Exploiting Weakness in RSA Security Technology

0 | March 4th, 2010 | Posted in Computers, Internet, Technology, software

Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and e-commerce servers. RSA authentication is susceptible, they say, to changes in the voltage supply to a private key holder. While guessing the 1,000-plus digits of binary code in a private key would take unfathomable hours, the researchers say that by varying electric current to a secured computer using an inexpensive purpose-built device they were able to stress out the computer and figure out the 1,024-bit private key in about 100 hours – all without leaving a trace. The researchers in their paper outline how they made the attack (PDF) on a SPARC system running Linux.

Courtesy of slashdot.com

Tagged in: , , ,

How To of ‘Aurora’ Attack

0 | March 1st, 2010 | Posted in Computers, Internet, Technology, software

Do you have branch offices in China? iSec has published a new report outlining the severity of the attacks on Google.cn, allegedly by the Chinese government, dubbed ‘Aurora’ attacks. Up to 100 companies were victims, and some are speculating that resistance to such attacks is futile. The report lays out the shape of the attacks — which were customized per-company based on installed vulnerable software and antivirus protection:

1. The attacker socially engineers a victim, often in an overseas office, to visit a malicious website.

2. This website uses a browser vulnerability to load custom malware on the initial victim’s machine.

3. The malware calls out to a control server, likely identified by a dynamic DNS address.

4. The attacker escalates his privilege on the corporate Windows network, using cached or local administrator credentials.

5. The attacker attempts to access an Active Directory server to obtain the password database, which can be cracked onsite or offsite.

6. The attacker uses cracked credentials to obtain VPN access, or creates a fake user in the VPN access server.

7. At this point, the attack varies based upon the victim. The attacker may steal administrator credentials to access production systems, obtain source code from a source repository, access data hosted at the victim, or explore Intranet sites for valuable intellectual property.’ The report also has pages of recommendations as well as lessons learned, which any systems administrator — even those inside the US — should read and take note of.

Courtesy of slashdot.com

NHTSA Has No Engineers to Investigate Toyota

0 | February 23rd, 2010 | Posted in Technology

An official from the National Highway Traffic Safety Administration told investigators that the agency doesn’t employ any electrical engineers or software engineers, leaving them woefully unable to investigate correctly what caused the most recent Toyota recall. A modern luxury car has something close to 100 million lines of software code in it, running on 70 to 100 microprocessors. And according to consultant Frost & Sullivan, that number will rise to 200 to 300 million lines within a few years. And the software that controls the ‘drive-by-wire’ accelerators of Toyota and Lexus vehicles is one potential culprit in the tangled collection of issues, allegations, and recalls of many of those vehicles for so-called ’sudden acceleration’ problems.

Courtesy of slashdot.com

Microsoft Announces New Mobile OS

0 | February 15th, 2010 | Posted in Technology

Microsoft on Monday announced its next-generation mobile operating system Windows Phone 7 Series, which will bring together the Zune multimedia experience and Xbox Live gaming to mobile phones worldwide.

Manufacturers have already begun building phones featuring Windows Phone 7 Series with plans for release by the 2010 holiday season, according to Microsoft. Manufacturers on board include Dell, Garmin, Asus, HTC, Hewlett-Packard, LG, Samsung, Sony Ericsson and Toshiba.

Carrier partners include AT&T, T-Mobile USA, Verizon Wireless, Sprint, Deutsche Telekom AG, Orange, SFR, Telecom Italia, Telefónica, Telstra, and Vodafone.

Microsoft did not announce its own phone hardware. However, the software giant is working more closely than it has in the past with manufacturing partners in the design process of their phone hardware. For example, each Windows 7 Series phone will include a dedicated hardware button to access Microsoft’s Bing search tool with one click.

“In a crowded market filled with phones that look the same and do the same things, I challenged the team to deliver a different kind of mobile experience,” said Steve Ballmer, chief executive officer of Microsoft, in a press statement. “Windows Phone 7 Series marks a turning point toward phones that truly reflect the speed of people’s lives and their need to connect to other people and all kinds of seamless experiences.”

