Vigilante Malware Protects Routers Against Other Security Threats 77

Mickeycaskill writes: Researchers at Symantec have documented a piece of malware that infects routers and other connected devices, but instead of harming them, improves their security. Affected routers connect to a peer-to-peer network with other compromised devices, to distribute threat updates. 'Linux.Wifatch' makes no attempt to conceal itself and even left messages for users, urging them to change their passwords and update their firmware. Symantec estimates 'tens of thousands' of devices are affected and warns that despite Wifatch's seemingly philanthropic intentions, it should be treated with caution.

"It should be made clear that Linux.Wifatch is a piece of code that infects a device without user consent and in that regard is the same as any other piece of malware," said Symantec. "It should also be pointed out that Wifatch contains a number of general-purpose back doors that can be used by the author to carry out potentially malicious actions." There is one simple solution to rid yourself of the malware though: reset your device

30 Years a Sysadmin 160

itwbennett writes: Sandra Henry-Stocker's love affair with Unix started in the early 1980s when she 'was quickly enamored of the command line and how much [she] could get done using pipes and commands like grep.' Back then, she was working on a Zilog minicomputer, a system, she recalls, that was 'about this size of a dorm refrigerator'. Over the intervening years, a lot has changed, not just about the technology, but about the job itself. 'We might be 'just' doing systems administration, but that role has moved heavily into managing security, controlling access to a wide range of resources, analyzing network traffic, scrutinizing log files, and fixing the chinks on our cyber armor,' writes Henry-Stocker. What hasn't changed? Systems administration remains a largely thankless role with little room for career advancement, albeit one that she is quick to note is 'seldom boring' and 'reasonably' well-paid. And while 30 years might not be a world's record, it's pretty far along the bell curve; have you been at it longer?

Snowden Joins Twitter, Follows NSA 206

wiredmikey writes: Edward Snowden joined Twitter Tuesday, picking up more than a quarter of a million followers on the social network in just over two hours. Snowden followed a single Twitter account: the U.S. National Security Agency, from which he stole electronic documents revealing the agency's secret surveillance programs. "Can you hear me now?" he asked in his first tweet, which was quickly resent by Twitter users tens of thousands of times. In his second, Snowden noted the recent news about the planet Mars and then quipped about the difficulty he had finding asylum after the U.S. government fingered him as the source of the NSA leaks. "And now we have water on Mars!" he wrote. "Do you think they check passports at the border? Asking for a friend."
United States

Raytheon Wins US Civilian Cyber Contract Worth $1 Billion 62

Tokolosh writes: Raytheon is a company well-known in military-industrial and political circles, but not so much for software, networking and cybersecurity. That has not stopped the DHS awarding it a $1 billion, five year contract to help more than 100 civilian agencies manage their computer security. Raytheon said DHS selected it to be the prime contractor and systems integrator for the agency's Network Security Deployment (NSD) division, and its National Cybersecurity Protection System (NCPS). The contract runs for five years, but some orders could be extended for up to an additional 24 months, it said. Dave Wajsgras, president of Raytheon Intelligence, Information and Services, said the company had invested over $3.5 billion in recent years to expand its cybersecurity capabilities. He said cybersecurity incidents had increased an average of 66 percent a year worldwide between 2009 and 2014. As you might expect, Raytheon spends heavily on political contributions and lobbying.
United Kingdom

Does IoT Data Need Special Regulation? 99

dkatana writes: As part of the UK's Smart Meter Implementation Programme, Spain's Telefonica is deploying a M2M solution, using its own proprietary network, to collect and transmit data from 53 million gas and electricity smart meters. The most troubling issue is that the UK government awarded the contract to a private telecom that uses a proprietary network rather than to an independent organization that uses freely available spectrum and open source solutions. Those Smart Meters are supposed to be in operation for more than three decades, and rely on a network that can cease to exist. On top of that, the network, running proprietary protocols, can be hacked, and "will be hacked". Only Telefonica will be able to fix it.

Inside Amazon's Cloud Computing Infrastructure 76

1sockchuck writes: As Sunday's outage demonstrates, the Amazon Web Services cloud is critical to many of its more than 1 million customers. Data Center Frontier looks at Amazon's cloud infrastructure, and how it builds its data centers. The company's global network includes at least 30 data centers, each typically housing 50,000 to 80,000 servers. "We really like to keep the size to less than 100,000 servers per data center," said Amazon CTO Werner Vogels. Like Google and Facebook, Amazon also builds its own custom server, storage and networking hardware, working with Intel to produce processors that can run at higher clockrates than off-the-shelf gear.

