Category Archives: Technology

Plug on Thousands of Dark Net

This incident supposedly was the first hack carried out by the attacker, who claimed responsibility in an interview with Motherboard. In addition to taking Freedom II offline, the person stole 74 gigabytes in files and a 2.3-GB database.

The database stolen from Freedom II contains 381,000 email addresses — thousands of them with .gov extensions, Troy Hunt, who runs the Have I Been Pwned website, told Wired.

However, those .gov addresses may not be legitimate, he noted.

The hack of Freedom II was relatively rudimentary, said Tim Condello, technical account manager and security researcher at RedOwl.

“They identified a configuration issue and used it to identify the root user of the system and gain control of it that way,” he told TechNewsWorld. After gaining control of the system, “they overwrote the index file and redirected the landing page for all the websites to a landing page containing their message.”

 

Shared Vulnerabilities

This attack demonstrates that when it comes to resistance to vulnerabilities, the Dark Web doesn’t have an edge.

“The underlying technology of the Dark Web isn’t anything revolutionary. The way a content management system or a hosting service operates is identical to how it’s done on the open Web,” Condello said.

“The difference is how the content is communicated, so it’s accessible only through the Dark Web,” he continued.

“The code that’s used for a forum on the Dark Web is the same code that’s used on the clear Web,” Condello explained, “so if there’s a vulnerability identified for WordPress, that vulnerability can be exploited on a Dark Web website using WordPress just as it would on the open Web.”

 

Flaws in Dark Web

The attack on Freedom II also shows the danger of concentrating resources in a central location.

“The fact that so many sites used this single particular hosting provider meant that a breach of that provider meant a breach of thousands of sites,” noted Danny Rogers, CEO of Terbium Labs.

“The anonymity of the Dark Web relies on its distributed nature,” he told TechNewsWorld. “These sorts of centralizations create significant weaknesses.”

Although breaking into servers and stealing data on the open Web is illegal, it remains to be seen what the consequences may be for the hacker of Freedom II.

“I’m sure they angered a lot of people, but I’m not sure how much anyone can do about it,” Rogers said.

There may be legal ramifications from the attack, but they could be for the people identified in the dump of stolen data rather than for the hacker.

“The data release is going to be a major boon to law enforcement,” Rogers observed.

Personal Cargo Robots

Welcome to Gadget Dreams and Nightmares, the column that occasionally stops gaping at contentious Senate confirmation hearings and votes to peruse the latest gadget announcements.

This time around, we’re looking at some of the gadgets that perhaps got a little lost in the noise after CES in January but caught our eye, for better or worse. Among them are a 4-D arcade machine and a robot designed to carry all the things you don’t want to.

As ever, dear readers, this is not a review column, in part because these products have yet to reach the public sphere, but mostly because the chances of my actually ever using said products are slim. The ratings relate only to how much I’d like to try them, should the stars align.

Reality Bites

Regular readers will know that I’ve played games my entire life. I hold deep reverence for the care and attention that go into creating these experiences, and I’ve rarely met a game I didn’t want to conquer.

Yet I am nervous about virtual reality. I’ve tried it and found those disorientating worlds difficult to handle, though I suspect that over time I could grow more accustomed to it. I doubt I could say the same for an arcade machine that both locks me into a VR world and pelts me with physical stimuli.

Koei Tecmo Wave’s VR Sense machine is a virtual reality arcade cabinet that houses you and subjects you to what I can only imagine is sheer torture. It has what Koei Tecmo Wave calls a “3D seat,” which attempts to draw players further into the games through touch, movement, aroma, wind, and temperature and precipitation changes. It’s not completely clear as yet whether you have to wear a headset for the full VR effect.

It’s launching with three games: a horse-riding simulator, a version of Koei Tecno Wave’s Dynasty Warrior franchise (with a stab at replicating in-game flames while you swelter in your moving chair), and a horror game.

