Sign up for our Technology Newsletter 
Zeus Attached To Cancer Email Scam
March 28, 2014 by admin
Filed under Around The Net
Comments Off on Zeus Attached To Cancer Email Scam
Thousands of email users have been hit by a sick cancer email hoax that aims to infect the recipients’ computers with Zeus malware.
The email has already hit thousands of inboxes across the UK, and looks like it was sent by the National Institute for Health and Care Excellence (NICE). It features the subject line “Important blood analysis result”.
However, NICE has warned that it did not send the malicious emails, and is urging users not to open them.
NICE chief executive Sir Andrew Dillon said, “A spam email purporting to come from NICE is being sent to members of the public regarding cancer test results.
“This email is likely to cause distress to recipients since it advises that ‘test results’ indicate they may have cancer. This malicious email is not from NICE and we are currently investigating its origin. We take this matter very seriously and have reported it to the police.”
The hoax message requests that users download an attachment that purportedly contains the results of the faux blood analysis.
Security analysis firm Appriver has since claimed that the scam email is carrying Zeus malware that if installed will attempt to steal users’ credentials and take over their PCs.
Appriver senior security specialist Fred Touchette warned, “If the attachment is unzipped and executed the user may see a quick error window pop up and then disappear on their screen.
“What they won’t see is the downloader then taking control of their PC. It immediately begins checking to see if it is being analysed, by making long sleep calls, and checking to see if it is running virtually or in a debugger.
“Next it begins to steal browser cookies and MS Outlook passwords from the system registry. The malware in turn posts this data to a server at 69.76.179.74 with the command /ppp/ta.php, and punches a hole in the firewall to listen for further commands on UDP ports 7263 and 4400.”
NSA Developing System To Crack Encryption
Comments Off on NSA Developing System To Crack Encryption
The U.S. National Security Agency is working to develop a computer that could ultimately break most encryption programs, whether they are used to protect other nations’ spying programs or consumers’ bank accounts, according to a report by the Washington Post.
The report, which the newspaper said was based on documents leaked by former NSA contractor Edward Snowden, comes amid continuing controversy over the spy agency’s program to collect the phone records Internet communications of private citizens.
In its report, The Washington Post said that the NSA is trying to develop a so-called “quantum computer” that could be used to break encryption codes used to cloak sensitive information.
Such a computer, which would be able to perform several calculations at once instead of in a single stream, could take years to develop, the newspaper said. In addition to being able to break through the cloaks meant to protect private data, such a computer would have implications for such fields as medicine, the newspaper reported.
The research is part of a $79.7 million research program called “Penetrating Hard Targets,” the newspaper said. Other, non-governmental researchers are also trying to develop quantum computers, and it is not clear whether the NSA program lags the private efforts or is ahead of them.
Snowden, living in Russia with temporary asylum, last year leaked documents he collected while working for the NSA. The United States has charged him with espionage, and more charges could follow.
His disclosures have sparked a debate over how much leeway to give the U.S. government in gathering information to protect Americans from terrorism, and have prompted numerous lawsuits.
Last week, a federal judge ruled that the NSA’s collection of phone call records is lawful, while another judge earlier in December questioned the program’s constitutionality. The issue is now more likely to move before the U.S. Supreme Court.
On Thursday, the editorial board of the New York Times said that the U.S. government should grant Snowden clemency or a plea bargain, given the public value of revelations over the National Security Agency’s vast spying programs.
Will Computer Obtain Common Sense?
Even though it may appear PCs are getting dumbed down as we see constant images of cats playing the piano or dogs playing in the snow, one computer is doing the same and getting smarter and smarter.
A computer cluster running the so-called the Never Ending Image Learner at Carnegie Mellon University runs 24 hours a day, 7 days a week searching the Internet for images, studying them on its own and building a visual database. The process, scientists say, is giving the computer an increasing amount of common sense.
“Images are the best way to learn visual properties,” said Abhinav Gupta, assistant research professor in Carnegie Mellon’s Robotics Institute. “Images also include a lot of common sense information about the world. People learn this by themselves and, with [this program], we hope that computers will do so as well.”
The computers have been running the program since late July, analyzing some three million images. The system has identified 1,500 types of objects in half a million images and 1,200 types of scenes in hundreds of thousands of images, according to the university.
The program has connected the dots to learn 2,500 associations from thousands of instances.
Thanks to advances in computer vision that enable software to identify and label objects found in images and recognize colors, materials and positioning, the Carnegie Mellon cluster is better understanding the visual world with each image it analyzes.
The program also is set up to enable a computer to make common sense associations, like buildings are vertical instead of lying on their sides, people eat food, and cars are found on roads. All the things that people take for granted, the computers now are learning without being told.
