Worldle Is Like Wordle, But For Geography
Read more of this story at Slashdot.
Sales And Repair
1715 S. 3rd Ave. Suite #1
Yakima, WA. 98902
Mon - Fri: 8:30-5:30
Sat - Sun: Closed
Sales And Repair
1715 S. 3rd Ave. Suite #1
Yakima, WA. 98902
Mon - Fri: 8:30-5:30
Sat - Sun: Closed
Read more of this story at Slashdot.
To prevent threat actors from abusing LSASS memory dumps, Microsoft has introduced security features that prevent access to the LSASS process. One of these security features is Credential Guard, which isolates the LSASS process in a virtualized container that prevents other processes from accessing it. However, this feature can lead to conflicts with drivers or applications, causing some organizations not to enable it. As a way to mitigate Windows credential theft without causing the conflicts introduced by Credential Guard, Microsoft will soon be enabling a Microsoft Defender Attack Surface Reduction (ASR) rule by default. The rule, ‘ Block credential stealing from the Windows local security authority subsystem,’ prevents processes from opening the LSASS process and dumping its memory, even if it has administrative privileges.
While enabling the ASR rule by default will significantly impact the stealing of Windows credentials, it is not a silver bullet by any means. This is because the full Attack Surface Reduction feature is only supported on Windows Enterprise licenses running Microsoft Defender as the primary antivirus. However, BleepingComputer’s tests show that the LSASS ASR rule also works on Windows 10 and Windows 11 Pro clients. Unfortunately, once another antivirus solution is installed, ASR is immediately disabled on the device. Furthermore, security researchers have discovered built-in Microsoft Defender exclusion paths allowing threat actors to run their tools from those filenames/directories to bypass the ASR rules and continue to dump the LSASS process. Mimikatz developer Benjamin Delpy told BleepingComputer that Microsoft probably added these built-in exclusions for another rule, but as exclusions affect ALL rules, it bypasses the LSASS restriction.
Read more of this story at Slashdot.
“Yet the hype belies a more complicated relationship. Unlike the National Basketball Association, the National Football League, the country’s most popular sports league, has essentially prohibited its teams from using crypto.”
It’s a microcosm of the broader cultural battle between those touting the currency as the shiny future and others warning of its dangers…. [T]he headlines often come with a negative tint. New York Times columnist and economist Paul Krugman warned last month about crypto’s parallels to the subprime mortgage crisis. This week, the FBI arrested a New York couple for allegedly conspiring to launder billions in crypto. That can scare the large corporate entities of professional sports, particularly the NFL, whose love of fresh revenue sources is matched only by its fear of public relations disasters…. In September, a memo revealed by the Athletic showed the league’s restrictive attitude toward crypto… “Clubs are prohibited from selling, or otherwise allowing within club controlled media, advertisements for specific cryptocurrencies, initial coin offerings, other cryptocurrency sales or any other media category as it relates to blockchain, digital asset or as blockchain company, except as outlined in this policy,” it said.
The NFL has made some forays into NFTs, or non-fungible tokens, the digitally watermarked tools that are crypto’s less controversial cousin, signing up for a partnership with Ticketmaster for NFTs of Super Bowl tickets and an NFT video highlight program with Dapper Labs, one of the leaders in the space. And of course the Super Bowl is taking place at SoFi Stadium, named for the digitally minded financial firm. But sponsorships from crypto exchanges remain off-limits, and the idea of the NFL creating a cryptocurrency, which some enthusiasts have advocated, is the stuff of fantasy. Even the Super Bowl commercials going for as much as $7 million for 30 seconds — which the league authorizes — include only exchanges such as FTX and not currencies themselves….
The NFL has formed an internal working group to study the regulatory, brand and other consequences of partnering with crypto companies but has set no timetable for when its rules could be revised. Renie Anderson, the NFL’s chief revenue officer, said the league is moving slowly by design. “We don’t want to put everything and the kitchen sink into this,” she said by phone from the site of Super Bowl events in Los Angeles. “We don’t know where a lot of this is going, so what we’re trying to do is testing and learning so we can understand.” She cited regulatory and market forces that are still coming into focus. (The Treasury Department and other federal agencies have been ramping up their efforts to create a regulatory framework for crypto, but there remains a degree of murkiness around what the future limits might be.) The NFL, Anderson said, would rather act after there’s clarity. “It’s hard to unwind something like a naming rights deal,” she said, “and I’d rather not have to undo opportunities two years later because there are rules against advertising or marketing certain things.”
National Basketball Association executives, however, say they see a major opportunity right now.
The article also points out that one football star even says he converted his $750,000 salary to Bitcoin. Though one sports analyst calculates that if the purchase was made on November 12th, after federal and state taxes it’s now worth about $35,000.
Read more of this story at Slashdot.
The Diablo-like MMO launched Friday in the West, after Amazon Games collaborated with Smilegate RPG to localize and translate Lost Ark and make it available in English. It has now passed concurrent records for both Counter-Strike: Global Offensive and Dota 2, which regularly dominate the top of Steam’s most-played games.
Lost Ark is so popular right now that it has experienced server issues and there’s a queue just to start playing. SteamDB lists concurrent players of Lost Ark at 1,311,842, passing CS:GO’s record of 1,308,963 players and Dota 2’s of 1,295,114. It’s not clear exactly how many of those players are actually actively playing the game and not sitting in a server queue, though.
Either way, it’s now second place on the top concurrent list behind only PUGB…
The article notes it’s Amazon’s second big hit after its game New World “set a concurrent record of 913,634 players four months ago.”
