"A new Linux malware downloader created using SHC (Shell Script Compiler) has been spotted in the wild," reports the site Bleeping Computer, "infecting systems with Monero cryptocurrency miners and DDoS IRC bots...

"The analysts say the attacks likely rely on brute-forcing weak administrator account credentials over SSH on Linux servers.... " According to ASEC researchers, who discovered the attack, the SHC loader was uploaded to VirusTotal by Korean users, with attacks generally focused on Linux systems in the same country.... When the SHC malware downloader is executed, it will fetch multiple other malware payloads and install them on the device. One of the payloads is an XMRig miner that is downloaded as a TAR archive from a remote URL and extracted to "/usr/local/games/" and executed....

The second payload retrieved, dropped, and loaded by the SHC malware downloader is a Perl-based DDoS IRC bot. The malware connects to the designated IRC server using configuration data and goes through a username-based verification process. If successful, the malware awaits commands from the IRC server, including DDoS-related actions such as TCP Flood, UDP Flood, and HTTP Flood, port scanning, Nmap scanning, sendmail commands, process killing, log cleaning, and more.

ASEC warns that attacks like these are typically caused by using weak passwords on exposed Linux servers.

"We are seeing, across the gamut, products that impact our privacy, products that create cybersecurity risks, that have overarchingly long-term environmental impacts, disposable products, and flat-out just things that maybe should not exist."

That's the CEO of the how-to repair site iFixit, introducing their third annual "Worst in Show" ceremony for the products displayed at this year's CES. But the show's slogan promises it's also "calling out the most troubling trends in tech." For example, the EFF's executive director started with two warnings. First, "If it's communicating with your phone, it's generally communicating to the cloud too." But more importantly, if a product is gathering data about you and communicating with the cloud, "you have to ask yourself: is this company selling something to me, or are they selling me to other people? And this year, as in many past years at CES, it's almost impossible to tell from the products and the advertising copy around them! They're just not telling you what their actual business model is, and because of that — you don't know what's going on with your privacy."

After warning about the specific privacy implications of a urine-analyzing add-on for smart toilets, they noted there was a close runner-up for the worst privacy: the increasing number of scam products that "are basically based on the digital version of phrenology, like trying to predict your emotions based upon reading your face or other things like that. There's a whole other category of things that claim to do things that they cannot remotely do."

To judge the worst in show by environmental impact, Consumer Reports sent the Associate Director for their Product Sustainability, Research and Testing team, who chose the 55-inch portable "Displace TV" for being powered only by four lithium-ion batteries (rather than, say, a traditional power cord).

And the "worst in show" award for repairability went to the Ember Mug 2+ — a $200 travel mug "with electronics and a battery inside...designed to keep your coffee hot." Kyle Wiens, iFixit's CEO, first noted it was a product which "does not need to exist" in a world which already has equally effective double-insulated, vaccuum-insulated mugs and Thermoses. But even worse: it's battery powered, and (at least in earlier versions) that battery can't be easily removed! (If you email the company asking for support on replacing the battery, Wiens claims that "they will give you a coupon on a new, disposable coffee mug. So this is the kind of product that should not exist, doesn't need to exist, and is doing active harm to the world.

"The interesting thing is people care so much about their $200 coffee mug, the new feature is 'Find My iPhone' support. So not only is it harming the environment, it's also spying on where you're located!"

The founder of SecuRepairs.org first warned about "the vast ecosystem of smart, connected products that are running really low-quality, vulnerable software that make our persons and our homes and businesses easy targets for hackers." But for the worst in show for cybersecurity award, they then chose Roku's new Smart TV, partly because smart TVs in general "are a problematic category when it comes to cybersecurity, because they're basically surveillance devices, and they're not created with security in mind." And partly because to this day it's hard to tell if Roku has fixed or even acknowledged its past vulnerabilities — and hasn't implemented a prominent bug bounty program. "They're not alone in this. This is a problem that affects electronics makers of all different shapes and sizes at CES, and it's something that as a society, we just need to start paying a lot more attention to."

