Symantec Uncovers Advanced Spying Malware

An advanced malicious software application has been discovered that since 2008 was used to spy on private companies, governments, research institutes and individuals in 10 countries, anti virus software maker Symantec Corp said in a report on Sunday.

The Mountain View, California-based maker of Norton anti virus products said its research showed that a “nation state” was likely the developer of the malware called Regin, or Backdoor. Regin, but Symantec did not identify any countries or victims.

Symantec said Regin’s design “makes it highly suited for persistent, long-term surveillance operations against targets,” and was withdrawn in 2011 but resurfaced from 2013 onward.

The malware uses several “stealth” features “and even when its presence is detected, it is very difficult to ascertain what it is doing,” according to Symantec. It said “many components of Regin remain undiscovered and additional functionality and versions may exist.”

Almost half of all infections occurred at addresses of Internet service providers, the report said. It said the targets were customers of the companies rather than the companies themselves. About 28 percent of targets were in telecoms while other victims were in the energy, airline, hospitality and research sectors, Symantec said.

Symantec described the malware as having five stages, each “hidden and encrypted, with the exception of the first stage.” It said “each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.”

Regin also uses what is called a modular approach that allows it to load custom features tailored to targets, the same method applied in other malware, such as Flamer and Weevil (The Mask), the anti virus company said. Some of its features were also similar to Duqu malware, uncovered in September 2011 and related to a computer worm called Stuxnet, discovered the previous year.

Symantec said Russia and Saudi Arabia accounted for about half of the confirmed infections of the Regin malware and the other countries were Mexico, Ireland, India, Iran,Afghanistan, Belgium, Austria and Pakistan.

Source

Amazon Web Services Goes Zocalo

Amazon Web Services (AWS) has announced two much-needed boosts to its fledgling Zocalo productivity platform, making the service mobile and allowing for file capacities of up to 5TB.

The service, which is designed to do what Drive does for Google and what Office 365 does for software rental, has gained mobile apps for the first time as Zocalo appears on the Google Play store and Apple App Store.

Amazon also mentions availability on the Kindle store, but we’re not sure about that bit. We assume it means the Amazon App Store for Fire tablet users.

The AWS blog says that the apps allow the user to “work offline, make comments, and securely share documents while you are in the air or on the go.”

A second announcement brings Zocalo into line with the AWS S3 storage on which it is built. Users will receive an update to their Zocalo sync client which will enable file capacities up to 5TB, the same maximum allowed by the Amazon S3 cloud.

To facilitate this, multi-part uploads will allow users to carry on an upload from where it was after a break, deliberate or accidental.

Zocalo was launched in July as the fight for enterprise storage productivity hots up. The service can be trialled for 30 days free of charge, offering 200GB each for up to 50 users.

Rival services from companies including the aforementioned Microsoft and Google, as well as Dropbox and Box, coupled with aggressive price cuts across the sector, have led to burgeoning wars for the hearts and minds of IT managers as Microsoft’s Office monopoly begins to wane.

Source

Office 365 Goes Video Streaming

Microsoft unveiled Office 365 Video, a YouTube-like streaming service where enterprises and large organizations can post in-house video content for communication and training.

“Office 365 Video provides organizations with a secure, company-wide destination for posting, sharing and discovering video content,” said Mark Kashman, a senior product manager with the Office 365 team, in a blog posting.

Kashman touted Video as a tool for internal communications, citing the examples of new-employee orientation, management messaging and worker training. Employees will also be able to contribute to a “Community” section, though most companies will probably frown on cat antic clips.

The service rolls out over the next few days to companies that have registered for Office 365′s First Release early distribution program, then through early 2015 to others.

Video will be available only to subscribers of Office 365′s plans for enterprises — E1 through E4 — and universities (A2 through A4). It will not be offered to consumer subscribers or firms with small business-oriented plans like Business Essentials, Business and Business Premium.

Kashman also said Office 365 plans for government agencies will get Video at some point, but he did not proffer a timeline.

The other requirement is SharePoint Online, an off-premises component of the enterprise and academic plans, but missing from the increasingly popular Office 365 ProPlus, the rent-not-buy plan used by organizations that have decided to retain their back-end services, like SharePoint and Exchange, on premises.

Although Office 365 Video has elements of consumer streaming services like Google’s YouTube, it’s strictly an in-house affair: It will be available only to employees, and then only those whom IT administrators have assigned access rights.

Source

Should Encryption Be The Norm?

Encryption should be a matter of priority and used by default. That’s the message from the Internet Architecture Board (IAB), the worldwide body in charge of the internet’s technology infrastructure.

The IAB warned in a statement that “the capabilities and activities of attackers are greater and more pervasive than previously known”.

It goes on to say: “The IAB urges protocol designers to design for confidential operation by default. We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default.

“We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic.”

The purpose, the IAB claims, is to instill public trust in the internet after the myriad high-profile cases in which computer traffic has been intercepted, ranging from bank details to email addresses and all points in between.

The news will be unwelcome to the security services, which have repeatedly objected to initiatives such as the default encryption in iOS8 and Android L, claiming that it is in the interest of the population to retain the right to intercept data for the prevention of terrorism.

