Chrome ditches XP, Vista; 3.2m machines at risk from JBoss; Data sharing inquiry

The latest version of Google’s Chrome web browser, released last week, has ditched support for Windows XP and Windows Vista, as well as three older versions of OS X, according to reports.

Chrome 50 reportedly won’t be recognised nor downloaded by machines that run Windows XP, Windows Vista, OS X Snow Leopard, OS X Lion or OS X Mountain Lion.

According to Computerworld, existing installations of Chrome running on those now-unsupported operating systems will still function. However, they will not receive bug fixes, upgrades with new features or security patches for any vulnerabilities that come to light.

According to an Ars Technica report, there’s no guarantee that features such as Google account sign-in or data syncing will continue to work on the older versions of Chrome.

But Chrome 50 wasn’t just about ditching support for older operating systems. As ZDnet reported, the release also included an improvement to push notifications and a bunch of security fixes.

JBoss ransomware

More than three million machines are at risk of being exploited in a ransomware campaign that spreads via vulnerable JBoss servers, according to Cisco’s Talos threat intelligence organisation.

About a month ago, Talos published a blog entry describing how a ransomware campaign based on SamSam was affecting computers across the internet.

“Unlike most ransomware, SamSam is not launched via user-focused attack vectors, such as phishing campaigns and exploit kits. This particular family seems to be distributed via compromising servers and using them as a foothold to move laterally through the network to compromise additional machines which are then held for ransom,” Talos said in that initial blog post.

That post went on to say that attackers were leveraging JexBoss, an open source tool for testing and exploiting JBoss application servers, to gain a foothold on a target network. “Once they have access to the network they proceed to encrypt multiple Windows systems using SamSam,” the post said.

In a follow-up blog entry, Talos said that it has looked deeper into the JBoss vectors that were used as the initial point of compromise in this SamSam campaign.

“[W]e started scanning the internet for vulnerable machines. This led us to approximately 3.2 million at-risk machines,” the latest blog entry said.

“As part of this investigation, we scanned for machines that were already compromised and potentially waiting for a ransomware payload. We found just over 2100 backdoors installed across nearly 1600 IP addresses,” it went on.

The second blog entry has more details, including a list of indicators that a server might be affected, as well as recommended actions to take if a server is indeed found to have been compromised.

Data sharing inquiry

The Productivity Commission is looking for comment from the public as part of an ongoing inquiry into public and private sector data sharing.

The commission began its inquiry into ‘Data Availability and Use’ after Treasurer Scott Morrison requested the commission look into “the benefits and costs of options for increasing availability of and improving the use of public and private sector data by individuals and organisations”.

Specifically, as part of its inquiry, the commission is required to:

• look at the costs and benefits of making public and private datasets more available;
• examine options for collection, sharing and release of data;
• identify ways consumers can use and benefit from access to data (particularly data about themselves); and
• consider how to preserve individual privacy and control over data use.

The commission earlier this week released an Issues Paper on the topic. The paper covers several issues on which the commission would like feedback, and also includes information on how to prepare a submission to the inquiry.

Productivity Commission Chairman Peter Harris said: “The significant evolution in data collection and analysis seen in recent times suggests that the culture, standards and policy structures that have applied to what is commonly called big data analytics may need to move out of the back room and into the showroom if community confidence and wide opportunity for innovation are to be maximised.”

If you’re interested in providing comment to the inquiry, initial submissions are due by 29 July. A draft report is scheduled for release in November, after which the commission will seek comment from the public once again.

A final report is due to the government in March 2017.

More information on the inquiry is available at pc.gov.au/inquiries/current/data-access.

Image courtesy of Microsoft.