Subscribe to:

Subscribe to :: TheGuruReview.net ::

Telegram App Adopts Disappear Messages Like Snapchat

July 25, 2017 by  
Filed under Mobile

Telegram, which gained notoriety for its encrypted messaging service, just upped its privacy game for users.

The app now lets you send your friends “self-destructing” photos and videos that disappear after a few seconds, the company said in a recentblog post. How long it takes for the media to go away depends on how long you set the timer for.

If this update sounds all too familiar, that’s because it’s similar to Snapchat’s ephemeral pictures and video. Snapchat isn’t unfamiliar to having its features cloned by other apps, however. In the last year, Facebook has rolled out a similar feature to Instagram, WhatsApp and its the Facebook app.

While self-destructing messages are automatic on Snapchat, Telegram requires you to set a timer (anywhere from one second to a minute) telling it when to work its magic before you send the selected media, which can only be viewed on the devices used to send and receive it. The feature doesn’t work on its Web platform.

The app’s latest move, billed as a way to improve privacy, may come at a bad time, given some governments believe the app offers a safe haven for terrorists to spread extremist ideas and plot attacks. After troubles in Russia, Telegram last week found itself banned in Indonesia, where authorities said they detected “thousands of communication activities [on Telegram] leading to terrorist activities.”

 

Did The Dow Jones Cloud Server Leak Personal Data

July 25, 2017 by  
Filed under Around The Net

A security Company called Upguard has exposed a problem with a Dow Jones server that partially exposed the details of as many as 4 million people.

This is bad news for Dow Jones and its punters. UpGuard suggests that there was some oversight in the setting up of the weak point, which could have been avoided. If it has been avoided a lot of people might be the sole owners of their own email addresses and some of their credit card details unmolested.

The UpGuard Cyber Risk Team can now report that a cloud-based file repository owned by financial publishing firm Dow Jones & Company, that had been configured to allow semi-public access exposed the sensitive personal and financial details of millions of the company’s customers,” said the firm.

“While Dow Jones has confirmed that at least 2.2 million customers were affected, UpGuard calculations put the number closer to 4 million accounts,” said UpGuard, adding that this is just the tip of the breach iceberg. 

The exposed data includes the names, addresses, account information, email addresses, and last four digits of credit card numbers of millions of subscribers to Dow Jones publications like The Wall Street Journal and Barron’s. 

“Also exposed in the cloud leak were the details of 1.6 million entries in a suite of databases known as Dow Jones Risk and Compliance, a set of subscription-only corporate intelligence programs used largely by financial institutions for compliance with anti-money laundering regulations,” the security firm added.

Other security companies have cottoned on to what is happening and have naturally thrown their tin foil propeller hats into the comment ring. Christiaan Beek, lead scientist and principal engineer at McAfee, seemed to sympathise by saying that firms face a lot of threats, but wound up blaming human error and software.

“Companies today are battling an increasingly varied threat landscape while managing huge amounts of data. It can be a challenge to keep close track of where this data resides to ensure it is secure – and in this case, one small error in the cloud resulted in a large scale exposure,” he said.

“The reality is that as companies become more focused on preventing cyber crime, they may be unconsciously shooting themselves in the foot in their efforts to be completely secure. It is not unusual for businesses to have over 10 security tools that require constant monitoring in order to ensure everything is correct – meaning that unfortunately, human error becomes a key factor in monitoring and safeguarding data.”

We have asked Dow Jones to explain itself.

Courtesy-TheInq

Court Grants FBI Right To Continue Secret Surveillance Requests

July 19, 2017 by  
Filed under Around The Net

The FBI will be allowed to continue sending surveillance orders to tech companies and ban them from disclosing those requests, an appeals court ruled Monday.

Internet company Cloudflare and wireless network operator CREDO Mobile sued the federal government to be allowed to disclose public national security letters they have received. They argued that the letters, which are administrative subpoenas issued by the government to gather information for national security purposes, are unconstitutional because they violate the First Amendment’s freedom of speech protections.

Critics of national security letters — like the Electronic Frontier Foundation, which represented Cloudflare and CREDO in the case — say they “allow the FBI to secretly demand data about ordinary American citizens’ private communications and internet activity without any meaningful oversight or prior judicial review.” Companies that receive national security letters, or NSLs, are subject to gag orders, which means they can’t even disclose they’ve received such orders unless the letters become declassified. And those gag orders last indefinitely.

