Millions of pieces of malware and thousands of malicious hacker gangs roam today's online world preying on easy dupes. Reusing the same tactics that have worked for years, if not decades, they do nothing new or interesting in exploiting our laziness, lapses in judgment, or plain idiocy. But each year anti-malware researchers come across a few techniques that raise eyebrows. Used by malware or hackers, these inspired techniques stretch the boundaries of malicious hacking. Think of them as innovations in deviance. Like anything innovative, many are a measure of simplicity. Take the 1990s Microsoft Excel macro virus that silently, randomly replaced zeros with capital O's in spreadsheets, immediately transforming numbers into text labels with a value of zero—changes that went, for the most part, undetected until well after backup systems contained nothing but bad data. Today's most ingenious malware and hackers are just as stealthy and conniving. Here are some of the latest techniques of note that have piqued my interest as a security researcher and the lessons learned. Some stand on the shoulders of past malicious innovators, but all are very much in vogue today as ways to rip off even the savviest users.
A new toothbrush tailored to your mouth through 3D imaging can automatically clean teeth in seconds by just biting and grinding on it.
Security firm Malwarebytes has designed a USB stick that can plug into any PC to automate the process of finding, logging, and cleaning up a range of malware. Called the product is a key-shaped USB flash drive designed to get around the need to install software on every system being inspected for malware. Simply plugging in the drive starts the scanning process which can be left to complete on its own before a log file is saved. Handy for business, the drive can be moved from PC to PC, saving the results for each in a separate folder. Quarantined files are saved on the drive itself. If necessary, Techbench can work in an automated mode to a system without an administrator having to be present. What's on the drive? The drive contains Malwarebytes' own plus a protection system called Chameleon used to force a scan even when malware is trying to block its operation.
Cyan Worlds, the development studio behind the classic point-and-click adventure game Myst, is putting together a new project, according to CEO and co-founder Rand Miller. Miller was on hand at the IndieCade conference this weekend in Los Angeles to discuss the 20th anniversary of Myst, the game he co-created with his brother Robyn Miller. That’s right—it’s been two decades since players first found themselves standing on an abandoned dock and began cracking Myst Island’s many secrets. Over the course of the hour-long talk Miller gave a broad overview of Cyan’s history, from simple HyperCard developer to what Miller called the studio’s “very traumatic experience with Myst Online.” , also known as Uru Live, was supposed to be a massively multiplayer continuation of the franchise. The project was ambitious; Cyan planned to add new worlds, or “Ages” to the game regularly, and wanted fans to create custom content also.
I’ve always believed that there are two kinds of people in this world: Those who think there are two kinds of people in this world, and everyone else. It turns out I was wrong. There are actually five kinds of people—at least, five kinds of people on the Internet, according to . The credit issuer collected responses to more than 50 questions from 9029 regular Internet users in nine countries, easily making it the largest such survey I’m aware of. Mind you, these folks aren’t like your brother in law who thinks the Internet is a fad and still uses a flip phone held together by duct tape. These are habitual Internet users who are online at least once a week and generally much more. According to the, they fall into one of five kinds of “social citizen,” split almost equally within the population.
Poor updating and sometimes no updating is leaving large numbers of WordPress websites open to exploitation in cybercriminal campaigns, according to an analysis by WP WhiteSecurity and EnableSecurity, specialist security consultancies in the U.K. The listed in Alexa's top one million in a three-day period earlier this month, found that an astonishing 74 versions of the software in use, only 18.5 percent of which had updated to the latest version, 3.6.1. The study was carried out on September 12, only one day after release of that newest version; but but the prevalence of older versions is still stark. A total of 6859 sites were using version 3.5.1 (which has eight documented vulnerabilities); 2204 were using version 3.4.2 (12 vulnerabilities); and 1655 were using version 3.5 (ten vulnerabilities). "This means that 73.2 percent of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools," the WhiteSecurity report states. "It takes a malicious attacker only a couple of minutes to run automated tools that can discover such vulnerabilities and exploit them."
