Weekly tech bulletin for week ending 2015-04-19.
Published: Mon, 20 Apr 2015 by Rad
.
1. Banks hide cyber crime losses, says City of London Police.
Published: April 15, 2015 legal
Banks are obscuring the true amount of money lost to cyber fraudsters preferring to write off cyber incidents as losses, according to the City of London Police.
"Banks assess the losses sustained from customers leaving, because of security fears, greater than covering the cost of cyber crime. Only one in five cyber crimes is reported. Of those, only another one in five provoke a proper response from law enforcement agencies."
Adrian Leppard, commissioner of City of London Police
Police say cyber criminals are stealing more money online - but banks are not reporting the full extent of the theft.
Source: www.computerweekly.com
2. 18-Year-Old Security Flaw Allows Hackers To Steal Credentials From All Versions Of Windows.
Published: April 13, 2015 security
In 1997, researcher Aaron Spangler discovered a bug in Internet Explorer that allowed an attacker to steal credentials using a protocol known as Windows Server Message Block (SMB).
Eighteen years later, a researcher on the Cylance SPEAR research team testing a messaging app with that bug in mind discovered strong including Adobe Reader, iTunes, Box , and Symantec SYMC -0.25% Norton Security Scan on all versions of Windows.
Redirect to SMB vulnerability
This new vulnerability, called "Redirect to SMB," allows user login credentials to be leaked from a variety of Windows applications by tricking the apps into authenticating with a rogue server. Redirect to SMB allows to hackers to execute a man-in-the-middle attack on a Windows device, sending communications to a malicious SMB server, which can then produce the user's username and encrypted password.
So far, the vulnerability has not been seen in the wild. The 31 vulnerable applications Cylance found are: Adobe Reader, Apple QuickTime, Apple Software Update (which handles the updating for iTunes), Internet Explorer, Windows Media Player, Excel 2010, Symantec's Norton Security Scan, AVG Free, BitDefender Free, Comodo Antivirus, .NET Reflector, Maltego CE, Box Sync, TeamViewer, Github for Windows, PyCharm, IntelliJ IDEA, PHP Storm, and JDK 8u31’s installer. Source: www.forbes.com
3. Portuguese Startup Tests Large Wi-Fi Drone To Provide Cheaper Internet Access
Published: April 13, 2015 tech
A Portuguese startup Quarkson says it has successfully tested a prototype version of its solar-powered drones that aim to deliver Wi-Fi to remote countries in the world.
The goal is not only to deliver Wi-Fi but also 2G, 3G, and LTE connections via the unlicensed spectrum or through a carrier's licensed spectrum to provide Internet access to the parts of the world that have little or no connection.
Eventually, Quarkson hopes to fly a fleet of low-altitude and high-altitude SkyOrbiter drones. The low-altitude drones, which will be powered by fossil fuels, are designed for government and commercial use. The biggest of these is the LA75, with a wingspan of 246 meters and a range of up to 93,000 miles or up to seven weeks.
Source: www.techtimes.com
4. US and Ukraine Top List of Cyber Spy Victims
Published: April 14, 2015 security
."There were 120 cyber-surveillance incidents in the public sector in 2014, according to the figures. The U.S. and Ukraine each were prey 20 percent of the time."
Annual Verizon Data Breach Investigations
Phishing emails and social engineering
Since 2013, more than two-thirds of cyber espionage incidents have used phishing emails to trick targets into divulging secrets by impersonating known acquaintances, the report found.
In one of the more grave hacks last spring, attackers compromised a database containing background histories and family information on applicants for U.S. government security clearances. E-QIP, where officials in sensitive positions file their SF-86 questionnaires, is believed to have been penetrated by Beijing- backed attackers.
The sectors most attractive to snoops were manufacturing, government and professional services, according to the study. At the bottom of the list: financial services and health care. Retail did not even make the cut.
While these industries saw more than their fair share of data breaches in 2014, the perpetrators typically weren't after intellectual property, the report determined.
Source: www.nextgov.com5. Researchers believe a biological revolution enabling humans to experience everlasting youthfulness is coming
Published: April 17, 2015 science"The first thing I want to do is get rid of the use of this word immortality, because it's enormously damaging, it is not just wrong, it is damaging. It means zero risk of death from any cause - whereas I just work on one particular cause of death, namely ageing."
Aubrey de Grey
Rebuild the cells by killing old ones
To achieve longevity, de Grey is developing a therapy to kill cells that have lost the ability to divide, allowing healthy cells to multiply and replenish the tissue.
"These therapies are going to be good enough to take middle age people, say people aged 60, and rejuvenate them thoroughly enough so they won't be biologically 60 again until they are chronologically 90."
Aubrey de Grey
Mr de Grey explained his technique for achieving eternal youthfulness is far more likely to be developed before the theories explored by other gerontologist that focus on preventing the metabolism from causing damage to the body.
Source: www.news.com.au
6. Long-sought magnetic mechanism observed in exotic hybrid materials
Published: April 13, 2015 science
Best of both worlds
Classical materials tend to conduct electricity or insulate against it - think rubber versus copper. Topological insulators, however, live in both worlds: the bulk is insulating, but the surface is highly conductive. The relationship between these competing qualities introduces strange phenomena, especially in the surface electrons.
The team struck the topological insulator with an electron beam focused to within one atom inside a state-of-the-art transmission electron microscope (TEM). This beam excited a core electron, which in turn raised the energy in the outer Dirac shell. Then, using a technique called electron energy loss spectroscopy (EELS), the scientists measured the difference in energy between the incident electron beam and the electrons that scatter out of the sample after impact. The energy lost revealed the van Vleck effect in action.