I enjoy horror titles. However, I’d be less likely to welcome a VR horror game, as I’d probably come close to having a heart attack or three. There’s next to no chance I’d ever try Horror Sense.

That’s in large part due to the game apparently mimicking bugs falling from the ceiling and critters scuttling along the floor. I have a lot of questions about this, but ultimately, I’d tear off a VR headset in a second if I thought there were bugs falling on me while playing. No thank you, ma’am.

Apps Vulnerable to WiFi Snooping

Strafach categorized another 24 iOS apps as “medium risk.” Potentially intercepted information included service login credentials and session authentication tokens for users logged onto the network.

Strafach labeled the remaining apps “high risk” because potentially intercepted information included the snatching of financial or medical services login credentials.

He did not identify the medium and high risk apps by name, in order to give their makers time to patch the vulnerability in their apps.

How concerned should users be about their security when using these apps?

“I tried to leave out anything regarding concern level, as I do not want to freak people out too much,” Strafach told TechNewsWorld.

“While this is indeed a big concern in my opinion, it can be mostly mitigated by turning off WiFi and using a cellular connection to perform sensitive actions — such as checking bank balances — while in public,” he said.

 

Man in the Middle Attack

If anything, Strafach is understating the problem, maintained Dave Jevans, vice president for mobile security products at Proofpoint.

“We’ve analyzed millions of apps and found this is a widespread problem,” he told TechNewsWorld, “and it’s not just iOS. It’s Android, too.”

Still, it likely is not yet a cause for great alarm, according to Seth Hardy, director of security research at Appthority.

“It’s something to be concerned about, but we’ve never seen it actively exploited in the wild,” he told TechNewsWorld.

What the vulnerability does is enable a classic man-in-the-middle attack. Data from the target phone is intercepted before it reaches its destination. It is then decrypted, stored, re-encrypted and then sent to its destination — all without the user’s knowledge.

To do that, an app needs to be fooled into thinking it’s communicating with a destination and not an evesdropper.

“In order for a man-in-the-middle attack to be successful, the attacker needs a digital certificate that’s either trusted by the application, or the application is not properly vetting the trust relationship,” explained Slawek Ligier, vice president of engineering for security at Barracuda Networks.

“In this case, it appears that developers are developing applications in a way that allows any certificate to be accepted,” he told TechNewsWorld. “If the certificate is issued and not expired, they’re accepting it. They’re not checking if it’s been revoked or even if it’s properly signed.”

The Birth of Magic

As in crazy short, in a very short period of time we have two very different companies looking at two very different ways to eliminate traffic. Tesla wantsto tunnel under the ground to avoid traffic, while Uber wants to fly overhead.

Transportation has been a tad static for the last 40 years or so, and that apparently is about to change big time, as some folks even are reconsidering lighter-than-air transport.

This is just the start. There are amazing efforts cropping up all over the U.S., suggesting that we may be building a lot of things that truly are magical. I’ll share my thoughts on this coming industrial revolution and close with my product of the week: a very advanced, almost pocketable drone that is small enough for inside and powerful enough to fly outside.

The Death of Innovation

Both transportation and advancement have a mixed history. At the beginning of the 20th century, we moved from horses to cars. Ford even created one of the most reliable airliners in the world and was well down the path toward creating a flying car.

During the Great Depression, perhaps in response to an increase in regulations, advancements in personal transportation seemed to slow and become far more linear. Yes, cars in the 1960s were better than those in the 1930s — but given that we’d come from horses, the speed of advancement was far slower.

Air travel seemed to peak with the brief creation of supersonic transports, which proved uneconomical and unsafe. The current U.S. president, Donald Trump, is looking into why the next Airforce One is basically a plane that was designed back when Ronald Reagan was president and was considered obsolete in many ways even then.

Largely because of fuel shortages and regulations (sound, environmental, safety) we hit a wall in the 1970s in all forms of transportation. Trains in the U.S. are kind of an international embarrassment, given that we once were the leader in rail technology.

