Sign up for our Technology Newsletter 
Is Epic Turla Exploiting Windows XP?
Kaspersky Lab has discovered an espionage network that successfully attacked government institutions, intelligence agencies and European companies.
The firm has dubbed the spy operation Epic Turla, and said that it is in no doubt about its capabilities.
“Over the last 10 months, Kaspersky Lab researchers have analyzed a massive cyber-espionage operation which we call ‘Epic Turla’,” it said.
“The attackers behind Epic Turla have infected several hundred computers in more than 45 countries, including government institutions, embassies, military, education, research and pharmaceutical companies.”
Kaspersky said that Epic Turla used two zero-day exploits that affected Adobe and Microsoft software, along with some backdoor and social engineering tricks.
In particular, Kaspersky said a vulnerability in Windows XP and Windows 2003 – CVE-2013-5065 – termed a “privilege escalation vulnerability” is being used. “The CVE-2013-5065 exploit allows the backdoor to achieve administrator privileges on the system and run unrestricted. This exploit only works on unpatched Microsoft Windows XP systems.”
The use of this Windows XP flaw underlines the risk that the unsupported Windows XP OS poses. Kaspersky went on to explain that, once inside, attackers install their own rootkits and other malware tools and begin their surveillance.
“Once the attackers obtain the necessary credentials without the victim noticing, they deploy the rootkit and other extreme persistence mechanisms,” it said. “The attacks are still ongoing as of July 2014, actively targeting users in Europe and the Middle East.”
The attacks are just the latest in a long line of incidents that businesses need to be aware of as cyber attacks continue at an alarming rate.
In June the security firm Crowdstrike alerted the industry to Putter Panda, a cute-sounding but nasty piece of malware. That firm pointed an accusatory finger at China and charged it with espionage on the US and Europe.
Crowdstrike CEO George Kurtz said at the time, “China’s decade-long economic espionage campaign is massive and unrelenting. Through widespread espionage campaigns, Chinese threat actors are targeting companies and governments in every part of the globe.” Chinese authorities disputed this.
The report comes in the same week Hold Security reported uncovering a huge trove of 1.2 billion web passwords and login details that have been gathered by Russian cyber criminals.
Is Snapdragon A Security Flaw?
Security researcher Dan Rosenberg has told a Black Hat conference how it is possible to permanently unlock the bootloader on Android phones – provided they use a Qualcomm Snapdragon chip.
Rosenberg said that the flaw is in ARM’s TrustZone technology, which runs a trusted operating system and another for normal apps. This is supposed to improve device security, but in Qualcomm’s implementation, they cocked it up. It means that if a hacker gets access to the trusted operation part of the chip, it can run whatever application he or she likes.
This affects all known Android devices with a Qualcomm Snapdragon SoC, including the Nexus 5, the HTC One, and Samsung’s Galaxy Note 3, as well as the Moto X. The Samsung Galaxy S5 and the HTC One M8 have already been patched.
Can Intel Go Wireless?
July 17, 2014 by admin
Filed under Uncategorized
Comments Off on Can Intel Go Wireless?
Intel wants to lead the drive into a less wired world by pushing standards, drive down the cost, and make these technologies ubiquitous.
At Computex, Intel demonstrated WiGig wireless docking and simultaneous wireless charging of a laptop, smartphone, headset and tablet with a pad placed under a tabletop. The company said that it would deliver reference designs for systems that use the technology in 2016 as part of a future Core processor family known as Skylake.
WiGig trades range for speed and operates in the 60GHz spectrum, compared with 2.4- and 5.0GHz for WiFi. It can transfer data at speeds of up to 7Gbps, compared to a maximum speed of a little more than 1Gbps for 802.11ac.
WiGig can be used to stream video from a mobile device to a TV or monitor, replacing HDMI and DisplayPort cables, but is being seen as a way of carrying out networking and wireless docking. It means that you can put your laptop on your desk and it automatically connects with your monitor, keyboard and mouse, printer and other peripherals without cables.
Intel plans to make its own WiGig chips. The outfit said it will have silicon for both transmitters and receivers in production by the end of this year, and available in products in the first half of 2015. Intel also wants to push Rezence for wireless charging.
Chipzilla has added that it will contribute some of its own IP to expand the standard to support wireless charging of laptops (which requires at least 20 watts) and that Rezence will be part of a Skylake reference design by 2016. This means that the world could be wirelessly networked soon after that.
