Technology News - CNET News

A lot of recent articles about the #DoH (#DNS over #HTTPS) security protocol. Read carefully, there is a lot of bad faith, too.

A set of Internet actors wrote to the US congress to complain that activation of DoH by Google may deprive them of the spying and manipulation they’re used to ▻https://www.ncta.com/sites/default/files/2019-09/Final%20DOH%20LETTER%209-19-19.pdf

Summary of the issue in the Wall Street Journal ▻https://www.wsj.com/articles/google-draws-house-antitrust-scrutiny-of-internet-protocol-11569765637 (paywall, note how the Akamai spokeperson clearly states that they monitor DNS requests and want to continue to do so).

▻https://arstechnica.com/tech-policy/2019/09/isps-worry-a-new-chrome-feature-will-stop-them-from-spying-on-you (one of the few articles that do not copy blindly the discourse of the Internet operators and ISPs)

▻https://www.cnet.com/news/google-reportedly-under-antitrust-scrutiny-for-new-internet-protocol (based on the Wall Street Journal article, with a nice addition “cable and wireless companies being cut off from much of users’ valuable DNS surfing data”, which spills the beans.)

▻https://www.eff.org/deeplinks/2019/09/encrypted-dns-could-help-close-biggest-privacy-gap-internet-why-are-some-groups (#EFF opinion, with a strange idea “EFF is calling for widespread deployment of DNS over HTTPS support by Internet service providers themselves”, so asking DoH support by the very entities that you do not fully trust.)

#privacy

#Vaping criminal probe announced by #FDA as illnesses rise to 530 - CNET
▻https://www.cnet.com/news/vaping-criminal-probe-announced-by-fda-as-illnesses-rise-to-530

https://cnet3.cbsistatic.com/img/v-Wl3Qx3bMw9Iiujdsb2V55hRNc=/756x567/2019/09/06/ac53ee0d-165f-4c4c-be73-d80e4dcf947c/gettyimages-1148382036.jpg

The number of cases of vaping-related lung illnesses has risen to 530 across 38 states, health officials from the US Centers for Disease Control and Prevention said Thursday. And the Food and Drug Administration has revealed a criminal investigation into the outbreak, according to a Thursday report in The Washington Post. There’ve been seven confirmed deaths from these illnesses so far, the Post said. 

The FDA reportedly said it isn’t seeking prosecution for ill people who’ve vaped cannabis and come forward with information.

“The focus is on the supply chain,” Mitch Zeller, director of the FDA’s Center for Tobacco Products, told the Post. “We’re very alarmed about products containing #THC.”

Elon Musk says Neuralink plans 2020 human test of brain-computer interface
▻https://www.cnet.com/news/elon-musk-neuralink-works-monkeys-human-test-brain-computer-interface-in-2020

“A monkey has been able to control a computer with his brain,” CEO Musk says of his startup’s brain-machine interface.

Neuralink, Elon Musk’s startup that’s trying to directly link brains and computers, has developed a system to feed thousands of electrical probes into a brain and hopes to start testing the technology on humans in in 2020, Chief Executive Elon Musk revealed Tuesday. And it’s working already in animal tests. “A monkey has been able to control a computer with his brain,” Musk (...)

#solutionnisme #transhumanisme #Neuralink

https://cnet1.cbsistatic.com/img/hqgIbF7JGFIXwPzgWKQFVonI2Cc=/2019/07/17/18ca9ea2-e153-4166-982e-0f1febee1d6d/neuralink-n1-diagram.jpg

3third_party_optout.jpg (Image JPEG, 911 × 809 pixels)

https://tech.gamuza.fr/IMG/jpg/3third_party_optout.jpg

S’il te plait, désactive le blocage des cookies tiers que les sites externes puissent te poser un cookie pour savoir qu’il ne faut pas qu’ils te posent de cookies...

je ne sais pas quel est le génie de la pub qui a trouvé la formulation de cette popin mais clairement il n’a pas du bien brancher son cerveau ce jour là...
(Vu sur ►https://www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions en cliquant sur le bouton de paramétrage du tracking)

#anti_pub #cookie #publicité

More than 1,000 Android apps harvest data even after you deny permissions

The apps gather information such as location, even after owners explicitly say no. Google says a fix won’t come until Android Q.
►https://www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions

Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it.

#privacy #android #security

Amazon Alexa transcripts live on, even after you delete voice records
▻https://www.cnet.com/news/amazon-alexa-transcripts-live-on-even-after-you-delete-voice-records

You can delete voice recordings so Amazon can’t listen to your conversations with Alexa anymore, but text records are a different story.