And US Pirg's "Right to Repair" campaign director gave the "Who Asked For This" award to Neutrogena's "SkinStacks" 3D printer for edible skin-nutrient gummies — which are personalized after phone-based face scans. ("Why just sell vitamins when you could also add in proprietary refills and biometic data harvesting.")

America's Federal Trade Commission "took an a bold move on Thursday aimed at shifting the balance of power from companies to workers," reports NPR: The agency proposed a new rule that would prohibit employers from imposing noncompete agreements on their workers, a practice it called exploitative and widespread, affecting some 30 million American workers. "The freedom to change jobs is core to economic liberty and to a competitive, thriving economy," said FTC Chair Lina M. Khan in a statement. "Noncompetes block workers from freely switching jobs, depriving them of higher wages and better working conditions, and depriving businesses of a talent pool that they need to build and expand."

Noncompete agreements restrict workers from quitting their jobs and taking new jobs at rival companies or starting up similar businesses of their own within a certain time period — typically between six months and two years. They're used across a broad array of industries, including in high-paying white-collar fields such as banking and tech, but also in many low-wage sectors as well, as President Biden has pointed out.

"These aren't just high-paid executives or scientists who hold secret formulas for Coca-Cola so Pepsi can't get their hands on it," Biden said in a speech about competition in 2021. "A recent study found one in five workers without a college education is subject to non-compete agreements...." The FTC estimates that a ban on noncompete agreements could increase wages by nearly $300 billion a year by allowing workers to pursue better opportunities.

The rule does not take effect immediately. The public has 60 days to offer comment on the proposed rule, after which a final rule could be published and then enforced some months after that.
Thanks to Slashdot reader couchslug for submitting the story.

Amazon Simple Storage Service (S3) will now automatically encrypt all new objects added on buckets on the server side, using AES-256 by default. BleepingComputer reports: While the server-side encryption system has been available on AWS for over a decade, the tech giant has enabled it by default to bolster security. Administrators will not have to take any actions for the new encryption system to affect their buckets, and Amazon promises it won't have any negative performance impact. Administrators may leave the system to encrypt at the default 256-bit AES or choose one of the alternative methods, namely SSE-C or SSE-KMS.

The first option (SSE-C) gives bucket owners control of the keys, while the second (SSE-KMS) lets Amazon do the key management. However, bucket owners can set different permissions for each KMS key to maintain more granular control over the asset access system. To confirm that the changes have been applied to your buckets, admins can configure CloudTrail to log data events at no extra cost. Then perform a test object upload, and look in the event logs for the "SSEApplied": "Default_SSE_S3." field in the log for the uploaded file. To retroactively encrypt objects already in S3 buckets, follow this official guide. "This change puts another security best practice into effect automatically -- with no impact on performance and no action required on your side," reads Amazon's announcement.

"S3 buckets that do not use default encryption will now automatically apply SSE-S3 as the default setting. Existing buckets currently using S3 default encryption will not change."

The Federal Communications Commission isn't done dragging data breach policy into the modern era. From a report: The agency has proposed rules that would improve reporting for breaches at carriers. Most notably, the move would scrap a mandatory wait of seven business days before a telecom can warn customers about a security incident. Hackers would have a shorter window of opportunity to abuse your data without your knowledge, to put it another way.

The proposal would also clarify that carriers must notify the FCC, FBI and Secret Service of any reportable data breaches. Providers would likewise have to alert customers to inadvertent breaches, such as leaving account info exposed. The Commission is simultaneously asking for public input on whether or not breach alerts should include specific information to help people take action. such as the nature of the compromised data.

The PS5 looks to have a design fault that can take months to appear and only seems to happen if you use the console while it's in a vertical orientation. From a report: As Wololo reports, hardware repair specialists working on PS5 consoles that fail to boot are finding the problem is caused by the liquid metal thermal interface Sony used on the custom AMD Zen 2 CPU. When the PS5 is oriented in a vertical position, over time the liquid metal is moving and spilling out on to the components surrounding the CPU. This also means the liquid metal is no longer evenly spread across the chip it's meant to help cool.