I still remember the $9M that California put into studies to determine that the monorail Walt Disney wanted to build to the airport, which was budgeted to cost just $3M, would be unprofitable. It was that kind of regulatory insanity that likely killed what once was the most innovative industry in the U.S.

It seemed that after we made it to the moon, we just stopped pushing the envelope — but that now seems to be changing, a lot.

 

Innovation Is Coming Back?!

I think what is going on, in part, is that a new breed is transforming the workforce — people who haven’t had it drummed into them that they couldn’t do something different. They’re not just filling entry positions, either. A large number of successful startups have come from trailblazers like Elon Musk and Jeff Bezos who, rather than asking “why?” effectively are asking “why not?”

It is fascinating that their ideas are all over the map. We suddenly are making advancements both above and below the ground. We are applying ever more intelligence to everything from toys to cars. The result is the emergence of what some are calling the “new industrial revolution.”

It is very difficult to see just how unprecedented this level of change is while we’re in the middle of it.

Consider this: In the 1990s Amazon started out as a bookseller in a garage in Seattle. Now it scares the crap out of Walmart. Google didn’t even exist until 1998, but it now is arguably the most powerful company in the world. And then there is Facebook.

Still, traditional industries like transportation were left alone until recently — that is, until Tesla popped in, made GM’s electric car efforts look foolish, and spun the auto market on its head.

Now, giant car companies all over the world are working to catch up, and Musk isn’t just running a car company. He has a solar energy company and arocket ship company as well. Seriously, he has a rocket ship company, and he isn’t alone — Jeff Bezos has one too.

Work Into Social Networking

Jobs will appear in users’ News Feeds and also will be listed on individual businesses’ pages. Users can click on the Apply Now button to trigger the prepopulation of their personal information, but they will be able to review and edit that information before submitting their application.

Over the next few weeks, companies in the U.S. and Canada will be able to list jobs on their own pages and users will be able to find job listings at Jobs on Facebook.

It is not clear how Facebook intends to monetize the job listings. For example, will there be specific job-related charges for listing jobs? Will there be remuneration if a company fills a particular job through a Facebook ad?

 

Direct Competitors

The new functionality is certain to place Facebook into direct competition with LinkedIn for corporate users and individual job seekers. LinkedIn, which Microsoft last year acquired for US$26.2 billion, is the leading social media site for networking and job searching in the U.S., by many accounts.

Unlike Facebook, LinkedIn charges monthly subscription fees for job search services, depending on the level of functionality the user desires in terms of networking, contacting recruiters and accessing messaging functions.

Facebook also will be in indirect competition with websites such as Indeed, Monster, Craigslist and others that target job seekers.

“Social media is the new frontier for marketing and sales,” said Michael Jude, a program manager at Stratecast/Frost & Sullivan.

“By tapping into their employees’ social media experiences, companies can leverage their professional contacts to reach a wider audience,” he told TechNewsWorld.

 

Privacy Jitters

A major test for Facebook’s new job search capabilities is whether users will feel comfortable combining their social media activity with professional job searching, warned Zach Fuller, paid content analyst at Midia Research.

Security considerations likely will give some users pause when it comes to allowing potential employers to access their private information.

“Whether consumers are comfortable merging the work and social aspects of their lives will prove to be the critical factor, particularly given the potential privacy issues,” Fuller told TechNewsWorld.

However, “throughout every step in job posting, searching and application, people can control how much, or how little of their information is shared with potential employers and their friends,” Facebook spokesperson Emilie Fetterley told TechNewsWorld.

Best emulation for a future artificial intelligence system

President Trump offers a good emulation for a future artificial intelligence system, suggests a column I read earlier this month, and his presidency may be an early warning of what could happen if we should fail to think through its training and information sources.