However, leaked information, mostly from files appropriated by rogue NSA contractor Edward Snowden, suggests that the right of information interception is abused by security services including the UK’s GCHQ.

These allegations include the collection of irrelevant data, the investigation of cold cases not in the public interest, and the passing of pictures of nude ladies to colleagues.

Source

Amazon Intel Zeon Inside

Amazon has become the latest vendor to commission a customized Xeon chip from Intel to meet its exact compute requirements, in this case powering new high-performance C4 virtual machine instances on the AWS cloud computing platform.

Amazon announced at the firm’s AWS re:Invent conference in Las Vegas that the latest generation of compute-optimized Amazon Elastic Compute Cloud (EC2) virtual machine instances offer up to 36 virtual CPUs and 60GB of memory.

“These instances are designed to deliver the highest level of processor performance on EC2. If you’ve got the workload, we’ve got the instance,” said AWS chief evangelist Jeff Barr, detailing the new instances on the AWS blog.

The instances are powered by a custom version of Intel’s latest Xeon E5 v3 processor family, identified by Amazon as the Xeon E5-2666 v3. This runs at a base speed of 2.9GHz, and can achieve clock speeds as high as 3.5GHz with Turbo boost.

Amazon is not the first company to commission a customized processor from Intel. Earlier this year, Oracle unveiled new Sun Server X4-4 and Sun Server X4-8 systems with a custom Xeon E7 v2 processor.

The processor is capable of dynamically switching core count, clock frequency and power consumption without the need for a system level reboot, in order to deliver an elastic compute capability that adapts to the demands of the workload.

However, these are just the vendors that have gone public; Intel claims it is delivering over 35 customized versions of the Intel Xeon E5 v3 processor family to various customers.

This is an area the chipmaker seems to be keen on pursuing, especially with companies like cloud service providers that purchase a great many chips.

“We’re really excited to be working with Amazon. Amazon’s platform is the landing zone for a lot of new software development and it’s really exciting to partner with those guys on a SKU that really meets their needs,” said Dave Hill, ‎senior systems engineer in Intel’s Datacenter Group.

Also at AWS re:Invent, Amazon announced the Amazon EC2 Container Service, adding support for Docker on its cloud platform.

Currently available as a preview, the EC2 Container Service is designed to make it easy to run and manage distributed applications on AWS using containers.

Customers will be able to start, stop and manage thousands of containers in seconds, scaling from one container to hundreds of thousands across a managed cluster of Amazon EC2 instances, the firm said.

Source

Self-Healing Software On The Way

Researchers at the University of Utah have developed self-healing software that detects, expunges and protects against malware in virtual machines.

Called Advanced Adaptive Applications (A3), the software suite was created in collaboration with US defence contractor Raytheon BBN over a period of four years.

It was funded by DARPA through its Clean-Slate Design of Resilient, Adaptive, Secure Hosts programme, and was completed in September, Science Daily reported on Thursday.

A3 features “stackable debuggers”, a number of debugging applications that cooperate to monitor virtual machines for indications of unusual behaviour.

Instead of checking computer object code against a catalogue of known viruses and other malware, the A3 software suite can detect the operation of malicious code heuristically, based on the types of function it attempts.

Once the A3 software detects malicious code, it can apparently suspend the offending process or thread – stopping it in its tracks – repair the damage and remove it from the virtual machine environment, and learn to recognise that piece of malware to prevent it entering the system again.

The self-healing software was developed for military applications to support cyber security for mission-critical systems, but it could also be useful in commercial web hosting and cloud computing operations.

If malware gets into such systems, A3 software could detect and repair the attack within minutes.

The university and Raytheon demonstrated the A3 software suite to DARPA in September by testing it against the notorious Shellshock exploit known as the Bash Bug.

A3 detected and repaired the Shellshock attack on a web server within four minutes. The project team also tested A3 successfully on another six examples of malware.

Eric Eide, the research associate professor of computer science who led the A3 project team along with computer science associate professor John Regehr, said: “It’s pretty cool when you can pick the Bug of the Week and it works.”

The A3 self-healing software suite is open source, so it’s free for anyone to use, and the university researchers would like to extend its applicability to cloud computing environments and, perhaps eventually, end-user computing.

Professor Eide said: “A3 technologies could find their way into consumer products someday, which would help consumer devices protect themselves against fast-spreading malware or internal corruption of software components. But we haven’t tried those experiments yet.”

Source

Oracle And SAP Settle Piracy Dispute

Oracle has won a limited victory in its long-running lawsuit with rival SAP.

The action was taken in reference to events dating back to 2007, which saw employees of SAP’s TomorrowNow unit accused of illegally downloading Oracle software.

German company TomorrowNow was bought by SAP as a means to undercut Oracle’s internal tech support rates, with the ambition of getting customers to migrate to SAP solutions, reports Reuters.

In 2006, TomorrowNow started the process of undermining its parent’s position, offering cut-price support to users of the Siebel database and CRM.

