Malware Infections On Android Rising

An increasing number of Android phones are infected with mobile malware programs that are capable of turning the handsets into spying devices, according to a report from Kindsight Security Labs, a subsidiary of telecommunications equipment vendor Alcatel-Lucent.

The vast majority of mobile devices infected with malware are running the Android operating system and a third of the top 20 malware threats for Android by infection rate fall into the spyware category, Kindsight said in a report released Tuesday that covers the second quarter of 2013.

The Alcatel-Lucent subsidiary sells security appliances to ISPs (Internet service providers) and mobile network operators that can identify known malware threats and infected devices by analyzing the network traffic.

Data collected from its product deployments allows the company to compile statistics about how many devices connected to mobile or broadband networks are infected with malware and determine what are the most commonly detected threats.

The malware infection rate for devices connected to mobile networks is fairly low, averaging at 0.52%, Kindsight said in its report. These infected devices include mobile phones as well as Windows laptops that use a mobile connection through a phone, a 3G USB modem or a mobile hotspot device.

In January the number of infected mobile phones accounted for slightly more than 30% of all infected devices connected to mobile networks, but by June they grew to more than 50%.

The vast majority of infected mobile phones run Android. Those running BlackBerry, iOS and other operating systems represent less than 1% of infected mobile devices, Kindsight said.

When calculated separately, on average more than 1% of Android devices on mobile networks are infected with malware, Kindsight said in its report.

The malware threat most commonly seen on Android devices was an adware Trojan program called Uapush.A that sends SMS messages and steals information, Kindsight said. Uapush.A was responsible for around 53% of the total number of infections detected on Android devices.

Source

BlackBerry’s Secure Goes To iOS

BlackBerry continues to expand its support for Android and iOS with Secure Work Space, which separates work and personal apps and data, as the device maker tries to hold on to enterprise users by becoming more platform neutral.

Remaining relevant in a world where more than 9 out of 10 smartphones shipped are based on either Google’s Android or Apple’s iOS isn’t easy for BlackBerry. But the company still has fans in enterprise IT departments and hopes to remain an option for users by continuing to embrace the two dominant platforms. The company can already manage devices based on Android and iOS, and support for BlackBerry Messenger is on the way.

BlackBerry announced Secure Work Space in March and has now made good on a promise to ship it before June 30. The software is an add-on to BlackBerry Enterprise Service (BES) 10, and it adds a managed container to protect corporate data and applications running on Android and iOS devices.

Users get integrated email, calendar and contacts, as well as secure browser access to intranets and document editing capabilities. Data is protected both when stored on the device and when transferred to and from enterprise servers, according to BlackBerry.

“The concept is right and very similar to what AT&T offers with Toggle. Creating two different “personas” on mobile devices is becoming a best practice for enterprises. Buying it from BlackBerry is probably most relevant for enterprises that have a major commitment to BlackBerry 10 and BES 10,” said Leif-Olof Wallin, research vice president at Gartner.

On BlackBerry 10 smartphones, BlackBerry has tightly integrated a personal and a work environment with the Balance feature.

BlackBerry is far from the only vendor that has adopted this concept. One competitor is Good Technology, which on Tuesday announced a whole host of new applications compatible with its Dynamics Security Mobility platform, which includes support for both app wrapping and encrypted app containers. The list of newcomers includes Mobility for SAP and remote access app Splashtop.

But for those interested in Secure Work Space, which is based on software from OpenPeak, the BES 10 server software is free to download. Annual client access licenses for Secure Work Space are $99 per year and device. For enterprises that want to get their feet wet, the platform is also available as a 60-day free trial bundle that includes device management for BlackBerry 10, iOS and Android devices, as well as Secure Work Space licenses for 50 users.

Source

Are CCTV Cameras Hackable?

When the nosy British bought CCTV cameras, worried citizens were told that they could not be hacked.

