Wednesday, August 1, 2012

New hack could literally move a plane in flight

You don’t often hear about planes crashing in mid-air. The systems they have in place have done a fairly good job at keeping passengers safe. But safety and security are two different things, and while the systems may work, one researcher has found they are scarily easy to hack.
“This is like shooting fish in a barrel. If you’re not scared about this, you should be,” said researcher Nick Foster at the Def Con conference in Las Vegas. “Without encryption without any bottom security and protocol, it’s just not hard.”
The systems that keep planes from running into each other are called Automatic Dependent Surveillance Broadcast and there are two types ADS-B In (the transmissions sending information to the planes) and ADS-B out (the transmissions sending information to the tower). Both of these transmission types are unencrypted and unauthenticated — meaning  the transmissions between the plane and tower are not protected and there’s no way to prove it actually came from the plane or the tower. Anyone can listen to these transmissions and monitor where planes are going and how fast.
Renderman, or Brad Haines, discovered this blatant vulnerability after checking out Planefinder AR, an app that lets you hold your phone to the sky and see where the flights overhead are going. He wondered where the app got its data, and found a number of websites that aggregated data from users. These users set up ground stations, collect data from flights going over, and feed the data into the site’s database.
So, what can people do with that information? Hack it, of course.
If you have access to the transmissions being sent to the tower, who is to say you can’t fuzz the information, add a bit of your own data to the real data. For example, you could tell air traffic control that there was a plane headed straight for the tower, though no plane existed. You could also potentially jam the system by adding fifty more planes to the control tower’s systems, which could send the operators scrambling or overload the system. You could also duplicate a real flight headed through the area. This is dangerous if the tower operators decide to ignore the right flight data, thinking it was a glitch in the system.
Pilots in flight can be messed with as well. A hacker could alert pilots to a fake plane headed straight for it. They could also spoof the GPS, which pilots depend on to know where they are in the skies. We saw GPS spoofing recently when Iran landed a U.S. drone flying in the vicinity. The country’s engineers were allegedly able to hack into the drone’s systems, make it think it was in its landing location and landed the drone within its borders.
Haines stressed, “for the love of Spongebob do not try anything you’re about to see.” He wanted to make this public so that the airline industry can patch up its leaky ship — encrypt and protect this information.

via Venturebeat.com 

Monday, July 16, 2012

Yahoo fixes glitch that let hackers access half a million passwords

Yahoo has fixed a glitch in its security software which allowed hackers access to 450,000 email addresses and passwords which they then leaked online last week.


The beleaguered technology giant claims it has now solved the problem.
In a statement on the company blog, a spokesman for Yahoo wrote: “Yahoo! recently confirmed that an older file containing approximately 450,000 email addresses and passwords was compromised. The compromised information was provided by writers who had joined Associated Content prior to May 2010, when it was acquired by Yahoo. (Associated Content is now the Yahoo! Contributor Network.) This compromised file was a standalone file that was not used to grant access to Yahoo systems and services.
“We have taken swift action and have now fixed this vulnerability, deployed additional security measures for affected Yahoo! users, enhanced our underlying security controls and are in the process of notifying affected users. In addition, we will continue to take significant measures to protect our users and their data.”
David Emm, senior security researcher at Kaspersky, said: "Unfortunately, many people use the same password for multiple online accounts. This brings with it the risk that a compromise of one account puts all their accounts at risk. We would urge everyone to use a unique, complex password for all online accounts, i.e. one that is at least eight characters and mixes letters, numbers and symbols." 


Sunday, July 15, 2012

Wikimedia may be launching its own online travel guide

The Wikimedia Foundation has decided to create a travel guide in the mold of its non-profit, user-written and search engine results-hogging Wikipedia.

The free encyclopedia often dominates the upper tiers of Google search results pages, and the launch of a still-unnamed Wikimedia travel guide could have substantial implications for travelers seeking free destination advice — and guidebook publishers such as LonelyPlanet — if the new project garners any kind of comparable clout.

Imagine a free TripAdvisor focused on travel destinations, where masses of travelers could update information during or after their hotel stay, tour or private meanderings around town, and share it with the world under the supervision of seasoned administrators.

The foundation’s board of trustees on July 11 approved a proposal to launch an advertisement-free travel guide and community members noted that 31 of the 48 administrators of the Internet Brands-owned Wikitravel have expressed interest in joining forces with the Wikimedia Foundation’s travel guide website.

Wikitravel is considered the current leader in travel wikis, but its advertisements and monetization efforts may turn off travelers and would-be contributors.

