Thursday, November 24, 2011

Black Friday iTunes malware alert

24 November 2011 Last updated at 14:43 ET

Criminals are targeting internet users with a new gift certificate scam, according to security experts.

Users receive an email that claims to be from Apple's iTunes store, warns the Eleven security blog.

The ZIP file attached contains malware that may allow hackers to gain access to the recipient's computer.

The blog says the attack appears to have been timed to coincide with Black Friday, one of the US's busiest shopping days.

Black Friday was the name used by Philadelphia's police department in the 1960s to describe the day after Thanksgiving because of all the traffic jams caused by people visiting the city's stores.

It is now viewed by many retailers as the start of the Christmas shopping season. They mark the day with one-off discounts and other special offers.

Eleven says the period has become one of the most popular times for internet scammers to target users.

Infected offer

The security firm says that users are told they have been sent $50 (�32) of iTunes store credit and need to open an attached file to find out their certificate code.

The file contains a program known as Mal/BredoZp-B.

PCthreat.com says the software opens up a backdoor on the users' computers and may also capture passwords and other information.

It says the code may also slow down the infected computer's performance and make files disappear.

The malware can be removed with the use of anti-spyware tools.

Facebook phishing

Security adviser Sophos warns of a separate threat linked to Facebook.

It says users are receiving emails claiming that they have violated the social network's policy regulations by annoying or insulting other members.

An attached link take users to a web page that presents them with a fake "Facebook Account Disabled" form.

The firm says that members are then asked to fill in a series of forms requesting their login details, country of residence and the first six digits of their credit card number.

If the users refuse they are told their account will be blocked automatically.

"New day, new attempt," writes Sophos's security writer Lisa Vaas on the company's blog.

"All these phishing scams boil down to a naked grab for your account details. Remember, neither Facebook nor other reputable social media sites would ask for this information."



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement
Posted by News Maker at 3:12 PM 0 comments

Cyborg insect power breakthrough

Efforts to create an army of cyborg insects are being pursued by a team of US-based engineers.

The group is investigating ways to harvest energy from the creatures to power sensors and other equipment fastened to their bodies.

The team has created an energy scavenging device that is attached close to the insects' wings.

It suggested the creatures might one day be used to aid search-and-rescue operations and surveillance.

The University of Michigan team of engineers published their study in the Journal of Micromechanics and Microengineering.

Power source

The report noted that, despite major advances in micro-air-vehicle technology, no-one had been able to match the aerodynamic performance and manoeuvring capability of insects.

However, it said that if insects were to be equipped with control mechanisms and other add-on kit, the equipment would require a power source.

The team rejected the idea of using miniature solar panels because they would be dependent on available light. So the group decided to develop a vibration energy collector.

The resulting device consists of a tiny three-layered spiral generator.

The outer two layers are made up of PZT-5H - a ceramic substance that produces an electrical charge when mechanical stress is applied. An inner layer of brass provides reinforcement.

Muscle power

The researchers used Green June Beetles to determine the best place to locate the device.

They identified the wings as the most promising power source.

However, the creatures' wing membranes were not rigid or strong enough to support the device, and it also made them less aerodynamic. So the team focussed, instead, on the animals' wing muscle.

The engineers ultimately decided to attach two of the spiral beams to each beetle's thorax. The end of each coil extended out to touch a hardened part of the insect's body close to its wing base where it could pick up energy.

The two devices weighed less than 0.2 grams and generated 45 microwatts of power during flight.

Cyborgs

The researchers suggested that the devices could eventually become the power source for a race of remote controlled cyborg insects with neural electrodes implants, communications equipment, microphones and other sensors.

The team suggested the creatures could wear the equipment in tiny "backpacks".

The animals could then be released into dangerous or hard-to-access locations after an accident has occurred. The information they gathered could be beamed back to the emergency services to help prepare a response.

They said the creatures could usher in "a new era for search-and-rescue operations, surveillance, monitoring of hazardous substances, and detection of explosives".

This is not the first time researchers have tried to work out how to turn animals into remote-controlled automatons.

The report's authors noted experiments to control rats through the parts of their brains related to their whiskers, an attempt to direct sharks by stimulating the part of their brain linked to their sense of smell and research into the locomotion control of cockroaches.

