"malware" entries

Four short links: 10 October 2014

Four short links: 10 October 2014

Evolving Malware, Male Advocates, Every BU is an Internal Startup, and Amazonian Warehouses

  1. Slow Release MalwareProf. Vigna outlined scenarios in which an increasingly sophisticated and opaque breed of malicious executable will evolve to ‘mimic’ the behaviour patterns of benign software, in an attempt to avoid wasting its payload behaviour on a sandbox or virtualised environment. (via Slashdot)
  2. Top 10 Ways to be a Male Advocate — pass to any men in tech that you know.
  3. All Businesses are Now Digital Businesses (Vikram Kumar) — given that your business units are buying their own IT and thus reinventing their own business, How many CEOs and CIOs think of business units acting as tech start-ups?
  4. Amazon Opens First Physical Store (WSJ, paywall) — in NYC, for pickups, returns, exchanges, and same-day delivery of some items from the accompanying warehouse. I’m curious to see what of Amazon’s infrastructure, analytics, and other thin-margin tricks they can bring to substantial physical presence.
Comment
Four short links: 5 March 2014

Four short links: 5 March 2014

Cheap Gesture Sensor, Ignorance as Strength, Android Malware Resistance, and Security Talks

  1. $1 Gesture-Recognizing Device (GigaOm) — the AllSee is the size of a quarter, harvests RF for power, and detects the variations in signal strength caused by gestures.
  2. A Conversation with Sydney BrennerThe thing is to have no discipline at all. Biology got its main success by the importation of physicists that came into the field not knowing any biology and I think today that’s very important. I strongly believe that the only way to encourage innovation is to give it to the young. The young have a great advantage in that they are ignorant. Because I think ignorance in science is very important. If you’re like me and you know too much you can’t try new things. I always work in fields of which I’m totally ignorant.
  3. Android Almost Impenetrable to Malware — multiple layers of defence, including signatures of known-bad systems found in the wild, necessary to retain an “open” marketplace vs Apple’s lock-down.
  4. TrustyCon (YouTube) — video of the speakers at the conference that was set up by speakers who withdrew from the RSA conference. (via BoingBoing)
Comment

Power over USB

USB could make power consumption more intelligent, but security concerns need to be addressed.

I’ve been reading about enhancements to the USB 3.0 standard that would allow a USB cable to provide up to 100 watts of power, nicely summarized in The Economist. 100 watts is more than enough to charge a laptop, and certainly enough to power other devices, such as LED lighting, televisions, and audio equipment. It could represent a significant shift in the way we distribute power in homes and offices: as low voltage DC, rather than 110 or 220 volt AC. Granted, 100 watts won’t power a stove, a refrigerator, or a toaster, but in a USB world, high-voltage power distribution could be limited to a few rooms, just like plumbing; the rest of the building could be wired with relatively inexpensive USB cables and connectors, and the wiring could easily be done by amateurs rather than professional electricians.

It’s an interesting and exciting idea. As The Economist points out, the voltages required for USB are easily compatible with solar power. Because USB cables also carry data, power consumption can become more intelligent.

But I have one concern that I haven’t seen addressed in the press. Of course USB cables carry both data and power. So, when you plug your device into a USB distribution system, whether it’s a laptop or phone, you’re plugging it into a network. And there are many cases, most notoriously Stuxnet, of computers being infected with malware through their USB ports. Read more…

Comments: 15
Four short links: 9 October 2013

Four short links: 9 October 2013

Android Malware Numbers, Open Networking Hardware, Winning with Data, and DIY Pollution Sensor

  1. Android Malware Numbers — (Quartz) less than an estimated 0.001% of app installations on Android are able to evade the system’s multi-layered defenses and cause harm to users, based on Google’s analysis of 1.5B downloads and installs.
  2. Facebook Operations Chief Reveals Open Networking Plan — long interview about OCP’s network project. The specification that we are working on is essentially a switch that behaves like compute. It starts up, it has a BIOS environment to do its diagnostics and testing, and then it will look for an executable and go find an operating system. You point it to an operating system and that tells it how it will behave and what it is going to run. In that model, you can run traditional network operating systems, or you can run Linux-style implementations, you can run OpenFlow if you want. And on top of that, you can build your protocol sets and applications.
  3. How Red Bull Dominates F1 (Quartz) — answer: data, and lots of it.
  4. Ground-Level Air Pollution Sensor (Make) — neat sensor project from Make.
Comments: 3
Four short links: 28 March 2013

Four short links: 28 March 2013

Chinese Lessons, White House Embraces Makers, DC Codes Freed, and Malware Numbers

  1. What American Startups Can Learn From the Cutthroat Chinese Software IndustryIt follows that the idea of “viral” or “organic” growth doesn’t exist in China. “User acquisition is all about media buys. Platform-to-platform in China is war, and it is fought viciously and bitterly. If you have a Gmail account and send an email to, for example, NetEase163.com, which is the local web dominant player, it will most likely go to spam or junk folders regardless of your settings. Just to get an email to go through to your inbox, the company sending the email needs to have a special partnership.” This entire article is a horror show.
  2. White House Hangout Maker Movement (Whitehouse) — During the Hangout, Tom Kalil will discuss the elements of an “all hands on deck” effort to promote Making, with participants including: Dale Dougherty, Founder and Publisher of MAKE; Tara Tiger Brown, Los Angeles Makerspace; Super Awesome Sylvia, Super Awesome Maker Show; Saul Griffith, Co-Founder, Otherlab; Venkatesh Prasad, Ford.
  3. Municipal Codes of DC Freed (BoingBoing) — more good work by Carl Malamud. He’s specifically providing data for apps.
  4. The Modern Malware Review (PDF) — 90% of fully undetected malware was delivered via web-browsing; It took antivirus vendors 4 times as long to detect malware from web-based applications as opposed to email (20 days for web, 5 days for email); FTP was observed to be exceptionally high-risk.
Comment

Seeing peril — and safety — in a world of connected machines

Industrial malware has captured the imagination of the tech industry, but efforts by security researchers are promising.