In addition, the introduction to a community discussion about the travel guide proposal argues that Internet Brands has failed to keep pace with the times and that Wikitravel suffers from a “lack of technical support/feature development.”
Internet Brands didn’t respond to a request for comment.

Tuesday, July 10, 2012

Beliefs and Misbeliefs about Open Source Software

What does “open source” mean? With open source software being so prevalent in our lives (Android, WordPress, Mozilla Firefox are almost fixtures), you would think that it would be simple enough to find somebody who can explain the term around here.
A quick survey around the office turned out dismal results, however. A fellow intern told me “open source software” simply meant that the source code is open for view; another insisted that it means the software is free to use. I personally had the impression that it meant the code was crowd sourced and created by volunteer developers–the idea was immediately shot down by the other two. So what, really, does “open source” mean?

Cash prizes to reward young Pi programmers

Children and young people getting to grips with the bare-bones Raspberry Pi computer could win cash prizes for their programming prowess.

Prizes of $1,000 (£645) will be given to the child and teenager who have written the best software for the Pi.

The first competition runs for two months, but in the future the Pi foundation will run weekly contests.

Government Agency Recruits Via the Source Code of Its Web Page

The Consumer Financial Protection is looking for a few good technology and design fellows to help them out. Where might they find ideal candidates? Perhaps in the pool of people who go to their website AND want to see the code behind the page. So, they inserted an advertisement for their fellowship program into the source for the site. This is, effectively, a hidden ad targeted only at the kind of nerds who "view source." Very clever.*

The New Price Of A Web Ad: Free?

Here’s how hard it’s gotten to make money selling advertising on websites: Some industry experts think there may be more profit in giving them away for free.

That’s what a couple veterans of the online ad space tell Reuters. A story about Microsoft’s $6.2 billion write-down of aQuantive, the ad network it purchased five years ago, notes that the average rate charged for the sort of ads that aQuantive sells has fallen by about 15% in the last two years and more than 50% since 1998.

Monday, July 9, 2012

8 ways to send email more effectively

How many emails do you receive each day? 20? 50? Over 100?  How many do you pay attention to? How many lead you to take action?  If you are like me, very, very few.  As a teacher at IESE Business School and an entrepreneur with four businesses, I’m overwhelmed by email. I cannot and do not read them all.

Email overload is a widespread challenge.  In 2010, 294 billion emails were sent per day for a total of 90 trillion in the full year. 1.9 billion users sent an email during 2010.

HP launches an all-in-one consumer desktop that you’ll envy

Hewlett-Packard is announcing a new all-in-one consumer desktop under its Envy brand that caters to high-end consumers.

The 23-inch desktop has a sleek design and cool features and is the first time that HP has brought its high-end designs from its game PCs and notebooks to its desktop all-in-one line-up. The launch is part of a broader line-up of commercial desktops and back-to-school consumer desktops.

Sunday, July 8, 2012

Android vs. iOS: A Developer’s Perspective

What follows is a very brief synopsis of my experience developing an app for Android and then porting it to iOS. Please remember that my opinions are but a single data point.
 After you’ve remembered that, feel free to promptly forget it and start the flame wars in the comments section. If my coding skills are lacking and I’m missing a simple way to do something I claim is impossible, feel free to let me know that too.

The App
Challenge 1: Launch App in Background when device is plugged in
Challenge 2: Track movement using GPS
Challenge 3: Notify the User.............

Wednesday, July 4, 2012

J.K. Rowling reveals new book cover for first novel for adults, The Casual Vacancy

PUBLISHERS have released the cover of the new J.K. Rowling novel set for worldwide release in September. 

The Casual Vacancy will be the Harry Potter author's first offering aimed primarily at adults.

The novel is set in the fictional English town of Pagford and deals with the unexplained death of a village resident.
The cover released yesterday is......

Saturday, June 30, 2012

Google Just Declared War On These 12 Products

Google just announced several new devices and services at its annual I/O conference.
Many are direct competitors with products from Apple, Microsoft, and other Silicon Valley giants.
One Google executive even called out Microsoft at one point.

Saturday, June 23, 2012

Computer virus hits office printers

Is your printer spewing gibberish? Could be malware

Office printers spew reams of garbage as 2-year-old Trojan runs wild

Malware that is triggering massive print jobs is found primarily on computers in the U.S. and India, but other countries in Europe and South America as well.
(Credit: Symantec)

 

Computer printers around the world are spewing garbage following a flare-up of a strain of malware first detected two years ago, Symantec warns.
A spike in infections by the Milicenso Trojan has hit businesses in the US, India, Europe and South America over the last two weeks or so – resulting in a massive, wasted print jobs at affected organisations.

