Sign up for our Technology Newsletter 
Woman Sues LinkedIn
June 25, 2012 by admin
Filed under Around The Net
Comments Off on Woman Sues LinkedIn
An Illinois woman has filed a $5 million lawsuit against LinkedIn Corp, claiming that the social network violated promises to consumers by not having better security in place when more than 6 million customer passwords were stolen.
The lawsuit, which was introduced in federal court in San Jose, California, on June 15 and seeks class-action status, was filed less than two weeks after the stolen passwords turned up on websites frequented by computer hackers.
The attack on Mountain View, California-based LinkedIn, an employment and professional networking site with more than 160 million members, was the latest massive corporate data breach to have attracted the attention of class-action lawyers.
A federal judicial panel last week consolidated nine proposed class-action lawsuits in Nevada federal court against online shoe retailer Zappos, a unit of Amazon.com, over its January disclosure that hackers had siphoned information affecting 24 million customers.
The LinkedIn lawsuit was filed by Katie Szpyrka, a user of the website from Illinois. In court papers, her Chicago-based law firm, Edelson McGuire, said LinkedIn had “deceived customers” by having a security policy “in clear contradiction of accepted industry standards for database security.”
.
1 In 5 U.S. PCs Have No Antivirus Protection
Comments Off on 1 In 5 U.S. PCs Have No Antivirus Protection
Nearly a fifth of Windows PCs in the U.S. lack any active security protection, an antivirus vendor stated on Wednesday, citing numbers from a year-long project.
“The scale of this is unprecedented,” argued Gary Davis, the director of global consumer product marketing for McAfee, talking about the scope of his company’s sampling of PC security.
McAfee took measurements from scans of more than 280 million PCs over the last 12 months, and found that 19.3% of all U.S. Windows computers browsed the Web sans security software. Owners of those systems downloaded and used McAfee’s free Security Scan Plus, a tool that checks for antivirus programs and enabled firewalls.
Globally, the average rate was 17%, putting the U.S. in the top 5 most-unprotected countries of the 24 represented in the scans.
Of the unprotected PCs in the U.S., 63% had no security software at all, while the remaining 37% had an AV program that was no longer active. The latter were likely trial versions of commercial antivirus software that had expired.
Antivirus trials are a fact of life in the Windows world. Most new machines come with security software that runs for a limited time. Some new Dell PCs, for example, come with a 30-day trial of McAfee’s Security Center program.
Red Hat Outs Fedora 17
Red Hat has released its Fedora 17 ‘Beefy Miracle’ distribution just over a month after Canonical released its Ubuntu 12.04 distribution.
The Red Hat sponsored Fedora project serves as the proving ground for new features that eventually end up in the firm’s Red Hat Enterprise Linux (RHEL) operating system. Now Red Hat has announced that it has released Fedora 17 including updates to Gnome, Eclipse, GIMP and Openstack along with numerous patches.
Canonical’s Ubuntu Linux distribution might have shunned Gnome 3 in favour of its Unity desktop interface but Red Hat continues to stick with Gnome in Fedora, shipping Gnome 3.4 as its default window manager. Fedora 17 also includes GIMP 2.8 and Openstack Essex, while developers who like to live on the edge can run Eclipse Juno, the full release of which is expected later this year.
Fedora project leader Robyn Bergeron said, “I am extremely proud of the Fedora 17 release. The addition of projects such as Ovirt [virtual machine management] and JBoss Application Server 7, enhancements in Openstack, and continued support for fresh releases of desktop environments demonstrate the Fedora Project’s commitment to deliver rich features and capabilities. This, combined with our leading-edge innovations at the operating-system level, truly makes Fedora 17 a comprehensive and robust operating system for all types of users.”
Microsoft’s Vista Infection Rates Climb
Microsoft said last week that an uptick in more security exploits on Windows Vista can be attributed to the demise of support for the operating system’s first service pack.
Data from the company’s newest security intelligence report showed that in the second half of 2011, Vista Service Pack 1 (SP1) was 17% more likely to be infected by malware than Windows XP SP3, the final upgrade to the nearly-11-year-old operating system.
That’s counter to the usual trend, which holds that newer editions of Windows are more secure, and thus exploited at a lower rate, than older versions like XP. Some editions of Windows 7, for example, boast an infection rate half that of XP.
Tim Rains, the director of Microsoft’s Trustworthy Computing group, attributed the rise of successful attacks on Vista SP1 to the edition’s retirement from security support.
“This means that Windows Vista SP1-based systems no longer automatically receive security updates and helps explain why there [was] a sudden and sharp increase in the malware infection rate on that specific platform,” said Rains in a blog post last week.
SecureID CRACKED?
May 31, 2012 by admin
Filed under Around The Net
Comments Off on SecureID CRACKED?
An analyst has come up with a technique that clones the secret software token that RSA’s SecurID uses to generate one-time passwords.
Sensepost senior security analyst Behrang Fouladi said that the discovery has important implications for the safekeeping of the tokens. Fouladi demonstrated another way determined attackers could circumvent protections built into SecurID. By reverse engineering software used to manage the cryptographic software tokens on computers running Windows, he found that the secret “seed” was easy for people with control over the machines to locate and copy. He provided step-by-step instructions for others to follow in order to demonstrate how easy it is to create clones that mimic verbatim the output of a targeted SecurID token.
Will Linux See Growth Next Year?
Canonical has said it expects Ubuntu to ship on 18 million PCs next year.
Having just launched Ubuntu 12.04, Canonical is bullish about its future, with Chris Kenyon, its VP of sales and business development forecasting that the firm’s operating system will ship on 18 million machines in 2013. According to Phoronix, Kenyon claimed that will amount to five per cent of worldwide PC shipments.
Kenyon’s prediction represents more than double the number of PCs shipped currently with Ubuntu and while that might seem optimistic the firm has been on a roll when it comes to OEM support. Prior to Canonical’s launch of Ubuntu 12.04 it announced certification for HP Proliant servers, and yesterday it revealed that it has been working with Dell on an Ubuntu image for Dell’s headline XPS 13 ultrabook.
Although Kenyon mentioned PC unit sales, it is unlikely to forecast a similar growth in servers pre-installed with Ubuntu despite the firm’s certification for some Proliant servers.
Kenyon believes that most firms buy bare metal servers and load their own tweaked images. He said, “As a point of fact the vast majority of this [Ubuntu on servers] is not sold pre-installed. […] Pre-install in the server market is just irrelevant, it is not how the market works. Even when something gets pre-installed an enterprise will wipe it because they will have their own image. [OS pre-installation] is a distraction [for servers, but] it’s a very applicable question in the client world.”
More Trojan Malware Found On Macs
Following the outbreak of the Flashback Mac Trojan, security researchers have identified two more cases of Mac OS X malware. The good news is most Mac owners have little reason to worry about them.
Both cases are variants on the same Trojan, called SabPub, Kaspersky Lab Expert Costin Raiu wrote on Securelist.
The first variant is known as Backdoor.OSX.SabPub.a. Like Flashback, this new threat was likely spread through Java exploits on Websites, and allows for remote control of affected systems. It was created roughly one month ago.
Fortunately, this malware isn’t a threat to most users for a few reasons: It may have only been used in targeted attacks, Raiu wrote, with links to malicious Websites sent via e-mail, and the domain used to fetch instructions for infected Macs has since been shut down.
Furthermore, Apple’s security update for Flashback helps render future Java-based attacks harmless. In addition to removing the Flashback malware, the update automatically deactivates the Java browser plug-in and Java Web Start if they remain unused for 35 days. Users must then manually re-enable Java when they encounter applets on a Web page or a Web Start application.
The second SabPub variant is old-school compared to its sibling. Instead of attacking through malicious Websites, it uses infected Microsoft Word documents as vector, distributed by e-mail.
Are Medical Implants Vulnerable To Hackers?
April 16, 2012 by admin
Filed under Around The Net
Comments Off on Are Medical Implants Vulnerable To Hackers?
Security experts have warned that many medical implants are vulnerable to cyber attacks that could endanger their users’ lives. While an increasing number of patients are being fitted with devices such as pacemakers and insulin pumps to manage chronic conditions apparently the inventors did not think anyone would be evil enough to try and hack them.
For some reason they installed unprotected wireless links so that they could be updated easily. Therefore this means that hackers could gain remote control of such implants because they rely on unprotected wireless links to update them. After gaining access to the device, a cyber criminal could then switch it off or tell it to deliver a dangerous dose of medicine to the patient.
Microsoft Seizes Botnet Servers
Microsoft Corp scored a win in efforts to fight online banking fraud, saying it had seized several servers used to steal login names and passwords, disrupting some of the world’s most sophisticated cybercrime rings.
The software giant said on Monday that its cybercrime investigation group also took legal and technical actions to fight notorious criminals who infect computers with a prevalent malicious software known as Zeus.
By recruiting computers into networks called botnets, Zeus logs the online activity of infected machines, providing criminals with credentials to access financial accounts.
“We’ve disrupted a critical source of money-making for digital fraudsters and cyber thieves, while gaining important information to help identify those responsible and better protect victims,” said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit, which handled the investigation in collaboration with the financial industry.
Microsoft’s Digital Crimes Unit is worldwide team of investigators, lawyers, analysts and other specialists who fight cybercrime. A year ago they helped U.S. authorities take down a botnet known as Rustock that had been one of the biggest producers of spam e-mail. Some security experts estimated that in its heyday Rustock was responsible for half the spam in junk email bins.
Satellite Phone Encryption Cracked
February 11, 2012 by admin
Filed under Smartphones
Comments Off on Satellite Phone Encryption Cracked
German researchers claim to have cracked the algorithm that secures satellite phone transmissions.
Benedikt Driessen and Ralf Hund from Ruhr University have reverse engineered the GMR-1 and GMR-2 voice ciphers used in a lot of satellite systems. These are used by, among others, government agencies and the military.
Bjoern Rupp, CEO at GSMK Cryptophone said, “This breakthrough has major implications for the military, civilians engaged on overseas operations, or indeed anyone using satellite phones to make sensitive calls in turbulent areas.”
Their report is titled “Don’t Trust Satellite Phones” and shows how someone with a “suitably programmed computer” and software radio capable of receiving satellite frequencies can hack calls. These include ones made by disaster relief agencies and the military.