Courtesy of wired.com

IBM shows US Air Force Value of Cloud Computing

0 | February 4th, 2010 | Posted in Technology

SAN FRANCISCO (AFP) – IBM said Thursday it has been enlisted by the US Air Force to show how defense and intelligence networks can safely soar into the online software “cloud.”

“Our goal is to demonstrate how cloud computing can be a tool to enable our Air Force to manage, monitor and secure the information flowing through our network,” said Lieutenant General William Lord, chief information officer for the military branch.

Cloud computing has grown increasingly popular as businesses cut costs and technology maintenance woes by essentially renting software applications hosted online instead of buying and installing programs on their own machines.

The Air Force has contracted IBM to develop a private cloud computing “architecture” that improves “all operational, analytical and security capabilities,” according to Lord.

IBM said the 10-month-project will “push the technology boundaries” of cloud computing to tailor a system for a military network that includes nine major commands, nearly 100 bases, and 700,000 active personnel worldwide.

A key component of the system will be “stream computing” that couples sensors and monitors to quickly analyze flowing data for “actionable insights” into cyberattacks or network problems, according to IBM.

“This instant access to information would enable Air Force officials to automatically shift the prevention environment based on rules-based protocols in the event of a cyberattack or network anomalies,” IBM said.

In what might seem a page from science fiction, the system will also feature “autonomic computing” allowing it to “retune itself” without human intervention.

Courtesy of Yahoo! News

Data Breaches Cost Over $200 per Customer Record

0 | January 25th, 2010 | Posted in Computers, Internet, software

The cost of a data breach increased last year to $204 per compromised customer record, according to the Ponemon Institute’s annual study. The average total cost of a data breach rose from $6.65 million in 2008 to $6.75 million in 2009. The Ponemon Institute based its estimates on data from 45 companies that publicly acknowledged a breach of sensitive customer data last year and were willing to discuss it. In tallying the cost of a data breach, the Ponemon Institute looks at several factors, including: the cost of lost business because of an incident; legal fees; disclosure expenses related to customer contact and public response; consulting help; and remediation expenses such as technology and training.

Courtesy of slashdot.org

Google Investigating Employees in China

0 | January 18th, 2010 | Posted in Computers, Technology, software

The Guardian is reporting that Google China is investigating its staff about The Incident. “”We’re not commenting on rumor and speculation. This is an ongoing investigation and we simply cannot comment on the details,” a Google spokeswoman said. Security analysts told Reuters the malicious software or malware used in the attack was a modification of a trojan called Hydraq. A trojan is a hidden program allowing unauthorized access to a computer. The analysts said the sophistication in the attack was in knowing whom to attack, not the malware itself.

Courtesy of Slashdot.org

Tagged in: , , ,

Best Buy “Optimization” Harms Performance

0 | January 14th, 2010 | Posted in Computers, Technology, software

The Consumerist deconstructs the appalling ‘optimization’ service that Best Buy has been pushing on consumers in recent weeks. The retailer charges 40 bucks to give you a slower PC and makes bizarre claims that it makes it go 200% faster. ‘We ran the 3DMark 2003 graphics benchmark on each laptop, comparing optimized and non-optimized settings. For two of our samples, the Gateway and Toshiba, performance changes were negligible. On the Asus laptop, however, optimized tests actually scored about 32% worse than the non-optimized setup. We have been unable to isolate the source of this performance change. On none of the three tested laptops did the optimized settings give a performance boost in our test.,” said a representative.

Courtesy of slashdot.com

Tagged in: , , ,

Google Docs to Allow Storage of Any File Type

0 | January 12th, 2010 | Posted in Computers, Internet, Technology, software

Google is opening up its Docs hosted office productivity suite so that users can store any type of file in it, giving the popular software-as-a-service product an important online storage component.

