Everybody knows, or ought to know, about the risks of being hacked. But it’s easy to slip into a level of denial about an amorphous threat and get careless if you don’t think anybody is out specifically to get you. But what if a group of somebodies is out to get you, and you know they are and exactly who they are, because you arranged for them to try? That is what New York University Professor and PandoDaily editor Adam Penenberg did with Trustwave’s advanced research and ethical hacking team, SpiderLabs. He challenged them to conduct a personal “pen test” on him. Adam Penenberg And the answer, at least in his case, is that knowing that they were out to get him didn’t stop them. He got hacked. As he wrote, in , while conducting a class at NYU, “without warning, my computer freezes.
Distributed denial-of-service attacks against financial firms and other industries have been mounting, so last week the Cloud Security Alliance (CSA) announced it is establishing the Anti-Bot Working Group to help fight this threat. The CSA, the organization formed to set standards for best practices and security in has set up the Anti-Bot Working Group because crippling DDoS attacks launched against business websites and networks often originate within hosting facilities that have been compromised. It happens when attackers remotely take over the hosting provider’s servers in order to direct streams of destructive traffic at a target. Shelbi Rombout Shelbi Rombout, senior vice president and partnership executive for cybersecurity at US Bank, is chairing the CSA’s Anti-Bot Working Group, and she describes it as an effort to raise awareness about the problem and push for ways to through cloud-based facilities.
Once upon a time some Carnegie Mellon University researchers came up with a scheme to use stories and pictures to help users live happily ever after by creating and remembering dozens of passwords and avoiding use of the exact same passwords for multiple sites. The trick, though, is that users need to repeat and practice those one-sentence stories a lot at the start so that the tales and related images stick in their heads. The photos serve as mnemonic devices to trigger memories of the stories and words that can be used to Jeremiah Blocki ”If you can memorize nine stories, our system can generate distinct passwords for 126 accounts,” says Jeremiah Blocki, a Ph.D. student in Carnegie Mellon’s Computer Science Department, in a statement regarding these “naturally rehearsing passwords.”
Recent successes for in the U.S. and Europe continue to be overshadowed by challenges the platform faces in China and elsewhere. The Windows Phone operating system still ranks third globally, far behind Android and iOS, yet most experts say it will have staying power for years to come. That’s because software giant Microsoft has deep pockets and clearly wants to keep the OS durable. Microsoft and Windows Phone will also get boosts as the company converges the mobile OS into the Windows operating system. Smartphones running the Windows Phone OS took nearly 5 percent market share in the U.S. in the third quarter ending September 30, and topped 10 percent in the combined five-biggest European countries, according to from market research firm Kantar Worldpanel ComTech. The momentum for Windows Phone comes from low-cost handsets, such as the
On any given day cybercriminals and nation states are in possession of as many as 100 zero-day software exploits known only to them, NSS Labs has calculated using the commercial vulnerability market as a baseline. NSS Labs research director Dr. Stefan Frei reached this startling conclusion ). NSS found that iDefense’s Vulnerability Contributor Program (VCP) and HP TippingPoint’s Zero Day Initiative (ZDI) have from birth to late September 2013 published a total of 2392 vulnerabilities with an average time from purchase to of 133 days for the VCP and 174 days for the ZDI. In Frei’s view, this confirms the conventional wisdom that are remaining private and potentially exploitable in attacks for long periods of time; if legitimate vendors take an average of 153 days or five months to make flaws public, cybercriminals are surely able to keep them secret for even longer.
Touch-ready notebook PCs will account for about 11 percent of all laptops shipped this year, an improvement over 2012 when customers had few choices if they wanted to smudge screens, a market research analyst said today. But touch remains a tough sell, said Richard Shim of NPD DisplaySearch. ”Customers think, ‘I shouldn’t have to pay extra for touch, I get it free on my smartphone and tablet,’” said Shim of the premium prices that still dominate touch notebooks. “And there are really no apps that are forcing or encouraging consumers to adopt touch.” Shipments continue to climb
Microsoft is wrapping up the year’s Patch Tuesday bulletins next week with 11 more fixes, pushing the total for 2013 to 106, up from last year’s total of 83. Five bulletins ranked critical all hold the potential for enabling remote code execution on victimized machines and affect a wide range of platforms including most versions of Windows, Windows Server, Internet Explorer, SharePoint and Exchange. The patches will include a remedy for a flaw in Microsoft Graphics that leaves Microsoft Office and Lync apps and Windows open to attack. Common exploits of the vulnerability include a Word file containing a malicious .TIFF image that leads to the attacker gaining control of the machine with current user rights. “In this vulnerability, an attacker needs to convince a user to preview or open a bad TIFF image for exploitation,” says Paul Henry, a forensics and security analyst for Lumension. “Because we know persuading users to click isn’t always that hard to do, a patch for this one is definitely welcome.” The problem and exploits in the wild were discovered last month, but Microsoft didn’t deem it worth an out-of-band fix.
