Some ATMs Still On XP

Cyber-criminals have been cutting holes into European cash machines in order to infect them with malware.

The holes were cut so that the hackers could plug in USB drives that installed their code onto the ATMs. Details of the attacks on an unnamed European bank’s cash dispensers were presented at the hacker-themed Chaos Computing Congress in Hamburg, Germany.

The thefts came to light in July after the lender involved noticed several its ATMs were being emptied. The bank discovered the criminals were vandalising the machines to use the infected USB sticks. Once the malware had been transferred, they patched the holes up. This allowed the same machines to be targeted several times without the hack being discovered.

The attackers could take the highest value banknotes in order to minimise the amount of time they were exposed. Interestingly the software required the thief to enter a second code in response to numbers shown on the ATM’s screen before they could release the money and the thief could only obtain the right code by phoning another gang member and telling them the numbers displayed. This stopped the criminals going alone.

Source

Sony Decides Not To Sell

Japan’s Sony Corp has changed its mind and decided not to sell its lithium-ion battery unit.  Instead Sony has decided to take a chance at turning the business around with a weak yen and growing demand for smart phone batteries.

In addition to a weak yen, which can boost overseas earnings, the battery unit is also seeing increased demand for some of its new products, the Nikkei business daily reported.

For the past two years Sony had been planning to offload the unit, which was a pioneer in making lithium-ion batteries for computers and mobile devices but has struggled recently against cheaper South Korean rivals.

A government turnaround fund tried to broker a sale of the battery business to a Nissan Motor Co Ltd and NEC Corp joint venture earlier this year.

However, talks have stalled and Sony has now told the turnaround fund that it will hold on to the battery unit and develop it as a core business, the Nikkei reported, citing unidentified sources.

Sony, which last year sold its chemical business to the government turnaround fund, is trying to revive the fortunes of its consumer electronics business by focusing on cameras,gaming and mobile devices.

Source

Reddit ISO Profits

Social news hub Reddit enjoyed a major get when it interviewed Barack Obama last year. The big get for 2013 was reaching 90 million unique visitors a month, according to the company, on par with the likes of eBay. This season, even Microsoft co-founder and philanthropist Bill Gates joined its Secret Santa gift exchange.

Now, the self-dubbed “Front Page of the Internet” is going for a milestone it has been trying to reach since its founding in 2005: profitability.

After years of experimenting with paid subscriptions and display advertising, Reddit, with just 28 employees, has begun pouring resources into building an electronic bazaar.

Company executives say they increasingly believe such a venue is the answer to their long search for reliable revenue, complicated in part by their fans’ mistrust of advertising.

If Reddit Gifts, as the burgeoning bazaar is known, brings sustainable profitability, it would mark a turning point for an outfit that has exerted an outsized and sometimes controversial influence on Internet culture yet languished financially.

Reddit estimates over 250,000 items have been purchased over the holiday, mostly as part of the 50 or so mostly geek-oriented Secret Santa gift exchanges – where zombie- or fantasy-themed presents, say, change hands – that users have created.

Although Reddit won’t disclose details about how much money it has made from Reddit Gifts or its overall financial performance, it takes a 15 to 20 percent cut of every purchase.

Usually priced between $10 and $25, the goods reflect Reddit’s young and geeky user base, from collages of cats in steampunk apparel to coffee mugs branded by Imgur.com, a repository of funny Web pictures, to an entire category dedicated to bacon-related products. More than 250 merchants supply gifts curated and “up-voted” by the community, much as articles and links are elevated on the Reddit site itself.

The gift exchange made headlines this month after Gates signed up and surprised a Reddit user by sending her a travel book and a stuffed cow, symbol of the charity he donated to in her name.

The company, which is hoping to position itself as a bona fide shopping destination year-round, estimates that only 14 percent of its marketplace revenue comes from the Christmas-season gift exchange programs.

Yet those sales alone could put Reddit firmly in the black, said Dan McComas, the head of Reddit Gifts. He added that the company may choose to reinvest funds in e-commerce customer service and infrastructure.

Chief Executive Yishan Wong, a former Facebook executive, said Reddit was “kind of” breaking even and denied that pressure was mounting on his team to turn a profit.

Source

Will Businesses Accept The Chromebook?

Sales of Chromebooks enjoyed rapid growth,going from basically nothing in 2012 to more than 20 percent of the U.S. commercial PC market, analyst firm NPD reported, while Windows PCs and Macs remained flat at best.

NPD estimated that, throughout all of 2013, 14.4 million desktops, notebooks, and tablets were sold through U.S. commercial channels, typically resellers. That compares to 16.4 million PCs, overall, sold in the U.S. during the third quarter alone–excluding tablets, according to IDC. All told, about 46.2 million PCs have been sold in the U.S. during 2013, IDC found.

Within that segment, however, NPD reported some intriguing findings. Chromebooks, once largely the province of Acer and Samsung, have been embraced by Dell, HP, and others–not the least of which are paying customers. In 2012, Chromebook sales were “negligible,” NPD reported. But in the space of a single year, they climbed to 21 percent, NPD found, helping push overall notebook PC growth up by 28.9 percent.

Windows notebooks, however, contributed nothing to that, as NPD found that growth was flat. Worse still, Macs actually declined, with combined sales of desktops and notebooks falling by 7 percent. Windows tablet sales tripled, albeit off what NPD called “a very small base”.

The message? Businesses are turning to the Web, which Chromebooks almost exclusively run. And those low-cost, Net-focused devices are becoming engines of productivity. As a result, they’re receiving validation from traditional PC vendors including Acer, Asus, Dell, and Hewlett-Packard, plus Google’s own Pixel.

“The market for personal computing devices in commercial markets continues to shift and change,” saidA Stephen Baker, vice president of industry analysis at NPD, in a statement.A “New products like Chromebooks, and reimagined items like Windows tablets, are now supplementing the revitalization that iPads started in personal computing devices. It is no accident that we are seeing the fruits of this change in the commercial markets as business and institutional buyers exploit the flexibility inherent in the new range of choices now open to them.”

Naturally, tablet sales continued to explode, capturing 22 percent(or about 3.16 million units) of all the computing device sales sold through the U.S. channel. Of all tablets sold commercially, iPads dominated with 59 percent of all unit sales, leaving the rest to Android (which grew more than 160 percent) and Windows.

Baker said that diversity will be key to the future success of hardware makers, a signpost for what vendors might release at 2014 and the weeks and months following.

Source

Is The Tech Industry Going Independent?

The tech industry is undergoing a shift toward a more independent, contingent IT workforce. And while that trend might not be cause for alarm for retiring baby boomer IT professionals, it could mean younger and mid-career workers need to prepare to make a living solo.

About 18% of all IT workers today are self-employed, according to an analysis by Emergent Research, a firm focused on small businesses trends. This independent IT workforce is growing at the rate of about 7% per year, which is faster than the overall growth rate for independent workers generally, at 5.5%.

The definition of independent workers covers people who work at least 15 hours a week.

Steve King, a partner at Emergent, said the growth in independent workers is being driven by companies that want to stay ahead of change, and can bring in workers with the right skills. “In today’s world, change is happening so quickly that everyone is trying to figure out how to be more flexible and agile, cut fixed costs and move to variable costs,” said King. “Unfortunately, people are viewed as a fixed cost.”

King worked with MBO Partners to produce a recent study that estimated the entire independent worker headcount in the U.S., for all occupations, at 17.7 million. They also estimate that around one million of them are IT professionals.

A separate analysis by research firm Computer Economics finds a similar trend. Over the last two years, there has been a spike in the use of contract labor among large IT organizations — firms with IT operational budgets of more than $20 million, according to John Longwell, vice president of research at Computer Economics.

This year, contract workers make up 15% of a typical large organization’s IT staff at the median. This is up from a median of just 6% in 2011, said Longwell. The last time there was a similar increase in contract workers was in 1998, during the dot.com boom and the run-up to Y2K remediation efforts. Computer Economics recently published a research brief on the topic.

“The difference now is that use of contract or temporary workers is not being driven by a boom, but rather by a reluctance to hire permanent workers as the economy improves,” Longwell said.

Computer Economics expects large IT organizations to step up hiring in 2014, which may cause the percentage of contract workers to decline back to a more normal 10% level. But, Longwell cautioned, it’s not clear whether that new hiring will be involve full-time employees or even more contract labor.

Source

Cryptolocker Infects 250K Systems

DELL’s security research team has revealed that a new form of ransomware, dubbed “Cryptolocker” has managed to infect up to 250,000 devices, stealing almost a million dollars in Bitcoins.

“Based on the presented evidence, researchers estimate that 200,000 to 250,000 systems were infected globally in the first 100 days of the CryptoLocker threat,” Dell announced in a Secureworks post.

The firm worked out that if the Cryptolocker ransomware threat actors had sold its 1,216 total Bitcoins (BTC) that they collected from September this year, immediately upon receiving them, they would have earned nearly $380,000.

“If they elected to hold these ransoms, they would be worth nearly $980,000 as of this publication based on the current weighted price of $804/BTC,” Dell said.

Cryptolocker is unique when compared against your average ransomware. Instead of using a custom cryptographic implementation like many other malware families, Cryptolocker uses third-party certified cryptography offered by Microsoft’s CryptoAPI.

“By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent,” Dell said.

Conventionally, ransomware prevents victims from using their computers normally and uses social engineering to convince them that failing to follow the malware authors’ instructions will lead to real-world consequences. These consequences, such as owing a fine or facing arrest and prosecution, are presented as being the result of a fabricated indiscretion such as pirating music or downloading illegal pornography.

“Victims of traditional forms of ransomware could ignore the demands and use security software to unlock the system and remove the offending malware,” Dell explained. “Cryptolocker changes this dynamic by aggressively encrypting files on the victim’s system and returning control of the files to the victim only after the ransom is paid.”

Dell said that the earliest samples of Cryptolocker appear to have been released on 5 September this year. However, details about its initial distribution phase are unclear.

“It appears the samples were downloaded from a compromised website located in the United States, either by a version of Cryptolocker that has not been analysed as of this publication, or by a custom downloader created by the same authors,” Dell added.

Dell seems to think that early versions of Cryptolocker were distributed through spam emails targeting business professionals as opposed to home internet users, with the lure often being a ‘consumer complaint’ against the email recipient or their organisation.

Attached to these emails would be a ZIP archive with a random alphabetical filename containing 13 to 17 characters, containing a single executable with the same filename as the ZIP archive but with an EXE extension, so keep your eye out for emails that fit this description.

Source

FTC Pushes For Security Standards

Despite growing resentment from companies and powerful industry groups, the Federal Trade Commission continues to insist that it wants to be the nation’s enforcer of data security standards.

The FTC, over the past years, has gone after companies that have suffered data breaches, citing the authority granted to it under a section of the FTC Act that prohibits “unfair” and “deceptive” trade practices. The FTC extracted stiff penalties from some companies by arguing that their failure to properly protect customer data represented an unfair and deceptive trade practice.

On Thursday, FTC Chairwoman Edith Ramirez called for legislation that would bestow the agency with more formal authority to go after breached entities.

“I’d like to see FTC be the enforcer,” Law360 quoted Ramirez as saying at a privacy event organized by the National Consumers League in Washington. “If you have FTC enforcement along with state concurrent jurisdiction to enforce, I think that would be an absolute benefit, and I think it’s something we’ve continued to push for.”

According to Ramirez, the FTC supports a federal data-breach notification law that would also give it the authority to penalize companies for data breaches. In separate comments at the same event, FTC counsel Betsy Broder reportedly noted that the FTC’s enforcement actions stem from the continuing failure of some companies to adequately protect data in their custody.

“FTC keeps bringing data security cases because companies keep neglecting to employ the most reasonable off-the-shelf, commonly available security measures for their systems,” Law360 quoted Broder as saying.

An FTC spokeswoman was unable to immediately confirm the comments made by Ramirez and Broder but said the sentiments expressed in the Law360 story accurately describe the FTC’s position on enforcement authority.

The comments by the senior officials come amid heightening protests against what some see as the FTC overstepping its authority by going after companies that have suffered data breaches.

Over the past several years, the agency has filed complaints against dozens of companies and extracted costly settlements from many of them for data breaches. In 2006 for instance, the FTC imposed a $10 million fine on data aggregator ChoicePoint, and more recently, online gaming company RockYou paid the agency $250,000 to settle data breach related charges.

Source

Red Hat Releases Linux E-Beta

Red Hat has made available a beta of Red Hat Enterprise Linux 7 (RHEL 7) for testers, just weeks after the final release of RHEL 6.5 to customers.

RHEL 7 is aimed at meeting the requirements of future applications as well as delivering scalability and performance to power cloud infrastructure and enterprise data centers.

Available to download now, the RHEL 7 beta introduces a number of enhancements, including better support for Linux Containers, in-place upgrades, XFS as the default file system, improved networking support and improved compatibility with Windows networks.

Inviting customers, partners, and members of the public to download the RHEL 7 beta and provide feedback, Red Hat is promoting the upcoming version as its most ambitious release to date. The code is based on Red Hat’s community developed Fedora 19 distribution of Linux and the upstream Linux 3.10 kernel, the firm said.

“Red Hat Enterprise Linux 7 is designed to provide the underpinning for future application architectures while delivering the flexibility, scalability, and performance needed to deploy across bare metal, virtual machines, and cloud infrastructure,” Senior Product Marketing Manager Kimberly Craven wrote on the Red Hat Enterprise Linux blog.

These improvements address a number of key areas, including virtualisation, management and interoperability.

Linux Containers, for example, was partially supported in RHEL 6.5, but this release enables applications to be created and deployed using Linux Container technology, such as the Docker tool. Containers offers operating system level virtualisation, which provides isolation between applications without the overhead of virtualising the entire server.

Red Hat said it is now supporting an in-place upgrade feature for common server deployment types. This will allow customers to migrate existing RHEL 6.5 systems to RHEL 7 without downtime.

RHEL 7 also makes the switch to XFS as its default file system, supporting file configurations up to 500TB, while ext4 file systems are now supported up to 50TB in size and B-tree file system (btrfs) implementations are available for users to test.

Interoperability with Windows has also been improved, with Red Hat now including the ability to bridge Windows and Linux infrastructure by integrating RHEL 7 and Samba 4.1 with Microsoft Active Directory domains. Red Hat Enterprise Linux Identity Management can also be deployed in a parallel trust zone alongside Active Directory, the firm said.

On the networking side, RHEL 7 provides support for 40Gbps Ethernet, along with improved channel bonding, TCP performance improvements and low latency socket poll support.

Other enhancements include support for very large scale storage configurations, including enterprise storage arrays, and uniform management tools for networking, storage, file systems, identities and security using the OpenLMI framework.

Source

Did Qualcomm Snub Intel?

Earlier this year Intel made a lot of noise about leasing its foundries to third parties, but at least one big played does not appear to be interested.

Speaking at a tech conference, Qualcomm CEO Paul Jacobs said his company is not interested in using Intel fabs and that it will continue to cooperate with established foundries like TSMC.

Jacobs argued that Intel is great at building huge volumes of equally huge cores, but TSMC is a tad more flexible. He pointed out that foundries like TSMC can run build multiple different products simultaneously, controlling the process using software.
“Intel is famous, has been known for having a copy-exact model, so they need very large volumes of a particular chip to run through that,” Jacobs said, reports ITProPortal.

However, Jacobs did point out that he was glad to hear Intel is joining the foundry space and that it will be interesting to see how it plays out.

Source

NSA Spies With Tracking Cookies

The browser cookies that online businesses use to track Internet customers for targeted advertising are also used by the National Security Agency to track surveillance targets and break into their systems.

The agency’s use of browser cookies is restricted to tracking specific suspects rather than sifting through vast amounts of user data, theWashington Post reported Tuesday, citing internal documents obtained from former NSA contractor Edward Snowden.

Google’s PREF (for preference) cookies, which the company uses to personalize webpages for Internet users based on their previous browsing habits and preferences, appears to be a particular favorite of the NSA, the Post noted.

PREF cookies don’t store any user identifying information such as user name or email address. But they contain information on a user’s general location, language preference, search engine settings, number of search results to display per page and other data that lets advertisers uniquely identify an individual’s browser.

The Google cookie, and those used by other online companies, can be used by the NSA to track a target user’s browsing habits and to enable remote exploitation of their computers, the Post said.

Documents made available by Snowden do not describe the specific exploits used by the NSA to break into a surveillance target’s computers. Neither do they say how the NSA gains access to the tracking cookies, the Post reported.

It is theorized that one way the NSA could get access to the tracking cookies is to simply ask the companies for them under the authority granted to the agency by the Foreign Intelligence Surveillance Act (FISA).

Separately, the documents leaked by Snowden show that the NSA is also tapping into cell-phone location data gathered and transmitted by makers of mobile applications and operating systems. Google and other Internet companies use the geo-location data transmitted by mobile apps and operating systems to deliver location-aware advertisements and services to mobile users.

However, the NSA is using the same data to track surveillance targets with more precision than was possible with data gathered directly from wireless carriers, the Post noted. The mobile app data, gathered by the NSA under a program codenamed “Happyfoot,” allows the agency to tie Internet addresses to physical locations more precisely than was possible with cell-phone location data.

An NSA division called Tailored Access Operations uses the data gathered from tracking cookies and mobile applications to launch offensive hacking operations against specific target computers, the Post said.

An NSA spokeswoman Wednesday did not comment on the specific details in the Post story but reiterated the agency’s commitment to fulfill its mission of protecting the country against those seeking to do it harm.

“As we’ve said before, NSA, within its lawful mission to collect foreign intelligence to protect the United States, uses intelligence tools to understand the intent of foreign adversaries and prevent them from bringing harm to innocent Americans and allies,” the spokeswoman said.

The Post’s latest revelations are likely to shine a much-needed spotlight on the extensive tracking and monitoring activities carried out by major Internet companies in order to deliver targeted advertisements to users.

Privacy rights groups have protested such tracking for several years and have sought legislation that would give users more visibility and control over the data that is collected on them by online companies.

Source

« Previous Page — Next Page »