“People don’t always know how or what to teach computers,” said Abhinav Shrivastava, a robotics Ph.D. student at CMU and a lead researcher on the program. “But humans are good at telling computers when they are wrong.”
He noted, for instance, that a human might need to tell the computer that pink isn’t just the name of a singer but also is the name of a color.
While previous computer scientists have tried to “teach” computers about different real-world associations, compiling structured data for them, the job has always been far too vast to tackle successfully. CMU noted that Facebook alone has more than 200 billion images.
The only way for computers to scan enough images to understand the visual world is to let them do it on their own.
“What we have learned in the last five to 10 years of computer vision research is that the more data you have, the better computer vision becomes,” Gupta said.
CMU’s computer learning program is supported by Google and the Office of Naval Research.
Did Stuxnet Infect A Russian Nuclear Plant?
Comments Off on Did Stuxnet Infect A Russian Nuclear Plant?
Kaspersky has claimed that the infamous Stuxnet computer worm “badly infected” the internal network of an unnamed Russian nuclear plant after it caused chaos in Iran’s nuclear facilities.
Speaking at a keynote presentation given at the Canberra Press Club 2013, Kaspersky CEO Eugene Kaspersky said a staffer at the unnamed nuclear plant informed him of the infection.
“[The staffer said] their nuclear plant network which was disconnected from the internet was badly infected by Stuxnet,” Kaspersky said.
“So unfortunately these people who were responsible for offensive technologies, they recognise cyber weapons as an opportunity.”
Stuxnet was discovered to have spread throughout industrial software and equipment in 2010 and is believed to have been created by the United States and Israel to attack Iran’s nuclear facilities. According to Kaspersky’s source, the malware was carried into the Russian nuclear plant and installed on a physically separated “air-gapped” network.
Kaspersky also made a rather outlandish joke during his speech, saying that all data is subject to theft. “All the data is stolen,” Kaspersky said. “At least twice.”
“If the claim of the Russian nuclear plant infection is true, then it’s easy to imagine how this “collateral damage” could have turned into a very serious incident indeed, with obvious diplomatic repercussions,” said security expert Graham Cluley.
“There is no way to independently verify the claim, of course. But it is a fact that Stuxnet managed to infect many computer systems outside of its intended target in Iran,” Cluley added. “Indeed, the very fact that it spread out of control, was what lead to its discovery by security firms.”
Earlier this year, Symantec claimed that the Stuxnet computer worm could date back further than 2010 and was more widespread than originally believed.
Symantec’s report called “The Missing Link” found a build of the Stuxnet attack tool, dubbed Stuxnet 0.5, which it said dated back to 2005 and used different techniques to sabotage industrial facilities.
Raspberry PI Breaks Record
Sinclair ZX80 and runaway success story, the Raspberry Pi might be about to get its own monitor after a Kickstarter campaign to create a low cost 9in screen for it has exceeded its $90,000 goal in a single weekend.
The HDMIPi monitor from startup Raspi.tv presently stands at $100,996 on Kickstarter, an increase of $8,000 in just the last four hours. The concept behind the monitor is to create something small and affordable but with maximum 1920×1080 resolution. Even though the project has had to scale down its ambitions to 1200×800 resolution to fit the business plan, Raspberry Pi fans have flocked to crowdfund the device.
Put in perspective, that’s higher than HD 720p resolution, or as they describe it, “slightly better resolution than the 720p HD footage on BBC iPlayer”.
Monitor cases will be available in a variety of colours, designed by none other than Paul Beech, who designed the original Raspberry Pi logo.
Although primarily designed for the Raspberry Pi, the HDMIPi is a standard HDMI monitor and can be used for other devices – Android sticks, video cameras, games consoles and beyond.
Raspi.tv has pledged to ship orders in February 2014, delays permitting, and is already working on enhancements. It has described touch functionality as something that might become available as a bolt-on at a later date, saying that “enough people have mentioned it that we are sitting up and taking notice”.
As ever with the Raspberry Pi ecosystem, everything is a bit Ryanair, and power supplies, surrounds and so on are not automatically included, though of course, in the true DIY spirit, you can always make your own.
ATM Malware Found In Mexico
A malicious software program identified in ATMs in Mexico has been improved and translated into English, which suggests it may be used elsewhere, according to security vendor Symantec.
Two versions of the malware, called Ploutus, have been discovered, both of which are engineered to empty a certain type of ATM, which Symantec has not identified.
In contrast to most malware, Ploutus is installed the old-fashioned way — by inserting a CD boot disk into the innards of an ATM machine running Microsoft Windows. The installation method suggests that cybercriminals are targeting standalone ATMs where access is easier.
The first version of Ploutus displays a graphical user interface after the thief enters a numerical sequence on an ATM’s keypad, although the malware can be controlled by a keyboard, wrote Daniel Regalado, a Symantec malware analyst, on Oct. 11.
Ploutus is programmed for a specific ATM model since it assumes there is a maximum of four cassettes per dispenser in the ATM. It then calculates the amount of money that should be dispensed based on the number of bills. If any of the cassettes have less than the maximum number of 40 bills, it releases whatever is left, repeating that process until the ATM is empty.
Kevin Haley, director of Symantec Security Response, said in an interview earlier this month that the attackers have deep knowledge of the software and hardware of the particular ATM model.
“They clearly know how this machine worked,” he said.
The source code of Ploutus “contains Spanish function names and poor English grammar that suggests the malware may have been coded by Spanish-speaking developers,” Regalado wrote.
In a new blog post, Regalado wrote that the attackers made Ploutus more robust and translated it into English, indicating the same ATM software can be exploited in countries other than Mexico.
The “B” variant of Ploutus has some differences. It only accepts commands through the keypad but will display a window showing the money available in the machine along with a transaction log as it dispenses cash. An attacker cannot enter a specific number of bills, so Ploutus withdraws money from the cassette with the most available bills, Regalado wrote.
Symantec advised those with ATMs to change the BIOS boot order to only boot from the hard disk and not CDs, DVDs or USB sticks. The BIOS should also be password protected so the boot options can’t be changed, Regalado wrote.
Stanford Develops Carbon Nanotubes
Researchers at Stanford University have demonstrated the first functional computer constructed using only carbon nanotube transistors.
Scientists have been experimenting with transistors based on carbon nanotubes, or CNTs, as substitutes for silicon transistors, which may soon hit their physical limits.
The rudimentary CNT computer is said to run a simple operating system capable of multitasking, according to a synopsis of an article published in the journal Nature.
Made of 178 transistors, each containing between 10 and 200 carbon nanotubes, the computer can do four tasks summarized as instruction fetch, data fetch, arithmetic operation and write-back, and run two different programs concurrently.
The research team was led by Stanford professors Subhasish Mitra and H.S. Philip Wong.
“People have been talking about a new era of carbon nanotube electronics moving beyond silicon,” Mitra said in a statement. “But there have been few demonstrations of complete digital systems using [the] technology. Here is the proof.”
IBM last October said its scientists had placed more than 10,000 transistors made of nano-size tubes of carbon on a single chip. Previous efforts had yielded chips with just a few hundred carbon nanotubes.
FTC Warns Google And FB
August 30, 2013 by admin
Filed under Around The Net
Comments Off on FTC Warns Google And FB
The Federal Trade Commission (FTC) has promised that her organisation will come down hard on companies that do not meet requirements for handling personal data.
FTC Chairwoman Edith Ramirez gave a keynote speech at the Technology Policy Institute at the Aspen Forum. She said that the FTC has a responsibility to protect consumers and prevent them from falling victim to unfair commercial practices.
“In the FTC’s actions against Google, Facebook, Myspace and others, we alleged that each of these companies deceived consumers by breaching commitments to keep their data confidential. That isn’t okay, and it is the FTC’s responsibility to make sure that companies live up to their commitments,” she said.
“All told, the FTC has brought over 40 data security cases under our unfairness and deception authority, many against very large data companies, including Lexisnexis, Choicepoint and Twitter, for failing to provide reasonable security safeguards.”
Ramirez spoke about the importance of consumer privacy, saying that there is too much “shrouding” of what happens in that area. She said that under her leadership the FTC will not be afraid of suing companies when it sees fit.
“A recurring theme I have emphasized – and one that runs through the agency’s privacy work – is the need to move commercial data practices into the sunlight. For too long, the way personal information is collected and used has been at best an enigma enshrouded in considerable smog. We need to clear the air,” she said.
Ramirez compared the work of the FTC to the work carried out by lifeguards, saying that it too has to be vigilant.
“Lifeguards have to be mindful not just of the people swimming, surfing, and playing in the sand. They also have to be alert to approaching storms, tidal patterns, and shifts in the ocean’s current. With consumer privacy, the FTC is doing just that – we are alert to the risks but confident that those risks can be managed,” she added.
“The FTC recognizes that the effective use of big data has the potential to unleash a new wave of productivity and growth. Like the lifeguard at the beach, though, the FTC will remain vigilant to ensure that while innovation pushes forward, consumer privacy is not engulfed by that wave.”
It’s all just lip service, of course. Companies might be nominally bound by US privacy laws in online commerce, and that might be overseen by the FTC, but the US National Security Agency (NSA) collects all internet traffic anyway, and makes data available to other US government agencies and even some private companies.
Chinese Hackers Go After Dissidents
August 26, 2013 by admin
Filed under Around The Net
Comments Off on Chinese Hackers Go After Dissidents
The “Comment Crew,” a group of China-based hackers whose outing earlier this year in major media outlets caused a conflict with the U.S., have resumed their attacks against dissidents.
