Sign up for our Technology Newsletter 
3G And 4G Modems Pose Security Threats
Researchers Nikita Tarakanov and Oleg Kupreev analyzed the security of 3G/4G USB modems obtained from Russian operators for the past several months. Their findings were presented Thursday at the Black Hat Europe 2013 security conference in Amsterdam.
Most 3G/4G modems used in Russia, Europe, and probably elsewhere in the world, are made by Chinese hardware manufacturers Huawei and ZTE, and are branded with the mobile operators’ logos and trademarks, Tarakanov said. Because of this, even if the research was done primarily on Huawei modems from Russian operators, the results should be relevant in other parts of the world as well, he said.
Tarakanov said that they weren’t able to test baseband attacks against the Qualcomm chips found inside the modems because it’s illegal in Russia to operate your own GSM base station if you’re not an intelligence agency or a telecom operator. “We’ll probably have to move to another country for a few months to do it,” he said.
There’s still a lot to investigate in terms of the hardware’s security. For example, the SoC (system on a chip) used in many modems has Bluetooth capability that is disabled from the firmware, but it might be possible to enable it, the researcher said.
For now, the researchers tested the software preloaded on the modems and found multiple ways to attack it or to use it in attacks.
For one, it’s easy to make an image of the USB modem’s file system, modify it and write it on the modem again. There’s a tool available from Huawei to do modem backup and restore, but there are also free tools that support modems from other manufacturers, Tarakanov said.
Malware running on the computer could detect the model and version of the active 3G modem and could write an image with malicious customizations to it using such tools. That modem would then compromise any computer it’s used on.
The researchers also found a possible mass attack vector. Once installed on a computer, the modem application — at least the one from Huawei — checks periodically for updates from a single server, Tarakanov said. Software branded for a specific operator searchers for updates in a server directory specific to that operator.
An attacker who manages to compromise this update server, can launch mass attacks against users from many operators, Tarakanov said. Huawei 3G modems from several different Russian operators used the same server, but there might be other update servers for other countries, he said.
Research in this area is just at the beginning and there’s more to investigate, Tarakanov said. Someone has to do it because many new laptops come with 3G/4G modems directly built in and people should know if they’re a security threat.
Bonets Attack U.S. Banks
January 18, 2013 by admin
Filed under Around The Net
Comments Off on Bonets Attack U.S. Banks
Evidence collected from a website that was recently used to flood U.S. banks with junk traffic suggests that the responsible parties behind the ongoing DDoS attack campaign against U.S. financial institutions — thought by some to be the work of Iran — are using botnets for hire.
The compromised website contained a PHP-based backdoor script that was regularly instructed to send numerous HTTP and UDP (User Datagram Protocol) requests to the websites of several U.S. banks, including PNC Bank, HSBC and Fifth Third Bank, Ronen Atias, a security analyst at Web security services provider Incapsula, said Tuesday in a blog post.
Atias described the compromised site as a “small and seemingly harmless general interest UK website” that recently signed up for Incapsula’s services.
An analysis of the site and the server logs revealed that attackers were instructing the rogue script to send junk traffic to U.S. banking sites for limited periods of time varying between seven minutes and one hour. The commands were being renewed as soon as the banking sites showed signs of recovery, Atias said.
During breaks from attacking financial websites the backdoor script was being instructed to attack unrelated commercial and e-commerce sites. “This all led us to believe that we were monitoring the activities of a Botnet for hire,” Atias said.
“The use of a Web Site as a Botnet zombie for hire did not surprise us,” the security analyst wrote. “After all, this is just a part of a growing trend we’re seeing in our DDoS prevention work.”
Passwords Continue As The Weakest Link
Comments Off on Passwords Continue As The Weakest Link
Passwords aren’t the only failure point in many recent widely publicized intrusions by hackers.
But passwords played a part in the perfect storm of users, service providers and technology failures that can result in epic network disasters. Password-based security mechanisms — which can be cracked, reset and socially engineered — no longer suffice in the era of cloud computing.
