Norwegian-based Opera, makers of one of the most popular browsers outside the Big Four, has announced a scary-sounding network intrusion.
The official story is still somewhat unclear.
But here are the relevant paragraphs from Opera'sofficial mea culpa document:
On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised. We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments.
The current evidence suggests a limited impact. The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser.
It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. To be on the safe side, we will roll out a new version of Opera which will use a new code signing certificate.
Opera Software, the Norwegian company that makes the Opera browser was hacked on June 19th and released a statement a week later...
The hackers breached the company’s network and used one of its code-signing certificate (an older and expired one mind you) to digitally sign a piece of malware and package it as an update for the Opera browser.
While it is not entirely clear what happened, it would appear as though the bad guys went as far as pushing the update for a 36-minute period, meaning they had access to Opera’s infrastructure during that time.
A number of Opera’s estimated 300 million users may have been infected with a nasty Trojan downloader.
Upon successful infection, the malicious file searches the hard drive for passwords stored in Internet Browsers as well as FTP clients.
Bambi Note: And it gets worse... must read if you use Opera or have it and use it occasionally.
Barnes & Noble has announced that it's going to leave manufacturing of its Color tablet line up to third party manufacturers.
In a press release, B&N explained that it will create a "partnership model for manufacturing in the competitive color tablet market." The move is clearly driven by poor financial performance, and the company explains that it will reduce "risks associated with manufacturing."
Interestingly, B&N will continue to develop its Simple Touch and Glowlight e-readers in-house, while its tablet line will be co-branded with a "yet to be announced third party manufacturers of consumer electronics products".
Bambi Note: Thankfully this is only their color tablet line that is moving the tablet to the partnership model. They are still doing the e-readers: Simple Touch and Glowlight as usual. I wonder what that will mean for Nook apps? Will they continue to use the name for the app? Or are they selling that out too? Good thing I have a B&N eReader as well as the Nook app. Sadly I use the Nook app more than the eReader due to convenience of reading on my phone.
Security response personnel at HP are "actively working on a fix" for a potentially dangerous backdoor in older versions of its StoreOnce backup product line.
The company’s confirmation of what it describes as a “potential security issue” follows the public disclosure that malicious hackers can use SSH access to perform full remote compromise of HP’s StoreOnce backup systems.
According to the warning from an unidentified security researcher, an attacker can simply enter the username “HPSupport” and an easy-to-crack preset password to gain full administrative access to a vulnerable StoreOnce system.
The SHA1 hash for the password was also published, putting pressure on HP to get a fix ready for affected customers. SecurityWeek has confirmed that it is relatively trivial to brute-force the hash to obtain the seven-character password.
Bambi Note: Original find was on Slashdot.
This is what happens after a series of bumbling owners fail to keep a once terrific product relevant in a dynamic market: You get a cold PR send-off that doesn't even fill the screen.
"Please visit Yahoo! Search for all of your searching needs."
That's all Yahoo wrote Friday afternoon as it lumped in the news that it was killing off AltaVistaon July 8 with word that it will also ax 11 other products that no longer matter to the company.
A license-plate reader mounted on a San Leandro Police Department car can log thousands of plates in an eight-hour patrol shift. “It works 100 times better than driving around looking for license plates with our eyes,” says police Lt. Randall Brandt.
The paperback-size device, installed on the outside of police cars, can log thousands of license plates in an eight-hour patrol shift. Katz-Lacabe said it had photographed his two cars on 112 occasions, including one image from 2009 that shows him and his daughters stepping out of his Toyota Prius in their driveway.
That photograph, Katz-Lacabe said, made him “frightened and concerned about the magnitude of police surveillance and data collection.” The single patrol car in San Leandro equipped with a plate reader had logged his car once a week on average, photographing his license plate and documenting the time and location.
Bambi Note: That's creepy! And I thought all the cameras everywhere was bad enough... Much more in the article.
The recent leak of source code for a powerful piece of bank-fraud malware may spawn a surge of advanced botnet attacks carried out by copycat hackers who previously didn't have the skill to pull off such feats, security researchers warned.
Carberp, as the botnet-creation toolkit is known, previously sold in underground crime forums for as much as $40,000 a license.
"In short, it does not take a genius to get a copy of the leaked source code, which makes this whole thing dangerous," Christopher Elisan, principal malware scientist in security firm RSA's FirstWatch department, wrote in a blog post published Friday. "Any script kiddie, who probably does not understand the technology, can use this which may result in dire consequences. It's like handing a bazooka to a child."
Bambi Note: Carberp now joins Zeus as one of the two big crime proprietary bot net creation tools released on 2011.
Internet provider AT&T has patented a new technology that allows the company to accurately track content being shared via BitTorrent and other P2P networks. The company explains that the technology can be utilized to detect pirated downloads and combat congestion on its network. Whether the company is already using the system to track infringing content, or has plans to do so, is unknown.
While there are many outfits that track BitTorrent and other file-sharing traffic, until now we are not aware of any ISPs that have shown interest in this type of monitoring. AT&T is certainly the first company to be granted a patent for such a specific P2P monitoring system.
It’s worth noting that AT&T participates in the six-strikes copyright alert system where P2P users are also monitored. The main difference is that under that program the monitoring is carried out by a the third-party company which only tracks a list of titles supplied by the MPAA and RIAA.
Whether the provider has intentions to actively scan for and throttle pirated content being shared using BitTorrent is unknown. With the patented system it could certainly do so, and if it targets infringing traffic only it does not violate FCC’s net neutrality rules.
Now’s your chance to own the famous computer from War Games
Bambi Note: Nope, it's not the WOPR (read: Whopper) which was in NORAD in the movie, War Games.
30 years ago this month, the classic hacker movie WarGames came out, and young nerds across the land ogled the setup Matthew Broderick’s character David Lightman had in his bedroom. No, we’re not (only) talking about Ally Sheedy, who liked to hang out there. We speak, of course, about the fine looking computer hardware he used to almost start a global thermonuclear war and if you ever dreamed about owning it all, you now can, for the right price.
As I wrote last week, Lightman’s room featured an IMSAI 8080 microcomputer, with an IMSAI FDC-2 dual 8-inch floppy drive, an IMSAI IKB-1 intelligent keyboard and an IMSAI (in actuality a Cermetek) 212A modem. In the process of researching that slideshow, I contacted the man who supplied the hardware for the movie and who still owns most of it. His name is Todd Fischer and he wrote a very detailed background on the history of his involvement providing the movie’s makers with all that cool hardware.
Bambi Note: Amazingly, Todd Fischer still has some of the parts; he 8080, the keyboard and the modem -- and in working condition. He wants to sell it as a set. They were valued at $25K for an auction by Christie's in London. But he didn't go through with the auction due to concerns about their arriving safely. Fischer said the following in the article;
“I honestly believe that the 'WarGames IMSAI' is a singular icon of the early days of the personal computer that motivated many thousands, if not tens of thousands of impressionable and talented youth to take up the mantle that digital technology in the hands of the masses could offer,” Fischer said.
Bambi Note: I think he is likely right about that.
Today, the NSA has PRISM. In the 1960s, it had STRETCH.
Also known as the IBM 7030, STRETCH was the supercomputer of its day, running at speeds roughly 25 times faster than typical machines. It made its debut in 1961 at the Los Alamos National Laboratory, where it was used to perform massive simulations related to nuclear-power and nuclear-weapons research, and a year later, the National Security Agency received a customized version known as IBM 7950 Harvest, using the multi-million-dollar machine as part of its cryptography operations.
It was, in short, the world’s most powerful computer. At least for a time. The room-sized machine finally gave up the ghost in 1980, after it was surpassed by much faster — and much smaller — systems. A year later, Brigham Young University put together a film detailing the history of this seminal machine, and you can watch every bit of it below, courtesy of a video from the Computer History Museum in Mountain View, California.
Bambi Note: STRETCH was announced in '55. The IBM 7030/STRETCH sold for approx. $10 Million and stretched across 2,500 sq feet of floor space and 60 hardware wardrobe sized cabinets. Not vacuum tubes ... it was transistor based with a whopping (or would that be WOPR) 256K RAM -- 6 times larger RAM than others of its day. (video on the page).
If Google Glass isn't enough to get you worried about technology, how about a device that can see through walls using Wi-Fi?
Researchers at MIT are experimenting with a system called Wi-Vi, which they say can track moving objects through walls by using the inexpensive, nearly ubiquitous wireless system. Wi-Vi could be built into a smartphone or a special handheld device and used in search-and-rescue missions and law enforcement, according to Dina Katabi, the MIT professor who developed Wi-Vi along with graduate student Fadel Adib.
But Katabi thinks consumers might use Wi-Vi, too. For example, someone walking outdoors at night who thought they were being followed might use it to detect a person behind a fence or around a corner, she said.
Bambi Note: Welcome to the world of portable Blue Thunder
Blue Thunder is a 1983 feature film that features a high-techhelicopter of the same name. The movie was directed by John Badham and stars Roy Scheider.
Murphy is selected to pilot the world's most advanced helicopter, nicknamed "Blue Thunder," which is essentially a military-style combat helicopter intended for police use in surveillance and large-scale civic disobedience. With powerful armament, stealth technology that allows it to fly virtually undetected, and other accoutrements (such as infraredscanners, powerful microphones and cameras, and a U-MaticVCR), Blue Thunder appears to be a formidable tool in the war on crime.
But when the death of city councilwoman Diane McNeely turns out to be more than just a random murder, Murphy begins his own covert investigation. He discovers that a subversive action group, using the acronym THOR (Tactical HelicopterOffensive Response, the "proposed use of military helicopters to quell disorder"), is intending instead to use Blue Thunder to carry out an evil mission of their own, one that involves the secret elimination of political undesirables.
Bambi Note: Also reminds me of some of the scenes from Will Smith and Gene Hackman in Enemy of the State (1998).
Enemy of the State is a 1998 American action-thriller about a group of rogue NSA agents who kill a US Congressman and try to cover up the murder. It was written by David Marconi, directed by Tony Scott, and produced by Jerry Bruckheimer. It stars Will Smith and Gene Hackman, with Jon Voight, Lisa Bonet, and Regina King in supporting roles.
As the U.S. Congress moves to pass new legislation that dramatically expands the surveillance powers of intelligence agencies, Congressman Phil Hammersley (Robards) remains firmly opposed to its passage. To ensure the bill's passage,National Security Agency official Thomas Reynolds (Voight) kills Hammersley, but he is unaware of a video camera set up by wildlife researcher Daniel Zavitz (Lee) that has captured the entire incident. Zavitz discovers the murder, and alerts an underground journalist, at the same time transferring the video to an innocuous computer disc. Reynolds learns of Zavitz's footage, and sends a team to recover the video. While fleeing, Zavitz runs into an old college friend, labor lawyer Robert Clayton Dean (Smith). Zavitz secretly passes the computer disc into Dean's shopping bag without his knowledge. Zavitz flees and is killed when hit by a fire truck. Reynolds soon has the underground journalist killed.
When the NSA discovers that Dean may have the video, a team raids his house and plants surveillance devices. Unable to find the video, the NSA proceeds to falsely incriminate Dean of passing classified information to Rachel Banks (Bonet), a former girlfriend. The subterfuge destroys Dean's life: he is fired from his job, his bank accounts are frozen, and his wife (King) throws him out of the house. Dean, trailed by the NSA, meets with Banks, who sets up a meeting with "Brill", one of her secret contacts. After meeting an NSA agent posing as Brill (Byrne), Dean realizes his error, only to have the real Brill, retired NSA agent Edward Lyle (Hackman), ferry him to temporary safety and help rid Dean of most of the tracking devices he is unwittingly carrying. Dean ultimately rids himself of the final device and, fleeing his pursuers, escapes.
With Dean and Lyle in hiding, the NSA agents kill Banks and frame Dean for the murder. Lyle is able to find evidence that the NSA executed Hammersley's murder, but it is destroyed during an escape from an NSA raid.
It is then revealed that Lyle was an expert in communications for the NSA; he was stationed in Iran before theIranian Revolution. When the revolution occurred, Lyle made it out of the country, but his partner, Rachel's father, was killed. Since then he has been in hiding. Lyle tries to coax Dean into trying to run away, but Dean is adamant about clearing his name.