The team also noted that a previous attempt to harvest vibration energy from moths had failed because the 1.28g weight of the device involved proved too heavy for the insects to carry.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement
Posted by News Maker at 2:42 PM 0 comments

Google, Samsung confirm Nexus bug

24 November 2011 Last updated at 06:29 ET

Google and Samsung have confirmed that there are volume issues with their flagship mobile phone the Galaxy Nexus.

It follows complaints on net forums about unexplained changes in volume.

The handset, the first to feature Google's operating system Android Ice Cream Sandwich, is currently available in the UK and is due to go on sale in the US in December.

Samsung said that it is aware of the problem and will offer a repair but did not say when.

"Regarding the Galaxy Nexus, we are aware of the volume issue and have developed a fix," Samsung said in a statement. "We will update devices as soon as possible."

Google issued an almost identical statement.

Silent alarm

Posting on Google's Android user forum Damian M summed up the problem many seem to be experiencing: "Volume drops to nothing seemingly at random, volume rocker becomes unresponsive for a few seconds," he said.

Some users reported that the issues became worse when using the 2G network. Others complained that they were unable to rely on the device.

"Had this problem since buying the phone on the 17 Nov. Happened so far on 3G, wifi and using the sat nav. It also happened this morning again when my alarm went off," wrote one user nicknamed Stuartea.

"I was already awake and had not touched the phone yet, the alarm sounded for a second and then went silent. Thought that was weird so checked the phone and the volume was down. I can't trust the alarm to wake me up now for work!"

It is unclear at this stage whether the issues are caused by hardware or software faults.

Rivalry

The problem comes as Apple rushes to fix a bug in its new operating system iOS 5.

Users complain that iPhone batteries are running down too quickly.

An initial software patch issued by Apple to solve the problem has not appeared to have helped.

Apple and Samsung are engaged in a fierce rivalry for market share.

Research from Strategy Analytics suggested that Samsung had overtaken Apple to become the world's biggest shipper of smartphones between July and September.

The study said that the South Korean firm had shipped 27.8 million smartphones in the three-month period, compared with 17.1 million from Apple and 16.8 million from Nokia.

Meanwhile, Samsung and Apple remain locked in intellectual property disputes around the world. Both are trying to ban sales of each other's products.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement
Posted by News Maker at 6:34 AM 0 comments

HTC shares plunge on growth cut

23 November 2011 Last updated at 21:31 ET

Shares of smartphone maker HTC have fallen by 7%, the maximum allowed in one day, after the company cut its growth forecast.

Taiwan-based HTC said on Wednesday that it expected revenues for the final three months of 2011 to be little changed from a year earlier.

The firm had earlier forecast growth of 20% to 30%.

HTC, the world's fourth-biggest smartphone brand, blamed increased competition and weakening demand.

Analysts and the markets were surprised by the statement filed with the Taiwan Stock Exchange.

"This new guidance takes us by complete surprise and is at odds with recent discussions we have had with distribution channels, especially in Europe," said Sanford Bernstein from Pierre Ferragu in a note to clients.

In October, the company had warned that fourth quarter revenue was slowing, predicting 125bn to 135bn New Taiwan dollars ($4.1bn-$4.4bn; �2.6bn-$2.9bn), compared with T$135.8bn in the previous three months.

Although HTC did not give a specific forecast for Wednesday's further downward revision, it said it predicted no growth compared to the same period last year. HTC's revenue in the last three months of 2010 was T$104bn.

Analysts said the grim outlook could be blamed on lack of new products to compete with an expansion in Apple's distribution channels in the US.

However, the company said it expected a pick up in revenue in the first half of 2012.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement
Posted by News Maker at 5:03 AM 0 comments

Firms 'not ready for IT failure'

23 November 2011 Last updated at 23:41 ET

Almost three-quarters of firms and public sector organisations across nine European countries may not fully recover their computer systems or data after an IT failure, a survey suggests.

The report by IT group EMC said 74% were "not very confident" they could fully restore their networks.

It also found that 54% admitted they had lost data or suffered systems downtime in the past 12 months.

A total 1,750 IT bosses in countries including the UK were questioned.

