Sign up for our Technology Newsletter 
McAffee See Sure In Spam
The first three months of 2013 have seen a surge in spam volume, as well as a growing number of samples of the Koobface social networking worm and master boot record (MBR) infecting malware, according to antivirus vendor McAfee.
After remaining relatively stable throughout 2012, spam levels rose during the first quarter of 2013, reaching the highest volume seen in the past two years, McAfee said in a report released Monday.
The amount of spam originating from some countries rose dramatically, McAfee said. Spam from Belarus increased by 540% while spam originating in Kazakhstan grew 150%.
Cutwail, also known as Pushdo, was the most prevalent spam-sending botnet during the first quarter, McAfee said.
The increased Pushdo activity has recently been observed by other security companies as well. Last month, researchers from security firm Damballa found a new variant of the Pushdo malware that’s more resilient to coordinated takedown efforts.
On the malware front, McAfee has also seen a surge in the number of Koobface samples, which reached previously unseen levels during the first quarter of 2013. First discovered in 2008, Koobface is a worm that spreads via social networking sites, especially through Facebook, by hijacking user accounts.
The number of malware samples designed to infect a computer’s master boot record (MBR) also reached a record high during the first three months of 2013, after increasing during the last quarter of 2012 as well, McAfee said.
The MBR is a special section on a hard disk drive that contains information about its partitions and is used during the system startup operation. “Compromising the MBR offers an attacker a wide variety of control, persistence, and deep penetration,” the McAfee researchers said in the report.
The MBR attacks seen during the first quarter involved malware like StealthMBR, also known as Mebroot; Tidserv, also known as Alureon, TDSS and TDL; Cidox and Shamoon, they said.
Twitter’s Authentication Has Vulnerabilities
June 6, 2013 by admin
Filed under Around The Net
Comments Off on Twitter’s Authentication Has Vulnerabilities
Twitter’s SMS-based, two-factor authentication feature could be abused to lock users who have not enabled it for their accounts if attackers gain access to their log-in credentials, according to researchers from Finnish antivirus vendor F-Secure.
Twitter introduced two-factor authentication last week as an optional security feature in order to make it harder for attackers to hijack users’ accounts even if they manage to steal their usernames and passwords. If enabled, the feature introduces a second authentication factor in the form of secret codes sent via SMS.
According to Sean Sullivan, a security advisor at F-Secure, attackers could actually abuse this feature in order to prolong their unauthorized access to those accounts that don’t have two-factor authentication enabled. The researcher first described the issue Friday in a blog post.
An attacker who steals someone’s log-in credentials, via phishing or some other method, could associate a prepaid phone number with that person’s account and then turn on two-factor authentication, Sullivan said Monday. If that happens, the real owner won’t be able to recover the account by simply performing a password reset, and will have to contact Twitter support, he said.
This is possible because Twitter doesn’t use any additional method to verify that whoever has access to an account via Twitter’s website is also authorized to enable two-factor authentication.
When the two-factor authentication option called “Account Security” is first enabled on the account settings page, the site asks users if they successfully received a test message sent to their phone. Users can simply click “yes,” even if they didn’t receive the message, Sullivan said.
Instead, Twitter should send a confirmation link to the email address associated with the account for the account owner to click in order to confirm that two-factor authentication should be enabled, Sullivan said.
As it is, the researcher is concerned that this feature could be abused by determined attackers like the Syrian Electronic Army, a hacker group that recently hijacked the Twitter accounts of several news organizations, in order to prolong their unauthorized access to compromised accounts.
Some security researchers already expressed their belief that Twitter’s two-factor authentication feature in its current implementation is impractical for news organizations and companies with geographically dispersed social media teams, where different employees have access to the same Twitter account and cannot share a single phone number for authentication.
Twitter did not immediately respond to a request for comment regarding the issue described by Sullivan.
Xerox Moving Into IT Services
Printer and copier maker Xerox Corp forecast current-quarter earnings below estimates as it quickens efforts to transform itself into a technology services provider.
Xerox, whose shares were little changed at midday, also offers services such as managing toll systems and healthcare programs to counter sluggish growth in its printers and copiers business, which accounts for about 40 percent of its revenue.