Source: www.sciencedaily.com
7. Hacked Sony emails reveal that Sony had pirated books about hacking
Published: April 17, 2015 legalsecurity
Hacked Sony Pictures Entertainment emails, published in full on Thursday by WikiLeaks, reveal that Sony had pirated ebooks on its servers. This is particularly notable because Sony has engaged in aggressive and even illegal anti-piracy actions in the past.
Here's another dose of irony for you: The books are educational tomes about hacking, exactly the subject that Sony would now like to be thoroughly educated in since last year's hacks put all this information into the public sphere.
Author Jeffrey Carr's Inside Cyber Warfare is a classic of the information-security genre that's been widely read and widely copied. Some of those readers and copiers work within Sony, it was revealed yesterday when WikiLeaks published their searchable version of the Sony archives. Both the PDF and TXT files are available.
Hacking the Next Generation, another book on information security from the same publisher (O'Reilly), can be found in full PDF format on Sony's servers.
Meanwhile, Sony was thinking of new ways to combat piracy including, the leaked emails reveal, putting out fake torrents on sites like Pirate Bay as part of their anti-piracy strategy.
Source: www.dailydot.com
8. Kim Dotcom Megaupload case falters over sharing Canadian data
Published: April 13, 2015 legal
No one knows what is on the servers
Still, no one - except perhaps officials with the file-sharing company itself - knows what's on the servers.
At issue now is how much of this seized Canadian data can be shared with the U.S. Department of Justice, which is very eager to press its case against Dotcom, who is currently fighting extradition from New Zealand, where he's a permanent resident.
In a Toronto court on Monday, Crown attorney Moiz Rahman, acting on behalf of the U.S., recommended bringing in a U.S. "clean team" - an American term for a group of forensic investigators independent of the case - to sift through the 25 terabytes of data on the servers to pick out relevant files and separate them from personal information.
But Megaupload's lawyer argued that the Ontario court can only ask the U.S. police officials on the so-called clean team to "double pinky promise" that they won't share information not relevant to the case, since there's no way to enforce the court's decision south of the border.
Source: www.cbc.ca
Events - selected events in next 30 days
International Conference on Internet, Wireless Networks and Communication Technology
Place: Park Inn Hotel Prague, Svobodova 1 - 128 00 - Prague, Czech Republic
Date: Apr 28 - 29, 2015 URL: ICIWNCT
The primary goal of the conference is to provide researchers, practitioners, and students with the platform to share leading-edge knowledge and ideas in Internet Computing and related areas. Submitted papers will be subject to a double-blind review process.
The ICIWNCT 2015 are to bridge the knowledge gap between academia and industry, promote research esteem in secured Internet transactions and the importance of information technology evolution to secured transactions.
Topics and Agenda
- Cloud Computing ()
- Network Application and Security
- Software Engineering and Internet
- E-Commerce and M-Commerce
- Internet Technology and Applications
- and more ...
World of Cloud conference
Place: Sheraton Frankfurt Airport Hotel, Frankfurt, Germany
Date: Apr 27 - 28, 2015 URL: World of Cloud
Hear from high-level decision-makers, how the role of IT must change to meet both the needs of the entire company as well as the needs of the specialist departments.
Recent studies confirm the rapid transformation of IT: 40% of companies in Germany use cloud computing, 24% of the IT budget is on average spent on private cloud solutions, 83% of the private cloud users and 67% of the public cloud users have had positive experiences with the cloud.
Agenda
- Cloud Governance
- Collaboration
- Digitalisation
- DevOps & Cloud Computing
- Open Stack
- From Big Data to Smart Data
- and more ...
Future of Web Design conference
Place: ETC Venues, London
Date: April 27 - 29, 2015 URL: Future of Web Design - Lodon
Agenda
- Workshop: Interface Animation for the Web - Val Head
- Workshop: Humanising the E-Commerce Experience - Rob Smith and Chris Jones
- Workshop: Responsive Content Modeling - Steve Fisher
- Workshop: Supercharge Your Front-End Workflow - Jason Lengstorf
- Keynote: The Art of Deception - Stephen Hay
- Design Like You Give a Damn: Creating Accessible Interfaces that Everyone Wants to Use - Léonie Watson
- Data Visualisation: The Good, the Bad and the Ugly - Lisa Gringl
- The Future Of Responsive Design Standards - Den Odell
- and more ...
openSUSE Conference
Place:Westvliet Sport Center, Westvliet 55, Den Haag, Netherlands
Free: Going to osc15 is free of charge Date: May 1 - 4, 2015 URL: osc15
The openSUSE Conference 2015 will bring together a wide variety of Free & Open Source contributors to collaborate on one of the major Linux distribution projects.
Agenda
- Secure Deployment Changes Coming in MySQL 5.7
- Optimizing Linux Servers - what has been changed from last year?
- Testing Fedora in openQA
- Pacemakers, Death by Storage, and Shooting Servers in the Head
- Build your own Cloud
- Taming Tigers with Puppet
- Distributed storage Ceph
- and more ...
<< Back Back to list of weekly bulletins
Our previous bulletins stories
- Weekly tech bulletin for week ending 2015-04-12. YouTube subscription and more.
- Weekly tech bulletin for week ending 2015-04-05
- Weekly tech bulletin for week ending 2015-03-29