The other countries covered in the survey were Germany, France, Italy, Spain, Belgium, Netherlands, Luxembourg and Russia.

EMC said firms needed to put more focus on backup and recovery systems.

Its report found that the most common cause of data loss and downtime was hardware failure, followed by power outage and software malfunction.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement
Posted by News Maker at 4:33 AM 0 comments

Wednesday, November 23, 2011

FBI downplays water supply 'hack'

23 November 2011 Last updated at 08:19 ET

US officials have cast doubt over reports that a water pump in Illinois was destroyed by foreign hackers.

The FBI and the Department of Homeland Security said they had "found no evidence of a cyber intrusion".

The Illinois Statewide Terrorism and Intelligence Center (STIC) previously claimed a hacker with a Russian IP address caused a pump to burn out.

A security expert, who flagged up the story, said he was concerned about the conflicting claims.

Information about the alleged 8 November breach was revealed on Joe Weiss's Control Global blog last week. His article was based on a formal disclosure announcement by the Illinois STIC.

The report said that the public water district's Supervisory Control and Data Acquisition System (Scada) had been hacked as early as September.

It claimed that a pump used to pipe water to thousands of homes was damaged after being repeatedly powered on and off.

It added that the IP address of the attackers had been traced back to Russia.

The news attracted attention because it could have been the first confirmed case of foreign hackers successfully damaging a US utilities.

'No evidence'

The FBI and the DHS said they had carried out "detailed analysis" and could not confirm the intrusion.

"There is no evidence to support claims made in the initial Fusion Center report - which was based on raw, unconfirmed data and subsequently leaked to the media - that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant," an email sent to the US Industrial Control Systems Joint Working Group said.

"In addition, DHS and FBI have concluded that there was no malicious or unauthorised traffic from Russia or any foreign entities, as previously reported."

The officials added that their analysis of the incident was still ongoing.

Mr Weiss said he was concerned that the email appeared to contradict the initial report.

"This begs the question why two government agencies disagree over whether a cyber event that damaged equipment had occurred at a water utility," he wrote on his blog.

"If the STIC report is correct, then we have wasted precious time and allowed many others in the infrastructure to remain potentially vulnerable while we wait to find out if we should do anything."

Fewer managers

Mr Weiss also notes that a 2010 report by the security company McAfee highlighted the relative vulnerability of the global water system compared with other industries including energy and financial services.

"The water/sewage sector... had the lowest adoption rate for security measures protecting their Scada/ICS systems," it said.

The report noted that the low adoption rate might have been linked to the fact that the water and sewage sector, and said that only 55% of its Scada systems were connected to the internet - a lower percentage than most other industries.

However, it went on to highlight the lower number of managers taking responsibility for the issue.

"When considering this data, the small number of water sector executives amongst those with Scada/ICS systems responsibilities - only 11 out of 143 - needs to be noted," said the McAfee report.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement
Posted by News Maker at 9:00 AM 0 comments

Google to kill off more products

23 November 2011 Last updated at 07:44 ET

Google has announced that it is dropping seven more products in an effort to simplify its range of services.

The out-of-season "spring clean" brings an end to services including Google Wave, Knol and Google Gears.

It is the third time that the US firm has announced a cull of several of its products at the same time after they had failed to take off.

Experts said the strategy might put off users from signing up to new services.

Google announced the move in its official blog.

"We're in the process of shutting a number of products which haven't had the impact we'd hoped for, integrating others as features into our broader product efforts, and ending several which have shown us a different path forward," said Urs Holzle, Google's vice president of operations.

"Overall, our aim is to build a simpler, more intuitive, truly beautiful Google user experience," he added.

Wave goodbye

The seven latest products earmarked for the chop are as follows:

  • Google Wave - an attempt to combine email and instant messaging for real-time collaboration
  • Google Bookmarks List - a service which allowed users to share bookmarks with friends
  • Google Friends Connect - allowed webmasters to add social features to their sites by embedding a snippet of code
  • Google Gears - much-hyped effort to maintain web browser functionality when working offline
  • Google Search Timeline - a graph of historical query results
  • Knol - a Wikipedia-style project, which aimed to improve web content
  • Renewable Energy Cheaper than Coal - a project which aimed to find ways to improve solar power

Google had previously announced its plans to kill off some of the projects on the list.

