Internet Braces for Crazy Shellshock Worm

Illustration: Ross Patton/WIRED[

A nasty bug in many of the world’s Linux and Unix operating systems could allow malicious hackers to create a computer worm that wreaks havoc on machines across the globe, security experts say.

The flaw, called Shellshock, is being compared to last spring’s Heartbleed bug because it lets attackers do some nasty stuff—in this case, run unauthorized code—on a large number of Linux computer servers. The flaw lies in Bash, a standard Unix program that’s used to connect with the computer’s operating system.

The good news is that it doesn’t take long to patch the bug. At internet infrastructure provider CloudFlare, admins scrambled for about an hour this morning to fix the flaw, which was disclosed late on Tuesday. “We got 95 percent of it done within 10 minutes,” says Ryan Lackey a security engineer at the company.

The flaw is being compared to last spring’s Heartbleed bug because it lets attackers do some nasty stuff on a large number of Linux servers

Because Shellshock is easy to exploit—it only takes about three lines of code to attack a vulnerable server—Lackey and other security experts think there’s a pretty good chance that someone will write a worm code that will jump from vulnerable system to vulnerable system, creating hassles for the world’s system administrators. “People are already exploiting it in the wild manually, so a worm is a natural outgrowth of that,” Lackey says.

To exploit the bug, the bad guys need to connect to software such as PHP or DHCP—which use bash to launch programs within the server’s operating system

There are still some important questions about the bug. One is whether other operating systems that use Bash—Mac OS, for example—are vulnerable. Another big one: how many linux server applications and appliance-like Linux devices—things like storage servers or video recording devices—might be vulnerable to the flaw. Many of these Linux systems to not use the Bash software, but those that do could be vulnerable to attack and difficult to patch.

In the grand scheme of things, Shellshock is not as big of a problem as, say, phishing attacks, which continue to trick internet users, says Robert Graham, CEO of Errata Security. However, it’s “slightly worse then Heartbleed,” he says. “It’s in more systems. It’s going to be harder to track them down and patch them, and you can immediately exploit it with remote code execution.” Heartbleed let criminals steal your username and passwords, but it didn’t make it quite so easy to run your own malicious software on a vulnerable system, Graham says.

Like Heartbleed, the new bug has been around for a long time, and was introduced in a widely used piece of open source software. In the wake of Heartbleed, the open source community came up with some money to beef up the security of several popular open-source tools. And it may be time to add a few more—including Bash— to that list.

Bacterial 'communication system' could be used to stop, kill cancer cells, study finds

Cancer, while always dangerous, truly becomes life-threatening when cancer cells begin to spread to different areas throughout the body. Now, researchers at the University of Missouri have discovered that a molecule used as a communication system by bacteria can be manipulated to prevent cancer cells from spreading. Senthil Kumar, an assistant research professor and assistant director of the Comparative Oncology and Epigenetics Laboratory at the MU College of Veterinary Medicine, says this communication system can be used to "tell" cancer cells how to act, or even to die on command.

"During an infection, bacteria release molecules which allow them to 'talk' to each other," said Kumar, the lead author of the study. "Depending on the type of molecule released, the signal will tell other bacteria to multiply, escape the immune system or even stop spreading. We found that if we introduce the 'stop spreading' bacteria molecule to cancer cells, those cells will not only stop spreading; they will begin to die as well."

In the study published in PLOS ONE, Kumar, and co-author Jeffrey Bryan, an associate professor in the MU College of Veterinary Medicine, treated human pancreatic cancer cells grown in culture with bacterial communication molecules, known as ODDHSL. After the treatment, the pancreatic cancer cells stopped multiplying, failed to migrate and began to die.

"We used pancreatic cancer cells, because those are the most robust, aggressive and hard-to-kill cancer cells that can occur in the human body," Kumar said. "To show that this molecule can not only stop the cancer cells from spreading, but actually cause them to die, is very exciting. Because this treatment shows promise in such an aggressive cancer like pancreatic cancer, we believe it could be used on other types of cancer cells and our lab is in the process of testing this treatment in other types of cancer."

