Archive for May, 2013

Bug in Samsung S3 grabs too many images, ups data use

Friday, May 31st, 2013

Researchers of the BenchLab project at UMass Amherst have discovered a bug in the browser of the Samsung S3.

If you browse a Web page that has multiple versions of the same image (for mobile, tablet, desktop, etc…) like most Wikipedia pages for example, instead of downloading one image at the right resolution, the phone will download all versions of it. A page that should be less than 100K becomes multiple MB!  It looks like a bug in the implementation of the srcset HTML tag, but all the details are in the paper to be presented at the IWQoS conference next week.

So far Samsung didn’t acknowledge the problem though it seems to affect all S3 phones. You’d better have an unlimited data plan if you browse Wikipedia on an S3!

Source:  slashdot.org

Microsoft plugs security systems into its worldwide cloud

Thursday, May 30th, 2013

In a move designed to starve botnets where they live, Microsoft launched a program on Tuesday to plug its security intelligence systems into its global cloud, Azure.

The new offering, known as the Cyber Threat Intelligence Program, or C-TIP, will enable ISPs and CERTs to receive information on infected computers on their systems in near-real time, Microsoft said.

“All too often, computer owners, especially those who may not be using up-to-date, legitimate software and anti-malware protection, unwittingly fall victim to cybercriminals using malicious software to secretly enlist their computers into an army of infected computers known as a botnet, which can then be used by cybercriminals for a wide variety of attacks online,” Microsoft explained in a blog post.

Microsoft has been a leader in the industry in taking down botnets. Its victims include zombie armies enlisted with malware such as Conficker, Waledac, Rustock, Kelihos, Zeus, Nitol and Bamital.

Once a network is taken down, though, its minions must be sanitized. That’s what ISPs and CERTs do with the information they receive from Project MARS (Microsoft Active Response for Security), which is now plugged into Azure.

“While our clean-up efforts to date have been quite successful, this expedited form of information sharing should dramatically increase our ability to clean computers and help us keep up with the fast-paced and ever-changing cybercrime landscape,” Microsoft noted.

“It also gives us another advantage: cybercriminals rely on infected computers to exponentially leverage their ability to commit their crimes, but if we’re able to take those resources away from them, they’ll have to spend time and money trying to find new victims, thereby making these criminal enterprises less lucrative and appealing in the first place,” it added.

Following a botnet takedown, its zombies must be purged in a “remediation phase” of the operation. “The remediation phase is designed to clean up the systems that are infected after the command and control infrastructure is taken over,” said Jeff Williams, director of security strategy at Dell Secureworks

“To leave the infected systems would allow criminals to use the existing malware to create a new botnet,” he told CSO. “It’s a critical component of takedown work to remediate the infected systems.”

In addition to allowing Microsoft to feed remediation information to ISPs and CERTs quickly, Azure allows Microsoft to scale up its botnet busting efforts without a hiccup.

Currently, Microsoft manages hundreds of millions of events a day with its security intelligence systems. It foresees that number climbing into the ten to hundreds of billions in the future, noted T.J. Campana, director of the Microsoft Cybercrime Center.

Now the only data Microsoft is putting into its intelligence systems is MARS program data. “As we increase the number of takedowns we do per year, the size of the attacks and work with more partners around the world, we’ll be processing a much larger set of IP addresses and events per day,” Campana said.

Azure allows Microsoft to accommodate that expansion. “The ability to have that kind of elasticity dynamically through Azure has been a huge advantage to us,” he added.

For one security analyst, the move to Azure was long overdue. “It’s something Microsoft should be proactive about because it has millions of endpoints from which to collect this information,” Gartner security analyst Avivah Litan told CSO.

“This is long overdue,” she added. “They should have done something like this a couple of  years ago.”

Source:  networkworld.com

University fined $400,000 after disabled firewall put medical records at risk

Thursday, May 30th, 2013

A medical facility run by Idaho State University (ISU) has been fined $400,000 after thousands of patient records were left in an unprotected state when firewall monitoring was disabled.

According to the medical information commissioner, the US Department of Health Human Services (HHS), the records of 17,500 patients at the University’s 29 Pocatello Family Medicine Clinics were left unsecured for 10 months.

About half a dozen of the organisation’s clinics were subject to Health Insurance Portability and Accountability Act (HIPAA) rules, including the clinic at which the issue occurred, making it a notifiable incident.

The exact nature of the firewall issue was not specified in the HHS ruling but it mentioned more general problems with procedures dating back as far as 1 April 2007, some years before the breach was noticed in 2011.

The ISU had failed to carry out risk assessments on the sensitive data it held, the HHS said. It seems to have been the lack of systems within the organisation as a whole that compounded the breach on one site.

“Risk analysis, ongoing risk management, and routine information system reviews are the cornerstones of an effective HIPAA security compliance program,” said Leon Rodriguez of the HHS Office for Civil Rights (OCR).

“Proper security measures and policies help mitigate potential risk to patient information,” he said.

Source:  networkworld.com

Galaxy S4 will be first to support Verizon’s newer, faster LTE network

Thursday, May 30th, 2013

Back in late 2011, Verizon Wireless bought up $3.6 billion worth of Advanced Wireless Services (AWS) spectrum with an eye toward expanding its LTE network coverage. The carrier will use this spectrum to add LTE coverage on the 1700MHz and 2100MHz frequencies to the carrier’s existing LTE on the 700MHz band later this year, and Bloomberg is now reporting that Samsung’s Galaxy S 4 will be the first phone to support the new frequencies. The new frequency bands will supposedly boost speeds and reduce network congestion, especially in heavily populated areas.

