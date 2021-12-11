You are here

'The Internet's on fire' as techs race to fix software flaw

Lydia Winters shows off Microsoft's
Lydia Winters shows off Microsoft's "Minecraft" built specifically for HoloLens at the Xbox E3 2015 briefing before Electronic Entertainment Expo, June 15, 2015, in Los Angeles. (AP)
Updated 23 sec ago
AP

‘The Internet’s on fire’ as techs race to fix software flaw

Lydia Winters shows off Microsoft's "Minecraft" built specifically for HoloLens at the Xbox E3 2015 briefing before Electronic Entertainment Expo, June 15, 2015, in Los Angeles. (AP)
  • Experts said the extreme ease with which the vulnerability lets an attacker access a web server — no password required — is what makes it so dangerous
Updated 23 sec ago
AP

BOSTON: A critical vulnerability in a widely used software tool — one quickly exploited in the online game Minecraft — is rapidly emerging as a major threat to organizations around the world.
“The Internet’s on fire right now,” said Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike. “People are scrambling to patch,” he said, “and all kinds of people scrambling to exploit it.” He said Friday morning that in the 12 hours since the bug’s existence was disclosed that it had been “fully weaponized,” meaning malefactors had developed and distributed tools to exploit it.
The flaw may be the worst computer vulnerability discovered in years. It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across industry and government. Unless it is fixed, it grants criminals, spies and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.
“I’d be hard-pressed to think of a company that’s not at risk,” said Joe Sullivan, chief security officer for Cloudflare, whose online infrastructure protects websites from malicious actors. Untold millions of servers have it installed, and experts said the fallout would not be known for several days.
Amit Yoran, CEO of the cybersecurity firm Tenable, called it “the single biggest, most critical vulnerability of the last decade” — and possibly the biggest in the history of modern computing.
The vulnerability, dubbed ‘Log4Shell,’ was rated 10 on a scale of one to 10 the Apache Software Foundation, which oversees development of the software. Anyone with the exploit can obtain full access to an unpatched computer that uses the software,
Experts said the extreme ease with which the vulnerability lets an attacker access a web server — no password required — is what makes it so dangerous.
New Zealand’s computer emergency response team was among the first to report that the flaw was being “actively exploited in the wild” just hours after it was publicly reported Thursday and a patch released.
The vulnerability, located in open-source Apache software used to run websites and other web services, was reported to the foundation on Nov. 24 by the Chinese tech giant Alibaba, it said. It took two weeks to develop and release a fix.
But patching systems around the world could be a complicated task. While most organizations and cloud providers such as Amazon should be able to update their web servers easily, the same Apache software is also often embedded in third-party programs, which often can only be updated by their owners.
Yoran, of Tenable, said organizations need to presume they’ve been compromised and act quickly.
The first obvious signs of the flaw’s exploitation appeared in Minecraft, an online game hugely popular with kids and owned by Microsoft. Meyers and security expert Marcus Hutchins said Minecraft users were already using it to execute programs on the computers of other users by pasting a short message in a chat box.
Microsoft said it had issued a software update for Minecraft users. “Customers who apply the fix are protected,” it said.
Researchers reported finding evidence the vulnerability could be exploited in servers run by companies such as Apple, Amazon, Twitter and Cloudflare.
Cloudflare’s Sullivan said there we no indication his company’s servers had been compromised. Apple, Amazon and Twitter did not immediately respond to requests for comment.

Topics: Internet Minecraft

US hostage envoy visited Venezuela to meet jailed Americans

A group of Venezuelan political police officers, SEBIN, with their faces covered stand on guard at the main door of SEBIN headquarters in Caracas, Venezuela. (AP file photo)
A group of Venezuelan political police officers, SEBIN, with their faces covered stand on guard at the main door of SEBIN headquarters in Caracas, Venezuela. (AP file photo)
Updated 7 sec ago
AP

US hostage envoy visited Venezuela to meet jailed Americans

A group of Venezuelan political police officers, SEBIN, with their faces covered stand on guard at the main door of SEBIN headquarters in Caracas, Venezuela. (AP file photo)
  • The timing of the visit is likely to raise eyebrows, coming on the heels of gubernatorial elections considered deeply undemocratic by the Biden administration after numerous opposition candidates were barred from running
Updated 7 sec ago
AP