Cloud computing giant Rackspace has confirmed hackers accessed customer data during last month's ransomware attack. From a report: The attack, which Rackspace first confirmed on December 6, impacted the company's hosted Exchange email environment, forcing the web giant to shut down the hosted email service following the incident. At the time, Rackspace said it was unaware "what, if any, data was affected." In its latest incident response update published on Friday, Rackspace admitted that the hackers gained access to the personal data of 27 customers. Rackspace said the hackers accessed PST files, typically used to store backup and archived copies of emails, calendar events and contacts from Exchange accounts and email inboxes.

Rackspace said about 30,000 customers used its hosted Exchange service -- which it will now discontinue -- at the time of the ransomware attack. "We have already communicated our findings to these customers proactively, and importantly, according to Crowdstrike, there is no evidence that the threat actor actually viewed, obtained, misused, or disseminated any of the 27 Hosted Exchange customers' emails or data in the PSTs in any way," said Rackspace. The company added that customers that haven't been contacted directly can "be assured" that their data was not accessed by attackers.

An anonymous reader quotes a report from Bleeping Computer: Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at workplaces and digital communities around the world. BleepingComputer has come across a security incident notice issued by Slack on December 31st, 2022. The incident involves threat actors gaining access to Slack's externally hosted GitHub repositories via a "limited" number of Slack employee tokens that were stolen. While some of Slack's private code repositories were breached, Slack's primary codebase and customer data remain unaffected, according to the company.

The wording from the notice [1, 2] published on New Year's eve is as follows: "On December 29, 2022, we were notified of suspicious activity on our GitHub account. Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on December 27. No downloaded repositories contained customer data, means to access customer data, or Slack's primary codebase."

Slack has since invalidated the stolen tokens and says it is investigating "potential impact" to customers. At this time, there is no indication that sensitive areas of Slack's environment, including production, were accessed. Out of caution, however, the company has rotated the relevant secrets. "Based on currently available information, the unauthorized access did not result from a vulnerability inherent to Slack. We will continue to investigate and monitor for further exposure," states Slack's security team. The good news, with regards to the most recent security update is that no action needs to be taken by customers, for now.

CircleCI, a company whose development products are popular with software engineers, has urged users to rotate their secrets following a breach of the company's systems. From a report: The San Francisco-headquartered DevOps company said in an advisory published late Wednesday it is currently investigating the security incident -- its most recent in recent years. "We wanted to make you aware that we are currently investigating a security incident, and that our investigation is ongoing," CircleCI CTO Rob Zuber. "At this point, we are confident that there are no unauthorized actors active in our systems; however, out of an abundance of caution, we want to ensure that all customers take certain preventative measures to protect your data as well."

CircleCI, which claims its technology is used by more than a million software engineers, is advising users to rotate "any and all secrets" stored in CircleCI, including those stored in project environment variables or in contexts. Secrets are passwords or private keys that are used to connect and authenticate servers together. For projects using API tokens, CircleCI said it has invalidated these tokens and users will be required to replace them.

Computer security experts were struggling this week to assess a startling claim by Chinese researchers that they have found a way to break the most common form of online encryption [the link may be paywalled] using the current generation of quantum computers, years before the technology was expected to pose a threat. Financial Times: The method, outlined in a scientific paper [PDF] published in late December, could be used to break the RSA algorithm that underpins most online encryption using a quantum machine with only 372 qubits -- or quantum bits, a basic unit of quantum computing -- according to the claims from 24 researchers from a number of academic bodies and state laboratories. IBM has already said that its 433 qubit Osprey system, the most powerful quantum computer to have been publicly unveiled, will be made available to its customers early this year.

If correct, the research would mark a significant moment in the history of computer security, said Roger Grimes, a computer security expert and author. "It's a huge claim," he said. "It would mean that governments could crack other governments secrets. If it's true -- a big if -- it would be a secret like out of the movies, and one of the biggest things ever in computer science." Other experts said that while the theory outlined in the research paper appeared sound, trying to apply it in practice could well be beyond the reach of today's quantum technology. "As far as I can tell, the paper isn't wrong," said Peter Shor, the Massachusetts Institute of Technology scientist whose 1994 algorithm proving that a quantum machine could defeat online encryption helped to trigger a research boom in quantum computing. Shor's method requires machines with many hundreds of thousands, or even millions, of qubits, something that many experts believe is a decade or more away.