The functionality will be rolled out over the coming weeks to all Docs users, both the ones who use the stand-alone suite as well as those who use it as part of the broader communication and collaboration Apps suite for organizations.

Now, Docs users will be able to store all their important files in a single place online, where they can access them from anywhere and share them with other people, according to Google.

“This is a natural extension and progression of what we’ve been doing with Google Docs,” said Vijay Bangaru, Google Docs product manager.

One thing it’s not, according to Bangaru, is the G-drive, the often-rumored cloud storage service from Google that has yet to see the light of day. “On the consumer side, this isn’t a virtual drive. There isn’t a client that’s going to help you sync terabytes to the cloud,” he said.

Google did work with some partners that built applications that take advantage of this new functionality via a Docs API (application programming interface). Those external applications were built specifically for users of the Premier version of Apps, which is the most sophisticated and the only one that is fee-based, priced at US$50 per user, per year. Companies that use Apps Premier will also be able to build their own applications in-house using the API.

Just because users will be able to store any type of file on Google Docs doesn’t mean, however, that they will necessarily be able to work on those files on the Docs cloud, as is possible in the suite today with Adobe PDF files, Microsoft Office files and, of course, the native Docs file formats.

“Unfortunately, it’s not possible to write Web editors for every file content out there,” he said. In those cases, users will be able to access the files online and share them with others, but in order to work on them, they’ll have to download them to their PCs and fire up the necessary application.

Along with the new capabilities, Google is lifting the ceiling on file sizes to 250MB. Users of the stand-alone Docs suite will have 1GB of free storage for files stored in their native formats, as opposed to converted to a native Docs format. They’ll be able to buy additional storage for $0.25 per gigabyte per year. Google Apps users will also get 1GB of storage, and will have the ability to buy additional storage for $3.50 per gigabyte per year.

While Docs currently doesn’t have one-click buttons to post or publish files to third-party sites and services like Facebook, Google isn’t closing the door on adding that functionality and more.

“The idea behind this feature is that it’s really an opportunity for Google to invest in cloud storage and provide value added services to its users around sharing files, uploading files and being able to collaborate and search on all of that content,” said Anil Sabharwal, Google Docs product manager. “There’s a great opportunity for us to provide value-added services on top of any of those file types.”

Courtesy of PC World

Tagged in: , ,

MagicJack to Launch Service for Cell Phones

0 | January 11th, 2010 | Posted in Technology

Ymax, the inventor of the magicJack, told attendees at the recent Consumer Electronics Show that it will develop a consumer femtocell that will allow consumers to place cell-phone calls without using their minutes.

The unnamed femtocell will be priced at about $40 and be available during the second quarter, a company spokeswoman said Monday.

Femtocells essentially are routers that allow a user’s cell phone to connect to them, as opposed to Wi-Fi or an Ethernet connection. Users can place a call on a femtocell via a cell phone, like an ordinary cell-phone tower owned by Sprint, T-Mobile, or another carrier. Verizon, for example, announced its own femtocell in January 2009. Because they use the home’s broadband connection as a backhaul, however, a femtocell user doesn’t actually access the cell-phone network, saving his or her allotted minutes.

Our PC Fixer clients using magicJack rave about how useful and convenient it is.  Now, magicJack Users will be able to connect to their own magicJack device but also other femtocell-enabled magicJacks at friends’ houses and businesses. All the user has to do is come within eight feet of the magicJack one time to register the connection and then talk away within a range of a 3000 square foot house, according to Ymax.

MagicJack’s femtocell will work with its existing magicJack service, which costs $19.95 per year. The service originally won a PC Magazine Editor’s Choice award (which has been heavily promoted by the company), but subsequent call-center and support problems caused us to lower its rating.

Ymax also said that it would soon announce a standalone version of its technology to compete with Skype.

Courtesy of PC Magazine

PXR9B8N6PD7Y

RSS for Posts RSS for Comments