A three-judge panel on a US court of appeals in San Francisco on Monday upheld a lower court ruling that NSLs can remain secret. In their unanimous ruling, they said the Supreme Court “has concluded that some restrictions on speech are constitutional, provided they survive the appropriate level of scrutiny.”

The law behind national security letters considers that disclosing the orders could result in danger to the national security of the US, interference with an investigation, interference with diplomatic relations; or danger to the life or physical safety of any person, the judges said in their opinion.

“We therefore conclude that the 2015 NSL law is narrowly tailored to serve a compelling government interest, both as to inclusiveness and duration,” the opinion said. “Accordingly, we hold that the nondisclosure requirement … survives strict scrutiny.”

Andrew Crocker, an attorney with EFF, said in a statement that he’s disappointed the court “failed to recognize that the NSL statute violates the free speech rights of technology companies that are required to turn over customer data to the FBI and banned indefinitely from ever publicly discussing the requests.”

He added that NSLs prevent companies from being open with their customers.

“Unfortunately, the Ninth Circuit avoided addressing the serious First Amendment problems with NSLs, particularly the fact that they are often left in place permanently,” Crocker said. “We’re considering our options for next steps in challenging this unconstitutional authority.”

The US Justice Department declined to comment on the ruling.

Lloyd’s Of London Sounds The Alarm On Impacts Of Cyber Attacks

July 18, 2017 by  
Filed under Around The Net

A major, global cyber attack could lead to an average of $53 billion of economic losses, a figure on par with a catastrophic natural disaster such as U.S. Superstorm Sandy in 2012, Lloyd’s of London said in a report on Monday.

The report, co-written with risk-modeling firm Cyence, examined potential economic losses from the hypothetical hacking of a cloud service provider and cyber attacks on computer operating systems run by businesses worldwide.

Insurers are struggling to estimate their potential exposure to cyber-related losses amid mounting cyber risks and interest in cyber insurance. A lack of historical data on which insurers can base assumptions is a key challenge.

“Because cyber is virtual, it is such a difficult task to understand how it will accumulate in a big event,” Lloyd’s of London Chief Executive Inga Beale told Reuters.

Economic costs in the hypothetical cloud provider attack dwarf the $8 billion global cost of the “WannaCry” ransomware attack in May, which spread to more than 100 countries, according to Cyence.

Economic costs typically include business interruptions and computer repairs.

The Lloyd’s report follows a U.S. government warning to industrial firms about a hacking campaign targeting the nuclear and energy sectors.

In June, an attack of a virus dubbed “NotPetya” spread from infections in Ukraine to businesses around the globe. It encrypted data on infected machines, rendering them inoperable and disrupted activity at ports, law firms and factories.

“NotPetya” caused $850 million in economic costs, Cyence said.

In the hypothetical cloud service attack in the Lloyd’s-Cyence scenario, hackers inserted malicious code into a cloud provider’s software that was designed to trigger system crashes among users a year later.

By then, the malware would have spread among the provider’s customers, from financial services companies to hotels, causing all to lose income and incur other expenses.

Average economic losses caused by such a disruption could range from $4.6 billion to $53 billion for large to extreme events. But actual losses could be as high as $121 billion, the report said.

As much as $45 billion of that sum may not be covered by cyber policies due to companies underinsuring, the report said.

Average losses for a scenario involving a hacking of operating systems ranged from $9.7 billion to $28.7 billion.

Lloyd’s has a 20 percent to 25 percent share of the $2.5 billion cyber insurance market, Beale said in June.

Is Open Source Winning

July 17, 2017 by  
Filed under Around The Net

Going way back, pretty much all software was effectively open source. That’s because it was the preserve of a small number of scientists and engineers who shared and adapted each other’s code (or punch cards) to suit their particular area of research. Later, when computing left the lab for the business, commercial powerhouses such as IBM, DEC and Hewlett-Packard sought to lock in their IP by making software proprietary and charging a hefty license fee for its use.

The precedent was set and up until five years ago, generally speaking, that was the way things went. Proprietary software ruled the roost and even in the enlightened environs of the INQUIRER office mention of open source was invariably accompanied by jibes about sandals and stripy tanktops, basement-dwelling geeks and hairy hippies. But now the hippies are wearing suits, open source is the default choice of business and even the arch nemesis Microsoft has declared its undying love for collaborative coding.