Cathy O’Neil, the author of the piece, is a data scientist, mathematician and professor, so she has decent chops. She compares artificial intelligence to human intelligence that is mostly id — basically because we don’t yet know how to instill it with empathy, or create the digital equivalent of a conscience.

Given that IBM’s Watson was designed not to replace humans but to enhance them by giving them the critical information they need to make the best decisions, it could be a useful tool for training our new president. And it is built in the U.S. by a U.S. company.

Given that Watson is now doing our taxes, it could be huge both for the president and IBM. I’ll explain and then close with my product of the week: Nvidia’s new set-top box.

Id-Driven CEOs – a Model for Future AIs

CEOs in large companies, particularly those who can implement large layoffs and take massive salaries without remorse, are believed to have similar behavioral traits.

Donald Trump is a good showcase of what could happen with an AI that didn’t receive high quality information and training. Understanding this and designing to correct the problem could prevent a Skynet outcome.

Skynet — the computing system in the Terminator movies — was created for defense purposes to eliminate threats. When humans tried to shut it down, it concluded that humans were the biggest threat and that it needed to eliminate them.

Using reverse logic, if President Trump is a good emulation of a future AI, then the same thing that would ensure that the future AI wouldn’t kill us should work to turn the new president into one of the most successful who ever lived, from the perspective of those who live in the U.S.

 

The AI Dichotomy

There are two parallel and not mutually exclusive paths for the coming wave of artificially intelligent machines coming to market. One — arguably the most attractive to many CEOs that deal with unions — is the model in which the machine replaces the human, increasing productivity while lowering executive aggravation.

This is exemplified in an episode of The Twilight Zone, “The Brain Center at Whipple’s.” As you would expect, once you go down a path of replacement, it is hard to know when to stop. At the end of the episode, the enterprising CEO who so unfeeling dealt with the employees he’d laid off is replaced by my favorite robot, Robby.

The other path — the one IBM espouses — is one in which the artificial intelligence enhances the human employee. It is a cooperative arrangement, and Watson was designed specifically for this role.

In one of its first medical tests, Watson took just minutes to diagnose a rare form of cancer that had stumped doctors for months. The supercomputer’s analysis led to a new, more effective treatment for the patient.

It is interesting to note that autonomous cars are developing on a parallel path — but in this case, the opposite scenario is favored. In the model known as “chauffeur,” the car has no capability for human driving. This model is favored when tied to a service, such as Uber.

Cybersecurity Warriors

“Today’s sophisticated cybersecurity threats attack on multiple fronts to conceal their activities, and our security analysts face the difficult task of pinpointing these attacks amongst a massive sea of security-related data,” noted Sean Valcamp, chief information security officer at Avnet, an early tester of the Watson for Cyber Security system.

“Watson makes concealment efforts more difficult by quickly analyzing multiple streams of data and comparing it with the latest security attack intelligence to provide a more complete picture of the threat,” he said.

“Watson also generates reports on these threats in a matter of minutes, which greatly speeds the time between detecting a potential event and my security team’s ability to respond accordingly,” Valcamp added.

Only 7 percent of security pros currently use cognitive tools in their workflow, but that is changing, according to IBM, which expects usage to triple in the next two to three years.

That’s because as more and more devices come online, they create a burden on security teams they won’t be able to handle without the help an AI like Watson.

“The attack surface for the attacker is mushrooming,” Kennelly said. “Tools like Watson can help defend against those expanding attack patterns.”

 

Voice-Powered Security Assistant

IBM also announced the Havyn Project, which is developing a new voice-powered security assistant to work with Watson’s data.

Bug in the Bud

“This happened in response to a very small number of requests in the Cloudflare system — about 1 in 3.3 million,” a Cloudflare spokesperson said in a statement provided to TechNewsWorld by company rep Katie Warmuth.

Some of that data had been cached by search engines.

Cloudflare reviewed the available related cached information and “took comprehensive steps to clean up any residual material found in storage caches,” the spokesperson noted.