Amazon doesn’t need to hear your voice recordings to know what you’ve said. It can read them. After Alexa hears its wake word — which can vary from “Echo” to “Alexa” to “computer” — the smart assistant starts listening and transcribes everything it hears. That’s why when you check your Alexa dialogue history, you can see text next to the recordings like "How’s (...)

#Amazon #Alexa #écoutes

https://cnet1.cbsistatic.com/img/yd-MsEHZkjzv0StOJ8oKguQK-us=/756x567/2018/10/22/fc5cf5c1-a4f0-4e40-83a5-78dd5f7cec06/fear-alexa-1.jpg

Police are using flawed data in facial recognition searches, study finds
▻https://www.cnet.com/news/police-are-using-flawed-data-in-facial-recognition-searches-study-finds

When the faces aren’t quite there, police have resorted to using celebrity doppelgangers, artist sketches and computer-generated images. Police across the country are making facial recognition searches even when there’s barely anything to match it with. A study from the Georgetown Law Center on Privacy and Technology released Thursday looked at how police are using flawed data to run facial recognition searches, despite years of studies showing these matches aren’t reliable. That includes (...)

#NYPD #algorithme #biométrie #manipulation #facial #surveillance

https://cnet2.cbsistatic.com/img/xfPdi1mmwtDzDUGS-y0SixQK_QU=/756x567/2019/03/15/d0e98f89-88ab-436f-8f6d-503a95eb57f0/facial-recognition-face-id-password-6.jpg

Facebook tracks people who are potential threats to its employees
▻https://www.cnet.com/news/facebook-reportedly-keeps-a-list-of-people-who-are-potential-threats-to-its-em

Nous sommes mercredi 20 février de l’ Anno Orwelli 35 (« apr. G.-O. ») . La technologie de surveillance totale prend forme sous des aspects toujours renouvelés.

February 14, 2019 by Queenie Wong - The social network sometimes monitors the location of users and ex-employees if the threat appears credible.

Facebook keeps a list of people, including users and ex-employees, who have made threats against the social media company and its employees.

The company uses data from those people’s Facebook accounts and sometimes tracks their location through the app if threats appear credible, CNBC reported earlier on Thursday. Some former employees who spoke to CNBC questioned the company’s ethics, but others said the tech giant is keeping its employees safe.

A Facebook spokesman confirmed the company keeps a list of people who might pose a threat, but said the practice is “standard in terms of corporate security.” He declined to say how many people are on this list, but CNBC reported there are hundreds.

Revelations about how Facebook tracks the location of security threats comes as the world’s largest social network faces criticism that it isn’t doing enough to protect the privacy of its 2.3 billion users. At the same time, Facebook and other tech giants have also had to deal with real threats against their employees.

“We have strict processes designed to protect people’s privacy and adhere to all data privacy laws and Facebook’s terms of service,” a Facebook spokesperson said in a statement. “In cases where there is a credible threat of physical violence against a Facebook employee, we use a combination of publicly available data and industry-standard practices to assess their physical proximity to an at-risk employee or Facebook location.”

Facebook’s data policy states the company collects information from the device settings a user turns on, which includes GPS location. The policy also mentions that Facebook uses the data it gathers about its users to promote safety and security on and off the social network.

In December, police evacuated buildings at Facebook’s Menlo Park, California, headquarters following an anonymous bomb threat. The San Mateo County Sheriff’s Office bomb squad swept the buildings but didn’t find suspicious packages or devices. In April, a suspected female shooter opened fire on employees at YouTube’s San Bruno headquarters, wounding three workers before taking her own life, according to police.

On Thursday, a Netflix office in Los Angeles was locked down after reports of an armed person at the site. The man was detained and Netflix said there was no immediate threat or danger posed to its employees.

Facebook created a “be on lookout” list in 2008 and it’s updated every week, according to former employees who spoke to CNBC.

When a person is added to the list, security professionals receive a report that includes their name, photo, location and why they were added, according to the news outlet. In 2018, Facebook tracked the location of an user who made a public threat against one of Facebook’s Europe office.

One Facebook user discovered he was on the list after he tried to enter Facebook’s campus for lunch with a friend who worked at the company. Security guards showed up when he tried to register as a guest, and he reportedly was on the list because of messages he sent to Facebook CEO and co-founder Mark Zuckerberg. The user was removed from the list after his friend complained to the company.