WhatsApp is launching proxy support for its users all over the world, the company announced on Thursday. The support will allow users to maintain access to WhatsApp if their connection is blocked or disrupted. From a report: Choosing a proxy enables users to connect to WhatsApp through servers set up by volunteers and organizations around the world dedicated to helping people communicate freely. WhatsApp says connecting via proxy maintains the same level of privacy and security the app provides, and that personal messages will still be protected by end-to-end encryption. The company says messages will not be visible to anyone in between, not the proxy servers, WhatsApp or Meta.

"Our wish for 2023 is that these internet shutdowns never occur," WhatsApp wrote in a blog post. "Disruptions like we've seen in Iran for months on end deny people's human rights and cut people off from receiving urgent help. Though in case these shutdowns continue, we hope this solution helps people wherever there is a need for secure and reliable communication."

Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup published last week. Ars Technica reports: The Linux-based malware installs a backdoor that causes infected sites to redirect visitors to malicious sites, researchers from security firm Dr.Web said. It's also able to disable event logging, go into standby mode, and shut itself down. It gets installed by exploiting already-patched vulnerabilities in plugins that website owners use to add functionality like live chat or metrics-reporting to the core WordPress content management system. "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Dr.Web researchers wrote. "As a result, when users click on any area of an attacked page, they are redirected to other sites."

Searches such as this one indicate that more than 1,300 sites contain the JavaScript that powers the backdoor. It's possible that some of those sites have removed the malicious code since the last scan. Still, it provides an indication of the reach of the malware. "If one or more vulnerabilities are successfully exploited, the targeted page is injected with a malicious JavaScript that is downloaded from a remote server," the Dr.Web writeup explained. "With that, the injection is done in such a way that when the infected page is loaded, this JavaScript will be initiated first -- regardless of the original contents of the page. At this point, whenever users click anywhere on the infected page, they will be transferred to the website the attackers need users to go to." The researchers found two versions of the backdoor: Linux.BackDoor.WordPressExploit.1 and Linux.BackDoor.WordPressExploit.2. They said the malware may have been in use for three years.

An anonymous reader shares a report: If you bought an Apple MacBook with an ill-fated butterfly keyboard and ended up having to replace either individual keycaps or the whole keyboard, you may be eligible to claim part of a $50 million settlement reached after a class-action lawsuit. The law firm handling the settlement has been emailing class members since mid-December but we wanted to highlight that the deadline for making a claim is fast approaching on March 6th, 2023. Claims can be submitted via the keyboardsettlement.com website, which says that the settlement class includes "all persons and entities in the United States" who purchased a butterfly-equipped MacBook, MacBook Air, or MacBook Pro between 2015 and 2019.

Computers using Windows 7 and Windows 8.1 will no longer get the latest version of Google Chrome, beginning with the latest version, Chrome 110, which will be launched on Feb. 7. From a report: The new version is designed to run on Windows 10 or later.ÂGoogle support announced the move in October 2022. As with most programs whose updates won't work on older operating systems, you can use the older version of Chrome, you just won't get the newer stuff Google is working on.

An anonymous reader shares a report: EA says that a temporary "data storage issue" led to the corruption of many Madden NFL 23 players' Connected Franchise Mode (CFM) save files last week. What's worse, the company now estimates it can recover fewer than half of those corrupted files from a backup. The issue started last Monday, December 26, when EA tweeted that it was "aware of players experiencing connection issues when trying to connect to CFM." That problem lasted until Wednesday, December 28, when EA announced that subsequent server maintenance meant that "users should now be able to play CFM without issue."

But users who attempted to log in to play online franchise games during a 22-hour period ranging from Wednesday afternoon to Thursday morning saw their franchise save data corrupted by the aforementioned "data storage issue," as EA confirmed over the weekend. And while EA says some of those corrupted save files can be recovered from a backup, it adds that the development team is "currently projecting around 40% of leagues to be recovered." Players that didn't log in during the outage period last week should be unaffected, EA says, adding that CFM is now "up and running" and is "safe to log in and play." But the company offered a similar message on Wednesday afternoon, just before the period that led players who logged in to lose their save files in the first place.

