Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Linux

Linux Kernel 4.10 Officially Released With Virtual GPU Support (softpedia.com) 27

"Linus Torvalds announced today the general availability of the Linux 4.10 kernel series, which add a great number of improvements, new security features, and support for the newest hardware components," writes Softpedia. prisoninmate quotes their report: Linux kernel 4.10 has been in development for the past seven weeks, during which it received a total of seven Release Candidate snapshots that implemented all the changes that you'll soon be able to enjoy on your favorite Linux-based operating system... Prominent new features include virtual GPU (Graphics Processing Unit) support, new "perf c2c" tool that can be used for analysis of cacheline contention on NUMA systems, support for the L2/L3 caches of Intel processors (Intel Cache Allocation Technology), eBPF hooks for cgroups, hybrid block polling, and better writeback management. A new "perf sched timehist" feature has been added in Linux kernel 4.10 to provide detailed history of task scheduling, and there's experimental writeback cache and FAILFAST support for MD RAID5... Ubuntu 17.04 (Zesty Zapus) could be the first stable OS to ship with Linux 4.10.
It required 13,000 commits, plus over 1,200 merges, Linus wrote in the announcement, adding "On the whole, 4.10 didn't end up as small as it initially looked."
Bug

Google Discloses An Unpatched Windows Bug (Again) (bleepingcomputer.com) 64

An anonymous reader writes: "For the second time in three months, Google engineers have disclosed a bug in the Windows OS without Microsoft having released a fix before Google's announcement," reports BleepingComputer. "The bug in question affects the Windows GDI (Graphics Device Interface) (gdi32.dll)..." According to Google, the issue allows an attacker to read the content of the user's memory using malicious EMF files. The bad news is that the EMF file can be hidden in other documents, such as DOCX, and can be exploited via Office, IE, or Office Online, among many.

"According to a bug report filed by Google's Project Zero team, the bug was initially part of a larger collection of issues discovered in March 2016, and fixed in June 2016, via Microsoft's security bulletin MS16-074. Mateusz Jurczyk, the Google engineer who found the first bugs, says the MS16-074 patches were insufficient, and some of the issues he reported continued to remain vulnerable." He later resubmitted the bugs in November 2016. The 90-days deadline for fixing the bugs expired last week, and the Google researcher disclosed the bug to the public after Microsoft delayed February's security updates to next month's Patch Tuesday, for March 15.

Microsoft has described Google's announcements of unpatched Windows bugs as "disappointing".
Android

99.6 Percent of New Smartphones Run Android or iOS (theverge.com) 90

The latest smartphone figures from Gartner show how much iOS and Android are dominating the smartphone market. According to the report, Android and iOS accounted for 99.6 percent of all smartphone sales in the fourth quarter of 2016. For comparison, this figure was 96.8 percent in the second quarter of 2015. The Verge reports: Of the 432 million smartphones sold in the last quarter, 352 million ran Android (81.7 percent) and 77 million ran iOS (17.9 percent), but what happened to the other players? Well, in the same quarter, Windows Phone managed to round up 0.3 percent of the market, while BlackBerry was reduced to a rounding error. The once-great firm sold just over 200,000 units, amounting to 0.0 percent market share. It's worth noting that although, in retrospect, this state of affairs seems inescapable, for years analysts were predicting otherwise. Three years ago, Gartner said that Microsoft's mobile OS would overtake iOS for market share in 2017, while BlackBerry would still be hanging around as sizable (if small) player.
Programming

Apple Announces WWDC 2017, To Be Held in San Jose On June 5-9 (daringfireball.net) 63

Apple said today it will kick off this year's Worldwide Developers Conference on June 5. Much like every year, the developer conference is the place where we can expect to see what's coming to iOS, macOS, watchOS, and tvOS later this year. This year, the event is being held in a different venue: the McEnery Convention Center in San Jose, the original home of WWDC. John Gruber, writing for DaringFireball: First, announcing early really helps people who have to travel long distances to attend, particularly those from outside the U.S. The San Jose Convention Center is the original home of WWDC -- that's where it was held from 1988 through 2002. (WWDC 2002 was the year Steve Jobs held a funeral for Mac OS 9 during the keynote.) San Jose is way closer to Apple headquarters. San Francisco is about an hour drive from 1 Infinite Loop. The San Jose Convention Center is only five minutes away from Apple's new campus. Schiller emphasized to me that this is a big deal: more Apple employees from more teams will be present, simply because they won't have to devote an entire day to being there. (This could be a particular boon to WWDC's developer labs, where attendees can get precious face time with Apple's engineers.)
Java