The malware is programmed to generate print jobs featuring reams of garbage characters from infected PCs until connected printers run out of paper.
The Milicenso Trojan – first detected in 2010 – has previously been used to distribute adware targeting French-speaking users. In these cases, users of infected machines get deluges with dodgy pop-up ads and other crud.
In a blog post published on Thursday, Symantec describes Milicenso as a "malware delivery vehicle for hire". The malware is typically distributed in either infected email attachments or malicious scripts on often otherwise legitimate websites. These scripts push malware under the guise of video codecs supposedly "needed" to view content on compromised sites, and other similar ruses.
Symantec reckons the massive print jobs associated with the latest outbreak of the Trojan are a "side effect" of the infection rather than the main goal of the cybercrooks behind the outbreak.
A blog post by the security firm explains how massive print runs are generated from infected machines. Printed files contain what appears to humans as gibberish because they are sourced from files in the virus's main directory, as Symantec explains.
During the infection phase, a .spl file is created in [DRIVE_LETTER]\system32\Spool\PRINTERS\[RANDOM].spl. Note the Windows’ default print spooler directory is %System%\spool\printers. The .spl file, while appearing to be a common printer spool file, is actually an executable file and is detected as Adware.Eorezo. Depending on the configuration, any files, including binary files, created in that folder will trigger print jobs. This explains the reports of unwanted printouts observed in some compromised environments. Based on what we have discovered so far, the garbled printouts appear to be a side effect of the infection vector rather an intentional goal of the author.
The annoying and wasteful garbage printing behaviour will obviously draw attention towards infected machines while making malware removal a top priority – something cybercrooks normally go to great pains to avoid. The latest strain of the Milicenso Trojan, like others before it, is programmed to redirect surfers through various ad-related websites. "In our investigation, we observed various French sites being displayed at the end of the redirect chain," Symantec reports.
Those distributing the malware are likely doing so in order to get their slice of online advertising revenues dishonestly generated through the Trojan, which is likely to be a lot less than might otherwise be the case thanks to the paper-spewing side effect associated with the latest strain of the Milicenso Trojan.

 

Hackers take credit for colossal Twitter crash

It’s alright, Twitter users. We can all breathe again. The major microblogging site mysteriously went offline mid-day Thursday, and Silicon Valley reps now say that a bug was the culprit behind the crash. Some hackers, however, say otherwise.
 On the record, Twitter says that the major malfunction that crippled the social media site on Thursday can be blamed on a “cascading bug,” a glitch that Vice President of Engineering Mazen Rawashdeh explains as being able to quickly spread throughout several elements that make the site run, causing the entire network to crash. In a blog post published late Friday, Rawashdeh writes that neither an overload of traffic nor an attack from hackers hindered the site, and that the company is “currently conducting a comprehensive review to ensure that we can avoid this chain of events in the future.”
According to some Twitter users, though, the company is just trying to cover up for a cleverly orchestrated distributed denial of service (DDoS) attack, a maneuver that overloads servers with constantly accumulating traffic until the computers can no longer handle the demand. The Underground Nazi Hacktivist Group, or UGNazi, is crediting themselves with taking Twitter offline.
“We just #TangoDown'd twitter.com for 40 minutes worldwide!” reads a tweet from the hacktivist group sent out on Tuesday during the midst of the massive crash, which in some areas lasted for over an hour. An administrator of the @UG account followed up the claim on Friday, writing, “When a company has the chance of deniability, they will take the chance to do so.”
In an email sent to Computerworld and other websites, a representative claiming to be a member of the UGNazi hacking group once more assumed responsibility, claiming that the collective was indeed involved in the crash and was able to cause it by way of a DDoS assault. In an excerpt from a separate email published by Computerworld, an UGNazi member says that the attack was made on the site due to Twitter’s support of the controversial Cyber Intelligence Sharing and Protection Act, or CISPA.
"Twitter supports the CISPA bill and we wanted to show what we really are capable of," reads the message.
According to InformationWeek.com — who also received the email — the message continues, “Twitter moved to multiple servers today to try and migrate [sic] the attack . . . It was not a bug."
On UGNazi.com, the group claims to have targeted Comcast, NASDAQ, BP and Google in the past.
Responding to the latest claim, Garnet security analyst Lawrence Pingree tells Computerworld, "If a company is being taken down by a third party, I don't really see them blaming themselves.”
“Are [hacking groups] capable? Yeah. Denial of service isn't something you can completely stop [but] it's hard to say if there was an attack,” he adds.
In the past, DDoS attacks credited to hacktivists aligned with the Anonymous collective have crippled the website for the Central Intelligence Agency, the US Department of Justice, Universal Music Group, the US Copyright Office, Warner Music, BMI, and the Recording Industry Association of America (RIAA). Jay Leiderman, a California-based attorney that has represented alleged Anonymous activist Commander X, has equated DDoS attacks as being on par with a “digital sit-in.”
"Ultimately, the only organization that knows the truth is Twitter, and there is no reason to believe the statements they have made are not true," Chet Wisniewski, senior security adviser at Sophos, adds to ComputerWorld. "It is difficult to determine the exact nature of the outage from the outside, but my personal experiences during the outage are more consistent with Twitter's explanation."

