The Internal Revenue Service was the target of an illegal network intrusion that used stolen Social Security numbers and other taxpayer data to obtain PINs that can be used to file tax returns electronically.
The attack occurred in January and targeted an IRS Web application that taxpayers use to obtain their so-called Electronic Filing (E-file) PINs. The app requires taxpayer information such as name, Social Security number, date of birth and full address.
Attackers attempted to obtain E-file PINs corresponding to 464,000 unique SSNs using an automated bot, and did so successfully for 101,000 SSNs before the IRS blocked it.
The personal taxpayer data used during the attack was not obtained from the IRS, but was stolen elsewhere, the agency said in a statement. The IRS is notifying affected taxpayers via mail and will monitor their accounts to protect them from tax-related identity theft.
While the IRS said that externally acquired taxpayer data was used, the agency did suffer a security breach last year that allowed attackers to gain information such as Social Security information, date of birth and street address for over 300,000 taxpayers.
That attack involved the IRS’ “Get Transcript” application and in that case, too, the agency said that attackers were able to pass the app’s verification steps using information acquired from an external source.
Given the sheer amount of personal data that’s now in the hands of cybercriminals, it’s likely that some of them will try to monetize it and one possible method is by filing fraudulent tax returns.
Google is researching into a more virtual realtiy technology which will probably just end up in the beta stage before the search engine gives up on the whole project.
Google is apparently developing a new virtual-reality headset for smartphones, and adding extra support for the technology to Android in a cunning plan to give Oculus a run for its money. We are not holding our breath, we keep getting announcements like this from Google and they always turn to be vapourware like Google Glass..
Anyway this one is to be a successor to Cardboard, the cheap-and-cheerful mobile VR viewer that Google launched in 2014 and you can sort of buy and sold more than than 5 million units.
This one will feature better sensors, lenses and a more solid plastic casing, according to people familiar with its plans. The smartphone-based device will be similar to the Gear VR, a collaboration between Samsung and Oculus that went on sale to consumers late last year.
Google is expected to release its rival headset, alongside new Android VR technology, this year. Like Cardboard and Gear VR, the new headset will use an existing smartphone, slotted into the device, for its display and most of its processing power. But it will still be VR for dummies. Google Cardboard relies solely on sensors already built into modern smartphones to detect the position of a user’s head while real VR kits are a bit better and suffer less from latency issues.
The updated Google headset will be compatible with a much broader range of Android devices than Gear VR, which only works with a handful of recent Samsung Galaxy smartphone models, as the Alphabet unit tries to bring the technology to a wider audience.
The thought is that by improving resolution and latency, the combination of better Android software and the new headset will allow viewers to spend longer in VR and enable developers to create more sophisticated apps.
This confirms what we noticed at CES where there were few people even showing 3D as a feature and one of them was LG.
Speaking to ET News in Korea, an LG representative stated that only its premium sets this year will be 3D capable, slashing the number of supporting TVs by half.
“Although 40 per cent of all TVs last year had 3D functions, only 20 per cent this year will. There are still consumers who enjoy 3D movies and others, so we are going to apply it mainly on premium products.”
Apparently Samsung is going the same way according to a supplier of 3D glasses who was told not to bother making compatible specs this year.
3D in the home has been in decline for the last two to three years, with first the BBC stopping producing its 3D material and Sky started killing off its dedicated channels last June. Sky still offers some 3D movies and content on demand.
It does not mean that 3D video is a dead format. It is still going strong in cinemas and we will probably see films made in that format for years. It is just that it never really worked in the home. Some of that might have been due to content, other reasons is that it tended to be erratic technology whcih was a little too much like hard work to set up. Quality also suffered in comparison some of the HD and UH pictures which were suddenly more realistic.
Oracle has bestowed the gift of an out-of-band security patch on its customers following problems with Java and Windows.
You should manage the passage of Security Alert CVE-2016-0603 with some urgency. Oracle gave this to you over the weekend, but the weekend is the weekend and no-one expects out-of-band patches anyway.
An Oracler called Eric Maurice is the giver of the bad news, depending on how you approach security updates, saying that application of the patch will prevent vulnerabilities with Java 6, 7 and 8 on the Windows platform.
