Evidently the protection isn’t critical

By John Leyden • Get more from this author

Hacktivists have posted “secret documents” stolen from an Italian cybercrime unit.

The documents – 8GB of files – were extracted from a system maintained by the Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche (CNAIPIC), the organisation charged with guarding the country’s critical IT infrastructure. In a message on Twitter announcing the release, Anonymous said it had received the files from an unnamed “source”, prior to posting a sample of the files onto Pastebin. “#AntiSec strikes at Italy Government. Silent no more,” it said.

Anonymous makes no direct mention on the motive for the attack, but it may well have been a retaliation to the arrests of alleged members of Anonymous in Italy earlier this month.

A story on the release can be found on The Hacker News here.

Hackers affiliated with the AntiSec movement have also hit GIS Austria, the Austrian TV licence fee collector. The organisation said 214,000 data files were swiped from its systems by Anonymous on Friday and that 96,000 of these had contained “account information”. The hack is under investigation and affected customers have been informed. GIS’s statement can be found here (in German). ®

Security researcher Charlie Miller has found a potential security weakness that potentially allows a hacker to take control of a MacBook – or even have it explode.

“These batteries just aren’t designed with the idea that people will mess with them. What I’m showing is that it’s possible to use them to do something really bad,” Miller said, according to a blog post on Forbes.com.

Miller is currently a researcher with the consultancy Accuvant, Forbes said.

Laptop batteries contain a microcontroller that monitors the power level and lets the laptop’s operating system and charger respond appropriately.

Such microcontrollers can even regulate the heat they generate.

But Miller said that when he examined batteries in several Macbooks, Macbook Pros and Macbook Airs, he found the batteries’ chips are shipped with default passwords.

Potentially, he said anyone who discovers that password and learns to control the chips’ firmware can use the batteries to hack into the MacBooks.

Miller said he plans to expose and provide a fix for a potential attack using the microchips that control their batteries, at a Black Hat security conference in August.

That includes “permanently ruining batteries at will, and may enable nastier tricks like implanting them with hidden malware that infects the computer no matter how many times software is reinstalled or even potentially causing the batteries to heat up, catch fire or explode,” Forbes said.

He also said he plans to release a tool for Apple users, “Caulkgun,” that changes the battery firmware’s passwords to a random string.

Miller also sent Apple and Texas Instruments his research to inform them of the vulnerability, although he has yet to get a reply from Apple.

“No one has ever thought of this as a security boundary,” says Miller. “It’s hard to know for sure everything someone could do with this.”

Criminal potential

Forbes quoted Miller as saying one can install persistent malware on the chip that infects the rest of the computer to steal data, control its functions, or cause it to crash.

“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery,” he said.

He said few IT administrators would think to check a battery’s firmware for the source of that infection.

Worse, the chip could re-infect the computer again and again if it is not discovered.

Blowing up

Forbes said that the disturbing prospect of a hacker remotely blowing up a battery on command may be possible.

Miller said that while the batteries he examined have safeguards against explosions, having a battery blow up on command might still be possible.

“You read stories about batteries in electronic devices that blow up without any interference. If you have all this control, you can probably do it,” he said.

Analyzing software updates

Miller discovered two passwords in accessing and altering Apple batteries by analyzing a software update Apple instituted in 2009 to address a problem with Macbook batteries.

He reverse-engineered the firmware and found how to rewrite the firmware to do whatever he wanted. — TJD, GMA News

– Credit: http://www.gmanews.tv/story/227329/technology/macs-prone-to-hacking-via-battery-report

The FBI, which has a special Internet fraud center, received more than 25,000 complaints a month last year from people who were defrauded over the Internet by fake companies which offered to sell goods that never arrived, by people whose identities were stolen and by victims scammed by someone who claimed to be an FBI agent.

Victims lost hundreds of millions of dollars, according to the FBI’s Internet fraud report for 2010.

The conventional view of hackers as pimply faced, isolated young men out to harmlessly joyride some big company’s servers is out of date, despite the presence of groups such as Anonymous and Lulz Security, which strike for fun and political reasons.

The more worrisome hackers are crime rings in Asia and Eastern Europe or elsewhere beyond the easy reach of the law, where hackers may use a wireless connection in a Russian library to avoid detection.

