Tagged: Software Toggle Comment Threads | Keyboard Shortcuts

  • jkabtech 4:17 am on April 8, 2018 Permalink | Reply
    Tags: Admits, Antivirus, , Conditions, , , Software, Third-Party, ,   

    Microsoft Admits Windows Can Disable Third-Party Antivirus Software Under Certain Conditions 

    Photo Credit: Karlis Dambrans

    Highlights Kaspersky filed complaint with EU earlier in June Microsoft says it offers Windows Insider to ensure compatibility It built Windows 10 feature to disable incompatible antivirus

    After coming under antitrust fire from Kaspersky in the wake of the WannaCry ransomware, Microsoft has attempted to clear the air by talking about its work on safety and security

    View the Original article

  • jkabtech 4:17 am on March 29, 2018 Permalink | Reply
    Tags: , Focuses, , , Software,   

    Microsoft to Lay Off Thousands as It Focuses on Cloud Software: Reports 

    Highlights Microsoft is set to cut thousands of jobs across the globe The company will focus more on marketing and selling its cloud software Microsoft will announce its future plans on Wednesday

    Worldwide layoffs are reportedly about to hit Microsoft.

    According to several news outlets, the software giant is set to cut thousands of jobs across the globe in an attempt to reorganise its sales force. The news could come as soon as this week.

    The reorganisation is going to include Microsoft’s enterprise customer unit and one or more of its subject matter experts-focused divisions (SMEs), TechCrunch reported.

    The move dovetails with the company’s plans to focus more on marketing and selling its cloud software, Azure, according to Bloomberg. For years the Redmond, Washington-based company had focused on selling software for desktops and servers. Now the company wants to put more effort into persuading customers to buy cloud services hosted by Microsoft data centers to be more competitive with market leader Amazon. (Amazon chief executive Jeffrey P. Bezos also owns The Washington Post.)

    Friday marked the end of Microsoft’s fiscal year and the first under new executives Judson Althoff and Jean-Phillipe Courtois, who took over the company’s sales and marketing divisions last summer after the exit of chief operating officer Kevin Turner, who held the position for 11 years. Over the years the company has usually announced staff reductions around this time.

    In the third quarter of the fiscal year Microsoft announced that Azure nearly doubled its revenue growth from the previous quarter. At the time, the product saw a sales growth of 93 percent. Microsoft’s growth in cloud revenue will be a key indicator of its progress in transitioning away from legacy businesses.

    Last summer the Seattle Times reported that Microsoft would cut 2,850 jobs, with 900 coming from its sales force. Two months earlier, the software company had announced that it would lay off 1,850 staff members in its smartphone division. In July 2015 Microsoft cut 7,800 jobs after its acquisition of Nokia.

    A report from the Puget Sound Business Journal said that Microsoft will announce its future plans on Wednesday.

    Microsoft didn’t immediately respond to a request for comment.

    View the Original article

  • jkabtech 12:17 pm on November 18, 2017 Permalink | Reply
    Tags: barred, copyright, , , owning, platform’s, Software   

    Online platform’s EULA barred software developer from owning copyright in code 

    display: inline !important;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 .07em !important;vertical-align: -0.1em !important;background: none !important;padding: 0 !important;

    View the Original article

  • jkabtech 12:17 pm on October 1, 2017 Permalink | Reply
    Tags: , injected, , NetSarang, Software,   

    Backdoor injected into NetSarang systems management software 

    Firm suffers supply-chain attack.

    Attackers have inserted a backdoor into the NetSarang network and server management software platform, potentially compromising hundreds of companies.

    The vendor acknowledged the July 13 compromise after being alerted to the attack by security firm Kaspersky.

    The hacked software was available for download until August 4. Kaspersky spotted it when one of its Hong Kong financial institution customers’ systems sent out a suspicious domain name system request that was traced back to the malware.

    NetSarang software is distributed worldwide including in Australia, and is used by energy, financial and pharmaceutical companies.