If you’ve currently got another LTE-capable phone on Verizon’s network, though, chances are you won’t be able to take advantage of the network’s upgrades. Support for the band must be built into both the hardware and the software—the Verizon variant of the S 4 already has hardware support, and an update will apparently take care of the software side in the coming months.

We expect hardware and software support for AWS to appear in more devices as Verizon’s (and T-Mobile’s) AWS network is built out in the coming months. In the meantime, if you need a new phone now but don’t want to miss out on the improved LTE speeds, the S 4 appears to be your best bet.

Source:  arstechnica.com

Important security update: Reset your Drupal.org password

Thursday, May 30th, 2013

The Drupal.org Security Team and Infrastructure Team has discovered unauthorized access to account information on Drupal.org and groups.drupal.org.

This access was accomplished via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. This notice applies specifically to user account data stored on Drupal.org and groups.drupal.org, and not to sites running Drupal generally.

Information exposed includes usernames, email addresses, and country information, as well as hashed passwords. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly. As a precautionary measure, we’ve reset all Drupal.org account holder passwords and are requiring users to reset their passwords at their next login attempt. A user password can be changed at any time by taking the following steps.

  1. Go to https://drupal.org/user/password
  2. Enter your username or email address.
  3. Check your email and follow the link to enter a new password.
    • It can take up to 15 minutes for the password reset email to arrive. If you do not receive the e-mail within 15 minutes, make sure to check your spam folder as well.

All Drupal.org passwords are both hashed and salted, although some older passwords on some subsites were not salted.

See below recommendations on additional measure that you can take to protect your personal information.

What happened?

Unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. We have worked with the vendor to confirm it is a known vulnerability and has been publicly disclosed. We are still investigating and will share more detail when it is appropriate. Upon discovering the files during a security audit, we shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files. The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability.

The suspicious files may have exposed profile information like username, email address, hashed password, and country. In addition to resetting your password on Drupal.org, we are also recommending a number of measures (below) for further protection of your information, including, among others, changing or resetting passwords on other sites where you may use similar passwords.

What are we doing about it?

We take security very seriously on Drupal.org. As attacks on high-profile sites (regardless of the software they are running) are common, we strive to continuously improve the security of all Drupal.org sites.

To that end, we have taken the following steps to secure the Drupal.org infrastructure:

  • Staff at the OSU Open Source Lab (where Drupal.org is hosted) and the Drupal.org infrastructure teams rebuilt production, staging, and development webheads and GRSEC secure kernels were added to most servers
  • We are scanning and have not found any additional malicious or dangerous files and we are making scanning a routine job in our process
  • There are many subsites on Drupal.org including older sites for specific events. We created static archives of those sites.

We would also like to acknowledge that we are conducting an investigation into the incident, and we may not be able to immediately answer all of the questions you may have. However, we are committed to transparency and will report to the community once we have an investigation report.

If you find that any reason to believe that your information has been accessed by someone other than yourself, please contact the Drupal Association immediately by sending an email to password@association.drupal.org. We regret this occurred and want to assure you we are working hard to improve security.

Excerpt from:  drupal.org

Light-beam ‘twins’ take data farther

Tuesday, May 28th, 2013

An idea similar to that of noise-cancelling headphones has proved useful in increasing the data-carrying properties of light.

Researchers reporting in Nature Photonics suggest putting not one beam of light down a fibre, but a pair, each a kind of mirror image of the other.

When recombined on the receiving end, the noise that the signals gather in the fibre cancels out.

These paired beams can travel four times farther than a single one.

The team used the technique to send a signal of 400Gb/s – four times faster than the best commercially available speeds – down 12,800km of optical fibre, farther than even the longest trans-oceanic fibre link.

What limits the distance a given light signal can go is how much power is in the beam. But the higher the power, the more the light actually interacts with the material of the fibre, rather than merely passing through it.

That adds “noise” to the beam that limits the fidelity with which data can be transmitted.

What is needed is a way to undo this noise, and one idea is known as phase conjugation.

Conjugate visit

Light waves, just as sound waves and waves on the sea, consist of a pattern of peaks and troughs that can be manipulated to represent data. The “phase conjugate” of a beam is, in a sense, simply one in which every peak becomes a trough and vice versa.

This is effectively the same thing that noise-cancelling headphones do: generating the inverse of incoming sound so that the two cancel out.

Ideas exist to make use of phase conjugation to “undo” the noise that fibre links add, but they involve adding devices midway along the links’ length – sometimes, in the middle of an ocean floor.

“Sometimes you may send data from London to New York, sometimes you may send it from London to Paris. The links are changing and you cannot keep sending people to the middle of the link,” said lead author on the new research Xiang Liu of Bell Laboratories in New Jersey, US.

What Dr Liu and colleagues instead suggest is creating a pair of phase-conjugate beams, each carrying the same data.

And as Dr Liu explained to BBC News, the noise that each gathers is equally a mirror image of that on the other.

“At the receiver, if you superimpose the two waves, then all the distortions will magically cancel each other out, so you obtain the original signal back,” he said.

“This concept, looking back, is quite easy to understand, but surprisingly, nobody did this before.”

If the noise on the beams can be undone, the power can be ramped up – making data go literally further.

But since fidelity can be maintained, there can be less of the repetition of information in a given beam that is used for error correction. So the phase conjugation method is also a way to get higher data speeds.

“Nowadays everybody is consuming more and more bandwidth – demanding more and more communication,” Dr Liu said.

“We need to solve some of the fundamental problems to sustain the capacity growth.”

Source:  BBC

Corning taps into optical fiber for better indoor wireless

Monday, May 20th, 2013

Bringing wireless indoors, which was once just a matter of antennas carrying a few cellular bands so people could get phone calls, has grown far more complex and demanding in the age of Wi-Fi, multiple radio bands and more powerful antennas.

