BlackBerry To Patch For Heartbleed

BlackBerry Ltd said it will release security updates for messaging software for Android and iOS devices by Friday to address vulnerabilities in programs related to the “Heartbleed” security threat.

Researchers last week warned they uncovered Heartbleed, a bug that targets the OpenSSL software commonly used to keep data secure, potentially allowing hackers to steal massive troves of information without leaving a trace.

Security experts initially told companies to focus on securing vulnerable websites, but have since warned about threats to technology used in data centers and on mobile devices running Google Inc’s Android software and Apple Inc’s iOS software.

Scott Totzke, BlackBerry senior vice president, told Reuters on Sunday that while the bulk of BlackBerry products do not use the vulnerable software, the company does need to update two widely used products: Secure Work Space corporate email and BBM messaging program for Android and iOS.

He said they are vulnerable to attacks by hackers if they gain access to those apps through either WiFi connections or carrier networks.

Still, he said, “The level of risk here is extremely small,” because BlackBerry’s security technology would make it difficult for a hacker to succeed in gaining data through an attack.

“It’s a very complex attack that has to be timed in a very small window,” he said, adding that it was safe to continue using those apps before an update is issued.

Google spokesman Christopher Katsaros declined comment. Officials with Apple could not be reached.

Security experts say that other mobile apps are also likely vulnerable because they use OpenSSL code.

Michael Shaulov, chief executive of Lacoon Mobile Security, said he suspects that apps that compete with BlackBerry in an area known as mobile device management are also susceptible to attack because they, too, typically use OpenSSL code.

He said mobile app developers have time to figure out which products are vulnerable and fix them.

“It will take the hackers a couple of weeks or even a month to move from ‘proof of concept’ to being able to exploit devices,” said Shaulov.

Technology firms and the U.S. government are taking the threat extremely seriously. Federal officials warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by the Heartbleed bug.

Companies including Cisco Systems Inc, Hewlett-Packard Co, International Business Machines Corp, Intel Corp, Juniper Networks Inc, Oracle Corp Red Hat Inc have warned customers they may be at risk. Some updates are out, while others, like BlackBerry, are rushing to get them ready.

Source

Zeus Attached To Cancer Email Scam

Thousands of email users have been hit by a sick cancer email hoax that aims to infect the recipients’ computers with Zeus malware.

The email has already hit thousands of inboxes across the UK, and looks like it was sent by the National Institute for Health and Care Excellence (NICE). It features the subject line “Important blood analysis result”.

However, NICE has warned that it did not send the malicious emails, and is urging users not to open them.

NICE chief executive Sir Andrew Dillon said, “A spam email purporting to come from NICE is being sent to members of the public regarding cancer test results.

“This email is likely to cause distress to recipients since it advises that ‘test results’ indicate they may have cancer. This malicious email is not from NICE and we are currently investigating its origin. We take this matter very seriously and have reported it to the police.”

The hoax message requests that users download an attachment that purportedly contains the results of the faux blood analysis.

Security analysis firm Appriver has since claimed that the scam email is carrying Zeus malware that if installed will attempt to steal users’ credentials and take over their PCs.

Appriver senior security specialist Fred Touchette warned, “If the attachment is unzipped and executed the user may see a quick error window pop up and then disappear on their screen.

“What they won’t see is the downloader then taking control of their PC. It immediately begins checking to see if it is being analysed, by making long sleep calls, and checking to see if it is running virtually or in a debugger.

“Next it begins to steal browser cookies and MS Outlook passwords from the system registry. The malware in turn posts this data to a server at 69.76.179.74 with the command /ppp/ta.php, and punches a hole in the firewall to listen for further commands on UDP ports 7263 and 4400.”

Source

Will Chrome’s API Work?

Google has targeted web browser settings hijacking in its latest update to Chrome for Windows.

On the Chromium blog, Google engineering director Erik Kay announced an extension settings API designed to ensure that users have notice and control over any settings changes made to their web browsers.

As a result, the only way extensions will be able to make changes to browser settings such as the default search engine and start page will be through this API.

Bargain hungry consumers are often unaware that freeware programs often bundle add-on programs for which developers receive payment but can create irritating, rather than malicious, changes to user settings.

Although there is usually consent sought at installation, quite often it is ignored or not understood, and the people who miss the warnings are generally the same ones who find it hard to change the settings back.

Kay said that the API is available in the Chromium developer channel, with a rollout to the stable channel set for May.

The Chromium stable channel has been updated to version 33.0.1750.149. The main change is an update to the embedded Flash Player for Windows, which is now version 12.0.0.77.

There are seven new security fixes, most of which were user submitted via the open source Fast Memory Detector Address Sanitizer.

Although the user community and Chrome team continue to proactively protect the Chromium project, third party extensions can still cause problems, with several already having been removed from the Chrome Store this year.

Source

Can MediaTek Challenge Qualcomm?

A top analyst has said that Qualcomm has nothing to fear from Media Tek’s announcement that it is gunning for the smartphone market.

Qualcomm rules North America and Europe while right now MediaTek is best known for being the leading player in the Chinese market. Now there are signs that MediaTek seems to have reached the maximum market share that they can achieve in China and will be looking to go after Qualcomm in other markets.

But Jefferies analyst Peter Misek views MediaTek’s cunning plan as more of a medium to long-term threat to Qualcomm versus a near-term threat.

He commented, “The high-end smartphone market is saturated and while we believe that pricing and subsidy pressure will become more severe globally, Qualcomm has significant opportunities through integration, iPhone 6, and royalty collections in China.”

Of course it is optimistic to think that the iPhone 6 will do well in China. Many analysts have lost their lunch money betting on Jobs’ Mob doing anything in China.

Source

Some ATMs Still On XP

Cyber-criminals have been cutting holes into European cash machines in order to infect them with malware.

The holes were cut so that the hackers could plug in USB drives that installed their code onto the ATMs. Details of the attacks on an unnamed European bank’s cash dispensers were presented at the hacker-themed Chaos Computing Congress in Hamburg, Germany.

The thefts came to light in July after the lender involved noticed several its ATMs were being emptied. The bank discovered the criminals were vandalising the machines to use the infected USB sticks. Once the malware had been transferred, they patched the holes up. This allowed the same machines to be targeted several times without the hack being discovered.

The attackers could take the highest value banknotes in order to minimise the amount of time they were exposed. Interestingly the software required the thief to enter a second code in response to numbers shown on the ATM’s screen before they could release the money and the thief could only obtain the right code by phoning another gang member and telling them the numbers displayed. This stopped the criminals going alone.

Source

App Stores For Supercomputers Enroute

A major problem facing supercomputing is that the firms that could benefit most from the technology, aren’t using it. It is a dilemma.

Supercomputer-based visualization and simulation tools could allow a company to create, test and prototype products in virtual environments. Couple this virtualization capability with a 3-D printer, and a company would revolutionize its manufacturing.

But licensing fees for the software needed to simulate wind tunnels, ovens, welds and other processes are expensive, and the tools require large multicore systems and skilled engineers to use them.

One possible solution: taking an HPC process and converting it into an app.

This is how it might work: A manufacturer designing a part to reduce drag on an 18-wheel truck could upload a CAD file, plug in some parameters, hit start and let it use 128 cores of the Ohio Supercomputer Center’s (OSC) 8,500 core system. The cost would likely be anywhere from $200 to $500 for a 6,000 CPU hour run, or about 48 hours, to simulate the process and package the results up in a report.

Testing that 18-wheeler in a physical wind tunnel could cost as much $100,000.

Alan Chalker, the director of the OSC’s AweSim program, uses that example to explain what his organization is trying to do. The new group has some $6.5 million from government and private groups, including consumer products giant Procter & Gamble, to find ways to bring HPC to manufacturers via an app store.

The app store is slated to open at the end of the first quarter of next year, with one app and several tools that have been ported for the Web. The plan is to eventually spin-off AweSim into a private firm, and populate the app store with thousands of apps.

Tom Lange, director of modeling and simulation in P&G’s corporate R&D group, said he hopes that AweSim’s tools will be used for the company’s supply chain.

The software industry model is based on selling licenses, which for an HPC application can cost $50,000 a year, said Lange. That price is well out of the reach of small manufacturers interested in fixing just one problem. “What they really want is an app,” he said.

Lange said P&G has worked with supply chain partners on HPC issues, but it can be difficult because of the complexities of the relationship.

“The small supplier doesn’t want to be beholden to P&G,” said Lange. “They have an independent business and they want to be independent and they should be.”

That’s one of the reasons he likes AweSim.

AweSim will use some open source HPC tools in its apps, and are also working on agreements with major HPC software vendors to make parts of their tools available through an app.

Chalker said software vendors are interested in working with AweSim because it’s a way to get to a market that’s inaccessible today. The vendors could get some licensing fees for an app and a potential customer for larger, more expensive apps in the future.

