Can OSX Make Macs Vulnerable To Rootkits?

The software genii at Apple have redesigned their OSX software to allow malware makers to make designer micro-software that can infect Macs with rootkits.

Obviously the feature is one that Apple software experts designed specifically for malware writers, perhaps seeing them as an untapped market.

The bug in the latest version of Apple’s OS X allows attackers root user privileges with a micro code which could be packed into a message.

Security researcher Stefan Esser said that this was the security hole attackers regularly exploit to bypass security protections built into modern operating systems and applications.

The OS X privilege-escalation flaw stems from new error-logging features that Apple added to OS X 10.10. Plainly the software genii did not believe that standard safeguards involving additions to the OS X dynamic linker dyld applied to them because they were protected from harm by Steve Job’s ghost.

This means that attackers to open or create files with root privileges that can reside anywhere in the OS X file system.

“This is obviously a problem, because it allows the creation or opening (for writing) of any file in the filesystem. And because the log file is never closed by dyld and the file is not opened with the close on exec flag the opened file descriptor is inherited by child processes of SUID binaries. This can be easily exploited for privilege-escalation,” Esser said.

The vulnerability is present in both the current 10.10.4 (Yosemite) version of OS X and the current beta version of 10.10.5. Importantly, the current beta version of 10.11 is free of the flaw, an indication that Apple developers may already be aware of the vulnerability.

An Apple spokesman said that engineers are aware of Esser’s post of course they did not say they would do anything about it. They will have to go through the extensional crisis involved in realising that their product was not secure or perfect. Then the security team will have to issue orders, signed in triplicate, sent in, sent back, queried, lost, found, subjected to an internal inquiry, lost again, and finally bury it in soft peat for three months and recycled as firelighters.

Source

Microsoft To Release Advanced Threat Analytics

Microsoft is very close to releasing Advanced Threat Analytics (ATA) the security sure-up that it first announced three months ago.

ATA, or MATA as we called it for our own small amusement, is the result of three months’ real world testing, and the culmination of enough user feedback to inform a final release.

That final release will happen in August, which should give you plenty of time to get your head around it.

Hmmm. Microsoft’s Advanced Threat Analytics seems like a very good idea focused on the enterprise.

— Kevin Jones (@vcsjones) May 4, 2015

Idan Plotnik, who leads the ATA team at Microsoft, explained in an Active Directory Team Blog post that the firm is working towards removing blind spots from security analytics, and that this release should provide a strong and hardy tool for the whacking away of hacking.

“Many security monitoring and management solutions fail to show you the real picture and provide false alarms. We’ve taken a different approach with Microsoft ATA,” he said.

“Our secret sauce is our combination of network Deep Packet Inspection, information about the entities from Active Directory, and analysis of specific events.

“With this unique approach, we give you the ability to detect advanced attacks and stolen credentials, and view all suspicious activities on an easy to consume, simple to explore, social media feed like attack timeline.”

The Microsoft approach is an on-premise device that detects and analyses threats as they happen and on a retrospective basis. Plotnik said that it combines machine learning and knowledge about existing techniques and tactics to proactively protect systems.

“ATA detects many kinds of abnormal user behaviour many of which are strong indicators of attacks. We do this by using behavioural analytics powered by advanced machine learning to uncover questionable activities and abnormal behaviour,” he added.

“This gives the ability for ATA to show you attack indicators like anomalous log-ins, abnormal working hours, password sharing, lateral movement and unknown threats.”

A number of features will be added to the preview release, including performance improvements and the ability to deal with more traffic, before general availability next month.

Source

Microsoft Unveils ‘Send’ Mobile App

Microsoft unveiled a mobile-minded alternative to email that’s focused primarily on short, quick messages.

Named Send, the new tool aims to deliver a simple experience much like that offered by text messaging or instant messaging software but without the need to know a co-worker’s mobile number or username. Instead, Send lets users quickly fire off a message to any co-worker using just their email address; no subject line, salutations or signatures are required.

“On my way,” might be one example, or “Are you in the office today?”

The app connects to Office 365 business and school email accounts to find frequent and recent contacts; users need only tap on one to start a conversation. A “Quick Reply” option allows for speedy responses.