DAS (distributed antenna systems) using coaxial cable have been the main solution to the problem, but they now face some limitations. To address them, Corning will introduce a DAS at this week’s CTIA Wireless trade show in Las Vegas that uses fiber instead of coax all the way from the remote cell antennas to the base station in the heart of a building.

Cable-based DAS hasn’t kept up with the new world, according to the optical networking vendor. Though Corning is associated more often with clear glass than with thin air, it entered the indoor wireless business in 2011 by buying DAS maker MobileAccess. That’s because Corning thinks optical fiber is the key to bringing more mobile capacity and coverage inside.

The system, called Corning Optical Network Evolution (ONE) Wireless Platform, can take the place of a DAS based fully or partly on coaxial cable, according to Bill Cune, vice president of strategy for Corning MobileAccess. Corning ONE will let mobile carriers, enterprises or building owners set up a neutral-host DAS for multiple carriers using many different frequencies.

Though small cells are starting to take its place in some buildings, DAS still has advantages over the newer technology, according to analyst Peter Jarich of Current Analysis. It can be easier to upgrade because only the antennas are distributed, so more of the changes can be carried out on centralized gear. Also, small cells are typically deployed by one mobile operator, and serving customers of other carriers has to be done through roaming agreements, he said.

However, some DAS products based on coaxial cable are limited in how they can handle high frequencies and MIMO (multiple-in, multiple-out) antennas, Jarich said. Some vendors are already promoting fiber for greater flexibility and capacity, he said.

Going all fiber — up to the wireless edge, at least — will make it easier and cheaper for indoor network operators to roll out systems that can deliver all the performance users have come to expect from wireless networks, according to Corning. That includes more easily adding coverage for more carriers, as well as feeding power and data to powerful Wi-Fi systems that can supplement cellular data service, the company says.

Wireless signals don’t travel the same way inside buildings as they do outdoors, so one antenna can’t always cover the interior, regardless of whether it’s mounted in the building or on a nearby tower. A DAS consists of many antennas spaced throughout a structure, all linked to a base station in a central location. Most types of DAS use coaxial cable to carry radio signals in from the distributed antennas.

However, those copper cables get more “lossy” as the frequencies they have to carry get higher, meaning they lose a lot of their signal on the way to the base station, Corning’s Cune said. That has left coax behind as new frequencies are adopted, he said. For example, coax isn’t good at carrying the 5GHz band, which is crucial in newer Wi-Fi equipment, Cune said.

MIMO, a technology that uses multiple antennas in one unit to carry separate “streams” over the same frequency, is another big limitation of DAS, according to Corning. MIMO antennas for better performance can be found in newer Wi-Fi gear based on IEEE 802.11n and 802.11ac, as well as in LTE. A coax-based DAS with MIMO antennas needs to have a separate half-inch-wide cable for every stream, which is a major cabling challenge, Cune said.

Corning ONE links each antenna to the base station over optical fiber, converting the radio signals to optical wavelengths until they reach the base station. Fiber has more capacity than coax, can handle higher frequencies, and requires just one cable from a MIMO antenna, Cune said. Because of fiber’s high capacity, it’s relatively easy to bring other mobile operators onto the DAS.

The system is based on optical fiber, but it can be extended over standard Ethernet wiring to provide backhaul for Wi-Fi access points. Each Corning ONE remote antenna unit that’s deployed around a building will have two Ethernet ports to hook up nearby Wi-Fi access points, which can use the fiber infrastructure for data transport to wired LAN equipment, Cune said.

Corning ONE is in beta testing at one enterprise and will have limited availability beginning in late June, after which orders can be placed, Cune said. It is expected to be generally available two to three months later. The company expects its main customers to be mobile operators, though most of those operators will arrange multi-carrier services, he said. Enterprises and large building owners increasingly will step in to buy and deploy the DAS, Cune said.

Source:  networkworld.com

NASA buys into ‘quantum’ computer

Thursday, May 16th, 2013

http://news.bbcimg.co.uk/media/images/67640000/jpg/_67640032_67639961.jpg

A $15m computer that uses “quantum physics” effects to boost its speed is to be installed at a NASA facility.

It will be shared by Google, NASA, and other scientists, providing access to a machine said to be up to 3,600 times faster than conventional computers.

Unlike standard machines, the D-Wave Two processor appears to make use of an effect called quantum tunnelling.

This allows it to reach solutions to certain types of mathematical problems in fractions of a second.
"Qubit" probability distributionsEffectively, it can try all possible solutions at the same time and then select the best.

Google wants to use the facility at NASA’s Ames Research Center in California to find out how quantum computing might advance techniques of machine learning and artificial intelligence, including voice recognition.

University researchers will also get 20% of the time on the machine via the Universities Space Research Agency (USRA).

NASA will likely use the commercially available machine for scheduling problems and planning.

Canadian company D-Wave Systems, which makes the machine, has drawn scepticism over the years from quantum computing experts around the world.

Until research outlined earlier this year, some even suggested its machines showed no evidence of using specifically quantum effects.

Quantum computing is based around exploiting the strange behaviour of matter at quantum scales.

Most work on this type of computing has focused on building quantum logic gates similar to the gate devices at the basis of conventional computing.

But physicists have repeatedly found that the problem with a gate-based approach is keeping the quantum bits, or qubits (the basic units of quantum information), in their quantum state.

“You get drop out… decoherence, where the qubits lapse into being simple 1s and 0s instead of the entangled quantum states you need. Errors creep in,” says Prof Alan Woodward of Surrey University.

One gate opens…

Instead, D-Wave Systems has been focused on building machines that exploit a technique called quantum annealing – a way of distilling the optimal mathematical solutions from all the possibilities.