But how did we get to here from there? Join INQ as we take a trip along the open source timeline, stopping off at points of interest on the way, and consulting a few folks whose lives or careers were changed by open source software.

The GNU project
The GNU Project (for GNU’s not Unix – a typically in-jokey open source monicker, it’s recursive don’t you know?)  was created by archetypal hairy coder and the man widely regarded as the father of open source Richard Stallman in 1983. GNU aimed to replace the proprietary UNIX operating system with one composed entirely of free software – meaning code that could be used or adapted without having to seek permission.

Stallman also started the Free Software Foundation to support coders, litigate against those such as Cisco who broke the license terms and defend open-source projects against attack from commercial vendors. And in his spare time, Stallman also wrote the GNU General Public License (GNU GPL), a “copyleft” license, which means that derivative work can only be distributed under the same license terms –  in 1989. Now on its third iteration GPLv3, it remains the most popular way of licensing open source software. Under the terms of the GPL, code may be used for any purpose, including commercial uses, and even as a tool for creating proprietary software.

PGP
Pretty Good Privacy (PGP) encryption was created in 1991 by anti-nuclear activist Phil Zimmerman, who was rightly concerned about the security of online bulletin boards where he conversed with fellow protesters. Zimmerman decided to give his invention out for free. Unfortunately for him, it was deployed outside of his native USA, a fact that nearly landed him with a prison sentence, digital encryption being classed as a munition and therefore subject to export regulations. However, the ever-resourceful Mr Zimmerman challenged the case against him by reproducing his source code in the form of a decidedly-undigital hardback book which users could scan using OCR. Common sense eventually won the day and PGP now underpins much modern communications technology including chat, email and VPNs.

“PGP represents the democratisation of privacy,” commented Anzen Data CIO and developer of security software, Gary Mawdsley.

Linux
In 1991 Finnish student and misanthrope Linus Torvalds created a Unix-like kernel based on some educational operating system software called MINIX as a hobby project. He opened up his project so that others could comment. And from that tiny egg, a mighty penguin grew.

Certainly, he could never have never anticipated being elevated to the position of open-source Messiah. Unlike Stallman, Torvalds, who has said many times that he’s not a “people person” or a natural collaborator (indeed recent comments have made him seem more like a dictator – albeit a benevolent one), was not driven by a vision or an ideology. Making Linux open source was almost an accident.

“I did not start Linux as a collaborative project, I started it for myself,” Torvalds said in a TED talk. “I needed the end result but I also enjoyed programming. I made it publicly available but I had no intention to use the open-source methodology, I just wanted to have comments on the work.”

Nevertheless, like Stallman, the Torvalds name is pretty much synonymous with open source and Linux quickly became the server operating system of choice, also providing the basis of Google’s Android and Chrome OS.

“Linux was and is an absolute game-changer,” says Chris Cooper of compliance software firm KnowNow. “It was the first real evidence that open could be as good as paid for software and it was the death knell of the OS having a value that IT teams would fight over. It also meant that the OS was no longer a key driver of architectural decisions: the application layer is where the computing investment is now made.”

Red Hat
Red Hat, established in 1995, was among the first proper enterprise open source companies. Red Hat went public in 1999 with a highly successful IPO. Because it was willing to bet big on the success of open source at a time when others were not, Red Hat is the most financially buoyant open source vendor, achieving a turnover of $1bn 13 years later. Red Hat’s business model revolves around offering services and certification around its own Linux distribution plus middleware and other open source enterprise software.

“Red Hat became successful by making open source stable, reliable and secure for the enterprise,” said Jan Wildeboer, open source affairs evangelist at the firm.

Courtesy-TheInq

 

Only 3 Out Of The Top 500 Online Merchants Accept Bitcoins

July 14, 2017 by  
Filed under Around The Net

 

If you’ve somehow amassed cache of bitcoins and want to do some online shopping, the bad news is you probably won’t be buying much.

This year, the cryptocurrency is only accepted by three out of the top 500 online merchants, reports Bloomberg. That’s down from five from last year, making using Bitcoin to buy things from merchants a lot tougher.

The lack of merchants is puzzling, given the gains from bitcoins recently — one bitcoin is worth more than an ounce of gold — and may be a sign that the cryptocurrency is better off as an asset than currency.

The Bloomberg report also mentioned that transaction fees could be an issue why the crytocurrency is not widely accepted. With fees climbing, smaller transactions aren’t worth it compared to using other payment methods.