The flaw has received a CVSS Base Score of 7.6, which translates as High. You might call it ‘urgent’. To be honest, Oracle has already given out enough tasks for security staffers with its January patch rain-making.
Maurice reckons that victims would not merely walk into exploitation in this instance but could be tricked into it by hackers and miscreants.
“To be successfully exploited, this vulnerability requires that an unsuspecting user be tricked into visiting a malicious website and download files to the user’s system before installing Java 6, 7 or 8. Though considered relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user’s system,” he said.
“Customers need not upgrade existing Java installations to address the vulnerability because the exposure exists only during the installation process. As a reminder, Oracle recommends that Java home users visit Java.com to ensure that they are running the most recent version of Java SE and that all older versions have been completely removed.”
While you’re at it, Maurice warned that you should only ever download Java from Java.com. This is good advice.
Also available for advice is Qualys CTO Wolfgang Kandek who swung by to tell us that the best kind of Java is the most recent.
“As Oracle points out, existing installations are not at risk. New installations should use the latest fixed packages published by Oracle. This would address the situation where an end-user might have visited a malicious site which could have prepared the machine for an attack by downloading altered versions of one of the DLLs involved,” he said.
U.S. vehicle safety regulators have stated the artificial intelligence system piloting a self-driving Google car may be considered the driver under federal law, a major step toward ultimately winning approval for autonomous vehicles on the roads.
The National Highway Traffic Safety Administration told Google, a unit of Alphabet Inc, of its decision in a previously unreported Feb. 4 letter to the company posted on the agency’s website this week.
Google’s self-driving car unit on Nov. 12 submitted a proposed design for a self-driving car that has “no need for a human driver,” the letter to Google from National Highway Traffic Safety Administration Chief Counsel Paul Hemmersbaugh said.
“NHTSA will interpret ‘driver’ in the context of Google’s described motor vehicle design as referring to the (self-driving system), and not to any of the vehicle occupants,” NHTSA’s letter said.
“We agree with Google its (self-driving car) will not have a ‘driver’ in the traditional sense that vehicles have had drivers during the last more than one hundred years.”
Major automakers and technology companies such as Google are racing to develop and sell vehicles that can drive themselves at least part of the time.
All participants in the autonomous driving race complain that state and federal safety rules are impeding testing and eventual deployment of such vehicles. California has proposed draft rules requiring steering wheels and a licensed driver in all self-driving cars.
Karl Brauer, senior analyst for the Kelley Blue Book automotive research firm, said there were still significant legal questions surrounding autonomous vehicles.
But if “NHTSA is prepared to name artificial intelligence as a viable alternative to human-controlled vehicles, it could substantially streamline the process of putting autonomous vehicles on the road,” he said.
If the car’s computer is the driver for legal purposes, then it clears the way for Google or automakers to design vehicle systems that communicate directly with the vehicle’s artificial pilot.
The plan calls for a $3.1 billion fund to replace outdated IT infrastructure; a new position of federal chief information security officer; a commission to study cybersecurity problems, and a program to recruit cybersecurity experts into government roles.
The U.S has been working since 2009 to improve the nation’s cyber defenses, most recently with the Cybersecurity Act of 2015, which promotes better information sharing between private industry and government, said Michael Daniel, special assistant to the President and cybersecurity coordinator, in a phone briefing with reporters Monday.
“Despite this track record, the cyberthreat continues to outpace our current efforts,” he said. “Particularly as we continue to hook more and more of our critical infrastructure up to the Internet, and as we build out the Internet of things, cyberthreats become only more frequent and more serious.”
The U.S. has faced serious data breaches and intrusions over the past two years. An attack on the Office of Personnel Management, the federal personnel agency, resulted in the theft of data including Social Security numbers, and in some cases fingerprints, of 21.5 million people.
In November 2014, the State Department took its unclassified email system offline after it detected suspicious activity. The shutdown came just two weeks after the White House reported unusual activity on the unclassified Executive Office of the President network.
Overall, the government wants to allocate $19 billion for cybersecurity spending in fiscal 2017, a 35% increase over the current year.
The proposed $3.1 billion Information Technology Modernization Fund would be used to replace systems that pose a high risk and to investigate more modern architectures, such as cloud services.