Annealing is made possible by physics effect known as quantum tunnelling, which can endow each qubit with an awareness of every other one.

“The gate model… is the single worst thing that ever happened to quantum computing”, Geordie Rose, chief technology officer for D-Wave, told BBC Radio 4’s Material World programme.

“And when we look back 20 years from now, at the history of this field, we’ll wonder why anyone ever thought that was a good idea.”

Dr Rose’s approach entails a completely different way of posing your question, and it only works for certain questions.

But according to a paper presented this week (the result of benchmarking tests required by NASA and Google), it is very fast indeed at finding the optimal solution to a problem that potentially has many different combinations of answers.

In one case it took less than half a second to do something that took conventional software 30 minutes.

A classic example of one of these “combinatorial optimisation” problems is that of the travelling sales rep, who needs to visit several cities in one day, and wants to know the shortest path that connects them all together in order to minimise their mileage.

The D-Wave Two chip can compare all the possible itineraries at once, rather than having to work through each in turn.

Reportedly costing up to $15m, housed in a garden shed-sized box that cools the chip to near absolute zero, it should be installed at NASA and available for research by autumn 2013.

US giant Lockheed Martin earlier this year upgraded its own D-Wave machine to the 512 qubit D-Wave Two.

Source:  BBC

Microsoft warns of new Trojan hijacking Facebook accounts

Tuesday, May 14th, 2013

Malware focusing on the social network’s users in Brazil masquerades as a legitimate Google Chrome extension and Firefox add-on.

Microsoft has issued a warning that a new piece of malware masquerading as a Google Chrome extension and Firefox add-on is making the rounds, threatening to hijack Facebook accounts

First detected in Brazil, Trojan:JS/Febipos.A attempts to keep itself updated, just like normal, legitimate browser extensions, Microsoft noted in a security bulletin late Friday.

Once downloaded, the Trojan monitors whether the infected computer is logged into a Facebook account and attempts to download a config file that will includes a list of commands for the browser extension. The malware can then perform a variety of Facebook actions, including liking a page, sharing, posting, joining a group, and chatting with the account holder’s friends.

Some variants of the malware include commands to post provocative messages written in Portuguese that contain links to other Facebook pages. The number of likes and shares on one such page grew while malware experts at Microsoft were analyzing the Trojan, suggesting that the infections are continuing to occur.

Microsoft did not indicate how the malware installs itself or how many infections might have occurred.

There may be more to this threat because it can change its messages, URLs, Facebook pages and other activity at any time. In any case, we recommend you always keep your security products updated with the latest definitions to help avoid infection.

So while the malware appears to be designed to target users in Brazil — where Portuguese is the dominant language — Microsoft concluded that the Trojan could easily be modified to target users in other regions.

Source:  CNET

Samsung achieves 1 Gbps data transfer using 5G network

Tuesday, May 14th, 2013

While many of us are just starting to enjoy the benefits of early 4G networks, Samsung is looking at what it would take to build a gigabit wireless network for 5G.

Unless you live in one of the few places Google has seen fit to give the gift of fiber so far, gigabit Internet is something of a pipe dream in the US. Over the next few years that will change, and slowly there will be a shift to gigabit all over the world. Meanwhile, mobile networks will continue to improve as we to move closer to fully-functional 4G networks with LTE. Eventually there will be a need to shift away from 4G and on to something better. When that happens it looks like Samsung has the next G everyone will be looking for.

By using the 28GHz band, Samsung has been able to reliably transfer data at a speed of 1Gbps with the potential to deliver up to 10Gbps. While there’s currently no globally recognized spec for 5G mobile broadband, this is a significant increase over the maximum currently established for fully-deployed 4G.

As a demonstration, things like functional range or whether or not the radios used can be embedded into mobile devices aren’t taken into consideration. This proof of concept shows what is possible, but it’s not likely that we’ll be using this technology anytime soon. In fact, Samsung expects that 5G speeds aren’t something that will be enabled in mobile devices until closer to 2020.

It’s difficult to imagine the need for that kind of performance in the palm of your hand as we sit here in 2013, but this glimpse at 5G speeds helps paint a picture of a world where the things we do on the Internet now are completely free from any kind of delay or interruptions. All you need now is autopilot for your jetpack so you can watch the news from 3D Google Glass on your 5G network.

Source:  geek.com

Attack hitting Apache sites goes mainstream, hacks nginx, Lighttpd, too

Thursday, May 9th, 2013

Security researchers have uncovered an ongoing and widespread attack that causes sites running three of the Internet’s most popular Web servers to push potent malware exploits on visitors.

Linux/Cdorked.A, as the malicious backdoor behind the attacks is known, has been observed infecting at least 400 Web servers, 50 of them from the Alexa top 100,000 ranking, researchers from antivirus provider Eset said. The backdoor infects sites running the Apache, nginx, and Lighttpd Web servers and has already exposed almost 100,000 end users running Eset software to attack (the AV apps protect them from infection). Because Eset sees only a small percentage of overall Internet users, the actual number of people affected is presumed to be much higher.

“This is the first time I’ve seen an attack that will actually target different Web servers, meaning the attacker is willing to create the backdoor for Apache, Lightttp, and nginx,” Pierre-Marc Bureau, Eset’s security intelligence program manager, told Ars. “Somebody is running an operation that can victimize various Web servers and in my opinion this is the first time that has ever happened. This is a stealthy, sophisticated, and streamlined distribution mechanism for getting malware on end users’ computers.”

