergone the procedure, according to the U.S. Army.
The Army called the system a “true man/machine interface.”
The mind-controlled aspect of the arm comes into play via the nerves and muscles in what remains of the user’s arm. Those tissues send signals to the robotic arm, which responds to them as a real arm would.
“This is part of the Revolutionizing Prosthetics Program, where we set out to restore near-natural upper extremity control to our military service members who have lost limbs in service of our country,” said Dr. Justin C. Sanchez, director of the Biological Technologies Office at DARPA, in a statement. “The goal is to control the arm as naturally as possible.”
The robotic arm, according to Sanchez, has the same size, weight, shape and grip strength as an adult biological arm.
Source-http://www.thegurureview.net/aroundnet-category/darpa-shows-off-mind-controlled-robotic-arm.html
Google And Yahoo Get Blocked
May 24, 2016 by admin
Filed under Around The Net
Comments Off on Google And Yahoo Get Blocked
The IT department of the U.S. House of Representatives is prohibiting access to Yahoo Mail and the Google App Engine platform due to malware threats.
On April 30, the House’s Technology Service Desk informed users about an increase in ransomware-related emails on third-party email services like Yahoo Mail and Gmail.
“The House Information Security Office is taking a number of steps to address this specific attack,” the Technology Service Desk said in an email obtained and published by Gizmodo. “As part of that effort, we will be blocking access to Yahoo Mail on the House Network until further notice.”
The ban on Yahoo Mail access suggests that some House of Representatives workers accessed Yahoo mailboxes from their work computers. This raises questions: Are House workers using Yahoo Mail for official business, and, if they’re not, are they allowed to check their private email accounts on work devices?
If they use the same devices for both personal and work activities, one would hope that there are access controls in place to separate the work and personal data. Otherwise, if they are allowed to take those devices outside of the House’s network, they could just as easily become infected there, where the ban is not in effect.
“The recent attacks have focused on using .js files attached as ZIP files to e-mail that appear to come from known senders,” the House’s Technology Service Desk said. “The primary focus appears to be through Yahoo Mail at this time.”
The increase in ZIP and RAR attachments that contain malicious JavaScript (JS) files has been observed by multiple security companies in recent months. Microsoft offers several recommendations, like using the Windows AppLocker group policy to restrict the execution of .JS files.
The House Information Security Office also banned access to appspot.com, the domain name used by applications hosted on the Google App Engine platform, Reuters reported.
Source- http://www.thegurureview.net/aroundnet-category/u-s-house-of-representatives-block-yahoo-and-google-apps.html
Stagefright 2.0 Exploits Android Vulnerabilities
Comments Off on Stagefright 2.0 Exploits Android Vulnerabilities
Newly found vulnerabilities in the way Android handles media files can allow attackers to compromise devices by tricking users into visiting maliciously crafted Web pages.
The vulnerabilities can lead to remote code execution on almost all devices that run Android, starting with version 1.0 of the OS released in 2008 to the latest 5.1.1, researchers from mobile security firm Zimperium said in a report published Thursday.
The flaws are in the way Android processes the metadata of MP3 audio files and MP4 video files, and they can be exploited when the Android system or another app that relies on Android’s media libraries previews such files.
The Zimperium researchers found similar multimedia processing flaws earlier this year in an Android library called Stagefright that could have been exploited by simply sending Android devices a maliciously crafted MMS message.
Those flaws triggered a coordinated patching effort from device manufacturers that Android’s lead security engineer, Adrian Ludwig, called the “single largest unified software update in the world.” It also contributed to Google, Samsung and LG committing to monthly security updates going forward.
One of the flaws newly discovered by Zimperium is located in a core Android library called libutils and affects almost all devices running Android versions older than 5.0 (Lollipop). The vulnerability can also be exploited in Android Lollipop (5.0 – 5.1.1) by combining it with another bug found in the Stagefright library.
The Zimperium researchers refer to the new attack as Stagefright 2.0 and believe that it affects more than 1 billion devices.