Researchers have found an authentication bypass-sized hole in iPhones and iPads running iOS 8 and iOS 9.
This threat is real people, there is a video of it and documentation available online. It’s all pretty technical but the upshot is the vulnerability lets an attacker bypass the lockscreen on handsets running iOS 8 and iOS 9.
“An application update loop that results in a pass code bypass vulnerability has been discovered in the official Apple iOS (iPhone5&6 / iPad2) v8.x, v9.0, v9.1 & v9.2. The security vulnerability allows local attackers to bypass pass code lock protection of the Apple iPhone via an application update loop issue,” says the official technical description.
In rather loose language it continues: “Local attacker can trick the iOS device into a mode were a runtime issue with unlimited loop occurs. This finally results in a temporarily deactivate of the pass code lock screen. By loading the loop with remote app interaction we were able to stable bypass the auth of an iPhone after the reactivation via shutdown button. The settings of the device was permanently requesting the pass code lock on interaction.
“Normally the pass code lock is being activated during the shutdown button interaction. In case of the loop the request shuts the display down but does not activate the pass code lock.”
David Bisson, a regulator commentator on security, puts it more succinctly on the Graham Cluley blog, and throws in a couple of warnings about how and where you download your software. “This condition can be exploited by shutting down (or powering off) the device, at which point in time the passcode authentication feature is not activated as designed,” he said.
“Upon reboot (or re-activation), that protective feature remains disabled, allowing an attacker to access the device without a passcode… iOS users should therefore be careful when leaving their devices unattended around people they might not know.”
We have asked Apple to comment on the vulnerability and are awaiting a response.
According to a post by USA Today, the Los Angeles area retailer began selling the Samsung UBDK8500 on February 5th for $397.99. The device is available in-store only, so we are expecting locals to rush in over the weekend and grab the player quickly as retailers are not expected to begin selling them for another few weeks.
In January, we wrote that Samsung’s UBDK8500 would begin arriving early to New York City-based Internet retailer B&H Photo Video as well as Crutchfield.com. Both sites are currently taking preorders for $399 and are expected to have stock on February 15th and February 17th, respectively.
For the initial public launch, 4K Ultra HD Blu-ray players are expected to be in high demand and limited supply as there will only be three options to choose from – the Samsung UBDK8500, the Philips BDP7501, and the Panasonic DMP-UB900.
We have asked Samsung if the company plans to release any 4K Ultra HD BD-ROM drives for PC, as we expect these to be a much better value-per-dollar than the standalone home entertainment players mentioned above. Unfortunately, the company says it cannot comment at this time.
Verizon Communications Inc has granted Tim Armstrong, chief executive officer of its AOL unit, a leading role in researching a possible bid for Yahoo Inc’s assets, Bloomberg reported, citing a person with knowledge of the situation.
Verizon, the largest U.S. wireless carrier, hasn’t hired bankers to conduct an offer and there have been no formal talks, according to the report.
Yahoo said last week that it would consider “strategic alternatives” for its core Internet business, even as it continues with its plan to revamp the business and spin it off.
Yahoo’s core business, which includes popular services like Yahoo Mail and its news and sports sites, could attract private equity firms, media and telecom companies or firms like Softbank Group Corp, analysts had said.
Verizon’s Chief Financial Officer Fran Shammo said in December that the U.S. wireless carrier could look at buying Yahoo’s core business if it was a good fit.
Earlier this year, Verizon bought AOL Inc in a $4.4 billion deal to push into targeted advertising and mobile video.
Verizon and Yahoo couldn’t immediately be reached for comments.
According to several metrics sources, Edge’s share of the global Windows 10user base was significantly lower in January than was Internet Explorer’s (IE) share of all Windows users, signaling that Microsoft has not been able to maintain the historical — or even current — percentages of Windows customers on its newest browser.
Last month, Edge’s share of all Windows 10 users was 26% in U.S.-based analytics firm Net Applications’ estimate. That was a decrease of two percentage points from December, and 10 points lower than in September.