AweSim is an outgrowth of the Blue Collar Computing initiative that started at OSC in the mid-2000s with goals similar to AweSim’s. But that program required that users purchase a lot of costly consulting work. The app store’s approach is to minimize cost, and the need for consulting help, as much as possible.

Chalker has a half dozen apps already built, including one used in the truck example. The OSC is building a software development kit to make it possible for others to build them as well. One goal is to eventually enable other supercomputing centers to provide compute capacity for the apps.

AweSim will charge users a fixed rate for CPUs, covering just the costs, and will provide consulting expertise where it is needed. Consulting fees may raise the bill for users, but Chalker said it usually wouldn’t be more than a few thousand dollars, a lot less than hiring a full-time computer scientist.

The AweSim team expects that many app users, a mechanical engineer for instance, will know enough to work with an app without the help of a computational fluid dynamics expert.

Lange says that manufacturers understand that producing domestically rather than overseas requires making products better, being innovative and not wasting resources. “You have to be committed to innovate what you make, and you have to commit to innovating how you make it,” said Lange, who sees HPC as a path to get there.

Source

Google Expands Malware Blocker

Google has expanded malware blocking in an early development build of Chrome to sniff out a wider range of threats than the browser already recognizes.

Chrome’s current “Canary” build — the label for very-early versions of the browser, earlier than even Chrome’s Dev channel — will post a warning at the bottom of the window when it detects an attempted download of malicious code.

Features added to the Canary build usually, although not always, eventually make it into the Dev channel — the roughest-edged of the three distributed to users — and from there into the Beta and Stable channels. Google did not spell out a timetable for the expanded malware blocking.

Chrome has included malware blocking for more than two years, since version 12 launched in June 2011, and the functionality was extended in February 2012with Chrome 17.

Chrome is now at version 30.

Canary’s blocking, however, is more aggressive on two fronts: It is more assertive in its alerts and detects more malware forms, including threats that pose as legitimate software and monkey with the browser’s settings.

“Content.exe is malicious, and Chrome has blocked it,” the message in Canary reads. The sole visible option is to click the “Dismiss” button, which makes the warning vanish. The only additional option, and that only after another click, is to “Learn more,” which leads to yet another warning.

In Canary, there is no way for the user to contradict the malware blocking.

That’s different than in the current Stable build of Chrome, which relies on a message that says, “This file is malicious. Are you sure you want to continue?” and gives the user a choice between tossing the downloaded file or saving it anyway.

As it has for some time, Chrome will show such warnings on select file extensions, primarily “.exe,” which in Windows denotes an executable file, and “.msi,” an installation package for Windows applications. Canary’s expansion, said Google, also warns when the user tries to download some less obvious threats, including payloads masquerading as legitimate software — it cited screen savers and video plug-ins in a  blog posting — that hijack browser settings to silently change the home page or insert ads into websites to monetize the malware.

Google’s malware blocking is part of its Safe Browsing API (application programming interface) and service, which Chrome, Apple’s Safari and Mozilla’s Firefox all access to warn customers of potentially dangerous websites before they reach them.

In Chrome’s case, the malware warning stems not only from the Safe Browsing “blacklist” of dodgy websites, but according to NSS Labs, a security software testing company, also from the Content Agnostic Malware Protection (CAMP) technology that Google has baked into its implementation of Safe Browsing.

Source

ATM Malware Found In Mexico

A malicious software program identified in ATMs in Mexico has been improved and translated into English, which suggests it may be used elsewhere, according to security vendor Symantec.

Two versions of the malware, called Ploutus, have been discovered, both of which are engineered to empty a certain type of ATM, which Symantec has not identified.

In contrast to most malware, Ploutus is installed the old-fashioned way — by inserting a CD boot disk into the innards of an ATM machine running Microsoft Windows. The installation method suggests that cybercriminals are targeting standalone ATMs where access is easier.

The first version of Ploutus displays a graphical user interface after the thief enters a numerical sequence on an ATM’s keypad, although the malware can be controlled by a keyboard, wrote Daniel Regalado, a Symantec malware analyst, on Oct. 11.

Ploutus is programmed for a specific ATM model since it assumes there is a maximum of four cassettes per dispenser in the ATM. It then calculates the amount of money that should be dispensed based on the number of bills. If any of the cassettes have less than the maximum number of 40 bills, it releases whatever is left, repeating that process until the ATM is empty.