Now a US security expert says he has identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military. Craig Heffner, said he discovered the previously unreported bugs in digital video surveillance equipment from firms including Cisco, D-Link and TRENDnet.

They could use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems. Heffner said that it was a significant threat as somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems.

He will show how to exploit these bugs at the Black Hat hacking conference, which starts on July 31 in Las Vegas. Heffner said he has discovered hundreds of thousands of surveillance cameras that can be accessed via the public internet.

Source

HP Aims To Boot ‘Useless’ Data

Hewlett-Packard wants to help organizations rid themselves of useless data, all the information that is no longer necessary, yet still occupies expensive space on storage servers.

The company’s Autonomy unit has released a new module, called Autonomy Legacy Data Cleanup, that can delete data automatically based on the material’s age and other factors, according to Joe Garber, who is the Autonomy vice president of information governance.

Hewlett-Packard announced the new software, along with a number of other updates and new services, at its HP Discover conference, being held this week in Las Vegas.

For this year’s conference, HP will focus on “products, strategies and solutions that allow our customers to take command of their data that has value, and monetize that information,” said Saar Gillai, HP’s senior vice president and general manager for the converged cloud.

The company is pitching Autonomy Legacy Data Cleanup for eliminating no-longer-relevant data in old SharePoint sites and in e-mail repositories. The software requires the new version of Autonomy’s policy engine, ControlPoint 4.0.

HP Autonomy Legacy Data Cleanup evaluates whether to delete a file based on several factors, Garber said. One factor is the age of the material. If an organization has an information governance policy of only keeping data for seven years, for example, the software will delete any data older than seven years. It will root out and delete duplicate data. Some data is not worth saving, such as system files. Those can be deleted as well. It can also consider how much the data is being accessed by employees: Less consulted data is more suitable for deletion.

Administrators can set other controls as well. If used in conjunction with the indexing and categorization capabilities in Autonomy’s Idol data analysis platform, the new software can eliminate clusters of data on a specific topic. “You apply policies to broad swaths of data based on some conceptual analysis you are able to do on the back end,” Garber said.

Source

Will Icahn Boot Michael Dell?

Carl Icahn reportedly is drawing up a shortlist of potential Dell CEO replacements for Michael Dell should his bid for the company be successful.

Icahn and Southeastern Asset Management have made a bid to rival that of Michael Dell and Silver Lake Partners in the high stakes fight over Dell and its board. Now it is being reported that Icahn has already started drawing up a list of candidates that he and Southeastern Asset Management will propose as replacements for Michael Dell as CEO of Dell.

Icahn has previously warned that should his offer for Dell be accepted by the shareholders he would look to not only oust Michael Dell as CEO but replace the firm’s board of directors. Reuters reports that Icahn is casting his net far and wide, including consideration of former HP CEO and current Oracle co-president Mark Hurd.

According to Reuters’ sources Cisco director Michael Capellas, IBM services head Michael Daniels and Oracle’s Hurd are all in the frame, although none of the individuals would confirm having been approached by Icahn.

Michael Dell’s initial plan to buy back the company he founded has met with strong opposition by existing shareholders, some of whom think they are getting shortchanged. According to Michael Dell, the firm’s reorganisation into an enterprise IT vendor will be easier if the company goes private and doesn’t face investor and market scrutiny.

So far Dell’s board is backing Michael Dell’s and Silver Lake Partners’ buyout offer, suggesting that Icahn’s offer is short of cash. However some of Dell’s investors might like the drastic action that Icahn is promising, along with the fact that his offer allows existing shareholders to maintain a diluted stake in the company.

Should Icahn manage to get his takeover offer accepted by Dell’s shareholders, it will set up a sensational return to the PC industry for Hurd and give Dell renewed momentum to compete with HP.

Source

Dell Promises ExaScale By 2015

Dell has claimed it will make exascale computing available by 2015, as the firm enters the high performance computing (HPC) market.

