Can you guess what the biggest problem facing Windows is? Here’s a clue: It’s probably not what you think it is.
It’s not the lackluster response to Windows 8. Yes, pundits, analysts, and apparently even the general public were routinely antagonistic about Windows 8, a system that was force-fed to an unwitting audience in 2012 so that Microsoft could quickly make up lost ground in the new market for mobile personal computing devices. But while most of these critics begrudgingly admit that 2013′s release of Windows 8.1 fixed most of the issues they had with the original Windows 8 release, it’s fair to say that even this improved update doesn’t go far enough.
It’s not Linux, which never emerged as a force on the PC desktop.
It’s not Mac OS X, which despite strong sales growth over the past decade never hit double-digit market share worldwide, though Mac PCs sell strongly in very rich nations like the United States.
It’s not tablets, though I’d pinpoint this latest move to simpler personal computing to be a major contributing factor: People realize that they don’t just not need the complexity of Windows, they don’t even need most of the power of Windows.
Windows is in trouble because people simply don’t care about it anymore. It’s not outright hostility; there’s far less of that than the anti-Microsoft crowd would like to believe. It’s ambivalence. It’s ambivalence driven by the nature of “good enough” mobile and web apps. It’s ambivalence driven by the allure of anytime/anywhere computing on tiny devices that are more cool to use and even cooler to be seen using.
And make no mistake, this is a serious issue. With businesses keeping Windows on life support and users spacing out their PC purchases for so long that there might never in fact be another PC purchase, Windows is in trouble. This ambivalence is worse for the platform than outright defeat. In its current state, Windows can limp along for years to come. And that’s just long enough for the platform to wither and effectively disappear.
From a command center in a non-descript high-rise here in the heart of Silicon Valley, security start-up Norse has been gathering shocking evidence of hackers usurping control of Internet-connected appliances, everything from web cams to climate-control systems.
This latest expansion of cybercrime revolves around the IP address assigned to each computing device connected to the Internet. Cybercriminals have begun capitalizing on the fact that many of the mundane digital devices we tie into the web are easy to locate and wide open to hacking.
“There’s only one way onto the Internet, and that’s through an IP address,” says Norse CEO Sam Glines. “The adversary just wants IP space to launch attacks and doesn’t really care if it’s a baby monitor or a server at a Fortune 1000 company.”
The bad guys are using automated programs to scan ranges of IP addresses for signs of vulnerable appliances. It’s often a simple matter to take control by installing a few lines of malicious coding.
Norse has devised innovative technology for monitoring such cyberattacks in real time. A tiny sampling of its data, extracted exclusively for CyberTruth, revealed 724 infected appliances actively carrying out fraudulent tasks.
The corrupted appliances included firewalls, routers, modems, printers, DVRs, surveillance cams, web cams, IP cameras, VPN appliances, VOIP phone systems, FM radio transmitters, storage drives, video conferencing systems and climate-control modules. One of the big things these corrupted devices are being used for: payment card fraud.
“We are seeing credit card transactions from baby monitors, DVRs, TVs, printers, medical devices, you name it,” says Tommy Stiansen, Norse founder and chief technology officer. “It’s coming from all types of industries and from homes.”
In a stunning demonstration, Stiansen clicked to the IP address for an activated ABS MegaCam, widely sold as a $220 baby monitor. The device was activated on the Internet by a resident of Glendale, Calif., who uses Charter Communications as an ISP.
Malicious software embedded on the web cam’s Linux operating system causes a live cam view of the homeowner’s living room to appear in the browser of anyone who clicks to the web cam’s IP address. During Stiansen’s demo, a woman and then a man enter the room and sit on a couch.
The bad guy who embedded the malware on the baby monitor probably doesn’t care much about snooping; the web cam’s computing power, instead, is being used to locate similar devices and help the attacker to control as many as 2,000 ABS MegaCams.
“This is happening at a large scale, and it’s growing hugely every day,” Stiansen says, “This is very powerful stuff, and the scariest part is this is only the tip of the iceberg.”
There’s clear logic behind methodically assembling digital appliances into niche networks, called botnets, under the control of a single operator.
Botnets have been the foundation of the cyber underground for more than a decade. Traditionally comprising infected personal and server computers, botnets are the engine that drives multibillion-dollar markets for spam, phishing, account hijacking, identity theft and denial-of-service attacks.
Norse’s findings show how the advance guard of cybercriminals has begun pulling digital appliances into botnet service because, at the moment, it’s easy to do so.
Norse notifies proper entities about problems. However, sheer numbers of issues make it impossible to notify everyone, says Glines. The company is working on processes to extend notifications. For the moment, there is no broad-based effort at defense, beyond what individual organizations are doing to protect themselves.
The Internet of Things has proved trivial to hack as the U.S. tech industry puts new consumer technologies on a fast track to store shelves, sometimes with meager quality control or accounting for security and privacy.