Internet freedom has declined in the United States over the past year as a result of its surveillance policies, reflecting a trend that appears to have caught on worldwide, according to a recently released study. The conducted by Freedom House, gauged Internet freedom in 60 countries by tracking obstacles to access information online, limits on content, and violations of user rights. Among the issues cited in the report are government agencies' outright blocking of specific Internet content, surveillance measures, and legal and violent repercussions taken against those who use the Internet to criticize governing or religious bodies. Iceland was the top-ranking nation on the list, which may not come as a surprise considering its recent role as a safe-haven for controversial Internet whistleblowers. . Estonia was the second-ranked country on the list (down from ), followed by Germany and the U.S., both of which received a score of 17 on Freedom House's scale of 1-to-100, which assigned points for higher rates of violations of Internet freedom. Australia, France, Japan, Hungary, Italy, and the UK round out the top ten.
Windows Phone is finally making sales headway, with the news that the platform grabbed nearly one in ten smartphone sales across Europe's five largest markets over the summer. In the three months to August, Windows Phone accounted for 9.2 percent of sales across the U.K., Germany, France, Italy, and Spain, proving especially popular in France (12 percent) and the U.K. (10.8 percent), according to figures from analysts at Kantar Worldpanel ComTech. These are its highest ever sales numbers and take Microsoft's platform to within one percentage point of matching sales of Apple's iconic iPhone on the largest market of all, Germany. Android remains on top of the pile with 70.1 percent of sales to August although its growth rates have tailed off compared to its rivals.
Many new tablets, including the new are marketed as ways to create documents and other content for work-related tasks, instead of purely for home consumption of video and games. Even with the focus on The same survey by IDC found that 58.5 percent of respondents bought a tablet to use in addition to a laptop, and not as a replacement. The online survey was conducted in April and included 299 U.S. consumers. All of them were 18 or older. The results might have been different if the survey included younger tablet users, ages 17 and under, since that group has grown up with tablets since the first iPad went on sale in 2010, said Tom Mainelli, an IDC analyst and author of a report on the survey.
The number of 3D printers being sold is set to double by 2015 despite hype outpacing technical realities, according to analysts at Gartner. The firm predicts that worldwide shipments of 3D printers will grow 49 percent in 2013, bringing the total number to 56,507 units. "The 3D printer market has reached its inflection point," said Pete Basiliere, research director at Gartner in a statement. "While still a nascent market, with hype outpacing the technical realities, the speed of development and rise in buyer interest are pressing hardware, software and service providers to offer easier-to-use tools and materials that produce consistently high-quality results." In 2013, Gartner predicts, combined end-user spending on 3D printers will climb to $412 million, up 43 percent from spending of $288 million in 2012. More than three-quarters of the spending, $325 million, will come from the enterprise market, while the consumer segment will reach nearly $87 million.
Women are coming online later and at a slower rate than men around the world, according to a new report released today by the Broadband Commission Working Group on broadband and gender. Of the world's 2.8 billion Internet users, 1.3 billion are women, compared with 1.5 billion men, and between male and female users widens rapidly in the developing world. This gap is relatively small in Organization for Economic Cooperation and Development (OECD) nations. However, globally this gap will grow over the next three years if governments of nations don't take steps to correct this issue. Using computers is associated with status in developing nations, and thus men are more often "allowed" to use these products as compared to women in these regions.