That Office 365 connection, meanwhile, also means conversations are synced with Outlook, letting users continue them from anywhere. Messages sent using Send are treated internally like any other work email and comply with an organization’s email compliance policies, Microsoft said.

Send is now available free for iPhone through the Microsoft Garage in the U.S. and Canada. Versions for Windows Phone and Android are coming soon, as are additional IT controls. Currently the app works with Office 365 business and school email accounts, but Microsoft plans to make it more broadly available in the coming months, it said.

Source

Microsoft To Open Source Radio Code

Microsoft has begun to open source some more of its code, this time for the Microsoft Research Software Radio (Sora).

“We believe that a fully open source Sora will better support the research community for more scientific innovation,” said Kun Tan, a senior researcher on the Sora project team.

Sora was created to combat the problem of creating software radio that could keep up with the hardware developments going on around it.

The idea behind it is to run the radio off software on a multi-core PC running a basic operating system. In the example, it uses Windows. But then it would.

A PCIe radio control board is added to the machine with signals processed by the software for transmission and reception, while the RF front-end, with its own memory, interfaces with other devices.

The architecture also supports parallel processing by distributing processing pipelines to multiple cores exclusively for real-time SDR tasks.

Sora has already won a number of awards, and the Sora SDK and API were released in 2011 for academic users. More than 50 institutions now use it for research or courses.

As such, and in line with the groovy open Microsoft ethos, the software has now been completely open sourced, with customizable RF front-ends, customizable RCB with timing control and synchronization, processing accelerators and support for new communication models such as duplex radios.

The Sora source code is now up on GitHub. Use cases already in place include TV whitespace, large scale MIMO and distributed MIMO systems.

Microsoft has made a number of moves towards open sourcing itself over the past year. Most notably, The .NET Framework at the heart of most Windows programs was offered up to the newly created .NET Foundation.

It was announced yesterday that Google is releasing its Kubernetes code to the Linux Foundation to set up a standardized format for containerization.

Source

Darkode Hacking Forum Shut Down

Law enforcement agencies from 20 countries collaborated to cripple a major computer hacking forum, and U.S. officials filed criminal charges against a dozen people associated with the website, the U.S. Department of Justice announced.

Darkode.com on is displaying a message saying the site and domain had been seized by the FBI and other law enforcement agencies.

Darkode, a password-protected online forum for criminal hackers, represented one of the gravest threats to the integrity of data on computers across the world, according to David Hickton, U.S. attorney for the Western District of Pennsylvania. “Through this operation, we have dismantled a cyber hornets’ nest of criminal hackers which was believed by many, including the hackers themselves, to be impenetrable.”

Five of the defendants face charges in Hickton’s district.

Darkode allowed hackers and other cybercriminals to sell, trade and share information and tools related to illegal computer hacking, the law enforcement agencies alleged.

Before becoming a member of Darkode, prospective participants were allegedly vetted through a process that included an invitation by a member, the DOJ said in a press release. The prospective member then pitched the skill or products he or she could bring to the forum.

Darkode members allegedly used each other’s skills and products to infect computers and electronic devices of victims around the world with malware, the DOJ said.

The takedown of the forum and the charges announced Wednesday came after the FBI’s infiltration of Darkode’s membership.

Source

Will Qualcomm Give Some Workers The Boot?

Qualcomm is undergoing major restructuring and one side-effect of the overhaul is that some 4,000 jobs might be slashed.

The company, according to our well informed industry sources, will announce this during the upcoming Qualcomm Q3 FY15 earnings conference call that Is scheduled for July 22. We could not find out which jobs will be affected, but we expect that the company will shad more light on it during the call.

In December 2014 the company announced that it would slash some 900 jobs and it ended up slashing roughly 1,500 jobs. This will be the first major announcement and it comes at a bad time, as the company’s sales numbers are not that great. Qualcomm lost its highest end customer, Samsung, and companies like HTC who are using the Snapdragon 810 are not too happy about company’s highest end SoC offering.