It has now given details about when the switch-offs will occur. For example Wave will be retired in April, and Knol content will be taken offline in October.

Lessons

The diverse nature of the list illustrated how Google operated as a company, said Richard Edwards, principal analyst at research firm Ovum.

"Any company with the resources and number of brains that Google has will have ideas, only some of which will fly. Hitting the zeitgeist is tricky to plan or predict," he said.

The steady stream of innovations from the search giant and the open way it announced them had been a welcome change in a tech industry that had traditionally kept its cards close, said Mr Edwards.

But he warned that Google needed to be careful about how it announced new products in future.

"It can hype the bejesus out of new announcements and it can be difficult for people to pick out the substance from the hype," he said.

There were, he said, "lessons to be learned" from firms such as Apple which took a more measured approach, announcing just a handful of new products once or twice a year.

Focus

Some experts think that Google is streamlining in order to concentrate on its Facebook rival Google+.

The network gained 10 million users within the first 16 days after its private launch, and 40 million within the first 100 days, making it the fastest-growing social network in the history of the web.

But Mr Edwards was sceptical about how successful the service would be in the long-term.

"There is no likelihood of people flocking away from Facebook at the current time unless it commits some hideous faux pas on privacy," he said.

"Something may displace Facebook but I'm not sure it is likely to be Google+," he added.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement
Posted by News Maker at 8:30 AM 0 comments

Tuesday, November 22, 2011

3.74 degrees of online separation

22 November 2011 Last updated at 17:00 ET

There are on average 3.74 degrees of separation between any one Facebook user and another, a study suggests.

The number of degrees represents the number of people in a friendship chain, excluding the people at either end.

Or, as the authors put it: "When considering another person in the world, a friend of your friend knows a friend of their friend."

The study was carried out in May and involved all of the social network's active members.

Facebook defines a user as active if they have logged on at least once over the past 28 days.

Kevin Bacon

The experiment is the biggest test to date for an idea first proposed by the Hungarian author Frigyes Karinthy in 1929.

He suggested there were six degrees of separation between any two people in the world.

The theory was made popular by a play, movie and later a trivia game in which players try to link the actor Kevin Bacon to another Hollywood star within six steps.

Testing that the hypothesis proved true for the wider population has long posed a challenge.

Deep data

A previous attempt by the psychologist Stanley Milgram in the 1960s involved delivering a letter. Volunteers were asked to make sure it reached a specific person, but they were told to only pass it through personal acquaintances who already knew each other.

The problem was that this only involved a few hundred initial subjects, and there was no way to know that the routes the letters took were the most direct ones possible.

Facebook's data scientist Lars Backstrom was able to work with a much bigger data sample.

His social network had 721 million members at the time of the experiment - representing around 10% of the global population - with a total of 69 billion friendships between them.

Despite the vast quantity of data, Mr Backstrom and four researchers from the University of Milan were able to crunch the data using a 24-core computer with a 1 terabyte hard disk. They said the hardware cost no more than a couple of thousand pounds.

Celebrities' "Facebook Pages" were excluded and the test was carried out before the network introduced "Subscriptions", a feature designed to link users to other people they might be interested in, even if they are not acquaintances.

Stabilising

Facebook limits users to having 5,000 friends, but the median figure was far lower at just 100 contacts, or 0.000014% of Facebook's total membership.

Despite this relatively small number, the results showed 99.6% of all pairs of users were connected by five degrees of separation, and 92% were connected by four degrees.

On average, the distance between any two members was 3.74 degrees.

That was shorter than the average 4.28 degrees of separation registered by Facebook's 2008 membership, when the network was smaller.

However, the researchers say the average distance "appears now to be stabilising", suggesting that even if the other nine tenths of the world join Facebook, our degree of separation will not get much smaller.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement
Posted by News Maker at 6:28 PM 0 comments

Xbox users targeted in web scam

By Del Crookes and Dan Whitworth
Newsbeat reporters Xbox Live user <!-- Empty - Wide embedded hyper -->

Xbox Live users are being urged to check their accounts after some say they were scammed by a fake email.

The phishing attack sent users to a fake website where they were asked to input personal details like addresses, emails and credit card details.