Previously, Cdorked was known to infect only sites that ran on Apache, which remains by far the Internet’s most popular Web server application. According to this month’s server survey from Netcraft, Apache and nginx are the No. 1 and No. 3 packages respectively, with about 53 percent and 16 percent of websites. The survey didn’t rank Lighttpd, a Web server designed for speed-critical sites that’s used by sites including Meebo, YouTube, and Wikimedia, according to Wikipedia. The report of the susceptibility of nginx came as its maintainers issued an update that patches a remote-code execution vulnerability in the open-source Web server. (There’s no evidence the vulnerability is related to the Cdorked infection.)

Linux/Cdorked.A is one of at least two backdoors recently observed causing trusted and often popular websites to push exploits that attempt to surreptitiously install malware on visitors’ computers. Like Darkleech, a backdoor estimated to have infected 20,000 Apache websites, it redirects users to a series of third-party sites that host malicious code from the Blackhole exploit kit. A recent blog post from security firm Invincea reports another rash of website hijackings, but they appear to be unrelated to Cdorked, and there’s no indication Darkleech is involved, either.

Also similar to Darkleech, the Cdorked backdoor makes it extremely difficult for end users and even security researchers to notice their computers are being attacked. Users who speak Russian, Ukrainian, and at least four other languages are never exposed, and people who have already been attacked in recent days are also spared. Common configurations include a large list of IP addresses that are also blocked from exploits.

“We believe the operators behind this malware campaign are making significant efforts to keep their operation under the radar and to hinder monitoring efforts as much as possible,” Eset researcher Marc-Etienne M.Léveillé wrote in a blog post published Tuesday. “For them, not being detected seems to be a priority over infecting as many victims as possible.”

Cdorked-infected servers are also advanced enough to distinguish among different computing platforms used by end users visiting infected sites. Those using Windows machines are directed to sites that mostly host exploits from Blackhole. People using Apple iPads or iPhones are redirected to porn sites that may also be hosting malicious code. Cdorked also stores most of its inner workings in a server’s shared memory, making it hard for some admins to know their sites are infected. Compromised systems can receive up to 70 different encrypted commands, a number that gives attackers fairly granular control that can be remotely and stealthily invoked.

In another testament to the ambition of its operators, Cdorked relies on compromised domain name system servers to resolve the IP addresses of redirected sites. The use of “trojanized DNS server binaries” adds another layer of obscurity to the attacks, since they make it easier for attackers to serve different sites to different end users.

“They are using the compromised DNS server to very accurately filter out who is going to visit the next stage Web server,” Bureau said in an interview. “This means, for example, that security researchers will have a very hard time being served the same content as a victim. It makes the investigation and tracking this operation harder. They are trying to control every step along the way to make every visit very traceable but also very hard to recreate.”

Researchers still don’t know how servers are being infected with Cdorked. Because compromised machines are running a variety of administration controls, cPanel and competing software aren’t obvious suspects. Cdorked doesn’t have the ability to spread by itself and doesn’t exploit a vulnerability in any other specific piece of software, either.

Readers who want to ensure their websites aren’t infected should use the rpm –verify command to see if the HTTP daemon they use has been altered. Eset researchers have also released this free python script (zip file) to examine a server’s shared memory for signs it is under the control of Cdorked.

Bureau said he believes Cdorked and Darkleech are two competing toolkits for exploiting Web servers. Their prevalence, combined with Invincea’s discovery of popular websites also exposing visitors to malware attacks, suggests exploits are expanding beyond the traditional base of machines running Microsoft-based software.

“A couple years ago malware against the Linux operating system was really in the age of its proof of concept,” he said. “Whenever we would discover something everybody would say: ‘It’s not really in wild. It’s just somebody trying to prove a point.’ Now the fact that we see so many instances of infected Web servers out there really shows we’re past the era of the proof of concept. Now serious operators are making serious money by victimizing these web servers.”

Source:  arstechnica.com

Los Alamos National Lab has had quantum-encrypted internet for over two years

Monday, May 6th, 2013

Nothing locks down data better than a laser-based quantum-encrypted network, where the mere act of looking at your data causes it to irrevocably change. Although such systems already exist, they’re limited to point-to-point data transfers since a router would kill the message it’s trying to pass along just by reading it. However, Los Alamos National Labs has been testing an in-house quantum network, complete with a hub and spoke system that gets around the problem thanks to a type of quantum router at each node. Messages are converted at those junctures to conventional bits, then reconverted into a new encrypted message, which can be securely sent to the next node, and so on.

The researchers say it’s been running in the lab for the last two and a half years with few issues, though there’s still a security hole — it lacks quantum integrity at the central hub where the data’s reconverted, unlike a pure quantum network. However, the hardware would be relatively simple to integrate into any fiber-connected device, like a TV set-top box, and is still more secure than any current system — and infinitely better than the 8-character WiFi code you’re using now.

Source:  engadget

Plan to boost in-flight Internet could wreak havoc on satellite networks

Monday, May 6th, 2013

Qualcomm wants to beam signals to airplanes from 150 ground stations.

The Federal Communications Commission (FCC) next Thursday will consider a plan to beam Internet signals up to airplanes from 150 ground stations operating in a spectrum band already used by satellites. Qualcomm has proposed such a service in the 14.0-14.5GHz band but faces opposition from the satellite industry, which says the service is unnecessary and would interfere with satellite transmissions.

Qualcomm’s proposal came in July 2011 and is now on the verge of moving forward. The FCC’s meeting on Thursday “will consider a Notice of Proposed Rulemaking [NPRM] seeking to improve consumer access to broadband aboard aircraft and encourage innovation through establishment of an Air-Ground Mobile Broadband secondary service in the 14.0-14.5 GHz band, while ensuring that existing users are protected from interference.”

This isn’t the final step. If approved, the NPRM will be followed by extensive debate, public comment, and likely testing to determine whether interference concerns are valid. Already, the Satellite Industry Association (SIA) and others using the spectrum band say Qualcomm’s proposal should be rejected or heavily restricted.