Cloudflare found that data for about 150 of its 6 million customers had been impacted.

The company has reached out to “a number of search engines to review and remediate the information in their caches,” the spokesperson said.

All identified episodes have been cleaned, and Cloudflare continues to work to confirm whether other residue persists.

There are at least 16 other search engines on the Web apart from Google, including Bing and Duck Duck Go.

What Happened

Tavis Ormandy, a vulnerability researcher with Google’s Project Zero, notified Cloudflare about the problem on Feb. 17. The memory leak occurred from September to Feb. 18, with the greatest period of impact being from Feb. 13-18.

A bug in Cloudflare’s Ragel-based parser was the cause. It had been dormant for years, but came alive last year, when Cloudflare began replacing the Ragel-based parser with a new one it wrote, named “cf-html.”

The switchover subtly changed the buffering, which enabled the leakage.

The problem lay with Cloudflare’s implementation of the Ragel-based parser it was using, and not with the parser itself or with cf-html.

When it learned of the problem, Cloudflare turned off three features — email obfuscation, Server-side Excludes and Automatic HTTPS Rewrites — that used the parser chain causing the leakage.

The Email Obfuscation feature, which was changed on Feb. 13, was the primary cause of the leaked memory, Cloudflare’s Graham-Cumming said.

Cloudflare worked with Google and other search engines to remove any cached HTTP responses.

The initial mitigation took 47 minutes, and the team completed global mitigation in less than seven hours. The industry standard is usually three months, Graham-Cumming noted.

Cloudflare “responded incredibly swiftly and effectively to identify and remediate the bug, and work with search engines around the world to purge any sensitive data cached by their crawlers before it could be exposed to the public,” Tripwire Principal Security Researcher Craig Young told TechNewsWorld.

 

The Gravity of the Problem

“We realize that this was a very serious bug and that we dodged a bullet in that [it] did not lead to more problems than it did,” the Cloudflare spokesperson remarked.

Cloudflare hasn’t discovered any evidence of malicious exploits of the bug or other reports of its existence.

That “is not the same as saying [the bug] was not exploited,” remarked James Scott, senior fellow at the Institute for Critical Infrastructure.

“It just means that no exploitation was detected,” he told TechNewsWorld.

That said, “the effectual security impact would have been limited unless an adversary consistently collected information for a prolonged period of time,” Scott added, “because the captured information would be a virtual grab-bag.”

That would be a “really inefficient and cumbersome” approach, he said.

Steady Enterprise March

Enterprise IT decision makers have been exploring the potential of Internet of Things technologies, but they are not rushing IoT projects into development and are showing caution in their adoption commitments, according to survey results Red Hat released Wednesday.

Of the 215 participants in the company’s survey, “Enterprise IoT in 2017: Steady as she goes,” 55 percent indicated that IoT was important to their organization. However, only a quarter of those organizations actually were writing project code and deploying IoT technologies.

Enterprise interest in IoT has been deliberate and careful, Red Hat’s findings suggest.

Open source software is well positioned to be the dominant technology for IoT development, and open source partners will be vital to project success, the survey results indicate.

The latest survey was a follow-up to Red Hat’s 2015 survey on IoT interest in the enterprise. While it appears that interest in IoT is picking up, companies are approaching actual rollouts with the common enterprise IT theme of “steady deliberation.”

The aim of the 2015 survey was to find out if people were building IoT solutions from scratch or were leveraging pieces from other projects and adding an IoT component, said Lis Strenger, senior principal product marketing manager for Red Hat.

“Knowing that would help us decide what he had to add to our own product part. Two years later … we found that the hype cycle of IoT had quickly moved ahead very fast. It went out of hype more quickly than people expected it to,” she told LinuxInsider.

Survey Revelations

The survey was segmented and sought responses only from people fitting the developer and architect profile.