I’ve spent the last two days at Digital Bond’s excellent S4 conference, listening to descriptions of dramatic industrial exploits and proposals for stopping them. A couple of years ago Stuxnet captured the imagination of people who foresee a world of interconnected infrastructure brought down by cybercriminals and hostile governments. S4 — which stands for SCADA Security Scientific Symposium — is where researchers convene to talk about exactly that sort of threat, in which malicious code makes its way into low-level industrial controls.

It is modern industry’s connectedness that presents the challenge: not only are industrial firms highly interconnected — allowing a worm to enter an engineer’s personal computer as an e-mail attachment and eventually find its way into a factory’s analytical layer, then into its industrial controls, bouncing around through print servers and USB drives — but they’re increasingly connected to the Internet as well.

Read more…

Comments: 5
Four short links: 26 June 2012

Four short links: 26 June 2012

Post-Capture Zoom, Load Gen, Inventive Malware, and Manufactured Normalcy

  1. SnapItHD — camera captures full 360-degree panorama and users select and zoom regions afterward. (via Idealog)
  2. Iago (GitHub) — Twitter’s load-generation tool.
  3. AutoCAD Worm Stealing Blueprints — lovely, malware that targets inventions. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates and is sending tens of thousands of stolen documents to email addresses in China. This one has soured, but give the field time … anything that can be stolen digitally, will be. (via Slashdot)
  4. Designing For and Against the Manufactured Normalcy Field (Greg Borenstein) — Tim said this was one of his favourite sessions at this year’s Foo Camp: breaking the artificial normality than we try to cast over new experiences so as to make them safe and comfortable.
Comment
Four short links: 28 March 2012

Four short links: 28 March 2012

Mac OS X Malware In the Wild, AntiBotnettery, Fabbing And Designers, Networked Products

  1. MS Office Exploit In The Wild, Targeting Mac OS XThis is one of the few times that we have seen a malicious Office file used to deliver Malware on Mac OS X. (via Hacker News)
  2. Please Do Not Take Down The Sality BotNet — best responsible disclosure ever.
  3. 3DifficultI’m an industrial designer at heart, and I’m saddened by what’s happened to my craft. We were once the kings of things, but for a variety of reasons I think we’re in danger of being left behind. […] Making became the talk of the town, and to some extent it still is. We’re in the first stumbling days of the Internet of Things, and are increasingly seeing the paper thin definition between digital and tangible falling away.
  4. Air Quotes Product (Matt Webb) — Recently I noted down some places in which traditional products have changed and he goes on to list some critical ways in which networked objects challenge our thinking. I love the little brain/big brain distinction–great to have words for these things at last!
Comment
Four short links: 30 December 2011

Four short links: 30 December 2011

Hadoop 1.0, Approximation Wiki, Printer Firmware Attacks, and Cotton Circuits

  1. Hadoop Hits 1.0 — open source distributed computation engine, heavily used in big data analysis, hits 1.0.
  2. Sparse and Low-Rank Approximation Wiki — interesting technique: instead of sampling at 2x the rate you need to discriminate then compressing to trade noise for space, use these sampling algorithms to (intelligently) noisily sample at the lower bit rate to begin with. Promises interesting applications particularly in for sensors (e.g., the Rice single pixel camera). (via siah)
  3. Rise of Printer Malware — firmware attacks embedded in printed documents. Another reminder that not only is it hard to write safe software, your mistakes can be epically bad. (via Cory Doctorow)
  4. Electric Circuits and Transistors Made From CottonTo make it conductive, the researchers coated cotton threads in a variety of other materials. To make conductive “wires,” the team coated the threads with gold nanoparticles, and then a conductive polymer. To turn a cotton wire into a semiconductor, it was dipped in another polymer, and then a further glycol coating to make it waterproof. Neat materials hack that might lend a new twist to wearables.
Comment: 1
Four short links: 19 July 2011

Four short links: 19 July 2011

Async Javascript, PDF Malware, 2D Games, and Reinventing Textbooks

  1. Tame.js — async programming library for use with node.js and other V8 projects. (via Hacker News)
  2. The Rise of PDF Malware (Symantec) — detailed whitepaper showing the incident rate, techniques, and evasion techniques of PDF malware. Despite the fact that the number of PDF CVEs [Common Vulnerability/Exposure] are close to Microsoft Office’s numbers, the amount of nonunique PDF attacks Symantec has seen have increased dramatically, which shows that the PDF file format is being targeted more often within the last two years.
  3. cocos-2d — iPhone 2d game framework. (via Chuck Toporek)
  4. Nature’s Biology Textbooks — Nature changing the textbook publishing model, trialling in California. 50+ authors write the ebook, filtered through a (hard-working, I’m guessing) editor. This beats Kindle textbook rentals hands down. Another article says of the Nature trial: each school will be testing a different licensing and access model, which I hope for some includes printing out because Princeton’s Kindle trial showed (PDF) that ebooks don’t measure up to print books for annotation and some other key uses. (via The Daily News)
Comment: 1