Qualcomm’s plan is wonderful, according to Qualcomm

First, let’s take a look at what Qualcomm wants. It is essentially asking to become the exclusive provider of backhaul to airlines or in-flight ISPs like Gogo in the 14.0-14.5GHz band through a secondary license that shares the spectrum with the band’s incumbents. Just in case the FCC doesn’t want to give the license only to Qualcomm, the company said it would also support an auction that splits the airwaves among two backhaul providers.

“Qualcomm proposes that the Commission would conduct an auction of two 250MHz licenses at 14.00 to 14.25GHz and 14.25 to 14.50GHz to enable two separate systems, but not restrict a single entity from purchasing both licenses to construct a single, more robust, 500MHz system,” Qualcomm said in its proposal. “The proposed system would support communications between terrestrial ground stations and aircraft, much like the current Aircell Air-Ground system, but with significantly greater bandwidth to support the exponentially increasing data demands of today’s consumers who require anywhere/anytime broadband access including when they are flying in a plane several miles above the surface of the earth.”

Qualcomm acknowledged interference concerns but said it can work around them. The system would use about 150 ground stations to provide 300Gbps capacity to airlines. “The proposed Next-Gen AG system would operate in the Ku band at 14.0 to 14.5 GHz on a secondary licensed basis to, and in successful coexistence with, Geosynchronous Orbit (‘GSO’) satellite systems (used to provide various services, including Qualcomm’s own OmniTRACS service), future Non-Geosynchronous Orbit (‘NGSO’) satellite systems, NASA’s Tracking and Data Relay Satellite System (‘TDRSS’), and radio astronomy users. Indeed, as an incumbent user of this band itself, Qualcomm has a direct interest in fully protecting incumbent operations,” the company wrote.

Qualcomm described several tactics to minimize interference. For example, all ground stations “will have high antenna gain to permit aircraft to transmit at very low power levels.” Moreover, “aircraft will use directional receive antennas to reduce the GS [ground station] transmit power needs.”

“Finally, the Next-Gen AG system will hand-off aircraft communications to successive GSs that track the aircraft’s flight path and in this way work in a manner similar to terrestrial cellular networks,” Qualcomm said. “These aircraft communications handoffs will allow the system to operate successfully through using the least amount of transmit power to maintain a desired Carrier-to-Noise interference ratio and a negligible TfT (also referred to as Rise over Thermal) level into GSO [geosynchronous orbit] satellite operations below 1% in all scenarios including worst case scenarios.”

Qualcomm claimed the system will be robust enough to support “video streaming, gaming, and other rich multimedia access” during flights. Qualcomm declined to speak to Ars about the FCC proceeding and its proposal.

The public filings are all available on the FCC website.

Satellite industry describes interference concerns

One of the plan’s main opponents is the Satellite Industry Association, representing Boeing, DirecTV, EchoStar Satellite Services, Hughes Network Systems, LightSquared, Lockheed Martin, Northrop Grumman, Immarsat, ViaSat, and many others.

“Qualcomm’s proposed ATG [air-to-ground] system will cause interference into the FSS [Fixed Service Satellite] satellite services that are primary in that band,” the Satellite Industry Association wrote in a filing yesterday. “SIA reviewed the ongoing importance of the Ku-band uplink bands to the satellite industry, noting that the industry has invested more than $20 billion to build, launch and operate more than 80 satellites with Ku-band capacity. These satellites generate more than $1 billion dollars in satellite services revenue in North America alone.”

In a filing last July, the Satellite Industry Group tried to poke holes in Qualcomm’s interference analysis:

Qualcomm’s technical analysis of interference from FSS into ATG airborne stations is based on a number of unsupported assumptions. Qualcomm divides the VSATs [satellite ground stations] that are located within a 300 km radius of the aircraft into two groups—those that are located north of the aircraft and those that are located south of the aircraft. With regard to the south-side VSATs, Qualcomm assumed that many VSAT installations will be fully shadowed by other buildings in direction of the receiving aircraft in estimating that only 25% of the south-side VSATs have an unobstructed view of the aircraft. These assumptions are highly subjective and Qualcomm has provided no evidence to support its assumptions.

Further, the SIA said, “Qualcomm has not shown that demand for in-flight passenger connectivity cannot be met by terrestrial or satellite-based deployments in existing frequency allocations that do not pose the same sharing difficulties as the proposed secondary ATG service.”

Qualcomm says otherwise, of course. “Current in-flight communication systems are either too expensive or data capacity limited and thus will be unable to support the increasing data demands of consumers,” Qualcomm’s proposal states. “In contrast to the relatively low-cost terrestrial-based system proposed herein, satellite-based systems have much higher equipment costs and potentially crippling latency issues, and thus have been deployed with marginal success.”

American Airlines submitted a filing supporting the Qualcomm proposal, saying, “The service will be important to satisfying air travelers’ increasing demands for mobile broadband data.” Delta Air Lines filed similarly positive remarks about the Qualcomm plan. “Delta believes the proposal could successfully co-exist with current and future, primary and secondary users of the 14.0 to 14.5GHz band, using the beam and power level management techniques detailed in Qualcomm’s proposal,” Delta wrote.

Boeing disagrees, saying it “believes that gaps and inconsistencies in the technical information cast doubt on an ATG system’s ability to protect and tolerate interference from existing Fixed Satellite Service (‘FSS’) operations and future Non-Geostationary Satellite Orbit (‘NGSO’) operations in the band.” Boeing further noted that “the Petition focuses on the intensively used 14.0-14.5GHz band in disregard of plausible alternative bands, including the similarly allocated and under-used High Altitude Platform Station (“HAPS”) spectrum at 47GHz.”