JavaScript Attack Breaks ASLR On 22 CPU Architectures (bleepingcomputer.com) 152

An anonymous reader quotes a report from BleepingComputer: Five researchers from the Vrije University in the Netherlands have put together an attack that can be carried out via JavaScript code and break ASLR protection on at least 22 microprocessor architectures from vendors such as Intel, AMD, ARM, Allwinner, Nvidia, and others. The attack, christened ASLRCache, or AnC, focuses on the memory management unit (MMU), a lesser known component of many CPU architectures, which is tasked with improving performance for cache management operations. What researchers discovered was that this component shares some of its cache with untrusted applications, including browsers. This meant that researchers could send malicious JavaScript that specifically targeted this shared memory space and attempted to read its content. In layman's terms, this means an AnC attack can break ASLR and allow the attacker to read portions of the computer's memory, which he could then use to launch more complex exploits and escalate access to the entire OS. Researchers have published two papers [1, 2] detailing the AnC attack, along with two videos[1, 2] showing the attack in action.
Open Source

MariaDB Fixes Business Source License, Releases MaxScale 2.1 (perens.com) 17

Creator of The Open Source Definition and longtime Slashdot reader Bruce Perens writes: MariaDB is releasing MaxScale 2.1, a new version of their database routing proxy, and has modified its timed-transition-to-Open-Source "Business Source License" to make it more acceptable to the Open Source community and more easily usable by other companies. I've blogged the issues I had with the license and how MariaDB has fixed them, and Kaj Arno has blogged the MariaDB side of the story. Here's an excerpt from Perens' blog post: "The BSL is a parameterized license. The licensor chooses the license which is transitioned to, the date of the transition, and the limitation. The problem with this is that it was so parameterized that if you told someone the license was 'BSL 1.0,' they would not have any idea what license they really had. It might transition to any of 100 Open Source licenses, or to a non-Open-Source license. The transition might happen in a month, or next century. The limitation might be that you could only have three commercial servers, or that you indentured your firstborn son (OK, that's going overboard, but you get the picture)." He continues, "So, I didn't like that 'BSL' didn't really say what the license did, and I didn't feel that was the best thing for the users or the community. I asked MariaDB to fix it. Together we have arrived at constraints on the parameters and minimum privileges that will take the new BSL much closer to being one license while still allowing licensors some latitude to choose parameters."
Android

China's Huawei Catching Up With Apple, Samsung Smartphone Sales (livemint.com) 62

From a report: Chinese smartphone maker Huawei managed to gain ground on Samsung and Apple in terms of global market share last year, following the problems encountered by the two giants, the Gartner consultancy group said on Wednesday. Over the year as a whole, the Chinese maker saw its sales leap by 26.7 percent, while the South Korean and US rivals both saw their sales decline by 4.3 percent, Gartner said in a study. As result, Huawei was able to increase its share of the smartphone sector to 8.9 percent in 2016 from 7.3 percent a year earlier, while Samsung saw its market share shrink by two full percentage points to 20.5 percent and Apple's contracted to 14.4 percent from 15.9 percent. "Chinese makers succeeded in winning market share over last year and Huawei now seems to be the main rival to the two giants, even if the gap remains large," Gartner analyst Annette Zimmermann told AFP.
Android