The problem is this: The more complex a password is, the harder it is to guess and the more secure it is. But the more complex a password is, the more likely it is to be written down or otherwise stored in an easily accessible location, and therefore the less secure it is. And the killer corollary: If a password is stolen, its relative simplicity or complexity becomes irrelevant.
Password security is the common cold of our technological age, a persistent problem that we can’t seem to solve. The technologies that promised to reduce our dependence on passwords — biometrics, smart cards, key fobs, tokens — have all thus far fallen short in terms of cost, reliability or other attributes. And yet, as ongoing news reports about password breaches show, password management is now more important than ever.
All of which makes password management a nightmare for IT shops. “IT faces competing interests,” says Forrester analyst Eve Maler. “They want to be compliant and secure, but they also want to be fast and expedient when it comes to synchronizing user accounts.”
Will Foxcomm Invade The US?
Foxconn Technology Group is weighing whether or not to expand its existing manufacturing operations in the U.S., in a move that could be linked with Apple’s plan to bring back Mac manufacturing to the country.
Foxconn made the statement last Friday after Apple CEO Tim Cook said in interviews with NBC and Businessweek that Apple would manufacture one of its Mac lines in the U.S. by the end of next year.
“So we’ll literally invest over $100 million,” Cook said. “This doesn’t mean that Apple will do it ourselves, but we’ll be working with people, and we’ll be investing our money.”
Analysts said Foxconn could be involved. The Taiwan-based firm is a major supplier for Apple, helping to build its iPhone and iPad. But much of that manufacturing is done in China, where Foxconn employs 1.2 million workers and labor costs are lower.
Without elaborating, Foxconn said it was considering the expansion in order to meet the needs of it customers, and to “leverage the high-value engineering talent” available in the U.S. market.
It’s unclear what kind of manufacturing operations the company already has in the U.S. An expansion in the nation, however, would face challenges, said Amy Teng, an analyst with research firm Gartner.
“From the financial perspective, I don’t see any advantage in why they (Foxconn) would assemble there, unless this is part of Apple’s plan,” she said. Labor costs in the U.S. are higher and it will be harder for the company to recruit U.S. workers for menial factory jobs, when compared to China.
Is Windows 8 In High Demand?
Microsoft Corp Chief Executive Steve Ballmer said on Monday demand for the company’s new Windows 8 operating system, that went on sale last Friday, was running at a higher rate than its last release, Windows 7.
“We’re seeing preliminary demand well above where we were with Windows 7, which is gratifying,” Ballmer said at an event launching new Windows phones.
Windows 7 is the best-selling version of Windows so far, selling more than 670 million licenses in three years since release in 2009.
“Over the weekend we saw an incredible response around the globe to Windows 8 and the Microsoft Surface,” said Ballmer, referring to Microsoft’s first own-brand tablet, designed to challenge Apple Inc’s iPad. He did not give out any sales figures.
On Friday, there were moderate lines at Microsoft’s 60 or so stores across the United States for the Surface.
Ballmer was in San Francisco speaking at an event showcasing phones running its new Windows Phone 8 software, which go on sale this weekend.
Microsoft has struggled to make headway in the smartphone market, holding just 3.5 percent of the worldwide market, compared to 68 percent for Google Inc’s Android devices and 17 percent for Apple’s iPhone, according to tech research firm IDC.
The company highlighted how the new phones make use of Microsoft’s SkyDrive cloud service, enabling users to sync and transfer music, documents and photos between PCs, tablets and the Xbox game console. Microsoft added that it now has 120,000 apps in its online store for phones, still far fewer than the number available for iPhone and Android users.
I.T. Spending On The Rise
Worldwide IT spending remains on track to increase by 6% in 2012 despite the grim economic conditions in Europe, thanks to strong software, storage, smartphone and tablet sales, according to IDC.
While 2012 has been a tough year for many IT vendors, they have done better overall than many expected in the first half of the year, IDC said.
For example, software spending has been robust, even in parts of the world where the economy has been weakest, as businesses hope software tools and applications will help them implement cost-reduction strategies.
The 6% growth compares to a 7% increase in worldwide IT spending last year. IDC expects 6% growth in 2013.