Is Malware Wreaking Havoc On XP?
One of the top three malware programs affecting businesses in the second quarter is a worm that takes advantage of the large number of companies still using Windows XP, Trend Micro has warned.
The worm, dubbed DOWNAD, also known as Conficker, can infect an entire network via a malicious URL, spam email, or removable drive. Windows XP is particularly susceptible to this threat because it is known to exploit the MS08-067 Server service vulnerability in order to execute arbitrary code.
DOWNAD also has its own domain generation algorithm (DGA) that allows it to create randomly-generated URLs. It then connects to these created URLs to download files to the system. Trend Micro said that around 175 IP addresses are found to be related to the DOWNAD worm and that these IP addresses use various ports and are randomly generated via the DGA capability of DOWNAD.
“During our monitoring of the spam landscape, we observed that in Q2, more than 40 percent of malware related spam mails are delivered by machines infected by DOWNAD worm,” said Trend Micro anti-spam research engineer Maria Manly in a blog post.
“A number of machines are still infected by this threat and leveraged to send the spammed messages to further increase the number of infected systems. And with Microsoft ending the support for Windows XP this year, we can expect that systems with this OS can be infected by threats like DOWNAD.”
The security company warned that spam campaigns delivering FAREIT, MYTOB, and LOVGATE payloads in email attachments are attributed to DOWNAD infected machines. FAREIT is a malware family of information stealers that download variants of the Zeus Trojan, while MYTOB is an old family of worms known for sending a copy of itself in spam attachments.
The other top sources of spam with malware are the CUTWAIL botnet, together with Gameover ZeuS (GoZ). Manly said CUTWAIL was actually previously used to download GoZ malware but now a malware called UPATRE employs GoZ malware or variants of ZBOT which have peer-to-peer functionality.
“In the last few weeks we have reported various spam runs that abused Dropbox links to host malware like UPATRE,” Manly said. “We also spotted a spammed message in the guise of voice mail that contains a Cryptolocker variant. The latest we have seen is a spam campaign with links that leveraged CUBBY, a file storage service, this time carrying a banking malware detected as TSPY_BANKER.WSTA.”
According to Manly, cybercriminals and threat actors are probably abusing file storage platforms to mask their malicious activities and go undetected in the system and network.
“As spam with malware attachment continues to proliferate, so is spam with links carrying malicious files. The continuous abuse of file hosting services to spread malware appears to have become a favoured infection vector of cyber criminals most likely because this makes it more effective given that the URLs are legitimate thereby increasing the chance of bypassing anti-spam filters,” she added.
Intel Reveals 750 Series SSD
During the 3D Revolution 2014 presentation held in Rome, Intel has showed its updated SSD roadmap unveiling the new August Ridge SSD 750 Series which will be available in multiple form-factors, including lately popular M.2.
Spotted by Techpowerup.com, the Intel SSD 750 Series will be aimed at both the consumer and the professional market segments and be available in three form-factors, including 2.5-inch SATA 6Gbps, mSATA 6Gbps as well as the M.2 form-factor.
The new 750 SSD Series will most likely be available in all the popular capacities, up to 960GB, and be based on 20nm MLC NAND flash.
Unfortunately, the roadmap does not reveal many details regarding the performance of the SSD 750 Series but does note that it should launch in Q4 2014.
Can Malwarebytes Protect XP?
Malwarebytes has launched anti-exploit services to protect Windows users from hacking attacks on vulnerabilities in popular targets including Microsoft Office, Adobe software products and Java, a service which even offers protection for Windows XP users.
Consumer, Premium and Corporate versions of the service are available, and are designed to pre-emptively stop hackers from infecting Windows machines with malware.
“An exploit will typically first corrupt the memory of an application process, take control, then execute code,” said Malwarebytes director of special projects Pedro Bustamante.
“From the shell code it executes a payload that tells the exploit what to do and that in turn usually downloads malware from the internet and executes it. The final stage is usually where antivirus kicks in, when it’s being downloaded from the internet, and starts doing things like behavioural analysis to see if it’s malicious.
“We don’t care about that, what we do comes before then. We just look for exploit-like behaviour and block anything that looks like it at the shellcode or payload stages. We come into play before the malware even appears on the scene.”
The Consumer version of the anti-exploit service is free and offers basic browser and Java protection.
