News ADMIN News Lead image: © Kirill Makarovy,
© Kirill Makarovy,

News for Admins

Tech News



Russian FindFace App is a Privacy Nightmare

The machine-learning capability that social networks are gaining is becoming a privacy nightmare. Anyone can take your photo then find everything about you via social networks. That's exactly what the Russian site FindFace is doing.

FindFace is bringing a very powerful facial recognition technology to VK, formerly known as VKontakte, the "Facebook of Russia."

What worries privacy advocates is that the site has a high accuracy rate when it comes to identifying a total stranger simply by snapping their picture and uploading to the FindFace site.

Antivirus firm Kaspersky wrote in a blog post, "If you upload ideal photos, that were taken when your target was posing, everything works just great. The program has successfully found 9 of 10 test 'victims' in the office."

The algorithm powering the facial recognition is developed by Russia-based N-Tech.Lab, which beat Google's face recognition software at the MegaFace challenge.

Google Wants to Kill Passwords for Android

Google is working on an authentication system called Project Abacus that will eliminate the need for passwords with Android devices.

Project Abacus provides authentication through the way you use your device. Google's machine-learning capabilities can identify you by learning the way you interact with your phone: the way you type, the way you speak, and by collecting signals from different sensors already present in your device. When Google's AI puts all of that together, it can tell whether you are who you claim to be.

During the Google I/O summit this year, Google said that it will start trials of Project Abacus with some large financial organizations this summer. Dan Kaufman, head of Google's ATAP (Advanced Technologies and Projects) division, said that if everything goes well, this project should go out to every Android developer by the end of the year. Project Abacus was initially announced at the Google I/O summit last year.

Qualcomm Bug Threatens Millions of Android Devices

FireEye, a cybersecurity firm, has found a flaw in Android devices running Qualcomm chips. The vulnerability has existed in Android devices for the last five years, and it affects devices with Qualcomm processors running Android 4.3 and older Android systems. Devices running newer versions of Android take advantage of Security-Enhanced Android (SE Android), but FireEye says they are still affected.

According to a FireEye blog post, "This vulnerability allows a seemingly benign application to access sensitive user data, including SMS and call history, and the ability to perform potentially sensitive actions, such as changing system settings or disabling the lock screen."

FireEye informed Qualcomm of the bug in January, and Qualcomm released a fix by April, making it available to all vendors. Google pushed the fix to Nexus devices in May. Although Google secured its own Nexus devices, the company has no control over the rest of the Android ecosystem. Carriers and Android hardware vendors control software updates on their own Android devices, and users of these devices will remain vulnerable unless these companies update the software.

Windows 10 Pro Loses Critical Features

Business customers running Windows 10 Pro will no longer be able to use the Group Policy feature to restrict employees from accessing the Windows Store. Microsoft made this change last month with the upgrade to version 1511 of Windows 10. After this upgrade, users can't disable Windows Store access through Group Policy. According to Microsoft's support page, "This behavior is by design. In Windows 10 version 1511, these policies are applicable to users of the Enterprise and Education editions only."

A Microsoft spokesperson told ZDNet "Windows 10 Pro offers a subset of those capabilities and is recommended for small and mid-size businesses looking for some management controls, but not the full suite necessary for IT pros at larger enterprises."

Businesses need tighter control over their systems, and Microsoft is encouraging enterprise customers to use the Windows 10 Enterprise edition, which lets customers restrict access to the Windows Store through AppLocker or Group Policy.

JBoss Vulnerability Could Lead to SamSam Ransomware

Researchers at Cisco Talos found a vulnerability in JBoss that can be exploited by SamSam ransomware. Cisco Talos said in a blog post, "As part of this investigation, we scanned for machines that were already compromised and potentially waiting for a ransomware payload. We found just over 2,100 backdoors installed across nearly 1,600 IP addresses." The research firm says they estimate over 3.2 million machines are at risk.

SamSam is distributed through compromised servers and then holds victim systems for ransom. Attackers are using the JexBoss open source tool to test and then exploit JBoss application servers. Once they gain access to the network, they start encrypting Windows systems using SamSam.

Cisco Talos suggests that if your server is vulnerable, the first piece of advice is to remove external access to the server. "Ideally, you would also re-image the system and install updated versions of the software," the firm said in the blog post.

© Fernando Gregory,

© Fernando Gregory,

New Exploit Bypasses Windows AppLocker

A new Windows vulnerability allows attackers to install any application on Windows systems, bypassing AppLocker. AppLocker is a feature of Windows 7 and Windows Server 2008 R2 that allows admins to manage application access to users. This serious flaw targets business users and not just home users, and it affects the latest Windows 10 systems, as well as earlier versions of Windows going all the way back to Windows 7.

The vulnerability was accidentally discovered by Casey Smith, who realized that the Windows command-line utility Regsvr32 can be exploited to bypass AppLocker by registering and unregistering DLLs. Because this method doesn't touch the system registry, system admins won't find any trace of changes to the system.

Microsoft has not yet released a fix for the vulnerability; however, users can mitigate it by blocking Regsvr from the Windows Firewall.

© Jens Hilberger,

© Jens Hilberger,