Sometimes, Facebook will also add former employees to the list if they’ve made threats against the company, CNBC reported.

Other tech companies also reportedly keep lists. Facebook uses the social network to find threats against its employees, according to CNBC.

Facebook can track people’s location through its own service. That has included Facebook users and even its own interns if they go missing.

A former employee told CNBC that the social network only tracks a person’s location when a threat appears credible.

First published Feb. 14, 12:50 p.m. PT.
Update, 1:35 p.m. PT: Includes more background. Update, 1:49 p.m. PT: Includes statement from Facebook. Update, 4:40 p.m. PT: Includes additional comment from Facebook and information about its data policy. Update, 5:27 p.m. PT: Adds news of Netflix lockdown.

The mad, twisted tale of the electric scooter craze
▻https://www.cnet.com/news/the-mad-tale-of-the-electric-scooter-craze-with-bird-lime-and-spin-in-san-fran

https://cnet3.cbsistatic.com/img/519Jm5ueiLs356y73ifHAGzGylk=/970x0/2018/05/30/a13714fc-d883-4a1d-ba7f-d70b05250f2b/img-7394.jpg

Dara Kerr/CNET

For weeks, I’d been seeing trashed electric scooters on the streets of San Francisco. So I asked a group of friends if any of them had seen people vandalizing the dockless vehicles since they were scattered across the city a couple of months ago.

The answer was an emphatic “yes.”

One friend saw a guy walking down the street kicking over every scooter he came across. Another saw a rider pull up to a curb as the handlebars and headset became fully detached. My friend figures someone had messed with the screws or cabling so the scooter would come apart on purpose.

A scroll through Reddit, Instagram and Twitter showed me photos of scooters — owned by Bird, Lime and Spin — smeared in feces, hanging from trees, hefted into trashcans and tossed into the San Francisco Bay.

It’s no wonder Lime scooters’ alarm isn’t just a loud beep, but a narc-like battle cry that literally says, “Unlock me to ride, or I’ll call the police.”

San Francisco’s scooter phenomenon has taken on many names: Scootergeddon, Scooterpocalypse and Scooter Wars. It all started when the three companies spread hundreds of their dockless, rentable e-scooters across city the same week at the end of March — without any warning to local residents or lawmakers.

Almost instantly, first-time riders began zooming down sidewalks at 15 mph, swerving between pedestrians and ringing the small bells attached to the handlebars. And they left the vehicles wherever they felt like it: scooters cluttered walkways and storefronts, jammed up bike lanes, and blocked bike racks and wheelchair accesses.

The three companies all say they’re solving a “last-mile” transportation problem, giving commuters an easy and convenient way to zip around the city while helping ease road congestion and smog. They call it the latest in a long line of disruptive businesses that aim to change the way we live.

The scooters have definitely changed how some people live.

I learned the Wild West looks friendly compared to scooter land. In San Francisco’s world of these motorized vehicles, there’s backstabbing, tweaker chop shops and intent to harm.

“The angry people, they were angry,” says Michael Ghadieh, who owns electric bicycle shop, SF Wheels, and has repaired hundreds of the scooters. “People cut cables, flatten tires, they were thrown in the Bay. Someone was out there physically damaging these things.”

Yikes! Clipped brakes

SF Wheels is located on a quaint street in a quintessential San Francisco neighborhood. Called Cole Valley, the area is lined with Victorian homes, upscale cafes and views of the city’s famous Mount Sutro. SF Wheels sells and rents electric bicycles for $20 per hour, mostly to tourists who want to see Golden Gate Park on two wheels.

In March, one of the scooter companies called Ghadieh to tell him they were about to launch in the city and were looking for people to help with repairs. Ghadieh said he was game. He wouldn’t disclose the name of the company because of agreements he signed.

Now he admits he didn’t quite know what he was getting into.

Days after the scooter startups dropped their vehicles on an unsuspecting San Francisco, SF Wheels became so crammed with broken scooters that it was hard to walk through the small, tidy shop. Scooters lined the sidewalk outside, filled the doorway and crowded the mechanic’s workspace. The backyard had a heap of scooters nearly six-feet tall, Ghadieh told me.

His bike techs were so busy that Ghadieh had to hire three more mechanics. SF Wheels was fixing 75 to 100 scooters per day. Ghadieh didn’t say how much the shop was making per scooter fix.

“The repairs were fast and easy on some and longer on others,” Ghadieh said. “It’d depend on whether it was wear-and-tear or whether it was physically damaged by someone out there, some madman.”