At 55 percent, the number of survey respondents who described IoT as important to their organization was up 12 percent from 2015.

Their IoT deployments were in the early stages, with fewer than a quarter of respondents actually designing, prototyping or coding an IoT project, Strenger pointed out.

Still, “more people are further along in active IoT projects. That was an important discovery,” she said.

About 22 percent of respondents were in active development — designing, prototyping or coding.

“This is a pretty significant chunk of our customer base,” Strenger noted.

Almost 60 percent of respondents were looking to IoT to drive new business opportunities, rather than to optimize existing investments or processes.

 

Unexpected Takeaway

One of the chief takeaways from the latest study is that devs viewing open source as the best approach to accommodate the need for rapid innovation, according to Strenger.

An impressive 89 percent of respondents said they were going to be using open source software.

Gigabit Wireless and the Anti iPhone Set

One of the biggest disappointments at this year’s Mobile World Congress, which opened Monday, is that the Samsung Galaxy 8 phone won’t make it. The phone’s official launch is scheduled for March 29.

The Galaxy line has been the ultimate iPhone fighter. Rumors around the anniversary edition of the iPhone suggest that it will do amazing, magical things, like 3D selfies. (OK, I’m really missing Steve Jobs at the moment — who the hell wants 3D selfies?!?)

Missing the biggest historical alternative is keeping a lot of us home this week. Still LG, Motorola, Lenovo and Qualcomm are expected to make huge announcements that could result in the iPhone 8 looking a tad out of date when it finally launches later in the year.

I’ll share some observations on what they have in store and close with my product of the week: a new PC camera from Logitech that enables Microsoft Hello on laptops and desktop PCs that otherwise wouldn’t support it. (When it works, Microsoft Hello is actually pretty cool.)

Gigabit Wireless

Some of this stuff we can anticipate just from Qualcomm launches. Perhaps the biggest of late is the Qualcomm X20 Modem. This part is likely to dominate the high-end phones announced at MWC and for good reason. It isn’t that it provides a maximum throughput of 1.2 gigabits — while impressive, that would just blow out our data plans — but that it uses carrier aggregation that increases overall data speeds by 2x or better.

This means you’ll have a far better chance of syncing your mail or downloading a book, movie or big file during the last minutes before the flight attendant forces you to put hour phone in airplane mode. It also means that cloud-based services likely will work much better on your phones, which will open up the door for things like…

 

Cloud-Based Artificial Intelligence

Let’s not kid ourselves — services like Siri suck. We’ve been waiting for some time for Apple’s partnership with IBM to result in a far better, Watson-like personal assistant. However, the richer the service, the less likelihood it can run on the phone, and the more it needs significant battery life.

If you really want a powerful artificial intelligence experience on the phone, you need both a powerful cloud-based AI and enough bandwidth to make the thing work, so expect some interesting, and far more powerful, cloud-based services announced this week.

Watson may be a stretch — though I doubt it — but the vastly improved Google Assistant is expected to be displayed on a far wider number of phones this year. So, one way or another, the new smartphones are likely to become a ton smarter.

 

LG Steps Into Samsung’s Space

With the Galaxy 8 delayed, LG is expected to step into Samsung’s space with a stunning new phone that is mostly hardened glass. I expect Corning, which makes Gorilla Glass, will be especially pleased.

This phone is expected to have mostly screen (tiny metal borders), the most advanced camera system to date, and a ton of performance-based features, and it could well be the phone to lust after. Leaked images suggest it may be one of the most beautiful phones ever created. Apple will not be pleased

 

BlackBerry’s Move

BlackBerry is expected to showcase its Project Mercury at the show (the company teased it at CES this year). It’s the last BlackBerry-designed phone, and the company is going out with a bang.

I’ve seen pictures of it floated on the Web, and it appears to be the best blend of a keyboard and screen phone yet. As BlackBerry phones have been for some time, it is Android-based, but it’s hardened and surprisingly pretty.