 

Linux Debuts Hyberledger 1.0 Blockchain Software

July 14, 2017 by  
Filed under Around The Net

The Linux Foundation’s Hyperledger project officially rolled out the Fabric 1.0, a collaboration tool for building blockchain distributed ledger business networks  such as smart contract technology.

The Hyperledger project, a collaborative cross-industry effort created to advance blockchain technology, said the Hyperledger Fabric framework can be a foundation for developing blockchain applications, products or customized business solutions

Under development for the past 16 months, Hyberledger Fabric 1.0 is ready to be used to create an immutable, secure electronic ledger in industries such as financial services for completing transactions, including clearance and settlement, and healthcare, as a way to validate where electronic patient records exist and who has  access to them.

“Fabric 1.0 will help substantially in both those use cases,” said Hyperledger’s executive director, Brian Behlendorf.

Blockchains can be encrypted or unencrypted, depending on the level of security required, but in both cases the records are auditable because the data in the database cannot be changed and is tied to each authorized participant in the chain. A blockchain, for example, could be used during the clearance and settlement process between Wall Street traders and the banks that support the transactions to verify in real time when each party has received data and agreed to the exchange of funds.

Fabric 1.0 offers a modular architecture allowing components, such as consensus and membership services, to be plug-and-play. It leverages container technology to host smart contracts called “chaincode” that comprise the application logic of the system.

Fabric has been through several release cycles or pilots with 28 of Hyperledger’s member organizations. The include The Depository Trust & Clearing Corp. (DTCC), Fujitsu, GE, Hitachi, Huawei Technologies, State Street Bank, SecureKey, IBM, SAP, and Wanda Group.

There were also contributions from 35 unaffiliated individuals. In total, 159 developers contributed to Hyperledger Fabric, Behlendorf said.

“We had to push this out and encourage companies to start using them in proof-of-concepts and pilots, and some even were happy with the data code at that time and pushed them into production,” Behlendorf said.

“After over a year of public collaboration, testing, and validation… Fabric 1.0 is a true milestone for our community,” Behlendorf said. “Fabric can now advance to production deployment and operations. I look forward to seeing even more products and services being powered by Hyperledger Fabric in the next year and beyond.”

Will NotPetya Victim Get The Files Vack

July 12, 2017 by  
Filed under Computing

The so-called ‘NotPetya’ ransomware, which was first identified in Ukraine and quickly spread worldwide, is reportedly designed to destroy data with the ransomware element intended as little more than a cover.

Security software company Kaspersky has warned that there is “little hope for victims to recover their data” if they fall victim to the ransomware bastard because the installation ID displayed in the ransomware note, sent with the ransom so that the appropriate decryption key can be sent back, is entirely randomly generated.

As a result, victims that pay the estimated £300 ransom in Bitcoin won’t be able to get their files back.

“We have analysed the high-level code of the encryption routine and we have figured Kaspersky Company in a statement.

“To decrypt a victim’s disk threat actors need the installation ID. In previous versions of ‘similar’ ransomware, like Petya/Mischa/GoldenEye, this installation ID contained the information necessary for key recovery. 

“ExPetr [Kaspersky’s name for the malware] does not have that, which means that the threat actor could not extract the necessary information needed for decryption. In short, victims could not recover their data.”

Kaspersky’s warning comes as a number of security software and services companies publish their initial analyses of the NotPetya/ExPetr malware – all coming to similar conclusions.

Kaspersky itself claims that around 2,000 organisations have fallen victim to it so far, with firms in Russia and Ukraine worst affected, although Norwegian shipping company Maesk also fell victim. The company also confirmed the use of two US National Security Agency (NSA) exploits, exposed by the Shadow Brokers group, called EternalBlue and EternalRomance, which have helped automatically propagate the malware.

People and organisations with their Windows operating systems patched up-to-date and running equally up-to-date antivirus software ought to be protected, Kaspersky added.

However, organisations that aren’t properly patched can see the malware use flaws in Microsoft’s SMB networking protocol, via the EternalBlue exploit, to infect multiple machines.

According to Kasperksy, researchers Anton Ivanov and Orkhan Mamedov, the “installation key” supposedly presented to users in the NotPetya ransom note is simply a random string.

“That means that the attacker cannot extract any decryption information from such a randomly generated string displayed on the victim and, as a result, the victims will not be able to decrypt any of the encrypted disks using the installation ID,” they warned.

