Sign up for our Technology Newsletter 
Big Blue Still The Patent King
As technology companies start to stockpile patents so that they can see off their rivals IFI Claims Patent Services, a company that maintains global patent databases, has clocked the outfits with the most weapons in any patent war.
More than 224,505 utility patents were awarded in the U.S. last year, jumping two percent over the previous year’s record-breaking tally of 219,614 patents. IBM has always had the most patents, probably because it has been around the longest. The company was granted 6,180 utility patents, up nearly five percent from 2010. Samsung was the number two 4,894 patents, followed by Canon at 2,821 patents, Panasonic with 2,559 and Toshiba with 2,483 utility patents.
Microsoft, which held on to the third spot in 2010, is in the sixth place with 2,311 utility patents granted last year, According to IFI CEO Mike Baycroft global companies, and especially Asian ones, are collecting U.S patents at a dizzying pace, and now Asian firms hold eight of the top 10 slots in the 2011 ranking.
IBM’s Watson Shows Up For Work
IBM’s Watson supercomputer is about to start work evaluating evidence-based cancer treatment options that can be delivered to the doctors in a matter of seconds for assessment.
IBM and WellPoint, which is Blue Cross Blue Shield’s largest health plan, are developing applications that will essentially turn the Watson computer into an adviser for oncologists at Cedars-Sinai’s Samuel Oschin Comprehensive Cancer Institute in Los Angeles, according to Steve Gold, director of worldwide marketing for IBM Watson Solutions.
Cedars-Sinai’s historical data on cancer as well as its current clinical records will be ingested into an iteration of IBM’s Watson that will reside at WellPoint’s headquarters. The computer will act as a medical data repository on multiple types of cancer. WellPoint will then work with Cedars-Sinai physicians to design and develop applications as well as validate their capabilities.
Dr. M. William Audeh, medical director of the cancer institute, will work closely with WellPoint’s clinical experts to provide advice on how the Watson may be best used in clinical practice to support increased understanding of the evolving body of knowledge on cancer, including emerging therapies not widely known by physicians.
IBM announced earlier this year that healthcare would be the first commercial application for the computer, which defeated two human champions on the popular television game show Jeopardy! in February.
AES Encryption Cracked
CRYPTOGRAPHY RESEARCHERS have identified a weakness in the Advanced Encryption Standard (AES) security algorithm that can crack secret keys faster than before.
The crack is the work of a trio of researchers at universities and Microsoft, and involved a lot of cryptanalysis – which is somewhat reassuring – and still does not present much of a real security threat.
Andrey Bogdanov, from K.U.Leuven (Katholieke Universiteit Leuven), Dmitry Khovratovich, who is full time at Microsoft Research, and Christian Rechberger at ENS Paris were the researchers.
Although there have been other attacks on the key based AES security system none have really come close, according to the researchers. But this new attack does and can be used against all versions of AES.
This is not to say that anyone is in immediate danger and, according to Bogdanov, although it is four times easier to carry out it is still something of an involved procedure.
Recovering a key is no five minute job and despite being four times easier than other methods the number of steps required to crack AES-128 is an 8 followed by 37 zeroes.
“To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key,” the Leuven University researcher added. “Because of these huge complexities, the attack has no practical implications on the security of user data.” Andrey Bogdanov told The INQUIRER that a “practical” AES crack is still far off but added that the work uncovered more about the standard than was known before.
“Indeed, we are even not close to a practical break of AES at the moment. However, our results do shed some light into the internal structure of AES and indicate where some limits of the AES design are,” he said.
He added that the advance is still significant, and is a notable progression over other work in the area.
“The result is the first theoretical break of the Advanced Encryption Standard – the de facto worldwide encryption standard,” he explained. “Cryptologists have been working hard on this challenge but with only limited progress so far: 7 out of 10 for AES-128 as well as 8 out of 12 for AES-192 and 8 out of 14 rounds for AES-256 were previously attacked. So our attack is the first result on the full AES algorithm.”
Get Ready For Email-Malware Spree
A sizeable uptick in malicious email attachments is just subsiding, but if history is any indicator,several smaller spikes are about to follow that use even more deceptive tactics than their predecessors.
The recent surge, fueled in large part by a flood of fake messages from UPS, is similar to one observed at the end of March in that the messages urge recipients to open an attachment that releases the malware on victims’ machines, according to Internet security firm Commtouch.