These are the individuals who steal personal information, like names, addresses, dates of birth and email addresses. They then sell that information to thieves in Internet chat rooms. Those thieves often round out what they know about victims from Facebook pages — maybe a birthplace from a Facebook quiz — or other social media.

Maybe they’ll send a phishing email, pretending to know the victims. Or maybe they’ll send them something they might like because they have found out, for example, that they have a Sony PlayStation and were born in 1943.

But that game download for a grandchild could include key-logging software that secretly tells thieves what victims type. Perhaps they’ll use that to find out which banks they use, and their user names and passwords.

Some advice:

_ Limit information on Facebook and other social media. “Citizens need to start recognizing the value of their own personal data and not put out any data that isn’t necessary,” said U.S. Representative Jim Langevin, a co-founder of the Congressional Cyber Security Caucus.

_ Have solid Internet computer security software and update it monthly. Word to the wise: porn sites are notoriously loaded with viruses.

“Don’t click on links in spam messages and be extra suspicious of messages that piggyback on recent hot news items or events such as holidays,” says Joris Evers, a spokesman for McAfee Inc.

_ Some security experts advise against clicking in links in any email, no matter what the source.

_ Use strong passwords, which means a password that is long and has a mix of letters, numbers and symbols. A strong password is especially important for financial transactions.

Jim Lewis, a cyber expert with the Center for Strategic and International Studies, said he does frequent sweeps of his computer using different security software.

“I do not use computers that my children use for my financial transactions,” said Lewis. “I change passwords and user names very frequently, not that that’s perfect.”

There are efforts to combat spam and phishing attacks.

Many Internet service providers identify and stop spam — estimated to be 90 percent of Internet traffic — before it reaches an inbox. But they only get a percentage.

Comcast, a major Internet service provider, reaches out to customers who have been contacted by potential criminals to warn them, said Jay Opperman, Comcast’s senior director of security and privacy.

“Our customers are very happy with the fact that we’re proactive,” he said. “Overwhelmingly, they’re like ‘Wow, I didn’t know. Thanks for letting me know.’”

Security researchers at Kaspersky Lab have detailed a new botnet–a collection of infected computers controlled by cybercriminals–called TDL-4, that might just be “indestructible.”

TDL-4 gets its name by being the fourth generation of the botnet. In 2008, the original TDL appeared. It has been altered over the last several years. With TDL-4, Kaspersky has found, the malware creators have drastically improved the botnet over its predecessors.

“The malware writers extended the program functionality, changed the algorithm used to encrypt the communication protocol between bots and the botnet command and control servers, and attempted to ensure they had access to infected computers even in cases where the botnet control centers are shut down,” Kaspersky wrote on its SecureList blog earlier this week. “The owners of TDL are essentially trying to create an ‘indestructible’ botnet that is protected against attacks, competitors, and antivirus companies.”

Central to TDL-4′s updates is an improved algorithm that encrypts communications between infected computers and the botnet’s command. According to Kaspersky, TDL-4 creates an identifier known as “bsh parameter” that “acts as one of the encryption keys for subsequent connections to the command and control server.” Once a request between command and the computer is activated, it’s transmitted over an HTTPS connection. According to Kaspersky, that system helps the botnet “run smoothly” and, at the same time, stops anyone else from trying to take control over it.

To help safeguard itself from removal, TDL-4 infects a computer’s master boot record, thus allowing it to run before the operating system starts up, and keep it away from the prying eyes of anti-malware programs. What’s more, the botnet deletes other malicious files that might get caught by security tools and tip users to TDL-4 running on their computers. In their place, TDL-4 has downloaded about 30 malicious programs on infected computers, including “fake anti-virus programs, adware, and the Pushdo spambot,” Kaspersky says.

According to Kaspersky, the botnet also uses peer-to-peer network Kad to issue several commands, including searching for new files, publishing files to Kad, and more.

The big upshot of that for TDL-4 creators, Kaspersky says, is that even if “its command and control centers are shut down, the botnet owners will not lose control over infected machines,” since they’ll still be able to access Kad.

Although Kaspersky believes TDL-4 is practically impenetrable, not everyone is so quick to agree. Writing for InfoWorld today, Roger Grimes, a self-described “24-year veteran of the malware wars,” says that there has yet to be a single threat that has been able to hold its ground indefinitely.

