Did A Hacker OD?

Top hacker Barnaby Jack died from mixing too many drugs in one session, a coroner’s report shows. Kiwi-born Jack was supposed to give a talk at a security conference when he was found dead in his bed.

Conspiracy nuts raised an eyebrow or two when it was revealed that Jack’s death occurred shortly before he was due to demonstrate how heart implants could be hacked at the Black Hat security conference in Las Vegas. He did not have a mark on him and showed no signs of trauma. However, now a coroner’s report has shown that Jack had a mix of heroin, cocaine and prescription drugs in his system. And he died of “acute mixed drug intoxication.”

Jack rose to fame after a 2010 demonstration, in which he hacked a cash machine, making it give out money. Jack’s girlfriend had found him lying in bed unresponsive, with “multiple bottles of beer and champagne” in the rubbish bin, so it must have been a hell of a night.

Source

Yahoo Spreading Malware?

Some advertisements on Yahoo Inc’s European websites last week spread malicious software, Yahoo said on Sunday, potentially infecting the computers of thousands of users.

Last Friday, Fox-IT, a Delft, Netherlands-based computer security firm, wrote in a blog that attackers had inserted malicious ads served by ads.yahoo.com.

In a recently released statement, a Yahoo spokesman, said: “On Friday, January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware.” Yahoo said it promptly removed the bad ads, and that users of Mac computers and mobile devices were not affected.

Malware is software used to disrupt a computer’s operations, gather sensitive information, or gain access to private computer systems.

Fox-IT estimated that on Friday, the malware was being delivered to approximately 300,000 users per hour, leading to about 27,000 infections per hour. The countries with the most affected users were Romania, Britain, and France.

“It is unclear which specific group is behind this attack, but the attackers are clearly financially motivated and seem to offer services to other actors,” Fox-IT wrote in the January 3 blog post.

Source

Mozilla Delays Touch Browser

Mozilla has again delayed the release date for a touch-enabled version of Firefox that will run in Windows 8′s “Modern” user interface (UI), with the new target in mid-March.

Ship estimates for the browser have been fluid, to put it mildly. In August, the open-source developer pegged December 2013 as the target for the “Metro-ized” version of Firefox. In September, Mozilla said it was hoping to bundle Firefox Metro with the Windows edition of Firefox 27, slated for release on Feb. 4.

Metro was the name Microsoft once applied to the radical UI of Windows 8, but the company ditched the moniker in 2012 over a trademark dispute with a German retailer.

The newest information from Mozilla, however, has tapped March 18, when Firefox 28 is to ship, as the projected release of the browser.

Although a preview of Firefox Metro was bundled with the Aurora build of Firefox more than three months ago — and is currently in Aurora for Firefox 28 — it has not yet been promoted to the next channel, Beta, which is the precursor to Release. Mozilla has set a Jan. 31 deadline for deciding whether the touch browser is ready to add to Firefox 28 Beta.

Mozilla started work on a Metro edition of Firefox in March 2012. It shipped a rough preview in October 2012, several weeks before Microsoft launched Windows 8. At that time, Mozilla’s schedule said the Firefox app might appear as early as January 2013. In May 2013, however, the company said its developers would complete Firefox for Modern between Oct. 2, 2013, and March 20, 2014, with mid-November the likeliest date.

If Mozilla makes the targeted March 18 release, it will have spent two years crafting the browser, which will have shipped 17 months after the retail debut of Windows 8.

Although Mozilla has said it’s important that it have a Metro-ready browser to remain competitive — and Windows 8′s and Windows 8.1′s user share has climbed above the 10% mark– it’s unclear what percentage of those PC and tablet owners spend serious time in the UI, as opposed to the traditional Windows desktop.

Mozilla is also discussing a name for the browser, which was code named “Firefox Metro” during development and later was saddled with the label “Windows 8-style Firefox.”

One suggestion, forwarded by a Mozilla user experience designer, has been “Firefox Touch,” which got nods of approval from others in a Mozilla planning message forum.

“‘Windows 8-style Firefox’ is too long and already doesn’t make perfect sense with Windows 8.1 released, but will make less sense when Windows 9 comes out,” noted Brian Bondy, a Firefox platform engineer who has led the work on the Metro version. “I like Firefox Touch and I think we should go with that. It’s a product designed above all else for touch.”