The earlier wave used a wide range of package-delivery services as senders, including FedEx and DHL, but the latest outbreak employs a wider variety of messages such as, “Dear client, recipient’s address is wrong”, “Dear User, Delivery Confirmation: FAILED”, and “Dear Client, We are not able to delivery [sic] the postal package”, according to the Commtouch blog.
All the messages then instruct the recipient to open the attachment that contains the malware, claiming it is an invoice or a form that needs to be filled out. “This time we see differences in the style of the emails – there is far more variation in the automatically-generated subjects, body and attachment names. Last time all the attachments were “UPS.exe” – this time there are many variations,” says Avi Turiel, director of product marketing at Commtouch in an email.
The attackers will evaluate the success of the attack by finding out how many recipients activated the malware, “Based on the infections vs. malware sent out they will probably try and figure out what they could improve in the next attack,” he says.
“TDL-4″ Botnet Is Practically Indestructible
Comments Off on “TDL-4″ Botnet Is Practically Indestructible
A new and improved botnet that has infected more than four million computers is “practically indestructible,” software security experts say.
“TDL-4,” the name for both the bot Trojan that infects PCs and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.
“[TDL-4] is practically indestructible,” Golovanov said and others agree.
“I wouldn’t say it’s perfectly indestructible, but it is pretty much indestructible,” said Joe Stewart, director of malware research at Dell SecureWorks and an internationally-known botnet expert, in an interview today. “It does a very good job of maintaining itself.”
Golovanov and Stewart based their assessments on a variety of TDL-4′s traits, all which make it an extremely tough character to detect, delete, suppress or eradicate.
Because TDL-4 installs its rootkit on the Master Boot Record (MBR), it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code.
Further,what makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.
“The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet,” said Roel Schouwenberg, senior malware researcher at Kaspersky, ”The TDL guys are doing their utmost not to become the next gang to lose their botnet.”
Download Defense Added To Chrome Browser
Comments Off on Download Defense Added To Chrome Browser
Google has updated Chrome to version 12, adding a new feature that warns users when they’ve downloaded files from dangerous Web sites.
New to Chrome 12 is a tool that flags questionable files pulled from the Web. Chrome now shows an alert when users download some file types from sites that are on the Safe Browsing API (application programming interface) blacklist, which Google maintains.
The messages reads: “This file is malicious. Are you sure you want to continue?” If they wish, users can ignore the warning and install the file on their system’s hard drive.
“This warning will be displayed for any download URL that matches the latest list of malicious websites published by the Safe Browsing API,” said Google last April when it debuted the feature in an earlier edition of Chrome.
Safe Browsing already identifies suspicious or unsafe sites, then adds them to a blacklist. Chrome, Mozilla’s Firefox and Apple’s Safari all tap into Safe Browsing to warn users of risky sites before they actually visit them.
Benefits of Cloud Computing
In a nutshell Cloud Computing is the process of having on-demand hosted computing services provided outside your own network environment through a vendor’s Public or Private Data Center. Cloud Computing can be broken into three distinct categories. They are SaaS (Software as a Service), IaaS (Infrastructure as a Service), and PaaS (Platform as a Service).
Even though the concepts of Cloud Computing have been around for years, it still remains in its infancy. However, its adoption rate has been rather explosive lately, due in part to its seamlessness and ease of information integration.Cloud Computing has many benefits for medium and small businesses by way of collaboration and Productivity. For instance users will have the ability to work on the same projects in real-time from any location whether it’s the office, at home or an overseas location, at any time. The office never closes.
Another reason Cloud Computing has become so enticing is businesses can cut expenses on hardware and IT staffing to support the very same services as if they were on-site (Break/Fix issues are resolved by the vendor and the customer is never aware since services are redundant). Security is also enhanced because leading vendors adhere to higher levels of security features that are cost prohibitive to most medium and small businesses. In these days of high profile data breaches added security is must have.
Businesses should also consider their IT teams will not have a steep learning curve adapting to Cloud based services, since most user environment applications are similar in design to those they are accustomed to using today. Another added convenience is that Cloud Computing rids businesses of the old and costly software licensing requirement for every application/user. Cloud Computing allows the business to buy services on a time/usage metric.
If your business is looking to stay agile and save money, Cloud Computing may be the right direction to move.