Weekly News Roundup 8/8/2016

On a week that saw the first public website launch 25 years ago, we learn about IBM’s Doc Watson, an old security flaw in Windows and a flaw in Samsung Pay.

Happy 25th birthday WWW!

IBM’s Watson saves a life.

IBMWATSONSince dominating at frivolous tasks from taking on all comers at Jeopardy to making taste sensations, IBM’s Watson has been testing its abilities to crunch numbers and test combinations that give new creative results. Recently however, Watson as stepped in where the stakes were really high and actually saved a life.

In 10 minutes, Watson analysed a 60 year old woman’s genetic changes against a database of over 20 million cancer research papers to come up with a diagnosis for a rare form of leukemia that had been incorrectly identified months earlier. Watson went onto do similar for another patient with similar results.

The correct diagnosis effectively saved the life of the woman by ensuring that she received the life-saving treatment for the specific form of leukemia.

Good job Watson.

Original story from Engadget.

Windows 10 supercharges old security flaw.

CLMAM0xUcAAGUwWThere has been a security hole in Windows operating systems since March 1997 that has gone on ignored. Security researchers have discovered that the flaw leaks Microsoft Account credentials including machine settings, browsing history and saved passwords to other services including highly sensitive private user data.

The security flaw works by requesting the user connects to a SMB (Default network sharing protocol) share which has Windows automatically send your username and hashed (scrambled) password regardless of where the share lives. Even a share on the internet would receive your Microsoft Account credentials!

With you hashed password that s now in the hands of the attacker it takes as little as 4 seconds to crack the password (because people use bad passwords). Pretty bad news now that more than ever Windows 10 relies heavily on the Microsoft Account system.

For now the advice is to avoid using Microsoft web browsers (Internet Explorer and Edge) but there is also another fix that involves messing with the Windows registry. Not for the faint of heart this fix although the best solution runs the risk of making a real mess of things if left in the hands of an amateur. Best to get a pro in to help with the fix.

More on this from Bleeping Computer.

Samsung Pay security flaw exposed.

samsungpayIn a recent Black Hat Hacker conference college student Salvador Mendoza demonstrated how with some social engineering and his scratch-built wearable device dubbed “TokenGet” he was able to effectively skim a victims card.

The data captured was a payment token that unfortunately could be used to create additional payment tokens thanks to a flaw in the generation of payment would allow the attacker to continue to generate additional payment tokens to complete multiple fraudulent purchases even in regions where Samsung pay is not available.

Mendoza advised Samsung of the flaw in April but the tech giant is yet to provide a fix for the flaw.

Original story can be found over at IT News.