Some, however, objected to labeling the browser as “Firefox Touch,” pointing out that that would downplay the Android browser Mozilla maintains, which is also touch-enabled.

“I agree with Jim that it should be simply Firefox, and that differentiation happens at the point of download,” countered Peter Scanlon, Mozilla’s acting chief marketing officer, in another message to the same discussion forum.

Source

nVidia Pays Up

Nvidia has agreed to pay any Canadian who had the misfortune to buy a certain laptop computer made by Apple, Compaq, Dell, HP, or Sony between November 2005 and February 2010. Apparently these models contained a dodgy graphics card which was not fixed for five years.

Under a settlement approved by the court Nvidia will pay $1,900,000 into a fund for anyone who might have bought a faulty card. The Settlement Agreement provides partial cash reimbursement of the purchase price and you have to submit a claim by February 25, 2014. You will know if your Nvidia card was faulty because your machine would have a distorted or scrambled video, or no video on the screen even when the computer is on. There would be random characters, lines or garbled images – a bit like watching one of the Twilight series. There will be intermittent video issues or a failure to detect wireless adaptor or wireless networks.

The amount of compensation will be determined by the Claims Administrator who will apply a compensation grid and settlement administration guidelines. Cash compensation will also be provided for total loss of use based on the age of the computer; temporary loss of use having regard to the nature and duration of the loss of use; and reimbursement for out-of-pocket expenses caused by Qualifying Symptoms to an Affected Computer.

Source

Will Businesses Accept The Chromebook?

Sales of Chromebooks enjoyed rapid growth,going from basically nothing in 2012 to more than 20 percent of the U.S. commercial PC market, analyst firm NPD reported, while Windows PCs and Macs remained flat at best.

NPD estimated that, throughout all of 2013, 14.4 million desktops, notebooks, and tablets were sold through U.S. commercial channels, typically resellers. That compares to 16.4 million PCs, overall, sold in the U.S. during the third quarter alone–excluding tablets, according to IDC. All told, about 46.2 million PCs have been sold in the U.S. during 2013, IDC found.

Within that segment, however, NPD reported some intriguing findings. Chromebooks, once largely the province of Acer and Samsung, have been embraced by Dell, HP, and others–not the least of which are paying customers. In 2012, Chromebook sales were “negligible,” NPD reported. But in the space of a single year, they climbed to 21 percent, NPD found, helping push overall notebook PC growth up by 28.9 percent.

Windows notebooks, however, contributed nothing to that, as NPD found that growth was flat. Worse still, Macs actually declined, with combined sales of desktops and notebooks falling by 7 percent. Windows tablet sales tripled, albeit off what NPD called “a very small base”.

The message? Businesses are turning to the Web, which Chromebooks almost exclusively run. And those low-cost, Net-focused devices are becoming engines of productivity. As a result, they’re receiving validation from traditional PC vendors including Acer, Asus, Dell, and Hewlett-Packard, plus Google’s own Pixel.

“The market for personal computing devices in commercial markets continues to shift and change,” saidA Stephen Baker, vice president of industry analysis at NPD, in a statement.A “New products like Chromebooks, and reimagined items like Windows tablets, are now supplementing the revitalization that iPads started in personal computing devices. It is no accident that we are seeing the fruits of this change in the commercial markets as business and institutional buyers exploit the flexibility inherent in the new range of choices now open to them.”

Naturally, tablet sales continued to explode, capturing 22 percent(or about 3.16 million units) of all the computing device sales sold through the U.S. channel. Of all tablets sold commercially, iPads dominated with 59 percent of all unit sales, leaving the rest to Android (which grew more than 160 percent) and Windows.

Baker said that diversity will be key to the future success of hardware makers, a signpost for what vendors might release at 2014 and the weeks and months following.

Source

Is The Tech Industry Going Independent?

The tech industry is undergoing a shift toward a more independent, contingent IT workforce. And while that trend might not be cause for alarm for retiring baby boomer IT professionals, it could mean younger and mid-career workers need to prepare to make a living solo.

About 18% of all IT workers today are self-employed, according to an analysis by Emergent Research, a firm focused on small businesses trends. This independent IT workforce is growing at the rate of about 7% per year, which is faster than the overall growth rate for independent workers generally, at 5.5%.

The definition of independent workers covers people who work at least 15 hours a week.