MIAMI: A senior US diplomat quietly traveled to Venezuela this week and met with imprisoned Americans as part of an ongoing effort to secure release of men the Biden administration believes are being held as bargaining chips by a top US adversary, The Associated Press has learned.
Roger Carstens, the special presidential envoy for hostage affairs and the government’s top hostage negotiator, arrived in Caracas on a chartered flight Tuesday evening and returned home Friday in a previously unreported visit.
It’s not clear who in the heavily sanctioned socialist administration of President Nicolás Maduro he met.
But It was the first known face-to-face outreach by a top US official since the Trump administration shuttered the American Embassy in Caracas in March 2019 after recognizing opposition leader Juan Guaidó as Venezuela’s legitimate leader. Ever since, relations between the two countries have grown steadily more hostile, with the US government imposing strict oil sanctions on the country and targeting top officials with criminal indictments, something Maduro has likened to a “soft coup.”
“It was a good thing to see the guys, to show them that their government cares. It was also positive to report back to their families that I had seen them,” Carstens told the AP, adding that he was grateful to Maduro’s aides for inviting him down for what he described as a “wellness check.”
The timing of the visit is likely to raise eyebrows, coming on the heels of gubernatorial elections considered deeply undemocratic by the Biden administration after numerous opposition candidates were barred from running.
“Fearful of the voice and vote of Venezuelans, the regime grossly skewed the process to determine the result of this election long before any ballots had been cast,” the State Department said after the Nov. 21 vote.
The Maduro government, which in the past hasn’t hesitated to publicize peacemaking missions by prominent American interlocutors, has kept mum about the surprise visit. Carstens confirmed the visit late Friday afternoon.
During his visit, he was permitted to check on a group of six American oil executives held in Caracas’ infamous El Helicoide prison, a one-time modernist shopping mall converted into a facility housing the government’s top opponents.
One person familiar with the visit described Carstens’ jailhouse meeting with the six executives from Houston-based Citgo, which lasted about 90 minutes, as highly emotional. Carstens told the prisoners he had discussed their case with Maduro government officials while in Caracas but declined to say whom.
The person and several others with knowledge of the meeting spoke on condition of anonymity to AP because they were not authorized to discuss Carstens’ travels.
Tomeu Vadell, Jose Luis Zambrano, Alirio Zambrano, Jorge Toledo, Gustavo Cardenas and José Pereira were hauled away in 2017 by masked security agents who stormed into a Caracas conference room. The men had been lured to Venezuela just before Thanksgiving of that year to attend a meeting at the headquarters of the company’s parent, state-run oil giant PDVSA.
The six were convicted of embezzlement last year in a trial marred by delays and irregularities. They were sentenced to between 8 and 13 years in prison for a never-executed proposal to refinance billions of dollars in the oil company’s bonds. Maduro at the time accused them of “treason.” They all pleaded not guilty and the US considers them to be wrongfully detained.
After having been granted house arrest, they were swiftly thrown back in jail Oct. 16, 2021, the same day that a close ally of Maduro was extradited by the African nation of Cape Verde to the US to face money laundering charges.
While at El Helicoide prison, Carstens also met with Luke Denman and Airan Berry — two former Green Berets arrested in connection with a failed raid aimed at toppling Maduro that was staged from Colombia. He also conducted a wellness check with former US Marine Matthew Heath, who is being held at a separate facility on unrelated allegations.
The visit came just weeks after family members of the Americans jailed in Venezuela, and other relatives of hostages and detainees, complained in a letter to the Biden administration that they felt the releases of their loved ones weren’t being sufficiently prioritized.
John Pereira, the son of Jose Pereira, who weeks ago was rushed to a private clinic for emergency treatment for a cardiac condition, told the AP at the time that “our feeling is that they can do more.”
President Joe Biden has so far been less public on the issue of hostage affairs than his predecessor, Donald Trump, who scored several high-profile releases around the world over four years, giving officials great leeway to pursue negotiations.
Trump also invited hostages and detainees who were freed under his watch to appear alongside him in a video aired during the Republican National Convention. That includes Joshua Holt, a Utah man who spent two years in a Caracas jail after traveling to Venezuela to marry a fellow Mormon he met online.
Though no Americans were freed during the current visit, any future releases would represent a significant win for Carstens, a retired US Army Special Forces officer who was a rare holdover from the Trump administration. Last month, journalist Danny Fenster was freed after nearly six months in jail in military-ruled Myanmar.
His release was negotiated by former US diplomat Bill Richardson, who has also traveled to Caracas in the past to push for the Americans’ release.
Richardson called Carstens’ visit to Caracas a “significant” development.
“Speaking directly with those who are holding Americans is important,” he said in a statement to The AP. “It does not guarantee success, but I commend Roger Carstens for taking that first step, the families of our detainees for pushing for these efforts and the Maduro government for allowing this humanitarian gesture to take place.”
At least 61 Americans are known to be wrongfully detained or held hostage abroad, according to the James W. Foley Legacy Foundation, named for James W. Foley, a freelance journalist killed at the hands of the Daesh group in Syria.