Qualcomm has around 31,300 employees, which is still not that much considering that Intel has some 100,000, but its main SoC competitor, MediaTek, has just over 10,000 employees making its operational costs much smaller.

If the number of employees 31,300 didn’t change in recent months, slashing 4,000 jobs would mean cutting the 12.8 percent of the workforce. This is a major adjustment, no question about it.

Still, we believe that the server division will start making some money in 2016 and the new Snapdragon 820 is expected to start shipping later this year. In the long run, the company is more than fine, it is just that the competitors have changed from Nvidia and Intel to MediaTek.

Source

FCC Wants Carriers To Alert When IP Switching

The U.S. Federal Communications Commission is backing a requirement that the country’s telecom carriers warn residential and business customers about plans to retire copper telephone networks for IP-based systems.

A proposal from FCC Chairman Tom Wheeler would also require telecom carriers retiring their copper networks to offer customers the option of purchasing battery backup systems so that they don’t lose voice service during an electrical power outage, officials said Friday. IP-based voice service depends on working Internet service, which, in turn, requires electricity.

The old copper-based phone service works without electrical service available at the customer’s address, and a loss of voice service during power outages is one of the major concerns of consumer groups as major telecom carriers move to retire their decades-old copper networks.

Wheeler’s proposal, likely to be voted on by the commission during its Aug. 6 meeting, would require telecom providers that are retiring copper to make battery backup systems with eight hours of standby power available to affected customers, either through the carriers themselves or for third-party retailers. Voice customers would have to pay for the battery backups, which now cost $40 and up, but they could choose whether or not they want the backup.

Most consumers and consumer groups in contact with the FCC wanted the option to purchase battery backup from sources other than carriers, an FCC official said. Requiring battery backup systems during VoIP installs could have discouraged customers from signing up for the service, he added.

Within three years, carriers would have to offer a battery backup option with 24 hours of standby power, under the rules proposed by Wheeler.

Telecom carriers retiring their copper would also have to alert customers that their old telephone service was going away. Telecom carriers currently aren’t required to notify customers, but under the proposed rules, residential customers would get a three-month warning, and business customers would get a six-month warning, agency officials said during a press briefing.

Telecom carriers would also have to notify interconnecting carriers of their copper retirement plans, and competitors using the existing copper to provide business voice and Internet services would be eligible to receive similar pricing deals from the large incumbent carriers, the FCC said.

Source

Is Blackberry Going Android?

BlackBerry Ltd , which has been tight-lipped about its plans to make a mainstream Android smartphone, fueled more speculation about its plans this week when it scooped up two Android-related domain names.

Several blog posts in the last two days have noted that the Canadian handset maker bought the domain names “AndroidSecured.com” and “AndroidSecured.net” this week. That spurred more chatter that it intends to build a device powered by Google Inc’s  Android platform, which powers the vast majority of smartphones sold across the globe.

The purchase of the domain names is particularly interesting since BlackBerry Chief Executive John Chen has declined to confirm a June Reuters report that said the company was planning an Android phone.

Speculation that BlackBerry will embrace Android was also spurred this week by a Digitimes report that said the company plans to roll out several models of Android-based phones.

In the past three weeks, however, Chen has said at least twice that he would only build an Android phone if he can “secure Android”.

BlackBerry downplayed the significance of its domain name purchases in an email on Friday, saying: “BlackBerry frequently registers domain names to support the breadth of our cross-platform portfolio. Android is an important part of our cross-platform enterprise software strategy.”

Indeed, one of the domains, “AndroidSecured.com”, currently redirects users to a BlackBerry enterprise-focused site.

But that has not stopped a barrage of chatter on tech blogs about the purchases being part of BlackBerry’s plan to build its own secure Android, going beyond supporting existing Android phones on its BES12 device-management system. BES12 allows corporate and government clients to secure Android-, iOS-, Windows- and BlackBerry-powered devices on their networks.

Under the leadership of Chen, the Waterloo, Ontario-based company has been pivoting toward software and device management as its recent devices, powered by its BlackBerry 10 software, have failed to win mass appeal. Analysts and tech gurus believe a move to Android could give BlackBerry’s device arm a new lease on life.

