Yet Another Retailer System Hacked

Women’s clothing retailer Bebe Stores has become the latest in a growing list of national retailers to be hit by an attack on its credit card payment system.

The company said Friday that the cardholder name, account number, expiration date, and verification code could have been stolen by hackers who apparently had access to the company’s payment processing system between Nov. 8 and 26.

The incident came to light in late November when Bebe said it noticed suspicious activity on computers that operate the payment processing system. Stores affected were the roughly 200 it operates in the U.S., Puerto Rico and the U.S. Virgin Islands.

“If you used a payment card at a U.S., Puerto Rico or U.S. Virgin Islands store during this time frame, you should review your account statements for any unauthorized activity,” it said in a message to customers.

The last couple of years have been bad ones for the safety of credit card data at major U.S. retailers. Millions of credit and debit card numbers have been compromised in breaches at retailers, including Target, Home Depot, PF Chang’s restaurants, Super Valu grocery stores, Neiman Marcus, UPS Store and others.

In many cases, the attacks were targeted at payment processing terminals and used sophisticated malware that stole card details as consumers swiped their cards. Many of the thefts were only discovered after the card numbers appeared for sale on Internet hacking forums.

Such was the case with Bebe Stores. First news of the hack came earlier this week through the closely followed Krebs on Security blog.

Source

Cisco Files Suit Against Rivals

Network equipment maker Cisco Systems Inc filed several lawsuits on Friday against Arista Networks Inc, alleging the smaller rival of copying its networking technologies.

The lawsuits, filed in a federal court in California, accuse Arista of infringing on 14 patents on networks and also on related copyrights, Cisco General Counsel Mark Chandler said in a blog post.

Arista was formed by former Cisco employees, including Chief Development Officer Andreas Bechtolsheim, Chief Technology Officer Kenneth Duda, and Chief Executive Officer Jayshree Ullal.

“Rather than building its products and services based on new technologies developed by Arista, however, and providing legitimate competition to Cisco, Arista took a shortcut by blatantly and extensively copying the innovative networking technologies designed and developed by Cisco,” one of the complaints said.

Cisco is a leader in the networking world, with revenue of $12.2 billion in the third quarter. Arista, in contrast, reported sales of $155.5 million for the period, although it is growing fast.

Arista said it had not yet been able to evaluate the lawsuits.

“While we have respect for Cisco as a fierce competitor and the dominant player in the market, we are disappointed that they have to resort to litigation rather than simply compete with us in products,” Arista said in an emailed statement.

Cisco filed the lawsuits on the same day the U.S. Supreme Court agreed to review a $64 million patent infringement verdict that Commil USA LLC won against the company.

Source

Can Imagination Push IoT?

Imagination Technologies will take on the Raspberry Pi with the release of a single-board minicomputer for both Android and Linux developers.

In a bid to power a range of devices in the ever-growing world of the Internet of Things (IoT) space, the MIPS-based Creator CI20 can run both Linux and Android operating systems (OS) and is said to deliver both high performance and low energy consumption.

When it hits the market in January, the development board will target the likes of open source developers, the maker community and system integrators to provide them with tools and encourage them to create a wide range of applications and projects.

The Creator CI20 is based around a system on a chip (SoC) combining CPU, graphics and I/O circuitry, featuring an I/O connector block compatible with that of the Raspberry Pi, meaning it could be plugged into many of the same projects.

The board comes with a 1.2GHz MIPS32-based dual-core processor and 1GB of RAM with PowerVR SGX540 graphics for OpenGL 2.1 and ES 2.0 compatibility, meaning its capable of 1080p gaming at 30fps. It also features Ethernet connectivity alongside 802.11b/g/n Wi-Fi and Bluetooth 4.0 plus 4GB storage onboard.

While it’s easy to compare the Creator CI20 to the Raspberry Pi, Imagination’s executive vice president of marketing, Tony King-Smith, told V3.co.uk that the develop board is not intended as a direct rival.

“We’re not trying to compete with devices like Raspberry Pi and Arduino, which many developers will already have, we’re giving them more options, and we believe this is a pretty rich offering,” he said.

King-Smith said that the Creator CI20 is ideal for the IoT revolution because of its embedded wireless capabilities, but also because it is capable of running mature OS such as Linux and Android that support graphical user interfaces.

“This will make IoT interesting, whether you’re looking at a thermostat or a sensor or whatever, it’s a compelling user interface that gets people excited,” he added.

Imagination has also launched a Creator Programme alongside the developer board to stimulate an IoT ecosystem around the device.

Source

McAfee’s Biometric Software Coming Soon

A McAfee security product that will use biometric technology to authenticate users will be available for download by the end of the year, said Kirk Skaugen, senior vice president and general manager of the PC Client Group at Intel, last week.

“Your biometrics basically eliminate the need for you to enter passwords for Windows log in and eventually all your websites ever again,” Skaugen said.

Further product details were not immediately available. But one of the major inconveniences in using PCs and tablets is remembering passwords, which biometrics can tame.

An average user has about 18 passwords and biometric authentication will make PCs easier to use, Skaugen said.

Biometric authentication isn’t new. It’s being used in Apple Pay, where fingerprint authentication helps authorize credit card payments through the iPhone or iPad. Intel has been working on multiple forms of biometric authentication through fingerprint, gesture, face and voice recognition.

McAfee is owned by Intel, and the chip maker is building smartphone, tablet and PC technology that takes advantage of the security software. Intel has also worked on biometric technology for wearable devices like SMS Audio’s BioSport In-Ear Headphones, which can measure a person’s heart rate.

Intel also wants to make PCs and tablets easier to use through wireless charging, display, docking and data transfers. Such capabilities would eliminate the need to carry power brick and cables for displays and data transfers. Such capabilities will start appearing in laptops next year with sixth-generation Core chips code-named Skylake, which will be released in the second half.

Source

Intel’s Cherry Trail Coming In 2015

Bay Trail was quite a big deal when it started shipping in late 2013.

It was a tablet chip that enabled great design wins such as the affordable Asus T100TA and even in late 2014 Asus used the platform to create the EeeBook X205, a $199 netbook.

Both of these designs are based on Intel’s Bay-Trail M processor, a year old 22nm quad-core processor based on the Silvermont design. Some machines that are coming with LTE, both netbooks and tablets and there will be new chip coming in 2015. It is called LTE Advanced XMM7360 chip and supports LTE Cat 10,3 CA up to 450 Mbits download and upload.

Intel will also offer Morrefield quad cores for machines with lower TDP ratings, especially tablets, and at some point in 2015 it will introduce its 14nm Airmont core based Cherry Trail processor. Cherry Trail based on 14nm Airmont core was originally expected in late 2014, but it got pushed towards middle of 2015.

Intel is clearly encountering more obstacles moving from the 22nm to the 14nm manufacturing process, but considering that most ARM competitors still have to start commercially shipping its 20nm SoCs in significant volumes, Intel still has a manufacturing node advantage. If only Intel had as many design wins to go along with its cutting edge fabs, as the company has been struggling to ship 40milion tablets in 2014, as promised.

Braxton will replace Cherry Trail in 2016. Braxton is a tock architecture, another 14nm design based on the quad-core Goldmont core. When it comes to the Performance Media Internet Device (MID) market Intel has another chip planned in 2016. It calls it SoFIA MID and the chip comes in intels 14nm manufacturing process.

Value and Entry markets for Media Internet Device (MID) and phones includes four new SoFIA parts, but with all these new and exciting chips Intel has to compete against some advanced chips coming on line in 2015, including the Qualcomm Snapdragon 810 20nm, Nvidia Erista and more affordable Mediatek solutions such as the MT6795 A53-based octa-core and its successor.

Source

Symantec Uncovers Advanced Spying Malware

An advanced malicious software application has been discovered that since 2008 was used to spy on private companies, governments, research institutes and individuals in 10 countries, anti virus software maker Symantec Corp said in a report on Sunday.

The Mountain View, California-based maker of Norton anti virus products said its research showed that a “nation state” was likely the developer of the malware called Regin, or Backdoor. Regin, but Symantec did not identify any countries or victims.

Symantec said Regin’s design “makes it highly suited for persistent, long-term surveillance operations against targets,” and was withdrawn in 2011 but resurfaced from 2013 onward.

The malware uses several “stealth” features “and even when its presence is detected, it is very difficult to ascertain what it is doing,” according to Symantec. It said “many components of Regin remain undiscovered and additional functionality and versions may exist.”

Almost half of all infections occurred at addresses of Internet service providers, the report said. It said the targets were customers of the companies rather than the companies themselves. About 28 percent of targets were in telecoms while other victims were in the energy, airline, hospitality and research sectors, Symantec said.

Symantec described the malware as having five stages, each “hidden and encrypted, with the exception of the first stage.” It said “each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.”

Regin also uses what is called a modular approach that allows it to load custom features tailored to targets, the same method applied in other malware, such as Flamer and Weevil (The Mask), the anti virus company said. Some of its features were also similar to Duqu malware, uncovered in September 2011 and related to a computer worm called Stuxnet, discovered the previous year.

Symantec said Russia and Saudi Arabia accounted for about half of the confirmed infections of the Regin malware and the other countries were Mexico, Ireland, India, Iran,Afghanistan, Belgium, Austria and Pakistan.

Source

Should Encryption Be The Norm?

Encryption should be a matter of priority and used by default. That’s the message from the Internet Architecture Board (IAB), the worldwide body in charge of the internet’s technology infrastructure.

The IAB warned in a statement that “the capabilities and activities of attackers are greater and more pervasive than previously known”.

It goes on to say: “The IAB urges protocol designers to design for confidential operation by default. We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default.

“We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic.”

The purpose, the IAB claims, is to instill public trust in the internet after the myriad high-profile cases in which computer traffic has been intercepted, ranging from bank details to email addresses and all points in between.

The news will be unwelcome to the security services, which have repeatedly objected to initiatives such as the default encryption in iOS8 and Android L, claiming that it is in the interest of the population to retain the right to intercept data for the prevention of terrorism.

However, leaked information, mostly from files appropriated by rogue NSA contractor Edward Snowden, suggests that the right of information interception is abused by security services including the UK’s GCHQ.

These allegations include the collection of irrelevant data, the investigation of cold cases not in the public interest, and the passing of pictures of nude ladies to colleagues.

Source

Self-Healing Software On The Way

Researchers at the University of Utah have developed self-healing software that detects, expunges and protects against malware in virtual machines.

Called Advanced Adaptive Applications (A3), the software suite was created in collaboration with US defence contractor Raytheon BBN over a period of four years.

It was funded by DARPA through its Clean-Slate Design of Resilient, Adaptive, Secure Hosts programme, and was completed in September, Science Daily reported on Thursday.

A3 features “stackable debuggers”, a number of debugging applications that cooperate to monitor virtual machines for indications of unusual behaviour.

Instead of checking computer object code against a catalogue of known viruses and other malware, the A3 software suite can detect the operation of malicious code heuristically, based on the types of function it attempts.

Once the A3 software detects malicious code, it can apparently suspend the offending process or thread – stopping it in its tracks – repair the damage and remove it from the virtual machine environment, and learn to recognise that piece of malware to prevent it entering the system again.

The self-healing software was developed for military applications to support cyber security for mission-critical systems, but it could also be useful in commercial web hosting and cloud computing operations.

If malware gets into such systems, A3 software could detect and repair the attack within minutes.

The university and Raytheon demonstrated the A3 software suite to DARPA in September by testing it against the notorious Shellshock exploit known as the Bash Bug.

A3 detected and repaired the Shellshock attack on a web server within four minutes. The project team also tested A3 successfully on another six examples of malware.

Eric Eide, the research associate professor of computer science who led the A3 project team along with computer science associate professor John Regehr, said: “It’s pretty cool when you can pick the Bug of the Week and it works.”

The A3 self-healing software suite is open source, so it’s free for anyone to use, and the university researchers would like to extend its applicability to cloud computing environments and, perhaps eventually, end-user computing.

Professor Eide said: “A3 technologies could find their way into consumer products someday, which would help consumer devices protect themselves against fast-spreading malware or internal corruption of software components. But we haven’t tried those experiments yet.”

Source

New Data Suggest IT Hiring Increasing

Whenever IT hiring increases, as it did last month, the default explanation from analysts is this: The economy is improving.

That might be true, and it may well explain the U.S. Department of Labor’s report today that showed the U.S., overall, added 214,000 jobs last month.

Of that total employment gain, IT hiring grew by 7,800 jobs in October, compared with a gain of 6,900 jobs in September, according to TechServe Alliance, an IT industry group.

Another IT labor analyst group, Janco Associates, calculated last month’s IT gains at 9,500 jobs.

Government data can be reported in different ways, depending on which job categories are included in the IT job estimates, and it is why analysts report job numbers differently.

Hiring trends are also affected by Labor Department adjustments, and the government’s adjusted data adds nearly 25,000 telecom jobs over the past two months, according to Janco. Because of this adjustment, Janco termed the recent growth in IT over the past several months “explosive,” while TechServe put last month’s results as “modestly stronger.”

There is no one reason for October’s gain. An improving economy may be at the heart of any answer. Independent of the government numbers, Computer Economics, in a recent report on contingent versus full-time hiring, said it is seeing a drop in the use of contract workers at large companies and more reliance on full-time workers, which is a sign of an improving economy.

Source

New Malware Targeting Apple Devices

Palo Alto Networks Inc  has uncovered a new group of malware that can infect Apple Inc’s  desktop and mobile operating systems, underscoring the increasing sophistication of attacks on iPhones and Mac computers.

The “WireLurker” malware can install third-party applications on regular, non-jailbroken iOS devices and hop from infected Macs onto iPhones through USB connector-cables, said Ryan Olson, intelligence director for the company’s Unit 42 division.

Palo Alto Networks said on Wednesday it had seen indications that the attackers were Chinese. The malware originated from a Chinese third-party apps store and appeared to have mostly affected users within the country.

The malware spread through infected apps uploaded to the apps store, that were in turn downloaded onto Mac computers. According to the company, more than 400 such infected apps had been downloaded over 350,000 times so far.

It’s unclear what the objective of the attacks was. There is no evidence that the attackers had made off with anything more sensitive than messaging IDs and contacts from users’ address books, Olson added.

But “they could just as easily take your Apple ID or do something else that’s bad news,” he said in an interview.

Apple, which Olson said was notified a couple weeks ago, did not respond to requests for comment.

Once WireLurker gets on an iPhone, it can go on to infect existing apps on the device, somewhat akin to how a traditional virus infects computer software programs. Olson said it was the first time he had seen it in action. “It’s the first time we’ve seen anyone doing it in the wild,” he added.

Source

« Previous Page — Next Page »