Computer News & Safety – Harry Waldron Rotating Header Image

May, 2017:

Internet – Cleaning up and improving safety MAY 2017

An excellent initiative by a co-founder of Twitter to improve quality of web experience

https://www.nytimes.com/2017/05/22/technology/daily-report-cleaning-up-the-internet.html

The internet has been a powerful engine for spreading information. It has also spread online harassment and fake news and fed other toxic digital behavior.  How do those who helped foster the mechanisms for these digital cesspools feel? Evan Williams, a founder of Twitter, the social media service where abuse often flourishes, is rueful. “I thought once everybody could speak freely and exchange information and ideas, the world is automatically going to be a better place,” Mr. Williams told David Streitfeld, a technology reporter for The New York Times. “I was wrong about that.”

“I thought once everybody could speak freely and exchange information and ideas, the world is automatically going to be a better place,” Mr. Williams told David Streitfeld, a technology reporter for The New York Times. “I was wrong about that.”  Mr. Williams has been trying to make the internet a cleaner place for some time. A few years ago, he founded Medium, a publishing site, where he encouraged writers to create high-quality pieces.

Computer Hardware – New Qualcomm Snapdragon CPU for Windows 10 PCs

Highly innovative state of art WIN10 PCs will soon be available featuring 1st version of the Qualcomm Snapdragon CPU as shared below:   

http://www.pcmag.com/news/353981/asus-hp-lenovo-to-make-snapdragon-windows-pcs

Asus, HP, and Lenovo will soon begin offering Windows 10 PCs powered by Qualcomm’s Snapdragon mobile processors, the first products sold in more than a decade to run full Windows on non-Intel-compatible CPUs.  Windows 10 Bug ArtThe ARM-based Snapdragon 835 mobile platform recently gained Windows compatibility, which opens up possibilities for manufacturers to build powerful PCs that have the battery life of a smartphone or tablet. That’s exactly what Asus, HP, and Lenovo plan to do, and while form factors, pricing, and availability weren’t immediately available, Qualcomm hinted that they’ll be “sleek, thin, and fanless,” with gigabit-class LTE cellular connectivity as well as batteries that last all day.

Google GMAIL – Phishing mitigated by slight analytical delay on suspicious items

A new Artificial Intelligence sub-system within Google’s email security system can identify some items that are outside of normal standards and these will be delayed & further analyzed to protect end users. This new security improvement has occurred due to recent attack on Google Docs as documented below.

http://www.pcmag.com/news/353978/google-delaying-some-gmail-messages-to-quell-phishing

Google already blocks 99.9 percent of spam and phishing messages from showing up in your Gmail inbox. Now, the web giant is rolling out four new Gmail security features for enterprise customers to help prevent the other 0.1 percent from making it through and tricking you into handing over your company’s private information.

That includes early machine learning-based phishing detection, new warnings when you click on a phishing or malware link in a message, as well as “unintended external reply warnings, and built-in defenses against new threats,” Google’s Senior Product Manager for counter abuse technology, Andy Wen, wrote in a Wednesday blog post.

“Now, if you try to respond to someone outside of your company domain, you’ll receive a quick warning to make sure you intended to send that email,” Wen wrote. “And because Gmail has contextual intelligence, it knows if the recipient is an existing contact or someone you interact with regularly, to avoid displaying warnings unnecessarily.”

Online miscreants last month launched a massive Google Docs phishing attack, which hit a number of journalists and individuals from other industries. Clicking a purported Google Docs button in the nefarious message took users to an actual Google page, which asked them to grant access to an app masquerading as Google Docs. Those who inadvertently granted permission gave the attacker full access to their email messages and contacts.

Home Security – Nest Cam IQ Wi-Fi camera recognizes friends

The new Nest Cam IQ Wi-Fi camera is a lower cost innovation in home security.  With facial recognition software, it can recognize friends and zoom in on intruders.

http://www.pcmag.com/news/353934/the-nest-cam-iq-knows-who-your-friends-are

Nest is adding a new home security camera to its lineup: the Nest Cam IQ. With crisper image quality and IQ in its name, the new camera is positioned as a smarter version of the Nest Cam Indoor.  Instead of getting notifications every time it senses movement, the camera uses advanced algorithms to differentiate between pets and people, as well as friends from strangers.

Nest Aware subscribers get a few extra features, starting with facial recognition. After identifying a new face, the camera will send you a Person Alert, and you can then save a familiar face within the app. This will enable the camera to differentiate between family members, friends, acquaintances, and total strangers. You can also get audio alerts, such as dogs barking or people talking in a room. That way, you can also keep tabs on what’s happening in locations where you might not have a camera.