Software, storage, enterprise network and mobile device markets have offset weaker sales in servers, peripherals and PCs. However, the launch of Windows 8 during the fourth quarter should help the PC market recover next year, IDC said.
U.S. IT spending will grow by 5.9% in 2012, compared to 8.5% last year. However, the strength of the dollar during the first six months of the year means that IT spending in dollar terms will grow just 4% for the full year.
Does 4G Pose A Security Threat?
Could 4G Networks give way for more high-risk mobile security implications; Symantec is warning of such a wave of threats.
“We could see a move to the sort of threats that we already see on the wireless and fixed connected network,” John said. “Malware that you usually have on fixed networks, like botnets.
“There aren’t many botnets on mobile devices because the bandwidth’s not there to support it, once you go on to 4G [hackers] could start infecting systems.”
To ensure that enterprises avoid these these security threats, John advised that businesses need to be on their toes more than ever, look closely at everything that’s coming into the network, and not trust anything.
“Companies need to make sure that where traditionally it’s been a firewall with a perimeter with everything in a timeline environment,” John said. “What they need to look at is ‘what are my employees doing’, ‘what information is being shared’ and ‘how do we ensure our information is being protected no matter where it may be’, whether its mobile device, across networks or sitting in a cloud service.”
“This is a change we are going through, but 4G is going to push the need for that change even more so,” she added.
According to John, 4G will also be detrimental to businesses in the way it will add a greater burden for them to ensure that cloud services and mobility – what she calls “two of the biggest security challenges for enterprises and their employees” – are up to scratch.
Rambus Makes Cuts
Technology licensing firm Rambus Inc said it has reorganized its businesses into three divisions and will slash its workforce by 15 percent as part of its efforts to cut costs.
The company, which has posted a loss for the last three consecutive quarters, appointed a new Chief Executive in June.
Rambus expects to save between $30 million and $35 million in cash annually, most of it from cuts in its general and administrative expenses.
The Sunnyvale, California-based company said the reductions in expense and related workforce will begin in the coming weeks and are expected to be completed during the fourth quarter.
It will take a related charge of $6 million over the next two quarters.
As of December 2011, the company had 456 employees.
Rambus said it now operates three business units — Memory and Interfaces, Cryptography Research Inc and Lighting and Display Technologies. It also named Martin Scott as the new role of chief technology officer.
Will Microsoft Sell The Surface RT For $199?
August 23, 2012 by admin
Filed under Around The Net
Comments Off on Will Microsoft Sell The Surface RT For $199?
Microsoft’s Surface for Windows RT tablet will sell for $199 when it ships on Oct. 26, according to an unidentified source in an Engadget story.
At that price, Microsoft would surely be selling below its costs, analysts said. However, Microsoft could take the loss in hopes of making up revenues on apps and media sales for the device.
Also, Microsoft would be trying to make an impact against the Nexus 7 and Kindle Fire sold at the same $199 price, since Microsoft arrived arrived late to the tablet game.
Engadget said it learned the price from an inside source at Microsoft’s recent Tech Ready15 conference, where launch details for Surface were announced.
Microsoft said the Surface tablet would be priced in-line with Windows RT tablets from other makers such as Asus, which hasn’t announced a price. However, given the components in the Surface and other Windows RT tablets, analysts have suggested it could cost more than $600.
Toshiba Cancels Windows Tablet
Toshiba on Tuesday officially confirmed what Microsoft recently hinted at: It won’t be delivering a Windows RT-based tablet anytime soon.
“Toshiba has decided not to introduce Windows RT models due to delayed components that would make a timely launch impossible,” the Japanese electronics company said in a statement to Bloomberg earlier today. “For the time being, Toshiba will focus on bringing Windows 8 products to market. We will continue to look into the possibility of Windows RT products in the future while monitoring market conditions.”
Last June, Toshiba showed two Windows RT-based concepts — a tablet with a docking station and a “clamshell” design that resembled a keyboard-equipped ultralight notebook — at Computex. The devices were not operational, however.
Based on those concept devices, most had included Toshiba in the slowly-growing list of OEMs (original equipment manufacturers) that were believed to be preparing Windows RT hardware for launch this year or early next.