Sign up for our Technology Newsletter 
Cisco Launches I-O-T Security Contest
Cisco has leant its support to the Internet of Things (IoT) with a security competition.
The “Internet of Things Grand Security Challenge” will be offering prizes of up to $300,000 for innovations designed to close security loopholes surrounding internet-connected objects.
Because the IoT is a loose concept rather than a standard or protocol, the criteria for the solutions are quite far reaching, with a Cisco blog post citing that it will evaluate entries based on:
Feasibility, scalability, performance, and ease-of-use
Applicability to address multiple IoT verticals (manufacturing, mass transportation, healthcare, oil and gas, smart grid, etc.)
Technical maturity/viability of proposed approach
Proposers’ expertise and ability to feasibly create a successful outcome
We now live in a world where even the most benign objects are hackable and the numbers of devices involved will only increase, so it therefore will become imperative that the interconnectivity involved does not overstep boundaries of safety or privacy.
Sierra Wireless recently launched Legato, a Linux distro specifically engineered for the IoT, which actually plays up its capacity for gathering Big Data. Meanwhile the IT industry continues to be excited about the IoT with Intel claiming it will be the next major disrupter in tech.
Winners of Cisco’s security challenge will be announced this Autumn at the Internet of Things World Forum, with six prizes of between $50,000-$75,000 up for grabs, as well as the overall winner’s $300,000 bounty.
Some ATMs Still On XP
Cyber-criminals have been cutting holes into European cash machines in order to infect them with malware.
The holes were cut so that the hackers could plug in USB drives that installed their code onto the ATMs. Details of the attacks on an unnamed European bank’s cash dispensers were presented at the hacker-themed Chaos Computing Congress in Hamburg, Germany.
The thefts came to light in July after the lender involved noticed several its ATMs were being emptied. The bank discovered the criminals were vandalising the machines to use the infected USB sticks. Once the malware had been transferred, they patched the holes up. This allowed the same machines to be targeted several times without the hack being discovered.
The attackers could take the highest value banknotes in order to minimise the amount of time they were exposed. Interestingly the software required the thief to enter a second code in response to numbers shown on the ATM’s screen before they could release the money and the thief could only obtain the right code by phoning another gang member and telling them the numbers displayed. This stopped the criminals going alone.
Did Stuxnet Infect A Russian Nuclear Plant?
Comments Off on Did Stuxnet Infect A Russian Nuclear Plant?
Kaspersky has claimed that the infamous Stuxnet computer worm “badly infected” the internal network of an unnamed Russian nuclear plant after it caused chaos in Iran’s nuclear facilities.
Speaking at a keynote presentation given at the Canberra Press Club 2013, Kaspersky CEO Eugene Kaspersky said a staffer at the unnamed nuclear plant informed him of the infection.
“[The staffer said] their nuclear plant network which was disconnected from the internet was badly infected by Stuxnet,” Kaspersky said.
“So unfortunately these people who were responsible for offensive technologies, they recognise cyber weapons as an opportunity.”
Stuxnet was discovered to have spread throughout industrial software and equipment in 2010 and is believed to have been created by the United States and Israel to attack Iran’s nuclear facilities. According to Kaspersky’s source, the malware was carried into the Russian nuclear plant and installed on a physically separated “air-gapped” network.
Kaspersky also made a rather outlandish joke during his speech, saying that all data is subject to theft. “All the data is stolen,” Kaspersky said. “At least twice.”
“If the claim of the Russian nuclear plant infection is true, then it’s easy to imagine how this “collateral damage” could have turned into a very serious incident indeed, with obvious diplomatic repercussions,” said security expert Graham Cluley.
“There is no way to independently verify the claim, of course. But it is a fact that Stuxnet managed to infect many computer systems outside of its intended target in Iran,” Cluley added. “Indeed, the very fact that it spread out of control, was what lead to its discovery by security firms.”
Earlier this year, Symantec claimed that the Stuxnet computer worm could date back further than 2010 and was more widespread than originally believed.