Source

PC Sales Continue The Downward Trend

Gartner is reporting the biggest slump in PC sales for almost two years. The second quarter report saw 68.4 million units shifted in the three-month period, a year-on-year reduction of 9.4 percent, and the steepest drop in seven quarters.

What’s more, the prediction is that the next quarter will see a further reduction of 4.4 percent.

It seems that the dislike of Windows 8, coupled with the impending arrival of Windows 10, has battered the sales of new PCs.

The fact that most PC users will be entitled to a free upgrade, coupled with the fact that chip and RAM technology haven’t moved on at a spectacular pace this year, has created a perfect storm among consumers who are waiting it out for their machines to be born again on 29 July (or 30, or 31, or possibly 1 August).

If you’re reading this and thinking ‘It’s just a dying market’ you’re not wrong, but you have only to look at today’s IDC figures to see that this really is made of Microsoft.

IDC is even more pessimistic than Gartner, quoting 66.1 million units, down 11.8 percent year on year.

But more importantly, when drilled down to the OEMs, you can see where the real problem lies. Apple is the only company in the top five not rooted in the Windows ecosystem.

It is also the only manufacturer to see a rise in its market share, and is now the fourth biggest vendor in the world, up 16.1 percent. Acer at number five has seen its share plummet by 25.9 percent.

Things were a bit rosier this time last year, because businesses were migrating away from Windows XP (not all of them, mind). This year, there’s no ballast and a lot of hesitation to see exactly how Windows 10 does before big orders start being deployed in enterprises.

“The price hike of PCs became more apparent in some regions due to a sharp appreciation of the US dollar against local currencies,” said Mikako Kitagawa, principal analyst at Gartner.

“The worldwide PC market experienced unusually positive desk-based growth last year due to the end of Windows XP support. After the XP impact was phased out, there have not been any major growth drivers to stimulate a PC refresh.”

IDC’s Loren Loverde, VP of worldwide PC trackers and forecasting, said: “We’re expecting the Windows 10 launch to go relatively well, though many users will opt for a free OS upgrade rather than buying a new PC.

“Competition from 2-in-1 devices and phones remains an issue, but the economic environment has had a larger impact lately, and that should stabilize or improve going forward.”

Meanwhile, Apple, despite having a tiny market share for its OS X operating system at just 7.5 percent, according to this month’s Netmarketshare figures, has managed to avoid being the winner or loser OEM by being the referee, which is a nice trick if you can do it.

Both analyst firms see the top three remaining as Lenovo, HP and Dell. Nothing to see there.

Source

Is Mastercard Going With Selfies?

Mastercard has announced plans to roll out a verification technology that requires a selfie to process payments. The industry’s latest move in the shameless act of narcissism is a biometric face scanning technology that will let customers replace their PINs with their face, according to MasterCard chief product security officer, Ajay Bhalla. Bhalla told CNN Money that the multinational financial services corporation has teamed up with all the major phone manufacturers to deliver the technology. “The new generation, which is into selfies, I think they’ll find it cool. They’ll embrace it. This [app] seamlessly integrates biometrics into the overall payment experience,” he said. “You can choose to use your fingerprint or your face. You tap it, the transaction is OK’ed and you’re done.” The selfie payment feature will roll out on a trial basis first in the US, with a full scale deployment to follow at an unspecified date. The system requires users to blink when prompted once they have held their device at eye-level for the checkout process to complete. This ensures that potential cyber crooks cannot use a still image of the user to hack into their personal account. MasterCard announced last month that all retail outlets across Europe will accept contactless payments by 2020, paving the way for wider adoption of mobile payment solutions. Mike Cowan, head of emerging payments products at MasterCard, revealed at the company’s Future of Payments event in London that Europeans will soon be able to tap to pay anywhere. “From the beginning of 2016 any new payment terminal that gets deployed must accept contactless, and every single terminal must accept it by 2020,” he said. This means that new point of sale terminals must adhere to the new standard on deployment from 1 January 2016, while existing terminals that don’t yet support contactless payments must be replaced by 1 January 2020 at the latest. Source

« Previous Page — Next Page »