FireEye, a security vendor that specializes in trying to stop sophisticated attacks, has noticed attackers using a fresh set of tools and evasion techniques against some of its newer clients, which it can’t name. But Rob Rachwald, director of market research for FireEye, said in an interview Monday that those clients include an organization in Taiwan and others involved in dissident activity.
The Comment Crew was known for many years by security analysts, but its attacks on The New York Times, described in an extensive report in February from vendor Mandiant, thrust them into an uncomfortable spotlight, causing tense relations between the U.S. and China.
Rachwald said it is difficult to determine if the organizations being targeted now were targeted by the Comment Crew previously, but FireEye said last month that the group didn’t appear to be hitting organizations they had compromised before.
Organizations opposing Chinese government policies have frequently been targeted by hackers in what are believed to be politically motivated surveillance operations.
The Comment Crew laid low for about four months following the report, but emerging clues indicate they haven’t gone away and in fact have undertaken a major re-engineering effort to continue spying. The media attention “didn’t stop them, but it clearly did something to dramatically alter their operations,” Rachwald said in an interview.
“If you look at it from a chronological perspective, this malware hasn’t been touched for about 18 months or so,” he said. “Suddenly, they took it off the market and started overhauling it fairly dramatically.”
FireEye researchers Ned Moran and Nart Villeneuve described the new techniques on Monday on FireEye’s blog.
Two malware samples, called Aumlib and Ixeshe, had been used by the Comment Crew but not updated since 2011. Both malware programs have now been altered to change the appearance of their network traffic, Rachwald said.
Many vendors use intrusion detection systems to spot how malware sends data back to an attacker, which helps determine if a network has been compromised. Altering the method and format for how the data is sent can trick those systems into thinking everything is fine.
In another improvement, encryption is now employed to mask certain components of the programs’ networking communication, Rachwald said. The malware programs themselves, which are designed to steal data and log keystrokes, are basically the same.
Mandiant’s report traced the hacking activity to a specific Chinese military unit called “61398.” The company alleged that it waged a seven-year hacking spree that compromised 141 organizations.
Rachwald said it is strongly believed the Comment Crew is behind the new attacks given its previous use of Aumlib and Ixeshe. But the group has also re-engineered its attack infrastructure so much over the last few months that it is difficult to say for sure.
IBM Still Talking Up SyNAPSE
IBM has unveiled the latest stage in its plans to generate a computer system that copies the human brain, calculating tasks that are relatively easy for humans but difficult for computers.
As part of the firm’s Systems of Neuromorphic Adaptive Plastic Scalable Electronics (SyNAPSE) project, IBM researchers have been working with Cornell University and Inilabs to create the programming language with $53m in funding from the Defense Advanced Research Projects Agency (DARPA).
First unveiled two years ago this month, the technology – which mimics both the size and power of humanity’s most complex organ – looks to solve the problems created by traditional computing models when handling vast amounts of high speed data.
IBM explained the new programming language, perhaps not in layman’s terms, by saying it “breaks the mould of sequential operation underlying today’s von Neumann architectures and computers” and instead “is tailored for a new class of distributed, highly interconnected, asynchronous, parallel, large-scale cognitive computing architectures”.
That, in English, basically means that it could be used to create next generation intelligent sensor networks that are capable of perception, action and cognition, the sorts of mental processes that humans take for granted and perform with ease.
Dr Dharmendra Modha, who heads the programme at IBM Research, expanded on what this might mean for the future, sayng that the time has come to move forward into the next stage of information technology.
“Today, we’re at another turning point in the history of information technology. The era that Backus and his contemporaries helped create, the programmable computing era, is being superseded by the era of cognitive computing.
“Increasingly, computers will gather huge quantities of data, reason over the data, and learn from their interactions with information and people. These new capabilities will help us penetrate complexity and make better decisions about everything from how to manage cities to how to solve confounding business problems.”
The hardware for IBM’s cognitive computers mimic the brain, as they are built around small “neurosynaptic cores”. The cores are modeled on the brain, and feature 256 “neurons” (processors), 256 “axons” (memory) and 64,000 “synapses” (communications between neurons and axons).
IBM suggested that potential uses for this technology could include a pair of glasses which assist the visually impaired when navigating through potentially hazardous environments. Taking in vast amounts of visual and sound data, the augmented reality glasses would highlight obstacles such as kerbs and cars, and steer the user clear of danger.
Other uses could include intelligent microphones that keep track of who is speaking to create an accurate transcript of any conversation.
In the long term, IBM hopes to build a cognitive computer scaled to 100 trillion synapses. This would fit inside a space with a volume of no more than two litres while consuming less than one kilowatt of power.