Services is now the larger part of the company’s business and lower margins in IT and business process outsourcing is dragging overall margins.
The company said it expects second-quarter revenue from its document technology business, which includes printers and copiers, to decline in the mid-single digits. Revenue fell 9 percent to $2.14 billion in the business in the first quarter.
Based in Norwalk, Connecticut, Xerox moved into business services with its purchase of Affiliated Computer Services Inc (ACS) for $5.5 billion in 2009 – the company’s biggest deal in its 106-year history.
Xerox said it plans to quicken the pace of a restructuring plan kicked off in the last quarter of 2012 and included a 2-cent restructuring charge in its second-quarter forecast.
Xerox said it expects flattish revenue for the full year, compared with previous expectations of up to a 2 percent growth, it said on a conference call with analysts.
The company said it was on track to reach its target of adjusted EPS of $1.09 to $1.15 for the full year and to generate operating cash flow of $2.1 billion to $2.4 billion.
“Europe remains weak. US remains stable, but weak. We have not seen a pickup in the US,” Xerox CEO Ursula Burns said on a conference call with analysts.
“We did see a slowdown, a bit of a slowdown, in some developing market economies. But our business model is fairly resilient in the developing markets,” she said.
LinkedIn DropS BWP API
February 18, 2013 by admin
Filed under Around The Net
Comments Off on LinkedIn DropS BWP API
LinkedIn has shut off its API access to “Bang With Professionals,” a Web service that was intended to facilitate more, say, intimate connections among users of the business-oriented social networking site.
The service was designed to allow LinkedIn users to anonymously search for people in their LinkedIn network who would be interested in meeting up for casual sex.
“We all had a good laugh,” the founders of Bang With Professionals said on last Friday on the website, less than a month after its launch. “We all knew it was a matter of time before our API key was revoked.”
LinkedIn said it shut off API (application programming interface) access for the free site, which was intended to work on all desktops and mobile devices, because it violated the social network’s terms of use in a manner that was “inconsistent with the goals of our developer program.”
Among other things, API access isn’t allowed for any application that contains or displays adult content.
Data about the site’s 6,000 subscribers is safe and all their user IDs have been deleted, the founders said. The only thing that remains now is the site’slanding page.
The origins of Bang With Professionals are not unique in the fast-paced social networking landscape. The site was built “by two guys in three days,” the landing page says. The total launch cost was US$57: $40 for stock images, $12 for the domain name and $5 for an account on the server CloudFlare.
The Twitter handle for the site has since been deactivated, but at press time, the Bang With Professionals blog on Tumblr was still accessible.
AP Goes With Twitter
January 14, 2013 by admin
Filed under Around The Net
Comments Off on AP Goes With Twitter
The Associated Press began using its official Twitter account as an advertising platform on Monday, as the news organization looks for new ways to generate revenue.
Samsung Electronics Co Ltd was the first sponsor on the @ap account for breaking news, which is followed by 1.5 million Twitter users. The South Korean electronics maker’s initial “SPONSORED TWEET” promoted its events at the 2013 Consumer Electronics Show in Las Vegas this week.
AP did not disclose financial details of the arrangement.
Twitter, which sells ads directly to make money from the social media’s monthly base of 200 million users, will not receive any proceeds from the AP-Samsung deal.
The AP called the initiative part of a new business strategy and stressed that sponsored tweets will clearly be labeled to differentiate them from news tweets.
The ads provide AP a new income source as news organizations from newspapers to television face severe revenue declines in the face of high production costs.
While the AP was founded in 1846 by U.S. newspapers as a breaking news conduit, only 22 percent of its revenue comes from member fees. Photo licensing, advertising on its news application AP Mobile and YouTube channel are other revenue streams.
Passwords Continue As The Weakest Link
Comments Off on Passwords Continue As The Weakest Link
Passwords aren’t the only failure point in many recent widely publicized intrusions by hackers.
But passwords played a part in the perfect storm of users, service providers and technology failures that can result in epic network disasters. Password-based security mechanisms — which can be cracked, reset and socially engineered — no longer suffice in the era of cloud computing.