Symantec’s report called “The Missing Link” found a build of the Stuxnet attack tool, dubbed Stuxnet 0.5, which it said dated back to 2005 and used different techniques to sabotage industrial facilities.
Panasonic Drops Plasma
November 12, 2013 by admin
Filed under Consumer Electronics
Comments Off on Panasonic Drops Plasma
Panasonic has announced it will discontinue production of plasma display panels (PDP) next month and close three factories that were building the HDTVs.
The company will stop selling plasma TVs for consumer use and PDP-related products for commercial use, such as Interactive Plasma Displays, with the current line of TVs. It expects to stop business operations at three of its display plants — the Amagasaki P3 Factory, the Amagasaki P5 Factory and the Amagasaki P4 Factory — by the end of March 2014.
Samsung and LG continue to produce plasma display televisions, but theirs are lower-end or entry-level models; they have generally put development dollars into LCD TVs, according to Paul Gray, a research analyst with NPD DisplaySearch.
“Samsung and [LG] were at best uncommitted to PDP,” Gray said in a blog post. And as for Panasonic, Gray said its “PDP research team had to counter every move in LCD and translate it to their technology…. Inevitably, they slowly lost ground.”
Since 2000, Panasonic has been the leading PDP maker. It led the global flat-panel display market by using PDP for large displays and LCD screens for small- and medium-sized displays. Only three years ago, Panasonic claimed 40% of the plasma display market.
In 2010, plasmaaccounted for 40% of flat panel TVs; this year, PDPs are expected to represent only 5% of the flat-panel market, according to according to market research firm NPD DisplaySearch.
Over the past two years, Panasonic has lost $15 billion through investments in flat-panel TV production, according to financial reports.
Plasma displays have increasingly lost market share to LCD TVs as they moved to LED backlights that narrowed the performance gap between the two technologies.
“With the rapid development of large-screen LCDs, and facing the severe price competition in the global market brought on by the Lehman Shock in September 2008, the company consolidated production in the Amagasaki P4 Factory, made a shift towards commercial applications and worked to improve the earnings of the business,” Panasonic said in a recent statement.
Panasonic will now focus its attention on “non-TV applications” and is moving to reduce its fixed costs for production of both plasma and LCD panels.
The move away from plasma HDTVs is reminiscent of the video tape wars of the 1970s and 1980s.
Africa To Lead Global Bandwidth Demand
Comments Off on Africa To Lead Global Bandwidth Demand
Africa’s demand for Internet access to the rest of the world will grow by an average of 51 percent every year until 2019, ahead of all other regions, according to a forecast by research company Telegeography.
Rapid economic growth and wider Internet use will drive the increase in demand, which will be met mostly by turning on unused capacity in existing cables, according to Telegeography analyst Erik Kreifeldt. Terrestrial links are in demand partly because much of Africa still relies on satellite, which is far more expensive per bit than wired broadband, he said.
Most Internet bandwidth between continents is provided by undersea cables built and financed by groups of service providers. From Africa, most of those links go to Europe. Other carriers pay to tap into those cables and link their customers to the Internet. In some parts of Africa, running cables from coastal areas to the interior is a challenge so satellite remains the major Internet source, Kreifeldt said.
The capacity of international cables landing on African shores is just a fraction of the bandwidth available between Europe, the U.S. and Asia. After seven years of the growth that Telegeography forecasts, from 2012 through 2019, Africa will have 17.2Tbps (bits per second) of links to the outside world. That’s up from just 957Gbps in 2012 but will still be only about one-quarter of the international capacity of Latin America and less than that of Canada, according to Telegeography.
The hunger for the Internet varies among African countries. Through 2019, bandwidth demand is expected to grow fastest in Angola, at 71 percent per year; Tanzania, at 68 percent; and Gabon, at 67 percent.
Many new cables have been built to Africa and around the continent in the past several years, giving service providers excess fiber capacity that can be turned on when needed, Kreifeldt said. As that fiber gets lit up and supply rises, prices should fall for enterprises and other users in African countries, he said. However, due to relative scarcity, a given amount of bandwidth between Africa and Europe costs about 10 times as much as the same size connection between Europe and North America, he said. Africa’s bandwidth gains aren’t expected to shrink that gap.