Some of the scooters, which cost around $500 off the shelf, came in completely vandalized — everything from chopped wires for the controller (aka the brain) to detached handlebars to bent forks. Several even showed up with clipped brake cables.

I asked Ghadieh if the scooters still work without brakes.

“It will work, yes,” he said. “It will go forward, but you just cannot stop. Whoever is causing that is making the situation dangerous for some riders.”

Especially in a city with lots of hills.

Ghadieh said his crew worked diligently for about six weeks, repairing an estimated 1,000 scooters. But then, about three weeks ago, work dried up. Ghadieh had to lay off the mechanics he’d hired and his shop is back to focusing on electric bicycles.

“Now, there’s literally nothing,” he said. “There’s a change of face with the company. I’m not exactly sure what happened. … They decided to do it differently.”

The likely change? The electric scooter company probably decided to outsource repairs to gig workers, rather than rely on agreements with shops.

That’s gig as in freelancers looking to pick up part-time work, like Uber and Lyft drivers. And like Nick Abouzeid. By day, Abouzeid works in marketing for the startup AngelList. A few weeks ago, he got an email from Bird inviting him to be a scooter mechanic. The message told Abouzeid he could earn $20 for each scooter repair, once he’d completed an online training. He signed up, took the classes and is ready to start.

“These scooters aren’t complicated. They’re cheap scooters from China,” Abouzeid said. “The repairs are anything from adjusting a brake to fixing a flat tire to adding stickers that have fallen off a Bird.”

Bird declined to comment specifically on its maintenance program, but its spokesman Kenneth Baer did say, “Bird has a network of trained chargers and mechanics who operate as independent contractors.”

All of Lime’s mechanics, on the other hand, are part of the company’s operations and maintenance team that repairs the scooters and ensures they’re safe for riders. Spin uses a mix of gig workers and contract mechanics, like what Ghadieh was doing.
Gaming the system

Electric scooters are, well, electric. That means they need to be plugged into an outlet for four to five hours before they can transport people, who rent them for $1 plus 15 cents for every minute of riding time.

Bird, Spin and Lime all partially rely on gig workers to keep their fleets juiced up.

Each company has a different app that shows scooters with low or dead batteries. Anyone with a driver’s license and car can sign up for the app and become a charger. These drivers roam the streets, picking up scooters and taking them home to be charged.
img-7477

“It creates this amazing kind of gig economy,” Bird CEO Travis VanderZanden, who is a former Uber and Lyft executive, told me in April. “It’s kind of like a game of Pokemon Go for them, where they go around and try to find and gobble up as many Birds as they can.”

Theoretically, all scooters are supposed to be off city streets by nightfall when it’s illegal to ride them. That’s when the chargers are unleashed. To get paid, they have to get the vehicles back out on the street in specified locations before 7 a.m. the next day. Bird supplies the charging cables — only three at a time, but those who’ve been in the business longer can get more cables.

“I don’t know the fascination with all of these companies using gig workers to charge and repair,” said Harry Campbell, who runs a popular gig worker blog called The Rideshare Guy. “But they’re all in, they’re all doing it.”

One of the reasons some companies use gig workers is to avoid costs like extra labor, gasoline and electricity. Bird, Spin and Lime have managed to convince investors they’re onto something. Between the three of them they’ve raised $255 million in funding. Bird is rumored to be raising another $150 million from one of Silicon Valley’s top venture capital firms, Sequoia, which could put the company’s value at $1 billion. That’s a lot for an electric scooter disruptor.

Lime pays $12 to charge each scooter and Spin pays $5; both companies also deploy their own operations teams for charging. Bird has a somewhat different system. It pays anywhere from $5 to $25 to charge its scooters, depending on the city and the location of the dead scooter. The harder the vehicle is to find and the longer it’s been off the radar, the higher the “bounty.”

Abouzeid, who’s moonlighted as a Bird charger for the past two months, said he’s only found a $25 scooter once.

“With the $25 ones, they’re like, ’Hey, we think it’s in this location, it’s got 0 percent battery, good luck,’” he said.

But some chargers have devised a way to game the system. They call it hoarding.

“They’ll literally go around picking up Birds and putting them in the back of their car,” Campbell said. “And then they wait until the bounties on them go up and up and up.”

Bird has gotten wise to these tactics. It sent an email to all chargers last week warning them that if it sniffs out this kind of activity, those hoarders will be barred from the app.

“We feel like this is a big step forward in fixing some of the most painful issues we’ve been hearing,” Bird wrote in the email, which was seen by CNET.