That means, even paying the ransom won’t result in a decryption key being sent. “This reinforces the theory that the main goal of the ExPetr attack was not financially motivated, but destructive,” they added.

Likewise, Matt Suiche, founder of cloud security company Comae Technologies, agreed. “The ransomware was a lure for the media. This variant of Petya is a disguised wiper,” he warned. 

He added: “The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money. Different intent. Different motive. Different narrative.

“Ransomware has the ability to restore its modification such as (restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays) – a wiper would simply destroy and exclude possibilities of restoration.”

The key presented in the ransomware note, he also confirmed, is “fake and randomly generated”.

He added that the ransomware element was probably intended to distract attention from the idea that a nation-state attacker of some sort was behind it, citing the Shamoon malware in 2012, while the attacker simply repacked existing ransomware. 

Not everyone is convinced that the NotPetya malware is state sponsored, however, with software engineer and malware analyst @hasherezade on Twitter suggesting that the author of the original Petya might be behind it. ‘

Courtesy-TheInq

Is The Gaming Industry Going Through A Nostalgic Summer

July 12, 2017 by  
Filed under Gaming

I had been repeating that this summer for games offers little outside of some decent Nintendo titles.

“You keep forgetting Crash Bandicoot,” said my retail friend.

I laughed. “Sure, it’s a nice piece of nostalgia,” I reasoned. “But it’s hardly going to set the market alight.”

“Pre-orders are brilliant,” came the reply. “We’ve upped our order twice. I think it’s going to be the biggest game of the summer.”

I shouldn’t be surprised. We’ve written extensively about the marketplace’s current love of nostalgia, and that trend only seems to be accelerating. In the last two weeks alone, we’ve seen the news that original Xbox games are coming to Xbox One, the reveal of the Sega Forever range of classics for smartphones, and now the best-selling SNES Mini.

The trend isn’t new. Classic re-releases have been standard for over a decade. However, the recent surge in nostalgia can be traced back to the onset of Kickstarter and the indie movement, which brought with it a deluge of fan-pleasing sequels, remakes and spiritual successors.

The trend reached the mainstream around the 20th anniversary of PlayStation, with Sony tapping into that latent love for all things PS1. And today, nostalgia is a significant trend in video games. Look at this year’s line-up: Sonic Mania, Yooka-Laylee, Super Bomberman, Wipeout, Crash Bandicoot, Thimbleweed Park, Micro Machines, Metroid II… even Tekken, Mario Kart and Resident Evil have found their way to the top of the charts (even if they never really went away).

It’s not just software, either. Accessories firms, hardware manufacturers and merchandise makers are all getting in on the act. I even picked up a magazine last week (on the shelves of my local newsagent) dedicated to the N64. This is the industry we live in.

Nostalgia has manifested itself in several different ways. We’ve seen re-releases (Xbox Originals, Sega Forever, NES Mini, Rare Replay), we’ve seen full remakes and updates (Crash Bandicoot, Final Fantasy VII, Resident Evil 2), plus sequels and continuations (Elite Dangerous, Shenmue 3). We’ve seen a plethora of spiritual successors (Yooka-Laylee, Bloodstained, Thimbleweed Park) and we have also witnessed old-fashioned game elements re-introduced into modern titles (split-screen multiplayer, for instance).

It’s not just games. We’ve recently seen nostalgia-tinged TV such as Twin Peaks, Stranger Things and X-Files, plus the cinematic return of Ghostbusters, Baywatch, and Jurassic Park. Yet this trend isn’t so new for film and TV (or music, either). And that’s because they’re older mediums. The demand for nostalgia tends to come from those aged 30 or above, and with video games being such a young industry, we’re only starting to see the manifestation of this now.

It’s perhaps also more significant in games because of just how different the experiences of the 1990s are to what we have today. In terms of tech, visuals, genre and connectivity, video games have moved so quickly. We simply don’t get many games like Crash Bandicoot or Wipeout anymore, which makes the demand for them even more acute.

Can it last forever? Or is this destined to be another gaming gold mine that gets picked to death? It’s difficult to say. Nostalgia isn’t like MMOs or futuristic shooters. This isn’t a genre, but an emotion ‘sentimental longing for a period in the past’. In theory, the clamour for old games and genres should get broader. In ten years’ time, those brought up on a diet of DS and Wii will be approaching 30. They’ll be reminiscing of the times they spent on Wii Sports and Viva Pinata. And the nostalgia wheel turns again.