    The affected NetSarang software packages and version numbers are:

    Xmanager Enterprise 5.0 Build 1232Xmanager 5.0 Build 1045Xshell 5.0 Build 1322Xftp 5.0 Build 1218Xlpd 5.0 Build 1220

    Users are advised to update their software as soon as possible. Antiviruses detect the backdoor and may quarantine the affected file, leaving the hacked software inoperable, NetSarang said.

    Kaspersky’s analysis showed the encrypted malware had been injected into a dynamic link library file used by the NetSarang software.

    The payload, which Kaspersky termed ShadowPad, is activated via a specially crafted DNS TXT record for a domain name that is generated from the month and year it takes place.

    “If the backdoor were activated, the attacker would be able to upload files, create processes, and store information in a VFS

    View the Original article

  • jkabtech 12:17 pm on August 18, 2017 Permalink | Reply
    Tags: anti-virus, , , Software   

    Kaspersky offers free anti-virus software 

    Looks for security data to power its machine learning.

    Kaspersky is rolling out a free version of its anti-virus software across the globe, a product launch that comes amid mounting suspicion in the United States that the firm is vulnerable to Russian government influence.

    Kaspersky Free was immediately available in the United States, Canada, and several Asia Pacific countries and would launch in other regions in the coming months, Eugene Kaspersky, the company founder, wrote in a blog post.

    Kaspersky said the free version was not intended to replace the paid versions of its anti-virus software, describing it as offering “the bare essentials,” such as email and web anti-virus protection and automatic updates.

    But the free software would benefit all of Kaspersky Lab’s customers by improving machine learning across its products, he said.

    The company has been working on Kaspersky Free for 18 months, a development phase that included pilot versions in several markets including Russia, Ukraine, China and Scandinavian countries.

    Founded in 1997, Kaspersky Lab grew rapidly through the 2000s to become one of the world’s leading anti-virus software companies. 

    But the company has faced suspicion for years about its ties to Russia’s Federal Security Service or FSB.

    Concerns about the company have metastasised in the United States in recent years due to the deterioration in US-Russia relations following Russia’s invasion of Crimea in 2014 and later when US intelligence agencies concluded that Russia had hacked the 2016 US presidential election.

    Moscow denies the hacking allegations, and Kaspersky has repeatedly denied it has any untoward relationship with any government, saying the accusations against it lack evidence.

    Last month FBI agents visited the homes of Kaspersky employees as part of a counterintelligence probe, and the Trump administration took steps to remove the company from a list of approved vendors who sell technology products to federal government agencies.

    There is also a bill in US congress that would explicitly prohibit the US Department of Defense from using Kaspersky products.

    Privately held Kaspersky said its US revenue, most of which comes from selling anti-virus software to consumers and small businesses, slipped from US$164 million in 2014 to about US$156 million in 2016.

    View the Original article

  • jkabtech 6:17 am on July 13, 2017 Permalink | Reply
    Tags: , , , , seize, , Software, Ukrainian   

    Police seize servers of Ukrainian software firm after cyber attack 

    Ukrainian cyber police chief Serhiy Demedyuk REUTERS/Valentyn Ogirenko Hacked software updates contain “cunning” backdoor.

    Ukrainian police have seized the servers of an accounting software firm suspected of spreading a malware virus that crippled computer systems at major companies around the world last week, a senior police official said.

    The head of Ukraine’s cyber police, Serhiy Demedyuk, said the servers of MeDoc – Ukraine’s most popular accounting software – had been seized as part of an investigation into the attack.

    Though they are still trying to establish who was behind last week’s attack, Ukrainian intelligence officials and security firms have said some of the initial infections were spread via a malicious update issued by MeDoc, charges the company’s owners deny.

    The owners were not immediately available for comment.

    Premium Service, which says it is an official dealer of MeDoc’s software, wrote a post on MeDoc’s Facebook page saying masked men were searching MeDoc’s offices and the software firm’s servers and services were down.

    Premium Service could not be reached for further comment.

    Cyber police spokeswoman Yulia Kvitko said investigative actions were continuing at MeDoc’s offices, adding that further comment would be made on Wednesday.