Dean and Lyle blackmail another supporter of the surveillance bill, Congressman Sam Albert (Wilson), by videotaping him having an affair with his aide. Dean and Lyle "hide" bugs that Reynolds had used on Dean in Albert's room so Albert will find them and have the NSA start an investigation. Lyle also deposits $140,000 into Reynolds' bank account to make it appear that he is taking bribes.
Lyle contacts Reynolds to tell him he has the video of the Hammersley murder and asks to meet. Dean tells them that the Hammersley murder footage is in the hands of Mafia boss Joey Pintero (Sizemore), whose office is under FBI surveillance. Dean, Reynolds, and the NSA team head into Pintero's restaurant, precipitating a gunfight that kills the mobsters, Reynolds, and several of his NSA team.
Dean and Lyle escape, with Lyle quickly disappearing from the authorities. The FBI discovers the plot behind the legislation, causing it to fail, though they cover up the NSA's involvement. Dean is cleared of all charges and is reunited with his wife. Lyle escapes to a tropical location, but sends a "goodbye" message to Dean.
Gotta love good movies!
Amid a new wave of attacks hitting government and media networks in South Korea, researchers have uncovered yet another piece of malware that destroys sensitive hard drive data and renders computers unusable.
Trojan.Korhigh, as the new wiper program is called by security firm Symantec, contains the same kind of functionality that simultaneously shut down the networks of a half-dozen banks and broadcasters in March. Like the earlier Jojka malware, Korhigh can permanently destroy stored data and overwrite a hard drive's master boot record, which contains information required for computers to reboot.
Korhigh accepts several commands that allow attackers to inflict additional damage. One "switch" changes passwords on compromised computers to "highanon2013" according to a blog post published Thursday by Symantec. Another wipes specific types of files, including those that end in .gif, .php, .dll, and 21 other extensions. ...
Researchers from yet another security firm—Israel-based Seculert—also reported this week on malware targeting South Korea. Dubbed PinkStats, it's used by several Chinese-speaking groups to target different organizations around the world. Seculert researchers who recently accessed PinkStats command servers found evidence that more than 1,000 machines located in South Korea were infected.
If you removed its name in the spec sheet, Airbus’ forthcoming A350 XWB (eXtra Wide Body) passenger jet could easily be confused with its primary rival, the Boeing 787 Dreamliner. It will take a while before you can easily distinguish one from the other once they are both regularly in the air.
The A350 will be made from 53 per cent carbon fiber; the 787 is 50 per cent carbon fiber. Both are long range and can fly in excess of 8,000 miles without refueling. Somewhat bigger, the A350 will have 270-440 seats to the 787’s is 210-330. Both come in three models although the smallest 787 may be dropped.
The A350 promises 25 per cent fuel consumption improvement from its “current long range nearest competitor (it’s unclear what plane Airbus is comparing the A350 to on fuel efficiency, but offers it as a replacement for “any [Boeing] 747 operator”); the 787 claims to deliver 15 per cent better fuel efficiency over the similarly-sized (and aged) Boeing 767.
Circulating blood cells collected from the tail of a donor mouse were used to produce the clone, a team at the Riken BioResource Center reports in the journal Biology of Reproduction.
The female mouse lived a normal lifespan and could give birth to young, say the researchers.
Scientists at a linked institute recently created nearly 600 exact genetic copies of one mouse.
Reporting their findings in the US journal, Biology of Reproduction, the scientists said the study "demonstrated for the first time that mice could be cloned using the nuclei of peripheral blood cells".
They added: "These cells could be used for cloning immediately after collection and no donor animals need to be euthanised.
For as long as Apple has shipped iPhones, iPads, and other iOS-based devices, its mobile processors have been manufactured by one company: Samsung. That may be set to change next year according to the Wall Street Journal, which reports that Apple has signed a manufacturing agreement this month with Taiwan Semiconductor (TSMC). Apple has reportedly been working to reduce its reliance on Samsung for iPhone and iPad parts, which is easy to believe given the companies' competitive and legal clashes.
TSMC executives say that the company's chips will begin shipping in Apple's devices in 2014.