Kumar says the next step in his research is to find a more efficient way to introduce the molecules to the cancer cells before animal and human testing can take place.

"Our biggest challenge right now is to find a way to introduce these molecules in an effective way," Kumar said. "At this time, we only are able to treat cancer cells with this molecule in a laboratory setting. We are now working on a better method which will allow us to treat animals with cancer to see if this therapy is truly effective. The early-stage results of this research are promising. If additional studies, including animal studies, are successful then the next step would be translating this application into clinics."

Story Source:

The above story is based on materials provided by University of Missouri-Columbia . Note: Materials may be edited for content and length.

Enzyme discovery paves way to tackling deadly parasite diseases

An enzyme found in all living things could hold the key to combating deadly diseases such as sleeping sickness, a study suggests.

Research into the enzyme, which helps cells convert nutrients into energy, has shown that it is activated in different ways in various species.

Researchers say this discovery creates an opportunity to design drugs that block activity of the enzyme -- known as pyruvate kinase -- in species that cause infection. Blocking the enzyme would effectively kill the parasite, without affecting the same enzyme in the patient.

Findings from the study could lead to new treatments for diseases spread by parasites -- including sleeping sickness and Chagas disease -- that affect millions of people in the developing world.

Researchers say the finding could ultimately help tackle a range of healthcare problems, including antibiotic resistance and some forms of cancer.

Scientists used a range of analytical techniques to discover how pyruvate kinase functions in parasites, mammals and bacteria.

They found that the enzyme becomes active in all species in a similar way. A small sugar molecule binds to the enzyme to kick-start the process of nutrient absorption. But each species has a unique mechanism for activating the enzyme, providing opportunities to design drugs that block its activity in individual species.

Professor Malcolm Walkinshaw, Chair of Structural Biology at the University of Edinburgh, who led the study, said: "With this discovery, we've found an Achilles heel for sleeping sickness and many other conditions. Fresh discoveries about this key enzyme – pyruvate kinase – could enable the design of treatments to tackle disease without harm to the patient."

The study is published in the first edition of the journal Royal Society Open Science.

Story Source:

The above story is based on materials provided by University of Edinburgh . Note: Materials may be edited for content and length.

Don’t Update Your iPhone’s iOS 8. It’s Breaking Cell Service and TouchID


Josh Valcarcel/WIRED

PSA: Do not install the first update to iOS 8.

Early reports indicate it will leave your phone crippled, without access to your cellular network and TouchID. Rebooting or restoring the handset does not seem to fix the issue, according to discussions on Twitter.

The 8.0.1 update addresses the HealthKit bug that plagued the initial launch of health-tracking apps in iOS 8. It also addresses other issues like access to photos in Photo Library (some apps were having problems with this) and the deselection of third party keyboards after a user enters their passcode.

Further reports seem to indicate this is mostly affecting iPhone 6 and 6 Plus handsets, and at least one iOS 8 user was able to solve the problem by going into Device Firmware Upgrade mode to restore his device.

So while we should start seeing HealthKit-enabled apps landing in the App Store over the next few days, you potentially won’t be able to use them over your cellular network, or log into your device using TouchID. Hopefully Apple will roll this update back swiftly. In the meantime, Do Not Update Your iOS Device.

Hillary Clinton on How to Close the Business Gender Gap

Hillary Rodham Clinton, former U.S. Secretary of State, speaks in a panel discussion, "Equality for Girls and Women: 2034 Instead of 2134?" at the Clinton Global Initiative, Wednesday, Sept. 24, 2014 in New York.

Hillary Rodham Clinton, former U.S. Secretary of State, speaks in a panel discussion, “Equality for Girls and Women: 2034 Instead of 2134?” at the Clinton Global Initiative, Wednesday, Sept. 24, 2014 in New York. Mark Lennihan/AP

Hillary Clinton says that the gender gap won’t close unless we significantly change the culture that pervades the American workplace.

