Ransomware Dangers Grow in Some Countries by Forcing Rebellion

By Bob Pepalis, Izenda
bob.pepalis@izenda.com

Each month we take a look at recent technology news to spot the trends and advances in software and other industries. If you spot a piece of news that should be shared or have a comment, send it to me via email.

New Ransomware Forces Victims to Rant against Government

Don't underestimate the dangers of ransomware to your organization's data. Now a new version tries to force its victims to make incendiary statements. Criticizing a public official in the United States at most will get you into a flame war with others. But in countries like Saudi Arabia, submit to this extortion at your own peril. Criticizing the government or the royal family may result in jail time or physical punishment.

Unit 42 of Palo Alto Networks found the ransomware named RanRan on systems in Saudi Arabia and the Philippines, according to an article by Max Metzger in SC Magazine UK. Before returning access to their data, the hackers demand that victims to create a "rebellious subdomain" that includes a protest against their government. They also have to put a ransomware.txt file on the subdomain.

The ransomware code wasn't considered to be very advanced, which should make it easier to combat.

Outdated JavaScript Libraries Leave Many Websites Vulnerable

Northwestern University researchers found at least one Javascript library in more than a third of the websites they surveyed contained a known vulnerability, according to a story posted on ZDNet.

The researchers analyzed more than 133,000 websites in a follow up to 2014 research that called attention to the security risks caused by outdated versions of JavaScript libraries.

"Perhaps our most sobering finding is practical evidence that the JavaScript library ecosystem is complex, unorganized, and quite 'ad hoc' with respect to security," the researchers reported in their paper.

They pointed out reasons including a lack of reliable vulnerability databases. Library vendors don't maintain security mailing lists. Release notes contain few details on security. Existing remediation strategies prove ineffective at mitigating the threats.

A significant attack surface identified by the researchers was vulnerabilities in client-side JavaScript, such as cross-site scripting. This allows an attacker to inject malicious code into a website.

IBM Scientists Shrink Data Storage Down to the Atom

How small can data storage get? As of now, down to the atom. IBM researchers announced they stored data on a single atom, according to this article by Rebecca Linke of Computerworld. A single bit takes about 100,000 atoms in a modern hard drive, making IBM's success significant.

IBM researchers managed to magnetize single atoms of holmium, a rare earth element. The poles of magnetism stand for the 1s and 0s in binary code. But you won't see this method used in smartphones or tablets. It's for research. The need for an ultra-high vacuum, low vibration and a super-low temperature make it impractical for commercial applications.

What might result is finding how to use a small number of atoms that can stay stable at room temperature for data storage. That would be a significant decrease in size from our old-fashioned hard drives that take up 100,000 atoms to store one bit.

Developers Don't Pass Go, They Prefer It

Google's Go open-source programming language continues to gain steam as more developers use it at work and outside of work.

The programming language team's 2016 survey showed 89% of respondents use Go. The results, just released by the team, also said 36% of those users also use Go at home and at work.

Most would recommend Go to other developers, according to Steve Francia, technical program manager for the team.

In addition to Go, the developers who responded listed their preference for and expertise in Python, Java, JavaScript and C.

.NET Core Makes its Way to Different Hardware, Software Platforms

Microsoft's .NET Core is making its way to different hardware platforms. Work by the .NET community ports it to Internet of Things (IoT) platforms such as the Raspberry Pi 2 and 3.

The software giant says plenty about bringing its .NET Core to platforms in addition to Windows, such as macOS and Linux.

"We can confirm there is an ARM32 version of .NET Core out on GitHub," a Microsoft spokesman told IDG. "It is an implementation of .NET Core that Samsung, Microsoft, and the community are working on. We are making it available to customers ... so they can use it on Raspberry Pis, IoT, etc."

Government Warning Against Using Leaked Info Called Reckless

WikiLeaks plans to release some information about hacking tools. But you might not want to use even if you need it, according to this story from IDG.

The organization says it plans to share information about CIA hacking tools to enable software fixes. The information comes from 8,700-plus documents WikiLeaks said they stole from the CIA. Even if released like this, possession of classified data is a crime. The White House press secretary told tech vendors to consider the consequences.

Organizations such as the ACLU and the Electronic Frontier Foundation cry foul at that pronouncement. Penalizing vendors or stopping them from fixing exposed vulnerabilities is reckless and a gross misuse of government power, attorneys with the organizations said.

At least one company revealed some good news on the security front. Intel Security released a tool to check for unauthorized code in a computer's low-level system firmware.

Intel Security created a module for CHIPSEC to detect rogue EFI binaries. Comparing a whitelist of binary files from a clean EFI image from their computer manufacturer to what CHIPSEC finds can reveal those rogue files.

Izenda recently announced the release of its 7 Series™ self-service business intelligence (Bl) and analytics platform, purpose-built for embedding for OEM use by software companies and solutions providers. This release further enhances lzenda's capabilities by empowering software companies to offer their end users intuitive real-time, self-service analytics inside their applications.

Opinions expressed by the author are not necessarily those of WITI.