Oracle was originally awarded $1.3bn back in 2010, but this was adjusted downwards on multiple appeals.

SAP acknowledged that its employees had been in the wrong, but disputed the damages awarded. SAP offered a $306m payment in 2012, but did so more in hope than expectation given its admissions.

Earlier in the year, a federal judge gave Oracle the option to settle for $356.7m or force a retrial, and the company has now decided on the former with a further $2.5m in interest.

“We are thrilled about this landmark recovery and extremely gratified that our efforts to protect innovation and our shareholders’ interests are duly rewarded,” said Oracle’s general counsel Dorian Daley.

“This sends a strong message to those who would prefer to cheat than compete fairly and legally.”

SAP agreed: “We are also pleased that, overall, the courts hearing this case ultimately accepted SAP’s arguments to limit Oracle’s excessive damages claims and that Oracle has finally chosen to end this matter.”

SAP announced a partnership with IBM last month to bring its HANA service to enterprise cloud users.

Source

New Data Suggest IT Hiring Increasing

Whenever IT hiring increases, as it did last month, the default explanation from analysts is this: The economy is improving.

That might be true, and it may well explain the U.S. Department of Labor’s report today that showed the U.S., overall, added 214,000 jobs last month.

Of that total employment gain, IT hiring grew by 7,800 jobs in October, compared with a gain of 6,900 jobs in September, according to TechServe Alliance, an IT industry group.

Another IT labor analyst group, Janco Associates, calculated last month’s IT gains at 9,500 jobs.

Government data can be reported in different ways, depending on which job categories are included in the IT job estimates, and it is why analysts report job numbers differently.

Hiring trends are also affected by Labor Department adjustments, and the government’s adjusted data adds nearly 25,000 telecom jobs over the past two months, according to Janco. Because of this adjustment, Janco termed the recent growth in IT over the past several months “explosive,” while TechServe put last month’s results as “modestly stronger.”

There is no one reason for October’s gain. An improving economy may be at the heart of any answer. Independent of the government numbers, Computer Economics, in a recent report on contingent versus full-time hiring, said it is seeing a drop in the use of contract workers at large companies and more reliance on full-time workers, which is a sign of an improving economy.

Source

Silk Road 2.0 Shutdown

U.S. governmnent authorities said they have shut down the successor website to Silk Road, an underground online drug marketplace, and charged its alleged operator with conspiracy to commit drug trafficking, computer hacking, money laundering and other crimes.

Blake Benthall, 26, was arrested last Wednesday in San Francisco and was expected to make an initial court appearance in federal court there later on Thursday.

The charges against Benthall carry a maximum sentence of life in prison.

A lawyer for Benthall could not immediately be identified.

Silk Road 2.0 was launched late last year, weeks after authorities had shuttered the original Silk Road website in October and arrested its alleged owner, Ross Ulbricht, who went by the online alias, Dread Pirate Roberts.

“Let’s be clear – this Silk Road, in whatever form, is the road to prison,” Manhattan U.S. Attorney Preet Bharara, whose office is prosecuting both cases, said in a statement.

Benthall, known as “Defcon” online, became the operator of Silk Road 2.0 in December, one month after an unnamed co-conspirator launched the site, according to prosecutors.

Silk Road 2.0 provided an online bazaar where users across the world could buy and sell drugs, computer hacking tools and other illicit items, using the digital currency Bitcoin as payment, authorities said.

As of September, the site was generating at least $8 million a month in sales, they said.

The government’s investigation included an undercover agent who was able to infiltrate the administrative staff of the website and interact directly with Benthall, prosecutors said.

Ulbricht, 30, has pleaded not guilty and is scheduled for trial in New York in January.

Source

Intel Opens Up Core M

Intel has extended its Core M range of fanless mobile chips by adding four models to the three initial Core M processors launched at the IFA trade show in September.

Like those first fanless models, Intel’s new Core M processors are dual-core chips that support Hyperthreading in up to four threads and have thermal design power (TDP) ratings of 4.5W.

They’re faster than the initial Core M chips, with base clock speeds ranging from 800MHz to 1.2GHz and Turbo Boost speeds from 2GHz to 2.9GHz.

The firm’s initial Core M chips were also rated at 4.5W TDP but topped out at 1.1GHz and 2.6GHz under Turbo Boost.

These additional fanless mobile chips are configurable by system designers, in that OEMs can scale the chip speeds and power consumption up or down depending on the purpose and configuration of the device.

A compact tablet or notebook can conserve power by limiting processor speed, while a larger device can offer higher speed at the cost of higher power draw and heat.

Thus, these new Core M chips can be configured from 600MHz base clock speed and 3.5W TDP to 1.4GHz base clock speed and 6W TDP in the fastest model.

Intel has also boosted the integrated graphics processors in these latest Core M chips, offering GPU base clock speeds ranging from 300MHz to 900MHz, whereas the initial models supported 100MHz to 850MHz.

The detailed specifications of all of Intel’s Core M mobile processors are available on the firm’s website.

Intel said that these new fanless Core M processors will start hitting the market early next year.

Source

« Previous Page — Next Page »