Tweaker chop shops

Hoarding and vandalism aren’t the only problems for electric scooter companies. There’s also theft. While the vehicles have GPS tracking, once the battery fully dies they go off the app’s map.

“Every homeless person has like three scooters now,” Ghadieh said. “They take the brains out, the logos off and they literally hotwire it.”
img-1134

I’ve seen scooters stashed at tent cities around San Francisco. Photos of people extracting the batteries have been posted on Twitter and Reddit. Rumor has it the batteries have a resale price of about $50 on the street, but there doesn’t appear to be a huge market for them on eBay or Craigslist, according to my quick survey.

Bird, Lime and Spin all said trashed and stolen scooters aren’t as big a problem as you’d think. When the companies launch in a new city, they said they tend to see higher theft and vandalism rates but then that calms down.

“We have received a few reports of theft and vandalism, but that’s the nature of the business,” said Spin co-founder and President Euwyn Poon. “When you have a product that’s available for public consumption, you account for that.”

Dockless, rentable scooters are now taking over cities across the US — from Denver to Atlanta to Washington, DC. Bird’s scooters are available in at least 10 cities with Scottsdale, Arizona, being the site of its most recent launch.

Meanwhile, in San Francisco, regulators have been working to get rules in place to make sure riders drive safely and the companies abide by the law.

New regulations to limit the number of scooters are set to go into effect in the city on June 4. To comply, scooter companies have to clear the streets of all their vehicles while the authorities process their permits. That’s expected to take about a month.

And just like that, scooters will go out the way they came in — appearing and disappearing from one day to the next — leaving in their wake the chargers, mechanics, vandals and people hotwiring the things to get a free ride around town.

#USA #transport #disruption #SDF

Brevet US 2018/0065749 A1
▻http://jsene.net/spip.php?article1031

http://jsene.net/IMG/arton1031.jpg

28 mars 2018 Je découvre au fil de Facebook le brevet de Wallmart pour des robots pollinisateurs. Ce que j’écrivais dans Je ne me souviens pas, publié à la suite de La Crise cet automne. Je ne me souviens pas du remplacement des abeilles. [ ... ] Je ne me souviens pas de la synthèse du pollen. L’article, le brevet. Oyez braves gens, je prédis l’avenir. Suivez-moi. * Concurrence déloyale des abeilles animales qui pollinisent gratuitement au détriment des entreprises robotiques du secteur. La (...)

▻https://www.publie.net/livre/la-crise-joachim-sene
▻https://www.cnet.com/news/walmart-to-make-autonomous-robot-bees-pollen-drones
▻http://images2.freshpatents.com/pdf/US20180065749A1.pdf
▻https://twitter.com/joachimsene

Malaysian government using fake news law to crush freedom of speech - CNET
▻https://www.cnet.com/news/malaysian-government-passing-fake-news-laws

https://cnet2.cbsistatic.com/img/_l2c8MW-LhOmoEIxayLqDiW6Oi0=/670x503/2018/04/03/47d9c5ad-3a3c-4b30-bcbc-03304945eaf1/gettyimages-937983820.jpg

The bill makes not only creating fake news illegal, but also sharing it. A Malaysian citizen could be punished, then, for simply retweeting fake news. If found guilty, Malaysians can be sentenced to prison for up to six years and fined up to 500,000 Malaysian ringgit (which roughly converts to $130,000). Plus, it’s not a domestic law — it applies to those outside the country who are responsible for fake news.

“This legislation is problematic on so many different levels,” David Kaye, clinical professor of law at the University of California, Irvine School of Law, said to CNET. “The definition of fake news is so broad it seems like the government could decide anything could be fake news. On top of that, it has these extraordinarily harsh penalties.”

Case study: A scandal erupted in 2015 around Malaysian Prime Minister Najib Razak when the Wall Street Journal reported that around $700 million in funds were transferred from a state-owned company to his personal bank accounts. Over 10 sites were taken down for reporting on this, according to EFF.

With the new fake news law, journalists who wrote those stories and citizens who shared them online could face legal punishment and even jail time. That includes international journalists.

“[The new law] applies to non-Malaysian citizens internationally if ’fake news’ published overseas involves Malaysian citizens,” said a Khairil Yusof, team coordinator at Sinar Project, an organization that defends digital rights of citizens in Malaysia. “For example the WSJ journalists that broke the story [that alleged Prime Minister Razak’s corruption] face the possibility of being jailed and fined when visiting Malaysia.”