    The police move came after cyber security investigators unearthed further evidence that the attack had been planned months in advance by highly-skilled hackers, who they said had exploited a vulnerability into the MEDoc progam.

    Ukraine has also taken steps to extend its state tax deadline by one month to help businesses hit by the malware assault.

    Researchers at Slovakian security software firm ESET said they had found a backdoor written into some of MeDoc’s software updates, likely with access to the company’s source code, which allowed hackers to enter companies’ systems undetected.

    “Very stealthy and cunning backdoor”

    “We identified a very stealthy and cunning backdoor that was injected by attackers into one of MeDoc’s legitimate modules,” ESET senior malware researcher Anton Cherepanov said in a technical note.

    “It seems very unlikely that attackers could do this without access to MeDoc’s source code.

    “This was a thoroughly well-planned and well-executed operation.”

    ESET said at least three MeDoc updates had been issued with the backdoor vulnerability, and the first one was sent to clients on April 14, more than two months before the attack.

    ESET said the hackers likely had access to MeDoc’s source code since the beginning of the year, and the detailed preparation before the attack was testament to the advanced nature of their operation.

    Oleg Derevianko, board chairman at Ukrainian cyber security firm ISSP, said an update issued by MeDoc in April delivered a virus to the company’s clients which instructed computers to download 350 megabytes of data from an unknown source on the internet.

    The virus then exported 35 megabytes of company data to the hackers, he said.

    “With this 35 megabytes you can exfiltrate anything – emails from all of the banks, user accounts, passwords, anything.”

    Little known outside Ukrainian accounting circles, MeDoc is used by around 80 percent of companies in Ukraine. The software allows its 400,000 clients to send and collaborate on financial documents between internal departments, as well as file them with the Ukrainian state tax service.

    Ukraine’s government said it would submit a draft law to parliament for the country’s tax deadline to be extended to July 15, and waive fines for companies who missed the previous June 13 cutoff because of the attack.

    “We had progra failures in connection to the cyber attack, which meant that businesses were unable to submit account reports on time,” Prime Minister Volodymyr Groysman told a cabinet meeting.

    Separately, Ukraine’s security service, the SBU, said it had discussed cyber defence with NATO officials and had received equipment from the alliance to better combat future cyber attacks. Ukraine is not in NATO but is seeking closer ties.

    On Saturday Ukrainian intelligence officials accused Russian security services of being behind the attack, and cyber security researchers linked it to a suspected Russian group who attacked the Ukrainian power grid in December 2016.

    A Kremlin spokesman dismissed charges of Russian involvement as “unfounded blanket accusations”.

    Derevianko said the hacker’s activity in April and reported access to MeDoc’s source code showed Ukraine’s computer networks had already been compromised and the intruders were still operating inside them.

    “It definitely tells us about the advanced capabilities of the adversaries,” he said. “I don’t think any additional evidence is needed to attribute this to a nation-state attack.”

    View the Original article

  • jkabtech 8:15 pm on March 29, 2016 Permalink | Reply
    Tags: offering, Software,   

    Uber’s offering you $10K to hack its software 

    Wednesday, 23 Mar 2016 | 6:40 AM ETCNBC.com

    U.S. ride-hailing app Uber is offering hackers up to $10,000 to hack its system to uncover flaws, the company said on Tuesday.

    Uber has released a “treasure map” of its software infrastructure, highlighting what each part does and the potential security vulnerabilities present.

    The idea of asking friendly, so-called White Hat hackers to test your system for a reward is not new. Several companies including Facebook, which pays hackers at least $500 to trace bugs, and Google, which offers a maximum prize pot of $20,000, have these so-called “bug bounty” programs.

    While, the idea has not always been a comfortable one for many organizations, Uber’s launch of its own prize program highlights the growing acceptance of the method amid an increasingly dangerous threat of hacking.

    “Even with a team of highly-qualified and well trained security experts, you need to be constantly on the look-out for ways to improve,” Joe Sullivan, chief security officer at Uber, said in a blog post.