Video Security is an Important Coding Consideration Even When You Use Containers (Video) 57

Last month Tom Henderson wrote an article titled Container wars: Rocket vs. Odin vs. Docker. In that article he said, "All three are potentially very useful and also potentially very dangerous compared to traditional hypervisor and VM combinations."

Tom's list of contributions at Network World show you that he's not a neophyte when it comes to enterprise-level security, and that he's more of a product test/analytical person than a journalist. And afraid to state a strong opinion? That's someone else, not Tom, who got flamed hard for his "Container Wars" article, but has been proved right since it ran. Tom also says, in today's interview, that the recent Apple XcodeGhost breach should be a loud wake-up call for developers who don't worry enough about security. But will it? He's not too sure. Are you?

Misusing Ethernet To Kill Computer Infrastructure Dead 303

Some attacks on computers and networks are subtle; think Stuxnet. An anonymous reader writes with a report at Net Security of researcher Grigorios Fragkos's much more direct approach to compromising a network: zap the hardware from an unattended ethernet port with a jolt of electricity. Fragkos, noticing that many networks include links to scattered and unattended ethernet ports, started wondering whether those ports could be used to disrupt the active parts of the network. Turns out they can, and not just the ports they connect to directly: with some experimentation, he came up with a easily carried network zapping device powerful enough to send a spark to other attached devices, too, but not so powerful -- at least in his testing -- to set the building on fire. As he explains: I set up a network switch, and over a 5 meters Ethernet cable I connected an old working laptop. Over a 3 meters cable I connected a network HDD and over a 100 meters cable I connected my “deathray” device. I decided to switch on the device and apply current for exactly 2 seconds. The result was scary and interesting as well. The network switch was burned instantly with a little “tsaf” noise. There was also a buzzing noise coming from the devices plugged-in to the network switch, for a less than a second. There was a tiny flash from the network HDD and the laptop stopped working. It is not the cheapest thing in the world to test this, as it took all of my old hardware I had in my attic to run these experiments. I believe the threat from such a high-voltage attack against a computer infrastructure is real and should be dealt with.

Chinese Researchers Propose Tor-Inspired Overhaul of Bitcoin 46

Patrick O'Neill writes: Although Bitcoin was never designed to be anonymous, many of its users have used it as if it were. Now, two prominent Chinese researchers are proposing a system that encrypts all new Bitcoin transactions layer by layer to beat network analysis that can unmask Bitcoin users. The new research is inspired by the Tor anonymity network. The researchers' paper is at arXiv. (Also covered by The Stack.)

Facebook Dislike Hype Exploited In Phishing Campaign 54

An anonymous reader writes: A new Facebook scam is quickly spreading across the social network which plays on the announcement of the highly-anticipated 'Dislike' button. A new scamming campaign is now exploiting impatient Facebook users anxiously awaiting the dislike button addition, by tricking them into believing that they can click on a link to gain early access to the feature. Once the unsuspecting victim selects a link, they are led to a malicious website, which enables access to their private Facebook accounts and allows the hackers to share further scam links on their behalf.

AVG Proudly Announces It Will Sell Your Browsing History To Online Advertisers 229

An anonymous reader writes: AVG, the Czech antivirus company, has announced a new privacy policy in which it boldly and openly admits it will collect user details and sell them to online advertisers for the purpose of continuing to fund its freemium-based products. This new privacy policy is slated to come into effect starting October 15. The policy says: We collect non-personal data to make money from our free offerings so we can keep them free, including: Advertising ID associated with your device; Browsing and search history, including meta data; Internet service provider or mobile network you use to connect to our products, and Information regarding other applications you may have on your device and how they are used.

AT&T Says Malware Secretly Unlocked Hundreds of Thousands of Phones 123

alphadogg writes: AT&T said three of its employees secretly installed software on its network so a cellphone unlocking service could surreptitiously funnel hundreds of thousands of requests to its servers to remove software locks on phones. The locks prevent phones from being used on competing networks and have been an important tool used by cellular carriers to prevent customers from jumping ship.

Microsoft Has Built a Linux Distro 282

jbernardo writes: Microsoft has built a Linux distro, and is using it for their Azure data centers. From their blog post: "It is a cross-platform modular operating system for data center networking built on Linux." Apparently, the existing SDN (Software Defined Network) implementations didn't fit Microsoft's plans for the ACS (Azure Cloud Switch), so they decided to roll their own infrastructure. No explanation why they settled on Linux, though — could it be that there is no Windows variant that would fit the bill? In other news, Lucifer has been heard complaining of the sudden cold.