Kevin Haley, director of Symantec Security Response, said in an interview earlier this month that the attackers have deep knowledge of the software and hardware of the particular ATM model.

“They clearly know how this machine worked,” he said.

The source code of Ploutus “contains Spanish function names and poor English grammar that suggests the malware may have been coded by Spanish-speaking developers,” Regalado wrote.

In a new blog post, Regalado wrote that the attackers made Ploutus more robust and translated it into English, indicating the same ATM software can be exploited in countries other than Mexico.

The “B” variant of Ploutus has some differences. It only accepts commands through the keypad but will display a window showing the money available in the machine along with a transaction log as it dispenses cash. An attacker cannot enter a specific number of bills, so Ploutus withdraws money from the cassette with the most available bills, Regalado wrote.

Symantec advised those with ATMs to change the BIOS boot order to only boot from the hard disk and not CDs, DVDs or USB sticks. The BIOS should also be password protected so the boot options can’t be changed, Regalado wrote.

Source

SalesForce Goes Hacking

Salesforce.com really wants to attract lots of developers to its Dreamforce conference next month in San Francisco. As in, really.

Last Friday, the cloud software vendor announced a “hackathon” would be held at the conference, with US$1 million going to the developer or team who creates the top prize-winning mobile application with Salesforce.com technology.

“It’s not going to be easy — $1 million is going to bring out the best of the best,” Salesforce.com said in Friday’s announcement. “So don’t wait until Dreamforce! You’re going to want to get started now. With Force.com, Heroku, ExactTarget Fuel, Mobile Services and more — you’ve got a killer array of platform technology to use.”

Salesforce.com will also be providing some “pretty amazing new technology” for use at the show, the announcement adds.

In order to participate, developers have to either register for a full conference pass or a special $99 hacker pass.

The hackathon reflects Salesforce.com’s long courtship of developers to its development technologies, its AppExchange marketplace and recent efforts to build out more tooling for mobile application development.

Developers taking part in the hackathon will have plenty of competition, with some 20,000 programmers expected to attend Dreamforce overall. A “Hack Central” area will be open around the clock, supporting coders who want to work until the wee hours on their application.

In order to qualify, an application can’t have been previously released. The entries will be judged on four criteria counting 25 percent each: innovation, business value, user experience and use of Salesforce.com’s platform.

The second-place finisher will receive $50,000, with $25,000 going to the third-place winner. Fourth and fifth place will get $10,000 and $5,000, respectively.

Some 120,000 people are expected to register for Dreamforce this year. While some of that total will be watching online rather than in person, Dreamforce is now operating at a scale rivaling Oracle’s OpenWorld event, which happened last month.

Source

MediaTek’s Octa-Core Processor Tested

MediaTek raised quite a few eyebrows earlier this year when it announced it would build the world’s first proper ARM octa-core, not a big.LITTLE design. The MT6592 has now popped up on a Chinese site, with the first Antutu results.

It scored 25,496, which places it behind the 1.7GHz Snapdragon in the HTC One, but it’s still a lot faster than the Nexus 4’s Qualcomm APQ8064, although throttling may have something to do with that. The score seems too high, but not long after the results emerged, a number of mobile sites started talking about disappointing results, claiming that MediaTek’s octa-core was somehow supposed to end up on a par with Samsung’s latest Exynos 5 big.LITTLE chip and the Qualcomm 800.

This of course is utter rubbish and FUD of the highest order.

The 28nm MT6592 is indeed an octa-core, but it has eight A7 cores, not a combo of A15 and A7 cores. The A7 is about one fifth of the die area of an A15 and according to ARM it consumes one quarter to one fifth of the power, making such comparisons asinine. In other words, MediaTek’s octa-core should end up a lot smaller and cheaper than a quad A15, maybe even a quad A12. That is why we find the 25,496 result hard to believe – it should be less, not more. For example, the Tegra 4 on Shield hits about 36,000, yet it’s a much bigger chip, on a device with more RAM.

The benchmarked chip ran at 1.7GHz, but MediaTek said the MT6592 should have no trouble hitting 2GHz, which could make it faster than a Snapdragon 600. What’s more, the tested device featured 1GB of RAM, 720p display and a Mali-450 GPU, so it is clearly not high-end.

However, the big problem for MediaTek’s curious new SoC is the sheer number of cores. Most apps simply can’t put them to good use and unless MediaTek has a clever trick up its sleeve, the chip might not be nearly as fast in real world applications. It does look promising in benchmarks, though.

Source

« Previous Page — Next Page »