That trait is coming to the fore as the tech giants race to profit from the rising popularity of mobile devices and Internet-delivered services. Meanwhile, the cyber underground continues to mature into a smooth-running global industry that’s quick to pounce on fresh opportunities.
“Competitive struggles force manufacturers into early release cycles, networks are becoming increasingly complex, and the complexity is hard to overcome,” Stiansen says. “Meanwhile, hackers use social crowds to build hacker communities that allow them to move under the radar.”
Stiansen grew up tinkering with computers on a Norwegian farm, which led him to a career designing air-traffic control and telecom-billing systems. After immigrating to the U.S. in 2004, Stiansen began thinking about a way to gain a real-time, bird’s-eye view of the teeming world of botnet activity.
What he eventually came up with is IPViking, a globe-spanning network of millions of physical and virtual sensors — or honeypots — dispersed through 160 data centers in 40 countries. Each pot appears to be an Internet-connected web cam, router or other appliance — irresistible honey to hackers.
When an intruder tries to take control of a Norse honeypot, Norse grabs the attacker’s IP address and begins an intensive counterintelligence routine. The IP address is fed into automated programs, called web crawlers, that scour the bulletin boards and chat rooms where hackers congregate for snippets of discussions tied to that IP address.
Analysts also do manual research to construct a dossier on the attacking IP. Norse delivers this intelligence to its clients, which include large financial institutions. The companies are then able to cut off communications from suspicious IP addresses and be on the lookout for derivative attacks. Source
Related posts: Shodan.
We will miss Steve, sure, but a new Microsoft development overshadows the news: Project F.A.R.T. (Fixing A Retarded Technology). The goal of Project F.A.R.T. is to make Windows 9 as fast and reliable as the competition.
Thanks to a leak within the MS organization I got hold of the official Developer T-shirt. I wonder if I have to wash it first.
Not really news for everyone, but Adblock Plus doesn’t block everything anymore. It blocks most ads on websites, providing a relatively clean browsing experience. However, some ads do get through, and Google is one player known to pay the makers of Adblock Plus to make that happen. Users of Adblock Plus, of course, aren’t amused.
Fortunately there’s a fix.
Step 1. Open a new browser screen and type:
Ignore the warning and search for:
Double click on the word “True” to change it into “False”. Close the screen.
Step 2: go to your add-on menu, select Adblock Plus
Click “Preferences / Filter Preferences”
Allow non-intrusive advertising“
Close the screen. You’re done.
Let’s assume you want to prank your friend on a forum or on another website by using his/her identity. You could, of course, try to guess their username and password. You try using the name of the dog, mother, or anything else coming to mind. Sometimes this approach works, but more often it won’t. Well, there’s an easier way to do it.
The hole in ‘safe’ browsers
We all know that using Firefox or Chrome is generally safer than using the much-targeted Internet Explorer. However, IE does something right the other two browsers don’t – the amount of effort it takes to reveal saved passwords. Here is how it works. The example below assumes the use of Firefox.
Go to your friend’s house and ask if you can access the Internet from his computer. I never got “No” for an answer, and probably you won’t either. Surf to your favorite webmail application, and ask for a drink. While your friend is on his way to the kitchen, quickly do the following:
1. At the top of the Firefox window, click on the Edit menu and select Preferences
2. Click the Security panel.
3. Click Saved Passwords (the Password Manager will open)
4. To see the passwords which were saved, click Show Passwords.
5. Copy what you’re looking for and mail it to yourself.
You can do the same when using Chrome (just google for it). To get all saved passwords out of IE is a bit more difficult and requires extra software. In a sense, that makes IE safer on at least one count.
At least booting Windows 8 was secure – or so we thought.
However, there are certain mistakes platform vendors could make which can completely undermine protections offered by Secure Boot. And, of course, hardware vendors make these.
At Black Hat USA2013 Yuriy Bulygin will demonstrate an example of full software bypass of Windows 8 Secure Boot due to such mistakes on some of the latest platforms and explain how those mistakes can be avoided.
Not because ads are more frequent or annoying, but because Ad Servers became a target. Infecting an Ad Server is way more efficient than targeting just one website. One Ad Server can serve dozens – sometime hundreds – of websites at a time.
Another reason why this is becoming more popular is that these attacks can’t be blocked in a firewall. The attacks use port 80, which you need to access the WWW. If you block port 80, your computer becomes largely useless. Infected Ad Servers became an important way to distribute malware, worms and viruses.
All of this happened on quite a few occasions already, and the resulting infections spread quickly and world wide. One of the more ‘famous’ hacks involved servers used by Yahoo, Fox and Google. One of the most popular ad blockers is Adblock Plus. Installation is a breeze. If you still use IE (…) go here.