Topics: Venezuela

Donors back $280 million transfer for Afghan food, health

A boy sleeps as he rides a bicycle in Kabul, Afghanistan October 18, 2021. (REUTERS)
A boy sleeps as he rides a bicycle in Kabul, Afghanistan October 18, 2021. (REUTERS)
Updated 13 min 37 sec ago
Reuters

Donors back $280 million transfer for Afghan food, health

A boy sleeps as he rides a bicycle in Kabul, Afghanistan October 18, 2021. (REUTERS)
  • The United Nations is warning that nearly 23 million people – about 55 percent of the population – are facing extreme levels of hunger, with nearly 9 million at risk of famine as winter takes hold in the impoverished, landlocked country
Updated 13 min 37 sec ago
Reuters

WASHINGTON: Donors agreed on Friday to transfer $280 million from a frozen, trust fund to the World Food Program (WFP) and UNICEF to support nutrition and health in Afghanistan, the World Bank said as it seeks to help a country facing famine and economic freefall.
The World Bank-administered Afghan Reconstruction Trust Fund will this year give $180 million to WFP to scale up food security and nutrition operations and $100 million to UNICEF to provide essential health services, the bank said in a statement.
The money would aim to support food security and health programs in Afghanistan as it sinks into a severe economic and humanitarian crisis that accelerated in August when the Taliban overran the country as the Western-backed government collapsed and the last US troops withdrew.
The United States and other donors cut off financial aid on which Afghanistan became dependent during 20 years of war and more than $9 billion of the country’s hard currency assets were frozen.
The United Nations is warning that nearly 23 million people – about 55 percent of the population – are facing extreme levels of hunger, with nearly 9 million at risk of famine as winter takes hold in the impoverished, landlocked country.
Using reconstruction trust fund money and channeling it through the WFP and UNICEF, both part of the UN family, appears to be a way to get funding into the country for basic needs in a manner that does not necessarily implicate US sanctions against the Taliban.
“This decision is the first step to repurpose funds in the ARTF portfolio to provide humanitarian assistance to the people of Afghanistan at this critical time,” the bank said, saying the agencies had presence on the ground to deliver services directly to Afghans in line “with their own policies and procedures.”
“These ARTF funds will enable UNICEF to provide 12.5 million people with basic and essential health services and vaccinate 1 million people, while WFP will be able to provide 2.7 million people with food assistance and nearly 840,000 mothers and children with nutrition assistance,” it added.
Earlier on Friday, Reuters reported exclusively that the donors were expected to approve the $280 million transfer. On Dec. 1, Reuters reported https://www.reuters.com/world/asia-pacific/exclusive-world-bank-backs-using-280-million-frozen-aid-funds-afghanistan-2021-12-01 that the World Bank board had backed transferring the ARTF funds to the two agencies.
In its statement, the bank said it would “continue to work with ARTF donors to unlock additional ARTF funds to support the Afghan people.”
Laurel Miller, a former acting US special representative for Afghanistan and Pakistan, criticized the decision to tap the ARTF for strictly humanitarian aid, saying money should come from other sources and the $1.5 billion fund should be used for a major initiative to halt the collapse of state institutions whose workers have not been paid for months.
“We’re talking about a collapse of public services that serve the Afghan people,” said Miller, who oversees the Asia program of the International Crisis Group, a think tank. “That’s not about helping the Taliban. That’s about helping Afghans who need a functioning state. They need more than food aid.”