    “This bug bounty program will help ensure that our code is as secure as possible.”

    Uber will offer payouts of up to $10,000 for what it deems “critical issues”.

    The first reward program season will begin on May 1 and last 90 days. Once a hacker finds a bug, they need to report it to Uber and wait for it to be verified as a genuine issue before they are paid.

    If a hacker finds a fifth issue within the 90 day sessions they will get a bonus payout. This will be 10 percent of the average payouts for all the other issues found in that session. Uber also said that it will publicly disclose and highlight the highest-quality submissions.

    Uber also revealed that it launched a private beta bug bounty program for over 200 security researchers last year and they found nearly 100 bugs, all of which were fixed.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

  • jkabtech 8:57 pm on January 13, 2016 Permalink | Reply
    Tags: Doctorow, , , Software,   

    Cory Doctorow on Software Security and the Internet of Things 

    The Trolley Problem is an ethical brainteaser that’s been entertaining philosophers since it was posed by Philippa Foot in 1967:

    A runaway train will slaughter five innocents tied to its track unless you pull a lever to switch it to a siding on which one man, also innocent and unawares, is standing. Pull the lever, you save the five, but kill the one: what is the ethical course of action?

    The problem has run many variants over time, including ones in which you have to choose between a trolley killing five innocents or personally shoving a man who is fat enough to stop the train (but not to survive the impact) into its path; a variant in which the fat man is the villain who tied the innocents to the track in the first place, and so on.

    Now it’s found a fresh life in the debate over autonomous vehicles. The new variant goes like this: your self-driving car realizes that it can either divert itself in a way that will kill you and save, say, a busload of children; or it can plow on and save you, but the kids all die. What should it be programmed to do?

    I can’t count the number of times I’ve heard this question posed as chin-stroking, far-seeing futurism, and it never fails to infuriate me. Bad enough that this formulation is a shallow problem masquerading as deep, but worse still is the way in which this formulation masks a deeper, more significant one.

    Here’s a different way of thinking about this problem: if you wanted to design a car that intentionally murdered its driver under certain circumstances, how would you make sure that the driver never altered its programming so that they could be assured that their property would never intentionally murder them?

    There’s an obvious answer, which is the iPhone model. Design the car so that it only accepts software that’s been signed by the Ministry of Transport (or the manufacturer), and make it a felony to teach people how to override the lock. This is the current statutory landscape for iPhones, games consoles and many other devices that are larded with digital locks, often known by the trade-name “DRM”. Laws like the US Digital Millennium Copyright Act (1998) and directives like the EUCD (2001) prohibit removing digital locks that restrict access to
    copyrighted works, and also punish people who disclose any information that might help in removing the locks, such as vulnerabilities in the device.

    There’s a strong argument for this. The programming in autonomous vehicles will be in charge of a high-speed, moving object that inhabits public roads, amid soft and fragile humans. Tinker with your car’s brains? Why not perform amateur brain surgery on yourself first?

    But this obvious answer has an obvious problem: it doesn’t work. Every locked device can be easily jailbroken, for good, well-understood technical reasons. The primary effect of digital locks rules isn’t to keep people from reconfiguring their devices – it’s just to ensure that they have to do so without the help of a business or a product. Recall the years before the UK telecoms regulator Ofcom clarified the legality of unlocking mobile phones in 2002; it wasn’t hard to unlock your phone. You could download software from the net to do it, or ask someone who operated an illegal jailbreaking business. But now that it’s clearly legal, you can have your phone unlocked at the newsagent’s or even the dry-cleaner’s.

    If self-driving cars can only be safe if we are sure no one can reconfigure them without manufacturer approval, then they will never be safe.

    But even if we could lock cars’ configurations, we shouldn’t. A digital lock creates a zone in a computer’s programmer that even its owner can’t enter. For it to work, the lock’s associated files must be invisible to the owner. When they ask the operating system for a list of files in the lock’s directory, it must lie and omit those files (because otherwise the user could delete or replace them). When they ask the operating system to list all the running programs, the lock program has to be omitted (because otherwise the user could terminate it).