“I can safely tell you that no threat has appeared that the antimalware industry and OS vendors did not successfully respond to,” Grimes writes. “It may take months or years to kill off something, but eventually the good guys get it right.”

He makes a solid point. Last year, Conficker was taken down after wreaking havoc on computers worldwide since 2008. Earlier this month, the FBI announced that it had taken down the Coreflood botnet.

But TDL-4′s functionality might just be in a league of its own. As Kaspersky notes, the botnet can “manipulate adware and search engines, provide anonymous Internet access, and act as a launch pad for other malware.”

According to Kaspersky, 28 percent of all infected TDL-4 computers are in the U.S. Computers in the U.K., Italy, France, and many other countries are also infected with TDL-4. All told, more than 4.5 million computers were infected with TDL-4 in the first three months of 2011 alone.

Consumers’ social insurance numbers, banking information and tax records were discovered on used electronics that Staples Business Depot “wiped” for resale, Canada’s Privacy Commissioner has found.

Her annual report chastised Staples, an office supplies chain, for not fully deleting sensitive data from returned devices such as laptops and USB hard drives, leaving customers at risk of identity theft or fraud.

As more and more personal information takes a digital shape, calls for companies like Staples to protect consumer data have become louder.“I’m hugely disappointed looking at the whole Staples situation,” said Privacy Commissioner Jennifer Stoddart in an interview.

“The onus should not be on consumers to wipe their devices clean.”

The privacy office conducted a year-long, country-wide audit of Staples after a series of complaints.

More than one-third of the 149 “clean” devices audited still held the previous owner’s information, according to the report.

Although Staples complied with most of the audit’s recommendations, it has not committed to properly destroying consumer data, Ms. Stoddart said.

Staples took issue with the report in a statement released Tuesday. Staples “responded positively to all of the Privacy Commissioner’s recommendations well before the release of this audit,” according to the statement.

“Further, Staples has implemented changes that exceed current industry practice to remove personal data from returned memory devices. This meets the level requested by the Privacy Commissioner,” it continued.

But in its original response to the audit, Staples said overwriting data was “commercially unviable” and the company was “actively testing” ways to remove personal information that would not damage or destroy a hard drive.

Wiping a hard drive can cost up to $100 per computer, but it’s harmless, said cyber forensic specialist Daniel Tobok, president of Digital Wyzdom.

“You cannot hurt the operating system or the hard drive by doing a DOD standard wipe on the hard drive,” he said.

“It’s done by governments and financial institutions every day.”

There have been no reports of identity theft or fraud connected to an improperly wiped Staples device, but consumers should be aware, Ms. Stoddart said. If the company does not comply with her recommendations by June of 2012, as verified by a third party, she said she will launch a formal investigation.

…….

Crisis management

An employer learns what an emergency contact list is for

Emergency contacts: People to call in a crisis or people whom managers should advise on the home front?

A manager at a small trucking company evidently felt the latter, according to the Privacy Commissioner’s annual report.

The manager sent a letter to every driver’s emergency contact – be it their spouse, mother, or sibling – to give them advice on the employee’s health and safety.

“I am hoping that we can count on you to do your part to make sure that your loved one is coming to work rested,” the manager wrote in the letter.

“Things like saving their ‘honey do’ list or other physically or emotionally draining tasks for days they are not working are a good start.”

After an employee anonymously complained about the letter, a privacy officer gave the manager a honey-don’t list for when to call emergency contacts.

The manager destroyed the mailing list and the problem was resolved without a formal complaint.

Online video is exploding, with annual user growth of more than 45 percent. Mobile-device time spent increased 28 percent last year — with average smartphone time spent doubling. And social networks are now used by 90 percent of U.S. Internet users — for an average of more than four hours a month.

None of this is a newsflash. Every venture capitalist, Web publisher, and digital marketer is hyper-aware of these three trends.

But what’s happening to the rest of the Web?

The Web Is Shrinking. Really.

When you take these three growth areas out of the picture, the size of the hole left behind is staggering: the rest of the Web — the tried and true core that we thought would have limitless growth — is already shrinking.

Here are the facts:

When you exclude just Facebook from the rest of the Web, consumption in terms of minutes of use shrank by nearly nine percent between March 2010 and March 2011, according to data from comScore. And, even when you include Facebook usage, total non-mobile Internet consumption still dropped three percent over the same period.

We’ve known that social is growing lightning fast — notably, Facebook consumption, which grew by 69 percent — but now it’s clear that Facebook is not growing in addition to the Web. Rather, it’s actually taking consumption away from the publishers who compete on the rest of the Web.

And just what is the rest of the Web?

I have been calling it the “document Web,” based on how Google and other Web architectures view its pages as documents, linked together. But increasingly, it might as well be called the “searchable Web” since it’s accessed predominantly as a reference, and navigated primarily via search.

And it’s becoming less relevant.

In the last year, Facebook’s share of users’ time online grew from one out of every 13 minutes of use nationwide, to one out of every eight. In aggregate, that means the document Web was down more than half a billion hours of use (that’s more than 800 lifetimes) this March versus last March. And in financial terms, that represents a lost opportunity of $2.2 billion in advertising inventory that didn’t exist this year.

The Creation of a New, Connected Web

The change in the Web’s direction is a clear indication to me that we aren’t just in the midst of a boom for new interaction modes, but rather in a generational overhaul of the Internet.

What replaces the declining searchable Web is a new and “fully connected” digital life. You may have heard this before. After all, the promise of the Web was to connect pages with hyperlinks. Well, this time, “connected” means much more. It means the Web connects us, as people, to each one of the individuals online; and those connections, ultimately, extend from one of us to all of us.

Just as significantly, this all happens in real time, and at nearly all times.

And here’s what’s different when you connect people, as opposed to pages: Now, the Web knows who we are (identity), is with us at all times wherever we go (mobile), threads our relationships with others (social), and delivers meaningful experiences beyond just text and graphics (video).

The connected, social Web is alive, moving, proactive, and personal, while the document Web is just an artifact — suited as a universal reference, but hardly a personal experience.

The Social Web Versus the Searchable Web

Analytical explanations — increasing smartphone penetration, bandwidth availability, and technology sophistication — fill in some of the gaps as we try to understand this sea change, but they fall short.

Something larger is afoot, and it’s not about science or technology. Rather, as human beings, we have changed how we fit the Internet into our lives.

And the nature of the Web is changing to match. The old searchable Web is crashing; while the new connected, social Web is lifting off.

The implications for publishers are massive.

The last decade has been defined by the rise of Google as the nearly limitless supplier of traffic to digital media properties. And so a generation of digital media publishers developed and followed the same playbook: create lots of content around top keywords, engineer for search engine optimization (SEO) and expand the surface area in search engines to reach more users. The objective was to catch visitors in their net; expand reach — as measured by ComScore — look more impressive to advertisers and capture more demand.

The landscape is changing, and fast.

SEO’s strategic value is quickly fading as Google’s growth slows and its prominence in distribution slides away. In its place, Facebook has become the wiring hub of the connected Web — a new “home base” alternative to Google’s dominance of the last decade. Facebook began receiving as many visits as Google in March 2010, and already garners more than three times as many minutes as Google each month from users, according to comScore. Looking ahead, the best projections of U.S. online reach indicate that Facebook will surpass Google on that metric in less than a year, too.

And with this change, the nature of the relationship between users and publishers is being altered fundamentally — and perhaps forever.

Search offers a utility relationship, connecting users to content for the briefest of transactions; typically, it provokes users to just one pageview so they can find a piece of information, and then they move on.

But social discovery builds a relationship. Leveraging social endorsements and an environment of serendipitous discovery, consumers meet publishers in a meaningful context. As a result, the relationship that forms is stronger — and, more importantly for publishers, it’s branded.

Unlike the ecosystem set up by Google, where the search engine ironically intermediates between users and the objects of their queries (so that users reinforce their loyalty to Google, far more than to the publisher), in the world of social publishing, the Facebook hub enables a direct, if constrained, relationship between users and media brands.

The results — at least for my own company, Wetpaint — are that social media brings more qualified eyeballs and retains them. People who come via social media stay longer on the first visit; and they are more likely to come back sooner and more frequently. Overall, our visitors from social networks have a relationship that’s several times stronger — and several times as valuable when measured in engagement, pageviews, and revenues — than the relationships people form when then arrive through search.

The Human Connection

But it’s not just a change in mechanics. It’s a change in our human relationships.

Lewis D’Vorkin, the Chief Product Officer at Forbes, speaks of it when he and Alex Knapp talk about “live” media, quantum entanglement and mutually rewarding relationships that bind authors and readers on the new connected Web. It’s a sense of the Web moving from static published reference to living digital companion.

But there’s even more, and this vast change foreshadows bigger and better impacts on our lives. The greatest innovators in social media are driving exactly along that edge today. As one friend commented recently on the full potential of connected lives, by being joined more closely together, we can increase empathy and meaning, while decreasing isolation.

Toward a Fully Connected Future

Admittedly, we’re early in the replacement cycle when it comes to the connected Web. Even for strong connected Web performers like Huffington Post, Wetpaint, and others, the sum total of traffic from Facebook, Twitter, video, and mobile may add up to only half the total, or less.

But the trend has tipped, and with that tip has come both the business necessity and the human impact potential of elevating the relationship.

As the document Web of old shrinks, the new connected Web expands and delivers experiences that make our time online more effective, efficient, and enjoyable.

And that changes the role of companies on the Web from mere content publishers or providers to truly connected digital partners for real people.

Ben Elowitz (@elowitz) is co-founder and CEO of web publisher Wetpaint, and author of the Digital Quarters blog about the future of digital media. Prior to Wetpaint, Elowitz co-founded Blue Nile (NILE). He is an angel investor in media and e-commerce companies.

copyright: http://allthingsd.com/20110623/the-web-is-shrinking-now-what/?mod=googlenews

By Nick Clayton

The idea behind “scareware” is to frighten computer users into paying to download anti-virus software of dubious, if any, value. It can be enormously profitable which means its methodology is increasingly sophisticated.

“The people behind scareware have learned a great deal from the anti-virus industry and vice versa. It’s a copycat business,” said Richard Clooke, review program manager at PC Tools, a division of Symantec Corporation.

A common sales strategy used by legitimate businesses was, for instance, to persuade computer users to have their machines scanned online for free. They would then have to pay for software to clean up any infections. Of course, almost all computer owners would only have the vendors’ word for the existence of viruses and their removal.

That is where scareware comes in. Rather than waiting for a customer to visit a site to try and clean-up a perceived problem, scareware pops up a warning on the user’s screen. This can appear totally legitimate. In recent weeks the Firefox browser and Apple computers through MacDefender software have been the subject of scareware alerts.

To generate these alerts, users do not have to do anything stupid. Malicious code can be concealed on legitimate sites and so-called “drive-by attacks” mean visitors can generate pop-ups without clicking on anything.

“Another common tactic of fake anti-virus attackers is to ‘poison’ search engines with results that point to web pages that contain scareware. These attackers have created elaborate scripts and programs that actually use real-time trending information derived from search engines to create fake web pages containing the trending topic, but that also contain scareware.

“These fake pages then get indexed by search engines and appear in search results for legitimate timely topics. For example, earlier this year, the topics relating to the Japan earthquake and tsunami disaster, and Osama Bin Laden’s death were heavily utilized by fake anti-virus groups to ‘promote’ their scareware,” said Mike Paquette, chief strategy officer at network security company Correro.

The authors of scareware have also become increasingly adept at persuading people to buy useless or malicious programs when they see the warnings: “They’re forcing you to make an error of judgment,” said Sencer Parker of security company websense.

“They use three main mechanisms: First, there’s the visceral influence of that big flashing warning symbol on your screen.

“Second, they provoke a failure of self-regulation because of the pressure of that sign and things such as the fear of losing credit card details.

“Thirdly, there’s authority. The user thinks: ‘I’ve got an anti-virus company, who must know more than I do about these things, warning me I’ve got to take action now.’”

Under this carefully-orchestrated pressure it’s not surprising so many people are fooled into handing over their credit card details. “The main thing to look for is these scareware warnings are very much more aggressive than you’d get from any legitimate anti-virus company,” said Orla Cox of security company Symantec’s response centre.

Equally, legitimate companies do not scan a machine without asking. “The main thing is not to panic. Even if you have downloaded something it is unlikely the damage cannot be repaired,” she said.

The trick is often to Google any information such as the name of the scareware company or the wording of the warning. This will usually turn up advice and programs, which are almost always free, from legitimate vendors which will enable the computer to be repaired. If the original infected machine will not connect to the internet, as is quite common, the clean-up program can be downloaded to a memory stick.

‘I Fear the Net Will Soon Become a War Zone’

REUTERS

Evgeny Kaspersky is one of Russia’s top Internet virus hunters and IT entrepreneurs. In a SPIEGEL interview, he discusses a raft of recent hacker attacks on multinationals, the “total professionals” behind the Stuxnet virus and his fear of both personal and widespread cyber violence.

SPIEGEL: Mr. Kaspersky, when was the last time that a virus hunter like you fell victim to a cyber attack?

Evgeny Kaspersky: My computer was almost infected twice recently. When someone returned my flash card to me at a conference, it was infected with a virus. But then our own virus program helped me. The second time, the website of a hotel in Cyprus was infected. These kinds of things can happen to anyone, no matter how careful you are. I need protection just like anyone else. After all, a specialist on sexually transmitted diseases also relies on condoms for protection.

SPIEGEL: Virologists sometimes rave about the deadly perfection of the viruses they study. Do you still ever get excited yourself about the technology of a computer virus?

Kaspersky: The more sophisticated a virus is, the more exciting it is to crack its algorithm. I’m happy if I can do it. Okay, sometimes there’s a little professional respect involved, too. But it has nothing to do with enthusiasm. Every virus is a crime. Hackers do bad things. I would never hire one.

SPIEGEL: You and your company are the winners of a new era in warfare.

Kaspersky: No, because this war can’t be won; it only has perpetrators and victims. Out there, all we can do is prevent everything from spinning out of control. Only two things could solve this for good, and both of them are undesirable: to ban computers — or people.

SPIEGEL: Although your company Kaspersky Lab now employs more than 2,000 employees, it’s a small business compared with antivirus software makers like McAfee and Symantec. Can you ever catch up with them?

Kaspersky: We’re certainly trying. Russia is our most important competitive advantage. Moscow produces the world’s best programmers. It has a large number of outstanding technical universities. And although Russians can’t build cars the way you Germans can, they do write brilliant software.

SPIEGEL: You were once trained as a cryptologist by the KGB. Does that at all hinder your expansion in the West?

Kaspersky: No, but the fact that we are a company with Russian roots does. We occasionally sense a certain amount of suspicion. Nevertheless, we are now No. 1 in Germany, are growing rapidly in the United States and even have customers within NATO.

SPIEGEL: Who?

Kaspersky: A defense ministry. I won’t reveal the name of the country.

SPIEGEL: Which countries do most viruses come from?

Kaspersky: It’s hard to say because viruses unfortunately don’t carry ID cards. We can at least usually identify the originator’s language, and that’s at the moment the inventor communicates with his virus and gives it a command.

SPIEGEL: Russian programmers don’t only do good things. We assume that they also dominate the virus business.

Kaspersky: Based on the number of programmed viruses, we are in third place behind China and Latin America. Unfortunately, Russians are also among the most sophisticated and advanced players in criminal cyber activity. These days, they invent viruses and complex Trojan programs on demand. They launder money through the Internet. However, the largest number of harmful programs are written in Chinese. This means that they can be coming directly from the People’s Republic, but also from Singapore, Malaysia and even California, where there are Mandarin-speaking hackers.

SPIEGEL: Surprisingly enough, very few viruses seem to be coming from India even though it’s a rising star in the IT world.

Kaspersky: In general, the crime level in India is low. It’s probably a matter of the mentality. India and China have roughly the same population, the same computer density, a similar standard of living and similar religious roots. But China spits out viruses like they were coming off an assembly line.

Read more: http://news.cnet.com/8301-1009_3-20073682-83/how-avg-keeps-your-computer-safe/#ixzz1QD3Ec0yAAVG’s virus lab is centered in Brno, Czech Republic.

(Credit: Seth Rosenblatt/CNET)

The city of Brno in the Czech Republic is a place people go to learn. Situated some 130 miles southeast of Prague, its 11 universities host approximately 80,000 students, many of whom are computer engineers. So it’s no surprise that while AVG’s corporate offices are headquartered back in Prague, Brno hosts the lifeblood of the company: the virus lab.

Although consumer computer security has grown tremendously in the past five years–with nearly all the major security suite makers including some form of community-based protection, URL verification, or phishing prevention to accompany more traditional tools like firewalls and antispam measures–antivirus detection remains the quintessential PC security feature.

AVG’s Brno office is located in an complex that also hosts computer security vendorTrustPort, as well as a home appliance manufacturer. In most ways, the AVG offices on the sixth floor could be the offices of any software company. There’s a game room with foosball and table hockey; a small library with muted lighting; a playroom for the children of AVG employees; and relaxation spaces designed to resemble places not often seen in the heart of central Europe, like beaches festooned with hammocks. The walls of one of the eating areas has been painted to resemble a Starbucks, complete with a massive Starbucks logo.

Two floors down, the only indications that you’ve arrived at the virus lab are the raft of warnings plastered to the door. Yellow caution tape and printed flyers emblazoned with the biohazard icon make the lab stand out from the rest of the conference rooms and offices. Of course, computer viruses have yet to actually pose a threat to your biological health, but the point is clear: The lab is restricted. Omezený, in Czech.

Inside, security analysts sit in high-backed chairs at Dell computers running Windows 7, and except for what’s being displayed on their screens, the scene again returns to one of abject normality. The work that they’re doing, however, is of paramount importance to your computer’s security.

Karel Obluk, AVG’s Chief Scientist, said that people tend to underestimate the speed at which threats appear and disappear. “There’s more to do than calculate checksums,” he said. Also known as a hash sum, a checksum is a number generated by running a file through a tool designed to create checksums. The number is fixed, and changes if any of the data inside the file changes. A virus that alters a file will alter its checksum, so many antivirus programs today will generate checksums for every file on your hard drive, and then whitelist them unless it detects a change.

Obluk added that there are more than 40,000 new viruses a day. “We do keep up, but not by processing each and individual sample.” AVG’s automation takes over here, leaving about 50 samples per day per researcher. The company employs 25 analysts in Brno, and has five in China dedicated specifically to malware originating from there.

And make no mistake, the threat to your computer isn’t really about disrupting you or your life. The bad guys just want your CPU and bandwidth to make money. “A typical botnet can generate $11,000 per day, on less than 10,000 computers,” said Obluk. The business of being a bad guy is so lucrative, he added, that malware writers have taken out ads in online forums not just for engineers, but for user interface designers, office managers, and accountants.

AVG’s chief scientist, Karel Obluk. ‘The cyber criminals go for profit; it could equally be the whole economy or one country’s profit. When there were several spearheaded, targeted attacks against Boeing infrastructure, was that industrial espionage or cyber warfare?’

(Credit: Seth Rosenblatt/CNET)

How the good guys stop the malware
The short version of how malware gets stopped from infecting your computer is quite simple, according to Pavel Krcma, the head of AVG’s virus lab. First, the virus sample gets collected. It comes either via a user submission, is picked up by AVG’s protection algorithm, or is shared from another virus labs. Whereas on the business and marketing side the security software industry can be brutal, the analysts and other members of the research and protection side communicate regularly, Krcma said.

Once the sample is in the lab, the next step is create a checksum signature for the sample. This then gets checked against the existing database of checksums to ensure that its not actually a legitimate file, known as a false positive.

Assuming it is malicious, the next step is a bit “like undressing the virus,” said Jirí Bracek, AVG’s director of Security Engineering. The easiest way to see whether a file contains malicious code is to create an entropy map of it, he said, but because the files are almost always encrypted they have to rely on an emulator.

“We put it in a 64-bit Windows emulator, and we have a script emulator. Mostly malware scripts are obfuscated, and it’s the obfuscation that prevents us from using hashes or regular expressions, so we use the emulator to reveal it,” he explained. Citing proprietary information, however, Bracek wouldn’t reveal precisely

how the emulator works.

Inside the file’s binary code there are three sections: A .text section for executable code, the part that sends instructions to the processor; the .data contains file data; and the .rsrc, which contains icons and other resources. “We can see healthy code in the binary because healthy code has uniform lengths of jumps, they are organized,” said Bracek. “Malware code sometimes has code in different sections, such as .reloc or .rsrc. Malware also has code with chaotic jumps.”

Once a file has been positively identified as a threat, the researcher generates a checksum for it and updates the database. The update then goes out to AVG’s more than 110 million active users.

All told, from the point that AVG receives a suspected new threat to the point where the malware is blocked and that data is pushed out to AVG users around the world, the process takes about five minutes, said Krcma. The analysts are quite adept at what they do, he added. “It takes about one minute per piece of malware.”

AVG wouldn’t let us show you screenshots of precisely how they take down a virus, but here’s the threat map that their analysts see.

(Credit: Seth Rosenblatt/CNET)

Not all threats can be detected using entropy maps. For example, rogue antivirus programs, also known as fake antiviruses, can’t be detected using entropy maps, because those kinds of threats behave normally. The recent MacDefender attack was a rogue antivirus. Bracek explained that for rogue antiviruses, AVG instead looks at the user interface characteristics, since those are more likely to stand out.

Where the threats come from
“About 10 percent of attacks are coming from USB sticks,” said Obluk, which leaves the Internet for the lion’s share. But what does that mean? AVG’s researchers are seeing a mixed bag of social engineering, rogue antiviruses, and traditional viruses and botnets.

Premium SMS is also a problem, and Obluk cited an AVG study that found that 8 percent of about 2,200 sampled U.S.-based smartphone users said premium SMS scams had happened to them. A premium SMS scam is where a rogue process gets your phone to send a text message to a number that charges for the receipt of the message. Premium SMS has been used to help donate money to victims of natural disasters and to relief organizations, but instead of a $10 donation, the premium SMS scammers use smaller denominations to avoid detection, Obluk said, because a $1 variance in your phone bill tends not to stand out to people the way a larger charge would.

Another big problem on smartphones, he said, is URL spoofing, because a phone’s smaller browser makes it harder to read the location bar.

But Obluk cautioned that socially engineered threats–the threats that con people into giving up sensitive data–are the hardest to prevent and the hardest to inculcate against. “Mac and Linux and Windows are generally secure. It’s usually the user that’s the weakest link.”

CHILDREN ARE BEING INVITED to a conference in the US to learn how to become hackers, providing that they don a white hat first.

The conference dubbed Defcon Kids will be held in Las Vegas in August and will invite children between the ages of eight and 16 to learn useful hacking skills.

Defcon is a hacker event that has been held every year since 1993, but this is the first time that a children’s equivalent will be hosted.

A major emphasis of the event is the use of hacking skills for positive purposes. The children will be encouraged to put their knowledge to good use and avoid the temptations of becoming a black hat hacker, which involves breaking into web sites and stealing money and data.

The children will primarily learn a number of defensive computer techniques, such as how to prevent spying over wireless networks, according to Reuters. They will also learn how to open master locks, how to find exposed data on Google, how to hack hardware to play a game, and how to break codes. Most of these skills are useful as part of penetration testing, which is used to highlight security flaws that need to be addressed in systems, as opposed to exploiting those flaws.

Like the adult version, US authorities, intelligence officials and security officers will be attending to keep an eye out for promising hackers who can be hired to help fight cybercrime.

It makes sense to target a younger age bracket, since a growing number of children and teenagers are becoming involved in hacking. The early exposure to computers means that kids are often far more advanced than adults, leading to situations where teenagers are becoming involved in criminal hacking groups or being hired by governments and law enforcement agencies to fight against crime.

The need for this event has become more apparent in recent weeks after a spate of attacks on web sites and servers throughout the world, including those of Sony, the US Senate, the FBI, the CIA, and the UK’s Serious Organised Crime Agency (SOCA).

Ryan Cleary, an alleged member of the group thought to have been behind some of these attacks, Lulzsec, was arrested this week and charged with five offences. Those charges related to hosting a botnet and using Distributed Denial of Service attacks (DDoS), a method of flooding a website with illegitimate traffic until it is forced offline. Cleary is only 19 and has been involved in hacking since at least 17, if not long before then.

This fact highlights how young people can be at risk when they get involved in hacking and how necessary it is to highlight to children that they can participate in hacking in a legal way that benefits society instead of causing online chaos and digital mayhem.

Read more: http://www.theinquirer.net/inquirer/news/2081516/children-invited-learn-hack#ixzz1QD2QtVsl