Speaking at the firm’s Enterprise Forum in San Jose, Sam Greenblatt, chief architect of Dell’s Enterprise Solutions Group, said the firm will have exascale systems by 2015, ahead of rival vendors. However, he added that development will not be boosted by a doubling in processor performance, saying Moore’s Law is no longer valid and is actually presenting a barrier for vendors.

“It’s not doubling every two years any more, it has flattened out significantly,” he said. According to Greenblatt, the only way firms can achieve exascale computing is through clustering. “We have to design servers that can actually get us to exascale. The only way you can do it is to use a form of clustering, which is getting multiple parallel processes going,” he said.

Not only did Greenblatt warn that hardware will have to be packaged differently to reach exascale performance, he said that programmers will also need to change. “This is going to be an area that’s really great, but the problem is you never programmed for this area, you programmed to that old Von Neumann machine.”

According to Greenblatt, shifting of data will also be cut down, a move that he said will lead to network latency being less of a performance issue.”Things are going to change very dramatically, your data is going to get bigger, processing power is going to get bigger and network latency is going to start to diminish, because we can’t move all this [data] through the pipe,” he said.

Greenblatt’s reference to data being closer to the processor is a nod to the increasing volume of data that is being handled. While HPC networking firms such as Mellanox and Emulex are increasing bandwidths on their respective switch gear, bandwidth increases are being outpaced by the growth in the size of datasets used by firms deploying analytics workloads or academic research.

That Dell is projecting 2015 for the arrival of exascale clusters is at least a few years sooner than firms such as Intel, Cray and HP, all of which have put a “by 2020″ timeframe on the challenge. However what Greenblatt did not mention is the projected power efficiency of Dell’s 2015 exascale cluster, something that will be critical to its usability.

Source

IBM Buys SoftLayer

IBM has signed an agreement to purchase SoftLayer Technologies, as it looks to accelerate the build-out of its public cloud infrastructure. The company is also forming a services division to back up the push.

The financial details of the deal were not announced, but SoftLayer is the world’s largest privately held cloud computing infrastructure provider, according to IBM.

IBM already has an offering that includes private, public and hybrid cloud platforms. The acquisition of SoftLayer will give it a more complete in-house offering, as enterprises look to keep some applications in the data center, while others are moved to public clouds.

SoftLayer has about 21,000 customers and an infrastructure that includes 13 data centers in the U.S., Asia and Europe, according to IBM. SoftLayer allows enterprises to buy compute power on either dedicated or shared servers.

Following the close of the acquisition of SoftLayer, which is expected in the third quarter, a new division will combine its services with IBM’s SmartCloud. IBM expects to reach $7 billion annually in cloud revenue by the end of 2015, it said.

Success is far from certain: The public cloud market is becoming increasingly competitive as dedicated cloud providers, telecom operators and IT vendors such as Microsoft and Hewlett-Packard all want a piece. The growing competition should be a good thing for customers if it drives down prices. For example, Microsoft has already committed to matching Amazon Web Services prices for commodity services such as computing, storage and bandwidth.

Not all hardware vendors feel it’s necessary to have their own public cloud. Last month, Dell changed strategy and said it would work with partners including Joyent, instead of having its own cloud.

Source

McAffee See Sure In Spam

The first three months of 2013 have seen a surge in spam volume, as well as a growing number of samples of the Koobface social networking worm and master boot record (MBR) infecting malware, according to antivirus vendor McAfee.

After remaining relatively stable throughout 2012, spam levels rose during the first quarter of 2013, reaching the highest volume seen in the past two years, McAfee said in a report released Monday.

The amount of spam originating from some countries rose dramatically, McAfee said. Spam from Belarus increased by 540% while spam originating in Kazakhstan grew 150%.

Cutwail, also known as Pushdo, was the most prevalent spam-sending botnet during the first quarter, McAfee said.

The increased Pushdo activity has recently been observed by other security companies as well. Last month, researchers from security firm Damballa found a new variant of the Pushdo malware that’s more resilient to coordinated takedown efforts.