The Premium version costs $37.00 per user and adds Office and Adobe protection services as well as the ability to add custom shields to other internet-facing applications, like Messenger or Netflix.
The Corporate version costs$40.00 person user and offers complete anti-exploit protection and comes with Malwarebytes’ Anti-malware service and a toolkit for IT managers.
Bustamante explained that the technology is designed to help businesses and general web users defend against the new wave of exploit-based cyber attacks.
“Traditional security can’t deal with exploits. Every day we see people getting infected, even if they have the latest up-to-date antivirus readers, because of exploits,” he said. “This is why we care about the applications you run – Firefox, Chrome, Internet Explorer, Java, Acrobat [and Microsoft] Word, Excel [and] Powerpoint.”
Bustamante added that the service is doubly important for Windows XP users since Microsoft officially ceased support for the OS in April.
“We’re still seeing over 25 percent of our users running XP. For them this product is even more important,” he said.
“We see new zero-days if not every week, every month, and for XP users who are not getting any more patches from Microsoft this product will be essential.
“Every month Microsoft will be releasing security patches for newer versions of Windows. Every time Microsoft does this it’ll be a treasure map for hackers to find exploits on Windows XP.
“It’ll show them exactly where the vulnerabilities are, so every month will see an influx of new exploits targeting Windows XP.”
Intel And Oracle Team Up Again
Oracle has added systems to its enterprise-class x86 server line featuring elastic computing capabilities that dynamically adapt their configurations in response to workloads.
The Oracle Sun Server X4-4 and Sun Server X4-8 are four-socket and eight-socket systems designed for data centre workloads such as virtualisation, Oracle databases and scale-up enterprise applications.
However, the two servers are fitted with a unique variant of Intel’s Xeon E7 v2 processor family that combines the capabilities of three different Xeon processors into one.
Oracle said it worked with Intel to create this chip, the Xeon E7-8895 v2, which can dynamically switch its core count, clock frequency and power consumption without the need for a system level reboot.
This chip is the heart of the elastic computing capability of the Sun Server X4-4 and Sun Server X4-8, enabling them to adapt to the requirements of different workloads based on its runtime configuration.
It might be configured for transaction processing at a high clock speed for one hour, then switched to higher core counts for the next hour for higher throughput computing, according to Oracle.
“Through close collaboration with Intel, we are the first to announce servers based on the new Xeon E7-8895 v2 processors and the first with unique capabilities that allow customers to dynamically address different workloads in real time,” said Ali Alasti, senior vice president for hardware development at Oracle.
Enhancements have also been made to the system firmware and to Oracle’s Solaris, and Oracle Linux operating systems to support the elastic computing features.
Oracle also said the new systems have a modular design that allows the processors to be upgraded to future Xeon chips, while all the disks are hot-swappable, plus there is hot-pluggable I/O support for industry-standard low-profile PCI Express cards via a dual PCIe card carrier.
The servers also feature a “glueless” architecture that removes the need for a node controller. As node controllers typically change from one processor generation to the next because of modifications to inter-processor communication and coherency protocols, the elimination enables Oracle to offer a future-proof chassis that will support future processor releases from Intel, the firm said.
The Sun Server X4-8 is touted by Oracle as ideal for running its Oracle Database, which has just been updated with an in-memory processing option. It supports 120 processor cores with up to 6TB of memory in its 5U rack-mount chassis, plus up to 9.6TB of hard drive or 3.2TB of solid state drive (SSD) storage.
Meanwhile, the Sun Server X4-4 is said to be well suited for applications requiring large memory footprint virtual machines and running real-time analytics software.
It can be configured with two or four of the Xeon E7-8895 v2 processors, with up to 3TB of memory and 4.8TB of PCIe flash plus 2.4TB of SSDs or 7.2TB of hard drives.
Did Intel Miss The Tablet Boat?
Intel CEO Brian Krzanich has admitted the obvious – Intel missed the boat on tablets.
Speaking at the Code Conference, Krzanich said the company was slow to react to the emergence of tablets and smartphones.
“There was a belief that tablets would be a consumption device only (and) that people would come back to the laptop and the PC. There were heavy debates within Intel and it took a while for us to accept and acknowledge that data. Companies make mistakes,” Krzanich told Walt Mossberg in an interview.
In other words at least part of Intel’s failure to tap the emerging mobile market a few years ago was internal wrangling.