Steve King, a partner at Emergent, said the growth in independent workers is being driven by companies that want to stay ahead of change, and can bring in workers with the right skills. “In today’s world, change is happening so quickly that everyone is trying to figure out how to be more flexible and agile, cut fixed costs and move to variable costs,” said King. “Unfortunately, people are viewed as a fixed cost.”

King worked with MBO Partners to produce a recent study that estimated the entire independent worker headcount in the U.S., for all occupations, at 17.7 million. They also estimate that around one million of them are IT professionals.

A separate analysis by research firm Computer Economics finds a similar trend. Over the last two years, there has been a spike in the use of contract labor among large IT organizations — firms with IT operational budgets of more than $20 million, according to John Longwell, vice president of research at Computer Economics.

This year, contract workers make up 15% of a typical large organization’s IT staff at the median. This is up from a median of just 6% in 2011, said Longwell. The last time there was a similar increase in contract workers was in 1998, during the dot.com boom and the run-up to Y2K remediation efforts. Computer Economics recently published a research brief on the topic.

“The difference now is that use of contract or temporary workers is not being driven by a boom, but rather by a reluctance to hire permanent workers as the economy improves,” Longwell said.

Computer Economics expects large IT organizations to step up hiring in 2014, which may cause the percentage of contract workers to decline back to a more normal 10% level. But, Longwell cautioned, it’s not clear whether that new hiring will be involve full-time employees or even more contract labor.

Source

Cryptolocker Infects 250K Systems

DELL’s security research team has revealed that a new form of ransomware, dubbed “Cryptolocker” has managed to infect up to 250,000 devices, stealing almost a million dollars in Bitcoins.

“Based on the presented evidence, researchers estimate that 200,000 to 250,000 systems were infected globally in the first 100 days of the CryptoLocker threat,” Dell announced in a Secureworks post.

The firm worked out that if the Cryptolocker ransomware threat actors had sold its 1,216 total Bitcoins (BTC) that they collected from September this year, immediately upon receiving them, they would have earned nearly $380,000.

“If they elected to hold these ransoms, they would be worth nearly $980,000 as of this publication based on the current weighted price of $804/BTC,” Dell said.

Cryptolocker is unique when compared against your average ransomware. Instead of using a custom cryptographic implementation like many other malware families, Cryptolocker uses third-party certified cryptography offered by Microsoft’s CryptoAPI.

“By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent,” Dell said.

Conventionally, ransomware prevents victims from using their computers normally and uses social engineering to convince them that failing to follow the malware authors’ instructions will lead to real-world consequences. These consequences, such as owing a fine or facing arrest and prosecution, are presented as being the result of a fabricated indiscretion such as pirating music or downloading illegal pornography.

“Victims of traditional forms of ransomware could ignore the demands and use security software to unlock the system and remove the offending malware,” Dell explained. “Cryptolocker changes this dynamic by aggressively encrypting files on the victim’s system and returning control of the files to the victim only after the ransom is paid.”

Dell said that the earliest samples of Cryptolocker appear to have been released on 5 September this year. However, details about its initial distribution phase are unclear.

“It appears the samples were downloaded from a compromised website located in the United States, either by a version of Cryptolocker that has not been analysed as of this publication, or by a custom downloader created by the same authors,” Dell added.

Dell seems to think that early versions of Cryptolocker were distributed through spam emails targeting business professionals as opposed to home internet users, with the lure often being a ‘consumer complaint’ against the email recipient or their organisation.

Attached to these emails would be a ZIP archive with a random alphabetical filename containing 13 to 17 characters, containing a single executable with the same filename as the ZIP archive but with an EXE extension, so keep your eye out for emails that fit this description.

Source

FTC Pushes For Security Standards

Despite growing resentment from companies and powerful industry groups, the Federal Trade Commission continues to insist that it wants to be the nation’s enforcer of data security standards.

The FTC, over the past years, has gone after companies that have suffered data breaches, citing the authority granted to it under a section of the FTC Act that prohibits “unfair” and “deceptive” trade practices. The FTC extracted stiff penalties from some companies by arguing that their failure to properly protect customer data represented an unfair and deceptive trade practice.

On Thursday, FTC Chairwoman Edith Ramirez called for legislation that would bestow the agency with more formal authority to go after breached entities.