McAfee research indicates that a steep rise in the amount of malware signed with legitimate digital certificates—not —is a growing threat that raises the question whether there should be some kind of "certificate reputation services" or other method to stop certificate abuse. Malware signed with legitimate certificates has soared since 2010 when roughly 1.3 percent of a sample set was found signed that way, according to McAfee. This roughly doubled to 2.9 percent in 2011, then rose to 6.6 percent in 2012. Though the rate is slightly lower so far this year, the total amount of certificate abuse continues to grow because the amount of new malware roughly doubles every year. Speaking at the company's annual user conference in Las Vegas last week, David Marcus, director of advanced research and threat intelligence, said McAfee Labs also found that legitimately signed Android malware, almost nonexistent in 2010, grew to be about 7 percent of all Android malware in 2012 and today constitutes 24 percent. "The certificates aren't actually malicious—they're not forged or stolen, they're abused," said Marcus. This means the attacker has gone out and gotten a legitimate certificate typically from a company associated with a top-root Certificate Authority such as Comodo, Thawte, or VeriSign. The attacker uses this legitimate certificate to sign malware code in order to be able to fool security defenses such as whitelisting or sandboxing, he said.
Like Yahoo, Microsoft is recycling email accounts, and apparently doing so without mentioning it in service agreements for Hotmail, Live, and Outlook.com. Yahoo that proper measures where implemented to prevent privacy disasters like identity theft through data obtained from old e-mail. Microsoft, however, for years has had a similar policy for reuse of Hotmail accounts. The policy has been extended to other , a Dutch IDG publication. The mentions that users are required to log in to their Microsoft accounts "periodically, at a minimum of every 270 days, to keep the Microsoft branded services portion of the services active." Otherwise "we may cancel your access" and "your data may be permanently deleted from our servers."
With its acquisition of gesture-recognition company Flutter, Google may be looking to beef up Google Glass and its Android products while also looking to win over the hearts and minds of Apple iPhone users.
Police secretly arrested a London-based teen last April in connection with the on anti-spam organization Spamhaus, it has been confirmed. The unnamed 16-year-old youth was picked up during "Operation Rashlike" after police connected his Internet activity to certain forums, according to The Evening Standard, the first outlet to be told about the story. During the arrest, "the suspect was found with his computer systems open and logged on to various virtual systems and forums. The subject has a significant amount of money flowing through his bank account. Financial investigators are in the process of restraining monies," the briefing notes on the Operation said. The same document agreed with assessments at the time that the had been the "largest DDoS attack ever seen" which caused worldwide impact including on the servers of the U.K.'s main Internet hub, the London Internet Exchange.
We got some up-close time to handle the upcoming Nintendo 2DS. It's got a new look and a primary audience
DRAM supplies from Hynix's fabrication (fab) plant in Wuxi, China, aren't expected to return to normal until next year after that facility, according to a new report. In the meantime, DRAM prices are up 35 percent since the fire, as looming supply constraints prevail and there appears to be no rush by DRAM makers to sign new contracts, according to the report from analysts at investment bank PiperJaffray. The fire that . Hynix by this November, a prediction PiperJaffray contested.
, informed some in the media (including PCWorld) that his company will no longer sell machines with AMD graphics cards inside. Given the timing, you have to wonder about Origin’s motivations. Indeed, it’s especially odd that a PC manufacturer would go out of its way to tell the press that it’s dropping support for a specific component manufacturer. This is not the kind of move that usually warrants a communication to journalists. Here’s an excerpt from Wasielewski’s statement, which bore the subject line of “Origin PC is going green!” ”This decision was based on a combination of many factors including customer experiences, GPU performance/drivers/stability, and requests from our support staff. Based on our 15+ years of experience building and selling award winning high-performance PCs, we strongly feel the best PC gaming experience is on Nvidia GPUs.”
Valve Software said Friday that it will ship its prototype Steam Machines to 300 lucky beta testers, ranging from premium boxes based on Nvidia Titan cards down to low-end Intel Core i3 machines. that it will shift entirely to Nvidia GPUs. Moreover, Valve said that it plans to make the Steam Machines open and user-upgradable. So if users want to upgrade their Steam Machines, they can, Valve said. . However, the company said it was not yet ready to publish pictures of the proposed box.
More than 75 percent of Twitter’s 218 million “monthly active users” reside outside the U.S., say IPO documents filed by the company and made public Thursday.