GameSpot also spotted a playful clause in the game’s terms of service. It specifies that while players must be human (and not AI), that doesn’t apply if Earth is taken over by robots, simians, or aliens. “In that event, Amazon said these beings will be allowed to play Lost Ark and other games. ‘We welcome our alien, robots, ape, or other overlords, as applicable,’ Amazon said.”
Read more of this story at Slashdot.
With two weeks to go before its February 25th release date, Valve has published CAD files for Steam Deck’s exterior shell to GitHub. Making them available under a Creative Commons license, the company noted the release is “good news” for DIY enthusiasts, modders and most notably, accessory manufacturers. All three groups can use the provided technical drawings and schematics to 3D-print custom shells for the handheld.
As Eurogamer notes, Valve’s decision here is an interesting one. It suggests the company will allow case makers to freely make aftermarket shells for Steam Deck. In fact, Valve said it was “looking forward to seeing what the community creates!” Contrast that to the approach Sony has taken with the PlayStation 5. When Sony’s latest console first shipped and only came in one color, an entire cottage industry of companies sprang up to produce colored plates for the PS5. However, Sony quickly moved to shut down those projects before it went on to announce a set of first-party covers for people to purchase.
Read more of this story at Slashdot.
But it’s not. The St. Louis Post-Dispatch reports:
A St. Louis Post-Dispatch journalist will not be charged after pointing out a weakness in a state computer database, the prosecuting attorney for Cole County said Friday. Prosecutor Locke Thompson issued a statement to television station KRCG Friday, saying he appreciated Gov. Mike Parson for forwarding his concerns but would not be filing charges….
Parson, who had suggested prosecution was imminent throughout the probe, issued a statement saying Thompson’s office believed the decision “was properly addressed….” Post-Dispatch Publisher Ian Caso said in a statement Friday: “We are pleased the prosecutor recognized there was no legitimate basis for any charges against the St. Louis Post-Dispatch or our reporter. While an investigation of how the state allowed this information to be accessible was appropriate, the accusations against our reporter were unfounded and made to deflect embarrassment for the state’s failures and for political purposes….”
There is no authorization required to examine public websites, but some researchers say overly broad hacking laws in many jurisdictions let embarrassed institutions lob hacking allegations against good Samaritans who try to flag vulnerabilities before they’re exploited….
A political action committee supporting Parson ran an ad attacking the newspaper over the computer incident, saying the governor was “standing up to the fake news media.”
Thanks to long-time Slashdot reader UnknowingFool for submitting the story.
Read more of this story at Slashdot.
Even if Russia doesn’t invade Ukraine, it has often targeted the country with what Wired has characterized as “many of the most costly cyberattacks in history.” Those attacks might not always be confined to Ukraine, however, which is where CISA’s new Shields Up campaign comes in…. CISA says that it “recommends all organizations — regardless of size — adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.” It also says that it’s collaborated with its “critical infrastructure partners” to raise awareness of these risks.
The agency wants everyone to “reduce the likelihood of a damaging cyber intrusion,” “take steps to quickly detect a potential intrusion,” “ensure that the organization is prepared to respond if an intrusion occurs,” and “maximize the organization’s resilience to a destructive cyber incident.” CISA offers advice related to each of those focus areas on its website.
Earlier this week CISA also added 15 “known exploited” vulnerabilities to its catalog, ZDNet reports, in products from Apache, Apple, Jenkins, and Microsoft:
The list includes a Microsoft Windows SAM local privilege escalation vulnerability with a remediation date set for February 24. Vulcan Cyber engineer Mike Parkin said the vulnerability — CVE-2021-36934 — was patched in August 2021 shortly after it was disclosed. “It is a local vulnerability, which reduces the risk of attack and gives more time to deploy the patch. CISA set the due date for Federal organizations who take direction from them, and that date is based on their own risk criteria,” Parkin said. “With Microsoft releasing the fix 5 months ago, and given the relative threat, it is reasonable for them to set late February as the deadline.”
Read more of this story at Slashdot.
While Valve’s game client has been able to run on Linux for years, as of last month just over 1% of Steam users were running Linux (and fewer than 3% were using macOS, with Windows holding a 96% share). It’ll be interesting to see if that starts to change once the Steam Deck hits the streets. And if it does, maybe we’ll see more game makers add support for Linux… but one of the most popular games around isn’t going to add Linux support anytime soon: Epic CEO Tim Sweeney says the company has no plans to port Fortnite to Linux.
He says it’s because Epic doesn’t “have confidence that we’d be able to combat cheating at scale under a wide array of kernel configurations including custom ones,” but it’s an interesting take since Epic has already ported its anti-cheat software to support Mac and Linux devices including the Steam Deck.
Read more of this story at Slashdot.
As part of its inquiry, the inspector general’s office looked for parts that are illegally altered to look like legitimate products, parts that are “intentionally misrepresented to deceive,” and parts that don’t meet product specifications. It sampled four power plants across the US and found evidence of counterfeit parts at one of those plants in the midwest. It also points to nuclear power plants in the Northeast, separate from those it sampled, where a “well-placed NRC principal” found that counterfeit parts were involved in two separate component failures.
The NRC might be underestimating the prevalence of counterfeit parts, the report warns, because the regulatory agency doesn’t have a robust system in place for tracking problematic parts. It only requires plants to report counterfeits in extraordinary circumstances, like if they lead to an emergency shutdown of a reactor. The report also notes that the NRC hasn’t thoroughly investigated all counterfeit allegations. There were 55 nuclear power plants operating in the US as of September 2021, and the inspector general’s office sampled just four for its report. NRC Public Affairs Officer Scott Burnell told The Verge in an email that “nothing in the report suggests an immediate safety concern. The NRC’s office of the Executive Director for Operations is thoroughly reviewing the report and will direct the agency’s program offices to take appropriate action.”
Read more of this story at Slashdot.