Topics: Afghanistan World Bank Taliban

Taliban call on OIC to recognize Afghan government at Islamabad meeting

Taliban call on OIC to recognize Afghan government at Islamabad meeting
Updated 47 min 48 sec ago

Taliban call on OIC to recognize Afghan government at Islamabad meeting

Taliban call on OIC to recognize Afghan government at Islamabad meeting
  • Pakistan to host extraordinary session of OIC Council of Foreign Ministers on Dec. 19
Updated 47 min 48 sec ago
BAKER ATYANI

DUBAI: Taliban chief spokesman Zabihullah Mujahid on Friday called on members of the Organization of Islamic Cooperation to recognize the group’s government in Afghanistan at their upcoming meeting in Pakistan.
Fears are growing about a pending humanitarian crisis in Afghanistan after billions of dollars’ worth of international aid was abruptly cut following the Taliban takeover of the country on Aug. 15.
The international community has not recognized the Taliban interim government due to human rights and security concerns, and issues over inclusivity. The US also froze $9.5 billion in Afghan central bank assets and imposed sanctions on the Taliban, isolating the country from the global financial system and paralyzing its banks.
Pakistan’s Foreign Ministry announced this week that Islamabad would be hosting a meeting on Dec. 19 of the OIC Council of Foreign Ministers to draw the world’s attention to the humanitarian crisis unfolding in Afghanistan. The organization’s extraordinary session will include delegations from the EU, and the so-called P5 group of UN Security Council permanent members — made up of the US, the UK, France, Russia, and China — has also been invited.

Mujahid told Arab News: “We want good relations with the OIC countries, and we ask the upcoming meeting to support us, and to recognize the government of the Islamic Emirates of Afghanistan.
“We are their brother, and they should support us and recognize the Afghan government. We need their recognition, support, and cooperation.”
The Taliban took over Afghanistan when US-led foreign troops withdrew after 20 years of military presence, prompting the previous Western-backed government to flee.
When American troops left Kabul on Aug. 30, the Taliban claimed almost total control of the country, with the last enclave of opposition, led by the National Resistance Front of Afghanistan, remaining in the mountainous northern region of Panjshir Valley until mid-September.
The NRFA was formed by Ahmad Massoud, the son of the late commander Ahmad Shah Massoud who led an offensive against the Soviets in the 1980s, and later against the first Taliban regime between 1996 and 2001.
Members of NRFA leadership left for neighboring Tajikistan shortly after the Taliban took over Panjshir, but Mujahid said they were now welcome to return. 
“Instead of living in Tajikistan and Europe and speaking from there about a resistance that does not exist in Afghanistan, we ask them, instead, (to) return to Kabul and live with us as brothers.
“Afghanistan is peaceful now, and under our control, but we want to talk to all Afghans,” he added.

Topics: Afghanistan Taliban

South Africa says no signal of increased omicron severity yet

South Africa says no signal of increased omicron severity yet
Updated 11 December 2021
Reuters

South Africa says no signal of increased omicron severity yet

South Africa says no signal of increased omicron severity yet
  • South Africa alerted the world to Omicron late last month, prompting alarm that the highly mutated variant could trigger a new surge in global infections
  • Although scientists say more time is needed to arrive at a definitive conclusion, Health Minister Joe Phaahla said the signs on severity were positive
Updated 11 December 2021
Reuters

