By MATT O'BRIEN AP Technology Writer
The National Security Agency has discovered a major security flaw in Microsoft's Windows 10 operating system that could let hackers intercept seemingly secure communications.
But rather than exploit the flaw for its own intelligence needs, the NSA tipped off Microsoft so that it can fix the system for everyone.
Microsoft released a free software patch to fix the flaw Tuesday and credited the intelligence agency for discovering it. The company said it has not seen any evidence that hackers have used the technique.
Amit Yoran, CEO of security firm Tenable, said it is "exceptionally rare if not unprecedented" for the U.S. government to share its discovery of such a critical vulnerability with a company.
Yoran, who was a founding director of the Department of Homeland Security's computer emergency readiness team, urged all organizations to prioritize patching their systems quickly.
An advisory sent by the NSA on Tuesday said "the consequences of not patching the vulnerability are severe and widespread."
Microsoft said an attacker could exploit the vulnerability by spoofing a code-signing certificate so it looked like a file came from a trusted source.
"The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider," the company said.
If successfully exploited, attackers would have been able to conduct "man-in-the-middle attacks" and decrypt confidential information they intercept on user connections, the company said.
"The biggest risk is to secure communications," said Adam Meyers, vice president of intelligence for security firm CrowdStrike.
Some computers will get the fix automatically, if they have the automatic update option turned on. Others can get it manually by going to Windows Update in the computer's settings.
Microsoft typically releases security and other updates once a month and waited until Tuesday to disclose the flaw and the NSA's involvement. Microsoft and the NSA both declined to say when the agency privately notified the company.
The agency shared the vulnerability with Microsoft "quickly and responsibly," Neal Ziring, technical director of the NSA's cybersecurity directorate, said in a blog post Tuesday.
Priscilla Moriuchi, who retired from the NSA in 2017 after running its East Asia and Pacific operations, said this is a good example of the "constructive role" that the NSA can play in improving global information security. Moriuchi, now an analyst at the U.S. cybersecurity firm Recorded Future, said it's likely a reflection of changes made in 2017 to how the U.S. determines whether to disclose a major vulnerability or exploit it for intelligence purposes.
The revamping of what's known as the "Vulnerability Equities Process" put more emphasis on disclosing vulnerabilities whenever possible to protect core internet systems and the U.S. economy and general public.
Those changes happened after a mysterious group calling itself the "Shadow Brokers" released a trove of high-level hacking tools stolen from the NSA, forcing companies including Microsoft to repair their systems. The U.S. believes that North Korea and Russia were able to capitalize on those stolen hacking tools to unleash devastating global cyberattacks.
Other articles from Hispanic Outlook:
UND And NASA Partner To Colonize Mars
When the first international mission in the University of North Dakota’s (UND) Inflatable Mars/Lunar Habitat (IMLH) was launched last fall, four students from Argentina, Colombia, Mexico and Peru entered the facility to spend two weeks running experiments to help NASA and their program to explore the moon and Mars. After the successful completion of the mission, NASA Administrator Jim Bridenstine, accompanied by U.S. Senator Kevin Cramer (R-ND), visited the UND John D. Odegard School of Aerospace Sciences, calling the work being done there “second to none.” At UND to also discuss future collaborations, Bridenstine explained the university’s importance to the Mars/Lunar program. “The University of North Dakota is delivering – on behalf of NASA – technology that is helping us understand the earth, helping us understand the earth’s atmosphere, helping us better predict weather events and the climate. Beyond that, the University of North Dakota is helping us with human space flight. What happens here enables us to do more than ever before.” He confirmed, “UND will be part of NASA’s future space exploration efforts.” According to Pablo de León…
Editor’s Note: Lethal machines able to make decisions on their own are likely to become reality in the near future. But the ethics regarding such weapons are being considered now.
(AP)(THE CONVERSATION) Robotics is rapidly being transformed by advances in artificial intelligence. And the benefits are widespread: We are seeing safer vehicles with the ability to automatically brake in an emergency, robotic arms transforming factory lines that were once offshored and new robots that can do everything from shop for groceries to deliver prescription drugs to people who have trouble doing it themselves. But our ever-growing appetite for intelligent, autonomous machines poses a host of ethical challenges.
Ethical Dilemmas
Rapid advances have led ethical dilemmas.
These ideas and more were swirling as my colleagues and I met in early November at one of the world’s largest autonomous robotics-focused research conferences – the IEEE International Conference on Intelligent Robots and Systems. There, academics, corporate…
Can Hate Speech Be Quarantined?
Editor’s Note: Is it possible to deal with online hate speech without using censorship? Two university researchers are proposing it can be done by using cyber security techniques.
The spread of hate speech via social media could be tackled using the same “quarantine” approach deployed to combat malicious software, according to University of Cambridge researchers. Definitions of hate speech vary depending on nation, law and platform, and just blocking keywords is ineffectual: graphic descriptions of violence need not contain obvious ethnic slurs to constitute racist death threats, for example. As such, hate speech is difficult to detect automatically. It has to be reported by those exposed to it, after the intended “psychological harm” is inflicted, with armies of moderators required to judge every case.
This is the new front line of an ancient debate: freedom of speech versus poisonous language. Now, an engineer and a linguist have published a proposal in the journal Ethics and Information Technology that harnesses cyber security techniques to give control to those targeted, without…
US Lags Behind Other Countries In Math
Editor’s Note: The latest PISA results have found that while the math performances of 15-year-olds in the U.S. are not declining, they are still behind their international peers.
American students may not be reading any better, but they’re moving up in rankings of educational achievement worldwide because many of their peers in other countries are performing worse. And while their math performance may not be declining, 15-year-olds in the United States still lag the scores of their peers in dozens of other countries. Overall, the latest global snapshot of achievement shows American students scoring above average in reading and science, but below average in math. The 2018 Program for International Student Assessment, or PISA, shows several Asian school systems at the top. The best-performing across all three measures was a group of four Chinese provinces — Beijing, Shanghai, Jiangsu and Zhejiang. PISA seeks to test not only what students know, but whether they can apply that knowledge to solve problems. About 600,000 15-year-old students in nearly 80 nations and educational systems took…
Immigration Legal Services At CSU
Editor’s Note: Twenty-two CSU campuses are offering immigration legal services for the school’s thousands of undocumented students, as well as its undocumented employees.
California State University (CSU) announced a systemwide plan for the provision of immigration legal services for CSU students and employees. “I am delighted that we will be able to increase the availability of immigration legal services to the California State University community. We remain committed to ensuring that all CSU students have the opportunity to pursue their higher education goals regardless of their country of origin. This inclusive foundation extends to our employees, who demonstrate their dedication to student achievement and success on a daily basis,” said CSU Chancellor Timothy P. White. “These thousands of Californians are pursuing their dreams for a better future every day on CSU campuses. The expanded services and resources that will soon be available will bring support, legal guidance and some peace of mind to enable our students and employees to focus on academic and professional pursuits.”
Place your job ad in our classified page on the HO print & digital Edition
