Latest Entries »

New chip could lead to era of ultra-fast, powerful computing

A group of scientists have developed a quantum computer chip that could lead to ultra-fast computer processors, which would outperform those found in today’s standard electronics and smartphones.

The group, led by researchers from the University of Bristol’s Centre for Photonics, will unveil the new silicon quantum chip at the 2012 British Science Festival, which starts Tuesday.

The new silicon chips are significant because they work by manipulating light particles to perform calculations, an improvement over current chips that use electrical currents.

The new chips are also 1,000 times smaller than older chips made of glass, and could eventually be used to develop tiny hybrid processors – a mix of conventional and quantum processors — in all computers and smartphones.

The centre’s deputy director Mark Thompson said the development of the new, smaller chips means researchers can use the technology in devices that were previously not compatible with older chips.

This means new areas of science can be explored, said Thompson.

“This is very much the start of a new field of quantum-engineering, where state-of-the-art micro-chip manufacturing techniques are used to develop new quantum technologies and will eventually realize quantum computers that will help us understand the most complex scientific problems,” he said in a press release.

One way the team plans to use the new chips is to create safer communication in today’s electronic devices, by creating completely secure environments for online activities such as shopping and banking.

The new chips transmit information in a specialized quantum state that changes whenever someone tries to intercept the data. This makes it impossible for someone to grab information undetected. And because of their tiny size, the chips could eventually be installed in today’s thin smartphones, tablets and computers, protecting the devices from hackers.

Eventually the research team believes the new chip will lead to the development of a fully-functioning quantum processor — a powerful type of computer with unprecedented computing power. A quantum computing device is powerful enough to solve trillions of equations at a time.

A quantum processor could used be in a number of different applications, including the design of new materials and pharmaceuticals.

Source: Bristol University News

Google engineer finds British spyware on PCs and smartphones

Two security researchers have found new evidence that legitimate spyware sold by British firm Gamma International appears to be being used by some of the most repressive regimes in the world.

Google security engineer Morgan Marquis-Boire and Berkeley student Bill Marczak were investigating spyware found in email attachments to several Bahraini activists. In their analysis they identified the spyware infecting not only PCs but a broad range of smartphones, including iOS, Android, RIM, Symbian, and Windows Phone 7 handsets.

The spying software has the capability to monitor and report back on calls and GPS positions from mobile phones, as well as recording Skype sessions on a PC, logging keystrokes, and controlling any cameras and microphones that are installed.

They report the code appears to be FinSpy, a commercial spyware sold to countries for police criminal investigations. FinSpy was developed by the German conglomerate Gamma Group and sold via the UK subsidiary Gamma International. In a statement to Bloomberg, managing director Martin Muench denied the company had any involvement.

“As you know we don’t normally discuss our clients but given this unique situation it’s only fair to say that Gamma has never sold their products to Bahrain,” he said. “It is unlikely that it was an installed system used by one of our clients but rather that a copy of an old FinSpy demo version was made during a presentation and that this copy was modified and then used elsewhere.”

Parallel research by computer investigators at Rapid7 found command and control software servers for the FinSpy code running in Indonesia, Australia, Qatar, Ethiopia, the Czech Republic, Estonia, Mongolia, Latvia, and the United Arab Emirates, with another server in the US running on Amazon’s EC2 cloud systems. Less than 24 hours after the research was published, the team noted that several of these servers were shut down.

Gamma and FinSpy gained notoriety last year when documents apparently from the company were found in the Egyptian security service headquarters when it was ransacked by protestors after the fall of Hosni Mubarak. These appear to be a proposal that the Egyptian government buy a five-month license for the software for €287,000. Again Gamma denied involvement.

But Marquis-Boire and Marczak told The New York Times that they appear to have found a link to Gamma in these latest code samples. The malware for Symbian phones uses a code certificate issued to Cyan Engineering, whose website is registered to one Johnny Geds.