“There are a lot of women who think they had to make a choice,” Clinton said on Wednesday morning at the annual meeting of the Clinton Global Initiative in New York City. “For a lot of them it’s a choice that was in effect forced on them: I can either pursue my career in the time that it’d be most likely I could have a child or not. There’s a growing awareness in our own society that we can’t just give lip service to the idea that mothers are important. We have to provide the support systems that enable women to make the choices that are right for them.”

The numbers around women in the workforce are disheartening at best. There’s the fact that for every dollar men earn, women earn 78 cents. There’s the fact that in the tech industry, working mothers make $11,247 less than women without children and men. And of course, there are all those hideously imbalanced diversity reports being released by companies like Google, Facebook, and Apple.

But while many of these companies and other organizations are trying to correct this imbalance by supporting coding courses and STEM education, former secretary of state Clinton believes we must do more than just fill the pipeline with talent. When she talks about providing “support systems,” she means benefits like affordable childcare, free preschool programs, and paid family and maternity leave. “Those are not just nice luxuries for women,” Clinton said. “They would fundamentally free up women to be in the workforce if they had the skills and desire to do so.”

As she explained, the absence of such programs, which are readily available in many other countries around the world, sends a strong signal to women that “society and our economy don’t value mothers.”

Clinton’s stance on these benefits has drawn a fair bit of criticism lately by those who see this feminist approach as a presidential campaign strategy. And Clinton concedes that these programs are not wholesale solutions, just temporary fixes to a very complex and enduring problem. What we need just as urgently, she said, is more data on why, exactly, this gap exists, which is one reason why she has teamed up with her daughter Chelsea Clinton, as well as Melinda Gates, to launch No Ceilings, a massive data mining project aimed at understanding why women continue to be underpaid and underrepresented in the workplace.

“I’m not sure we have the best data we need in our own country. What’s really behind the stagnation in wages and in workforce participation? We have some very educated guesses, but I’m not sure we really know,” Clinton said. “We need to do much more to understand. But we could, in the meantime, use some fixes that could give more people more opportunity.”

This App Opens a New Frontier for App Design: Indoor Locations

Estimote's new indoor location app makes it easy for devs to build on top of beacons' promise.

Estimote’s new indoor location app makes it easy for devs to build on top of beacons’ promise. Estimote

Smartphones are dumbest when it comes to the world immediately surrounding them. Think about it: The miracle device in your pocket can summon up any fact you could conceivably want to know about Dunkin’ Donuts, and it can instantly render a map of every Dunkin’ Donuts in your greater metropolitan area, but as to the fact that you’re actually, physically standing in line at Dunkin’ Donuts, it’s utterly oblivious.

That won’t likely be the case for long. A new generation of sensors, powered by a low-energy flavor of Bluetooth, stand to give our phones a rich awareness of the physical world. One company leading the push is Estimote, which started shipping some of the first “beacons,” as the Bluetooth sensors are being called, around this time last year. Looking at how beacons have developed over the last 12 months, you can see a version of Moore’s Law at work. Estimote’s first beacons lived in plastic enclosures the size of rabbits’ feet. Its newest ones, debuted earlier this month, take the form of stickers, small enough to be placed not just on walls but individual objects.

Toyota’s New Hydrogen-Powered Car Asks a High Price for Mediocrity

Toyota’s on the verge of finally bringing a hydrogen-powered car to market. The problem is that it promises a boring, if innovative, driving experience, for the price middle-aged men pay to have their toupees blown off.

Next year, Toyota will start selling the unimaginatively named FCV (to be fair, Honda had dibs on FCEV). The car will be able to drive 300 miles on nothing but hydrogen, with only water vapor as a byproduct.

Hybrids and battery-powered electrics are hogging all the attention when it comes to alternatives to internal-combustion engines, but the German and Japanese automakers, especially Honda and Toyota, haven’t backed off the idea that the best route to a fossil fuel-free future is using fuel cells to combine hydrogen and oxygen to generate electricity, inside the car. Fuel-cell cars offer the range of a gas-powered car, and their tanks can be filled with compressed hydrogen in just a few minutes. No range anxiety, no waiting hours for your EV’s battery to charge.