Intel – High-end X299 CPU processor family announcement MAY 2017

This informative technical article shares Intel’s new high-end desktop CPU announcements and pricing for highly advanced future needs. 

Ars Technica article — Intel unveils X-series platform: Up to 18 cores and 36 threads, from $242 to $2,000
https://arstechnica.com/gadgets/2017/05/intels-new-high-end-desktop-platform-up-to-18-cores-36-threads-2000/

The Intel platform, consisting of the new X299 chipset and new X-series processors, will go all the way up to 18 cores and 36 threads. The HEDT segment is aimed at gamers, video streamers, and content creators with deep pockets or an insatiable desire for more concurrent threads than the mainstream processor segment has to offer. The value proposition for this segment is always a little skewed, with the chips being as much prestige parts as anything else. Straightforward gaming workloads may struggled to make full use of the chips’ resources, but serious Twitch streamers, for example, can make good use of the extra cores. Software developers are another group that can make good use of all those cores.

The new platform has wider range and greater complexity than the X99 platform it replaces. At the low end are “Kaby Lake-X” processors: the i5-7640X and the i7-7740X. These chips are very similar to the existing mainstream Kaby Lake processors that came to market earlier this year; four cores with either four (for the i5) or eight (for the i7) threads, two memory channels, and 16 PCIe 3 lanes from the CPU itself. The chips have a higher power envelope—up to 112W, instead of the 91W of non-X parts—and use X299’s new Socket 2066. Their clock speeds are a little higher, too; the $339 i7-7740X has a base clock of 4.3GHz and a turbo of 4.5GHz, compared to the 4.2/4.5GHz of the $339 i7-7700K.

The Skylake-X chips will also expand Intel’s numbering system: Intel is adding a new i9 branding that slots in above the i7 branding for the high-end processors.  As is Intel’s wont, the Skylake X range will suffer certain kinds of segmentation. The cheapest Skylake X part, the $389 six core, 12 thread i7-7800X, won’t include Turbo Boost Max 3 and will only officially support 2400MHz memory. Both that processor and the next highest, the $599 eight-core, 16-thread i7-7820X, will have only 28 PCIe 3 lanes, though this part will support memory speeds up to 2666MHz. It’s not until the $999 10-core, 20-thread i9-7900X that the full range of features is lit up: 44 PCIe lanes, Turbo Boost Max 3, and 2666MHz memory. These three parts will all have a 140W power envelope.

INTEL-CPU-CODENAME / YEAR / MICRO-LEVEL / BRANDING
Westmere (2010) 32nm 1st-GEN /Core i3/i5/i7 
Sandy Bridge (2011) 32nm 2nd-GEN /Core i3/i5/i7
Ivy Bridge (2012) 22nm 3rd-GEN / Core i3/i5/i7 
Haswell (2013) 22nm 4th-GEN / Core i3/i5/i7 
Broadwell (2014-15) 14nm 5th-GEN / Core i3/i5/i7/
Skylake (2015-16) 14nm 6th-GEN / Core i3/i5/i7/i9
Kaby Lake (2016?) 14nm TBA
Cannonlake (2017?) 10nm TBA

Windows 10 – Ten advanced hidden techniques MAY 2017

PC Magazine recently published & updated tips and techniques that may not be well known in Windows 10 user community.  Some of which are even applicable for Windows 7 as well.

Hidden Tricks Inside Windows 10
http://www.pcmag.com/feature/347136/hidden-tricks-inside-windows-10

Here we present a list of 10 cool tips that will help you get a little bit more out of your Windows 10 experience. Or, at least, there are some things you may have not known about. Some have been available in Windows for a number of generations, while some are native to Microsoft’s most recent OS. PCMag has some dedicated Windows fans in our readership, so you likely know at least some of these features, but you probably don’t know them all. I tested these on a pair of Lenovo laptops, one running Windows 10 and the other (when accessible) on Windows 7 Professional.

Android Security – Judy Adware agent impacts millions of users

Google has discovered 41 apps infected by the Android “Judy” adware  agent.  It is an auto-click agent designed to falsely inflate online ad view counts. As described below it may be one of largest Android security attacks of all time

http://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/

http://www.pcmag.com/news/353943/judy-malware-potentially-hits-up-to-36-5m-android-devices

Check Point researchers discovered another widespread malware campaign on Google Play, Google’s official app store. The malware, dubbed “Judy”, is an auto-clicking adware which was found on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it. The malicious apps reached an astonishing spread between 4.5 million and 18.5 million downloads. Some of the apps we discovered resided on Google Play for several years, but all were recently updated. It is unclear how long the malicious code existed inside the apps, hence the actual spread of the malware remains unknown.