The same name is listed as Gamma Group’s sales contact on the FinSpy proposal uncovered in the raid on Egypt’s security headquarters. Muench has confirmed they do employ someone of that name in sales but declined to comment further.

Commercial spyware is an increasingly lucrative racket, as El Reg has pointed out, and there’s growing evidence that Britain is one of the leading players in the market. Privacy International has formally warned the British government that it will be taking legal action on the issue and this latest research only adds weight to the issue.

Source: The Register

Latest Java software opens PCs to hackers: experts

Computer security firms are urging PC users to disable Java software in their browsers, saying the widely installed, free software from Oracle Corp opens machines to hacker attacks and there is no way to defend against them.

The warnings, which began emerging over the weekend from Rapid7, AlienVault and other cyber security firms, are likely to unnerve a PC community scrambling to fend off growing security threats from hackers, viruses and malware.

Researchers have identified code that attacks machines by exploiting a newly discovered flaw in the latest version of Java. Once in, a second piece of software called “Poison Ivy” is released that lets hackers gain control of the infected computer, said Jaime Blasco, a research manager with AlienVault Labs.

Several security firms advised users to immediately disable Java software — installed in some form on the vast majority of personal computers around the world — in their Internet browsers. Oracle says that Java sits on 97 percent of enterprise desktops.

“If exploited, the attacker will be able to perform any action the victim can perform on the victim’s machine,” said Tod Beardsley, an engineering manager with Rapid7’s Metasploit division.

Computers can get infected without their users’ knowledge simply by a visit to any website that has been compromised by hackers, said Joshua Drake, a senior research scientist with the security firm Accuvant.

Java is a computer language that enables programmers to write one set of code to run on virtually any type of machine. It is widely used on the Internet so that Web developers can make their sites accessible from multiple browsers running on Microsoft Windows PCs or Macs from Apple Inc.

An Oracle spokeswoman said she could not immediately comment on the matter.

Security experts recommended that users not enable Java for universal use on their browsers. Instead, they said it was safest to allow use of Java browser plug-ins on a case-by-case basis when prompted for permission by trusted programs such as GoToMeeting, a Web-based collaboration tool from Citrix Systems Inc

Rapid7 has set up a web page that tells users whether their browser has a Java plug-in installed that is vulnerable to attack: www.isjavaexploitable.com

Source: Reuters

Ryan says: I would recommend updating to the latest version of Java.  The latest version of Java Runtime Environment JRE-64-bit is here. For users with older computers, try downloading the latest version in 32-bit.

Valve: Agree to not sue us or lose access to Steam

Gamers beware: Valve Software, the firm behind immensely popular gaming portal Steam, wants you to waive your right to sue before you continue gathering games using its digital distribution platform. The company has amended its subscriber agreement to stipulate that by subscribing to its service, users agree to not file lawsuits against the company. Gaming giants Microsoft (MSFT), Sony (SNE) and Electronic Arts (EA) have similar policies in place, Kotaku notes.

“It’s clear to us that in some situations, class actions have real benefits to customers,” Valve said in a statement. “In far too many cases however, class actions don’t provide any real benefit to users and instead impose unnecessary expense and delay, and are often designed to benefit the class action lawyers who craft and litigate these claims.”

The statement continued, ”Class actions like these do not benefit us or our communities. We think this new dispute resolution process is faster and better for you and Valve while avoiding unnecessary costs, and that it will therefore benefit the community as a whole.”

Source: Yahoo!

Researchers Say They Took Down World’s Third-Largest Botnet

On Wednesday, computer security experts took down Grum, the world’s third-largest botnet, a cluster of infected computers used by cybercriminals to send spam to millions of people. Grum, computer security experts say, was responsible for roughly 18 percent of global spam, or 18 billion spam messages a day.