Shares of U.S. cable companies rose at the end of the week on continued talk that media mogul John Maloneis pushing to orchestrate a deal between Charter Communications and Time Warner Cable.
Time Warner Cable's stock advanced 3.9% to $112.48 at the close of trading in New York on Friday, after jumping 4.4% Thursday.
Ever since Malone's Liberty Media acquired a 27% stake in Charter, analysts, investors and financial reporters have speculated that an industry consolidation may be underway, led by the pioneering executive.
BC News is reporting that retired Marine Gen. James "Hoss" Cartwright, the former second highest ranking officer in the US military, is currently under investigation for leaking classified information about Stuxnet, the US-Israeli computer virus which sabotaged an Iranian nuclear facility in 2010.
Security researchers first discovered the virus in 2010, when it began spreading to computers across Europe, India and the Middle East. Further investigation revealed it used more than 20 zero-day exploits, and was reportedly loaded into Iran's industrial control systems by undercover agents carrying USB sticks.
If indicted, Gen. Cartwright would join Bradley Manning, Edward Snowden, and others as the ninth person to be charged under the 1917 Espionage Act by the Obama administration, which has invoked the law more times than all previous US administrations combined.
Bambi Note: Shouldn't we be looking at why so many feel the need to let the American people/Citizens of the USA know about these things? "More than in any previous US administration combined"! Just sayin'...
I delete a lot of e-mail and have wondered recently whether the “delete forever” button in Gmail means what it implies. After all, “forever” is a very long time.
Here’s what Google says: “Click Delete Forever. This time, it’s really gone forever.”
Gmail users know the drill. You delete unwanted messages from the inbox and they go into “Trash.” From there, you check off the messages to be deleted, hit the “Delete forever” button and `poof,’ they’re gone. The presumption is that they are destroyed. They exist nowhere else within Google where they can be directly associated with your Gmail account.
Of course, deleting anything on a computer not to mention from the cloud is lot more complex than that. ...
In a nutshell, a Google spokeswoman told me the following:
“If you delete a message from your trash, it will be deleted forever from your Gmail. We do backup Gmail offline, so it may take up to 60 days to permanently delete any stored copies.”
Bambi Note: But it's even more different than that really...
“Google keeps multiple backup copies of users’ emails so that we can recover messages and restore accounts in case of errors or system failure, for some limited periods of time. Residual copies of deleted messages and accounts may take up to 60 days to be deleted from our servers. Deleted messages may also remain on offline backup systems for some limited period of time. This is standard practice in the email industry, which Gmail and other major webmail services follow in order to provide a reliable service for users. We will make reasonable efforts to remove deleted information from offline backup systems as quickly as is practical.”
Bambi Note: I tend to agree with the writer of the article:
As with so many things, trust boils down to believing what you’re told and going on faith that Google lives up to its word. I have no reason to believe otherwise except that I usually believe otherwise.
For the first time, encryption is thwarting government surveillance efforts through court-approved wiretaps, U.S. officials said today.
The disclosure, buried in a report by the U.S. agency that oversees federal courts, also showed that authorities armed with wiretap orders are encountering more encryption than before.
The revelation comes as encryption has come front and center in the wake of the NSA Spygate scandal, and as Americans consider looking for effective ways to scramble their communications from the government’s prying eyes.
According to today’s report from the U.S. Administrative Office of the Courts:
Encryption was reported for 15 wiretaps in 2012 and for 7 wiretaps conducted during previous years. In four of these wiretaps, officials were unable to decipher the plain text of the messages. This is the first time that jurisdictions have reported that encryption prevented officials from obtaining the plain text of the communications since the AO began collecting encryption data in 2001.
Rather than expanding further into the major metro markets, U.S. Cellular is retreating from them. It is selling a valuable chunk of 4G airwaves to T-Mobile, covering some big cities in the central U.S.
U.S. Cellular seems to be entrenching in its core rural and small markets, leaving the big cities to the big carriers. After selling its PCS to licenses in Chicago and St. Louis to Sprint, U.S. Cellular revealed on Friday that it has struck a similar deal with T-Mobile, selling a 10 MHz chunk of frequencies covering major cities in the Mississippi Valley for $308 million.