These apps also had a large amount of downloads between 4 and 18 million, meaning the total spread of the malware may have reached between 8.5 and 36.5 million users. Similar to previous malware which infiltrated Google Play, such as FalseGuide and Skinner, Judy relies on the communication with its Command and Control server (C&C) for its operation. After Check Point notified Google about this threat, the apps were swiftly removed from the Play store.

Project Management — Future integration of Artificial Intelligence

Dr. Harold Kerzner shares an insightful article on future of PM profession and the greater use of technology in modeling and optimization of resources, critical paths, and cost savings. 

AI offers advantages of real time tune ups in the plan and as an expert assistant to the overall PM.  AI still cannot take over the human role of management and leadership concepts, (including grateful leadership concepts that improve teamwork).

I have worked with Microsoft Project extensively and even taught PMM classes for a former company.  Dr. Kerzner is an excellent instructor & author, and am thankful for past attendance of training classes.  This article shares that improved future tools are coming to help the project manager better manage time, people, and material resources

IIL blog  – Project Management and Artificial Intelligence (AI)
http://blog.iil.com/project-management-and-artificial-intelligence-ai/

Recently, I conducted a webinar on The Future of Project Management. During the Q&A session that followed, I was asked if PM 4.0 would include a discussion of the role of artificial intelligence (AI) applied to project management. I was also recently interviewed by a person working on a graduate degree, who asked what I believed would be the relationship between project management and AI in the future.

It appears that the world of AI is now entering the project management community of practice, and there is significant interest in this topic. While I am certainly not an expert in AI, I became curious about how developments in AI could benefit project management.

A common definition of AI is intelligence exhibited by machines. From a project management perspective, could a machine eventually mimic the cognitive functions associated with the mind of a project manager such as decision-making and problem-solving?

The principles of AI are already being used in speech recognition systems and search engines such as Google Search and Siri. Self-driving cars use AI concepts as do military simulation exercises and content delivery networks. Computers can now defeat most people in strategy games such as chess. It is just a matter of time before we see AI techniques involved in project management.

Network Security Tools – File2pcap and Cyberchef May 2017

The SANS Internet Storm Center shares two newer Network Security Tools as highlighted below:

File2pcap – A new tool for your toolkit!

http://blog.talosintelligence.com/2017/05/file2pcap.html

https://isc.sans.edu/forums/diary/File2pcap+A+new+tool+for+your+toolkit/22456/

Regarding file-based vulnerabilities, the original process used to involve starting a local webserver and using a browser to download the exploit file, while recording the transfer using Wireshark. File2pcap revolutionized this requirement by simulating the traffic and creating the proper pcap without any hassles.  File2pcap started out as a tool to create pcaps from input files, showing these files in transfer from a web server to a browser. By simulating the entire data exchange it is possible to create a pcap file for any input file, usually within seconds. The result always shows a full TCP stream from SYN to FIN with packets in order and checksums correct. These pcap files can then be used in combination with a tcp replay tool (or read by Snort) to create proper rules for all file-based attacks.

CyberChef a Must Have Tool in your Tool bag!

https://gchq.github.io/CyberChef/

https://isc.sans.edu/forums/diary/CyberChef+a+Must+Have+Tool+in+your+Tool+bag/22458/

There are well over 100 operations in CyberChef allowing you to carry simple and complex tasks easily. Here are some examples:

* Decode a Base64-encoded string
* Convert a date and time to a different time zone
* Parse a Teredo IPv6 address
* Convert data from a hexdump, then decompress
* Display multiple timestamps as full dates
* Carry out different operations on data of different types

Microsoft Security – MSRT patched OOB to prevent DDoS attacks MAY 2017

Key links are shared below:

https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx

Windows Malicious Software Removal Tool (MSRT) helps keep Windows computers free from prevalent malware. MSRT finds and removes threats and reverses the changes made by these threats. MSRT is generally released monthly as part of Windows Update or as a standalone tool available here for download.

 – Reason for Revision: Microsoft is releasing this out-of-band CVE   Security update is available for  Microsoft Malware Protection Engine
 – Originally posted: May 25, 2017 
 – Aggregate CVE Severity Rating: Critical