The course shifted under the Krzanich regime. Last Intel President Renee James and Krzanich made it clear that the company is now treating its Atom line-up just like its big cores. For years the company treated Atoms as a sideshow, making sure that they would not eat into Core sales.
ARM had different ideas and so did AMD, they went after the tablet and essential notebook markets. As a result ARM currently dominates the mobile space, while AMD managed to carve a nice niche in the entry-level x86 segment, with Brazos and Kabini parts.
Intel is fighting back, but it is paying a heavy price. The company is on track to quadruple its tablet SoC shipments to 40 million units this year, but it has to pay through the nose to get there. As for the smartphone market, Intel is all but absent.
Krzanich insists he is not giving up on the phone and tablet space. He wants Intel to take a 15 to 20 percent market share in these segments, which sounds very ambitious. Thanks to generous subsidies it has a good chance in the tablet space. This week Intel announced a deal with Rockchip, which should also boost its presence in the booming tablet market in China.
However, so far the company has not rolled out a compelling smartphone SoC and it’s lagging behind the competition in LTE integration.
Can MediTek Win With Amazon?
According to the Taiwan Economic Daily, the chipmaker will supply SoCs for upcoming Amazon tablets. Details are sketchy and it is unclear whether MediaTek has landed an order for all Kindle Fire SKUs or just one of them. The paper claims MediaTek will start shipping the chips later this year, but we have no way of confirming or denying the report.
The chip in question appears to be the MT8135. It is a mid-range big.LITTLE part announced last year and it features two Cortex A15 and two Cortex A7 CPU cores. The GPU comes from Imagination and it’s the relatively fresh PowerVR G6200. The GPU is capable of churning out 83.2 GFLOPS at 650MHz, depending on the configuration of course.
It sounds like a decent all-round SoC, with a substantially faster GPU than previous MediaTek offerings in the same segment, which were powered by venerable SGX 54x and Mali 400/450 GPUs.
Information is limited and we can’t say for sure whether or not MediaTek actually landed the deal, or whether the deal includes more than a single Kindle Fire SKU. If true, it is a big coup for the Taiwan-based chipmaker, as Amazon ships up to two million Kindle tablets each quarter.
It would also help MediaTek’s ambitious tablet plans. The company hopes to double shipments of tablet-centric SoC products this year.
RedHat Goes Atomic
The Red Hat Summit kicked off in San Francisco on Tuesday, and continued today with a raft of announcements.
Red Hat launched a new fork of Red Hat Enterprise Linux (RHEL) with the title “Atomic Host”. The new version is stripped down to enable lightweight deployment of software containers. Although the mainline edition also support software containers, this lightweight version improves portability.
This is part of a wider Red Hat initiative, Project Atomic, which also sees virtualisation platform Docker updated as part of the ongoing partnership between the two organisations.
Red Hat also announced a release candidate (RC) for Red Hat Enterprise Linux 7. The beta version has already been downloaded 10,000 times. The Atomic Host fork is included in the RC.
Topping all that is the news that Red Hat’s latest stable release, RHEL 6.5 has been deployed at the Organisation for European Nuclear Research – better known as CERN.
The European laboratory, which houses the Large Hadron Collider (LHC) and was birthplace of the World Wide Web has rolled out the latest versions of Red Hat Enterprise Linux, Red Hat Enterprise Virtualisation and Red Hat Technical Account Management. Although Red Hat has a long history with CERN, this has been a major rollout for the facility.
The logging server of the LHC is one of the areas covered by the rollout, as are the financial and human resources databases.
The infrastructure comprises a series of dual socket servers, virtualised on Dell Poweredge M610 servers with up to 256GB RAM per server and full redundancy to prevent the loss of mission critical data.
Niko Neufeld, deputy project leader at the Large Hadron Collider, said, “Our LHCb experiment requires a powerful, very reliable and highly available IT environment for controlling and monitoring our 70 million CHF detectors. Red Hat Enterprise Virtualization is at the core of our virtualized infrastructure and complies with our stringent requirements.”
Other news from the conference includes the launch of Openshift Marketplace, allowing customers to try solutions for cloud applications, and the release of Red Hat Jboss Fuse 6.1 and Red Hat Jboss A-MQ 6.1, which are standards based integration and messaging products designed to manage everything from cloud computing to the Internet of Things.