Xavier reported a maldoc campaign using Microsoft Publisher files. These files can be analyzed just like malicious Word files.

oledump.py reveals VBA macros in this sample:

The VBA macro contains calls to the chr function. This could encode a URL or some other payload:

If you want more details, I made this video.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A new study calculates a low probability that real effects are actually being detected in psychology, neuroscience and medicine research paper -- and then explains why. Slashdot reader ananyo writes: The average statistical power of papers culled from 44 reviews published between 1960 and 2011 was about 24%. The authors built an evolutionary computer model to suggest why and show that poor methods that get "results" will inevitably prosper. They also show that replication efforts cannot stop the degradation of the scientific record as long as science continues to reward the volume of a researcher's publications -- rather than their quality. The article notes that in a 2015 sample of 100 psychological studies, only 36% of the results could actually be reproduced. Yet the researchers conclude that in the Darwin-esque hunt for funding, "top-performing laboratories will always be those who are able to cut corners." And the article's larger argument is until universities stop rewarding bad science, even subsequent attempts to invalidate those bogus results will be "incapable of correcting the situation no matter how rigorously it is pursued."

Read more of this story at Slashdot.

French President Francois Hollande calls camp conditions "unacceptable", sets out plan to move 9,000 refugees in weeks.

French President Francois Hollande calls camp conditions "unacceptable", sets out plan to move 9,000 refugees in weeks.

Streaming cable alternative Sling TV is offering a free preview of its Sling Orange service from 8 AM EDT on 26 September 2016 until 2 AM EDT on 27 September 2016. The ostensible reason for the preview is to enable cord-cutters to watch the first U.S. presidential debate and the Atlanta-New Orleans game of Monday Night Football, but you can enjoy full access to the 25+ channels included in the Sling Orange service during that time. Signing up for the free preview requires only a username and password, not payment information. You’ll undoubtedly hear from Sling TV afterward, but you should be able to unsubscribe from promotional mailings at that point. Sling TV offers apps for macOS, iOS, and tvOS.

 

Read the full article at TidBITS, the oldest continuously published technology publication on the Internet. To get a full-text RSS feed, help support our work and become a TidBITS member! Members also enjoy an ad-free version of our Web site, email delivery of individual articles, the ability to make long comments with live links, and discounts on Take Control orders and other Apple-related products.

A global ban on ivory sales is being called into question as Namibia and Zimbabwe push for looser regulations.

A global ban on ivory sales is being called into question as Namibia and Zimbabwe push for looser regulations.

"One sure sign your language is successful: When people build other languages that transpile into it." An anonymous Slashdot reader quotes a report from InfoWorld: The Have project uses Go's toolchain, but sports a different syntax and makes key additions to the language... Previously, a language named Oden worked with Go's toolchain to add features that Go didn't support. Now Polish developer Marcin Wrochniak has introduced Have, a language that transpiles to and expands on Go. In the blog post that introduces the project to Go developers, Wrochniak describes Have as a hobby project, with the goal of becoming a "companion" to Go that addresses some of its common "landmines"... Go uses curly braces in the manner of C/C++, while Have uses block indents, like Python... The way that variable declaration, structs, and interfaces work have all been modified in Have to be more consistent with each other and to avoid internal inconsistencies that Wrochniak feels are a common source of bugs.

Read more of this story at Slashdot.

"One sure sign your language is successful: When people build other languages that transpile into it." An anonymous Slashdot reader quotes a report from InfoWorld: The Have project uses Go's toolchain, but sports a different syntax and makes key additions to the language... Previously, a language named Oden worked with Go's toolchain to add features that Go didn't support. Now Polish developer Marcin Wrochniak has introduced Have, a language that transpiles to and expands on Go. In the blog post that introduces the project to Go developers, Wrochniak describes Have as a hobby project, with the goal of becoming a "companion" to Go that addresses some of its common "landmines"... Go uses curly braces in the manner of C/C++, while Have uses block indents, like Python... The way that variable declaration, structs, and interfaces work have all been modified in Have to be more consistent with each other and to avoid internal inconsistencies that Wrochniak feels are a common source of bugs.

Read more of this story at Slashdot.

Perl bindings to the OpenGL API, GLU, and GLUT/FreeGLUT

Perl bindings to the OpenGL API, GLU, and GLUT/FreeGLUT

President Barack Obama officially opens first museum dedicated exclusively to African American history and culture.

Fixes bugs with shared Mac printers and viewing in Full Screen mode on an external monitor. ($79.99 new for standard edition, $99.99 annual subscription for Pro/Business Edition, free update, 261 MB)

 

Read the full article at TidBITS, the oldest continuously published technology publication on the Internet. To get a full-text RSS feed, help support our work and become a TidBITS member! Members also enjoy an ad-free version of our Web site, email delivery of individual articles, the ability to make long comments with live links, and discounts on Take Control orders and other Apple-related products.