In comparison, Net Applications’ IE-only share of all Windows users was a much more substantial 48%, or nearly double that of Edge on Windows 10. In other words, almost half of all Windows users ran a version of IE last month, while just over one-fourth of Windows 10 users ran Edge.
Because Edge works only on Windows 10, and IE only on Windows, it’s relatively easy to calculate the percentages. That’s not the case with other browsers, including Google’s Chrome and Mozilla’s Firefox, which run on multiple editions of Windows and on rival operating systems, such as Apple’s OS X.
Other measurement sources portrayed the same situation: Edge has not held up its side of the bargain for Microsoft.
Irish vendor StatCounter, for example, pegged January’s Edge global share of Windows 10 at 13%, while IE’s share of all Windows was a more substantial 19%.
A third source, the Digital Analytics Program (DAP), tagged Edge’s share of Windows 10 for January at 24%, up one point from December. According to DAP, the IE-only share of all Windows traffic was 40%.
The kit from Seeed Studios ships with separate modules that can be pieced together to create a 2G phone with a 1.54-in. LCD screen. Icons on the display can be used to make phone calls or send text messages.
There’s more to RePhone than being a fun device. The kit also is a small development board to make wearable and IoT devices with cellular communication capabilities.
The $59 kit is now shipping, and comes with a small battery and modules for a SIM card — that’s how you connect to a carrier’s network — as well as speaker, GSM, NFC and Bluetooth Low Energy. It also ships with craft paper that can be the skin of the phone.
By October, the company hopes to upgrade RePhone Kit Create with a 4G communications module, said Wells Tu, marketing director at Seeed Studio in an e-mail.
Seeed Studio, which is in Shenzhen, China, received $276,865 from 3,399 backers on Kickstarter to make the RePhone Kit Create. More than 10,000 kits have been sold so far, Tu said.
The kit has spawned interesting wearable and IoT ideas, Tu said. One project involves a homegrown traceable dog tracker, with a RePhone kit in the collar tracking and calling dogs back home through voice commands.
Another idea floated in RePhone’s forums is a simple tracking device for things not expected to move, like a parked car. The goal with RePhone is to have a basic device to allow new IoT applications to be explored, Tu said.
Most IoT development boards today have only Bluetooth or Wi-Fi capabilities. Wearable development boards like MIPS’ Creator Ci40 don’t have cellular capabilities.
The RePhone has two connectors so other modules for motion control and GPS can be attached. It has standard ports found on developer boards to attach cameras and other external devices.
Grey tin box shifter Dell wants to beef up security on its business laptops and PCs by introducing a new tool which helps to protect the BIOS from malware.
Attacks like this are rare and hard for software security to handle. Even wiping your harddrive and reinstalling software will not fix them.
Dell has introduced this new tool which makes a copy of the clean BIOS which is kept in the cloud, and compares it with snapshot with the machine’s BIOS every time it boots. If something’s been hacked or messed with it can be flagged up.
This allows the admin to be notified of the problem, and the system reverted to the clean BIOS. Dell wants to automate the entire process, but at the moment it still needs to be done manually.
Dell is making the system optional, and will cost extra for users. It will be available on Dell’s Precision and OptiPlex models, along with XPS PCs and Venue Pro tablets.
That’s because an unknown person — possibly a white-hat hacker — gained access to some of the servers that cybercriminals use to distribute the Dridex Trojan and replaced the malware with an installer for Avira Free Antivirus.
Dridex is one of the three most widely used computer Trojans that target online banking users. Last year, law enforcement authorities from the U.S. and U.K. attempted to disrupt the botnet and indicted a man from Moldova who is believed to be responsible for some of the attacks.
But their efforts caused only a temporary drop in Dridex activity, the botnet returning to full strength since then and even adding new tricks to its toolset. The Trojan can record key strokes and injects malicious code into banking websites opened on affected computers.
Dridex attacks usually start with targeted email messages that contain malicious Word documents. Those documents have embedded macros, which, if allowed to execute, connect to a server and download the Dridex installer.
Very recently, malware researchers from antivirus vendor Avira observed that some of the Dridex distribution servers were pushing out an “up-to-date Avira web installer” instead of the Trojan.
This means that some victims were lucky and instead of having their computers infected, they received a legitimate and digitally signed copy of the company’s antivirus program. However, the program’s installation is not automatic or silent, so users would have had to manually go through the installation process to get it running.