At least three major torrent sites are currently exposing intimate details of their operations to anyone with a web browser. TorrentFreak understands that the sites use a piece of software that grabs brand-new content from other sites before automatically uploading it to their own. A security researcher tried to raise the alarm but nobody will listen. From the report: To get their hands on the latest releases as quickly as possible, [private torrent sites, or private trackers as they're commonly known] often rely on outside sources that have access to so-called 0-Day content, i.e, content released today. The three affected sites seem to have little difficulty obtaining some of their content within minutes. At least in part, that's achieved via automation. When outside suppliers of content are other torrent sites, a piece of software called Torrent Auto Uploader steps in. It can automatically download torrents, descriptions, and associated NFO files from one site and upload them to another, complete with a new .torrent file containing the tracker's announce URL. The management page [here] has been heavily redacted because the content has the potential to identify at least one of the sites. It's a web interface, one that has no password protection and is readily accessible by anyone with a web browser. The same problem affects at least three different servers operated by the three sites in question.

Torrent Auto Uploader relies on torrent clients to transfer content. The three sites in question all use rTorrent clients with a ruTorrent Web UI. We know this because the researcher sent over a whole bunch of screenshots and supporting information which confirms access to the torrent clients as well as the Torrent Auto Uploader software. The image [here] shows redactions on the tracker tab for good reason. In a regular setup, torrent users can see the names of the trackers coordinating their downloads. This setup is no different except that these URLs reference three different trackers supplying the content to one of the three compromised sites.

Rather than publish a sequence of completely redacted screenshots, we'll try to explain what they contain. One begins with a GET request to another tracker, which responds with a torrent file. It's then uploaded to the requesting site which updates its SQL database accordingly. From there the script starts checking for any new entries on a specific RSS feed which is hidden away on another site that has nothing to do with torrents. The feed is protected with a passkey but that's only useful when nobody knows what it is. The same security hole also grants direct access to one of the sites tracker 'bots' through the panel that controls it. Then there's access to 'Staff Tools' on the same page which connect to other pages allowing username changes, uploader application reviews, and a list of misbehaving users that need to be monitored. That's on top of user profiles, the number of torrents they have active, and everything else one could imagine. Another screenshot featuring a torrent related to a 2022 movie reveals the URL of yet another third-party supplier tracker. Some basic queries on that URL lead to even more torrent sites. And from there, more, and more, and more -- revealing torrent passkeys for every single one on the way.

The Southwest Airlines meltdown that stranded thousands of passengers during one of the busiest travel weeks of the year exposed a major industry shortcoming: crew-scheduling technology that was largely built for a bygone era and is due for a major overhaul. From a report: Southwest relies on crew-assignment software called SkySolver, an off-the-shelf application that it has customized and updated, but is nearing the end of its life, according to the airline. The program was developed decades ago and is now owned by General Electric. During the winter storm, amid a huge volume of changes to crew schedules to work through, SkySolver couldn't handle the task of matching crew members and which flights they should work, executives of the Dallas-based carrier said.

Southwest's software wasn't designed to solve problems of that scale, Chief Operating Officer Andrew Watterson said Thursday, forcing the airline to revert to manual scheduling. Unlike some large rivals with hub-and-spoke networks, Southwest planes hopscotch from city to city, which may have been another complicating factor. Many carriers still rely on homegrown solutions, which largely were built on legacy mainframe computers, analysts say. Analysts and industry insiders say the airline industry is overdue for a massive technology overhaul that would take advantage of highly scalable cloud technologies and fully connect disparate sources of real-time data to better coordinate crews with aircraft. The airline sector has been among the slowest to adopt cloud-based and analytics technologies that could help solve complicated transportation network problems, those analysts say.

An anonymous reader writes: Recently, I had to set up a Windows 10 computer for one specific application in a semi-embedded use case. Anything else that Windows does or comes with is unnecessary for this. While there are plenty of internet scripts and apps for de-bloating Windows, I have found the easiest (and little known) way to debloat Windows without running any internet scripts is as follows:

1. Open Powershell.
2. Type Get-AppxPackage | Remove-AppxPackage.
3. Ignore any error messages about packages that can't be removed, it's fine.