Users are again reminded to select strong passwords and update often, as almost 2 million stolen website and email login credentials were found on a botnet command-and-control server. Most of the compromised accounts belong to Facebook, Google, Yahoo, Twitter, LinkedIn and other popular services. Security vendor Trustwave discovered the C&C server, which was located in the Netherlands. Creators of the botnet, comprised of more than 93,000 compromised personal computers, used malware and management software known as Pony. The credentials were not stolen directly from the sites, but from the compromised personal computers, John Miller, security research manager at Trustwave, said Wednesday. The PCs were infected with the Pony malware, which had been installed when the computer users clicked on a malicious link sent via spam. ”Even though they’re accounts for online services such as Facebook, LinkedIn, Twitter and Google, it’s not a result of any weakness on those companies’ networks,” Miller said.
AT&T wants to silence a shareholder proposal that it disclose the government requests it receives for customer information, rejecting a step that Google, Microsoft and other Internet companies have already taken. The proposal calls on AT&T to publish semi-annual reports about the information requests it receives from U.S. and foreign governments. Under the plan, the reports would be subject to existing laws and omit proprietary information. The language was submitted by the New York State Common Retirement Fund and other AT&T shareholders after recent revelations about telecommunications and Internet snooping by the National Security Agency (NSA) and other U.S. agencies. On Thursday, AT&T asked the U.S. Securities and Exchange Commission to agree that the company can leave the shareholder proposal off its proxy statement, which shareholders will vote on at its 2014 annual meeting. The request came in a on Friday. AT&T argued that it can throw out the proposal for several reasons, the central one being that it relates to its “ordinary business operations.” In addition, AT&T said the proposal relates to ongoing litigation and doesn’t focus on a significant policy issue, among other things.
Yahoo may soon be broadcasting more concerts following its acquisition of live music streaming startup Evntlive. Yahoo has acquired the young company as part of an effort to expand its entertainment offerings, a Yahoo spokeswoman confirmed Friday. It didn’t say how much it paid for Evntlive, which launched a beta of its service only this past April. Eight Evntlive employees will join Yahoo at its Sunnyvale, California, headquarters. The service will be shut down, however, and it remains to be seen how Yahoo will use the talent it has acquired.
The Nasdaq computer index Friday hit its highest point since November 2000, in the wake of the dot-com bust, despite mixed reports this week from the hardware and components sector. The Nasdaq computer index closed Friday at 1989.89, up 8.86 points for the day. Though analyst reports this week said PC and server sales continue to look grim, optimism about other aspects of the IT market and glimmers of good news about the economy in general boosted tech stocks and, more broadly, the major exchanges and indexes. For example, the Dow Jones Industrial Average, which last week closed above 16,000 for the first time, rose 198.69 points Friday to close at 16,020. All four tech stocks included in the Dow—IBM, Microsoft, Cisco and Intel—rose for the day. The recent stock market milestones are in nominal terms—they are not, for example, adjusted for inflation. But there has also been a string of reports that the U.S. economy is picking up steam. For example, the Labor Department said Friday that employers added 203,000 jobs last month after adding 200,000 in October. November’s job gains helped bring the unemployment rate down to 7 percent from 7.3 percent in October. The unemployment rate is now the lowest it has been in five years.
The U.S. Federal Communications Commission will aim to conduct auctions to sell spectrum now held by television stations to mobile broadband providers in mid-2015, the chairman of the agency said Friday. It’s important to release more spectrum for new, flexible uses, FCC Chairman Tom Wheeler . The FCC will balance demands for more commercial spectrum with the time the agency needs to run a successful auction, he said. The so-called incentive auction will involve a complicated process in which the FCC will auction off spectrum voluntarily turned over by TV stations in exchange for a cut of the winning bid. ”I have often defined the complexity of this multi-part simultaneous process as being like a Rubik’s cube,” Wheeler wrote. “As part of our auction system development, we will check and recheck the auction software and system components against the auction requirements, and under a variety of scenarios replicating real life conditions. Only when our software and systems are technically ready, user friendly, and thoroughly tested, will we start the auction.” Mobile carriers praised Wheeler’s plan, which would auction spectrum in the 600 MHz band, one of the best bands of spectrum for providing mobile broadband service.
Tripp Lite
The takeaway from recent revelations of widespread NSA spying is even the best security software is unlikely to keep out elite hackers. One frequently offered defense is to use a separate PC to access the Internet, but that’s hardly practical. So short of disconnecting your computer, how can you protect yourself? Thanks to the low price of RAM and availability of fast solid-state drives (SSDs), an increasingly appealing solution is to set up a virtual machine (VM) just for working with emails and browsing the Internet. This requires less hassle but offers heightened security by accessing the two likeliest attack vectors from what is effectively a security sandbox. Here’s how to set up your own VM. There are a number of virtualization products available for PC users. If budget is your main concern, is free for personal non-commercial use. If you use Windows 8 Pro or Enterprise, you can also take advantage of Hyper-V virtual machine manager. It isn’t installed by default, though, so you will need to go to Control Panel, Programs, and Programs and Features. Click on Turn Windows Features on or off, and select the checkbox under Hyper-V. A system restart is necessary to complete the installation. Users of Windows 8 Pro or Enterprise can install Hyper-V virtual machine manager from the Control Panel.