Google's Not-so-secret New OS (techspecs.blog) 128

According to reports late last year, Google is working on a new operating system called Andromeda. Much about it is still unknown, but according to the documentations Google has provided on its website, it's clear that the Fuchsia is the actual name of the operating system, and the kernel is called Magenta. A tech enthusiast dug around the documentations to share the followings: To my naive eyes, rather than saying Chrome OS is being merged into Android, it looks more like Android and Chrome OS are both being merged into Fuchsia. It's worth noting that these operating systems had previously already begun to merge together to an extent, such as when the Android team worked with the Chrome OS team in order to bring Update Engine to Nougat, which introduced A/B updates to the platform. Google is unsurprisingly bringing up Andromeda on a number of platforms, including the humble Intel NUC. ARM, x86, and MIPS bring-up is exactly what you would expect for an Android successor, and it also seems clear that this platform will run on Intel laptops. My best guess is that Android as an API and runtime will live on as a legacy environment within Andromeda. That's not to say that all development of Android would immediately stop, which seems extremely unlikely. But Google can't push two UI APIs as equal app frameworks over the long term: Mojo is clearly the future. Ah, but what is Mojo? Well it's the new API for writing Andromeda apps, and it comes from Chromium. Mojo was originally created to "extract a common platform out of Chrome's renderer and plugin processes that can support multiple types of sandboxed content."
Security

Russian Cyberspies Blamed For US Election Hacks Are Now Targeting Macs (computerworld.com) 250

You may recall "APT28", the Russian hacking group which was tied to last year's interference in the presidential election. It has long been known for its advanced range of tools for penetrating Windows, iOS, Android, and Linux devices. Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs. From a report on ComputerWorld: The group -- known in the security industry under different names including Fancy Bear, Pawn Storm, and APT28 -- has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent. X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan. It's not entirely clear how the malware is being distributed because the Bitdefender researchers obtained only the malware sample, not the full attack chain. However, it's possible a macOS malware downloader dubbed Komplex, found in September, might be involved. Komplex infected Macs by exploiting a known vulnerability in the MacKeeper antivirus software, according to researchers from Palo Alto Networks who investigated the malware at the time. The vulnerability allowed attackers to execute remote commands on a Mac when users visited specially crafted web pages.Further reading on ArsTechnica.
Microsoft

Microsoft Delays February Patch Tuesday Indefinitely (sans.edu) 88

UnderAttack writes: Microsoft today announced that it had to delay its February Patch Tuesday due to issues with a particular patch. This was also supposed to be the first Patch Tuesday using a new format, which led some to believe that even Microsoft had issues understanding how the new format is exactly going to work with no more simple bulletin summary and patches being released as large monolithic updates. Ars Technica notes the importance of this Patch Tuesday as "there's an in-the-wild zero-day flaw in SMB, Microsoft's file sharing protocol, that at the very least allows systems to be crashed." They also elaborate on the way Microsoft is "continuing to tune the way updates are delivered to Windows 7, 8.1, Server 2008 R2, Server 2012, and Server 2012 R2."
Businesses

Story of Two Developers Who Are Reporting Growth in Revenue After Leaving Apple's App Store (techcrunch.com) 65

John Biggs, writing for TechCrunch: In what amounts to one of the purest and most interesting experiments in assessing the value of Mac OS's App Store, the founder of Rogue Amoeba posted a description of what happened when he pulled his app Piezo. The result? More revenue as a whole without much damage to sales. The impetus for the move came after Apple pulled the Dash app off of the App Store. In the 100-day period since the move, Dash maintained and even increased revenue and found that its users didn't care which platform they were using -- 84% of the customers simply moved over to the independent app license from the App Store license. The bottom line? "It feels great to have full control over my business and to avoid App Store installation/updating/purchasing issues," wrote Dash creator Bogdan Popescu. When Paul Kafasis tried to move away from the App Store he was worried he'd lose half of his sales. After all, many months saw about 50% of sales coming from the App Store directly. When he pulled the app a year ago, however, all of those App Store sales turned into direct sales through his website, a fact that surprised and amused Kafasis.
EU

The City Of Munich Now Wants To Abandon Linux And Switch Back to Windows (techrepublic.com) 557

"The prestigious FOSS project replacing the entire city's administration IT with FOSS based systems, is about to be cancelled and decommissioned," writes long-time Slashdot reader Qbertino. TechRepublic reports: Politicians at open-source champion Munich will next week vote on whether to abandon Linux and return to Windows by 2021. The city authority, which made headlines for ditching Windows, will discuss proposals to replace the Linux-based OS used across the council with a Windows 10-based client. If the city leaders back the proposition it would be a notable U-turn by the council, which spent years migrating about 15,000 staff from Windows to LiMux, a custom version of the Ubuntu desktop OS, and only completed the move in 2013...

The use of the open-source Thunderbird email client and LibreOffice suite across the council would also be phased out, in favor of using "market standard products" that offer the "highest possible compatibility" with external and internal software... The full council will vote on whether to back the plan next Wednesday. If all SPD and CSU councillors back the proposal put forward by their party officials, then this new proposal will pass, because the two parties hold the majority.

The leader of the Munich Green Party says the city will lose "many millions of euros" if the change is implemented. The article also reports that Microsoft moved its German headquarters to Munich last year.
Microsoft

Microsoft Teases Windows 10's Upcoming 'Project Neon' Design Language (windowscentral.com) 139

An anonymous reader quotes a report from Windows Central: Microsoft just gave developers a sneak peek at Project Neon, Microsoft's upcoming design language for Windows 10 that aims to add fluidity, animation and blur to apps and the operating system. We exclusively revealed that this was in the works in late 2016, and today Microsoft has given us a first peak at what Project Neon will look like. During the Windows Developer Day livestream, an image of Project Neon was seen the background of one of the PowerPoint slides being shown off on stage. Although not much, it's further confirmation that this is the end goal for Windows 10's UI, and Project Neon will be bringing a fresh coat of paint to apps. Project Neon should benefit all types of Windows 10 devices, including Windows 10 Mobile, HoloLens and even Xbox. We're still several months away from Project Neon being everywhere in Windows 10, and we're expecting to see more at BUILD this coming May. In fact, a lot of the Project Neon APIs are available in the latest Insider Preview builds of Windows 10, meaning developers can already begin taking advantage of these new user interfaces and design language! Animations and transitions are a big deal with Project Neon, with the goal of making the operating system and apps feel like they work together. Peter Bright does a good job summarizing the looks of the screenshot via Ars Technica: "The picture shows a refreshed version of the Groove music app on a Windows desktop. The fundamentals of the app and its layout aren't changed, underscoring that Neon is very much an iteration of the current Metro/Microsoft Design Language (MDL). The window has shed its discrete title bar and one pixel border, with the application content now extending to the very edge of the window. The search text field no longer has a box around it, and the left hand pane has a hint of translucency to it." You can view the screenshot here and judge it for yourself.
Communications

Linux Kernel 3.18 Reaches End of Life (softpedia.com) 101

prisoninmate quotes a report from Softpedia: Linux kernel 3.18.48 LTS is here and it's the last in the series, which was marked for a January 2017 extinction since mid-April last year. According to the appended shortlog, the new patch changes a total of 50 files, with 159 insertions and 351 deletions. It brings an updated networking stack with Bluetooth, Bridge, IPv4, IPv6, CAIF, and Netfilter improvements, a couple of x86 fixes, and a bunch of updated USB, SCSI, ATA, media, GPU, ATM, HID, MTD, SPI, and networking (Ethernet and Wireless) drivers. Of course, this being the last maintenance update in the series, you are urged to move to a newer LTS branch, such as Linux kernel 4.9 or 4.4, which are far more secure and efficient than Linux 3.18 was. But Linux 3.18 appears to be used by Google and other vendors on a bunch of Android-powered devices, and even some Chromebooks use Linux kernel 3.18 on Chrome OS, so here's what the kernel developer suggests you do if you can't upgrade. "If you are _stuck_ on 3.18 (/me eyes his new phone), well, I might have a plan for you, that first involves you yelling very loudly at your hardware vendor and refusing to buy from them again unless they cut this crap out. After you properly vent to them, drop me an email and let's see what we can come up with, you aren't in this sinking ship alone, and it's obvious your vendor isn't going to help out," said Greg Kroah-Hartman in the mailing list announcement.
Android

Android Wear 2.0 Is An Evolutionary Update To Google's Smartwatch OS (techcrunch.com) 40