“I’d like to see FTC be the enforcer,” Law360 quoted Ramirez as saying at a privacy event organized by the National Consumers League in Washington. “If you have FTC enforcement along with state concurrent jurisdiction to enforce, I think that would be an absolute benefit, and I think it’s something we’ve continued to push for.”

According to Ramirez, the FTC supports a federal data-breach notification law that would also give it the authority to penalize companies for data breaches. In separate comments at the same event, FTC counsel Betsy Broder reportedly noted that the FTC’s enforcement actions stem from the continuing failure of some companies to adequately protect data in their custody.

“FTC keeps bringing data security cases because companies keep neglecting to employ the most reasonable off-the-shelf, commonly available security measures for their systems,” Law360 quoted Broder as saying.

An FTC spokeswoman was unable to immediately confirm the comments made by Ramirez and Broder but said the sentiments expressed in the Law360 story accurately describe the FTC’s position on enforcement authority.

The comments by the senior officials come amid heightening protests against what some see as the FTC overstepping its authority by going after companies that have suffered data breaches.

Over the past several years, the agency has filed complaints against dozens of companies and extracted costly settlements from many of them for data breaches. In 2006 for instance, the FTC imposed a $10 million fine on data aggregator ChoicePoint, and more recently, online gaming company RockYou paid the agency $250,000 to settle data breach related charges.

Source

Did Intel Have an IPad In Y2K?

Intel apparently built an IPAD ten years before Steve Jobs though of the tablet and the name. It was in the days when sticking an I in front of anything meant it was Intel rather than Apple and the Intel Pad, or IPAD for short, could browse the Internet, play music and videos, and even act as a digital picture frame.

Intel scrapped the IPAD before consumers could get their hands on it as its move into Tablets was seen as one of the outfit’s biggest blunders. According to CNET in the late 1990s and early 2000s, Intel wanted to diversify its operations beyond the PC. The IPAD came from one of several small teams within its research arm tasked with exploring new business opportunities. The IPAD, which included a touch screen and stylus, would not run entirely on its own but connected to a computer to browse the Internet through an Intel wireless technology.

Intel thought that “mobility” meant moving around your home or business and the IPAD was to be a portable device you could take around your house. The reason that they never thought of connecting it to the phone network was because Intel wanted to tie it all back to its core PC chip business. After several years of development on the Intel Web Tablet, then-CEO Craig Barrett unveiled the device at the Consumer Electronics Show in January 2001. The company planned to sell the tablet to consumers later that year.

Sadly though it miffed Intel’s PC partners, which didn’t want a product that could potentially compete with them and Intel caved in and cancelled the project.

Source

Bluetooth 4.1 Goes IPV6

The Bluetooth Special Interest Group (SIG) has announced Bluetooth 4.1, the first version of Bluetooth to lay the foundations for IPV6 capability.

The first hints of what the Bluetooth SIG had planned for this new version were revealed to The INQUIRER in October during our exclusive interview with Steve Hegenderfer at Appsworld. There, he revealed his aspirations for the Bluetooth protocol to become integral to the Internet of Things.

At the front end of Bluetooth 4.1, the biggest change for users is that the retry duration for lost devices has been increased to a full three minutes, so if you wander off with your wireless headphones still on, there’s more of a chance of being able to seamlessly carry on listening upon your return.

Behind the scenes, devices fitted with Bluetooth 4.1 will be able to act as both hub and end point. The advantage of this is that multiple devices can share information between them without going via the host device, so your smartwatch can talk to your heart monitor and send the combined data in a single transmission to your smartphone.

This sort of “pooling” of devices represents an “extranet of things”, and the technology can therefore be applied to a wider area in forming the “Internet of Things” too.

The other major additions are better isolation techniques to ensure that Bluetooth, which broadcasts on an unregulated band, doesn’t interfere either with itself or with signals from other protocols broadcasting at similar frequencies, including WiFi.

The Bluetooth protocol has retained complete backwards compatibility, so a new Bluetooth 4.1 enabled device will work seamlessly with a Bluetooth 1.0 dongle bought in a pound shop.

In addition, Bluetooth 4.0 devices can be Bluetooth 4.1 enabled through patches, so we should see some Bluetooth 4.1 enabled hardware arrive early in 2014.

Source

« Previous Page — Next Page »