Computer security experts blocked the botnet’s command and control servers in the Netherlands and Panama on Tuesday. But later that day, Grum’s architects had already set up seven new command and control centers in Russia and Ukraine. FireEye, a computer security company based in Milpitas, Calif., said it worked with its counterparts in Russia and with SpamHaus, a British organization that tracks and blocks spam, to take down those command and control centers Wednesday morning.

The researchers said they were able to vanquish the botnet by tracing Grum back to its servers and alerting Internet service providers to shut those computers down.

Technologists have taken the lead in combating digital crime rather than waiting for law enforcement authorities to act. Earlier this year, Microsoft employees assisted federal marshals in a raid on botnet servers in Pennsylvania and Illinois. Those servers were used by criminals to run Zeus, a botnet that siphoned people’s personal information, like online bank account passwords and credit card numbers, from infected computers. Almost simultaneously, a separate group of cybersecurity researchers in San Francisco were busy eliminating another botnet, called Kelihos.b, which was used to send spam.

While computer security companies are quick to publicize botnet takedowns, their gains tend to be temporary. The blocking of Kelihos.b lasted less than a week before a modified version of the botnet started infecting computers. Microsoft’s takedown of Waledac, another spam botnet in 2010, lasted only as long as the time it took its creators to modify its architecture slightly and create a new botnet.

So what’s to say Grum’s creators will not just run their botnet from a new command and control center tomorrow?

“It’s not about creating a new server. They’d have to start an entirely new campaign and infect hundreds of thousands of new machines to get something like Grum started again,” said Atif Mushtaq, a computer security specialist at FireEye.”They’d have to build from scratch. Because of how the malware was written for Grum, when the master server is dead, the infected machines can no longer send spam or communicate with a new server.”

Source: New York Times

iPhone 4S iOS 5.1.1 Unlock Now Available at Ryan’s Unlock Shop

The long awaited  iPhone 4S iOS 5.1.1 Unlock is now available for purchase off of our unlocking website.  The newest unlock on the market works flawlessly with easy to use function, no programming, no 112, no SIM cutting required!  This unlock has been fully tested and will work with every carrier in Canada!

We have a limited quantity of the newest iOS 5.1.1 unlock so if you need one, give us a call or checkout on the site (Free Shipping to anywhere in Canada is INCLUDED.)

What are the “Top 4” benefits of Unlocking and Jailbreaking an iPhone 4S?

More and better apps

The main reason for unlocking your iPhone is to be able to install as many apps as you wish. This cannot happen when you have your iPhone running on the software that you bought with it. Some of the most important apps that will serve you are normally restricted. Most of the times when you try to install them on your new iPhone you will receive an error message similar to this- the application is not from a trusted supplier.  The best way that you can avoid this is by unlocking the newly purchased iPhone. After all, you bought the phone so that it could serve you in the ways that you wish for.

Change your iPhone camera to perform video recording

Well, many of us who have been using the iPhone can bear witness that the mobile handset does not perform video recording as expected by most users. This is one disadvantage that the iPhone developers failed to consider. You can easily overcome this nightmare by trying out to unlock your iPhone. Once you have unlocked it you will be able to use the normal camera that the phone has to carry out video recording. This will require you to install other applications that will facilitate this.

Use the best themes

One thing that we are used to in the iPhones is the normal interface that they have on their handsets. Are you bored by this? Well, I am a victim that cannot bear having the same theme each year I get a new iPhone. Therefore the best way to solve this issue is to unlock my iphone. It is very easy to download and install the themes that you want once your iPhone is unlocked. You should try out the themes that are compatible with your iPhone I am sure that you will love it.

Feeling of being free

Last but not least, the most important reason that we decide to have our iPhones unlocked is to have the feeling of being free to do anything. It is very hard to carry out any function on the iPhone that you have before you get to unlock it. This is because everything is copyright protected. This means that you are limited to the usage of your device. This is why we look for options that will break us free from the carrier that we are using.

