(Ars): Roundup: 15-yr old bug in Windows, Jeb Bush's Email Dump, How Earth's Orbit Affects Climate and Plank Results-Earliest Stars Born Later Than Originally Thought

Planck results: First stars were born later than we thought

Also constrains inflation, dark energy in the early Universe, and more.

by Xaq Rzetelny - Feb 11 2015, 6:35am PST

Visualization of the polarization of the CMB over the entire sky, as seen by the Planck satellite.

ESA and the Planck Collaboration

In 2009, the Planck spacecraft began its observations of the cosmos, and the program continued until 2013. Planck was designed to look for anisotropy, or non-uniformity, in the cosmic microwave background (CMB). On very large scales, the Universe looks pretty much the same in all directions, like a carpet that’s just as green and fluffy whichever corner of the room you’re standing in.

But the Universe is not like a carpet. There are small variations in the CMB, and by studying them, researchers can gain insight into the very early Universe. After all, the CMB is an “afterglow” of the Big Bang itself.

The Planck team has been reporting its results, which have big implications for cosmology. By and large, the results have confirmed the standard cosmological picture, but there were some surprises. For one thing, the new results show that the first stars were born over 100 million years later than previously estimated. For another thing, they put new constraints on inflation in the early Universe. As if that weren’t enough, they also constrain the density of dark energy in the early Universe.

How Earth’s orbit shapes climate and the seafloor

A surprising connection between sea level and volcanism at the bottom of the ocean.

by Scott K. Johnson - Feb 10 2015, 5:00pm PST

It’s often helpful to view the Earth as a complex device composed of many interacting sub-systems. Sometimes when you’ve drilled down a few levels, you'll be surprised to find one component is connected to another, seemingly unrelated, one. Groundwater depletion, for example, really can affect earthquakes and mountain ranges, climate change really can affect volcanic eruptions, and plate tectonics really can affect climate.

In a similar vein, it turns out that the activity of some seafloor ridges appear to be linked to orbital cycles by way of ice sheets, sea level, and magma physics. (Kevin Bacon has yet to be implicated.)

The suggestion isn’t new. A 2009 paper laid out the hypothesis on theoretical grounds, and it has been played around with since. But now a study from researchers at Oxford, Harvard, and the Korea Polar Research Institute provides evidence to support the hypothesis using data from the seafloor between Antarctica and Australia.

Addresses, SSNs, phone numbers released by former Gov. Jeb Bush in e-mail dump

Former governor is exposing correspondents' personal information.

On Tuesday, former Florida governor Jeb Bush published Volume 1 of an e-book detailing all of his official correspondence while in gubernatorial office. Although the e-book is edited and e-mail addresses have been redacted, the Governor's Office also published six Outlook files full of all of Bush's unredacted correspondence—creating a trove of full names connected with personal e-mail addresses, home addresses, phone numbers and even social security numbers, as The Verge first reported.

"This year I am releasing an e-book that uses my emails with Floridians as a guide to my eight years as governor. Here's a sneak peek at Chapter 1,” the former governor and possible presidential hopefulexplains on his website jebbushemails.com. In the corresponding e-book, he continues, “Millions of emails came in through our website, but it was when I made my personal email—jeb@jeb.org—public that I earned the nickname 'The eGovernor.'”

Unfortunately, releasing the personal e-mails of his correspondents probably won't lead to the same jokey familiarity for them, and it could result in dangerous exposure to identity thieves and social engineering hackers.

The scope of the e-mails is vast and includes everything from automated messages to brief summaries of the state of Cuban refugees who arrived on Florida's shores to oddly personal e-mails from constituents. Some e-mails include correspondence that had not been addressed to Bush originally but showed up when part of an e-mail was forwarded to him. Other e-mails include personal information about people who aren't involved in the e-mail thread at all. “Did you get this? Eric's wife is being induced tomorrow a.m. so we'll be out of town for a while. Merry Christmas and Happy New Year to you and your family!” one cheerily reads.

Other e-mails contain impassioned rants about Terri Schiavo, a woman who had been in a persistent vegetative state in Florida in 2005 whose guardians became embroiled in a legal struggle over whether Schiavo's feeding tube could be removed. Still others are messages of support from people who write as if they're on a first-name basis. Others are written as a last resort, hoping to sway the Governor in support of their everyday battles, as this e-mail, which contains full names in the original:

Dear Governor Bush,

My name is [name redacted by Ars]. I am the mother of [name redacted by Ars], actually it is now [married name redacted by Ars]. She got married the Saturday after Thanksgiving. She and her Husband are expecting a daughter in March. She is a very sweet loving young woman who made a terrible mistake. She got a DUI. She has paid all of her fines, but, she is one month behind in her paperwork. She and our family tried to talk to her probation officer for an exstention, all that the officer said was were we trying to cause her to lose her job? I swear that was never implied. My daughter, with, permission, moved to Michigan, where she is still living. The officer said she would have to violate her. The clerk of courts office said that that could mean an arrest warrant. My daughters pregnancy has been a difficult one. She wanted to be here for Christmas. Her Dad and I couldn't be at her wedding, too much to fly there. He couldn't walk her down the aisle, I felt so bad for her. my daughter did an extremely STUPID thing. She is soooo sorry. She understands that she must follow the rules she just got behind. Please, can you help us. Please, don't let them send my child and grandchild to jail. I don't think she could make it in there. Honest to God, we really are descent people, but descent people mess up and of course should pay like everyone else. I understand that, I truly do. I am at a loss. Her probation officer is [name redacted by Ars]. She works in [Florida city redacted by Ars]. The judge she had was [name redacted by Ars]. Please tell me what to do. i haven't told you the whole story. It would take too much of your time. I'm sorry to have bothered you with this. Thank you.

Sincerely, [Name and phone number redacted by Ars]

On a federal level, e-mails sent to a public official can be requested by anyone—US citizen or not—through the Freedom of Information Act (FOIA). On a state level, Florida's Sunshine Law provides a similar level of access to correspondence with a state official. The FOIA and state open government laws theoretically provide some checks on what information can be freely accessible through an application process. And if you request FOIA information about an individual, the requester must generally provide identification "in order to protect your privacy and to ensure that private information about you is not disclosed to someone else," the FOIA website explains. In addition, it may not be immediately clear to many people who all e-mails sent to a public official may be reproduced publicly.

Although what Jeb Bush did may not be illegal, it shows a flagrant disrespect for the people who may have sent him information thinking it was in confidence.

Ars has contacted Jeb Bush (through the jeb@jeb.org e-mail address, no less) as well as Mr. Bush's Political Action Committee for comment, and we have not yet received a response. Bush's spokesperson did give a comment to CNBC, however, stating "This is an exact replica of the public records on file with the Florida Department of State and are available at anyone's request under Chapter 119 sunshine laws."

15-year-old bug allows malicious code execution in all versions of Windows

Windows admins: Patch now, unless you run 2003, in which case you're out of luck.

Microsoft just patched a 15-year-old bug that in some cases allows attackers to take complete control of PCs running all supported versions of Windows. The critical vulnerability will remain unpatched in Windows Server 2003, leaving that version wide open for the remaining five months Microsoft pledged to continue supporting it.

The flaw, which took Microsoft more than 12 months to fix, affects all users who connect to business, corporate, or government networks using the Active Directory service. The database is built into Windows and acts as a combination traffic cop and security guard, granting specific privileges to authorized users and mapping where on a local network various resources are available. The bug—which Microsoft classifies as MS15-011 and the researcher who first reported it calls Jasbug—allows attackers who are in a position to monitor traffic passing between the user and the Active Directory network to launch a man-in-the-middle exploit that executes malicious code on vulnerable machines.

"All computers and devices that are members of a corporate Active Directory may be at risk," warned ablog post published Tuesday by JAS Global Advisors, one of the firms that (along with simMachines) reported the bug to Microsoft in January 2014. "The vulnerability is remotely exploitable and may grant the attacker administrator-level privileges on the target machine/device. Roaming machines—Active Directory member devices that connect to corporate networks via the public Internet (possibly over a Virtual Private Network (VPN))—are at heightened risk."

In a Web post of its own, Microsoft provided the following example of how Jasbug might be exploited on a machine connected over open Wi-Fi at a coffee shop:

  1. In this scenario, the attacker has observed traffic across the switch and found that a specific machine is attempting to download a file located at the UNC path:\\\Share\Login.bat.
  2. On the attacker machine, a share is set up that exactly matches the UNC path of the file requested by the victim: \\*\Share\Login.bat.
    1. The attacker will have crafted the contents of Login.bat to execute arbitrary, malicious code on the target system. Depending on the service requesting Login.bat, this could be executed as the local user or as the SYSTEM account on the victim’s machine.
  3. The attacker then modifies the ARP table in the local switch to ensure that traffic intended for the target server is now routed through to the attacker’s machine.
  4. When the victim’s machine next requests the file, the attacker’s machine will return the malicious version of Login.bat.This scenario also illustrates that this attack cannot be used broadly across the internet – an attacker need to target a specific system or group of systems that request files with this unique UNC.

Additional details from Microsoft are here.A vulnerability in the Group Policy component of Active Directory allowed attackers to remotely execute malicious code received when connecting to a domain. At the same time, a separate Group Policy flaw could cause it to fail to retrieve valid security policies and instead apply a less secure default group policy. By exploiting the bugs together, attackers could disable the authorization mechanism normally enforced by the domain the targeted user was intending to connect to.

It's not yet clear exactly how the attack would work against people using a VPN to funnel traffic through an encrypted tunnel. In theory a VPN prevents man-in-the-middle attackers from being able to read or tamper with Active Directory transactions unless the attackers were first able to decrypt the data. Most likely, the described coffee shop works against VPNs that perform domain-name lookups locally, that is, using the domain name system servers assigned to the local network. Many VPNs are configured this way to make user connections faster and to ease congestion on company or government networks.

This Windows vulnerability isn't as simple as most to fix because it affects the design of core Windows functions rather than implementations of that design. Microsoft said admins should review this link for further guidance. The vulnerability poses at least a serious theoretical threat to organizations that continue to use Server 2003, which Microsoft said it would continue to support until the middle of July. It's not likely Server 2003 machines will connect to non-trusted networks, making the coffee-shop scenario attack impractical. Still, attacks only get better with time, as more people have a chance to find new methods of exploitation. Server 2003 organizations that have the ability to stop using Active Directory should strongly consider doing so. While there's no mention the vulnerability poses a risk to computers that aren't members of an Active Directory network, it's a good idea that all Windows users install the patch as soon as possible.