Apple is selling a 4K monitor from Sharp that could allay concerns of users looking to buy the upcoming Mac Pro desktop for ultra-high definition content creation. Sharp’s PN-K321 4K Ultra HD LED monitor, which displays images at a 3840 x 2160 pixel resolution, is for €3,999 (US$5,444) through Apple’s U.K. and other European online stores. The monitor is not yet listed on Apple’s U.S. online store. Some TVs and monitors already support 4K, the successor to current high-definition specifications in which images are displayed at a 1920 x 1080 pixel resolution. This Sharp monitor shows “four full HD screens on a single seamless display,” according to the product description on the website. Apple this month will ship the Mac Pro high-end desktop, which is largely aimed at creative professionals and engineers. The desktop has multiple graphics cards that will allow the creation of 4K content. Some buyers looking to pick up the new Mac Pro about the lack of a 4K display from Apple.
Microsoft said Friday that next week it will finally issue a patch for a vulnerability within its Microsoft Graphics (GDI+) component, one that is being actively targeted by attackers. However, it will not patch a Friday. In all, the patches will be released on Dec. 10, at about 10 AM PT, Microsoft said. The GDI+ vulnerability has been known about for at least a month; in November, Microsoft first began publishing . It affects the following software: “If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics (TIFF) image embedded in the document," Microsoft says. "An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user.”
Microsoft has quietly ended retail sales of Windows 7 licenses, according to a notice on its website. The company’s policies for shutting off sales to retailers and shipping licenses to OEMs (original equipment manufacturers) are , which was recently updated to show that Windows 7’s “retail end of sales” date was Oct. 30. The next deadline, marked as “End of sales for PCs with Windows preinstalled,” will be Oct. 30, 2014, less than a year away. Microsoft's end-of-life chart for Windows operating systems. (Click to enlarge.)
Smartphone-Dauernutzer können im Strassenverkehr schwere Unfälle verursachen - sogar, wenn sie nicht motorisiert sind. Eine japanische App soll nun Fussgänger sensibilisieren.
Eine neue App erstellt automatisch eine Chronik aus persönlichen und intimen Momenten. Im Gegensatz zu sozialen Plattformen erhalten Drittpersonen keinen Einblick in die Alben.
Via App werden während der Fahrt Daten zur Geschwindigkeit, den Umdrehungen und dem Aufenthaltsort dazu verwendet, im Auto zum Fahrstil passende Musik abzuspielen.
Smartphones sollen zukünftig auch dreidimensionale Objekte scannen können. So die Vision von Forschern der ETH, die das Verfahren erstmals präsentiert haben.
Nutzer von Internettauschbörsen sollen rechtlich belangt werden können. Dies schlägt die Arbeitsgruppe zur Modernisierung des Urheberrechts vor, die Bundesrätin Sommaruga gründete.
Unauffälliger soll sie sein und cooler aussehen: Google hat seine Datenbrille nochmals überarbeitet. Die Entwickler dürfen nun die neue Version testen.
LTE, Telefonie und Sprachqualität: Laut dem Magazin «Connect» hat Swisscom das beste Handynetz der Schweiz. Doch Orange und Sunrise sind dem Testsieger dicht auf den Fersen.
Mit findigen Tricks zur guten Note: Dank Smartwatches wird Mogeln bei Prüfungen einfacher. Kontrollen seien schwierig, so ein Entwickler.
Wann bewegt sich welches Handy wohin? Solche Daten von mindestens 100 Millionen Geräten weltweit erfasst die NSA. Dies geht aus Dokumenten aus dem Snowden-Bestand heraus.
Chip-Bauer Nvidia schiesst gegen Xbox One und PS4. Der Hardware-Hersteller behauptet, PCs seien zum Gamen das Beste. Die beiden neuen Konsolen laufen mit Chips des Erzrivalen AMD.
Alles, was vor die Kamera kommt, wird in Zahlen, Buchstaben und Sonderzeichen abgebildet. Ein Designbüro hat den ASCII-Code zur Kunstform erhoben.
Microsoft hat einen BH entwickelt, der mit Sensoren Stress erkennen kann. Das soll die Trägerinnen vor Essanfällen bewahren. Andere BHs schützen vor Krebs oder Grapschern.
Aus Sicherheitsgründen darf der US-Präsident kein iPhone als Diensthandy verwenden. Trotzdem kann er nicht auf Apple-Gadgets verzichten: Privat surft Obama auch mit seinem iPad.
Das Yotaphone ist das erste Smartphone aus Russland. Speziell daran: Neben einem herkömmlichen Touchscreen hat das Handy rückseitig ein E-Ink-Display, das immer eingeschaltet ist.