 

Hands On With Clueful, the iOS App That Rats Out Privacy Risks

When you install a new mobile app, you expect it to use your data according to the permissions you’ve allowed. So, when an app suddenly uses your information in an unexpected way — who can forget Path’s address-book-sharing saga? — it can feel like a betrayal.

Clueful, which made its debut at TechCrunch Disrupt today, is an app designed to prevent surprises. Clueful helps you identify “misdemeanant” apps on your iPhone — software that’s transmitting your data in ways you weren’t aware of.

Created by antivirus software developer Bitdefender, the app is simple enough. It gathers information on what apps are running in your iPhone’s memory and submits it anonymously to the “Clueful Cloud” for analysis. Using its own database of app behaviors, it then tells you what your software could be up to: whether an app uses GPS, whether an app is a battery-draining risk, or if an app can use address book information, among other things. The results are neatly listed, albeit in what appears to be random order, and you can tap an app listing to get more details on the possible risk areas of that app.

It’s not all fire and brimstone, though. The app also reveals “Things you might appreciate” for each app, such as information on whether it uses an anonymous identifier or encrypts stored data. (Foodspotting, for instance, does both of these things.)

It can be surprising to learn which apps do and don’t have solid security practices, and which apps are quietly tracking usage information for advertising purposes — something most apps do not openly reveal when you download them.

The app has several major pitfalls, though. For one, it can only provide information on free apps, so that sketchy $1 Angry Birds ripoff you got last week could be having a field day with your personal info, and you’d still never know it. And although it launches with a database of thousands of apps, there are more than 600,000 apps in the App Store, according to Apple’s Q2 earnings report. Clueful lets you search to see which apps are in its database, and we found some relatively big names were left out: Clear, Mint and Evi to name just three.

Also, Clueful doesn’t drill down into exactly what data is being transmitted from an app. Instead, it just generally reports what an app can and could be sending. (“Can” and “could” are differentiated.) Strangely, Clueful also “found” apps on my phone that I’ve never used or downloaded, like FlickFishing HD in the image above, and apps called Scoops and Quizarium. I’m sure they’re fine apps, but I’ve never downloaded them.

At $4 in the App Store, I can’t rightly recommend this app as a must-download. But if you’re completely anal about how your data is being used, or just curious, the download could be justified.

Source: Wired

Apple patches serious security holes in iOS devices

Apple has shipped a high-priority iOS update to fix multiple security holes affecting the browser used on iPhones, iPads and iPod Touch devices.

The iOS 5.1.1 update fixes four separate vulnerabilities, including one that could be used to take complete control of an affected device.

Here’s the skinny of this batch of updates:

  • A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.
  • Multiple security holes in the open-source WebKit rendering engine. These could lead to cross-site scripting attacks from maliciously crafted web sites. These vulnerabilities were used during Google’s Pwnium contest at this year’s CanSecWest conference.
  • A memory corruption issue in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue was discovered and reported by Google’s security team.

This patch is only available via iTunes. To check that the iPhone, iPod touch, or iPad has been updated:

  1. Navigate to Settings
  2. Select General
  3. Select About. The version after applying this update will be “5.1.1″.

Ryan says: As always, do not update to 5.1.1 if your iPhone is unlocked or jailbroken already or if you plan doing this in the future.

New iPhone app enables self-destructing sext messages

Sexting, or the act of sending sexually explicit messages or photographs between mobile phones, continues to grow increasingly popular. Mobile users often have private photos posted to the Internet without their permission, and politicians and celebrities alike have taken explicit photos that using mobile devices that were eventually leaked. Unfortunately for Anthony Weiner, the congressman wasn’t aware of an iPhone app by the name of Snapchat. The program is available for free in Apple’s App Store and allows users to send photos that self-destruct within 1-10 seconds. Images cannot be saved in the app, and Snapchat will even notify users if the recipient takes a screenshot — though there is no way to prevent screenshots from being taken, of course. It should also be noted that images are stored on the developer’s servers, and while the company “attempt(s) to delete image data as soon as possible after the message is transmitted,” it cannot guarantee messages will always be deleted. “Messages, therefore, are sent at the risk of the user,” the company’s privacy policy warns.