Flame can sabotage computers by deleting files, says Symantec

The virus can not only steal data but disrupt computers by removing critical files, says a Symantec researcher.

The infamous Flame virus can delete files from a computer and is likely the cause of a cyberattack against Iran in April, according to new findings.
Flame was originally identified for its ability to steal data and capture information from keystrokes, PC displays, and audio conversations.
But a new component of Flame uncovered by security firm Symantec gives its operators the power to delete important files from compromised computer systems, Symantec researcher Vikram Thakur revealed yesterday.
Such power means that the virus can disrupt critical software and "completely disable operating systems," Reuters reported based on Thakur's findings.
"These guys have the capability to delete everything on the computer," Thakur said, according to Reuters. "This is not something that is theoretical. It is absolutely there."
If true, Flame can be used as a weapon against nations to attack vital infrastructure systems, such as dams, chemical plants, and manufacturing facilities, Reuters added. And it could have been used as a weapon against Iran this past April.
Boldizsar Bencsath, an expert on cyber warfare with Hungary's Laboratory of Cryptography and System Security, told Reuters that there was at least a 20 percent chance that Flame was behind the attack against Iran.
Reportedly discovered by Kaspersky Labs, Flame targeted Iran and countries in the Middle Eastby infecting a host of computers across the region. CEO Eugene Kaspersky compared the new malware to its Stuxnet predecessor and said it seemed to be state-sponsored.
Some reports have named United States and Israel as the sources behind Flame.
In response, the U.S. has remained mum. Israel has denied any involvement despite comments by prime minister Moshe Ya'alon that countries concerned about Iran's nuclear program might use such cyberattacks "to harm the Iranian nuclear project."

What Nintendo needs to do to make a comeback

Can the Wii U fix Nintendo's problems, or will the company have to do something more drastic?

Nintendo is one of the most iconic companies in gaming, but it faces the real possibility of oblivion if it doesn't find a way to turn its fortunes around.
In October 2007, less than a year after the release of its blockbuster Wii console, Nintendo was worth $78.50 per share. That equated to a market cap of $85 billion -- double the value of Sony at the time.
However, Nintendo's fortunes have only gone south since then. With Wii sales cooling and mobile apps the hot trend in gaming, Nintendo's stock collapsed this month to $14.50 per share, leaving it with a market cap of just $14.8 billion, a fifth of its value in 2007.
Super Mario just isn't so super anymore.
What happened to Nintendo, a company that has been around for 123 years? A variety of trends have dramatically changed the gaming industry over the last 5 years:
  1. Mobile gaming is growing. Nearly half of smartphone users say they play a mobile game daily. That's great for Apple, but not so great for Nintendo, which has yet to release a game for iOS or Android.
  2. Social gaming has grown into a multibillion dollar industry, though its growth is slowing.
  3. Console gaming sales have collapsed across the board.
  4. The Nintendo 3DS, the company's most recent handheld gaming device, failed to meet expectations, forcing Nintendo to cut its price to boost sales. Sales are now picking up, but it's simply not generating as much revenue as Nintendo had hoped.
The end result? Nintendo posted its first ever annual loss, losing $533 million during its last fiscal year.

Nintendo needs a 1 Up Mushroom

It's clear Nintendo is suffering, but how does it regain its mojo?