Apple's First Android App Makes It Easy To Move To iOS 174

Mark Wilson writes: Apple has released its first ever Android app. No, there's not an Android version of Safari or anything like that, but a tool designed to simplify the process of switching to iOS. The predictably named Move to iOS will appeal to anyone who was persuaded to switch allegiances by the release of the iPhone 6s and iPhone 6s Plus, or indeed iOS 9. The app can be used to move contacts, messages, photos and more to a new iPhone or iPad, and is compatible with phones and tablets running Android 4.0 and newer. It works slightly differently to what you may have expected. Rather than uploading data to the cloud, it instead creates private Wi-Fi network between an Android and iOS device and securely transfers it.

Followup: Library Board Unanimously Supports TOR Relay 95

Wrath0fb0b writes: Last week, the administrators of the Kilton Public Library in New Hampshire suspended a project to host a Tor relay after the DHS sent them an email asking them to reconsider. At a board meeting yesterday, the exit node was reinstated by unanimous vote. Board member Francis Oscadal said, "With any freedom there is risk. It came to me that I could vote in favor of the good ... or I could vote against the bad. I’d rather vote for the good because there is value to this." Deputy Police Chief Philip Roberts said, "We simply came in as law enforcement and said, 'These are the concerns.' We wanted to inform everyone so it was an educated decision by everyone involved." Deputy City Manager Paula Maville added, "This is about making an informed decision. Whatever you need to do, we’re here to support that."

Nine of World's Biggest Banks Create Blockchain Partnership 93

An anonymous reader writes: Nine major banks, including Barclays, Goldman Sachs, Credit Suisse, and JP Morgan have teamed up to bring Bitcoin's blockchain technology to financial markets. "Over the past year, interest in blockchain technology has grown rapidly. It has already attracted significant investment from many major banks, which reckon it could save them money by making their operations faster, more efficient and more transparent." Leaving aside the question of whether banks actually want to become more transparent, they're funding a firm dedicated to running tests on how data can be shared and collected through the blockchain. "The blockchain works as a huge, decentralized ledger of every bitcoin transaction ever made that is verified and shared by a global network of computers and therefore is virtually tamper-proof. ... The data that can be secured using the technology is not restricted to bitcoin transactions. Two parties could use it to exchange any other information, within minutes and with no need for a third party to verify it."

Neural Network Chess Computer Abandons Brute Force For "Human" Approach 95

An anonymous reader writes: A new chess AI utilizes a neural network to approach the millions of possible moves in the game without just throwing compute cycles at the problem the way that most chess engines have done since Von Neumann. 'Giraffe' returns to the practical problems which defeated chess researchers who tried to create less 'systematic' opponents in the mid-1990s, and came up against the (still present) issues of latency and branch resolution in search. Invented by an MSc student at Imperial College London, Giraffe taught itself chess and reached FIDE International Master level on a modern mainstream PC within three days.
Wireless Networking

25 Years Ago, a Meeting Spawned Wi-Fi 75

alphadogg writes: It was retail remodeling that spurred NCR, a venerable cash-register company, to find out how it could use newly opened frequencies to link registers and mainframes without wires. Its customers wanted to stop drilling new holes in their marble floors for cabling every time they changed a store layout. In 1985, the U.S. Federal Communications Commission voted to leave large blocks of spectrum unlicensed and let vendors build any kind of network they wanted as long as they didn't keep anyone else from using the frequencies. NCR jumped at the chance to develop a wireless LAN, something that didn't exist at the time, according to Vic Hayes, a former engineer at the company who's been called the Father of Wi-Fi.
Input Devices

Using a Smartphone As a Virtual Reality Controller 13

New submitter mutherhacker writes: A group from Osaka University in Japan and McMaster University in Canada have presented a method to control a virtual 3D object using a smartphone [video]. The method was primarily designed for presentations but also applies to virtual reality using a head mounted display, gaming or even quadrocopter control. There is an open paper online as well as a git repository for both the client and the server. The client smartphone communicates with the main computer over the network with TUIO for touch and Google protocol buffers for orientation sensor data.

In Survey of American Universities, MIT Scores Worst In Cybersecurity 47

An anonymous reader writes: In a cybersecurity survey of 485 large colleges and universities, the Massachusetts Institute of Technology came in at the bottom of the list. In a report released today, SecurityScorecard analyzed the educational institutions based on web application security, network security, endpoint security, IP reputation, patching, and other security indicators. That might not seem intuitive, but according to the linked article, it's not purely mistaken. Some of that low ranking can be chalked up to things like intentional security holes created in the course of researching vulnerabilities, but some of it comes from "exposed passwords, old legacy systems, and a bunch of administrative subdomains that seem to have been forgotten about," as well as pockets of malware.