The problem is this: The more complex a password is, the harder it is to guess and the more secure it is. But the more complex a password is, the more likely it is to be written down or otherwise stored in an easily accessible location, and therefore the less secure it is. And the killer corollary: If a password is stolen, its relative simplicity or complexity becomes irrelevant.
Password security is the common cold of our technological age, a persistent problem that we can’t seem to solve. The technologies that promised to reduce our dependence on passwords — biometrics, smart cards, key fobs, tokens — have all thus far fallen short in terms of cost, reliability or other attributes. And yet, as ongoing news reports about password breaches show, password management is now more important than ever.
All of which makes password management a nightmare for IT shops. “IT faces competing interests,” says Forrester analyst Eve Maler. “They want to be compliant and secure, but they also want to be fast and expedient when it comes to synchronizing user accounts.”
Twitter Wants To Email You
May 23, 2012 by admin
Filed under Around The Net
Comments Off on Twitter Wants To Email You
Twitter will begin delivering a weekly email digest to highlight for users of the micro-blogging site the tweets they are most likely to be interested in, the company stated on Monday.
The feature marks a departure for a social network that typically emphasizes real-time delivery of information.
How will Twitter determine which tweets a user may want to see? Twitter spokesman Robert Weeks said the digest will feature the tweets that the “people you’re connected to on Twitter are engaging with the most.”
From the email digest, users will be able to see the conversation about a particular tweet, follow shared links and send out their own tweets. The digest will include tweets not just from a user’s own feed but also from the feeds of people he or she follows.
Social Networks Go Verified Accounts
February 23, 2012 by admin
Filed under Around The Net
Comments Off on Social Networks Go Verified Accounts
Celebrities and other public figures will soon have the ability to verify their accounts and display a preferred “alternative name,” TechCrunch reports.
In an effort to stop impostors, Facebook will reportedly soon allow celebrities and other public figures to verify their accounts in much the same way that Twitter does.
The social network will begin notifying public figures with many subscribers that they can verify their accounts by submitting an image of a government-issued ID, allowing them to display a preferred pseudonym instead of their birth name, according to a TechCrunch report. Facebook will then manually approve the “alternative names” to confirm they are the real stage names or pen names.
Facebook users must be chosen to participate in the program; there is no way to volunteer for verification. However, unlike Twitter, verified accounts will not receive a special badge indicating verified status.
Verification will allow celebrities to be more readily accessible to fans when using their stage names instead of what is officially listed on their birth certificates. The program will also gain more prominent placement in the “People To Subscribe To” section.
Fed Contractor Arrested For Software Theft
January 28, 2012 by admin
Filed under Around The Net
Comments Off on Fed Contractor Arrested For Software Theft
Bo Zhang worked at the bank and took advantage of his position to commit the crime, according to prosecutors, and was arrested yesterday by the FBI and the Treasury Department.
“As today’s case demonstrates, our cyber infrastructure is vulnerable not only to cybercriminals and hackers, but also alleged thieves like Bo Zhang who used his position as a contract employee to steal government intellectual property,” said Manhattan US Attorney Preet Bharara.
“Fighting cyber crime is one of the top priorities of this office and we will aggressively pursue anyone who puts our computer security at risk.”
A complaint against Zhang has been unsealed and according to that he pilfered the Government-Wide Accounting and Reporting Program code by copying it to a hard drive owned by the Federal Reserve Bank of New York.
Hackers Attempt To Access AT&T Mobile
November 30, 2011 by admin
Filed under Smartphones
Comments Off on Hackers Attempt To Access AT&T Mobile
AT&T Inc, the No. 2 U.S. wireless carrier, said it is investigating an “organized and systemic attempt” to access mobile customers’ information but that it did not believe any accounts were breached.
The company, which had 100 million subscribers at the end of the third quarter, said it is advising less than 1 percent of its wireless customers that there was an attempt to obtain information about their accounts.
It said that the parties involved appeared to have used “auto script” technology to see if AT&T telephone numbers were linked to online AT&T accounts.
Spokesman Mark Siegel said AT&T’s “investigation is ongoing to determine the source or intent of the attempt to gather this information.”
.