FCEVs have plenty of shortcomings. Hydrogen fuel is available at only a handful of gas stations in the U.S., and the infrastructure for transporting it around the country hasn’t really been developed. The production of hydrogen can itself yield greenhouse gases, if it’s generated from natural gas. The cars are frightfully expensive and the fuel is no cheaper than gasoline.

But Toyota’s serious about the technology. It has spent 20 years on this program and made a lot of progress. From one generation of test vehicles to the current platform, it cut costs by 95 percent, reduced the size of the fuel cell, and developed tanks made of carbon fiber that improve capacity and can be designed to fit any car body. To make filling up the hydrogen tanks practical, Toyota’s part of a state-funded, $200 million effort to build a network of fueling stations around the Bay Area and Los Angeles, with a few in between. That will help build out the infrastructure and encourage people to buy the cars. It doesn’t do anything for the cost of the fuel itself, which by Toyota’s estimates is as expensive as gasoline.

The FCV doing cold weather testing in Yellowknife, Canada.

The FCV doing cold weather testing in Yellowknife, Canada. Toyota

Last week, I met up with Jared Farnsworth, an engineer with Toyota’s advanced power train group, to gawk at the FCV and drive the test “mule,” the camouflaged Lexus HS that’s been fitted with a system very similar to the one that will be in the production car. Under the hood is a fuel cell roughly the size of a suitcase, pulling hydrogen from two tanks each a bit bigger than what you take scuba diving. Total power output is roughly 100 kilowatts.

I drove the mule for just about 15 minutes around downtown San Francisco, hardly enough to form a detailed judgement, but came away with one impression: This thing, like other FCEVs, is completely unremarkable. The torque is a bit better than your standard internal combustion engine car. There’s no noise, which is nice. I didn’t get the chance to floor it, but the lackluster 0 to 60 mph time of under 10 seconds promised by Toyota sounds about right. All in all, it drives like an underpowered electric car.

A High Price for Meh

Toyota hasn’t released U.S. pricing for the FCV, but it will charge Japanese customers $69,000. A few years ago, it said it was aiming to deliver the 2015 car for $50,000, which is still a lot of money for a car that won’t save you any money on fuel, can only be filled at select stations in California, and is barely more fun to drive than a Camry—whether or not you’re helping the planet breathe.

“There’s no doubt, that the success of this technology will depend less on the genius of the car, than on the ownership experience,” says Bob Carter, a Toyota senior vice president. “Cost in one thing, but convenience is another.” It’s a fair point, but the high price would hardly be an issue if the drive experience were more fulfilling. Tesla customers can justify the $71,070 base price and reduced range of the Model S because the battery-powered sedan is not only elegant, it’s one of the most thrilling and capable cars you can buy today. The most powerful version goes from 0 to 60 mph in 4.2 seconds with enough torque to imitate the space shuttle taking off.

The Toyota FCV has an edgy look to grab attention, especially for a four-door midsize sedan. Toyota’s design philosophy of “air into water” results in nice lines from the front to the rear. (Toyota isn’t showing off the interior just yet.) But the car is missing the performance to back up the fresh look and get people really excited about hydrogen.

Toyota may be right to say fuel cell cars have a place alongside their hybrid and battery-powered brethren in the roster of future technologies. The best way to prove it—or at least to get the public really interested in the idea—is to give us a hydrogen-powered car that really excites.

Fortunately, Farnsworth says cranking up the power of an FCEV would mostly be a question of increasing the number of plates in the fuel cell stack, which presumably comes with a few extra engineering challenges. Toyota’s already working with Hino Motors to make fuel cell-powered commercial vehicles, which require bigger power plants. Even better, it’s got an agreement with BMW to jointly develop a fuel cell system by 2020. BMW is very good at making cars that don’t suck (or bore), so we’ve got high hopes.