ATM Malware Found In Mexico
A malicious software program identified in ATMs in Mexico has been improved and translated into English, which suggests it may be used elsewhere, according to security vendor Symantec.
Two versions of the malware, called Ploutus, have been discovered, both of which are engineered to empty a certain type of ATM, which Symantec has not identified.
In contrast to most malware, Ploutus is installed the old-fashioned way — by inserting a CD boot disk into the innards of an ATM machine running Microsoft Windows. The installation method suggests that cybercriminals are targeting standalone ATMs where access is easier.
The first version of Ploutus displays a graphical user interface after the thief enters a numerical sequence on an ATM’s keypad, although the malware can be controlled by a keyboard, wrote Daniel Regalado, a Symantec malware analyst, on Oct. 11.
Ploutus is programmed for a specific ATM model since it assumes there is a maximum of four cassettes per dispenser in the ATM. It then calculates the amount of money that should be dispensed based on the number of bills. If any of the cassettes have less than the maximum number of 40 bills, it releases whatever is left, repeating that process until the ATM is empty.
Kevin Haley, director of Symantec Security Response, said in an interview earlier this month that the attackers have deep knowledge of the software and hardware of the particular ATM model.
“They clearly know how this machine worked,” he said.
The source code of Ploutus “contains Spanish function names and poor English grammar that suggests the malware may have been coded by Spanish-speaking developers,” Regalado wrote.
In a new blog post, Regalado wrote that the attackers made Ploutus more robust and translated it into English, indicating the same ATM software can be exploited in countries other than Mexico.
The “B” variant of Ploutus has some differences. It only accepts commands through the keypad but will display a window showing the money available in the machine along with a transaction log as it dispenses cash. An attacker cannot enter a specific number of bills, so Ploutus withdraws money from the cassette with the most available bills, Regalado wrote.
Symantec advised those with ATMs to change the BIOS boot order to only boot from the hard disk and not CDs, DVDs or USB sticks. The BIOS should also be password protected so the boot options can’t be changed, Regalado wrote.
Banks Join Instant Chat
October 16, 2013 by admin
Filed under Around The Net
Comments Off on Banks Join Instant Chat
Goldman Sachs Group Inc, JPMorgan Chase & Co and six other financial institutions have agreed to join a new instant messaging network from Markit and Thomson Reuters Corp to connect disparate messaging systems.
The network, called Markit Collaboration Services, launched on Monday and allows members to chat with one another regardless of the proprietary messaging technology that each firm uses.
This open platform differs Bloomberg LP’s messaging system, which is a closed network only for users of Bloomberg terminals.
Bloomberg messaging is the most popular form of chat on Wall Street, and often cited as one of the reasons banks are willing to pay around $20,000 a year for a subscription to a Bloomberg terminal.
Markit and Thomson Reuters said they hoped their open messaging network will attract banks that want to chat with their clients or other financial institutions but cannot currently do so because they are on different messaging systems.
The other banks that have joined the new network are Deutsche Bank, Bank of America Merrill Lynch, Barclays, Citigroup, Credit Suisse and Morgan Stanley, according to a statement from Markit.
The banks collectively employ more than 1 million people worldwide, though it was not immediately clear how many individuals will use the new Markit service.
David Craig, president of Thomson Reuters’ Financial & Risk division, said one of the challenges facing banks is that their messaging systems do not always talk to one another. “That creates costs and complexity,” he said.
Markit and Thomson Reuters said the messages on the new network are encrypted, and the system does not store them.
Representatives from Bank of America, Deutsche Bank, Goldman Sachs and Morgan Stanley were not immediately available to comment on the new messaging system. Representatives from Barclays, Citi, Credit Suisse and JPMorgan also declined to comment.
Cyber Attacks Increasing In Middle East
Comments Off on Cyber Attacks Increasing In Middle East
Syria’s civil war and political strife in Egypt have given birth to new battlegrounds on the Web and driven a surge in cyber attacks in the Middle East, according to a leading Internet security company.