Source: Forbes / BGR

If You Have a Smart Phone, Anyone Can Now Track Your Every Move

Location services company Navizon has a new system, called Navizon I.T.S., that could allow tracking of visitors in malls, museums, offices, factories, secured areas and just about any other indoor space. It could be used to examine patterns of foot traffic in retail spaces, assure that a museum is empty of visitors at closing time, or even to pinpoint the location of any individual registered with the system. But let’s set all that aside for a minute while we freak out about the privacy implications.

Most of us leave Wi-Fi on by default, in part because our phones chastise us when we don’t. (Triangulation by Wi-Fi hotspots is important for making location services more accurate.) But you probably didn’t realize that, using proprietary new “nodes” from Navizon, any device with an active Wi-Fi radio can be seen by a system like Navizon’s.

Navizon’s technology is also reminiscent of the location data provided to retailers and marketers by Skyhook’s Spotrank system, which has a different set of pros and cons: That data is available for every point on the planet, but it only includes devices running Skyhook software.

The rollout of this technology means there are now at least three ways that users can track their locations indoors, where GPS is generally useless — bluetooth beacon, Spotrank (and proprietary vendor) databases of Wi-Fi hotspots, and Navizon’s I.T.S. nodes. It also marks the second way (that I know of) for you to be tracked via the location of your phone, whether you want to be or not. (The first requires access to your cell phone carrier, and is used for example to locate your position when you make a 911 call.)

It shouldn’t be surprising that carrying around a little RF transmitter in your pocket makes you visible to all sorts of tracking technology. Maybe it’s simply the (inevitable) commercialization of this fact that is somehow unnerving.

 

 

Source: Technology Review

Half a million Mac computers ‘infected with malware

More than half a million Apple computers have been infected with the Flashback Trojan, according to a Russian anti-virus firm.

Its report claims that about 600,000 Macs have installed the malware – potentially allowing them to be hijacked and used as a “botnet”.

The firm, Dr Web, says that more than half that number are based in the US.

Apple has released a security update, but users who have not installed the patch remain exposed.

Flashback was first detected last September when anti-virus researchers flagged up software masquerading itself as a Flash Player update. Once downloaded it deactivated some of the computer’s security software.

Later versions of the malware exploited weaknesses in the Java programming language to allow the code to be installed from bogus sites without the user’s permission.

Dr Web said that once the Trojan was installed it sent a message to the intruder’s control server with a unique ID to identify the infected machine.

“By introducing the code criminals are potentially able to control the machine,” the firm’s chief executive Boris Sharov told the BBC.

“We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals’ hands. However, we know people create viruses to get money.

“The largest amounts of bots – based on the IP addresses we identified – are in the US, Canada, UK and Australia, so it appears to have targeted English-speaking people.”

Dr Web also notes that 274 of the infected computers it detected appeared to be located in Cupertino, California – home to Apple’s headquarters.

Java’s developer, Oracle, issued a fix to the vulnerability on 14 February, but this did not work on Macintoshes as Apple manages Java updates to its computers.

Apple released its own “security update” on Wednesday – more than eight weeks later. It can be triggered by clicking on the software update icon in the computer’s system preferences panel.

The security firm F-Secure has also posted detailed instructions about how to confirm if a machine is infected and how to remove the Trojan.

Although Apple’s system software limits the actions its computers can take without requesting their users’ permission, some security analysts suggest this latest incident highlights the fact that the machines are not invulnerable.

“People used to say that Apple computers, unlike Windows PCs, can’t ever be infected – but it’s a myth,” said Timur Tsoriev, an analyst at Kaspersky Lab.

Apple could not provide a statement at this time.

Ryan: Download Apple’s security update for the Flashback Trojan here.

Source: BBC News