Since the previous attack vector of MMS was closed in newer versions of Google Hangouts and other messaging apps after the previous Stagefright flaws were found, the most straight-forward exploitation method for the latest vulnerabilities is through Web browsers, the Zimperium researchers said.
Zimperium reported the flaws to Google on Aug. 15 and plans to release proof-of-concept exploit code once a fix is released.
That fix will come on Oct. 5 as part of the new scheduled monthly Android security update, a Google representative said.
Source-http://www.thegurureview.net/mobile-category/stagefright-2-0-exploits-android-vulnerabilities.html
Google Expands Malware Blocker
Google has expanded malware blocking in an early development build of Chrome to sniff out a wider range of threats than the browser already recognizes.
Chrome’s current “Canary” build — the label for very-early versions of the browser, earlier than even Chrome’s Dev channel — will post a warning at the bottom of the window when it detects an attempted download of malicious code.
Features added to the Canary build usually, although not always, eventually make it into the Dev channel — the roughest-edged of the three distributed to users — and from there into the Beta and Stable channels. Google did not spell out a timetable for the expanded malware blocking.
Chrome has included malware blocking for more than two years, since version 12 launched in June 2011, and the functionality was extended in February 2012with Chrome 17.
Chrome is now at version 30.
Canary’s blocking, however, is more aggressive on two fronts: It is more assertive in its alerts and detects more malware forms, including threats that pose as legitimate software and monkey with the browser’s settings.
“Content.exe is malicious, and Chrome has blocked it,” the message in Canary reads. The sole visible option is to click the “Dismiss” button, which makes the warning vanish. The only additional option, and that only after another click, is to “Learn more,” which leads to yet another warning.
In Canary, there is no way for the user to contradict the malware blocking.
That’s different than in the current Stable build of Chrome, which relies on a message that says, “This file is malicious. Are you sure you want to continue?” and gives the user a choice between tossing the downloaded file or saving it anyway.
As it has for some time, Chrome will show such warnings on select file extensions, primarily “.exe,” which in Windows denotes an executable file, and “.msi,” an installation package for Windows applications. Canary’s expansion, said Google, also warns when the user tries to download some less obvious threats, including payloads masquerading as legitimate software — it cited screen savers and video plug-ins in a blog posting — that hijack browser settings to silently change the home page or insert ads into websites to monetize the malware.
Google’s malware blocking is part of its Safe Browsing API (application programming interface) and service, which Chrome, Apple’s Safari and Mozilla’s Firefox all access to warn customers of potentially dangerous websites before they reach them.
In Chrome’s case, the malware warning stems not only from the Safe Browsing “blacklist” of dodgy websites, but according to NSS Labs, a security software testing company, also from the Content Agnostic Malware Protection (CAMP) technology that Google has baked into its implementation of Safe Browsing.
Get Ready For Email-Malware Spree
A sizeable uptick in malicious email attachments is just subsiding, but if history is any indicator,several smaller spikes are about to follow that use even more deceptive tactics than their predecessors.
The recent surge, fueled in large part by a flood of fake messages from UPS, is similar to one observed at the end of March in that the messages urge recipients to open an attachment that releases the malware on victims’ machines, according to Internet security firm Commtouch.
The earlier wave used a wide range of package-delivery services as senders, including FedEx and DHL, but the latest outbreak employs a wider variety of messages such as, “Dear client, recipient’s address is wrong”, “Dear User, Delivery Confirmation: FAILED”, and “Dear Client, We are not able to delivery [sic] the postal package”, according to the Commtouch blog.
All the messages then instruct the recipient to open the attachment that contains the malware, claiming it is an invoice or a form that needs to be filled out. “This time we see differences in the style of the emails – there is far more variation in the automatically-generated subjects, body and attachment names. Last time all the attachments were “UPS.exe” – this time there are many variations,” says Avi Turiel, director of product marketing at Commtouch in an email.
The attackers will evaluate the success of the attack by finding out how many recipients activated the malware, “Based on the infections vs. malware sent out they will probably try and figure out what they could improve in the next attack,” he says.