Category: Ministry of Innovation

May 19 2017 disables articles when your browser’s in private mode has a new message for visitors using private mode.

The Boston Globe website is closing off a hole in its paywall by preventing visitors who aren't logged in from reading articles in a browser's private mode.

"You're using a browser set to private or incognito mode" is the message given to visitors who click on articles in private mode. "To continue reading articles in this mode, please log in to your Globe account." People who aren't already Globe subscribers are urged to subscribe.

Like other news sites, the Globe limits the number of articles people can read without a subscription. Until the recent change, Globe website visitors could read more articles for free by switching to private or incognito mode. (You can still get a new supply of free articles by clearing the Globe's cookies from your browser.)

Read 9 remaining paragraphs | Comments

May 12 2017

Massive ransomware attack hits UK hospitals, Spanish banks

Enlarge (credit: Health Service Journal)

A large number of hospitals, GPs, and walk-in clinics across England have been locked down by a ransomware attack, reports suggest. There are also some reports of a ransomware attack hitting institutions in Portugal and Spain, though it isn't known if the incidents are connected.

NHS England says it is aware of the issue, but hasn't yet issued an official statement. At this point it isn't clear whether a central NHS network has been knocked offline by the ransomware, or whether individual computers connected to the network are being locked out. In any case, some hospitals and clinics are reporting that their computer systems are inaccessible and some telephone services are down too.

Read 7 remaining paragraphs | Comments

May 09 2017

Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable

Enlarge (credit: Timothy A. Clary/AFP/Getty Image)

A massive and rather embarrassing remote code execution vulnerability has been discovered in Microsoft's MsMpEng, the malware protection engine used by Windows Defender, Microsoft Security Essentials, Microsoft Forefront, and Microsoft Endpoint in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016). Notably, Windows Defender is installed by default on all consumer-oriented Windows PCs.

The exploit (officially dubbed CVE-2017-0290) allows for a remote attacker to take over a system without any interaction from the system owner: it's simply enough for the attacker to send an e-mail or instant message that is scanned by Windows Defender. Likewise, anything else that is automatically scanned by Microsoft's malware protection engine—websites, file shares—could be used as an attack vector.

Because MsMpEng runs at the highest privilege level and is so ubiquitous across Windows PCs, this vulnerability is about as bad as it gets. Fortunately, the security researchers who discovered it—Natalie Silvanovich and Tavis Ormandy of Google Project Zero—reported it responsibly, and last night Microsoft released a patch. MsMpEng automatically updates every 48 hours, so disaster has probably been averted. The security bulletin notes that Microsoft hadn't seen any public exploitation of the vulnerability.

Read 8 remaining paragraphs | Comments

Nov 25 2016

Cyber college for wannabe codebreakers planned at UK’s iconic Bletchley Park

Enlarge / Block G is one of the largest wartime structures at the site. (credit: Qufaro)

Bletchley Park—the home of codebreakers whose pioneering work helped Britain and its allies win the Second World—could be the site for a College of National Security, with plans for it to open in 2018.

The new sixth-form boarding school will, we're told, be run by a private non-profit consortium of tech firms, venture capitalists, and entrepreneurs, with rumoured input from GCHQ. It will enrol 500 teenagers (aged 16 to 19) who will be taught cybersecurity skills—which could, it's hoped, go some way to addressing the shortfall in UK talent.

The outfit behind the college, which would apparently be free for its pupils to attend, says at least part of the syllabus would be set by infosec experts focusing mostly on cybersecurity (roughly 40 percent of the curriculum), with additional modules on maths, computer science, economics, and physics also taught over a three-year period of study. Applicants won't be selected on the basis of specific academic qualifications, so much as through aptitude tests set by the college, or even on the basis of previously demonstrated skills, such as self-taught coding.

Read 8 remaining paragraphs | Comments