Nevertheless, what we’re starting to see now is changing expectations of consumers. No longer are they pandering to every Kickstarter that promises to resurrect a long lost concept (sorry Project Rap Rabbit), and they will not tolerate a nostalgic releases that fails to deliver (sorry Mighty No.9). Lazy ports or half-hearted efforts will not win you any fans. If you want good examples of how to do it, look at Nintendo with the inclusion of Star Fox 2 in the SNES Mini, or the documentaries hidden in Rare Replay, or the special PS1-style case that Sony created for the new Wipeout. This is the games industry and the same rules apply. You cannot get away with rubbish.

Of course, big companies can’t live off nostalgia alone. Nintendo can’t build a business from just re-selling us Super Mario World (even if it seems to try sometimes). These moments of retro glory can often be fleeting. Will a new lick of paint on Crash Bandicoot revitalise the brand and deliver it back to the mainstream? It’s not impossible, but unlikely. More often than not you see a brief surge in gamers reminiscing over a time gone by, and then the IP drifts back to the era from which it was plucked. Musical comebacks are often short-lived and movie remakes are, typically, poorly received.

Yet there are exceptions every now and then. Major UK 1990s pop group Take That made its big comeback in 2006, but it did so with a modernised sound that has seen the band return to the top of the charts and stay there for over 10 years. In 2005, the BBC’s Doctor Who returned after 16 years. It was faster paced and far more current, and it remains a permanent fixture on Saturday night TV.

And last year’s Pokémon Go, which stayed true to the IP whilst delivering it in a new way and through new technology, has elevated that brand to the heights not seen since the late 1990s.

“Nostalgia is a seductive liar, that insists things were far better than they seemed. To be successful with it in the commercial world, you need to keep that illusion alive”

They say nostalgia is a seductive liar, that insists things were far better than they seemed. To be truly successful with it in the commercial world, you need to keep that illusion alive. You must create something that looks and sounds like it comes from a different era, but actually plays well in the modern age. And that’s true whether it’s Austin Powers or Shovel Knight.

Indeed, nostalgia isn’t always about the past, it can help take us into the future. One unique example comes in what Nintendo did with The Legend of Zelda: A Link Between Worlds. The company altered the traditional Zelda formula with that 3DS game, and made it more palatable to fans by dressing it in the same world as 1991’s A Link To The Past. It worked, and set the company up to take an even larger risk with its seminal Breath of the Wild.

If the SNES Mini taught us anything, the clamour for all things 1990s remains strong. For developers and publishers who were smart enough to keep hold of their code from that era, they may well reap the benefits.

However, there’s a broader market opportunity here than just cashing in on past success. There’s a chance to resurrect IP, bring back lost genres, and even rejuvenate long-standing brands in need of innovation.

It’s a chance for the games industry to take stock and look to its past before embarking on its future.

Courtesy-GI.biz

Toshiba Launches 4-bit NAND Flash Memory

July 11, 2017 by  
Filed under Computing

Toshiba has announced the latest generation of 3D flash memory, the 4-bit-per-cell, quadruple-level cell (QLC) technology NAND flash memory.

Thanks to the QLC technology, which features a 64-layer stacked cell structure, Toshiba managed to hit the world’s largest die capacity of 768Gb/96GB. This also enables a 1.5TB (terabyte) device with a 16-die stacked architecture in a single package, which is also a 50 percent increase in capacity per package compared to the earlier generation.

Since QLC NAND flash suffers from the same, if not worse issues as the MLC NAND, which is how to push data into a single cell without affecting the reliability and performance, it remains to be seen if SSDs based on QLC NAND flash memory will actually hit the cost/performance sweet spot.

We suspect that these drives will mostly be focused on data centers, where lower power consumption and footprint are a premium, but eventually we will see it in other markets.

According to Toshiba, samples of the QLC device started shipping earlier in June to SSD and SSD controller vendors for evaluation and development purposes while further samples will be showcased at the upcoming Flash Memory Summit 2017 in August.

Courtesy-Fud

AES Encryption Gets Cracked

July 7, 2017 by  
Filed under Around The Net

Dutch researchers have discovered a way of cracking AES-256 encryption using reasonably cheap gear and wireless tech.

Fox-IT explains that it, and an other company called Riscure, have created a new method for slurping up security that is enabled through proximity and relies on the monitoring of electromagnetic signals in what is known as a side channel attack.

