Popular RATs Found Riddled With Bugs, Weak Crypto

Posted on by

The researchers, in conjunction with their research paper (PDF), released tools for decrypting RAT traffic and proof-of-concept exploits for the bugs they found. They found that the tools include weak, or no, encryption: Bandook, for example, uses obfuscation, not encryption, to protect its traffic between the victim’s machine and the C&C server.

via Popular RATs Found Riddled With Bugs, Weak Crypto – Dark Reading.

“A good understanding of their protocols is critical to network and system administrators deploying tools that can notice the presence of a RAT,” they said.

RAT = Remote Administrative Tool which is a tool used by the bad guys to snoop on a victim.  To the victim this is more commonly referred to as a trojan.

TSMC Seen to be Sole 20nm Process Supplier

Posted on by

Taipei, Oct. 12, 2012 (CENS)–Citigroup Global Markets Inc. estimated Taiwan Semiconductor Manufacturing Co. (TSMC) to be the only supplier of 20nm process to Apple quad-core processors over the next one to two years, citing the company’s unmatched technological advance on 20nm process and Apple’s decision to adopt 20nm quad-core processors in its new products.

via TSMC Seen to be Sole 20nm Process Supplier to Apple Quad Processors | CENS.com – The Taiwan Economic News | Daily Prime News | HTML |Ta1-CaE-Dy2012/10/12-Id41728.

Lone packet cripples telco networks

Posted on by

Telcos the world over were running networks tantamount to “technology sandwiches” where layers of legacy kit had created such high complexity that operators were unaware of glaring holes which Langlois regularly revealed in penetration tests.

via Lone packet cripples telco networks – Networks – SC Magazine Australia – Secure Business Intelligence.

“We accessed [an operator’s] systems through their x25 network which they never knew was running because the network vendor never disclosed it — it was just underlying technology.”

Kii Cloud Opens Doors For Mobile Developer Platform With 25 Million End Users

Posted on by

MBaaS is more often a way to cater to developers. The idea here is that developers program the app and push it out to Kii Cloud without having to build their own servers and back end. At the crux of it, Kii sells simplicity and scale through the APIs and SDKs that use object database technology originally developed as an open source project by db4objects. Its ad network and distribution across Japan, Korea and China give it significant reach.

via Kii Cloud Opens Doors For Mobile Developer Platform With 25 Million End Users | TechCrunch.

MBaaS = Mobile back end as a service

From: Mobile Backend as a Service Roundup and the Future of Web APIs

To help me monitor the MBaaS market I spent some time rounding up as many of the providers as I could, and so far I’ve found 24 of them:

Ericsson Adapts to the TV Streaming Challenge

Posted on by

The problem with ABR is that the client device, such as a smartphone or tablet, is in charge of the bandwidth and isn’t fair about how that capacity is allocated. If an iPhone is the first device on the home network to request a video stream, it will typically receive a high bit-rate version — perhaps more than it really needs. Then, when a connected HD television requests a stream, it tends to get the scraps, resulting in a crummy-looking pixel-icious image.

via Light Reading Cable – IP & Convergence – Ericsson Adapts to the TV Streaming Challenge – Telecom News Analysis.

Ericsson AB (Nasdaq: ERIC) is trying to solve the problem by applying Weighted Fair Queuing (WFQ), a data packet scheduling technique, to ABR streams.

From Wikipedia on WFQ:

WFQ is a generalization of fair queuing (FQ). Both in WFQ and FQ, each data flow has a separate FIFO queue. In FQ, with a link data rate of R, at any given time the N active data flows (the ones with non-empty queues) are serviced simultaneously, each at an average data rate of R/N. Since each data flow has its own queue, an ill-behaved flow (who has sent larger packets or more packets per second than the others since it became active) will only punish itself and not other sessions.

As opposed to FQ, WFQ allows different sessions to have different service shares. If N data flows currently are active, with weights w_1, w_2 ... w_N, data flow number i will achieve an average data rate of

\frac{Rw_i}{(w_1+w_2+...+w_N)}

It can be proven [1] that when using a network with WFQ switches and a data flow that is leaky bucket constrained, an end-to-end delay bound can be guaranteed. By regulating the WFQ weights dynamically, WFQ can be utilized for controlling the quality of service, for example to achieve guaranteed data rate.

Twitter: It’s time for patent trolls to bear the costs of frivolous lawsuits

Posted on by

According to the American Intellectual Property Law Association (AIPLA)’s 2011 survey, an average patent lawsuit costs between $900,000 to $6,000,000 to defend. In the last month and a half alone, Twitter has received three new patent troll lawsuits.

via Twitter: It’s time for patent trolls to bear the costs of frivolous lawsuits — Tech News and Analysis.

SpaceX’s first ISS supply mission is a success

Posted on by

The SpaceX Dragon capsule has been successfully grabbed by the International Space Station, marking the first time a private American space flight has run a supply mission to the orbiting platform. The crew of the ISS snatched Dragon out of orbit ahead of schedule, using the space station’s robotic arm to guide the capsule in after its careful approach.

via Dragon captured: SpaceX’s first ISS supply mission is a success – SlashGear.

Mysterious Algorithm Was 4% of Trading Activity Last Week

Posted on by

The program placed orders in 25-millisecond bursts involving about 500 stocks, according to Nanex, a market data firm. The algorithm never executed a single trade, and it abruptly ended at about 10:30 a.m. ET Friday.

via Mysterious Algorithm Was 4% of Trading Activity Last Week – CNBC.com – US Business News – CNBC.

Translation: The ultimate goal of many of these programs is to gum up the system so it slows down the quote feed to others and allows the computer traders (with their co-located servers at the exchanges) to gain a money-making arbitrage opportunity.

HTC suffers 79% crash in quarterly profits

Posted on by

HTC’s share of the global smartphone market by shipments fell to 5.8% in the second quarter from 10.7% a year earlier, according to Bloomberg.

via HTC suffers 79% crash in quarterly profits | Technology | guardian.co.uk.

HTC has seen falling average selling prices for its phones as it has tried to break into the fast-growing Chinese market. Approximately 30% of shipments go to China but price pressures mean they account for only 20% of revenues.

Facing Espionage, US Rejects Changes to Global Telecom

Posted on by

Countries would also be able to charge fees for international Internet traffic and establish new engineering and technical guidelines that would affect how the Internet works.

via Facing Espionage, US Rejects Changes to Global Telecom | International | World | Epoch Times.

He also said the ITU’s regulations are “not an appropriate or useful venue to address cybersecurity,” and added, “We are very sensitive about any one organization taking on the sole role of solving cyberthreats.”