Row 44, a provider of satellite Internet to Southwest and other airlines, dismissed the idea that Qualcomm’s service is necessary and seems worried that Qualcomm’s service would benefit Gogo. In an FCC filing, Row 44 stated:

GoGo, Inc. (“GoGo”), the principal customer for Qualcomm’s existing ATG service technology, has expressed substantial support for the proposal. Yet even GoGo’s comments raise significant questions regarding its own commitment to large-scale provision of in-flight broadband services using terrestrial ATG technology.

Specifically, GoGo indicates that it is moving toward relying on Ka-band satellite technology for the delivery of broadband services on board aircraft, but notes that “satellite may not always provide the best solution for all aircraft and all customers.”

This implied future reliance on satellite-delivered services to meet the needs of GoGo’s primary airline customers suggests that its remaining terrestrial service is expected to serve more as an adjunct for niche customers than as a primary means of broadband service delivery. This raises the question whether an additional spectrum allocation for ATG service is really needed even for GoGo’s expressed purposes.

Panasonic Avionics Corporation, an in-flight entertainment and communications company, also raised interference concerns. The National Radio Astronomy Observatory weighed in as well, saying the Qualcomm system must be built carefully to minimize direct interference with astronomy sites. “Additional restrictions to ATG operations may be necessary,” the group said.

A complex decision for the FCC

Complicating matters even further, the Utilities Telecom Council and a company called Winchester Cator have proposed new smart grid and emergency communications uses for the 14.0-14.5GHz band. UTC and Winchester Cator have asked the FCC to consider its proposal alongside Qualcomm’s, instead of in separate proceedings.

Departing FCC Chairman Julius Genachowski has argued on behalf of greater use of electronic devices during airplane flights. The FCC has shown a willingness to block proposals that might interfere with existing systems, such as when it killed LightSquared’s proposal to build a cellular network that would have interfered with GPS systems. Qualcomm’s in-flight Internet proposal will be just one of many complex issues to be addressed by newly nominated FCC Chairman Tom Wheeler.

Source:  arstechnica.com

Internet Explorer zero-day exploit targets nuclear weapons researchers

Monday, May 6th, 2013

“Watering hole” attack targets workers browsing federal government website.

Attackers exploited a previously unknown and currently unpatched security bug in Microsoft’s Internet Explorer browser to surreptitiously install malware on the computers of federal government workers involved in nuclear weapons research, researchers said Friday.

The attack code appears to have exploited a zero-day vulnerability in IE version 8 when running on Windows XP, researchers from security firm Invincea said in a blog post. The researchers have received reports that IE running on Windows 7 is susceptible to the same exploit but have not been able to independently confirm that. Versions 6 and 7 of the Microsoft browser don’t appear to be vulnerable.

Update: In an advisory published a couple hours after this article went live, Microsoft confirmed a code-execution vulnerability in IE8. Versions 6, 7, 9, and 10 of the browser are immune to the exploit. People using IE8 should upgrade to versions 9 or 10, if at all possible. Those who are unable to move away from version 8 should take the following mitigations:

  • Set Internet and local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones
    This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
    This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

The attack was triggered by a US Department of Labor website that was compromised to redirect visitors to a series of intermediary addresses that ultimately exploited the vulnerability, according to Invincea. The exploit caused vulnerable Windows machines to be compromised by “Poison Ivy,” a notorious backdoor trojan that had been modified so it was detected by only two of 46 major antivirus programs in the hours immediately following the attack. The specific webpages that were hacked dealt with illnesses suffered by employees and contractors developing atomic weapons for the Department of Energy, the blog post said, citing this report from NextGov. That’s consistent with so-called “watering hole” attacks, in which employees of a targeted organization are infected by planting malware on the sites they’re known to frequent.

“The target of this attack appears to be employees of the Dept of Energy that likely work in nuclear weapons research,” Invincea researchers wrote in a separate report published Wednesday. The report went on to cite this technical analysis from security firm AlienVault. It found indicators in the command servers Poison Ivy contacted that the attack was carried out by “DeepPanda,” a group of hackers believed to be located in China and carry out espionage attacks on other countries.

Initial reports about the Department of Labor website compromise said an older IE vulnerability that Microsoft patched in January had been exploited. It was only in Friday’s report that Invincea said this assessment is incorrect.

“For non-Invincea users, there are no known mitigations for this exploit that is currently in the wild,” Friday’s report warned. “For users of IE8, there is no patch currently available and with this exploit being out in the wild, the potential risk for damage is high.”

Source:  arstechnica.com

Alaska phishing pupils take over classroom computers

Friday, May 3rd, 2013

A group of pupils at a middle school in Alaska took control of their classroom computers after phishing for administrator privileges.

They asked teachers at Schoenbar Middle School, for 12 to 13-year-olds, to enter admin names and passwords to accept a false software update, according to reports.

The pupils used those details to access and control classmates’ PCs.

Classmates then complained that their computers were not responding normally.

Associated Press said that at least 18 pupils were involved in the phishing, which gave them control over 300 computers allocated for student use at the school in the Alaskan town of Ketchikan.

Those computers have now been seized.

“I don’t believe any hardware issues were compromised,” Casey Robinson, the principal, told community radio station Ketchikan FM.

He said: “No software issues were compromised. I don’t think there was any personal information compromised. Now that we have all the machines back in our control, nothing new can happen.”

Mr Robinson added there would be a review of the way that devices are maintained.

“How we do business is definitely going to have to change when it comes to updating programs and resources that we have on the machines,” Mr Robinson said.

“Yes, something new is going to have to happen.”