On the malware front, McAfee has also seen a surge in the number of Koobface samples, which reached previously unseen levels during the first quarter of 2013. First discovered in 2008, Koobface is a worm that spreads via social networking sites, especially through Facebook, by hijacking user accounts.

The number of malware samples designed to infect a computer’s master boot record (MBR) also reached a record high during the first three months of 2013, after increasing during the last quarter of 2012 as well, McAfee said.

The MBR is a special section on a hard disk drive that contains information about its partitions and is used during the system startup operation. “Compromising the MBR offers an attacker a wide variety of control, persistence, and deep penetration,” the McAfee researchers said in the report.

The MBR attacks seen during the first quarter involved malware like StealthMBR, also known as Mebroot; Tidserv, also known as Alureon, TDSS and TDL; Cidox and Shamoon, they said.

Source

Will Arm/Atom CPUs Replace Xeon/Opteron?

Analyst are saying that smartphone chips could one day replace the Xeon and Opteron processors used in most of the world’s top supercomputers. In a paper in a paper titled “Are mobile processors ready for HPC?” researchers at the Barcelona Supercomputing Center wrote that less expensive chips bumping out faster but higher-priced processors in high-performance systems.

In 1993, the list of the world’s fastest supercomputers, known as the Top500, was dominated by systems based on vector processors. They were nudged out by less expensive RISC processors. RISC chips were eventually replaced by cheaper commodity processors like Intel’s Xeon and AMD Opteron and now mobile chips are likely to take over.

The transitions had a common thread, the researchers wrote: Microprocessors killed the vector supercomputers because they were “significantly cheaper and greener,” the report said. At the moment low-power chips based on designs ARM fit the bill, but Intel is likely to catch up so it is not likely to mean the death of x86.

The report compared Samsung’s 1.7GHz dual-core Exynos 5250, Nvidia’s 1.3GHz quad-core Tegra 3 and Intel’s 2.4GHz quad-core Core i7-2760QM – which is a desktop chip, rather than a server chip. The researchers said they found that ARM processors were more power-efficient on single-core performance than the Intel processor, and that ARM chips can scale effectively in HPC environments. On a multi-core basis, the ARM chips were as efficient as Intel x86 chips at the same clock frequency, but Intel was more efficient at the highest performance level, the researchers said.

Source

Google Updates It’s SSL Certificate

Google has announced plans to upgrade its Secure Sockets Layer (SSL) certificates to 2048-bit keys by the end of 2013 to strengthen its SSL implementation.

Announcing the news on a blog post today, Google’s director of information security engineering Stephen McHenry said it will begin switching to the new 2048-bit certificates on 1 August to ensure adequate time for a careful rollout before the end of the year.

“We’re also going to change the root certificate that signs all of our SSL certificates because it has a 1024-bit key,” McHenry said.

“Most client software won’t have any problems with either of these changes, but we know that some configurations will require some extra steps to avoid complications. This is more often true of client software embedded in devices such as certain types of phones, printers, set-top boxes, gaming consoles, and cameras.”

McHenry advised that for a smooth upgrade, client software that makes SSL connections to Google, for example, HTTPS must: “perform normal validation of the certificate chain; include a properly extensive set of root certificates contained […]; and support Subject Alternative Names (SANs)”.

He also recommended that clients support the Server Name Indication (SNI) extension because they might need to make an extra API call to set the hostname on an SSL connection.

He pointed out some of the problems that the change might trigger, and pointed to a FAQ addressing certificate changes, as well as instructions for developers on how to adapt to certificate changes.

F-secure’s security researcher Sean Sullivan advised, “By updating its SSL standards, Google will make it easier to spot forged certificates.

“Certificate authorities have been abused and/or hacked in the past. I imagine it will be more difficult to forge one of these upgraded certs. Therefore, users can have more confidence.”

Source

« Previous Page — Next Page »