Google is officially launching Android Wear 2.0 today -- the biggest update to the company's wearable operating system since its launch in 2014. While Android Wear 2.0 will be launching with two new flagship watches from LG -- the LG Watch Sport and LG Watch Style, a number of existing Wear watches will also get this update in the coming weeks and months. TechCrunch reports: The first thing you'll notice when you get a 2.0 watch is the overall update to its design -- both in terms of the overall look but also the user experience. The look of Wear 2.0 now skews closer to Google's Material Design guidelines. While the overall look will still feel familiar to Wear 1.0 users, the update put a stronger emphasis on cards, for example. This means every notification now gets a full screen to show its preview and you can use the watch's dial to scroll through them (assuming your watch has a dial, of course -- otherwise you can obviously still use the touch screen to scroll). The other marquee feature of Wear 2.0 is support for standalone apps that don't need a companion app to run on your phone. That means developers can write apps that are purely geared toward the watch and they can then publish it on the Google Play store, which is now also available directly on the watch. That sounds more useful than it is -- unless you plan on getting an LTE-enabled watch and leave your phone at home. That's an option now that you could run Hangout or Google Music directly on the watch, but, except for runners, that's likely not a typical use case. At the end of the day, the most important use case for a smartwatch remains dealing with notifications. Everything else often feels like an unnecessary complication. [In summary, Frederic Lardinois writes via TechCrunch:] The Android smartwatch market could use a revolution to kickstart what now occasionally feels like a moribund ecosystem. Wear 2.0 doesn't feel revolutionary. It is, however, a perfectly adequate update that addresses many of the issues with Android Wear. It also puts it on parity with its competitors, like Apple's watchOS or Samsung's Tizen. It does also introduce some new use cases for LTE-enabled watches, but I can't help but feel that this will remain a niche category. Much, however, will depend on Google's hardware partners who will now have to bring Wear 2.0 to life.
IOS

Dozens of Popular iOS Apps Vulnerable To Intercept of TLS-Protected Data (arstechnica.com) 53

Researchers at Sudo Security Group Inc. discovered seventy-six popular applications in Apple's iOS App Store that had implemented encrypted communications with their back-end services in such a way that user information could be intercepted by a man-in-the-middle attack. According to Ars Technica, the applications could be fooled by a forged certificate sent back by a proxy, allowing their Transport Layer Security to be unencrypted and examined as it is passed over the internet. From their report: The discovery was initially the result of bulk analysis done by Sudo's verify.ly, a service that performs bulk static analysis of application binaries from Apple's App Store. Will Strafach, president of Sudo, verified the applications discovered by the system were vulnerable in the lab, using a network proxy configured with its own Secure Socket Layer certificate. In the post about his findings being published today, Strafach wrote: "During the testing process, I was able to confirm 76 popular iOS applications allow a silent man-in-the-middle attack to be performed on connections which should be protected by TLS (HTTPS), allowing interception and/or manipulation of data in motion. According to Apptopia estimates, there has been a combined total of more than 18,000,000 (Eighteen Million) downloads of app versions which are confirmed to be affected by this vulnerability."

The data exposed by the vulnerability in each of the applications varied in sensitivity. For just less than half -- 33 of the applications -- the risk was relatively low, as most of the data was "partially sensitive analytics data," Strafach said. These apps included a number of third-party "uploader" apps for Snapchat (which exposed Snapchat usernames and passwords) and the Vice News app, among others. In 24 cases, the exposed data included login credentials or session tokens that would allow an attacker to hijack the account associated with the application, though those accounts were not tied to highly sensitive data. However, the remaining 19 applications left sensitive data exposed to attack. In these cases, Strafach "confirmed ability to intercept financial or medical service login credentials and/or session authentication tokens for logged in users."

Hardware Hacking

Reporter Pans Open Source Laptop Kit TERES-I (theverge.com) 133

The Verge's Paul Miller has some harsh words for the $242 open source DIY laptop kit TERES-I from Olimex. Instead of buying one hyper-integrated board that has all of the laptop's brains and I/O on it, you buy several little boards and wire them together. Then you put them inside a mostly finished case built by Olimex -- although if you want to go ultra DIY you can 3D print your own case, too. Everything, from the shell's CAD design to the motherboard's wiring, is available on GitHub for perusal or modification, and the modular nature of the internals means you can add a more powerful chipset or modify just about anything you find unsatisfying about the computer if you have the know-how or if Olimex or others offer compatible parts.

But, unfortunately, almost everything about this laptop is unsatisfying right now. It runs a quad-core ARM64 chip, though x86 and MIPS chips might be offered later on. It has a tiny 11.6-inch screen, a huge bezel, a tiny trackpad, a cramped-looking keyboard, and a whole lot of plastic. The OS (Linux, naturally) runs off a microSD card. At least the LCD comes in a 1080p variant, because the default 1366 x 768 resolution is a real throwback. There's even 802.11n Wi-Fi, which has me questioning what decade it is.