Will this work for everyone? No, of course not, but it's a great one-line, easily memorable tool for cleaning up a PC quickly for an industrial use case without any security risks.

"Imagine starting your work day with a fresh coconut juice perched by your laptop as you gaze over the ocean or a tropical rainforest...." writes the Conversation.

"More than 40 nations or territories now offer "digital nomad" visas to attract those able to be employed in one country while living, and spending their income, in another." Fancy the beach? A bunch of exotic islands are on the list. Prefer tropical forests? Try Brazil or Costa Rica. Looking for history? There's Spain or Greece. Love Wim Hof-style ice-bathing? Iceland beckons.

Think of a "digital nomad" visa as a cross between a tourist and temporary migrant visa — a working-on-holiday visa. Instead of the visa giving you the right to work in the country, it's allowing you to stay so long as you're gainfully employed and bringing money into the local economy. How long you can stay varies, from 90 days in Aruba in the Caribbean to up to two years in the Cayman Islands. Most are for 12 months, with an option to renew. Some places, such as Latvia, restrict visas to employers registered in an OECD country. But generally the key requirement is that you can show you have no need to find local work and can meet minimum income requirements.

Generally, the visa conditions simplify taxation issues: you continue to pay your income tax in the country of your employer. But this varies. For example, in Greece (which offers a two-year renewable visa) you are exempt from paying local income tax only for the first six months.

A key driver of the digital nomad trend is the ability to maintain a career while ticking off other personal goals, particularly travel and the ability to experience a different way of life. Moving somewhere with a cheaper cost of living could be another motivation.
The article warns that "Living a long way away from family and friends and support networks is likely to be more challenging, no matter how idyllic your location.

"If you like predictable structure and routine, the uncertainty and inevitable inconveniences that arise may mean it isn't for you."

Computer programmer Zeynep Tufekci now writes about the impact of technology on society. In an opinion piece for the New York Times, Tufekci writes on "the shameful open secret" that earlier this week led Southwest airlines to suddenly cancel 5,400 flights in less than 48 hours. "The recent meltdown was avoidable, but it would have cost them."

Long-time Slashdot reader theodp writes that the piece "takes a crack at explaining 'technical debt' to the masses." Tufekci writes: Computers become increasingly capable and powerful by the year and new hardware is often the most visible cue for technological progress. However, even with the shiniest hardware, the software that plays a critical role inside many systems is too often antiquated, and in some cases decades old. This failing appears to be a key factor in why Southwest Airlines couldn't return to business as usual the way other airlines did after last week's major winter storm. More than 15,000 of its flights were canceled starting on Dec. 22, including more than 2,300 canceled this past Thursday — almost a week after the storm had passed.

It's been an open secret within Southwest for some time, and a shameful one, that the company desperately needed to modernize its scheduling systems. Software shortcomings had contributed to previous, smaller-scale meltdowns, and Southwest unions had repeatedly warned about it. Without more government regulation and oversight, and greater accountability, we may see more fiascos like this one, which most likely stranded hundreds of thousands of Southwest passengers — perhaps more than a million — over Christmas week.

And not just for a single company, as the problem is widespread across many industries.
"The reason we made it through Y2K intact is that we didn't ignore the problem," the piece argues. But in comparison, it points out, Southwest had already experienced another cancellation crisis in October of 2021 (while the president of the pilots' union "pointed out that the antiquated crew-scheduling technology was leading to cascading disruptions.") "In March, in its open letter to the company, the union even placed updating the creaking scheduling technology above its demands for increased pay."

Speaking about this week's outage, a Southwest spokesman concedes that "We had available crews and aircraft, but our technology struggled to align our resources due to the magnitude and scale of the disruptions."

But Tufekci concludes that "Ultimately, the problem is that we haven't built a regulatory environment where companies have incentives to address technical debt, rather than passing the burden on to customers, employees or the next management.... For airlines, it might mean holding them responsible for the problems their miserly approach causes to the flying public."