Researchers put together a piece of kit worth less than $200 and were able to wirelessly extract secret AES-256 encryption keys from a distance of one metre. They said that the attack can be carried out by people on all budgets and with all kinds of means.

“The recording hardware can range from extremely high-end radio equipment, down to €20 USB SDRs. We have found that even the cheap USB dongles can be used to attack software implementations!” they said. “This is not a game exclusively for nation states, but also anyone with pocket money and some free time (PDF).”

Usually, such an attack would require direct access and manipulation, but Fox-IT found that it was possible just to swan past the target with a bag of SDR, amplifiers, filters, and an antenna and catch a winner in record time.

“Using this approach only requires us to spend a few seconds guessing the correct value for each byte in turn (256 options per byte, for 32 bytes — so a total of 8192 guesses),” boasts the firm.

“In contrast, a direct brute-force attack on AES-256 would require 2^256 guesses and would not complete before the end of the universe”

The next challenge is distance. Currently, Fox-IT has met reached a goal of 30cm but says that a full meter is a possibility given the right circumstances.

“Our work here has shown a proof of concept for TEMPEST attacks against symmetric crypto such as AES-256. To the best of our knowledge, this is the first public demonstration of such attacks. The low bandwidth requirements have allowed us to perform the attack with surprisingly cheap equipment (€20 radio, modest amplifiers and filters) at significant distances,” it added.

“In practice this setup is well suited to attacking network encryption appliances. Many of these targets perform bulk encryption (possibly with attacker controlled data) and the ciphertext is often easily captured from elsewhere in the network.”

Courtesy-TheInq

GTA V Still Riding High In England

July 6, 2017 by  
Filed under Gaming

GTA V unit sales dropped 10% this week (in terms of boxed sales), and yet the game still returned to the top of the UKIE/GfK All-Formats Charts.

It was a very poor week for games retail in general, with just 171,389 boxed games sold across the whole market. The lack of new releases is the main reason for the drop, and that’s a situation that won’t be getting any better during the course of the summer.

The only new games in the Top 40 are 505 Games’ Dead by Daylight at No.16, Final Fantasy XIV: Stormblood at No.23 and Ever Oasis at No.28.

Although the data shows a difficult week, there were a few positives. Dirt 4, after a disappointing first week, is showing some resilience. The Codemasters game is now at No.2, although sales did drop 49% week-on-week.

Mario Kart 8 Deluxe is back at No.5 with a 45% jump in sales, driven by an increase in available Switch stock, while The Legend of Zelda: Breath of the Wild had a 68% sales jump (but still sits outside of the Top Ten at No.12).

And Ubisoft’s Tom Clancy’s Ghost Recon: Wildlands returns to the Top Ten after a 31% sales boost, driven by price activity at games retail.

Elsewhere, Horizon: Zero Dawn, which was No.1 last week, has dropped down to No.8. The game had been on sale for several weeks, but now it has returned to a premium price point. Tekken 7 has dropped to No.10, while Wipeout Omega Collection, which was No.1 just three weeks ago, has now fallen to No.14.

Courtesy-GI.biz

Do IoT Device Owners Ever Change The Default Password

June 30, 2017 by  
Filed under Around The Net

15 percent of the people who own Internet of Things (IoT) devices don’t bother changing the default password, Postive Technologies has revealed.

Crap passwords are a problem, too, with Positive Technologies also revealing that just five of the most popular username and password combinations are enough to get administrative access to one out of every 10 devices, according to research by cyber security company Positive Technologies.

Therefore, the default and most popular pairings go hand-in-hand. They are: admin/admin, admin/0000, user/user, root/12345 and support/support.

This means that millions of devices, from DVRs to IP cameras, are extremely vulnerable, and malware coders that want to build botnets can use a list of default passwords to easily gain access to these devices and add them to a botnet of IoT equipment which can then be used as a distributed-denial-of-service (DDoS) weapon on a particular network.

This is how the Mirai botnet began; IoT devices had been infected by attacks on Telnet ports 23 or 2323 using a list of 62 standard passwords. After connecting to the network, each infected device started scanning for randomly generated IP addresses.

What followed were huge DDoS attacks on journalist Brian Krebs, DynDNS, Liberia, Deutsche Telekom and a US college. The botnet reportedly encompassed 380,000 devices simultaneously and the key issue here was that there was no requirement for non-factory set passwords on these devices.