But are there any better alternatives? In the comments share your own thoughts about open source laptop kits.
Operating Systems

OPNsense 17.1 Released, Based On FreeBSD 11 (phoronix.com) 39

An anonymous reader quotes Phoronix: OPNsense 17.1 is now available as the newest release of this network-focused FreeBSD-based operating system forked from pfSense. It's now been two years since the first official release of OPNsense and to celebrate they have out a big update. OPNsense 17.1 re-bases to using FreeBSD 11.0, there's now a SSH remote installer, new language support, more hardening features used from HardenedBSD, new plugins, integrated authentication via PAM, and many other improvements. Some of the new plug-ins include FTP Proxy, Tinc VPN, and Let's Encrypt support.
This version has been named "Eclectic Eagle".
IOS

Lawsuit Claims Apple Forced Users To iOS 7 By Breaking FaceTime (appleinsider.com) 90

According to Apple Insider, a class-action lawsuit has been filed in California that claims Apple broke FaceTime in iOS 6 to force users to upgrade to iOS 7. The lawsuit says Apple forced users to upgrade so it could avoid payments on a data deal with Akamai. From the report: When FaceTime launched in 2010, Apple included two methods of connecting one iPhone to another. The first, a peer-to-peer technology, transferred audio and video data over a direct connection, while a second "relay method" used third-party servers run by Akamai to shuttle data back and forth. Initially, calls routed through Akamai's relay servers only accounted for only 5 to 10 percent of FaceTime traffic, but usage quickly spiked. On Nov. 7, 2012, a jury found Apple's peer-to-peer FaceTime call technology in infringement of patents owned by VirnetX. Along with a $368 million fine, the ruling meant Apple would have to shift away from peer-to-peer to avoid further infringement. Apple began to incur multi-million dollar monthly charges from Akamai as a result of the change. Testimony from the 2016 VirnetX retrial pegged relay fees at about $50 million between April 2013 and September 2013, rates that according to today's lawsuit were of concern to Apple executives. After eating rising relay service charges for nearly a year, Apple saw a chance to slow down or completely negate the fees in iOS 7. Among other system improvements, the next-generation OS included a method of creating peer-to-peer FaceTime connections without infringing on VirnetX patents. The only problem, according to the lawsuit, was that users continued to operate devices running iOS 6. Citing internal emails and sworn testimony from the VirnetX trial, the lawsuit alleges Apple devised a plan to "break" FaceTime on iOS 6 or earlier by causing a vital digital certificate to prematurely expire. Apple supposedly implemented the "FaceTime Break" on April 16, 2014, then blamed the sudden incompatibility on a bug, the lawsuit claims.
Security

Zero-Day Windows Security Flaw Can Crash Systems, Cause BSODs (helpnetsecurity.com) 64

Orome1 quotes a report from Help Net Security: A zero-day bug affecting Windows 10, 8.1, Windows Server 2012 and 2016 can be exploited to crash a vulnerable system and possibly even to compromise it. It is a memory corruption bug in the handling of SMB traffic that could be easily exploited by forcing a Windows system to connect to a malicious SMB share. Tricking a user to connect to such a server should be an easy feat if clever social engineering is employed. The vulnerability was discovered by a researcher that goes by PythonResponder on Twitter, and who published proof-of-exploit code for it on GitHub on Wednesday. The researcher says that he shared knowledge of the flaw with Microsoft, and claims that "they had a patch ready 3 months ago but decided to push it back." Supposedly, the patch will be released next Tuesday. The PoC exploit has been tested by SANS ISC CTO Johannes Ullrich, and works on a fully patched Windows 10. "To be vulnerable, a client needs to support SMBv3, which was introduced in Windows 8 for clients and Windows 2012 on servers," he noted, and added that "it isn't clear if this is exploitable beyond a denial of service." Until a patch is released, administrators can prevent it from being exploited by blocking outbound SMB connections (TCP ports 139 and 445, UDP ports 137 and 138) from the local network to the WAN, as advised by CERT/CC. "The tweet originally announcing this issue stated that Windows 2012 and 2016 is vulnerable," the researcher said. "I tested it with a fully patched Windows 10, and it got an immediate blue screen of death."

Slashdot Top Deals