Nintendo 3DS XL to pop out August 19 for $199.99

The new game device will come with a 4.88-inch display on top and a 4.18-inch screen on the bottom. Wait, what? It's bigger, but there's just one thumbstick?
  Nintendo's new 3DS XL, alongside the 3DS. (Credit: Screen capture by Don Reisinger/CNET)

Nintendo has announced a new entry in its portable game lineup.
Dubbed the Nintendo 3DS XL, the device delivers the same glasses-free 3D experience as its predecessor, the 3DS, but comes with much larger screens. According to Nintendo, the upper display will come in at 4.88 inches, while the lower screen will be 4.18 inches. The 3DS currently has a 3.53-inch upper display and a 3.01-inch lower screen.
Rumors had been swirling for quite some time that Nintendo was planning to launch a 3DS with larger screens. However, last week, gaming icon Shigeru Miyamoto tried throwing reporters off the scent when he told IGN in an interview that he was "satisfied with the 3DS hardware as it is," adding Nintendo was already working on its successor to the handheld.
With larger screens comes a heftier price tag for the 3DS XL. The bigger version will be available for $199.99, up from the current $169.99 price tag for the 3DS. However, the 3DS XL will come with a 4GB memory card to sweeten the pot a bit.
One of the most surprising things about the 3DS XL, however, might be what Nintendo left out: the second analog stick. After the 3DS launched with only one thumbstick, developers complained that it limited their ability with the device. To address that issue, Nintendo earlier this year launched the 3DS Circle Pad Pro for $20, which effectively hooks on to the handheld to add a second thumbstick. With the XL, Nintendo had every opportunity to include a second thumbstick, but has apparently decided against it.
Nintendo's 3DS XL is launching in North America on August 19. Nintendo plans to launch New Super Mario Bros. 2 on the same day.

Apple App Store Launches in 32 More Countries

At its Worldwide Developer Conference, Apple CEO Tim Cook said that the App Store would be hitting another 32 countries by month's end. Now it looks like the company is making good on its promise.
Apple on Thursday expanded the App Store's reach to 32 new territories in Africa, Europe, and the Asia-Pacific region, 9to5Mac reported, citing an email sent to registered iOS and Mac developers. At this point, a total of 155 territories have access to the App Store.
The full list of new App Store countries includes: Albania, Benin, Bhutan, Burkina Faso, Cambodia, Cape Verde, Chad, Republic of the Congo, Fiji, Gambia, Guinea-Bissau, Kyrgyzstan, Laos, Liberia, Malawi, Mauritania, Federated States of Micronesia, Mongolia, Mozambique, Namibia, Nepal, Palau, Papua New Guinea, São Tomé and Príncipe, Seychelles, Sierra Leone, Solomon Islands, Swaziland, Tajikistan, Turkmenistan, Ukraine, and Zimbabwe.
At WWDC, Cook also said that the App Store, which launched in 2007, now has 650,000 apps, 225,000 of which were developed for iPad. Users have downloaded 30 billion apps, resulting in $5 billion paid to developers.
The App Store officially hit the 25 billion app download mark in March. Apple awarded Chunli Fu of Qingdao, a city in eastern China, a $10,000 prize for being the 25 billionth app customer. Fu had downloaded a free version of Disney's physics-based puzzle game Where's My Water?
Last January, Gail Davis of Orpington, Kent, U.K. won a $10,000 iTunes card for being the 10 billionth customer at the Apple App Store. Davis had downloaded the paper plane-flying game Paper Glider to win the prize.
Amazon this week also expanded its Appstore to Europe.

Sunday, June 10, 2012

7 Tips To Toughen Passwords

As this week's LinkedIn and eHarmony--and likely, Last.fm--breaches demonstrate, many website users continue to pick atrocious, easily cracked passwords. Are your passwords safe?




It's been a bad week for passwords.
So far, 6.5 million users of LinkedIn and 1.5 million eHarmony subscribers had their password hashes uploaded to a hacking forum on the InsidePro website, although security experts suspect that many more accounts may have been compromised.
Meanwhile, streaming music service Last.fm Thursday confirmed that it's "currently investigating the leak of some Last.fm user passwords." While it didn't detail how many of its 40 million users might be affected, security experts think about 17.3 million MD5 unsalted hashes were stolen, that 16.4 million have already been cracked, and that the breach may date from 2010 or 2011.
Needless to say, all three sites have recommended that every one of their users change their password on the site--just in case. But what's the best type of password to pick? Here are 7 best practices:
1. Pay Attention
2. Use Unique Passwords
3. Explore Life Beyond Letters
4. Use Uncommon Patterns
5. Lose The Biographical Details
6. Love Longer Passwords
7. Use Password Managers
Read in Detail...