Other IoT malware campaigns use similar tactics to Mirai – adding other username and password pairs onto the list to improve its chances to expanding the botnet.

However, even once they gain access, the botnet code is not stored in long-term memory and therefore doesn’t survive a restart of the infected device.

This could change in the months to come, as security specialists at Pen Test Partners said they have discovered a new vulnerability that could enable the Mirai IoT worm and other IoT malware to survive between device reboots – creating what would be a far more resilient or even permanent IoT botnet.

Courtesy-TheInq

Twitter Detects Crime Faster Than Police, Says Researchers

June 29, 2017 by  
Filed under Around The Net

Social media may be a useful tool in helping law enforcement maintain peace and order.

Twitter can identify riots and other violent activities minutes or even over an hour before the police are notified, according to a study released Tuesday by Cardiff University.

Researchers at Cardiff University analysed 1.6 million tweets relevant to the 2011 London riots. In the town of Enfield, police received reports of disorder an hour and 23 minutes after computer systems could have picked up the same information from Twitter, according to the study.

“In this research, we show that online social media are becoming the go-to place to report observations of everyday occurrences — including social disorder and terrestrial criminal activity,” said co-author of the study, Dr Pete Burnap.

He added that, while the study demonstrates that new technologies can be leveraged to support “more established policing methods,” social media will “never” replace traditional resources.

Social media has increasingly been used by the police in crime fighting efforts. In 2013, police turned to social media and called for the public to submit information about the Boston Marathon Bombing to aid in investigation. More recently, in Thailand, the Immigration Bureau received a tip-off from the Line messaging app in May, which led to the arrest of two Vietnamese suspected of overstaying their visas. In New Hampshire, a video posted to Facebook by the police earned them “dozens of tips” that helped identify a suspect in a crime, it was reported last week.

Microsoft Turns To Artificial Intelligence For Next Anti-virus Software

June 29, 2017 by  
Filed under Computing

Microsoft is relying on artificial intelligence to create the next generation of antivirus software.

The company is under massive pressure to deliver a cybersecurity solution that will work for millions of computers, as hackers ramp up attacks and raise the stakes. In recent weeks, for example, the WannaCry ransomware devastated more than 200,000 computers worldwide, many of which were running outdated versions of the Windows operating system.

This led Microsoft to release updates in mid-June to fix vulnerabilities identified by the National Security Agency, allowing older systems to protect against “potential nation-state activity.”

To prevent the next global malware crisis, an upcoming update will rely on machine learning from more than 400 million computers running Windows 10, Microsoft said Tuesday.

In its Fall Creators Update, Microsoft will use a wide range of data coming from its cloud programs such as Azure, Endpoint and Office to create an artificial intelligence antivirus that can pick up on malware behavior, said Rob Lefferts, director of program management for Windows Enterprise and Security. The upgrade is coming to Windows Defender Advanced Threat Protection, with new features like browser-focused Application Guard and cloud-related Device Guard and Exploit Guard.

If new malware is detected on any computer running Windows 10 in the world, Microsoft said it will be able to develop a signature for it and protect all the other users worldwide. The first victim will be safe as well because the virus will be set off in a virtual sandbox on the cloud, not on the person’s device.

Microsoft sees artificial intelligence as the next solution for security as attacks get more sophisticated.

“If we’re going to stay on top of anything that is changing that fast, you have to automate,” Lefferts said.

About 96 percent of detected cyberattacks are brand new, he noted.

With Microsoft’s current researchers working at their fastest pace, it can take a few hours to develop protections from the first moment they detect malware.

It’s during those few hours when people are really hit by malware. Using cloud data from Microsoft Office to develop malware signatures is crucial, for example, because recent attacks relied on Word vulnerabilities.

After Microsoft claimed that its new Surface Laptop could not be hit with ransomware, CNET sister site ZDNet hired a hacker to do just that, using a Word exploit. With the artificial intelligence update, Microsoft said that won’t happen again.

“If Word were to start allocating memory in big chunks, when it never does, we would be able to detect that,” Lefferts said. “We built the machine learning models around common applications like Word.”

The security features will only be available for enterprise customers and businesses at first, but the expectation is to roll it out for all customers eventually.

The update will also bring new protections for the browser — where viruses like Fireball have infected more than 5 million devices — but only for those using Microsoft Edge.

Next Page »