    All computers have flaws. Even software that has been used for years, whose source code has been viewed by thousands of programmers, will have subtle bugs lurking in it. Security is a process, not a product. Specifically, it is the process of identifying bugs and patching them before your adversary identifies them and exploits them. Since you can’t be assured that this will happen, it’s also the process of discovering when your adversary has found a vulnerability before you and exploited it, rooting the adversary out of your system and repairing the damage they did.

    When Sony-BMG covertly infected hundreds of thousands of computers with a digital lock designed to prevent CD ripping, it had to hide its lock from anti-virus software, which correctly identified it as a program that had been installed without the owner’s knowledge and that ran against the owner’s wishes. It did this by changing its victims’ operating systems to render them blind to any file that started with a special, secret string of letters: “$sys$.” As soon as this was discovered, other malware writers took advantage of it: when their programs landed on computers that Sony had compromised, the program could hide under Sony’s cloak, shielded from anti-virus programs.

    A car is a high-speed, heavy object with the power to kill its users and the people around it. A compromise in the software that allowed an attacker to take over the brakes, accelerator and steering (such as last summer’s exploit against Chrysler’s Jeeps, which triggered a 1.4m vehicle recall) is a nightmare scenario. The only thing worse would be such an exploit against a car designed to have no user-override – designed, in fact, to treat any attempt from the vehicle’s user to redirect its programming as a selfish attempt to avoid the Trolley Problem’s cold equations.

    Whatever problems we will have with self-driving cars, they will be worsened by designing them to treat their passengers as adversaries.

    That has profound implications beyond the hypothetical silliness of the Trolley Problem. The world of networked equipment is already governed by a patchwork of “lawful interception” rules requiring them to have some sort of back door to allow the police to monitor them. These have been the source of grave problems in computer security, such as the 2011 attack by the Chinese government on the Gmail accounts of suspected dissident activists was executed by exploiting lawful interception; so was the NSA’s wiretapping of the Greek government during the 2004 Olympic bidding process.

    Despite these problems, law enforcement wants more back doors. The new crypto wars, being fought in the UK through Theresa May’s “Snooper’s Charter”, would force companies to weaken the security of their products to make it possible to surveil their users.

    It’s likely that we’ll get calls for a lawful interception capability in self-driving cars: the power for the police to send a signal to your car to force it to pull over. This will have all the problems of the Trolley Problem and more: an in-built capability to drive a car in a way that its passengers object to is a gift to any crook, murderer or rapist who can successfully impersonate a law enforcement officer to the vehicle – not to mention the use of such a facility by the police of governments we view as illegitimate – say, Bashar al-Assad’s secret police, or the self-appointed police officers in Isis-controlled territories.

    That’s the thorny Trolley Problem, and it gets thornier: the major attraction of autonomous vehicles for city planners is the possibility that they’ll reduce the number of cars on the road, by changing the norm from private ownership to a kind of driverless Uber. Uber can even be seen as a dry-run for autonomous, ever-circling, point-to-point fleet vehicles in which humans stand in for the robots to come – just as globalism and competition paved the way for exploitative overseas labour arrangements that in turn led to greater automation and the elimination of workers from many industrial processes.

    If Uber is a morally ambiguous proposition now that it’s in the business of exploiting its workforce, that ambiguity will not vanish when the workers go. Your relationship to the car you ride in, but do not own, makes all the problems mentioned even harder. You won’t have the right to change (or even monitor, or certify) the software in an Autonom-uber. It will be designed to let third parties (the fleet’s owner) override it. It may have a user override (Tube trains have passenger-operated emergency brakes), possibly mandated by the insurer, but you can just as easily see how an insurer would prohibit such a thing altogether.

    Forget trolleys: the destiny of self-driving cars will turn on labour relationships, surveillance capabilities, and the distribution of capital wealth.

    View the original article here

Compose new post
Next post/Next comment
Previous post/Previous comment
Show/Hide comments
Go to top
Go to login
Show/Hide help
shift + esc
%d bloggers like this: