Sign up for our Technology Newsletter 
Can Malwarebytes Protect XP?
Malwarebytes has launched anti-exploit services to protect Windows users from hacking attacks on vulnerabilities in popular targets including Microsoft Office, Adobe software products and Java, a service which even offers protection for Windows XP users.
Consumer, Premium and Corporate versions of the service are available, and are designed to pre-emptively stop hackers from infecting Windows machines with malware.
“An exploit will typically first corrupt the memory of an application process, take control, then execute code,” said Malwarebytes director of special projects Pedro Bustamante.
“From the shell code it executes a payload that tells the exploit what to do and that in turn usually downloads malware from the internet and executes it. The final stage is usually where antivirus kicks in, when it’s being downloaded from the internet, and starts doing things like behavioural analysis to see if it’s malicious.
“We don’t care about that, what we do comes before then. We just look for exploit-like behaviour and block anything that looks like it at the shellcode or payload stages. We come into play before the malware even appears on the scene.”
The Consumer version of the anti-exploit service is free and offers basic browser and Java protection.
The Premium version costs $37.00 per user and adds Office and Adobe protection services as well as the ability to add custom shields to other internet-facing applications, like Messenger or Netflix.
The Corporate version costs$40.00 person user and offers complete anti-exploit protection and comes with Malwarebytes’ Anti-malware service and a toolkit for IT managers.
Bustamante explained that the technology is designed to help businesses and general web users defend against the new wave of exploit-based cyber attacks.
“Traditional security can’t deal with exploits. Every day we see people getting infected, even if they have the latest up-to-date antivirus readers, because of exploits,” he said. “This is why we care about the applications you run – Firefox, Chrome, Internet Explorer, Java, Acrobat [and Microsoft] Word, Excel [and] Powerpoint.”
Bustamante added that the service is doubly important for Windows XP users since Microsoft officially ceased support for the OS in April.
“We’re still seeing over 25 percent of our users running XP. For them this product is even more important,” he said.
“We see new zero-days if not every week, every month, and for XP users who are not getting any more patches from Microsoft this product will be essential.
“Every month Microsoft will be releasing security patches for newer versions of Windows. Every time Microsoft does this it’ll be a treasure map for hackers to find exploits on Windows XP.
“It’ll show them exactly where the vulnerabilities are, so every month will see an influx of new exploits targeting Windows XP.”
Intel And Oracle Team Up Again
Oracle has added systems to its enterprise-class x86 server line featuring elastic computing capabilities that dynamically adapt their configurations in response to workloads.
The Oracle Sun Server X4-4 and Sun Server X4-8 are four-socket and eight-socket systems designed for data centre workloads such as virtualisation, Oracle databases and scale-up enterprise applications.
However, the two servers are fitted with a unique variant of Intel’s Xeon E7 v2 processor family that combines the capabilities of three different Xeon processors into one.
Oracle said it worked with Intel to create this chip, the Xeon E7-8895 v2, which can dynamically switch its core count, clock frequency and power consumption without the need for a system level reboot.
This chip is the heart of the elastic computing capability of the Sun Server X4-4 and Sun Server X4-8, enabling them to adapt to the requirements of different workloads based on its runtime configuration.
It might be configured for transaction processing at a high clock speed for one hour, then switched to higher core counts for the next hour for higher throughput computing, according to Oracle.
“Through close collaboration with Intel, we are the first to announce servers based on the new Xeon E7-8895 v2 processors and the first with unique capabilities that allow customers to dynamically address different workloads in real time,” said Ali Alasti, senior vice president for hardware development at Oracle.
Enhancements have also been made to the system firmware and to Oracle’s Solaris, and Oracle Linux operating systems to support the elastic computing features.
Oracle also said the new systems have a modular design that allows the processors to be upgraded to future Xeon chips, while all the disks are hot-swappable, plus there is hot-pluggable I/O support for industry-standard low-profile PCI Express cards via a dual PCIe card carrier.
The servers also feature a “glueless” architecture that removes the need for a node controller. As node controllers typically change from one processor generation to the next because of modifications to inter-processor communication and coherency protocols, the elimination enables Oracle to offer a future-proof chassis that will support future processor releases from Intel, the firm said.
The Sun Server X4-8 is touted by Oracle as ideal for running its Oracle Database, which has just been updated with an in-memory processing option. It supports 120 processor cores with up to 6TB of memory in its 5U rack-mount chassis, plus up to 9.6TB of hard drive or 3.2TB of solid state drive (SSD) storage.
Meanwhile, the Sun Server X4-4 is said to be well suited for applications requiring large memory footprint virtual machines and running real-time analytics software.
It can be configured with two or four of the Xeon E7-8895 v2 processors, with up to 3TB of memory and 4.8TB of PCIe flash plus 2.4TB of SSDs or 7.2TB of hard drives.
PoS Cyber Attacks Up In 2013
June 4, 2014 by admin
Filed under Around The Net
Comments Off on PoS Cyber Attacks Up In 2013
A third of data intrusion investigated by security firm Trustwave last year involved compromises of point-of-sale (POS) systems and over half of all intrusions targeted payment card data.
Even though POS systems remained a significant target for attackers, as suggested by several high-profile data breaches disclosed by large retailers over the past six months, the largest number of data theft incidents last year actually involved e-commerce sites, Trustwave said Wednesday in a report that compiled data from 691 data breach investigations conducted by the company around the world.
E-commerce intrusions accounted for 54 percent of investigated data breaches and POS system intrusions accounted for 33 percent, Trustwave said. A separate report published by Verizon in April also pointed to Web application and PoS attacks as leading causes of security incidents with confirmed data disclosure last year.
According to Trustwave, over half of intrusions targeted payment-card data, with such data being stolen from e-commerce transactions in 36 percent of incidents and from POS transactions in 19 percent of attacks.
In Western Europe in particular, where countries have rolled out EMV — chip-and-PIN payment card transactions — cybercriminals shifted their focus from POS devices to e-commerce platforms, said John Yeo, EMEA Director at Trustwave. “EMV has changed the pattern of compromises when it comes to payment-card-specific data.”
However, a significant increase in the theft of sensitive, non-payment-card data, was also observed last year. This data includes financial credentials, personally identifiable information, merchant ID numbers and internal company communications, and was stolen in 45 percent of incidents, Trustwave said in the report.
Customer records containing personally identifiable information can possibly be used to perpetrate identity fraud and are sought after on the black market, so that’s why there’s been an uptick in attacks focusing on such data, Yeo said.
Only about a third of victim companies were able to self-detect data breaches, Trustwave found. In 58 percent of cases, breaches were identified by regulatory bodies, the credit card companies or merchant banks.
Dell Goes Plastic
Dell is manufacturing a line of PCs using plastics obtained by expanding its recycling program.
The company has expanded the hardware take-back program to more places worldwide, aiming to collect and reuse more extracted plastic and metals in PCs, monitors, hardware panels and other products.
Dell’s OptiPlex 3030 all-in-one, which will ship next month, will be the first product of that effort. Starting next year, more laptops, desktops and monitor back-panels will be made using recycled plastic, said Scott O’Connell, director of environmental affairs at Dell. The products will be certified as sustainable by UL (Underwriters Laboratories).
Dell will save money by reusing plastic, but O’Connell did not say whether the savings will be passed on to customers through lower prices. But it will be easier for more people to recycle electronics and Dell will also provide a PC mail-back option, O’Connell said.
Dell’s plan to establish a recycling chain internally could reduce the need for “virgin” plastics, which can be environmentally damaging to make, said Gary Cook, senior IT analyst at Greenpeace International.
Incineration of plastic from disposed computers can be toxic and reusing plastics in new computers or other parts reduces “dirty energy,” Cook said.
“We need to see plastics last longer,” Cook said.
Companies like Apple have helped raise expectations of sustainability in computers and others are following suit, Cook said. PC makers are using more metals in computer chassis and handset makers are using more nonpetroleum plastics.
Dell was criticized last year by Greenpeace for veering away from its carbon-neutral goals and sustainability advocacy. The company ranked 14th among most green IT companies, behind Microsoft, IBM, Hewlett-Packard, Wipro, Fujitsu and Google, among others.
Dell curbed its sustainability strategy when it was trying to go private last year, but has now reinvigorated that effort.
“They are trying to show some initiative,” Cook said.
Is IBM Going After HP?
IBM has announced a unified branding for its commerce cloud based enterprise products and services with a presentation at the Smarter Commerce Global Summit in Tampa, Florida.
Hot on the heels of HP, which unified its cloud offerings under the Helion brand last week, IBM Experienceone is designed to allow companies to improve engagement with their customers by leveraging big data through the cloud.
Deployment comes from a unified offer of consulting services, software and infrastructure from IBM subsidary Softlayer, which can be used to gather data, mine analytics and improve customer commerce via a mixture of traditional and cloud services.
IBM has already committed 1,000 new employees for its IBM Interactive Experience who will staff 10 “IBM Interactive Experience Labs” that are being set up to help customers understand the rules of engagement and hopefully increase their level of customer engagement.
IBM GM of Industry Cloud Solution Craig Hayman said, “IBM Experienceone provides a secure and simplified portfolio – including innovation from more than 1,200 partners – to help clients design and deliver more valuable customer engagements. With cloud, on premise and hybrid options, IBM Experienceone quickly scales to engage every customer in the moment while protecting their privacy.”
The IBM Experienceone brand is a coming together of many acquisitions that IBM has made in the field over recent years, including Sterling Commerce, Tealeaf, Coremetrics, Unica, Demandtec, Xtify and Silverpop. The only obvious omission from the top to tail offer is a specific CRM database, however IBM Experienceone is compatible with most of the leading solutions, including those of its arch rivals. This leads to the question, could a CRM be next on the company’s shopping list?
As well as on desktop and server equipment, Experienceone analytics will also be available through apps for iOS and Android.
Will IBM Realize Growth In 2015?
International Business Machines Corp said it is projecting growth in its hardware sector next year as the company invests in research and development and abandons low-performing ventures.
The comments come less than one month after the world’s largest technology service company reported its lowest quarterly revenue in five years, weighed by sluggish global demand for its hardware, which plunged 23 percent in the first quarter of 2014.
The company added that growth in Latin America, the Middle East and Africa remain strong, and blamed falling revenue in China on government reforms affecting state-owned clients, and on the country’s hardware-heavy portfolio.
“We move on and we spread ourselves out, more industries, more clients, cloud, data, et cetera, around there,” said IBM Chief Executive Ginni Rometty at an investor briefing on Wednesday.
Chief Financial Officer Martin Schroeter said to stabilize the hardware sector IBM would continue to “refresh” hardware and further invest in research and development.
“Quite frankly, we are seeing very good growth out of software, good growth out of services, but challenges in hardware,” said Schroeter. “We will stabilize that hardware base and I am comfortable we will make that happen in 2014,” he said.
He reiterated the company’s EPS target for 2015 of at least $20. He expects a shift to higher-value business to bring in $3.25 and share repurchases to add $2 in earnings per share by 2015.
IBM Goes BlueMix
IBM has put together a vast array of hosted cloud services, and now it has a single location to offer them for sale.
At IBM Cloud online marketplace, that went live on Monday, enterprises can find the full range of IBM’s offerings behind a single gateway.
“So many of our customers want to build new cloud-based, front-end systems, but they want to tie them into their back-end infrastructure. We’re delivering a whole set of integration components and control services to do the connection, and monitor and control what is taking place,” said Steve Mills, IBM senior vice president and group executive for software and systems.
The marketplace has more than 100 hosted IBM applications, as well as middleware components from IBM’s Bluemix platform as a service (PaaS). It also serves as a portal to IBM’s SoftLayer infrastructure as a service (IaaS) and houses a collection of services from IBM partners.
“It’s an open platform. It supports all the popular application development tools and structures. So it’s not uniquely IBM. There’s a lot of open source and partners,” Mills said. In addition to IBM’s own offerings, other services will be offered on the site by SendGrid, Zend, Redis Labs and other IBM partners.
IBM is banking heavily on the cloud. The company’s revenue has been declining lately, due in part to sagging hardware sales. The cloud is likely to be a good place to look for more money: Gartner expects 80 percent of organizations to use cloud services in some form by the end of 2014.
Although IBM got a late start in the cloud, at least compared with rivals Amazon and Microsoft, it’s aggressively repositioning itself as a one-stop cloud services company. It generated $4.4 billion in cloud-related revenue in 2013 and has made a number of additional investments in the area as well.
In January, the company announced it would invest $1.2 billion into expanding its SoftLayer cloud service, which it acquired last year for $2 billion.
It is also investing $1 billion in the effort to adapt its middleware software as cloud services, part of the Bluemix offering.
The new online marketplace ties together a number of these initiatives from IBM within a single portal. It can be accessed from desktops, laptops, tablets and smartphones, and it can customize the service offerings based on the user’s needs.
Is Qualcomm In Trouble?
Qualcomm’s activities in China may lead to regulatory penalties for the chip vendor, this time from the U.S. Securities and Exchange Commission over bribery allegations.
The company is currently facing an anti-monopoly probe from Chinese authorities for allegedly overcharging clients. Qualcomm has also said that the SEC may also consider penalizing the company, as part of an anti-corruption investigation.
The SEC’s Los Angeles Regional Office has made a preliminary decision to recommend that the SEC take action against Qualcomm for violating anti-bribery controls, the company said in its second quarter report. The accusations involve Qualcomm offering benefits to “individuals associated with Chinese state-owned companies or agencies,” the report added.
Both the SEC and the U.S. Department of Justice have been probing the company over alleged violations of the nation’s Foreign Corrupt Practices Act.
In cooperation with those official investigations, Qualcomm said it’s found instances of preferential hiring, and giving gifts and other benefits to “several individuals” with China’s state-owned companies. The gifts and benefits amounted to less than US$250,000 in value.
If the SEC takes action against Qualcomm, penalties could include giving up profits, facing injunctions, and other monetary penalties, the company said. Earlier this month, Qualcomm filed a submission with the U.S. regulator, countering any claims of wrongdoing.
Qualcomm is facing the investigations at a time when China is increasingly become a bigger part of its business. The nation is the world’s largest smartphone market, and more Chinese device manufacturers are expanding globally.
Last year, however, Chinese regulators began investigating Qualcomm due to complaints from industry groups. The company was allegedly abusing its market position and charging higher fees for its patent licensing business. In November, Chinese authorities conducted two surprise raids of Qualcomm offices in China for documents.
Chinese regulators could decide to penalize Qualcomm by confiscating financial gains made, and even imposing a fine of 1 to 10 percent on its revenues for the prior year, the company said in its quarterly report.
Many Websites Still Exposed
The world’s top 1,000 websites have been updated to protect their servers against the “Heartbleed” vulnerability, but up to 2% of the top million remained unprotected as of last week, according to a California security firm.
On Thursday, Menifee, Calif.-based Sucuri Security scanned the top 1 million websites as ranked by Alexa Internet, a subsidiary of Amazon that collects Web traffic data.
Of the top 1,000 Alexa sites, all were either immune or had been patched with the newest OpenSSL libraries, confirmed Daniel Cid, Sucuri’s chief technology officer, in a Sunday email.
Heartbleed, the nickname for the flaw in OpenSSL, an open-source cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption, was discovered independently by Neel Mehta, a Google security engineer, and researchers from security firm Codenomicon earlier this month.
The bug had been introduced in OpenSSL in late 2011.
Because of OpenSSL’s widespread use by websites — many relied on it to encrypt traffic between their servers and customers — and the very stealthy nature of its exploit, security experts worried that cyber criminals either had, or could, capture usernames, passwords,\ and even encryption keys used by site servers.
The OpenSSL project issued a patch for the bug on April 7, setting off a rush to patch the software on servers and in some client operating systems.
The vast majority of vulnerable servers had been patched as of April 17, Sucuri said in a blog postthat day.
While all of the top 1,000 sites ranked by Alexa were immune to the exploit by then, as Sucuri went down the list and scanned smaller sites, it found an increasing number still vulnerable. Of the top 10,000, 0.53% were vulnerable, as were 1.5% of the top 100,000 and 2% of the top 1 million.
Other scans found similar percentages of websites open to attack: On Friday, San Diego-based Websense said about 1.6% of the top 50,000 sites as ranked by Alexa remained vulnerable.
Since it’s conceivable that some sites’ encryption keys have been compromised, security experts urged website owners to obtain new SSL certificates and keys, and advised users to be wary of browsing to sites that had not done so.
Sucuri’s scan did not examine sites to see whether they had been reissued new certificates, but Cid said that another swing through the Web, perhaps this week, would. “I bet the results will be much much worse on that one,” Cid said.
Can Plastic Replace Silicon?
Can plastic materials morph into computers? A research breakthrough recently published brings such a possibility closer to reality.
Researchers are looking at the possibility of making low-power, flexible and inexpensive computers out of plastic materials. Plastic is not normally a good conductive material. However, researchers said this week that they have solved a problem related to reading data.
The research, which involved converting electricity from magnetic film to optics so data could be read through plastic material, was conducted by researchers at the University of Iowa and New York University. A paper on the research was published in this week’s Nature Communications journal.
More research is needed before plastic computers become practical, acknowledged Michael Flatte, professor of physics and astronomy at the University of Iowa. Problems related to writing and processing data need to be solved before plastic computers can be commercially viable.
Plastic computers, however, could conceivably be used in smartphones, sensors, wearable products, small electronics or solar cells, Flatte said.
The computers would have basic processing, data gathering and transmission capabilities but won’t replace silicon used in the fastest computers today. However, the plastic material could be cheaper to produce as it wouldn’t require silicon fab plants, and possibly could supplement faster silicon components in mobile devices or sensors.
“The initial types of inexpensive computers envisioned are things like RFID, but with much more computing power and information storage, or distributed sensors,” Flatte said. One such implementation might be a large agricultural field with independent temperature sensors made from these devices, distributed at hundreds of places around the field, he said.
The research breakthrough this week is an important step in giving plastic computers the sensor-like ability to store data, locally process the information and report data back to a central computer.
Mobile phones, which demand more computing power than sensors, will require more advances because communication requires microwave emissions usually produced by higher-speed transistors than have been made with plastic.
It’s difficult for plastic to compete in the electronics area because silicon is such an effective technology, Flatte acknowledged. But there are applications where the flexibility of plastic could be advantageous, he said, raising the possibility of plastic computers being information processors in refrigerators or other common home electronics.
“This won’t be faster or smaller, but it will be cheaper and lower power, we hope,” Flatte said.