More than half of incidents in the Gulf this year were so-called “hacktivist” attacks – which account for only a quarter of cybercrime globally – as politically motivated programmers sabotaged opposing groups or institutions, executives from Intel Corp’s software security division McAfee said on Tuesday.
“It’s mostly bringing down websites and defacing them with political messages – there has been a huge increase in cyber attacks in the Middle East,” Christiaan Beek, McAfee director for incident response forensics in Europe, Middle East and Africa (EMEA), told Reuters.
He attributed the attacks to the conflict in Syria, political turmoil in Egypt and the activities of hacking collective Anonymous.
“It’s difficult for people to protest in the street in the Middle East and so defacing websites and denial of service (DOS) attacks are a way to protest instead,” said Beek.
DOS attacks flood an organization’s website causing it to crash, but usually do little lasting damage.
The Syrian Electronic Army (SEA), a hacking group loyal to the government of President Bashar al-Assad, defaced an Internet recruiting site for the U.S. Marine Corps on Monday and recently targeted the New York Times website and Twitter, as well other websites within the Middle East.
Beek described SEA as similar to Anonymous.
“There’s a group leading operations, with a support group of other people that can help,” said Beek.
McAfee opened a centre in Dubai on Monday to deal with the rising threat of Internet sabotage in the region, the most serious of which are attacks to extract proprietary information from companies or governments or those that cause lasting damage to critical infrastructure.
Cyber attacks are mostly focused on Saudi Arabia, the world’s largest oil exporter, Qatar, the top liquefied natural gas supplier, and Dubai, which is the region’s financial, commercial and aviation hub, said Gert-Jan Schenk, McAfee president for EMEA.
“It’s where the wealth and critical infrastructure is concentrated,” he said.
The “Shamoon” virus last year targeted Saudi Aramco, the world’s largest oil company, damaging about 30,000 computers in what may have been the most destructive attack against the private sector.
“Ten years ago, it was all about trying to infect as many people as possible,” added Schenk. “Today we see more and more attacks being focused on very small groups of people. Sometimes malware is developed for a specific department in a specific company.”
Collaborating Viruses Showing Up
Two computer viruses are collaborating to defeat clean-up operations. Microsoft researcher Hyun Choi has found that the pair of viruses foil removal by regularly downloading updated versions of their malware partner.
It is the first time that such a defense plan has been noticed before. Choi said that the Vobfus and Beebone viruses, were regularly found together. Vobfus was the first to arrive on a machine, he said, and used different tactics to infect victims. Vobfus could be installed via booby-trapped links on websites, travel via network links to other machines or lurk on USB drives and infect machines they are plugged into.
Once installed, Vobfus downloaded Beebone which enrolled the machine into a botnet. After this the two start to work together to regularly download new versions of each other. If Vobfus was detected and remediated, it could have downloaded an undetected Beebone which can in turn download an undetected variant of Vobfus.
Vobfus become a persistent problem since 2009 when it first appeared.
Will Cisco Boot Linksys?
Cisco reportedly has hired Barclays to find a buyer for its Linksys business.
Cisco bought Linksys back in 2003 to get into the consumer networking business and the firm has put out some good products, most notably the WRT54G wireless router that was a favourite with technology savvy punters. Now Cisco is looking to offload Linksys as it continues to pull back from the consumer networking market.
Cisco has been cutting jobs and products such as the Flip video camera, as it wants to get back to the high margin enterprise networking business. Back in 2003, Cisco paid $500m for Linksys and got access to an established business that focused on producing consumer network equipment.
A decade later, it is being reported that Cisco will be lucky to get its $500m back. Cisco has been pulling out of its failed attempt to get into the consumer market and is now focusing on flogging both network infrastructure hardware and servers, though it is widely expected to be hit hard as software defined networks become more popular.
Unlike Cisco’s core enterprise business, Linksys products typically have low margins, and with its parent firm’s slowing sales growth, it is not surprising Cisco wants to offload it. Bloomberg’s sources said Cisco might find interest in buying Linksys from television makers, though they wouldn’t provide any more details.