“We still don’t know exactly who is doing this with our installer and why, but we have some theories,” said Moritz Kroll, a malware expert at Avira, via email. “This is certainly not something we are doing ourselves.”
One possibility is that cybercriminals are doing this themselves in order to confuse antivirus vendors and mess with their detection processes. However, this is unlikely, as they would have more to lose than gain from helping victims secure their computers.
The more likely explanation is that this unusual incident is the work of a white-hat hacker who hijacked the Dridex distribution servers.
Firefox OS for smartphones will be retired once Mozilla wraps up version 2.6, George Roter, who leads Mozilla’s Participation Lab, said in a long message posted to the company’s website.
Firefox OS 2.6 is currently slated for a May 30 release.
Nearly two months ago, Mozilla confirmed that it wascalling it quits on Firefox OS in its current incarnation, ending more than four years of work building a browser-based, smartphone operating system.
Instead, Mozilla said that it would use the resources freed up by the shuttering of Firefox OS on smartphones to pivot toward an operating system for connected devices, the category dubbed “Internet of things,” or IoT.
“The main reason [these decisions] are being made is to ensure we are focusing our energies and resources on bringing the power of the Web to IoT,” said Roter.
Roter was more direct in explaining the reasoning for turning off Firefox OS’s spigot than were Mozilla executives in December.
“The circumstances of multiple established operating systems and app ecosystems meant that we were playing catch-up, and the conditions were not there for Mozilla to win on commercial smartphones,” Roter acknowledged. “We have decided that in order to succeed in the new area of connected devices we must focus our energy completely on prototyping the future and exploring how we can make the biggest impact in IoT.”
Ari Jaaksi, the executive who runs Mozilla’s Connected Devices group, was just as candid. “We could not create a compelling and differentiating end-user value proposition and we failed to build the full ecosystem,” he wrote on a company blog, referring to Firefox OS for smartphones.
Along with the demise of Firefox OS, on March 29 Mozilla will stop accepting submissions to its app store for Web apps that run in Firefox on Android as well as the desktop- and tablet-centric versions of the browser. Apps for those platforms now in the store will be removed on that same day; in other words, Mozilla will kill the small app ecosystem it had struggled to create.
After March 29, only apps for Firefox OS on smartphones will be available on the store. Mozilla is also dead-ending the store’s payment support, meaning that developers will have to scramble to find another payment provider or make their paid apps free.
Intel has released its annual report for 2015-16 and it contains some surprising stats.
The company has always peppered its report with juicy numbers which give us a good snapshot of the state of all the things it controls, and this year is no exception. Looking at Intel’s figures also gives us a snapshot of what the industry looks like at a wider level.
Intel CIO Kim Stevenson said: “Looking ahead, I see extraordinary opportunities for IT leaders in every industry to contribute their unique point of view, in the back room and the boardroom. We invite you to take a look inside this report at how Intel IT is seizing new opportunities to meet ever-changing market demands around the world.”
Intel’s storage capacity jumped from 106PB in 2014 to 143PB in 2015, the equivalent of over nine billion MP3 files in the space of a year.
The average number of servers in Intel data centers went up to 144,040 from 84,379 last year. That’s a phenomenal jump reflecting the sheer number of projects on the go, or moving to the cloud. A recent survey by Suse found that 80 percent of respondents intend to move their business to the cloud.
Data analytics projects using an integrated analytics platform have saved Intel an estimated $170,000 a quarter. Another area of constant advance, the mass of data we create every day, is useless if it isn’t interpreted. Data analytics looks for patterns at a rate that humans couldn’t possibly hope to match to show ways to be more economical, productive and streamlined.
The rollout of Intel’s IoT program has progressed and engineers can now perform analyses that used to take four hours in just 30 seconds. This has increased modelling capability and is expected to save 160 hours every quarter and reduce spending by $160m by 2017.
The consequence is that inventory optimization, i.e. controlling the amount of stock in hand, is expected to save the company $37m across 2015-16.
Intel security systems have successfully blocked 225 million malware events, logged over 13 billion security events every day and applied 12.2 million system patches.