#Fake_news #Malaisie

BYU’s women-in-math session poster features, oh, all men

Commentary: A Brigham Young University invitation for women to come and learn more about math has a singular focus. And it gives the math department a good laugh.

https://i.imgur.com/zKy1N9b.jpg

▻https://www.cnet.com/news/brigham-young-university-women-in-math-poster-features-men
#mathématiques #femmes #université #femmes #hommes #poster #affiche #université #science
signalé par @isskein

Amazon wants to hire you, and 49,999 others, to pack stuff - CNET
▻https://www.cnet.com/news/amazon-wants-to-hire-you-and-49999-others-to-ship-stuff

Want to work for Amazon? If you’re down to sling packing tape and stuff plastic air bladders into boxes, the company has a job for you.

In what it’s calling “the nation’s largest job fair,” Amazon will gear up 10 of its huge warehouses nationwide to lure potential employees. It starts at 8 a.m. sharp on August 2, aka “Boxing Day.”

▻https://www.youtube.com/watch?v=-d3DKy-ahdg

And if that’s not enough to get you to show up on Job Day, there’s always the lure of working alongside really fast robots.

Texting on the move makes you walk weird, study finds - CNET
▻https://www.cnet.com/news/walk-and-use-your-phone-and-you-risk-looking-funny-says-study

https://cnet1.cbsistatic.com/img/XyeNTS2h3AYasvTYrLxuxTqqUe0=/670x503/2017/07/04/873a9ceb-2e5f-49fe-b332-a5fda8a168cf/phone-user-crossing-the-road.jpg

Walking silly isn’t just a Monty Python sketch. It’s something that you’ll do naturally if you walk while browsing your phone, a study has shown.

Researchers at Anglia Ruskin University put a mobile eye tracker and motion analysis sensors on participants who walked and crossed a kerb-like obstacle on the ground while writing or reading a text or talking on the phone.

According to results, phone users spend up to 61 percent less time watching out for the obstacle, and bring their foot up “higher and slower” over the obstacle as they walked, adopting a “cautious and exaggerated stepping strategy” to minimise the risk of tripping.

#Mobile #Usages_numeriques #Silly_walk

Warning: for Windows systems: important spread of #WannaCry (#Wcry) ransomware

▻http://thehackernews.com/2017/05/wannacry-ransomware-unlock.html?m=1
▻https://arstechnica.com/security/2017/05/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide

The malware/worm is causing disruptions at banks, hospitals, telecommunications services, train stations, and other mission-critical organisations in multiple countries, including the UK, Spain, Germany, and Turkey. Telefonica, FedEx, and the UK government’s National Health Service (NHS) have been hit. Operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.

The ransomware completely encrypts all your files and render them unusable. They ask you to pay some money to get the decryption key. ($300 to $600 worth in bitcoins). Paying does not guarantee you will get a decryption key though.

The malware spreads through social engineering e-mails.
Be careful with any attachments you receive from unknown sources (and even known sources). Make sure the files are sent intentionally.
Watch out for .pdf or .hta files, or links received via e-mail that point to .pdf or .hta files.

More than 45.000 computers worldwide have already been infected, but there appears to be a kill switch, i.e. a way to stop its spreading.
As one of the first operations, the malware tries to connect to the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com. It doesn’t actually download anything there, just tries to connect. If the connection succeeds, the program terminates.

This can be seen as a kind of kill switch provision, or perhaps it had some particular reason. Whichever it is, the domain has now been sinkholed and the host in question now resolves to an IP address that hosts a website. Therefore, nothing will happen on any new systems that runs the malware. This will of course not help anyone already infected.

Microsoft has released a patch to block the malware on Windows machines:

MS17-010
▻https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

It is important to apply the patch because other variants of the malware can exploit the same vulnerability and/or use a different domain name check.

Nice technical analysis of the worm:

▻https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r

And more technical info about the worm itself: (careful)

▻https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168

typedef struct _wc_file_t {
char     sig[WC_SIG_LEN]     // 64 bit signature WANACRY!
uint32_t keylen;             // length of encrypted key
uint8_t  key[WC_ENCKEY_LEN]; // AES key encrypted with RSA
uint32_t unknown;            // usually 3 or 4, unknown
uint64_t datalen;            // length of file before encryption, obtained from GetFileSizeEx
uint8_t *data;               // Ciphertext Encrypted data using AES-128 in CBC mode
} wc_file_t;

#malware #worm #ransomware #NSA #Shadow_Broker #EternalBlue