JOHANNESBURG: South African scientists see no sign that the omicron coronavirus variant is causing more severe illness, they said on Friday, as officials announced plans to roll out vaccine boosters with daily infections approaching an all-time high.
South Africa alerted the world to omicron late last month, prompting alarm that the highly mutated variant could trigger a new surge in global infections.
Hospital data show that COVID-19 admissions are now rising sharply in more than half of the country’s nine provinces, but deaths are not rising as dramatically and indicators such as the median length of hospital stay are reassuring.
Although scientists say more time is needed to arrive at a definitive conclusion, Health Minister Joe Phaahla said the signs on severity were positive.
“Preliminary data does suggest that while there is increasing rate of hospitalization ... it looks like it is purely because of the numbers rather than as a result of any severity of the variant itself, this omicron,” he said.
In the past few days, a nationwide outbreak linked to variant has been infecting around 20,000 people a day, with 19,018 new COVID-19 cases on Thursday, according to data from the National Institute of Communicable Disease, but only 20 new deaths.
Infections have yet to reach the peak of more than 26,000 daily cases during a third wave fueled by the Delta variant.
South Africa has fully vaccinated about 38 percent of adults, more than in many other African countries but well short of the government’s year-end target. It recently delayed some vaccine deliveries due to oversupply as the pace of inoculations slowed.
Health department deputy director-general Nicholas Crisp said on Friday that boosters of Pfizer-BioNTech’s vaccine would be available to people six months after they had received their second dose, with the first people becoming eligible late this month.
Johnson & Johnson boosters, already available to health workers in a research study, would be rolled out to others soon, he said.
Crisp denied that offering boosters was a means of using up vaccine stock. “We do not need to consume vaccines. They are expensive and we will only use vaccines if there is evidence to do so,” he said.
The World Health Organization recommended this week that boosters should be given to people who are immunocompromised or had received an inactivated COVID-19 vaccine to protect against waning immunity. But it has said previously that administering primary doses should be the priority given that vaccination rates remain worryingly low in many developing countries.
A small study from a South African research institute this week suggested that omicron could partially evade protection from two doses of the Pfizer vaccine, but the company and its partner, BioNTech, say a three-shot course of their vaccine can neutralize omicron in the laboratory.
Glenda Gray, president of the South African Medical Research Council, said there were far more unvaccinated people among South Africa’s hospital admissions and the evidence was that the Pfizer vaccine was still offering protection.
“We are seeing that this vaccine is maintaining effectiveness. It may be slightly reduced, but we are seeing effectiveness being maintained for hospital admissions and that is very encouraging,” she said.

Topics: South Africa omicron COVID-19

Scholz meets with Macron in 1st trip as German chancellor

Scholz meets with Macron in 1st trip as German chancellor
Updated 10 December 2021
AP

Scholz meets with Macron in 1st trip as German chancellor

Scholz meets with Macron in 1st trip as German chancellor
  • The leaders held a joint news conference during Scholz's first trip abroad
  • Scholz plans to go from France to Brussels to meet with EU and NATO officials
Updated 10 December 2021
AP
PARIS: German Chancellor Olaf Scholz met with French President Emmanuel Macron in Paris on Friday as their governments worked to de-escalate tensions between Russia and Ukraine.
The leaders held a joint news conference during Scholz’s first trip abroad following his coalition government’s swearing-in on Wednesday. They said they would meet with Ukrainian President Volodymyr Zelenskyy next week on the sidelines of a European Union summit in Brussels.
“We all view the situation on the Ukrainian border with concern,” Scholz said. “We’re clear that the inviolability of borders in Europe is one of the principles that all in Europe must accept for our common security … This rule goes for everyone.”
Scholz plans to go from France to Brussels to meet with EU and NATO officials. Macron said he and Russian President Vladimir Putin are scheduled to talk next week.
“Our first goal is to avoid any useless tension,” Macron said. “Our will ... Europeans and Americans, is to show that we are very vigilant about the situation, but that there must be no escalation, in any way.”
US President Joe Biden this week moved to take a more direct role in diplomacy between Ukraine and Russia. In recent years, France and Germany have played mediator roles in the conflict.
Biden has pressed Putin to pull back a massive Russian troop buildup near Ukraine’s border that has created growing concern in Washington and European capitals, as well as in Ukraine itself.
Macron spoke with Zelenskyy over the phone on Friday, and said France and Germany are determined to preserve Ukraine’s sovereignty and territorial integrity, according to a statement from the French presidency.
Macron and Scholz discussed other bilateral and European issues Friday, including the economic recovery from the COVID-19 pandemic. Macron has made boosting growth and jobs a priority of France’s upcoming six-month EU presidency, which starts in January.
Scholz, who was previously Germany’s finance minister, noted that he and Macron both have tried to show “what is possible in Europe when we work together.” Europe’s 750 billion-euro ($846 billion) pandemic recovery fund “is an emphatic symbol of the possibilities connected with this,” he said.
“And so I am very confident that we can solve the tasks that lie ahead of us — this is about continuing to make possible and maintain the growth that we set on track with the recovery fund, and at the same time providing for solid finances,” Scholz said.
Scholz, a 63-year-old center-left politician, became Germany’s ninth post-World War II chancellor this week, opening a new era for the EU’s most populous nation and largest economy after Angela Merkel’s 16-year tenure.
His government is composed of a coalition of his center-left Social Democrats, the environmentalist Greens and the pro-business Free Democrats.