Facebook’s head of network operations has great expectations for software defined networking (SDN), though he may not be relying on commercial hardware vendors to bring SDN to the social networking giant’s own infrastructure. , who oversees Facebook’s production and corporate network. Prior to joining Facebook, Ahmad worked as general manager of global networking services at Microsoft. Ahmad was part of a panel about SDN at the New York Interop New York conference, held this week. He spoke with the IDG News Service afterward. , the future of networking.
This very special Nissan LEAF is a poster car for the company’s pledge to bring autonomous vehicles to market by 2020.
The CBS app, which launched on iOS in March, is now joined by new apps for Android and Windows 8.
The lines that seperate tablets, notebooks, and all-in-ones have increasingly blurred over the past few years—and prices have begun following that trend. , is priced at less than $400, although the company sacrificed some niceties to hit that mark. Thankfully, the $1,000 or so prices that PC vendors used to charge for an all-in-one machine have faded away, thanks to lower prices in the flat-panel market. Now, low-end AIO machines are pushing down below $500, as manufacturers try and drive sales by charging less. Nevertheless, if you’re in the market for an all-in-one PC, it pays to pay attention to what’s under the hood.
Campfire, HipChat and other are popular with distributed work teams because of the ability to communicate in real time via a web browser or mobile app. Cotap, a free iPhone app that launched Tuesday, takes a different tack by forgoing the browser element, opting instead to be a simple group texting app for work that you use primarily on your phone. “We want to be actually easier than texting,” says Cotap CEO Jim Patterson, a former Yammer executive with a background in mobile communication and enterprise software. Patteron notes that while other platforms have focused on creating rooms or groups as well as sharing files, most business communication platforms don’t focus first on mobile. Unlike consumer mobile messaging apps such as , that require you to manually create groups and add contacts, Cotap scans your phone’s address book for anyone with the same work email domain as you, using those addresses to automatically populate your company’s address book inside Cotap. As a result, the next person from yourcompanydomain.com to start using Cotap will have one-tap texting access to not only the company email domains in his own address book but also the ones imported into Cotap by anyone else who uses the same work domain, as well as anyone whose email address is associated with a meeting scheduled with Cotap.
, have been actively trying to defeat the encrypted protection provided by the popular Tor anonymity software. But amazingly, it appears the attempts have failed. The latest Snowden leak suggests that Tor has actually withstood the brunt of the NSA’s efforts thus far. “We will never be able to de-anonymize all Tor users all the time,” according to a leaked presentation titled ‘Tor Stinks,’ the Guardian reports. “With manual analysis, we can de-anonymize a very small fraction of Tor users.” That doesn’t mean Tor is a magic bullet for cloaking your online steps, however.
Here's your first dose of early Halloween fright, with 10 scary movies streaming on Hulu Plus.
As a tropical storm and possible hurricane bears down on the Gulf Coast of the U.S., the National Weather Service's website was churning out weather alerts Friday, despite a partial U.S. government shutdown that has affected citizens' access to other online resources. The National Weather Service's website, Weather.gov, was one officials deemed as essential after a budget fight in Congress led to a partial government shutdown Tuesday. The website for weather service parent agency, the National Oceanic and Atmospheric Administration, displayed a notice saying it was unavailable during the shutdown. "Only web sites necessary to protect lives and property will be maintained," said a message at NOAA.gov. But Weather.gov displayed a map of the U.S. with current weather alerts Friday, including a warning for tropical storm Karen, with a hurricane watch for the Gulf coasts of Louisiana, Alabama, Mississippi and Florida. The weather service expects landfall by Sunday morning.
The Worldwide Web Consortium (W3C) formally accepted a big change recently that could affect future Web standards—a decision that will either change nothing or destroy the Web forever. It all depends on your point of view. for possible inclusion in the upcoming HTML 5.1 standard. The W3C is the group charged with defining guidelines for Web technologies. (EME). For users, it means no more needing to download a special plugin to view video content. Just fire up your browser, log in to your favorite online streaming video provider, and go. (Assuming providers embrace EME, naturally.)