Microsoft is investigating but doesn't know how many users are affected.

"We take the security of the Xbox Live service seriously and work to improve it against evolving threats," a Microsoft spokesman said.

"Very occasionally, though, we are contacted by members regarding alleged unauthorized access to their accounts by outside individuals.

We highly recommend all Xbox Live users follow our account security guidance in order to protect their account details

Microsoft statement

"We work closely with impacted members directly to resolve any unauthorized changes to their accounts and, as always, highly recommend all Xbox Live users follow our account security guidance in order to protect their account details."

Microsoft says there is advice on its website about staying safe online but advises that people should never give out passwords or email addresses.

They say users should never type personal information into websites unless they are sure that they are genuine.

Jason Hart, MD of Cryptocard and a former ethical hacker, said: "Xbox customers are finding that they might have had more than �100 pilfered from their accounts.

"This is the third instance of hacking to hit the gaming industry in as many months and it is clear that hackers are finding it all to easy to steal gamers identities and access the financial information they need to make off with users cash."



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement
Posted by News Maker at 8:57 AM 0 comments

Users build bridge to &#39;dark net&#39;

22 November 2011 Last updated at 08:14 ET

People involved in a project to maintain a secret layer of the internet have turned to Amazon to add bandwidth to the service.

The Tor Project offers a channel for people wanting to route their online communications anonymously.

It has been used by activists to avoid censorship as well as those seeking anonymity for more nefarious reasons.

Use of Amazon's cloud service will make it harder for governments to track, experts say.

Onion router

Amazon's cloud service - dubbed EC2 (Elastic Compute Cloud) offers virtual computer capacity.

The Tor developers are calling on people to sign up to the service in order to run a bridge - a vital point of the secret network through which communications are routed.

"By setting up a bridge, you donate bandwidth to the Tor network and help improve the safety and speed at which users can access the internet," the Tor project developers said in a blog.

"Setting up a Tor bridge on Amazon EC2 is simple and will only take you a couple of minutes," it promised.

Users wishing to take part in the bridging project, need to be subscribed to the Amazon service.

It normally costs $30 (�19) a month. However, Amazon is currently offering a year's worth of free storage as part of a promotion, which Tor developers believe their users will qualify for.

Amachai Shulman, chief technology officer of data security firm Imperva believes that cloud services could have a big impact on Tor.

"It creates more places and better places to hide," he said.

"With cloud services it will be easier to create a substantial number of bridges. Amazon is hosting millions of applications and it will be difficult for governments to distinguish between normal access to Amazon's cloud and Tor access," he said.

Tor is short for The Onion Router, so named because of the multi-layered nature of the way it is run. It is also known as the dark net.

It has been in development since 2002 and works by separating the way communications are routed via the internet from the person sending them.

Data is sent through a complex network of 'relays' or bridges run by volunteers around the world. When someone receives data routed via Tor it appears to come from the last person in the relay rather than from the original sender.

Internet addresses are encrypted to add to anonymity.

Ugly face

The Tor Project has been praised for offering people living in repressive regimes an opportunity to communicate freely with others without fear of punishment. Activists have used it in Iran and Egypt.

But it is also used to distribute copyrighted content.

The people behind the Newzbin 2 website are suggesting its members use the network to continue sharing illegal downloads after BT blocked access to the site in the UK.

Tor is also used by people wanting to share images of child abuse. Hacktivist group Anonymous recently launched Operation Darknet which targets such abuse groups operating via the network.

"There is an ugly face to Tor," said Mr Shulman. "Studies suggest that most of the bandwidth is taken by pirated content."

While cloud services are unlikely to make Tor mainstream, the more bridges there are, the more anonymous the network becomes.

Imperva research estimates that there are currently "a few thousand" exit nodes on Tor - the points at which communications reveal themselves on the wider internet.

"There could be far more other nodes but it gives a sense of the size of the community," said Mr Shulman.

Access to Tor is not limited to fixed line communications.

Android users can access it via an application called Orbot and earlier this week Apple approved Covert Browser for iPad to be sold in its App Store, the first official iOS app that allows users to route their online communications through Tor.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement
Posted by News Maker at 8:27 AM 0 comments
Subscribe to: Posts (Atom)