Source:  BBC

Systems manager arrested for hacking former employer’s network

Friday, May 3rd, 2013

He allegedly caused over US$90,000 in damages, the FBI said

A 41-year-old systems manager was arrested for allegedly disrupting his former employer’s network after he was passed over for promotions, leading him to quit his job and take revenge, the FBI said.

Michael Meneses of Smithtown, N.Y., who worked for a company that manufactures high-voltage power supplies, allegedly caused the company more than $90,000 in damages, the FBI New York Field Office said Thursday.

Meneses was employed at the company until January 2012, where he specialized in developing and customizing software the company used to run its business operations, according to the FBI. He was one of two employees responsible for ensuring that the software ran smoothly in order to keep production planning, purchasing and inventory control operating efficiently, it said. This role gave Meneses high-level access to the company’s network, the FBI added.

After being passed over for promotions, he allegedly expressed his displeasure and resigned in December 2011, the FBI said. His network access was terminated, but Meneses allegedly found a way to launch a three-week campaign to cause damage to his former employer after getting unauthorized access to the network, the FBI added.

He allegedly hacked into the company’s network, stole former co-workers security credentials, including by writing a program to capture log-in names and passwords, according to the FBI. The information was then used to remotely access the company’s network using a virtual private network to corrupt the company’s network from Meneses’ home and from a hotel close to his new employer, the FBI said.

“Meneses’ efforts ranged from using a former colleague’s e-mail account to discourage new applicants from taking Meneses’ position, to sending commands to alter the business calendar by one month, disrupting the company’s production and finance operations,” the FBI said.

As the complaint alleges, the defendant “engaged in a 21st Century campaign of cyber-vandalism and high-tech revenge,” Loretta E. Lynch, U.S. attorney for the Eastern District of New York, stated in the release.

Meneses appeared in the U.S. District Court, Eastern District of New York in Central Islip, Long Island on Thursday where he denied the allegations and was released on a $50,000 bond, according to a New York Times report. The affected company was referred to in the report as Spellman High Voltage Electronics Corporation.

If convicted, Meneses faces a statutory maximum sentence of 10 years in prison, a $250,000 fine, and restitution, the FBI said.

Source:  computerworld.com

Financial traders turn to lasers for faster deals

Thursday, May 2nd, 2013

In the world of computerised financial trading, every second counts and superfast fibre-optic networks may no longer be quick enough.

Laser beam technology originally developed for the military is being rolled out to shave time off trades.

It will compete with new microwave networks that are increasingly being used by traders.

The company behind it, Anova, said it would be as fast as microwave networks and as reliable as fibre.

“There is more money being poured into this… space than at any time in its history,” said chief executive Mike Persico.

The company has formed a joint venture with AOptix, which was founded by two California scientists who developed the laser technology for the US military to improve communication between fighter jets.

Initially the system, which combines lasers and wireless dishes, will be rolled out on short-range US and UK networks, with the first long-haul route between the UK and Germany being added later.

High-frequency trading (HFT) is driven by complex algorithms that allow traders to jump ahead of competitors by exploiting minute discrepancies in price on exchanges in different cities.

Market volatility

In such trading, every millisecond counts and the competition to provide ever-faster trading networks is fierce.

The first microwave connection between London and Frankfurt was turned on last October by Perseus Telecom.

According to the company, the system cut about 40% off the time taken to complete a trade compared with traditional fibre-optic networks.

They cannot entirely replace fibre optics because the signal can be disrupted by bad weather and the network has limited capacity.

HFT in Europe is believed to account for nearly 40% of total equities trading, generating 6.7tn euros (£5.6tn) a year.

The method is controversial and has also been blamed for causing market volatilities, such as the notorious flash crash in May 2010 that wiped 10% off the value of the stock market in minutes.

Increasingly regulators are looking at ways to bring in tougher rules for such trading.

Other technologies that may be used in future to help make trades even faster include the use of drones as platforms for wireless links.

Source:  BBC

U.S. Department of Labor website infected with malware

Wednesday, May 1st, 2013

The malware has been linked to a China-based hacking campaign that struck a Fortune 500 company in 2011

A subdomain of a U.S. Department of Labor website appeared offline on Wednesday after an apparent hack that looks similar to a known China-based hacking campaign nicknamed DeepPanda.

The tampered page, called Site Exposure Matrices (SEM), contains information on toxic substances at U.S. Department of Energy facilities, according to security vendors AlienVault and Invincea.

Hackers planted code on the main SEM page which redirected victims to other pages within the department’s website that attacked visitors’ computers. Invincea wrote that the site has been fixed, but it appeared to be offline late Wednesday.

When someone was redirected to an infected page, a script surveyed the computer to figure out what versions of software such as Microsoft Office, Adobe Systems’ Reader, Java or various antivirus programs it is running, wrote Jamie Blasco, director of AlienVault’s Labs.

The attack code then tries to exploit a vulnerability in older versions of Internet Explorer, wrote Anup Ghosh, founder and CEO of Invincea. The vulnerability, CVE-2012-4792, has been patched by Microsoft.

The style of attack is known as a drive-by download. It is particularly dangerous since potential victims merely need to visit a site in order for the attack to be executed.

Once installed, the malicious software attempts to contact a command-and-control server using a protocol linked with “a known chinese actor called DeepPanda,” Blasco wrote.

The department could not be immediately reached for comment.

The security company CrowdStrike published a white paper that described DeepPanda as a China-based operation that tried to attack a large Fortune 500 company in December 2011. That attack sought to install remote-access Trojans (RATs), which would allow hackers to steal information from an infected computer.

The U.S. and China have clashed in recent months over cybersecurity. U.S. companies have become increasingly vocal over what they say are technically sophisticated long-term infiltration campaigns originating from within China.

Source:  computerworld.com